Class: Dependabot::NpmAndYarn::FileParser::YarnLock

Inherits:

Object

• Object
• Dependabot::NpmAndYarn::FileParser::YarnLock

Defined in:

lib/dependabot/npm_and_yarn/file_parser/yarn_lock.rb

Instance Method Summary

• #dependencies ⇒ Object
• #details(dependency_name, requirement, _manifest_name) ⇒ Object
• #initialize(dependency_file) ⇒ YarnLock constructor

  A new instance of YarnLock.

• #parsed ⇒ Object

Constructor Details

#initialize(dependency_file) ⇒ YarnLock

Returns a new instance of YarnLock.

# File 'lib/dependabot/npm_and_yarn/file_parser/yarn_lock.rb', line 13

def initialize(dependency_file)
  @dependency_file = dependency_file
end

Instance Method Details

#dependencies ⇒ Object

# File 'lib/dependabot/npm_and_yarn/file_parser/yarn_lock.rb', line 35

def dependencies
  dependency_set = Dependabot::FileParsers::Base::DependencySet.new

  parsed.each do |reqs, details|
    reqs.split(", ").each do |req|
      version = Version.semver_for(details["version"])
      next unless version
      next if alias_package?(req)
      next if workspace_package?(req)
      next if req == "__metadata"

      dependency_set << Dependency.new(
        name: req.split(/(?<=\w)\@/).first,
        version: version.to_s,
        package_manager: "npm_and_yarn",
        requirements: []
      )
    end
  end

  dependency_set
end

#details(dependency_name, requirement, _manifest_name) ⇒ Object

# File 'lib/dependabot/npm_and_yarn/file_parser/yarn_lock.rb', line 58

def details(dependency_name, requirement, _manifest_name)
  details_candidates =
    parsed
    .select { |k, _| k.split(/(?<=\w)\@/)[0] == dependency_name }

  # If there's only one entry for this dependency, use it, even if
  # the requirement in the lockfile doesn't match
  if details_candidates.one?
    details_candidates.first.last
  else
    details_candidates.find do |k, _|
      k.scan(/(?<=\w)\@(?:npm:)?([^\s,]+)/).flatten.include?(requirement)
    end&.last
  end
end

#parsed ⇒ Object

# File 'lib/dependabot/npm_and_yarn/file_parser/yarn_lock.rb', line 17

def parsed
  @parsed ||= SharedHelpers.in_a_temporary_directory do
    File.write("yarn.lock", @dependency_file.content)

    SharedHelpers.run_helper_subprocess(
      command: NativeHelpers.helper_path,
      function: "yarn:parseLockfile",
      args: [Dir.pwd]
    )
  rescue SharedHelpers::HelperSubprocessFailed => e
    raise Dependabot::OutOfDisk, e.message if e.message.end_with?("No space left on device")
    raise Dependabot::OutOfDisk, e.message if e.message.end_with?("Out of diskspace")
    raise Dependabot::OutOfMemory, e.message if e.message.end_with?("MemoryError")

    raise Dependabot::DependencyFileNotParseable, @dependency_file.path
  end
end