Class: Dependabot::Deno::FileParser

Inherits:

FileParsers::Base

• Object
• FileParsers::Base
• Dependabot::Deno::FileParser

Extended by:

T::Sig

Defined in:

lib/dependabot/deno/file_parser.rb

Constant Summary

ECOSYSTEM =

"deno"

MANIFEST_FILENAMES =

T.let(%w(deno.json deno.jsonc).freeze, T::Array[String])

JSR_SPECIFIER =

Matches jsr:@scope/name[/subpath] or npm:[@scope/]name[/subpath] Constraint and subpath are both optional per Deno’s specifier format.

%r{\Ajsr:(?<name>@[^@/]+/[^@/]+)(?:@(?<constraint>[^/]+))?(?:/[^\s]*)?\z}

NPM_SPECIFIER =

%r{\Anpm:(?<name>(?:@[^/]+/)?[^@/]+)(?:@(?<constraint>[^/]+))?(?:/[^\s]*)?\z}

JSONC_TOKEN =

Matches either a JSON string literal (with escapes), a line comment, a block comment, or a trailing comma. The alternation lets gsub preserve strings while stripping the JSONC-only constructs, so e.g. “//” inside a URL value is not mistaken for the start of a comment.

%r{
  ("(?:\\.|[^"\\])*")    # JSON string literal
  | //[^\n]*             # line comment
  | /\*.*?\*/            # block comment
  | ,(?=\s*[\}\]])       # trailing comma
}mx

Instance Method Summary

• #parse ⇒ Object

Instance Method Details

#parse ⇒ Object

# File 'lib/dependabot/deno/file_parser.rb', line 35

def parse
  # Multiple import aliases can reference the same underlying package
  # (e.g. "@std/path" and "@std/path/posix"). Keyed dedup by name +
  # source type collapses those without merging across registries — our
  # update checker only queries the first requirement's source, so
  # mixing jsr+npm under one Dependency would silently miss updates.
  # When the same name+source appears with different constraints, every
  # constraint is preserved as a separate requirement entry so callers
  # can update them all.
  deps_by_key = {}

  imports.each do |_alias_name, specifier|
    dep = parse_specifier(specifier.to_s)
    next unless dep

    key = [dep.name, T.must(dep.requirements.first)[:source][:type]]
    existing = deps_by_key[key]
    deps_by_key[key] = if existing
                         Dependabot::Dependency.new(
                           name: existing.name,
                           version: existing.version,
                           requirements: (existing.requirements + dep.requirements).uniq,
                           package_manager: existing.package_manager
                         )
                       else
                         dep
                       end
  end

  deps_by_key.values.sort_by(&:name)
end