Class: Dependabot::NpmAndYarn::FileParser::LockfileParser

Inherits:
Object
  • Object
show all
Extended by:
T::Sig
Defined in:
lib/dependabot/npm_and_yarn/file_parser/lockfile_parser.rb

Constant Summary collapse

DEFAULT_LOCKFILES = 
%w(package-lock.json yarn.lock pnpm-lock.yaml npm-shrinkwrap.json).freeze
LockFile = 
T.type_alias { T.any(JsonLock, YarnLock, PnpmLock) }

Instance Method Summary collapse

Constructor Details

#initialize(dependency_files:) ⇒ LockfileParser 



24
25
26
 
# File 'lib/dependabot/npm_and_yarn/file_parser/lockfile_parser.rb', line 24

def initialize(dependency_files:)
  @dependency_files = dependency_files
end

Instance Method Details

#lockfile_details(dependency_name:, requirement:, manifest_name:) ⇒ Object 



52
53
54
55
56
57
58
59
60
61
 
# File 'lib/dependabot/npm_and_yarn/file_parser/lockfile_parser.rb', line 52

def lockfile_details(dependency_name:, requirement:, manifest_name:)
  details = T.let(nil, T.nilable(T::Hash[String, T.untyped]))
  potential_lockfiles_for_manifest(manifest_name).each do |lockfile|
    details = lockfile_for(lockfile).details(dependency_name, requirement, manifest_name)

    break if details
  end

  details
end

#parseObject 



44
45
46
 
# File 'lib/dependabot/npm_and_yarn/file_parser/lockfile_parser.rb', line 44

def parse
  Helpers.dependencies_with_all_versions_metadata(parse_set)
end

#parse_setObject 



29
30
31
32
33
34
35
36
37
38
39
40
41
 
# File 'lib/dependabot/npm_and_yarn/file_parser/lockfile_parser.rb', line 29

def parse_set
  dependency_set = Dependabot::FileParsers::Base::DependencySet.new

  # NOTE: The DependencySet will de-dupe our dependencies, so they
  # end up unique by name. That's not a perfect representation of
  # the nested nature of JS resolution, but it makes everything work
  # comparably to other flat-resolution strategies
  (yarn_locks + pnpm_locks + package_locks + shrinkwraps).each do |file|
    dependency_set += lockfile_for(file).dependencies
  end

  dependency_set
end