From 0e56a86bd4d40fe912723431dfd78ff46b0bdfb8 Mon Sep 17 00:00:00 2001
From: fede erbes <fedeerbes@gmail.com>
Date: Thu, 16 Jan 2025 09:39:38 +0100
Subject: [PATCH] chore: add pin dependencies script to pre commit hook (#861)

* chore: add pin dependencies script to pre commit hook

* chore: remove unnecessary comment

* chore: improve a bit logic to detect no pinned versions
---
 package.json            |  1 +
 scripts/pin_all_deps.js | 51 ++++++++++++++++++++++++++++++-----------
 2 files changed, 39 insertions(+), 13 deletions(-)

diff --git a/package.json b/package.json
index c594a352..c17717a2 100644
--- a/package.json
+++ b/package.json
@@ -32,6 +32,7 @@
       "tsc-files --noEmit src/styled.d.ts src/react-app-env.d.ts"
     ],
     "*.json": [
+      "node scripts/pin_all_deps.js",
       "prettier --write"
     ]
   },
diff --git a/scripts/pin_all_deps.js b/scripts/pin_all_deps.js
index 622666b7..8d43849d 100644
--- a/scripts/pin_all_deps.js
+++ b/scripts/pin_all_deps.js
@@ -8,21 +8,46 @@
  */
 
 const fs = require('fs');
-const packageLock = require('../package-lock.json');
-const packageJson = require('../package.json');
+const path = require('path');
+const { execSync } = require('child_process');
 
-for (const packageName in packageJson.dependencies) {
-  const installedPathKey = `node_modules/${packageName}`;
-  if (packageJson.dependencies.hasOwnProperty(packageName) && packageLock.packages[installedPathKey]) {
-    packageJson.dependencies[packageName] = packageLock.packages[installedPathKey].version;
+const packageJsonPath = path.resolve(__dirname, '../package.json');
+const packageJson = require(packageJsonPath);
+
+const allDependenciesVersions = Object.values(packageJson.dependencies).concat(
+  Object.values(packageJson.devDependencies),
+);
+
+// if any version has a ^ or ~, we need to pin it, otherwise we can skip
+const hasUnpinnedVersions = allDependenciesVersions.some(
+  (version) => version.startsWith('^') || version.startsWith('~'),
+);
+
+if (hasUnpinnedVersions) {
+  const packages = require('../package-lock.json').packages;
+
+  for (const packageName in packageJson.dependencies) {
+    const installedVersion = packages[`node_modules/${packageName}`].version;
+    if (packageJson.dependencies.hasOwnProperty(packageName) && installedVersion) {
+      packageJson.dependencies[packageName] = installedVersion;
+    }
   }
-}
 
-for (const packageName in packageJson.devDependencies) {
-  const installedPathKey = `node_modules/${packageName}`;
-  if (packageJson.devDependencies.hasOwnProperty(packageName) && packageLock.packages[installedPathKey]) {
-    packageJson.devDependencies[packageName] = packageLock.packages[installedPathKey].version;
+  for (const packageName in packageJson.devDependencies) {
+    const installedVersion = packages[`node_modules/${packageName}`].version;
+    if (packageJson.devDependencies.hasOwnProperty(packageName) && installedVersion) {
+      packageJson.devDependencies[packageName] = installedVersion;
+    }
   }
-}
 
-fs.writeFileSync('../package.json', JSON.stringify(packageJson, null, 2));
+  fs.writeFileSync(packageJsonPath, JSON.stringify(packageJson, null, 2), 'utf8');
+
+  // Run npm install to update package-lock.json
+  console.log('Running npm install to update package-lock.json...');
+  execSync('npm install', { stdio: 'inherit' });
+  // execSync('git add package.json package-lock.json', { stdio: 'inherit' });
+
+  console.log('Successfully pinned all dependency versions');
+} else {
+  console.log('All dependencies are already pinned to exact versions');
+}