Class: Dependabot::NpmAndYarn::FileParser::LockfileParser

Inherits:
Object
  • Object
show all
Defined in:
lib/dependabot/npm_and_yarn/file_parser/lockfile_parser.rb

Instance Method Summary collapse

Constructor Details

#initialize(dependency_files:) ⇒ LockfileParser

Returns a new instance of LockfileParser.



10
11
12
 
# File 'lib/dependabot/npm_and_yarn/file_parser/lockfile_parser.rb', line 10

def initialize(dependency_files:)
  @dependency_files = dependency_files
end

Instance Method Details

#lockfile_details(dependency_name:, requirement:, manifest_name:) ⇒ Object 



22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
 
# File 'lib/dependabot/npm_and_yarn/file_parser/lockfile_parser.rb', line 22

def lockfile_details(dependency_name:, requirement:, manifest_name:)
  potential_lockfiles_for_manifest(manifest_name).each do |lockfile|
    details =
      if [*package_locks, *shrinkwraps].include?(lockfile)
        parsed_lockfile = parse_package_lock(lockfile)
        parsed_lockfile.dig("dependencies", dependency_name)
      else
        parsed_yarn_lock = parse_yarn_lock(lockfile)
        details_candidates =
          parsed_yarn_lock.
          select { |k, _| k.split(/(?<=\w)\@/)[0] == dependency_name }

        # If there's only one entry for this dependency, use it, even if
        # the requirement in the lockfile doesn't match
        if details_candidates.one?
          details_candidates.first.last
        else
          details_candidates.find do |k, _|
            k.split(/(?<=\w)\@/)[1..-1].join("@") == requirement
          end&.last
        end
      end

    return details if details
  end

  nil
end

#parseObject 



14
15
16
17
18
19
20
 
# File 'lib/dependabot/npm_and_yarn/file_parser/lockfile_parser.rb', line 14

def parse
  dependency_set = Dependabot::NpmAndYarn::FileParser::DependencySet.new
  dependency_set += yarn_lock_dependencies if yarn_locks.any?
  dependency_set += package_lock_dependencies if package_locks.any?
  dependency_set += shrinkwrap_dependencies if shrinkwraps.any?
  dependency_set.dependencies
end