Class: Licensed::Sources::NPM

Inherits:

Source

• Object
• Source
• Licensed::Sources::NPM

Defined in:

lib/licensed/sources/npm.rb

Defined Under Namespace

Classes: Dependency

Instance Attribute Summary

Attributes inherited from Source

#config

Class Method Summary

• .type ⇒ Object

Instance Method Summary

• #enabled? ⇒ Boolean
• #enumerate_dependencies ⇒ Object
• #include_non_production? ⇒ Boolean

  Returns whether to include non production dependencies based on the licensed configuration settings.

• #npm_version ⇒ Object

  Returns the currently installed version of npm as a Gem::Version object.

• #package_metadata ⇒ Object

  Returns parsed package metadata returned from ‘npm list`.

• #package_metadata_args ⇒ Object

  Returns an array of arguments that should be used for all ‘npm list` calls, regardless of how the output is formatted.

• #package_metadata_command ⇒ Object

  Returns the output from running ‘npm list` to get package metadata.

• #package_metadata_error ⇒ Object

  Returns an error, if one exists, from running ‘npm list` to get package metadata.

• #packages ⇒ Object
• #recursive_dependencies(dependencies, result = {}) ⇒ Object

  Recursively parse dependency JSON data.

• #yarn_lock_present ⇒ Object

  Returns true if a yarn.lock file exists in the current directory.

Methods inherited from Source

#dependencies, #ignored?, inherited, #initialize

Constructor Details

This class inherits a constructor from Licensed::Sources::Source

Class Method Details

.type ⇒ Object

# File 'lib/licensed/sources/npm.rb', line 26

def self.type
  "npm"
end

Instance Method Details

#enabled? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/licensed/sources/npm.rb', line 30

def enabled?
  Licensed::Shell.tool_available?("npm") && File.exist?(config.pwd.join("package.json"))
end

#enumerate_dependencies ⇒ Object

# File 'lib/licensed/sources/npm.rb', line 34

def enumerate_dependencies
  packages.map do |name, package|
    path = package["path"]
    Dependency.new(
      name: name,
      version: package["version"],
      path: path,
      metadata: {
        "type"     => NPM.type,
        "name"     => package["name"],
        "summary"  => package["description"],
        "homepage" => package["homepage"]
      }
    )
  end
end

#include_non_production? ⇒ Boolean

Returns whether to include non production dependencies based on the licensed configuration settings

Returns:

• (Boolean)

# File 'lib/licensed/sources/npm.rb', line 132

def include_non_production?
  config.dig("npm", "production_only") == false
end

#npm_version ⇒ Object

Returns the currently installed version of npm as a Gem::Version object

# File 'lib/licensed/sources/npm.rb', line 120

def npm_version
  @npm_version ||= begin
    Gem::Version.new(Licensed::Shell.execute("npm", "-v").strip)
  end
end

#package_metadata ⇒ Object

Returns parsed package metadata returned from ‘npm list`

# File 'lib/licensed/sources/npm.rb', line 80

def package_metadata
  return @package_metadata if defined?(@package_metadata)
  @package_metadata = JSON.parse(package_metadata_command)
rescue JSON::ParserError => e
  message = "Licensed was unable to parse the output from 'npm list'. JSON Error: #{e.message}"
  npm_error = package_metadata_error
  message = "#{message}. npm Error: #{npm_error}" if npm_error
  raise Licensed::Sources::Source::Error, message
end

#package_metadata_args ⇒ Object

Returns an array of arguments that should be used for all ‘npm list` calls, regardless of how the output is formatted

# File 'lib/licensed/sources/npm.rb', line 108

def package_metadata_args
  args = []
  args << "--production" unless include_non_production?

  # on npm 7+, the --all argument is necessary to evaluate the project's
  # full dependency tree
  args << "--all" if npm_version >= Gem::Version.new("7.0.0")

  return args
end

#package_metadata_command ⇒ Object

Returns the output from running ‘npm list` to get package metadata

# File 'lib/licensed/sources/npm.rb', line 99

def package_metadata_command
  args = %w(--json --long)
  args.concat(package_metadata_args)

  Licensed::Shell.execute("npm", "list", *args, allow_failure: true)
end

#package_metadata_error ⇒ Object

Returns an error, if one exists, from running ‘npm list` to get package metadata

# File 'lib/licensed/sources/npm.rb', line 91

def package_metadata_error
  Licensed::Shell.execute("npm", "list", *package_metadata_args)
  return ""
rescue Licensed::Shell::Error => e
  return e.message
end

#packages ⇒ Object

# File 'lib/licensed/sources/npm.rb', line 51

def packages
  root_dependencies = package_metadata["dependencies"]
  recursive_dependencies(root_dependencies).each_with_object({}) do |(name, results), hsh|
    results.uniq! { |package| package["version"] }
    if results.size == 1
      hsh[name] = results[0]
    else
      results.each do |package|
        name_with_version = "#{name}-#{package["version"]}"
        hsh[name_with_version] = package
      end
    end
  end
end

#recursive_dependencies(dependencies, result = {}) ⇒ Object

Recursively parse dependency JSON data. Returns a hash mapping the package name to it’s metadata

# File 'lib/licensed/sources/npm.rb', line 68

def recursive_dependencies(dependencies, result = {})
  dependencies.each do |name, dependency|
    next if dependency["peerMissing"]
    next if yarn_lock_present && dependency["missing"]
    dependency["name"] = name
    (result[name] ||= []) << dependency
    recursive_dependencies(dependency["dependencies"] || {}, result)
  end
  result
end

#yarn_lock_present ⇒ Object

Returns true if a yarn.lock file exists in the current directory

# File 'lib/licensed/sources/npm.rb', line 127

def yarn_lock_present
  @yarn_lock_present ||= File.exist?(config.pwd.join("yarn.lock"))
end