Scan JS Package: Remove Build

[nateweller]

Proposed changes:

• Removes references to a "build" directory from the package.json file.
• Removes use of jetpack:src from exports, since default is now the same ./src/index.ts value.
• Update composer.json.

Other information:

• [ ] Have you written new tests for your changes, if applicable?
• [x] Have you checked the E2E test CI results, and verified that your changes do not break them?
• [ ] Have you tested your changes on WordPress.com, if applicable (if so, you'll see a generated comment below with a script to run)?

Jetpack product discussion

p1732032090059999-slack-CDLH4C1UZ

peb6dq-36i-p2

Does this pull request change what data or activity we track or use?

No

Testing instructions:

• Ensure all builds are passing.
• Run cd projects/js-packages/storybook && npm run storybook:dev
• Open http://localhost:50240/?path=/docs/js-packages-components-threat-fixer-button--docs
• Validate that the component renders (uses methods from the Scan package).

[github-actions[bot]]

Are you an Automattician? Please test your changes on all WordPress.com environments to help mitigate accidental explosions.

• To test on WoA, go to the Plugins menu on a WordPress.com Simple site. Click on the "Upload" button and follow the upgrade flow to be able to upload, install, and activate the Jetpack Beta plugin. Once the plugin is active, go to Jetpack > Jetpack Beta, select your plugin, and enable the fix/scan/remove-build branch.
  • For jetpack-mu-wpcom changes, also add define( 'JETPACK_MU_WPCOM_LOAD_VIA_BETA_PLUGIN', true ); to your wp-config.php file.

• To test on Simple, run the following command on your sandbox:

  bin/jetpack-downloader test jetpack fix/scan/remove-build

  bin/jetpack-downloader test jetpack-mu-wpcom-plugin fix/scan/remove-build

Interested in more tips and information?

• In your local development environment, use the jetpack rsync command to sync your changes to a WoA dev blog.
• Read more about our development workflow here: PCYsg-eg0-p2
• Figure out when your changes will be shipped to customers here: PCYsg-eg5-p2

[github-actions[bot]]

Thank you for your PR!

When contributing to Jetpack, we have a few suggestions that can help us test and review your patch:

• :white_check_mark: Include a description of your PR changes.
  
• :white_check_mark: Add a "[Status]" label (In Progress, Needs Team Review, ...).
  
• :white_check_mark: Add testing instructions.
  
• :white_check_mark: Specify whether this PR includes any changes to data or privacy.
  
• :white_check_mark: Add changelog entries to affected projects
  

This comment will be updated as you work on your PR and make changes. If you think that some of those checks are not needed for your PR, please explain why you think so. Thanks for cooperation :robot:

---

The e2e test report can be found here. Please note that it can take a few minutes after the e2e tests checks are complete for the report to be available.

---

Follow this PR Review Process:

1. Ensure all required checks appearing at the bottom of this PR are passing.
2. Choose a review path based on your changes:
   • A. Team Review: add the "[Status] Needs Team Review" label
     • For most changes, including minor cross-team impacts.
     • Example: Updating a team-specific component or a small change to a shared library.
   • B. Crew Review: add the "[Status] Needs Review" label
     • For significant changes to core functionality.
     • Example: Major updates to a shared library or complex features.
   • C. Both: Start with Team, then request Crew
     • For complex changes or when you need extra confidence.
     • Example: Refactor affecting multiple systems.
3. Get at least one approval before merging.

Still unsure? Reach out in #jetpack-developers for guidance!

[nateweller]

I don't know whether that's a goal for this package.

@anomiex Right now, the Scan/Security team's intention is primarily to provide a means of sharing code across the main Jetpack plugin and Jetpack Protect. Although if the package was more easily consumable outside of the monorepo, we could use it in Calypso or other places in the future, which sounds nice.

I suppose the other direction would be to build the build, and distribute the JS. I'm not sure exactly what that would mean in terms of the resulting bundling/affects on deps and peer deps, if anything. I can explore that more and draft an alternate PR testing out that approach. :+1:

[anomiex]

I suppose the other direction would be to build the build, and distribute the JS. I'm not sure exactly what that would mean in terms of the resulting bundling/affects on deps and peer deps, if anything.

Within the monorepo it shouldn't change anything, since stuff within the monorepo should continue to use the "jetpack:src" entries.

Externally it'd bring back a build/ dir similar to what was there before #39754. The build setup there with tsc didn't actually bundle anything, it just turns the TypeScript code into .js + .d.ts that's easier for external consumers to deal with.

I don't see any relevant dependency changes in/since #39754, so that should be fine. But you'll have to resolve whatever errors led to 377e8739b2ceb1ac53f2fee2403c1b991547298f in a different manner. If the problem was stuff like

[plugins/jetpack]     Cannot find module './types/index.js' from '../../js-packages/scan/src/index.ts'

from jest tests then this might help:

patch

```diff diff --git a/tools/js-tools/package.json b/tools/js-tools/package.json index 784f44cf8d..43c9ca9d81 100644 --- a/tools/js-tools/package.json +++ b/tools/js-tools/package.json @@ -56,6 +56,7 @@ "sort-package-json": "1.50.0", "svelte": "4.2.19", "svelte-eslint-parser": "0.39.2", + "ts-jest-resolver": "2.0.1", "typescript": "5.0.4", "yaml": "2.2.2" } diff --git a/tools/js-tools/jest/jest-resolver.js b/tools/js-tools/jest/jest-resolver.js index 597c41156b..03353b69e7 100644 --- a/tools/js-tools/jest/jest-resolver.js +++ b/tools/js-tools/jest/jest-resolver.js @@ -1,3 +1,5 @@ +const tsJestResolver = require( 'ts-jest-resolver' ); + // Some packages assume that a "browser" environment is esm or otherwise break in node. // List them here and the resolver will adjust the conditions to resolve them as "node" instead. // cf. https://github.com/microsoft/accessibility-insights-web/pull/5421#issuecomment-1109168149 @@ -20,7 +22,7 @@ module.exports = ( path, options ) => { conditions.add( 'node' ); } - return options.defaultResolver( path, { + return tsJestResolver( path, { ...options, basedir, conditions, ```

[nateweller]

Closing this in favor of https://github.com/Automattic/jetpack/pull/40299