Class: Dependabot::NpmAndYarn::FileFetcher

Inherits:
FileFetchers::Base
  • Object
show all
Extended by:
T::Helpers, T::Sig
Defined in:
lib/dependabot/npm_and_yarn/file_fetcher.rb,
lib/dependabot/npm_and_yarn/file_fetcher/path_dependency_builder.rb

Overview

rubocop:disable Metrics/ClassLength

Defined Under Namespace

Classes: PathDependencyBuilder

Constant Summary collapse

NPM_PATH_DEPENDENCY_STARTS =

Npm always prefixes file paths in the lockfile "version" with "file:" even when a naked path is used (e.g. "../dep")

T.let(%w(file:).freeze, [String])
PATH_DEPENDENCY_STARTS =

"link:" is only supported by Yarn but is interchangeable with "file:" when it specifies a path. Only include Yarn "link:"'s that start with a path and ignore symlinked package names that have been registered with "yarn link", e.g. "link:react"

T.let(
  %w(file: link:. link:/ link:~/ / ./ ../ ~/).freeze,
  [String, String, String, String, String, String, String, String]
)
PATH_DEPENDENCY_CLEAN_REGEX = 
/^file:|^link:/
DEFAULT_NPM_REGISTRY = 
"https://registry.npmjs.org"

Class Method Summary collapse

Instance Method Summary collapse

Class Method Details

.required_files_in?(filenames) ⇒ Boolean

Returns:

  • (Boolean) 


40
41
42
 
# File 'lib/dependabot/npm_and_yarn/file_fetcher.rb', line 40

def self.required_files_in?(filenames)
  filenames.include?("package.json")
end

.required_files_messageObject 



45
46
47
 
# File 'lib/dependabot/npm_and_yarn/file_fetcher.rb', line 45

def self.required_files_message
  "Repo must contain a package.json."
end

Instance Method Details

#clone_repo_contentsObject 



51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
 
# File 'lib/dependabot/npm_and_yarn/file_fetcher.rb', line 51

def clone_repo_contents
  return @git_lfs_cloned_repo_contents_path unless @git_lfs_cloned_repo_contents_path.nil?

  @git_lfs_cloned_repo_contents_path ||= T.let(super, T.nilable(String))
  begin
    SharedHelpers.with_git_configured(credentials: credentials) do
      Dir.chdir(@git_lfs_cloned_repo_contents_path) do
        cache_dir = Helpers.fetch_yarnrc_yml_value("cacheFolder", "./yarn/cache")
        SharedHelpers.run_shell_command("git lfs pull --include .yarn,#{cache_dir}")
      end
      @git_lfs_cloned_repo_contents_path
    end
  rescue StandardError
    @git_lfs_cloned_repo_contents_path
  end
end

#ecosystem_versionsObject 



69
70
71
72
73
74
75
76
77
78
79
80
 
# File 'lib/dependabot/npm_and_yarn/file_fetcher.rb', line 69

def ecosystem_versions
  package_managers = {}

  package_managers["npm"] = npm_version if npm_version
  package_managers["yarn"] = yarn_version if yarn_version
  package_managers["pnpm"] = pnpm_version if pnpm_version
  package_managers["unknown"] = 1 if package_managers.empty?

  {
    package_managers: package_managers
  }
end

#fetch_filesObject

rubocop:disable Metrics/AbcSize, Metrics/PerceivedComplexity



83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
 
# File 'lib/dependabot/npm_and_yarn/file_fetcher.rb', line 83

def fetch_files # rubocop:disable Metrics/AbcSize, Metrics/PerceivedComplexity
  fetched_files = T.let([], T::Array[DependencyFile])
  fetched_files << package_json
  fetched_files << T.must(npmrc) if npmrc && !scope_overrides_npmrc?
  fetched_files += npm_files if npm_version
  fetched_files += yarn_files if yarn_version
  fetched_files += pnpm_files if pnpm_version
  fetched_files += lerna_files
  fetched_files += workspace_package_jsons
  fetched_files += path_dependencies(fetched_files)

  # When no package manager version is detected at all (no lockfile, no
  # packageManager, no engines) AND no committed .npmrc exists, the
  # inferred_npmrc path inside npm_files is never reached. Try generating
  # an .npmrc from scope credentials, or reject if no config is available.
  # Skip for yarn/pnpm-only projects where npm isn't the relevant manager.
  if no_package_manager_detected? && npmrc.nil?
    generated = inferred_npmrc
    fetched_files << generated if generated
    reject_if_private_registry_without_config! unless generated
  end

  # Filter excluded files from final collection
  filtered_files = fetched_files.uniq.reject do |file|
    Dependabot::Experiments.enabled?(:enable_exclude_paths_subdirectory_manifest_files) &&
      !@exclude_paths.empty? && Dependabot::FileFiltering.exclude_path?(file.name, @exclude_paths)
  end

  filtered_files
end