Sha256: 6f27c96c42de644eb2f00e8dfbc580805051718b67a86bb19d0236d8d396f100
Contents?: true
Size: 1.86 KB
Versions: 415
Compression:
Stored size: 1.86 KB
Contents
# frozen_string_literal: true require "dependabot/dependency_file" require "dependabot/npm_and_yarn/file_parser" module Dependabot module NpmAndYarn class FileParser class YarnLockfileParser def initialize(lockfile:) @content = lockfile.content end # This is *extremely* crude, but saves us from having to shell out # to Yarn, which may not be safe def parse yaml = convert_to_yaml lockfile_object = parse_as_yaml(yaml) expand_lockfile_requirements(lockfile_object) end private attr_reader :content # Transform lockfile to parseable YAML by wrapping requirements in # quotes, e.g. ("pkg@1.0.0":) and adding colon to nested # properties (version: "1.0.0") def convert_to_yaml sanitize_requirement = lambda do |line| return line unless line.match?(/^[\w"]/) "\"#{line.gsub(/\"|:\n$/, '')}\":\n" end add_missing_colon = ->(l) { l.sub(/(?<=\w|")\s(?=\w|")/, ": ") } content.lines.map(&sanitize_requirement).map(&add_missing_colon).join end def parse_as_yaml(yaml) YAML.safe_load(yaml) rescue Psych::SyntaxError, Psych::DisallowedClass, Psych::BadAlias {} end # Split all comma separated keys and duplicate the lockfile entry # so we get one entry per version requirement, this is needed when # one of the requirements specifies a file: requirement, e.g. # "pkga@file:./pkg, pkgb@1.0.0 and we want to check this in # `details_from_yarn_lock` def expand_lockfile_requirements(lockfile_object) lockfile_object.to_a.each_with_object({}) do |(names, val), res| names.split(", ").each { |name| res[name] = val } end end end end end end
Version data entries
415 entries across 415 versions & 1 rubygems