Class: Dependabot::NpmAndYarn::Package::PackageDetailsFetcher

Inherits:

Object

• Object
• Dependabot::NpmAndYarn::Package::PackageDetailsFetcher

Extended by:

T::Sig

Includes:

RegistryCredentialHelpers

Defined in:

lib/dependabot/npm_and_yarn/package/package_details_fetcher.rb

Constant Summary

GLOBAL_REGISTRY =

"registry.npmjs.org"

NPM_OFFICIAL_WEBSITE =

"https://www.npmjs.com"

API_AUTHORIZATION_KEY =

"Authorization"

API_AUTHORIZATION_VALUE_BASIC_PREFIX =

"Basic"

API_RESPONSE_STATUS_SUCCESS_PREFIX =

"2"

RELEASE_TIME_KEY =

"time"

RELEASE_VERSIONS_KEY =

"versions"

RELEASE_DIST_TAGS_KEY =

"dist-tags"

RELEASE_DIST_TAGS_LATEST_KEY =

"latest"

RELEASE_ENGINES_KEY =

"engines"

RELEASE_LANGUAGE_KEY =

"node"

RELEASE_DEPRECATION_KEY =

"deprecated"

RELEASE_REPOSITORY_KEY =

"repository"

RELEASE_PACKAGE_TYPE_KEY =

"type"

RELEASE_PACKAGE_TYPE_GIT =

"git"

RELEASE_PACKAGE_TYPE_NPM =

"npm"

REGISTRY_FILE_NPMRC =

".npmrc"

REGISTRY_FILE_YARNRC =

".yarnrc"

REGISTRY_FILE_YARNRC_YML =

".yarnrc.yml"

Instance Attribute Summary

• #credentials ⇒ Object readonly

  Returns the value of attribute credentials.

• #dependency ⇒ Object readonly

  Returns the value of attribute dependency.

• #dependency_files ⇒ Object readonly

  Returns the value of attribute dependency_files.

Instance Method Summary

• #custom_registry? ⇒ Boolean
• #dependency_url ⇒ Object
• #fetch ⇒ Object
• #initialize(dependency:, dependency_files:, credentials:) ⇒ PackageDetailsFetcher constructor

  A new instance of PackageDetailsFetcher.

• #npm_details ⇒ Object
• #valid_npm_details? ⇒ Boolean
• #yanked?(version) ⇒ Boolean

Constructor Details

#initialize(dependency:, dependency_files:, credentials:) ⇒ PackageDetailsFetcher

Returns a new instance of PackageDetailsFetcher.

# File 'lib/dependabot/npm_and_yarn/package/package_details_fetcher.rb', line 49

def initialize(
  dependency:,
  dependency_files:,
  credentials:
)
  @dependency = T.let(dependency, Dependabot::Dependency)
  @dependency_files = T.let(dependency_files, T::Array[Dependabot::DependencyFile])
  @credentials = T.let(credentials, T::Array[Dependabot::Credential])

  @npm_details = T.let(nil, T.nilable(T::Hash[String, T.untyped]))
  @dist_tags = T.let(nil, T.nilable(T::Hash[String, String]))
  @registry_finder = T.let(nil, T.nilable(Package::RegistryFinder))
  @version_endpoint_working = T.let(nil, T.nilable(T::Boolean))
  @yanked = T.let({}, T::Hash[Gem::Version, T.nilable(T::Boolean)])
end

Instance Attribute Details

#credentials ⇒ Object (readonly)

Returns the value of attribute credentials.

# File 'lib/dependabot/npm_and_yarn/package/package_details_fetcher.rb', line 69

def credentials
  @credentials
end

#dependency ⇒ Object (readonly)

Returns the value of attribute dependency.

# File 'lib/dependabot/npm_and_yarn/package/package_details_fetcher.rb', line 66

def dependency
  @dependency
end

#dependency_files ⇒ Object (readonly)

Returns the value of attribute dependency_files.

# File 'lib/dependabot/npm_and_yarn/package/package_details_fetcher.rb', line 72

def dependency_files
  @dependency_files
end

Instance Method Details

#custom_registry? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/dependabot/npm_and_yarn/package/package_details_fetcher.rb', line 95

def custom_registry?
  registry_finder.custom_registry?
end

#dependency_url ⇒ Object

# File 'lib/dependabot/npm_and_yarn/package/package_details_fetcher.rb', line 100

def dependency_url
  if (configured_registry = configured_registry_from_credentials)
    escaped_dependency_name = dependency.name.gsub("/", "%2F")
    return "#{configured_registry}/#{escaped_dependency_name}"
  end

  registry_finder.dependency_url
end

#fetch ⇒ Object

# File 'lib/dependabot/npm_and_yarn/package/package_details_fetcher.rb', line 75

def fetch
  package_data = npm_details
  Dependabot::Package::PackageDetails.new(
    dependency: @dependency,
    releases: package_data ? parse_versions(package_data) : [],
    dist_tags: dist_tags
  )
end

#npm_details ⇒ Object

# File 'lib/dependabot/npm_and_yarn/package/package_details_fetcher.rb', line 90

def npm_details
  @npm_details ||= fetch_npm_details
end

#valid_npm_details? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/dependabot/npm_and_yarn/package/package_details_fetcher.rb', line 85

def valid_npm_details?
  !dist_tags.nil?
end

#yanked?(version) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/dependabot/npm_and_yarn/package/package_details_fetcher.rb', line 110

def yanked?(version)
  return @yanked[version] || false if @yanked.key?(version)

  @yanked[version] =
    begin
      if dependency_registry == GLOBAL_REGISTRY
        status = Dependabot::RegistryClient.head(
          url: registry_finder.tarball_url(version),
          headers: registry_auth_headers
        ).status
      else
        status = Dependabot::RegistryClient.get(
          url: dependency_url + "/#{version}",
          headers: registry_auth_headers
        ).status

        if status == 404
          # Some registries don't handle escaped package names properly
          status = Dependabot::RegistryClient.get(
            url: dependency_url.gsub("%2F", "/") + "/#{version}",
            headers: registry_auth_headers
          ).status
        end
      end

      version_not_found = status == 404
      version_not_found && version_endpoint_working?
    rescue Excon::Error::Timeout, Excon::Error::Socket
      # Give the benefit of the doubt if the registry is playing up
      false
    end

  @yanked[version] || false
end