Closed akx closed 1 month ago
thanks for reporting this issue. here is the link to our npm release and i dont know where 0.11.29 even come from! :D
feel free to chat more in slack if you have more questions.
Hi there.
If you don't know where 0.11.29 came from, I would recommend contacting NPM immediately to ask for audit logs, because that would indicate someone else has your NPM publishing credentials, published that version, and then yanked it.
Extracted from the container where I reproduced the above bug, here's an extract of the NPM registry response that mentions 0.11.29.
{
"name": "codemod",
"dist-tags": {
"latest": "0.11.29"
},
// ...
{
"0.11.28": {
"name": "codemod",
"version": "0.11.28",
"dependencies": {
"keytar": "^7.9.0",
"blessed": "^0.1.81",
"esbuild": "^0.23.0",
"prettier": "^3.2.5",
"prettyjson": "^1.2.5",
"@ast-grep/cli": "^0.24.0",
"@ast-grep/napi": "^0.24.0"
},
"devDependencies": {
"diff": "^5.1.0",
"glob": "^10.4.1",
"open": "^8.4.2",
"axios": "^1.6.8",
"memfs": "^4.6.0",
"yargs": "^17.6.2",
"semver": "^7.6.2",
"vitest": "^1.0.1",
"valibot": "^0.24.1",
"inquirer": "^9.2.16",
"prettier": "^3.2.5",
"ts-morph": "18.0.0",
"unzipper": "^0.11.6",
"columnify": "^1.6.0",
"form-data": "^4.0.0",
"@types/diff": "^5.0.3",
"@types/node": "18.11.9",
"cosmiconfig": "^8.3.6",
"@types/yargs": "^17.0.13",
"@types/semver": "^7.5.8",
"terminal-link": "^3.0.0",
"@types/blessed": "^0.1.25",
"@types/inquirer": "^9.0.7",
"@types/unzipper": "^0.10.9",
"@types/columnify": "^1.5.4",
"@types/prettyjson": "^0.0.33",
"@codemod-com/runner": "1.0.6",
"@types/cli-progress": "^3.11.5",
"@vitest/coverage-v8": "^1.0.1",
"exponential-backoff": "^3.1.1",
"@codemod-com/filemod": "2.0.3",
"@codemod-com/printer": "1.0.1",
"@codemod-com/telemetry": "1.1.0",
"@codemod-com/utilities": "1.1.6"
},
"bin": {
"codemod": "dist/index.cjs"
},
"dist": {
"shasum": "d1cd2ef4f0734ed35a44794dce7fd62a40562249",
"tarball": "https://registry.npmjs.org/codemod/-/codemod-0.11.28.tgz",
"fileCount": 4,
"integrity": "sha512-ugmN3vh6XYv2KvP3jCiT3xtuAPd76Q5fd6V8vhRHgWHeuZc1ltW3evn0AEbIfXvAFvZxXtT5ZcDvTJOfH2MtcA==",
"signatures": [
{
"sig": "MEUCIFurJeo3uRoAMUMLt7MyxBZZG6bmtsSSxQo96TDa8GoiAiEA5TmLN3WDbDIdosDImApTLe+glb272IKrbRFrw8j43fs=",
"keyid": "SHA256:jl3bwswu80PjjokCgh0o2w5c2U4LhQAE57gj9cz1kzA"
}
],
"unpackedSize": 20970251
},
"engines": {
"node": ">=18.5.0"
}
},
"0.11.29": {
"name": "codemod",
"version": "0.11.29",
"dependencies": {
"@ast-grep/cli": "catalog:",
"@ast-grep/napi": "catalog:",
"esbuild": "^0.23.0",
"blessed": "catalog:",
"keytar": "catalog:",
"prettier": "^3.2.5",
"prettyjson": "catalog:"
},
"devDependencies": {
"@types/blessed": "catalog:",
"@types/cli-progress": "catalog:",
"@types/columnify": "catalog:",
"@types/diff": "catalog:",
"@types/inquirer": "catalog:",
"@types/node": "18.11.9",
"@types/prettyjson": "catalog:",
"@types/semver": "^7.5.8",
"@types/unzipper": "catalog:",
"@types/yargs": "catalog:",
"@vitest/coverage-v8": "catalog:",
"axios": "catalog:",
"columnify": "catalog:",
"cosmiconfig": "catalog:",
"diff": "catalog:",
"exponential-backoff": "catalog:",
"form-data": "catalog:",
"glob": "catalog:",
"inquirer": "catalog:",
"memfs": "^4.6.0",
"open": "catalog:",
"prettier": "^3.2.5",
"semver": "^7.6.2",
"terminal-link": "catalog:",
"ts-morph": "18.0.0",
"unzipper": "catalog:",
"valibot": "catalog:",
"vitest": "^1.0.1",
"yargs": "catalog:",
"@codemod-com/filemod": "2.0.3",
"@codemod-com/printer": "1.0.1",
"@codemod-com/runner": "1.0.6",
"@codemod-com/utilities": "1.1.6",
"@codemod-com/telemetry": "1.1.0"
},
"bin": {
"codemod": "dist/index.cjs"
},
"dist": {
"integrity": "sha512-AxLrjNwxXhe3bVaf3yq+0KzLKksGZXjColBkgxx4vDGPbppVNZlyi/SqAvIPM/KS1k8KKmzlYz6DB5jEwoaxNw==",
"shasum": "81e4b50c0c8693b724fcc00bef24b0862f361f4d",
"tarball": "https://registry.npmjs.org/codemod/-/codemod-0.11.29.tgz",
"fileCount": 4,
"unpackedSize": 20971037,
"signatures": [
{
"keyid": "SHA256:jl3bwswu80PjjokCgh0o2w5c2U4LhQAE57gj9cz1kzA",
"sig": "MEQCIFyMYrH4ZNYnV82HT4zCRZ3ZjtUkm3fbu8Gkhl4jkzbwAiAlFVrzfDq/m+ffQApzcvUkHtFmGu8gj5f8zjFehYnV+g=="
}
]
},
"engines": {
"node": ">=18.5.0"
}
}
},
"modified": "2024-07-16T11:51:50.403Z"
}
Thanks. Mostly likely it's been my team. Might have unpublished it right after publishing the last version. Will double check and confirm. Thanks again.
Does the current version now work for you?
Might have unpublished it right after publishing the last version.
For what it's worth, the version had been up for 3 hours at the time the question was asked on Stack Overflow.
Does the current version now work for you?
I don't know, I'm not an user of the tool, I just wanted to let you know that this version was broken as I found that out via the SO question 😄
Thank you so much for reporting this. Will get to the bottom of this soon.
(Btw, hope we can have you as our user sometime soon too 😀 for any large refactoring, migrations, cleanups, and even code mining keep us in mind 😉 🍻)
(Btw, hope we can have you as our user sometime soon too 😀 for any large refactoring, migrations, cleanups, and even code mining keep us in mind 😉 🍻)
👍 I'll definitely keep you in mind the next time I need to bulldoze some code! I've written a bunch of codemod/refactoring tools in my time too :)
Hey, @akx! Thanks for reaching out. Accidentally, during publishing v0.11.29 of the CLI, pnpm
did not replace catalog:
version specifiers with their appropriate versions which led to this release being broken. We did not notice that right away, so we indeed unpublished it in couple hours.
As for the libsecret
error I can see in your logs, we have seemingly fixed this issue in one of our previous releases, the intended behaviour is that the software should now throw an explanatory error for Linux users when the program attempts to use keytar
package that relies on libsecret
being available in the system and fails, see:
https://github.com/codemod-com/codemod/blob/284166bb7202069e827f7d4be4d25126b4f6248d/apps/cli/src/utils.ts#L18
One explanation for that would be that it fails literally at the moment of resolving keytar
module (meaning if the node process ever goes into the file where this library is imported, it will panic because keytar has certain instantiation logic (?)), but we have not extensively tested that behaviour, since most of our team are macOS users and only one of our users ever reported a similar error related to libsecret.
We will debug this issue and see how we can resolve it. It would help if you provide us with your OS specs for debugging purposes. Thanks.
@r4zendev Glad to hear it was just a broken release that got yanked and not something more nefarious. :)
As for the libsecret
issue, it's apparently easily reproducible with
~ $ docker run --platform=linux/amd64 -it node:20 npx -y codemod@0.11.28 react/findDOMNode --target src
{"message":"libsecret-1.so.0: cannot open shared object file: No such file or directory"}
npm notice
npm notice New minor version of npm available! 10.7.0 -> 10.8.2
npm notice Changelog: https://github.com/npm/cli/releases/tag/v10.8.2
npm notice To update run: npm install -g npm@10.8.2
npm notice
~ $
I guess the node:20
container is bare-bones enough not to have libsecret
– but that's an entirely different issue than the 0.11.29 catalog:
thing, it was just there in this issue to show there was a different error with 0.11.28 :)
@akx fair enough, linux image with node:20 should do. we will put some effort to debug this so that users see the instructions on how to act when libsecret is not present in the system. i'll keep this open for reference until the issue is fixed.
As per https://stackoverflow.com/q/78755320/51685: