Class: Dependabot::NpmAndYarn::FileUpdater::NpmrcBuilder

Inherits:
Object
  • Object
show all
Extended by:
T::Sig
Defined in:
lib/dependabot/npm_and_yarn/file_updater/npmrc_builder.rb

Overview

Build a .npmrc file from the lockfile content, credentials, and any committed .npmrc We should refactor this to use Package::RegistryFinder

Constant Summary collapse

CENTRAL_REGISTRIES = 
T.let(
  %w(
    registry.npmjs.org
    registry.yarnpkg.com
  ).freeze,
  T::Array[String]
)
SCOPED_REGISTRY = 
/^\s*@(?<scope>\S+):registry\s*=\s*(?<registry>\S+)/

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(dependency_files:, credentials:, dependencies: []) ⇒ NpmrcBuilder

Returns a new instance of NpmrcBuilder.



35
36
37
38
39
 
# File 'lib/dependabot/npm_and_yarn/file_updater/npmrc_builder.rb', line 35

def initialize(dependency_files:, credentials:, dependencies: [])
  @dependency_files = dependency_files
  @credentials = credentials
  @dependencies = dependencies
end

Class Method Details

.npmrc_content_from_credentials(credentials) ⇒ Object 



46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
 
# File 'lib/dependabot/npm_and_yarn/file_updater/npmrc_builder.rb', line 46

def self.npmrc_content_from_credentials(credentials)
  registry_creds = credentials.select { |cred| cred.fetch("type") == "npm_registry" }
  replaces_base_cred = registry_creds.find(&:replaces_base?)
  scoped_credentials = registry_creds.select { |cred| cred.scope && cred["registry"] }
  return if replaces_base_cred.nil? && scoped_credentials.empty?

  lines = T.let([], T::Array[String])

  if replaces_base_cred
    registry = replaces_base_cred.fetch("registry")
    registry_url = registry.start_with?("http") ? registry : "https://#{registry}"
    lines << "registry=#{registry_url}"
  end

  scoped_credentials.each do |cred|
    registry = cred.fetch("registry")
    registry_url = registry.start_with?("http") ? registry : "https://#{registry}"
    T.must(cred.scope).each do |s|
      lines << "#{Helpers.normalize_npm_scope(s)}:registry=#{registry_url}"
    end
  end

  lines.join("\n")
end

Instance Method Details

#npmrc_contentObject 



75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
 
# File 'lib/dependabot/npm_and_yarn/file_updater/npmrc_builder.rb', line 75

def npmrc_content
  # When credentials have explicit scope, always generate from credentials
  # (overrides committed .npmrc and lockfile inference)
  if credentials_have_scope?
    Dependabot.logger.info(
      "Generating .npmrc from credential scope configuration (committed .npmrc ignored)"
    )
    return build_npmrc_from_scope_credentials
  end

  initial_content =
    if npmrc_file then complete_npmrc_from_credentials
    elsif yarnrc_file then build_npmrc_from_yarnrc
    else
      build_npmrc_content_from_lockfile || build_npmrc_content_from_credential_scopes
    end

  final_content = initial_content || ""

  return final_content unless registry_credentials.any?

  credential_lines_for_npmrc.each do |credential_line|
    next if final_content.include?(credential_line)

    final_content = [final_content, credential_line].reject(&:empty?).join("\n")
  end

  final_content
end

#yarnrc_contentObject 



110
111
112
113
114
115
116
117
118
119
 
# File 'lib/dependabot/npm_and_yarn/file_updater/npmrc_builder.rb', line 110

def yarnrc_content
  initial_content =
    if npmrc_file then complete_yarnrc_from_credentials
    elsif yarnrc_file then build_yarnrc_from_yarnrc
    else
      build_yarnrc_content_from_lockfile
    end

  initial_content || ""
end