-
Notifications
You must be signed in to change notification settings - Fork 91
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Additional Configuration File Support #518
base: main
Are you sure you want to change the base?
Conversation
Reference to old PR (#436) |
I'm hesitant to iuntroduce A couple options:
|
My regrets, this pull request is still in draft mode and not completely up to date with my local fork. I will get this branch updated during my next programming cycle. @kf6kjg has been helping out with the latest version of this branch. To partially address your concern on the I do understand the serious security vulnerabilities of certain implementations and I agree with that concern. I like your byo yaml parser option, though we might need to rethink using Any thoughts about extending the configuration section to include 3rd party yaml cli tools? The cli tool Let me do some additional research on this topic and see what I find out. |
By moving JS-yaml to being lazy loaded we could make it an optional peer dependency. Then if the user needs it they can install it. Everyone else doesn't get it in their tree. |
(@mcknasty let's keep this PR open and drive it to completion, thank you for your contributions) @kf6kjg @mcknasty, I'm very much on the fence with yaml. One one hand, I understand users would love to be able to use yaml. On the other hand, I spend most of my OSS time updating dependencies to deal with transitive security issues, and the fact that the Lazy loading is perhaps a good approach, do you think users would be willing to add |
IIRC those were the goals. |
dc87eba
to
fd3e9d4
Compare
I would like to request some clarity on the comments above. We don't need to explicitly include js-yaml as a development dependency. The unit tests pass for this commit , if I remove @bencoe Are you planning on moving away from standard as a lint tester? Is that why we want to prompt for an optional download or path for a yaml parsing binary? Additionally, this pull request has a dependency on #517. The print derived config option is required to verify what type of file has been loaded by yargs in the pending unit tests. @bcoe, #517 was at 100% coverage and I am fairly certain it was passing through the CD/CI. There were only two concerns we were working through. Would you like me to open a new pull request? There was a comment about test setup functions. Is there code style guide you could refer me to? If there is anything additional you would like to discuss, please feel free to email me at the email address in the commit log. |
IMO being a transitive dependency is fine. Ifnwhen those packages decide to remove js-yaml, or even make it an optional peer dependency like I suggested, then it could disappear entirely. In the mean time this package only declares that if you need it you can install and use it. In my case I probably wont, I want the CJS configs these days! :D |
feat: Adding additional configuration file options test: unit test for config file detection test: unit test for config files pass via the cli test: unit test case for early exit of hideInstrumenteeArgs test: unit test for Node.js argument handling fix: bug in spawning of c8 process that dropped coverage significantly
fd3e9d4
to
6ff250f
Compare
|
Thank you for pointing out optional dependencies, that one I'd not directly worked with before so it was good to learn. From what I learnt: Optional dependencies mean that if it is omitted via the Additionally peer dependencies are more for "plugin" architectures, which in this case |
@mcknasty @kf6kjg why don't we compromise here, and instead of adding yaml support add toml support with: https://github.com/squirrelchat/smol-toml#readme I see smol-toml being used by the project Redwood, which was created by TOML's creator, and it seems to be a pretty small dependency that's actively maintained. |
I love TOML, used it myself one a long time back, but it's never gotten the traction that YAML has and it would be a lot harder on the users to figure out. That said, while TOML solves #420, I've come to the conclusion that I'm more a fan of #425's JS-based, and TS-based in the future, configs which as a side effect ALSO solves the basic want of #420 - comments. Thus if YAML is full blocker for you, though I'm still not sure why, and @mcknasty doesn't feel like implementing TOML then I'd say we cull the YAML support and get the ball rolling on the JS support. |
This sounds like a great compromise to me, I like that Sorry for being such a pain in the neck on this PR. I've grown over the years to be much more conservative with dependency trees. |
#Temp PR Message
feat: Adding additional configuration file options
test: unit test for config file detection
test: unit test for config files pass via the cli
test: unit test case for early exit of hideInstrumenteeArgs
test: unit test for Node.js argument handling
fix: bug in spawning of c8 process that dropped coverage significantly
Checklist
npm test
, tests passingnpm run test:snap
(to update the snapshot)