Class: Dependabot::NpmAndYarn::FileParser::PnpmLock

Inherits:
Object
  • Object
show all
Defined in:
lib/dependabot/npm_and_yarn/file_parser/pnpm_lock.rb

Instance Method Summary collapse

Constructor Details

#initialize(dependency_file) ⇒ PnpmLock

Returns a new instance of PnpmLock.



10
11
12
 
# File 'lib/dependabot/npm_and_yarn/file_parser/pnpm_lock.rb', line 10

def initialize(dependency_file)
  @dependency_file = dependency_file
end

Instance Method Details

#dependenciesObject 



28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
 
# File 'lib/dependabot/npm_and_yarn/file_parser/pnpm_lock.rb', line 28

def dependencies
  dependency_set = Dependabot::FileParsers::Base::DependencySet.new

  parsed.each do |details|
    next if details["aliased"]

    name = details["name"]
    version = details["version"]

    dependency_args = {
      name: name,
      version: version,
      package_manager: "npm_and_yarn",
      requirements: []
    }

    if details["dev"]
      dependency_args[:subdependency_metadata] =
        [{ production: !details["dev"] }]
    end

    dependency_set << Dependency.new(**dependency_args)
  end

  dependency_set
end

#details(dependency_name, requirement, _manifest_name) ⇒ Object 



55
56
57
58
59
60
61
62
63
64
65
 
# File 'lib/dependabot/npm_and_yarn/file_parser/pnpm_lock.rb', line 55

def details(dependency_name, requirement, _manifest_name)
  details_candidates = parsed.select { |info| info["name"] == dependency_name }

  # If there's only one entry for this dependency, use it, even if
  # the requirement in the lockfile doesn't match
  if details_candidates.one?
    details_candidates.first
  else
    details_candidates.find { |info| info["specifiers"]&.include?(requirement) }
  end
end

#parsedObject 



14
15
16
17
18
19
20
21
22
23
24
25
26
 
# File 'lib/dependabot/npm_and_yarn/file_parser/pnpm_lock.rb', line 14

def parsed
  @parsed ||= SharedHelpers.in_a_temporary_directory do
    File.write("pnpm-lock.yaml", @dependency_file.content)

    SharedHelpers.run_helper_subprocess(
      command: NativeHelpers.helper_path,
      function: "pnpm:parseLockfile",
      args: [Dir.pwd]
    )
  rescue SharedHelpers::HelperSubprocessFailed
    raise Dependabot::DependencyFileNotParseable, @dependency_file.path
  end
end