From 806d684ddc25c4b20956575d195ab23f5c67a6a3 Mon Sep 17 00:00:00 2001
From: Anton Kastritskiy <antonk52@meta.com>
Date: Fri, 1 Sep 2023 09:54:49 -0700
Subject: [PATCH] Script to verify @types/* versions

Summary:
We recently raised a concern that for some packages types/* version is different than the package we are using. This can cause runtime errors as typescript can suggest usage that no longer reflects current API of a library. To combat this issue we decided to add a CI check to verify that major versions of types and a libriary match.

This script will be refined if in the next few diffs

Reviewed By: LukeDefeo

Differential Revision: D48779652

fbshipit-source-id: 2a826ba9d00565563553f04cd809ae0638db6282
---
 desktop/flipper-server-core/package.json      |   6 +-
 desktop/scripts/package.json                  |   1 +
 desktop/scripts/tsconfig.json                 |   2 +-
 desktop/scripts/verify-types-dependencies.tsx | 132 ++++++++++++++++++
 desktop/yarn.lock                             |  22 +--
 5 files changed, 148 insertions(+), 15 deletions(-)
 create mode 100644 desktop/scripts/verify-types-dependencies.tsx

diff --git a/desktop/flipper-server-core/package.json b/desktop/flipper-server-core/package.json
index f52f61806..79935180d 100644
--- a/desktop/flipper-server-core/package.json
+++ b/desktop/flipper-server-core/package.json
@@ -30,7 +30,7 @@
     "jsonwebtoken": "^9.0.0",
     "lodash.memoize": "^4.1.2",
     "memorystream": "^0.3.1",
-    "node-fetch": "2",
+    "node-fetch": "^2.6.0",
     "node-forge": "^0.10.0",
     "open": "^8.3.0",
     "openssl-wrapper": "^0.3.4",
@@ -55,8 +55,8 @@
     "@types/jsonwebtoken": "^9.0.1",
     "@types/memorystream": "^0.3.0",
     "@types/node": "^17.0.31",
-    "@types/node-fetch": "2",
-    "@types/node-forge": "^0.10",
+    "@types/node-fetch": "2.6.4",
+    "@types/node-forge": "^0.10.0",
     "@types/rimraf": "^3.0.2",
     "@types/rsocket-core": "^0.0.7",
     "@types/rsocket-tcp-server": "^0.0.2",
diff --git a/desktop/scripts/package.json b/desktop/scripts/package.json
index 2a5aedf99..3008176f9 100644
--- a/desktop/scripts/package.json
+++ b/desktop/scripts/package.json
@@ -33,6 +33,7 @@
     "p-map": "^4.0.0",
     "pkg-fetch": "3.4.1",
     "promisify-child-process": "^4.1.0",
+    "semver": "^7.5.4",
     "socket.io": "^4.5.0",
     "tar": "6.1.15",
     "tmp": "^0.2.1",
diff --git a/desktop/scripts/tsconfig.json b/desktop/scripts/tsconfig.json
index 06fdd1ba8..aade7984d 100644
--- a/desktop/scripts/tsconfig.json
+++ b/desktop/scripts/tsconfig.json
@@ -6,7 +6,7 @@
     "lib": ["ES2021"],
     "noEmit": true,
     "esModuleInterop": true,
-    "types": ["jest"]
+    "types": ["jest", "node"]
   },
   "references": [
     {
diff --git a/desktop/scripts/verify-types-dependencies.tsx b/desktop/scripts/verify-types-dependencies.tsx
new file mode 100644
index 000000000..30ff59ed3
--- /dev/null
+++ b/desktop/scripts/verify-types-dependencies.tsx
@@ -0,0 +1,132 @@
+/**
+ * Copyright (c) Meta Platforms, Inc. and affiliates.
+ *
+ * This source code is licensed under the MIT license found in the
+ * LICENSE file in the root directory of this source tree.
+ *
+ * @format
+ */
+
+import cp from 'child_process';
+import fs from 'fs-extra';
+import semver from 'semver';
+
+type UnmatchedLibType = {
+  types: readonly [string, string];
+  lib: readonly [string, string];
+};
+
+type PackageJsonResult = {
+  packageJson: string;
+  unmatchedTypesPackages: UnmatchedLibType[];
+};
+
+function validatePackageJson(filepath: string): PackageJsonResult {
+  try {
+    const json = JSON.parse(fs.readFileSync(filepath).toString());
+    const deps: Record<string, string> = json.dependencies || {};
+    const devDeps: Record<string, string> = json.devDependencies || {};
+    const typesPackages: Array<[string, string]> = [
+      ...Object.entries(deps).filter(([k, v]) => k.startsWith('@types/')),
+      ...Object.entries(devDeps).filter(([k, v]) => k.startsWith('@types/')),
+    ];
+
+    const unmatchedTypesPackages: UnmatchedLibType[] = typesPackages
+      .map(([rawName, rawVersion]) => {
+        const name: string | void = rawName.split('/', 2).pop();
+        if (name == null) {
+          throw new Error(
+            `Could not infer package name from types "${rawName}"`,
+          );
+        }
+        const typeVersionParsed = parsePackageVersion(
+          rawVersion,
+          rawName,
+          filepath,
+        );
+
+        const depsWithLib = name in deps ? deps : devDeps || {};
+        if (depsWithLib[name] == null) {
+          return null;
+        }
+
+        const targetVersion = parsePackageVersion(
+          depsWithLib[name],
+          name,
+          filepath,
+        );
+        if (targetVersion.major !== typeVersionParsed.major) {
+          return {
+            types: [rawName, rawVersion] as const,
+            lib: [name, depsWithLib[name]] as const,
+          };
+        }
+      })
+      .filter(<T,>(x: T | undefined | null): x is T => x != null);
+
+    return {
+      packageJson: filepath,
+      unmatchedTypesPackages,
+    };
+  } catch (e) {
+    console.error(`Failed to parse ${filepath}`);
+    throw e;
+  }
+}
+
+async function main() {
+  const out = cp.execSync(
+    'find . -name "package.json" -not -path "*/node_modules/*"',
+  );
+
+  const packageJsons = out.toString().trim().split('\n');
+
+  const unmatched = packageJsons
+    .map(validatePackageJson)
+    .filter((x) => x.unmatchedTypesPackages.length > 0);
+
+  if (unmatched.length === 0) {
+    console.log('No issues found');
+    return;
+  }
+
+  console.log(
+    unmatched
+      .map((x) =>
+        [
+          x.packageJson,
+          ...x.unmatchedTypesPackages.map(
+            (x: UnmatchedLibType) =>
+              `\t${x.types[0]}: ${x.types[1]} --- ${x.lib[0]}: ${x.lib[1]}`,
+          ),
+        ].join('\n'),
+      )
+      .join('\n'),
+  );
+
+  process.exit(1);
+}
+
+main().catch((e) => {
+  console.log(`Unexpected error: ${e}`);
+  process.exit(1);
+});
+
+function parsePackageVersion(
+  version: string,
+  pkgName: string,
+  filepath: string,
+): semver.SemVer {
+  // versions can start with ~ or ^
+  if (!version.match(/^\d/)) {
+    version = version.slice(1);
+  }
+  const parsed = semver.parse(version);
+  if (parsed == null) {
+    throw new Error(
+      `Could not parse version number from "${version}" for package "${pkgName}" in ${filepath}`,
+    );
+  }
+
+  return parsed;
+}
diff --git a/desktop/yarn.lock b/desktop/yarn.lock
index c43666164..6587bf220 100644
--- a/desktop/yarn.lock
+++ b/desktop/yarn.lock
@@ -4292,10 +4292,10 @@
     "@types/node" "*"
     form-data "^3.0.0"
 
-"@types/node-fetch@2":
-  version "2.6.2"
-  resolved "https://registry.yarnpkg.com/@types/node-fetch/-/node-fetch-2.6.2.tgz#d1a9c5fd049d9415dce61571557104dec3ec81da"
-  integrity sha512-DHqhlq5jeESLy19TYhLakJ07kNumXWjcDdxXsLUMJZ6ue8VZJj4kLPQVE/2mdHh3xZziNF1xppu5lwmS53HR+A==
+"@types/node-fetch@2.6.4":
+  version "2.6.4"
+  resolved "https://registry.yarnpkg.com/@types/node-fetch/-/node-fetch-2.6.4.tgz#1bc3a26de814f6bf466b25aeb1473fa1afe6a660"
+  integrity sha512-1ZX9fcN4Rvkvgv4E6PAY5WXUFWFcRWxZa3EW83UjycOB9ljJCedb2CupIP4RZMEwF/M3eTcCihbBRgwtGbg5Rg==
   dependencies:
     "@types/node" "*"
     form-data "^3.0.0"
@@ -4308,7 +4308,7 @@
     "@types/node" "*"
     form-data "^3.0.0"
 
-"@types/node-forge@^0.10":
+"@types/node-forge@^0.10.0":
   version "0.10.10"
   resolved "https://registry.yarnpkg.com/@types/node-forge/-/node-forge-0.10.10.tgz#07ffccf0f7f3ebb97de67446555912803be50e7b"
   integrity sha512-iixn5bedlE9fm/5mN7fPpXraXlxCVrnNWHZekys8c5fknridLVWGnNRqlaWpenwaijIuB3bNI0lEOm+JD6hZUA==
@@ -11796,18 +11796,18 @@ node-dir@^0.1.17:
   dependencies:
     minimatch "^3.0.2"
 
-node-fetch@2, node-fetch@^2.2.0, node-fetch@^2.6.0, node-fetch@^2.6.1, node-fetch@^2.6.6, node-fetch@^2.6.7:
+node-fetch@2.6.0:
+  version "2.6.0"
+  resolved "https://registry.yarnpkg.com/node-fetch/-/node-fetch-2.6.0.tgz#e633456386d4aa55863f676a7ab0daa8fdecb0fd"
+  integrity sha512-8dG4H5ujfvFiqDmVu9fQ5bOHUC15JMjMY/Zumv26oOvvVJjM67KF8koCWIabKQ1GJIa9r2mMZscBq/TbdOcmNA==
+
+node-fetch@^2.2.0, node-fetch@^2.6.0, node-fetch@^2.6.1, node-fetch@^2.6.6, node-fetch@^2.6.7:
   version "2.6.7"
   resolved "https://registry.yarnpkg.com/node-fetch/-/node-fetch-2.6.7.tgz#24de9fba827e3b4ae44dc8b20256a379160052ad"
   integrity sha512-ZjMPFEfVx5j+y2yF35Kzx5sF7kDzxuDj6ziH4FFbOp87zKDZNx8yExJIb05OGF4Nlt9IHFIMBkRl41VdvcNdbQ==
   dependencies:
     whatwg-url "^5.0.0"
 
-node-fetch@2.6.0:
-  version "2.6.0"
-  resolved "https://registry.yarnpkg.com/node-fetch/-/node-fetch-2.6.0.tgz#e633456386d4aa55863f676a7ab0daa8fdecb0fd"
-  integrity sha512-8dG4H5ujfvFiqDmVu9fQ5bOHUC15JMjMY/Zumv26oOvvVJjM67KF8koCWIabKQ1GJIa9r2mMZscBq/TbdOcmNA==
-
 node-forge@^0.10.0, node-forge@^0.7.1, node-forge@^1.0.6:
   version "1.3.1"
   resolved "https://registry.yarnpkg.com/node-forge/-/node-forge-1.3.1.tgz#be8da2af243b2417d5f646a770663a92b7e9ded3"