Class: Dependabot::Bun::FileParser::BunLock

Inherits:
Object
  • Object
show all
Extended by:
T::Sig
Defined in:
lib/dependabot/bun/file_parser/bun_lock.rb

Instance Method Summary collapse

Constructor Details

#initialize(dependency_file) ⇒ BunLock

Returns a new instance of BunLock.



16
17
18
 
# File 'lib/dependabot/bun/file_parser/bun_lock.rb', line 16

def initialize(dependency_file)
  @dependency_file = dependency_file
end

Instance Method Details

#dependenciesObject 



50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
 
# File 'lib/dependabot/bun/file_parser/bun_lock.rb', line 50

def dependencies
  dependency_set = Dependabot::FileParsers::Base::DependencySet.new

  # bun.lock v0 format:
  # https://github.com/oven-sh/bun/blob/c130df6c589fdf28f9f3c7f23ed9901140bc9349/src/install/bun.lock.zig#L595-L605

  packages = parsed["packages"]
  raise_invalid!("expected 'packages' to be an object") unless packages.is_a?(Hash)

  packages.each do |key, details|
    raise_invalid!("expected 'packages.#{key}' to be an array") unless details.is_a?(Array)

    resolution = details.first
    raise_invalid!("expected 'packages.#{key}[0]' to be a string") unless resolution.is_a?(String)

    name, version = resolution.split(/(?<=\w)\@/)
    next if name.empty?

    semver = Version.semver_for(version)
    next unless semver

    dependency_set << Dependency.new(
      name: name,
      version: semver.to_s,
      package_manager: "bun",
      requirements: []
    )
  end

  dependency_set
end

#details(dependency_name, requirement, _manifest_name) ⇒ Object 



86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
 
# File 'lib/dependabot/bun/file_parser/bun_lock.rb', line 86

def details(dependency_name, requirement, _manifest_name)
  packages = parsed["packages"]
  return unless packages.is_a?(Hash)

  candidates =
    packages
    .select { |name, _| name == dependency_name }
    .values

  # If there's only one entry for this dependency, use it, even if
  # the requirement in the lockfile doesn't match
  if candidates.one?
    parse_details(candidates.first)
  else
    candidate = candidates.find do |label, _|
      label.scan(/(?<=\w)\@(?:npm:)?([^\s,]+)/).flatten.include?(requirement)
    end&.last
    parse_details(candidate)
  end
end

#parsedObject 



21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
 
# File 'lib/dependabot/bun/file_parser/bun_lock.rb', line 21

def parsed
  @parsed ||= begin
    content = begin
      # Since bun.lock is a JSONC file, which is a subset of YAML, we can use YAML to parse it
      YAML.load(T.must(@dependency_file.content))
    rescue Psych::SyntaxError => e
      raise_invalid!("malformed JSONC at line #{e.line}, column #{e.column}")
    end
    raise_invalid!("expected to be an object") unless content.is_a?(Hash)

    version = content["lockfileVersion"]
    raise_invalid!("expected 'lockfileVersion' to be an integer") unless version.is_a?(Integer)
    raise_invalid!("expected 'lockfileVersion' to be >= 0") unless version >= 0

    # configVersion was introduced in Bun v1.3.2 to control install behavior.
    # When present, it must be preserved or Bun will use different install defaults.
    # See https://bun.sh/blog/bun-v1.3.2#lockfile-configversion-stabilizes-install-defaults
    if content.key?("configVersion")
      config_version = content["configVersion"]
      unless config_version.is_a?(Integer) && config_version >= 0
        raise_invalid!("expected 'configVersion' to be a non-negative integer")
      end
    end

    T.let(content, T.untyped)
  end
end