Class: Dependabot::NpmAndYarn::FileParser

Inherits:

FileParsers::Base

Object
FileParsers::Base
Dependabot::NpmAndYarn::FileParser

show all

Defined in:: lib/dependabot/npm_and_yarn/file_parser.rb,
lib/dependabot/npm_and_yarn/file_parser/lockfile_parser.rb,
lib/dependabot/npm_and_yarn/file_parser/yarn_lockfile_parser.rb

Defined Under Namespace

Classes: LockfileParser, YarnLockfileParser

Constant Summary collapse

DEPENDENCY_TYPES =

%w(dependencies devDependencies optionalDependencies).freeze

CENTRAL_REGISTRIES =

%w(
  https://registry.npmjs.org
  http://registry.npmjs.org
  https://registry.yarnpkg.com
).freeze

GIT_URL_REGEX =

%r{
  (?<git_prefix>^|^git.*?|^github:|^bitbucket:|^gitlab:|github\.com/)
  (?<username>[a-z0-9-]+)/
  (?<repo>[a-z0-9_.-]+)
  (
    (?:\#semver:(?<semver>.+))|
    (?:\#(?=[\^~=<>*])(?<semver>.+))|
    (?:\#(?<ref>.+))
  )?$
}ix.freeze

Instance Method Summary collapse

#parse ⇒ Object

Instance Method Details

#parse ⇒ `Object`

# File 'lib/dependabot/npm_and_yarn/file_parser.rb', line 39

def parse
  dependency_set = DependencySet.new
  dependency_set += manifest_dependencies
  dependency_set += lockfile_dependencies
  dependencies = dependency_set.dependencies

  # TODO: Currently, Dependabot can't handle dependencies that have both
  # a git source *and* a non-git source. Fix that!
  dependencies.reject do |dep|
    git_reqs =
      dep.requirements.select { |r| r.dig(:source, :type) == "git" }
    next false if git_reqs.none?
    next true if git_reqs.map { |r| r.fetch(:source) }.uniq.count > 1

    dep.requirements.any? { |r| r.dig(:source, :type) != "git" }
  end
end

Class: Dependabot::NpmAndYarn::FileParser

Defined Under Namespace

Constant Summary collapse

Instance Method Summary collapse

Instance Method Details

#parse ⇒ Object

#parse ⇒ `Object`