Add script to generate peer dependency graph

[mcmire]

Explanation

When upgrading controller packages in clients, some packages need to be upgraded in tandem with others to satisfy peer dependencies. This commit adds a new script that can be used to view all of the workspaces in the monorepo along with the internal peer dependencies that each workspace may rely upon.

For instance, if you run

yarn run workspaces:list-peer-deps

you will get the following command output:

├╴ @metamask/accounts-controller 19.0.0
│  └╴ @metamask/keyring-controller ^18.0.0
├╴ @metamask/address-book-controller 6.0.1
├╴ @metamask/announcement-controller 7.0.1
├╴ @metamask/approval-controller 7.1.1
├╴ @metamask/assets-controllers 44.1.0
│  ├╴ @metamask/accounts-controller ^19.0.0
│  ├╴ @metamask/approval-controller ^7.0.0
│  ├╴ @metamask/keyring-controller ^18.0.0
│  ├╴ @metamask/network-controller ^22.0.0
│  └╴ @metamask/preferences-controller ^14.0.0
├╴ @metamask/base-controller 7.0.2
├╴ @metamask/build-utils 3.0.1
...

References

This PR is related to the work we've been recently doing around controller upgrades.

Changelog

N/A, development-only changes.

Checklist

• I've updated the test suite for new or updated code as appropriate
• I've updated documentation (JSDoc, Markdown, etc.) for new or updated code as appropriate
• I've highlighted breaking changes using the "BREAKING" category above as appropriate
• I've prepared draft pull requests for clients and consumer packages to resolve any breaking changes

[socket-security]

New dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/@algolia/[email protected]	None	0	8.15 kB	shortcuts
npm/@algolia/[email protected]	None	0	5.58 kB	shortcuts
npm/@algolia/[email protected]	None	0	3.63 kB	shortcuts
npm/@algolia/[email protected]	None	0	6.78 kB	shortcuts
npm/@algolia/[email protected]	None	0	12.3 kB	shortcuts
npm/@algolia/[email protected]	None	0	10.6 kB	shortcuts
npm/@algolia/[email protected]	None	0	6.51 kB	shortcuts
npm/@algolia/[email protected]	None	0	190 kB	shortcuts
npm/@algolia/[email protected]	None	0	2.16 kB	shortcuts
npm/@algolia/[email protected]	None	0	2.37 kB	shortcuts
npm/@algolia/[email protected]	None	0	85.4 kB	shortcuts
npm/@algolia/[email protected]	None	0	6.25 kB	shortcuts
npm/@algolia/[email protected]	None	0	2.76 kB	shortcuts
npm/@algolia/[email protected]	network	0	9.21 kB	shortcuts
npm/@algolia/[email protected]	None	0	50.1 kB	shortcuts
npm/@arcanis/[email protected]	None	0	5.5 kB	arcanis
npm/@sindresorhus/[email protected]	None	0	57.5 kB	sindresorhus
npm/@szmarczak/[email protected]	None	0	10.8 kB	szmarczak
npm/@types/[email protected]	None	0	9.28 kB	types
npm/@types/[email protected]	None	0	18.9 kB	types
npm/@types/[email protected]	None	0	9.28 kB	types
npm/@types/[email protected]	None	0	6.12 kB	types
npm/@types/[email protected]	None	0	4.6 kB	types
npm/@types/[email protected]	None	0	3.53 kB	types
npm/@types/[email protected]	None	0	17.4 kB	types
npm/@yarnpkg/[email protected]	environment, shell	+1	49 kB	yarnbot
npm/@yarnpkg/[email protected]	environment, eval, filesystem, network, unsafe	+3	845 kB	yarnbot
npm/@yarnpkg/[email protected]	None	0	36.2 kB	yarnbot
npm/@yarnpkg/[email protected]	filesystem	0	232 kB	arcanis, bestander, cpojer, ...2 more
npm/@yarnpkg/[email protected]	None	0	27.4 kB	yarnbot
npm/@yarnpkg/[email protected]	environment, filesystem	0	514 kB	yarnbot
npm/@yarnpkg/[email protected]	Transitive: environment, filesystem, unsafe	+1	667 kB	yarnbot
npm/@yarnpkg/[email protected]	None	0	197 kB	yarnbot
npm/@yarnpkg/[email protected]	None	0	69.6 kB	yarnbot
npm/@yarnpkg/[email protected]	unsafe	0	65.3 kB	yarnbot
npm/@yarnpkg/[email protected]	None	0	11 kB	yarnbot
npm/@yarnpkg/[email protected]	environment	0	288 kB	yarnbot
npm/@yarnpkg/[email protected]	None	0	23.7 kB	yarnbot
npm/@yarnpkg/[email protected]	None	0	26.2 kB	yarnbot
npm/@yarnpkg/[email protected]	environment	0	34.6 kB	yarnbot
npm/@yarnpkg/[email protected]	None	0	9.07 kB	yarnbot
npm/@yarnpkg/[email protected]	None	0	9.4 kB	yarnbot
npm/@yarnpkg/[email protected]	None	0	14.1 kB	yarnbot
npm/@yarnpkg/[email protected]	None	0	32.6 kB	yarnbot
npm/@yarnpkg/[email protected]	None	0	17.5 kB	yarnbot
npm/@yarnpkg/[email protected]	filesystem	0	70.1 kB	yarnbot
npm/@yarnpkg/[email protected]	None	0	73.5 kB	yarnbot
npm/@yarnpkg/[email protected]	environment	+1	108 kB	yarnbot
npm/@yarnpkg/[email protected]	None	0	25.1 kB	yarnbot
npm/@yarnpkg/[email protected]	environment	0	72.7 kB	yarnbot
npm/@yarnpkg/[email protected]	None	0	46.3 kB	yarnbot
npm/@yarnpkg/[email protected]	None	0	19.8 kB	yarnbot
npm/@yarnpkg/[email protected]	None	0	22.1 kB	yarnbot
npm/@yarnpkg/[email protected]	None	0	11.1 kB	yarnbot
npm/@yarnpkg/[email protected]	None	0	59.5 kB	yarnbot
npm/@yarnpkg/[email protected]	None	0	30.9 kB	yarnbot
npm/@yarnpkg/[email protected]	environment, filesystem	0	58.8 kB	yarnbot
npm/@zkochan/[email protected]	environment	0	37.5 kB	zkochan
npm/[email protected]	None	0	210 kB	shortcuts
npm/[email protected]	None	0	6.7 kB	sindresorhus
npm/[email protected]	Transitive: environment	+1	188 kB	matteo.collina
npm/[email protected]	network	0	23.9 kB	szmarczak
npm/[email protected]	network	+1	29.1 kB	jaredwray
npm/[email protected]	None	0	6.14 kB	sindresorhus
npm/[email protected]	None	0	4.37 kB	sindresorhus
npm/[email protected]	None	0	10.4 kB	sindresorhus
npm/[email protected]	environment	+1	368 kB	arcanis
npm/[email protected]	None	+1	8.11 kB	sindresorhus
npm/[email protected]	environment	0	2.27 kB	zkochan
npm/[email protected]	None	0	4.08 kB	vdemedes
npm/[email protected]	None	0	2.45 kB	vdemedes
npm/[email protected]	None	0	5.47 kB	sindresorhus
npm/[email protected]	None	0	5.44 kB	szmarczak
npm/[email protected]	environment, filesystem	0	79.1 kB	motdotla
npm/[email protected]	None	0	6.23 kB	mafintosh
npm/[email protected]	None	0	18.4 kB	isaacs
npm/[email protected]	filesystem	0	2.22 kB	mafintosh
npm/[email protected]	None	0	10.9 kB	ionicabizau
npm/[email protected]	None	0	31 kB	ionicabizau
npm/[email protected]	None	0	11.4 kB	terkelg
npm/[email protected]	None	0	14.2 kB	terkelg
npm/[email protected]	filesystem, network	0	269 kB	sindresorhus
npm/[email protected]	None	0	237 kB	orling
npm/[email protected]	network	0	53.1 kB	szmarczak
npm/[email protected]	None	+1	102 kB	vdemedes
npm/[email protected]	environment, filesystem	+2	329 kB	vdemedes
npm/[email protected]	None	0	17.5 kB	ionicabizau
npm/[email protected]	environment	0	5.81 kB	zertosh
npm/[email protected]	None	0	2.78 kB	sindresorhus
npm/[email protected]	None	0	6 kB	sindresorhus
npm/[email protected]	environment, filesystem	0	25.7 kB	yuanchuan
npm/[email protected]	None	0	21.2 kB	sindresorhus
npm/[email protected]	None	0	5.49 kB	sindresorhus
npm/[email protected]	None	0	13.5 kB	sindresorhus
npm/[email protected]	None	0	13.1 kB	ionicabizau
npm/[email protected]	None	0	36.3 kB	ionicabizau
npm/[email protected]	None	0	4.73 kB	vdemedes
npm/[email protected]	None	0	9.29 kB	ionicabizau
npm/[email protected]	None	0	8.76 kB	mafintosh
npm/[email protected]	None	0	8.64 kB	sindresorhus
npm/[email protected]	Transitive: filesystem, shell	+1	447 kB	krinkle
npm/[email protected]	None	0	17.6 MB	hoxyq
npm/[email protected]	environment	0	837 kB	gaearon
npm/[email protected]	environment	0	291 kB	gaearon
npm/[email protected]	environment, filesystem, shell	0	132 kB	anseki
npm/[email protected]	network	0	4.64 kB	szmarczak
npm/[email protected]	None	0	4.68 kB	sindresorhus
npm/[email protected]	None	+1	8.99 kB	sindresorhus
npm/[email protected]	environment	0	113 kB	gaearon
npm/[email protected]	None	0	45 kB	ljharb
npm/[email protected]	None	0	6.2 kB	sindresorhus
npm/[email protected]	filesystem	0	27.7 kB	mafintosh
npm/[email protected]	eval, filesystem, shell	0	439 kB	jariazavalverde
npm/[email protected]	filesystem	0	12.1 kB	terkelg
npm/[email protected]	None	0	20.3 kB	arcanis
npm/[email protected]	None	0	22.2 kB	notatestuser
npm/[email protected]	environment, network	0	64.9 kB	koichik
npm/[email protected]	None	0	73.1 kB	ethan_arrowood
npm/[email protected]	None	0	3.73 kB	sindresorhus
npm/[email protected]	None	0	617 kB	vdemedes

View full report↗︎

[socket-security]

👍 Dependency issues cleared. Learn more about Socket for GitHub ↗︎

This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored.

Ignoring: npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/@sindresorhus/[email protected], npm/@szmarczak/[email protected], npm/@types/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/@types/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/@arcanis/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/@types/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/@zkochan/[email protected], npm/[email protected], npm/[email protected], npm/@types/[email protected], npm/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@yarnpkg/[email protected], npm/@yarnpkg/[email protected], npm/@yarnpkg/[email protected], npm/@yarnpkg/[email protected], npm/@yarnpkg/[email protected], npm/@yarnpkg/[email protected], npm/@yarnpkg/[email protected], npm/@yarnpkg/[email protected], npm/@yarnpkg/[email protected], npm/@yarnpkg/[email protected], npm/@yarnpkg/[email protected], npm/@yarnpkg/[email protected], npm/@yarnpkg/[email protected], npm/[email protected], npm/@yarnpkg/[email protected], npm/@yarnpkg/[email protected], npm/@yarnpkg/[email protected], npm/@yarnpkg/[email protected], npm/@yarnpkg/[email protected], npm/@types/[email protected], npm/@algolia/[email protected], npm/@algolia/[email protected], npm/@algolia/[email protected], npm/@algolia/[email protected], npm/@algolia/[email protected], npm/@algolia/[email protected], npm/@algolia/[email protected], npm/@algolia/[email protected], npm/@algolia/[email protected], npm/@algolia/[email protected], npm/@algolia/[email protected], npm/@algolia/[email protected], npm/@algolia/[email protected], npm/@algolia/[email protected], npm/@algolia/[email protected], npm/[email protected], npm/@yarnpkg/[email protected], npm/@yarnpkg/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/@yarnpkg/[email protected], npm/@yarnpkg/[email protected], npm/@yarnpkg/[email protected], npm/@yarnpkg/[email protected], npm/[email protected], npm/@yarnpkg/[email protected], npm/@yarnpkg/[email protected], npm/@yarnpkg/[email protected], npm/@yarnpkg/[email protected], npm/@types/[email protected], npm/@yarnpkg/[email protected], npm/@yarnpkg/[email protected], npm/@yarnpkg/[email protected], npm/@yarnpkg/[email protected], npm/@yarnpkg/[email protected]

View full report↗︎

Next steps

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/[email protected] or ignore all packages with @SocketSecurity ignore-all

[mcmire]

This script uses the Yarn API to build the workspaces list, instead of running yarn workspaces list. This does something similar to what that command does, and the source is here: https://github.com/yarnpkg/berry/blob/8bfe2d545e986993e4450072bac8b1044e5ebed7/packages/plugin-essentials/sources/commands/workspaces/list.ts#L50

[mcmire]

@SocketSecurity ignore npm/[email protected]

New author is OK, their commits to tau-prolog seem fine, and their website is here: https://jariaza.es/

[mcmire]

@SocketSecurity ignore-all

All of the alerts in this PR are OK, they are being added by Yarn which makes HTTP requests. All of the new authors are also OK, they are respected members of the JavaScript community.