chore: npm -> pnpm VSCODE-714 (#1191)

Author: nirinchev

.depcheckrc

@@ -12,9 +12,11 @@ ignores:
  - "vscode"
  - "webpack-cli"
  - "@mongodb-js/oidc-plugin"
- - node-loader
- - ts-loader
- - mongodb-runner
- - tabbable # Mocha register testing workaround stub.
- - focus-trap # Mocha register testing workaround stub.
- - ejson-shell-parser # Used by the connection-form.
+ - "node-loader"
+ - "ts-loader"
+ - "mongodb-runner"
+ - "tabbable" # Mocha register testing workaround stub.
+ - "focus-trap" # Mocha register testing workaround stub.
+ - "ejson-shell-parser" # Used by the connection-form.
+ - "rimraf" # Used in 'clean' script to remove previous build artifacts
+ - "snyk" # Used in 'snyk-test' script to create sbom

.eslintrc.js

@@ -69,6 +69,12 @@ module.exports = {
             allowHigherOrderFunctions: true,
           },
         ],
+        '@typescript-eslint/ban-ts-comment': [
+          'error',
+          {
+            'ts-ignore': 'allow-with-description',
+          },
+        ],
       },
       parserOptions: {
         project: ['./tsconfig.json'], // Specify it only for TypeScript files.

.github/workflows/actions/test-and-build/action.yaml

@@ -57,10 +57,10 @@ runs:
     - name: Install Dependencies
       shell: bash
       run: |
-        npm ci --omit=optional
+        pnpm install --frozen-lockfile
 
     - name: Run Checks
-      run: npm run check
+      run: pnpm run check
       # the glob here just fails
       if: ${{ runner.os != 'Windows' }}
       shell: bash
@@ -70,19 +70,19 @@ runs:
         NODE_OPTIONS: "--max_old_space_size=4096"
         MDB_IS_TEST: "true"
       run: |
-        npm run test
+        pnpm run test
       shell: bash
 
     - name: Build .vsix
       env:
         NODE_OPTIONS: "--require ./scripts/no-npm-list-fail.js --max_old_space_size=4096"
       # NOTE: --githubBranch is "The GitHub branch used to infer relative links in README.md."
       run: |
-        npx vsce package --githubBranch main
+        pnpm exec vsce package --githubBranch main
       shell: bash
 
     - name: Check .vsix filesize
-      run: npm run check-vsix-size
+      run: pnpm run check-vsix-size
       shell: bash
 
     - name: Sign .vsix
@@ -117,33 +117,41 @@ runs:
       env:
         SNYK_TOKEN: ${{ inputs.SNYK_TOKEN }}
       run: |
-        npm run snyk-test > /dev/null 2>&1
-
-    # TODO(VSCODE-706): Fix Snyk vuln ticket generation
-    # - name: Create Jira Tickets
-    #   if: >
-    #     runner.os == 'Linux' &&
-    #     (
-    #       github.event_name == 'push' && github.ref == 'refs/heads/main' ||
-    #       github.event_name == 'workflow_dispatch' ||
-    #       github.event_name == 'schedule'
-    #     )
-    #   shell: bash
-    #   env:
-    #     JIRA_API_TOKEN: ${{ inputs.JIRA_API_TOKEN }}
-    #     JIRA_BASE_URL: "https://jira.mongodb.org"
-    #     JIRA_PROJECT: "VSCODE"
-    #     JIRA_VULNERABILITY_BUILD_INFO: "- [GitHub Run|https://github.com/mongodb-js/vscode/actions/runs/${{github.run_id}}/jobs/${{github.job}}]"
-    #   run: |
-    #     npm run create-vulnerability-tickets > /dev/null
-
-    # - name: Generate Vulnerability Report (Fail on >= High)
-    #   if: runner.os == 'Linux'
-    #   continue-on-error: ${{ github.event_name == 'pull_request' }}
-    #   shell: bash
-    #   run: |
-    #     # The standard output is suppressed since Github Actions logs are
-    #     # available for everyone with read access to the repo, which is everyone that is
-    #     # logged in for public repos.
-    #     # This command is only here to fail on failures for `main` and tags.
-    #     npm run generate-vulnerability-report > /dev/null
+        pnpm run snyk-test > /dev/null 2>&1
+
+    - name: Upload Snyk Report
+      if: runner.os == 'Linux'
+      uses: actions/upload-artifact@v4
+      with:
+        name: Snyk Report - ${{ github.run_id }}
+        path: |
+          .sbom/snyk-test-result.html
+          .sbom/snyk-test-result.json
+
+    - name: Create Jira Tickets
+      if: >
+        runner.os == 'Linux' &&
+        (
+          github.event_name == 'push' && github.ref == 'refs/heads/main' ||
+          github.event_name == 'workflow_dispatch' ||
+          github.event_name == 'schedule'
+        )
+      shell: bash
+      env:
+        JIRA_API_TOKEN: ${{ inputs.JIRA_API_TOKEN }}
+        JIRA_BASE_URL: "https://jira.mongodb.org"
+        JIRA_PROJECT: "VSCODE"
+        JIRA_VULNERABILITY_BUILD_INFO: "- [GitHub Run|https://github.com/mongodb-js/vscode/actions/runs/${{github.run_id}}/jobs/${{github.job}}]"
+      run: |
+        pnpm run create-vulnerability-tickets > /dev/null
+
+    - name: Generate Vulnerability Report (Fail on >= High)
+      if: runner.os == 'Linux'
+      continue-on-error: ${{ github.event_name == 'pull_request' }}
+      shell: bash
+      run: |
+        # The standard output is suppressed since Github Actions logs are
+        # available for everyone with read access to the repo, which is everyone that is
+        # logged in for public repos.
+        # This command is only here to fail on failures for `main` and tags.
+        pnpm run generate-vulnerability-report > /dev/null

.github/workflows/draft-release.yaml

@@ -4,15 +4,15 @@ on:
   workflow_dispatch:
     inputs:
       versionBump:
-        description: 'Version bump'
+        description: Version bump
         type: choice
         required: true
-        default: 'patch'
+        default: patch
         options:
-        - patch
-        - minor
-        - major
-        - exact-version
+          - patch
+          - minor
+          - major
+          - exact-version
 
       exactVersion:
         description: 'Exact version: (Only effective selecting "exact-version" as version bump)'
@@ -37,11 +37,14 @@ jobs:
           # and check if tags are already present
           fetch-depth: 0
 
+      - name: Setup pnpm
+        uses: pnpm/action-setup@v4
+
       - name: Setup Node.js Environment
         uses: actions/setup-node@v4
         with:
           node-version: 22.15.1
-          cache: npm
+          cache: pnpm
 
       - name: Determine Next Version
         shell: bash
@@ -54,9 +57,9 @@ jobs:
 
           if [[ "$VERSION_BUMP" == "major" || "$VERSION_BUMP" == "minor" || "$VERSION_BUMP" == "patch" ]]; then
             PREV_VERSION_TAG=$(gh api repos/:owner/:repo/releases --jq '. | map(select(.draft == false)) | .[0] | .tag_name')
-            PREV_VERSION=$(npx semver --coerce ${PREV_VERSION_TAG})
+            PREV_VERSION=$(pnpm exec semver --coerce ${PREV_VERSION_TAG})
 
-            NEXT_VERSION=$(npx semver -i $VERSION_BUMP $PREV_VERSION)
+            NEXT_VERSION=$(pnpm exec semver -i $VERSION_BUMP $PREV_VERSION)
           else
             NEXT_VERSION=${{ github.event.inputs.exactVersion }}
           fi
@@ -65,9 +68,9 @@ jobs:
           NEXT_VERSION="${NEXT_VERSION#v}"
 
           # Validates the version before using it
-          npx semver v"${NEXT_VERSION}"
+          pnpm exec semver v"${NEXT_VERSION}"
 
-          npm version "${NEXT_VERSION}" --no-git-tag-version
+          pnpm version "${NEXT_VERSION}" --no-git-tag-version
           echo "RELEASE_TAG=v${NEXT_VERSION}" >> "$GITHUB_ENV"
 
       - name: Validate release tag
@@ -115,4 +118,3 @@ jobs:
         shell: bash
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-

.github/workflows/publish-release.yaml

@@ -12,17 +12,21 @@ jobs:
     name: Publish Release
     runs-on: ubuntu-latest
     steps:
+      - name: Setup pnpm
+        uses: pnpm/action-setup@v4
+
       - name: Setup Node.js Environment
         uses: actions/setup-node@v4
         with:
           node-version: 22.15.1
+          cache: pnpm
 
       - name: Run node-gyp bug workaround script
         run: |
           curl -sSfLO https://raw.githubusercontent.com/mongodb-js/compass/42e6142ae08be6fec944b80ff6289e6bcd11badf/.evergreen/node-gyp-bug-workaround.sh && bash node-gyp-bug-workaround.sh
 
       - name: Install VSCode publishing dependencies
-        run: npm install -g vsce
+        run: pnpm add -g vsce
 
       - name: Download release assets
         run: |
@@ -43,6 +47,6 @@ jobs:
       - name: Publish to marketplace
         run: |
           echo "Publishing ${VSIX_PATH} to marketplace"
-          npx vsce publish --packagePath "${VSIX_PATH}" --githubBranch main
+          pnpm exec vsce publish --packagePath "${VSIX_PATH}" --githubBranch main
         env:
           VSCE_PAT: ${{ secrets.VSCE_PAT }}

.github/workflows/test-and-build-from-fork.yaml

@@ -22,23 +22,26 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v4
 
+      - name: Setup pnpm
+        uses: pnpm/action-setup@v4
+
       - name: Setup Node.js Environment
         uses: actions/setup-node@v4
         with:
           node-version: 22.15.1
-          cache: npm
+          cache: pnpm
 
       - name: Install Dependencies
-        run: npm ci --omit=optional
+        run: pnpm install --frozen-lockfile
 
       - name: Run Checks
-        run: npm run check
+        run: pnpm run check
         # the glob here just fails
         if: ${{ runner.os != 'Windows' }}
 
       - name: Run Tests
         env:
           NODE_OPTIONS: "--max_old_space_size=4096"
-          SEGMENT_KEY: "test-segment-key"
+          SEGMENT_KEY: ${{ secrets.SEGMENT_KEY_DEV }}
           MDB_IS_TEST: "true"
-        run: npm run test
+        run: pnpm run test

.github/workflows/test-and-build.yaml

@@ -31,11 +31,14 @@ jobs:
         with:
           fetch-depth: 0
 
+      - name: Setup pnpm
+        uses: pnpm/action-setup@v4
+
       - name: Setup Node.js Environment
         uses: actions/setup-node@v4
         with:
           node-version: 22.15.1
-          cache: npm
+          cache: pnpm
 
       - name: Run tests and build
         uses: ./.github/workflows/actions/test-and-build

.npmrc

@@ -0,0 +1,7 @@
+# Hoist peer dependencies to reduce nested installations
+# This makes pnpm behave more like npm/yarn in terms of hoisting
+public-hoist-pattern[]=*@cfworker/json-schema*
+public-hoist-pattern[]=*mongodb-client-encryption*
+public-hoist-pattern[]=*socks*
+
+

.prettierignore

@@ -14,3 +14,4 @@ CHANGELOG.md
 README.md
 constants.json
 .sbom
+pnpm-lock.yaml

CONTRIBUTING.md

@@ -9,7 +9,7 @@ MongoDB welcomes community contributions! If you’re interested in making a con
 1. Create a branch with a name that briefly describes your feature
 1. Implement your feature or bug fix
 1. Add new cases to `./src/test` that verify your bug fix or make sure no one
-   unintentionally breaks your feature in the future and run them with `npm test`
+   unintentionally breaks your feature in the future and run them with `pnpm test`
 1. Add comments around your new code that explain what's happening
 1. Commit and push your changes to your branch then submit a pull request
 
@@ -24,13 +24,13 @@ Please include as much information as possible about your environment.
 We recommend familiarizing yourself with the VSCode extension documentation:
 [code.visualstudio.com/api](https://code.visualstudio.com/api).
 
-Running the MongoDB VSCode plugin requires [Node.js](https://nodejs.org) and npm.
+Running the MongoDB VSCode plugin requires [Node.js](https://nodejs.org) and pnpm.
 
 1. Clone this project, navigate to the folder, then run:
 
 ```shell
-npm install
-npm run watch
+pnpm install
+pnpm run watch
 ```
 
 2. Inside of [VS Code Insiders](https://code.visualstudio.com/insiders/) open this directory and press `F5` to begin debugging the extension. This should launch a new VSCode window which is running the extension.
@@ -46,14 +46,14 @@ You can launch a debugging task for tests inside VSCode with the **"Run Tests"**
 You can run tests using command line along with an optional `MOCHA_GREP` environment variable to apply a grep filter on tests to run.
 
 ```shell
-MOCHA_GREP="Participant .* prompt builders" npm test
+MOCHA_GREP="Participant .* prompt builders" pnpm test
 ```
 
-It may be quicker to be more specific and use `npm run test-extension` or `npm run test-webview` after compiling.
+It may be quicker to be more specific and use `pnpm run test-extension` or `pnpm run test-webview` after compiling.
 
 ### Using Proposed API
 
-The vscode extension will occasionally need to use [proposed API](https://code.visualstudio.com/api/advanced-topics/using-proposed-api) that haven't been promoted to stable yet. To enable an API proposal, add it to the `enabledApiProposals` section in `package.json`, then run `cd src/vscode-dts && npx @vscode/dts dev` to install the type definitions for the API you want to enable.
+The vscode extension will occasionally need to use [proposed API](https://code.visualstudio.com/api/advanced-topics/using-proposed-api) that haven't been promoted to stable yet. To enable an API proposal, add it to the `enabledApiProposals` section in `package.json`, then run `cd src/vscode-dts && pnpm exec @vscode/dts dev` to install the type definitions for the API you want to enable.
 
 **Note**: Using proposed API is only possible during local development and will prevent publishing the extension.