Open colinbjohnson opened 1 week ago
@colinbjohnson This command would represent all of the dependencies that are installed with the Cypress CLI, the npm package which is used to then install Cypress, a binary application that runs your tests.
At that point it's a desktop application on your system. That would be like asking run a command to see all the dependencies used to build the the Slack or VS Code application.
What do you feel is missing with the current list?
@jennifer-shehane - thank you!!! I now understand there are two cypress components:
npm ls --all
would provide a list of all dependencies (I'm assuming that the modules for the CLI are installed in ./nodemodules
and added to the file package-lock.json
).~/.cache/Cypress/13.14.1/Cypress/resources/app
where npm ls --all
does run but renders really strangely (if you run cd ~/.cache/Cypress/13.14.1/Cypress/resources/app && npm ls --all 2>&1 | grep 'npm error extraneous' | wc -l
you'll get 1617 extraneous packages)cd ./cypress.app/Contents/Resources/app && npm ls --all 2>&1 | grep -c 'npm error extraneous'
you'll get 1614 extraneous packages)So the ask/issue is (as we can use npm ls --all
for the celery cli) how would one (or should one be able to) get the installed modules for the app (and, possibly, why are there npm error extraneous
package errors).
BTW: this is a legit request - we work with companies that are concerned about the modules installed on systems that contain cypress so understanding the dependency tree and how to understand which and how those packages are installed is important. The best tool I know for accomplishing this is npm.
@colinbjohnson
how would one (or should one be able to) get the installed modules for the app (and, possibly, why are there npm error extraneous package errors).
You can use npm ls
on the cache sub-directory of the Cypress binary as you have already done (location depends on OS - see https://docs.cypress.io/guides/references/advanced-installation#Binary-cache) which will give you the versions. You could also just list the contents of the Cypress/resources/app/node_modules
which will list the modules without the versions.
npm ls
is intended to be used on a regular npm project, not an Electron application. If you had a regular npm project then the package.json
would describe the top level of installed dependencies. The Cypress binary Electron application doesn't work this way, so the package.json
doesn't contain any dependencies
or devDependencies
. That's the reason why npm ls
annotates everything it found in node_modules
with the text extraneous
because there is nothing in the package.json
to call them out.
The document https://github.com/cypress-io/cypress/blob/develop/guides/building-release-artifacts.md describes how the Cypress binary is built.
What would you like?
I would like to be able to utilize the command
npm ls -all
to get a list of all dependencies that the cypress package installs.Why is this needed?
For the purposes of security and, potentially, modifying the cypress package.
Other
To reproduce, do the following:
docker run -it node:20-slim /bin/bash
The above list is not a complete list of installed dependencies.
Note (1): there may be (or with slight modification) there may be a way to get a proper dependency tree after cypress is installed. I don't know how to do this.
Note(2): most folks who are familiar with npm would expect
npm ls -all
to render a proper dependency tree and would understand that certain dependencies (i.e. operating system dependencies) would be excluded.