Class: Dependabot::NpmAndYarn::FileParser

Inherits:
FileParsers::Base
  • Object
show all
Defined in:
lib/dependabot/npm_and_yarn/file_parser.rb

Constant Summary collapse

DEPENDENCY_TYPES = 
%w(dependencies devDependencies optionalDependencies).freeze
CENTRAL_REGISTRIES = 
%w(
  https://registry.npmjs.org
  http://registry.npmjs.org
  https://registry.yarnpkg.com
).freeze
GIT_URL_REGEX = 
%r{
  (?:^|^git.*?|^github:|^bitbucket:|^gitlab:|github\.com/)
  (?<username>[a-z0-9-]+)/
  (?<repo>[a-z0-9_.-]+)
  (
    (?:\#semver:(?<semver>.+))|
    (?:\#(?=[\^~=<>])(?<semver>.+))|
    (?:\#(?<ref>.+))
  )?$
}ix.freeze

Instance Method Summary collapse

Instance Method Details

#parseObject 



36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
 
# File 'lib/dependabot/npm_and_yarn/file_parser.rb', line 36

def parse
  dependency_set = DependencySet.new
  dependency_set += manifest_dependencies
  dependency_set += yarn_lock_dependencies if yarn_locks.any?
  dependency_set += package_lock_dependencies if package_locks.any?
  dependency_set += shrinkwrap_dependencies if shrinkwraps.any?
  dependencies = dependency_set.dependencies

  # TODO: Currently, Dependabot can't handle dependencies that have both
  # a git source *and* a non-git source. Fix that!
  dependencies.reject do |dep|
    dep.requirements.any? { |r| r.dig(:source, :type) == "git" } &&
      dep.requirements.any? { |r| r.dig(:source, :type) != "git" }
  end
end