Class: Bibliothecary::Parsers::NPM

Inherits:

Object

• Object
• Bibliothecary::Parsers::NPM

Includes:

Analyser

Defined in:

lib/bibliothecary/parsers/npm.rb

Constant Summary

PACKAGE_LOCK_JSON_MAX_DEPTH =

Max depth to recurse into the “dependencies” property of package-lock.json

10

Class Method Summary

• .lockfile_preference_order(file_infos) ⇒ Object
• .mapping ⇒ Object
• .parse_ls(file_contents, options: {}) ⇒ Object
• .parse_manifest(file_contents, options: {}) ⇒ Object
• .parse_package_lock(file_contents, options: {}) ⇒ Object
• .parse_package_lock_deps_recursively(dependencies, depth = 1) ⇒ Object
• .parse_shrinkwrap(file_contents, options: {}) ⇒ Object
• .parse_yarn_lock(file_contents, options: {}) ⇒ Object

Methods included from Analyser

create_analysis, create_error_analysis, included

Class Method Details

.lockfile_preference_order(file_infos) ⇒ Object

# File 'lib/bibliothecary/parsers/npm.rb', line 103

def self.lockfile_preference_order(file_infos)
  files = file_infos.each_with_object({}) do |file_info, obj|
    obj[File.basename(file_info.full_path)] = file_info
  end

  if files["npm-shrinkwrap.json"]
    [files["npm-shrinkwrap.json"]] + files.values.reject { |fi| File.basename(fi.full_path) == "npm-shrinkwrap.json" }
  else
    files.values
  end
end

.mapping ⇒ Object

# File 'lib/bibliothecary/parsers/npm.rb', line 11

def self.mapping
  {
    match_filename("package.json") => {
      kind: 'manifest',
      parser: :parse_manifest
    },
    match_filename("npm-shrinkwrap.json") => {
      kind: 'lockfile',
      parser: :parse_shrinkwrap
    },
    match_filename("yarn.lock") => {
      kind: 'lockfile',
      parser: :parse_yarn_lock
    },
    match_filename("package-lock.json") => {
      kind: 'lockfile',
      parser: :parse_package_lock
    },
    match_filename("npm-ls.json") => {
      kind: 'lockfile',
      parser: :parse_ls
    }
  }
end

.parse_ls(file_contents, options: {}) ⇒ Object

# File 'lib/bibliothecary/parsers/npm.rb', line 97

def self.parse_ls(file_contents, options: {})
  manifest = JSON.parse(file_contents)

  transform_tree_to_array(manifest.fetch('dependencies', {}))
end

.parse_manifest(file_contents, options: {}) ⇒ Object

# File 'lib/bibliothecary/parsers/npm.rb', line 74

def self.parse_manifest(file_contents, options: {})
  manifest = JSON.parse(file_contents)
  raise "appears to be a lockfile rather than manifest format" if manifest.key?('lockfileVersion')
  map_dependencies(manifest, 'dependencies', 'runtime') +
  map_dependencies(manifest, 'devDependencies', 'development')
end

.parse_package_lock(file_contents, options: {}) ⇒ Object

# File 'lib/bibliothecary/parsers/npm.rb', line 50

def self.parse_package_lock(file_contents, options: {})
  manifest = JSON.parse(file_contents)
  parse_package_lock_deps_recursively(manifest.fetch('dependencies', []))
end

.parse_package_lock_deps_recursively(dependencies, depth = 1) ⇒ Object

# File 'lib/bibliothecary/parsers/npm.rb', line 55

def self.parse_package_lock_deps_recursively(dependencies, depth=1)
  dependencies.flat_map do |name, requirement|
    type = requirement.fetch("dev", false) ? 'development' : 'runtime'
    version = requirement.key?("from") ? requirement["from"][/#(?:semver:)?v?(.*)/, 1] : nil
    version ||= requirement["version"].split("#").last
    child_dependencies = if depth >= PACKAGE_LOCK_JSON_MAX_DEPTH
      []
    else
      parse_package_lock_deps_recursively(requirement.fetch('dependencies', []), depth + 1)
    end

    [{
      name: name,
      requirement: version,
      type: type
    }] + child_dependencies
  end
end

.parse_shrinkwrap(file_contents, options: {}) ⇒ Object

# File 'lib/bibliothecary/parsers/npm.rb', line 39

def self.parse_shrinkwrap(file_contents, options: {})
  manifest = JSON.parse(file_contents)
  manifest.fetch('dependencies',[]).map do |name, requirement|
    {
      name: name,
      requirement: requirement["version"],
      type: 'runtime'
    }
  end
end

.parse_yarn_lock(file_contents, options: {}) ⇒ Object

Raises:

• (Bibliothecary::RemoteParsingError)

# File 'lib/bibliothecary/parsers/npm.rb', line 81

def self.parse_yarn_lock(file_contents, options: {})
  response = Typhoeus.post("#{Bibliothecary.configuration.yarn_parser_host}/parse", body: file_contents)

  raise Bibliothecary::RemoteParsingError.new("Http Error #{response.response_code} when contacting: #{Bibliothecary.configuration.yarn_parser_host}/parse", response.response_code) unless response.success?

  json = JSON.parse(response.body, symbolize_names: true)
  json.uniq.map do |dep|
    {
      name: dep[:name],
      requirement: dep[:version],
      lockfile_requirement: dep[:requirement],
      type: dep[:type]
    }
  end
end