fix: add micromatch to package deps (#1020)

4 files changed, 45 insertions, 12 deletions

diff --git a/package-lock.json b/package-lock.json
index 1d3c475f..5add313b 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -3202,7 +3202,6 @@
       "version": "3.0.3",
       "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.3.tgz",
       "integrity": "sha512-yQbXgO/OSZVD2IsiLlro+7Hf6Q18EJrKSEsdoMzKePKXct3gvD8oLcOQdIzGupr5Fj+EDe8gO/lxc1BzfMpxvA==",
-      "dev": true,
       "license": "MIT",
       "dependencies": {
         "fill-range": "^7.1.1"
@@ -4964,7 +4963,6 @@
       "version": "7.1.1",
       "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.1.1.tgz",
       "integrity": "sha512-YsGpe3WHLK8ZYi4tWDg2Jy3ebRz2rXowDxnld4bkQB00cc/1Zw9AWnC0i9ztDJitivtQvaI9KaLyKrc+hBW0yg==",
-      "dev": true,
       "license": "MIT",
       "dependencies": {
         "to-regex-range": "^5.0.1"
@@ -6312,7 +6310,6 @@
       "version": "7.0.0",
       "resolved": "https://registry.npmjs.org/is-number/-/is-number-7.0.0.tgz",
       "integrity": "sha512-41Cifkg6e8TylSpdtTpeLVMqvSBEVzTttHvERD741+pnZ8ANv0004MRL43QKPDlK9cGvNp6NZWZUBlbGXYxxng==",
-      "dev": true,
       "license": "MIT",
       "engines": {
         "node": ">=0.12.0"
@@ -7053,7 +7050,6 @@
       "version": "4.0.8",
       "resolved": "https://registry.npmjs.org/micromatch/-/micromatch-4.0.8.tgz",
       "integrity": "sha512-PXwfBhYu0hBCPw8Dn0E+WDYb7af3dSLVWKi3HGv84IdF4TyFoC0ysxFd0Goxw7nSv4T/PzEJQxsYsEiFCKo2BA==",
-      "dev": true,
       "license": "MIT",
       "dependencies": {
         "braces": "^3.0.3",
@@ -7651,7 +7647,6 @@
       "version": "2.3.1",
       "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.1.tgz",
       "integrity": "sha512-JU3teHTNjmE2VCGFzuY8EXzCDVwEqB2a8fsIvwaStHhAWJEeVd1o1QD80CU6+ZdEXXSLbSsuLwJjkCBWqRQUVA==",
-      "dev": true,
       "license": "MIT",
       "engines": {
         "node": ">=8.6"
@@ -9168,7 +9163,6 @@
       "version": "5.0.1",
       "resolved": "https://registry.npmjs.org/to-regex-range/-/to-regex-range-5.0.1.tgz",
       "integrity": "sha512-65P7iz6X5yEr1cwcgvQxbbIw7Uk3gOy5dIdtZ4rDveLqhrdJP+Li/Hx6tyK0NEb+2GCyneCMJiGqrADCSNk8sQ==",
-      "dev": true,
       "license": "MIT",
       "dependencies": {
         "is-number": "^7.0.0"
@@ -10822,6 +10816,7 @@
         "glob": "^10.4.5",
         "google-auth-library": "^9.11.0",
         "ignore": "^7.0.0",
+        "micromatch": "^4.0.8",
         "open": "^10.1.2",
         "shell-quote": "^1.8.2",
         "simple-git": "^3.28.0",
@@ -10832,6 +10827,7 @@
       "devDependencies": {
         "@types/diff": "^7.0.2",
         "@types/dotenv": "^6.1.1",
+        "@types/micromatch": "^4.0.8",
         "@types/minimatch": "^5.1.2",
         "@types/ws": "^8.5.10",
         "typescript": "^5.3.3",
diff --git a/packages/cli/src/utils/package.ts b/packages/cli/src/utils/package.ts
new file mode 100644
index 00000000..d53a0234
--- /dev/null
+++ b/packages/cli/src/utils/package.ts
@@ -0,0 +1,38 @@
+/**
+ * @license
+ * Copyright 2025 Google LLC
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+import {
+  readPackageUp,
+  type PackageJson as BasePackageJson,
+} from 'read-package-up';
+import { fileURLToPath } from 'url';
+import path from 'path';
+
+export type PackageJson = BasePackageJson & {
+  config?: {
+    sandboxImageUri?: string;
+  };
+};
+
+const __filename = fileURLToPath(import.meta.url);
+const __dirname = path.dirname(__filename);
+
+let packageJson: PackageJson | undefined;
+
+export async function getPackageJson(): Promise<PackageJson | undefined> {
+  if (packageJson) {
+    return packageJson;
+  }
+
+  const result = await readPackageUp({ cwd: __dirname });
+  if (!result) {
+    // TODO: Maybe bubble this up as an error.
+    return;
+  }
+
+  packageJson = result.packageJson;
+  return packageJson;
+}
diff --git a/packages/cli/src/utils/sandbox.ts b/packages/cli/src/utils/sandbox.ts
index 74e45136..12fb6629 100644
--- a/packages/cli/src/utils/sandbox.ts
+++ b/packages/cli/src/utils/sandbox.ts
@@ -10,7 +10,7 @@ import path from 'node:path';
 import fs from 'node:fs';
 import { readFile } from 'node:fs/promises';
 import { quote } from 'shell-quote';
-import { readPackageUp } from 'read-package-up';
+import { getPackageJson } from './package.js';
 import commandExists from 'command-exists';
 import {
   USER_SETTINGS_DIR,
@@ -102,13 +102,10 @@ async function shouldUseCurrentUserInSandbox(): Promise<boolean> {
 async function getSandboxImageName(
   isCustomProjectSandbox: boolean,
 ): Promise<string> {
-  const packageJsonResult = await readPackageUp();
-  const packageJsonConfig = packageJsonResult?.packageJson.config as
-    | { sandboxImageUri?: string }
-    | undefined;
+  const packageJson = await getPackageJson();
   return (
     process.env.GEMINI_SANDBOX_IMAGE ??
-    packageJsonConfig?.sandboxImageUri ??
+    packageJson?.config?.sandboxImageUri ??
     (isCustomProjectSandbox
       ? LOCAL_DEV_SANDBOX_IMAGE_NAME + '-' + path.basename(path.resolve())
       : LOCAL_DEV_SANDBOX_IMAGE_NAME)
diff --git a/packages/core/package.json b/packages/core/package.json
index c216905b..511167ec 100644
--- a/packages/core/package.json
+++ b/packages/core/package.json
@@ -35,6 +35,7 @@
     "glob": "^10.4.5",
     "google-auth-library": "^9.11.0",
     "ignore": "^7.0.0",
+    "micromatch": "^4.0.8",
     "open": "^10.1.2",
     "shell-quote": "^1.8.2",
     "simple-git": "^3.28.0",
@@ -45,6 +46,7 @@
   "devDependencies": {
     "@types/diff": "^7.0.2",
     "@types/dotenv": "^6.1.1",
+    "@types/micromatch": "^4.0.8",
     "@types/minimatch": "^5.1.2",
     "@types/ws": "^8.5.10",
     "typescript": "^5.3.3",