Class: Dependabot::FileParsers::JavaScript::NpmAndYarn

Inherits:

Object
Base
Dependabot::FileParsers::JavaScript::NpmAndYarn

Defined in:: lib/dependabot/file_parsers/java_script/npm_and_yarn.rb

Constant Summary collapse

DEPENDENCY_TYPES =

%w(dependencies devDependencies optionalDependencies).freeze

CENTRAL_REGISTRIES =

%w(
  https://registry.npmjs.org
  http://registry.npmjs.org
  https://registry.yarnpkg.com
).freeze

GIT_URL_REGEX =

%r{
  (?:^|^git.*?|^github:|^bitbucket:|^gitlab:|github\.com/)
  (?<username>[a-z0-9-]+)/
  (?<repo>[a-z0-9_.-]+)
  (
    (?:\#semver:(?<semver>.+))|
    (?:\#(?<ref>.+))
  )?$
}ix.freeze

Instance Attribute Summary

Attributes inherited from Base

#credentials, #dependency_files, #source

Instance Method Summary collapse

#parse ⇒ Object

Methods inherited from Base

#initialize

Constructor Details

This class inherits a constructor from Dependabot::FileParsers::Base

Instance Method Details

#parse ⇒ `Object`

# File 'lib/dependabot/file_parsers/java_script/npm_and_yarn.rb', line 34

def parse
  dependency_set = DependencySet.new
  dependency_set += manifest_dependencies
  dependency_set += yarn_lock_dependencies if yarn_locks.any?
  dependency_set += package_lock_dependencies if package_locks.any?
  dependency_set += shrinkwrap_dependencies if shrinkwraps.any?
  dependencies = dependency_set.dependencies

  # TODO: Currently, Dependabot can't handle dependencies that have both
  # a git source *and* a non-git source. Fix that!
  dependencies.reject do |dep|
    dep.requirements.any? { |r| r.dig(:source, :type) == "git" } &&
      dep.requirements.any? { |r| r.dig(:source, :type) != "git" }
  end
end

Class: Dependabot::FileParsers::JavaScript::NpmAndYarn

Constant Summary collapse

Instance Attribute Summary

Attributes inherited from Base

Instance Method Summary collapse

Methods inherited from Base

Constructor Details

Instance Method Details

#parse ⇒ Object

#parse ⇒ `Object`