Class: Dependabot::NpmAndYarn::FileParser::LockfileParser

Inherits:
Object
  • Object
show all
Extended by:
T::Sig
Defined in:
lib/dependabot/npm_and_yarn/file_parser/lockfile_parser.rb

Instance Method Summary collapse

Constructor Details

#initialize(dependency_files:) ⇒ LockfileParser

Returns a new instance of LockfileParser.



20
21
22
 
# File 'lib/dependabot/npm_and_yarn/file_parser/lockfile_parser.rb', line 20

def initialize(dependency_files:)
  @dependency_files = dependency_files
end

Instance Method Details

#lockfile_details(dependency_name:, requirement:, manifest_name:) ⇒ Object 



48
49
50
51
52
53
54
55
56
57
 
# File 'lib/dependabot/npm_and_yarn/file_parser/lockfile_parser.rb', line 48

def lockfile_details(dependency_name:, requirement:, manifest_name:)
  details = T.let(nil, T.nilable(T::Hash[String, T.untyped]))
  potential_lockfiles_for_manifest(manifest_name).each do |lockfile|
    details = lockfile_for(lockfile).details(dependency_name, requirement, manifest_name)

    break if details
  end

  details
end

#parseObject 



40
41
42
 
# File 'lib/dependabot/npm_and_yarn/file_parser/lockfile_parser.rb', line 40

def parse
  Helpers.dependencies_with_all_versions_metadata(parse_set)
end

#parse_setObject 



25
26
27
28
29
30
31
32
33
34
35
36
37
 
# File 'lib/dependabot/npm_and_yarn/file_parser/lockfile_parser.rb', line 25

def parse_set
  dependency_set = Dependabot::FileParsers::Base::DependencySet.new

  # NOTE: The DependencySet will de-dupe our dependencies, so they
  # end up unique by name. That's not a perfect representation of
  # the nested nature of JS resolution, but it makes everything work
  # comparably to other flat-resolution strategies
  (yarn_locks + pnpm_locks + package_locks + shrinkwraps).each do |file|
    dependency_set += lockfile_for(file).dependencies
  end

  dependency_set
end