Class: Dependabot::FileParsers::JavaScript::NpmAndYarn
- Defined in:
- lib/dependabot/file_parsers/java_script/npm_and_yarn.rb
Constant Summary collapse
- DEPENDENCY_TYPES =
%w(dependencies devDependencies optionalDependencies).freeze
- CENTRAL_REGISTRIES =
%w( https://registry.npmjs.org http://registry.npmjs.org https://registry.yarnpkg.com ).freeze
- GIT_URL_REGEX =
%r{ (?:^|^git.*?|^github:|^bitbucket:|^gitlab:|github\.com/) (?<username>[a-z0-9-]+)/ (?<repo>[a-z0-9_.-]+) ( (?:\#semver:(?<semver>.+))| (?:\#(?<ref>.+)) )?$ }ix.freeze
Instance Attribute Summary
Attributes inherited from Base
#credentials, #dependency_files, #source
Instance Method Summary collapse
Methods inherited from Base
Constructor Details
This class inherits a constructor from Dependabot::FileParsers::Base
Instance Method Details
#parse ⇒ Object
34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 |
# File 'lib/dependabot/file_parsers/java_script/npm_and_yarn.rb', line 34 def parse dependency_set = DependencySet.new dependency_set += manifest_dependencies dependency_set += yarn_lock_dependencies if yarn_locks.any? dependency_set += package_lock_dependencies if package_locks.any? dependency_set += shrinkwrap_dependencies if shrinkwraps.any? dependencies = dependency_set.dependencies # TODO: Currently, Dependabot can't handle dependencies that have both # a git source *and* a non-git source. Fix that! dependencies.reject do |dep| dep.requirements.any? { |r| r.dig(:source, :type) == "git" } && dep.requirements.any? { |r| r.dig(:source, :type) != "git" } end end |