Class: Dependabot::NpmAndYarn::FileParser::LockfileParser
- Inherits:
-
Object
- Object
- Dependabot::NpmAndYarn::FileParser::LockfileParser
- Defined in:
- lib/dependabot/npm_and_yarn/file_parser/lockfile_parser.rb
Instance Method Summary collapse
-
#initialize(dependency_files:) ⇒ LockfileParser
constructor
A new instance of LockfileParser.
- #lockfile_details(dependency_name:, requirement:, manifest_name:) ⇒ Object
- #parse ⇒ Object
Constructor Details
#initialize(dependency_files:) ⇒ LockfileParser
Returns a new instance of LockfileParser.
10 11 12 |
# File 'lib/dependabot/npm_and_yarn/file_parser/lockfile_parser.rb', line 10 def initialize(dependency_files:) @dependency_files = dependency_files end |
Instance Method Details
#lockfile_details(dependency_name:, requirement:, manifest_name:) ⇒ Object
22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 |
# File 'lib/dependabot/npm_and_yarn/file_parser/lockfile_parser.rb', line 22 def lockfile_details(dependency_name:, requirement:, manifest_name:) potential_lockfiles_for_manifest(manifest_name).each do |lockfile| details = if [*package_locks, *shrinkwraps].include?(lockfile) parsed_lockfile = parse_package_lock(lockfile) parsed_lockfile.dig("dependencies", dependency_name) else parsed_yarn_lock = parse_yarn_lock(lockfile) details_candidates = parsed_yarn_lock. select { |k, _| k.split(/(?<=\w)\@/)[0] == dependency_name } # If there's only one entry for this dependency, use it, even if # the requirement in the lockfile doesn't match if details_candidates.one? details_candidates.first.last else details_candidates.find do |k, _| k.split(/(?<=\w)\@/)[1..-1].join("@") == requirement end&.last end end return details if details end nil end |
#parse ⇒ Object
14 15 16 17 18 19 20 |
# File 'lib/dependabot/npm_and_yarn/file_parser/lockfile_parser.rb', line 14 def parse dependency_set = Dependabot::NpmAndYarn::FileParser::DependencySet.new dependency_set += yarn_lock_dependencies if yarn_locks.any? dependency_set += package_lock_dependencies if package_locks.any? dependency_set += shrinkwrap_dependencies if shrinkwraps.any? dependency_set.dependencies end |