Fix generated ESM, revamp build system #113
Conversation
…ts of small upgrades to make it work.
|
This is looking great @hobbes7878 ! 🥰 It's going to be interesting to see if this will still work in a Webpack-based project, but if not, it would be okay to drop support for that, we're seeing very little usage of Storybook 7 + Webpack + Svelte + this addon. |
|
Thanks @JReinhold. Happy if it helps. On tests, moving the whole package to ECMAScript modules has made it a little tricky to work with Jest. Right now, I've replaced it with vitest for all the unit tests, which was easier to get going. That leaves the snapshot tests. I wonder if Chromatic is a good enough replacement for the storyshots. I've updated this branch with that in mind for now, but happy if someone wants to give me any hints/examples how to bring those back... |
|
🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎ To accept the risk, merge this PR and you will not be notified again.
Next stepsWhat is bin script confusion?This package has multiple bin scripts with the same name. This can cause non-deterministic behavior when installing or could be a sign of a supply chain attack Consider removing one of the conflicting packages. Packages should only export bin scripts with their name What is shell access?This module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code. Packages should avoid accessing the shell which can reduce portability, and make it easier for malicious shell access to be introduced. What is eval?Package uses eval() which is a dangerous function. This prevents the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior. Avoid packages that use eval, since this could potentially execute any code. Take a deeper look at the dependencyTake a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev. Remove the packageIf you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency. Mark a package as acceptable riskTo ignore an alert, reply with a comment starting with
|
Yeah, I'm not sure, but there weren't any webpack-specific plugins in it originally, so as long as webpack can tolerate the move to ESM and this did previously work there, it should be fine?? |
|
I've just installed this and I can confirm the issue is fixed for me. Thank you! 🙏 |
|
Tested this also on a branch that had this issue. Fixes the issue for me. |
| "main": "dist/cjs/index.js", | ||
| "module": "dist/esm/index.js", | ||
| "browser": "dist/cjs/index.js", |
There was a problem hiding this comment.
You say this works in storybook?
I would expect this to be broken, but honestly I've not yet tried, so maybe I'm wrong.
What i know of the preset-loading mechanism in storybook is what when an addon-entry is added, storybook will try resolving ${name}/preset (with node).
It will do the same for manager and preview FYI.
Maybe with type: module these exports fields are actually respected/used?
If so that's great!
There was a problem hiding this comment.
Yeah, type: "module" is the key there as far as I understand it, which is mostly from sindresorhus's explanation...
But yes, working in Node 16+ with Storybook 7.1+ in the repo.
Co-authored-by: ilsubyeega <ilsubyeega@outlook.com>
src/plugins/vite-svelte-csf.ts
Outdated
| @@ -7,7 +7,7 @@ import { fileURLToPath } from 'url'; | |||
| import { getNameFromFilename } from '../parser/svelte-stories-loader.js'; | |||
| import { readFileSync } from 'fs'; | |||
|
|
|||
| const parser = fileURLToPath(new URL('../parser/collect-stories.js', import.meta.url)); | |||
| const parser = fileURLToPath(new URL('../parser/collect-stories.js', import.meta.url)).replace(/\\/g, "\\\\"); | |||
There was a problem hiding this comment.
I'd recommend making this very obvious why this is the way it is perhaps with a clear code-comment?, and possibly even ensure this continues working with a unit-test.
There was a problem hiding this comment.
Added handling across any dynamic imports in fa5505b.
@ilsubyeega don't know if you'd be able to help with a test?
There was a problem hiding this comment.
I can say the current branch works on my machine (win11-x64) with yarn test and storybook live view.
However, I'm uncertain whether the changes to presets directory are working or not.
Also, I'm not sure about creating other test tasks for this.
There was a problem hiding this comment.
Absolutely fantastic job, I also love the way you've cleaned up the code all over the place. The "conversion" from storyshots to Chromatic is also *chef's kiss* (and Jest -> vitest), storyshots really shouldn't be used anymore.
I have left some comments in the code, and then a big issue is that the Storybook fails to build, which is evident by the Chromatic check on this PR failing, and I was able to reproduce it locally. It's failing with some CJS->ESM shenanigans in cli-table3. I was able to fix it locally by upgrading all Storybook dependencies from 7.1.0 to 7.1.1, could you try that? I'll investigate on the core end why this is.
PS. @hobbes7878 would you like to become a maintainer of this project?
Co-authored-by: Jeppe Reinhold <jeppe@chromatic.com>
|
Thanks @JReinhold. Addressed all those suggestions, I think. I'm still seeing that Re: maintainer, I don't mind, sure! |
Looks like this isn't fixed just by updating storybook to I can consistently reproduce this issue based on the existence of So if If I delete There is no difference in the lockfiles in either the working or erroring scenarios. OK, on further inspection of node_modules, it gets weirder. In the working scenario, There are two libraries that require The rest of the chain is Weird! OK, I've been able to "fix" the issue locally and seems in the workflow, but to do it, I had to force yarn to resolve specific versions of Is this the ultimate fix for the issue? Probably not... Does it get the lib past the immediate issue? It does... I'll leave it to wiser minds to decide if it's an acceptable solution... |
|
Great work! That sounds super strange, I have no idea why it behaves that way. Could this just be a bug in Yarn 1? I mean, it hasn't been updated for a while. Would you be open to migrating to pnpm here and see if that automatically fixes the issue? I don't think there's any deeper integrations with |
|
Not gonna lie, it took a couple tries but migrated to pnpm, which is running fine without any dep overloads. 👍 |
.github/workflows/release.yml
Outdated
|
|
||
| - name: Create Release | ||
| env: | ||
| GITHUB_TOKEN: ${{ secrets.GH_TOKEN }} | ||
| NPM_TOKEN: ${{ secrets.NPM_TOKEN }} | ||
| run: | | ||
| yarn release | ||
| npm run release |
There was a problem hiding this comment.
shouldn't all these npm run be pnpm run instead to use the correct package resolution, or am I misunderstanding something? Same for the lines in package.json?
There was a problem hiding this comment.
Yeah, that was silly of me. Done in 4269195.
|
Thanks for your hard work and patience @hobbes7878! |
|
🚀 PR was released in |
|
It works! Thanks for the amazing job on this @hobbes7878 🌟 |
Attempt to close #111.
Done:
📦 Published PR as canary version:
3.0.5--canary.113.4269195.0✨ Test out this PR locally via:
npm install @storybook/addon-svelte-csf@3.0.5--canary.113.4269195.0 # or yarn add @storybook/addon-svelte-csf@3.0.5--canary.113.4269195.0