Class: Dependabot::NpmAndYarn::FileFetcher

Inherits:

FileFetchers::Base

• Object
• FileFetchers::Base
• Dependabot::NpmAndYarn::FileFetcher

Extended by:

T::Helpers, T::Sig

Defined in:

lib/dependabot/npm_and_yarn/file_fetcher.rb,
lib/dependabot/npm_and_yarn/file_fetcher/path_dependency_builder.rb

Overview

rubocop:disable Metrics/ClassLength

Defined Under Namespace

Classes: PathDependencyBuilder

Constant Summary

NPM_PATH_DEPENDENCY_STARTS =

Npm always prefixes file paths in the lockfile “version” with “file:” even when a naked path is used (e.g. “../dep”)

T.let(%w(file:).freeze, [String])

PATH_DEPENDENCY_STARTS =

“link:” is only supported by Yarn but is interchangeable with “file:” when it specifies a path. Only include Yarn “link:”‘s that start with a path and ignore symlinked package names that have been registered with “yarn link”, e.g. “react”

T.let(
  %w(file: link:. link:/ link:~/ / ./ ../ ~/).freeze,
  [String, String, String, String, String, String, String, String]
)

PATH_DEPENDENCY_CLEAN_REGEX =

/^file:|^link:/

DEFAULT_NPM_REGISTRY =

"https://registry.npmjs.org"

Class Method Summary

• .required_files_in?(filenames) ⇒ Boolean
• .required_files_message ⇒ Object

Instance Method Summary

• #clone_repo_contents ⇒ Object
• #ecosystem_versions ⇒ Object
• #fetch_files ⇒ Object

Class Method Details

.required_files_in?(filenames) ⇒ Boolean

# File 'lib/dependabot/npm_and_yarn/file_fetcher.rb', line 39

def self.required_files_in?(filenames)
  filenames.include?("package.json")
end

.required_files_message ⇒ Object

# File 'lib/dependabot/npm_and_yarn/file_fetcher.rb', line 44

def self.required_files_message
  "Repo must contain a package.json."
end

Instance Method Details

#clone_repo_contents ⇒ Object

# File 'lib/dependabot/npm_and_yarn/file_fetcher.rb', line 50

def clone_repo_contents
  return @git_lfs_cloned_repo_contents_path unless @git_lfs_cloned_repo_contents_path.nil?

  @git_lfs_cloned_repo_contents_path ||= T.let(super, T.nilable(String))
  begin
    SharedHelpers.with_git_configured(credentials: credentials) do
      Dir.chdir(@git_lfs_cloned_repo_contents_path) do
        cache_dir = Helpers.fetch_yarnrc_yml_value("cacheFolder", "./yarn/cache")
        SharedHelpers.run_shell_command("git lfs pull --include .yarn,#{cache_dir}")
      end
      @git_lfs_cloned_repo_contents_path
    end
  rescue StandardError
    @git_lfs_cloned_repo_contents_path
  end
end

#ecosystem_versions ⇒ Object

# File 'lib/dependabot/npm_and_yarn/file_fetcher.rb', line 68

def ecosystem_versions
  package_managers = {}

  package_managers["npm"] = npm_version if npm_version
  package_managers["yarn"] = yarn_version if yarn_version
  package_managers["pnpm"] = pnpm_version if pnpm_version
  package_managers["unknown"] = 1 if package_managers.empty?

  {
    package_managers: package_managers
  }
end

#fetch_files ⇒ Object

# File 'lib/dependabot/npm_and_yarn/file_fetcher.rb', line 82

def fetch_files
  fetched_files = T.let([], T::Array[DependencyFile])
  fetched_files << package_json
  fetched_files << T.must(npmrc) if npmrc
  fetched_files += npm_files if npm_version
  fetched_files += yarn_files if yarn_version
  fetched_files += pnpm_files if pnpm_version
  fetched_files += lerna_files
  fetched_files += workspace_package_jsons
  fetched_files += path_dependencies(fetched_files)

  # Filter excluded files from final collection
  filtered_files = fetched_files.uniq.reject do |file|
    Dependabot::Experiments.enabled?(:enable_exclude_paths_subdirectory_manifest_files) &&
      !@exclude_paths.empty? && Dependabot::FileFiltering.exclude_path?(file.name, @exclude_paths)
  end

  filtered_files
end