Class: Dependabot::NpmAndYarn::FileParser::LockfileParser

Inherits:

Object

• Object
• Dependabot::NpmAndYarn::FileParser::LockfileParser

Defined in:

lib/dependabot/npm_and_yarn/file_parser/lockfile_parser.rb

Instance Method Summary

• #initialize(dependency_files:) ⇒ LockfileParser constructor

  A new instance of LockfileParser.

• #lockfile_details(dependency_name:, requirement:) ⇒ Object
• #parse ⇒ Object

Constructor Details

#initialize(dependency_files:) ⇒ LockfileParser

Returns a new instance of LockfileParser.

# File 'lib/dependabot/npm_and_yarn/file_parser/lockfile_parser.rb', line 10

def initialize(dependency_files:)
  @dependency_files = dependency_files
end

Instance Method Details

#lockfile_details(dependency_name:, requirement:) ⇒ Object

# File 'lib/dependabot/npm_and_yarn/file_parser/lockfile_parser.rb', line 22

def lockfile_details(dependency_name:, requirement:)
  [*package_locks, *shrinkwraps].each do |package_lock|
    parsed_package_lock_json = parse_package_lock(package_lock)
    next unless parsed_package_lock_json.dig("dependencies",
                                             dependency_name)

    return parsed_package_lock_json.dig("dependencies", dependency_name)
  end

  yarn_locks.each do |yarn_lock|
    parsed_yarn_lock = parse_yarn_lock(yarn_lock)

    details_candidates =
      parsed_yarn_lock.
      select { |k, _| k.split(/(?<=\w)\@/).first == dependency_name }

    # If there's only one entry for this dependency, use it, even if
    # the requirement in the lockfile doesn't match
    details = details_candidates.first.last if details_candidates.one?

    details ||=
      details_candidates.
      find do |k, _|
        k.split(/(?<=\w)\@/)[1..-1].join("@") == requirement
      end&.
      last

    return details if details
  end

  nil
end

#parse ⇒ Object

# File 'lib/dependabot/npm_and_yarn/file_parser/lockfile_parser.rb', line 14

def parse
  dependency_set = Dependabot::NpmAndYarn::FileParser::DependencySet.new
  dependency_set += yarn_lock_dependencies if yarn_locks.any?
  dependency_set += package_lock_dependencies if package_locks.any?
  dependency_set += shrinkwrap_dependencies if shrinkwraps.any?
  dependency_set.dependencies
end