fix: replace find-up dependency with native @libs/find-up helper#2722
fix: replace find-up dependency with native @libs/find-up helper#2722tolzhabayev wants to merge 3 commits into
Conversation
The find-up package was only used for two synchronous, files-only lookups: finding the consuming package's package.json in @libs/version and finding the closest lockfile in create-plugin. A ~20 line native walk-up helper in a new private @libs/find-up workspace covers both, preserving find-up's per-directory name precedence. Since @libs/version is bundled into consumers while its imports of published packages stay external, dropping find-up there removes the runtime dependency from both create-plugin and sign-plugin.
mckn
left a comment
mckn
left a comment
There was a problem hiding this comment.
Nice addition! Overall it looks great but there is one change you need to apply to be consistent with the original package:
The original find-up package delegates to locate-path, which defaults to type: 'file' and checks stat.isFile() using statSync — so it only matches files, not directories, by default.
The @libs/find-up implementation currently uses existsSync, which matches both files and directories. To mirror the original behavior, existsSync should be replaced with a statSync + .isFile() check, exactly as locate-path does.
github-project-automation
Bot
moved this from 🔬 In review
to 🧑💻 In development
in Grafana Catalog Team
Good point, changed it here |
mckn
left a comment
mckn
left a comment
There was a problem hiding this comment.
LGTM! The only thing we should change is to sync the version pinning across the consumers. I think the "^1.0.0" is okay here since this is a library living in the same workspace but I guess both works.
Minor — version pin inconsistency:
// create-plugin/package.json
"@libs/find-up": "1.0.0" // exact
// sign-plugin/package.json
"@libs/find-up": "^1.0.0" // range
// libs/version/package.json
"@libs/find-up": "^1.0.0" // range
it's following the existing pattern. Each consumer pins its |
|
@mckn need you to approve or remove request changes otherwise I can't merge |
3 participants
What this PR does / why we need it:
Removes the
find-upruntime dependency from@grafana/create-pluginand@grafana/sign-plugin(introduced in #1597) by replacing it with a ~20 line native helper in a new private@libs/find-upworkspace.find-upwas only used for two synchronous, files-only lookups:@libs/version— walking up from the bundled module to find the consuming package'spackage.json(this is why both CLIs carriedfind-upindependencies: the lib is bundled into their dist while imports of published packages stay external).create-plugin'sutils.packageManager.ts— finding the closest lockfile to detect the package manager.The native helper preserves the two find-up semantics that matter for these call sites: all candidate names are checked in each directory before moving up (lockfile precedence), and the walk stops at the filesystem root. It is covered by 7 unit tests.
With this change both CLIs bundle the helper directly, so
find-upand its transitive dependencies (locate-path,p-locate,yocto-queue,unicorn-magic) disappear from the published packages' install footprint. The remainingfind-upentries inpackage-lock.jsonare unrelated transitive dependencies of the docusaurus website tooling.Which issue(s) this PR fixes:
n/a
Special notes for your reviewer:
distno longer contains anyimport ... from 'find-up';@libs/versionandutils.packageManagernow import the bundled helper via relative paths.libs/versionpreviously declaredfind-upas a^7.0.0peerDependency while consumers shipped8.0.0— that drift goes away too.fix:prefix means release-please will cut patch releases for both CLIs, which seems right for a change to the published artifacts.