- Refactored resolvers to conform to a single interface
- Added a utility for remapping import paths (akin to babel-plugin-import-path-remapper)
- Updated README
We don't publish `rnx-kit-scripts` and are using Yarn workspaces to
consume the package internally within the repository. Since we are using
Yarn Classic, it does not understand `workspace:*` version syntax, which
would've ensured that we will always resolve to a package within the
workspace, but have to rely on `*` or matching exact version number. We
are only using exact version number in one package, but that would've
been enough to trigger an exploit if the version number of
`rnx-kit-scripts` changed for any reason.
To mitigate this, the package has been moved under the `@rnx-kit` scope
to prevent us from consuming malware. I've also made sure that we are
using `*` everywhere, and added a CI step to scan `yarn.lock` for
packages that should've come from the repository. In the future, when we
migrate to npm or some later version of Yarn, we should start using
`workspace:*` instead.
Tommy Nguyen