From d21cc9425e40e0cab38d054a6c1fd00c50d7df7d Mon Sep 17 00:00:00 2001
From: Tim Man <tim@secretkeylabs.com>
Date: Thu, 19 Dec 2024 22:09:44 +0800
Subject: [PATCH] Chore/eng 5899 pin all dependencies (#53)

* chore: add script to pin all deps

* chore: run the script to pin deps and commit lockfile
---
 package-lock.json       | 22 +++++++++++-----------
 package.json            | 22 +++++++++++-----------
 scripts/pin_all_deps.js | 28 ++++++++++++++++++++++++++++
 3 files changed, 50 insertions(+), 22 deletions(-)
 create mode 100644 scripts/pin_all_deps.js

diff --git a/package-lock.json b/package-lock.json
index 5a30463..c5fd1dd 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -16,19 +16,19 @@
         "valibot": "0.42.1"
       },
       "devDependencies": {
-        "@types/jest": "^29.2.6",
-        "husky": "^8.0.3",
-        "lint-staged": "^13.2.3",
+        "@types/jest": "29.5.14",
+        "husky": "8.0.3",
+        "lint-staged": "13.3.0",
         "prettier": "3.3.3",
-        "process": "^0.11.10",
-        "rimraf": "^3.0.2",
-        "stream-browserify": "^3.0.0",
-        "ts-jest": "^29.0.5",
-        "ts-loader": "^9.4.1",
-        "tsup": "^8.0.2",
+        "process": "0.11.10",
+        "rimraf": "3.0.2",
+        "stream-browserify": "3.0.0",
+        "ts-jest": "29.2.5",
+        "ts-loader": "9.5.1",
+        "tsup": "8.3.0",
         "typescript": "5.4.5",
-        "util": "^0.12.4",
-        "vm-browserify": "^1.1.2"
+        "util": "0.12.5",
+        "vm-browserify": "1.1.2"
       }
     },
     "node_modules/@ampproject/remapping": {
diff --git a/package.json b/package.json
index a6c9741..c8c6bf6 100644
--- a/package.json
+++ b/package.json
@@ -33,19 +33,19 @@
     "valibot": "0.42.1"
   },
   "devDependencies": {
-    "@types/jest": "^29.2.6",
-    "husky": "^8.0.3",
-    "lint-staged": "^13.2.3",
+    "@types/jest": "29.5.14",
+    "husky": "8.0.3",
+    "lint-staged": "13.3.0",
     "prettier": "3.3.3",
-    "process": "^0.11.10",
-    "rimraf": "^3.0.2",
-    "stream-browserify": "^3.0.0",
-    "ts-jest": "^29.0.5",
-    "ts-loader": "^9.4.1",
-    "tsup": "^8.0.2",
+    "process": "0.11.10",
+    "rimraf": "3.0.2",
+    "stream-browserify": "3.0.0",
+    "ts-jest": "29.2.5",
+    "ts-loader": "9.5.1",
+    "tsup": "8.3.0",
     "typescript": "5.4.5",
-    "util": "^0.12.4",
-    "vm-browserify": "^1.1.2"
+    "util": "0.12.5",
+    "vm-browserify": "1.1.2"
   },
   "repository": {
     "type": "git",
diff --git a/scripts/pin_all_deps.js b/scripts/pin_all_deps.js
new file mode 100644
index 0000000..622666b
--- /dev/null
+++ b/scripts/pin_all_deps.js
@@ -0,0 +1,28 @@
+/*
+ * This script is used to pin all dependencies in package.json to the exact
+ * versions declared in package-lock.json.
+ *
+ * It assumes lockfileVersion >= 2
+ *
+ * Usage: node pin_all_deps.js
+ */
+
+const fs = require('fs');
+const packageLock = require('../package-lock.json');
+const packageJson = require('../package.json');
+
+for (const packageName in packageJson.dependencies) {
+  const installedPathKey = `node_modules/${packageName}`;
+  if (packageJson.dependencies.hasOwnProperty(packageName) && packageLock.packages[installedPathKey]) {
+    packageJson.dependencies[packageName] = packageLock.packages[installedPathKey].version;
+  }
+}
+
+for (const packageName in packageJson.devDependencies) {
+  const installedPathKey = `node_modules/${packageName}`;
+  if (packageJson.devDependencies.hasOwnProperty(packageName) && packageLock.packages[installedPathKey]) {
+    packageJson.devDependencies[packageName] = packageLock.packages[installedPathKey].version;
+  }
+}
+
+fs.writeFileSync('../package.json', JSON.stringify(packageJson, null, 2));