Class: Dependabot::NpmAndYarn::FileParser::LockfileParser

Inherits:

Object

Object
Dependabot::NpmAndYarn::FileParser::LockfileParser

show all

Extended by:: T::Sig

Defined in:: lib/dependabot/npm_and_yarn/file_parser/lockfile_parser.rb

Constant Summary collapse

DEFAULT_LOCKFILES =

%w(package-lock.json yarn.lock pnpm-lock.yaml npm-shrinkwrap.json).freeze

LockFile =

T.type_alias { T.any(JsonLock, YarnLock, PnpmLock) }

Instance Method Summary collapse

#initialize(dependency_files:, dealias_packages: false) ⇒ LockfileParser constructor

A new instance of LockfileParser.
#lockfile_details(dependency_name:, requirement:, manifest_name:) ⇒ Object
#parse ⇒ Object
#parse_set ⇒ Object

Constructor Details

#initialize(dependency_files:, dealias_packages: false) ⇒ `LockfileParser`

Returns a new instance of LockfileParser.

# File 'lib/dependabot/npm_and_yarn/file_parser/lockfile_parser.rb', line 24

def initialize(dependency_files:, dealias_packages: false)
  @dependency_files = dependency_files
  @dealias_packages = dealias_packages
end

Instance Method Details

#lockfile_details(dependency_name:, requirement:, manifest_name:) ⇒ `Object`

# File 'lib/dependabot/npm_and_yarn/file_parser/lockfile_parser.rb', line 53

def lockfile_details(dependency_name:, requirement:, manifest_name:)
  details = T.let(nil, T.nilable(T::Hash[String, T.untyped]))
  potential_lockfiles_for_manifest(manifest_name).each do |lockfile|
    details = lockfile_for(lockfile).details(dependency_name, requirement, manifest_name)

    break if details
  end

  details
end

#parse ⇒ `Object`



45
46
47

# File 'lib/dependabot/npm_and_yarn/file_parser/lockfile_parser.rb', line 45

def parse
  Helpers.dependencies_with_all_versions_metadata(parse_set)
end

#parse_set ⇒ `Object`

# File 'lib/dependabot/npm_and_yarn/file_parser/lockfile_parser.rb', line 30

def parse_set
  dependency_set = Dependabot::FileParsers::Base::DependencySet.new

  # NOTE: The DependencySet will de-dupe our dependencies, so they
  # end up unique by name. That's not a perfect representation of
  # the nested nature of JS resolution, but it makes everything work
  # comparably to other flat-resolution strategies
  (yarn_locks + pnpm_locks + package_locks + shrinkwraps).each do |file|
    dependency_set += lockfile_for(file).dependencies
  end

  dependency_set
end

Class: Dependabot::NpmAndYarn::FileParser::LockfileParser

Constant Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(dependency_files:, dealias_packages: false) ⇒ LockfileParser

Instance Method Details

#lockfile_details(dependency_name:, requirement:, manifest_name:) ⇒ Object

#parse ⇒ Object

#parse_set ⇒ Object

#initialize(dependency_files:, dealias_packages: false) ⇒ `LockfileParser`

#lockfile_details(dependency_name:, requirement:, manifest_name:) ⇒ `Object`

#parse ⇒ `Object`

#parse_set ⇒ `Object`