Sha256: 14fde538d17ab0e84713bef815aa4ade25fdc8e145037dd1af7a22857704125a

Contents?: true

Size: 1.8 KB

Versions: 126

Compression:

Stored size: 1.8 KB

Contents

# frozen_string_literal: true

require "excon"
require "dependabot/npm_and_yarn/update_checker"
require "dependabot/shared_helpers"

module Dependabot
  module NpmAndYarn
    class UpdateChecker
      class LibraryDetector
        def initialize(package_json_file:)
          @package_json_file = package_json_file
        end

        def library?
          return false unless package_json_may_be_for_library?

          npm_response_matches_package_json?
        end

        private

        attr_reader :package_json_file

        def package_json_may_be_for_library?
          return false unless project_name
          return false if project_name.match?(/\{\{.*\}\}/)
          return false unless parsed_package_json["version"]
          return false if parsed_package_json["private"]

          true
        end

        def npm_response_matches_package_json?
          project_description = parsed_package_json["description"]
          return false unless project_description

          # Check if the project is listed on npm. If it is, it's a library
          @project_npm_response ||= Excon.get(
            "https://registry.npmjs.org/#{escaped_project_name}",
            idempotent: true,
            **SharedHelpers.excon_defaults
          )

          return false unless @project_npm_response.status == 200

          @project_npm_response.body.force_encoding("UTF-8").encode.
            include?(project_description)
        rescue Excon::Error::Socket, Excon::Error::Timeout
          false
        end

        def project_name
          parsed_package_json.fetch("name", nil)
        end

        def escaped_project_name
          project_name&.gsub("/", "%2F")
        end

        def parsed_package_json
          @parsed_package_json ||= JSON.parse(package_json_file.content)
        end
      end
    end
  end
end

Version data entries

126 entries across 126 versions & 1 rubygems

Version Path
dependabot-npm_and_yarn-0.95.77 lib/dependabot/npm_and_yarn/update_checker/library_detector.rb
dependabot-npm_and_yarn-0.95.76 lib/dependabot/npm_and_yarn/update_checker/library_detector.rb
dependabot-npm_and_yarn-0.95.75 lib/dependabot/npm_and_yarn/update_checker/library_detector.rb
dependabot-npm_and_yarn-0.95.74 lib/dependabot/npm_and_yarn/update_checker/library_detector.rb
dependabot-npm_and_yarn-0.95.73 lib/dependabot/npm_and_yarn/update_checker/library_detector.rb
dependabot-npm_and_yarn-0.95.72 lib/dependabot/npm_and_yarn/update_checker/library_detector.rb
dependabot-npm_and_yarn-0.95.71 lib/dependabot/npm_and_yarn/update_checker/library_detector.rb
dependabot-npm_and_yarn-0.95.70 lib/dependabot/npm_and_yarn/update_checker/library_detector.rb
dependabot-npm_and_yarn-0.95.69 lib/dependabot/npm_and_yarn/update_checker/library_detector.rb
dependabot-npm_and_yarn-0.95.68 lib/dependabot/npm_and_yarn/update_checker/library_detector.rb
dependabot-npm_and_yarn-0.95.67 lib/dependabot/npm_and_yarn/update_checker/library_detector.rb
dependabot-npm_and_yarn-0.95.66 lib/dependabot/npm_and_yarn/update_checker/library_detector.rb
dependabot-npm_and_yarn-0.95.65 lib/dependabot/npm_and_yarn/update_checker/library_detector.rb
dependabot-npm_and_yarn-0.95.64 lib/dependabot/npm_and_yarn/update_checker/library_detector.rb
dependabot-npm_and_yarn-0.95.63 lib/dependabot/npm_and_yarn/update_checker/library_detector.rb
dependabot-npm_and_yarn-0.95.62 lib/dependabot/npm_and_yarn/update_checker/library_detector.rb
dependabot-npm_and_yarn-0.95.61 lib/dependabot/npm_and_yarn/update_checker/library_detector.rb
dependabot-npm_and_yarn-0.95.60 lib/dependabot/npm_and_yarn/update_checker/library_detector.rb
dependabot-npm_and_yarn-0.95.59 lib/dependabot/npm_and_yarn/update_checker/library_detector.rb
dependabot-npm_and_yarn-0.95.58 lib/dependabot/npm_and_yarn/update_checker/library_detector.rb