Sha256: 6f27c96c42de644eb2f00e8dfbc580805051718b67a86bb19d0236d8d396f100

Contents?: true

Size: 1.86 KB

Versions: 415

Compression:

Stored size: 1.86 KB

Contents

# frozen_string_literal: true

require "dependabot/dependency_file"
require "dependabot/npm_and_yarn/file_parser"

module Dependabot
  module NpmAndYarn
    class FileParser
      class YarnLockfileParser
        def initialize(lockfile:)
          @content = lockfile.content
        end

        # This is *extremely* crude, but saves us from having to shell out
        # to Yarn, which may not be safe
        def parse
          yaml = convert_to_yaml
          lockfile_object = parse_as_yaml(yaml)
          expand_lockfile_requirements(lockfile_object)
        end

        private

        attr_reader :content

        # Transform lockfile to parseable YAML by wrapping requirements in
        # quotes, e.g. ("pkg@1.0.0":) and adding colon to nested
        # properties (version: "1.0.0")
        def convert_to_yaml
          sanitize_requirement = lambda do |line|
            return line unless line.match?(/^[\w"]/)

            "\"#{line.gsub(/\"|:\n$/, '')}\":\n"
          end
          add_missing_colon = ->(l) { l.sub(/(?<=\w|")\s(?=\w|")/, ": ") }

          content.lines.map(&sanitize_requirement).map(&add_missing_colon).join
        end

        def parse_as_yaml(yaml)
          YAML.safe_load(yaml)
        rescue Psych::SyntaxError, Psych::DisallowedClass, Psych::BadAlias
          {}
        end

        # Split all comma separated keys and duplicate the lockfile entry
        # so we get one entry per version requirement, this is needed when
        # one of the requirements specifies a file: requirement, e.g.
        # "pkga@file:./pkg, pkgb@1.0.0 and we want to check this in
        # `details_from_yarn_lock`
        def expand_lockfile_requirements(lockfile_object)
          lockfile_object.to_a.each_with_object({}) do |(names, val), res|
            names.split(", ").each { |name| res[name] = val }
          end
        end
      end
    end
  end
end

Version data entries

415 entries across 415 versions & 1 rubygems

Version Path
dependabot-npm_and_yarn-0.213.0 lib/dependabot/npm_and_yarn/file_parser/yarn_lockfile_parser.rb
dependabot-npm_and_yarn-0.212.0 lib/dependabot/npm_and_yarn/file_parser/yarn_lockfile_parser.rb
dependabot-npm_and_yarn-0.211.0 lib/dependabot/npm_and_yarn/file_parser/yarn_lockfile_parser.rb
dependabot-npm_and_yarn-0.210.0 lib/dependabot/npm_and_yarn/file_parser/yarn_lockfile_parser.rb
dependabot-npm_and_yarn-0.209.0 lib/dependabot/npm_and_yarn/file_parser/yarn_lockfile_parser.rb
dependabot-npm_and_yarn-0.208.0 lib/dependabot/npm_and_yarn/file_parser/yarn_lockfile_parser.rb
dependabot-npm_and_yarn-0.207.0 lib/dependabot/npm_and_yarn/file_parser/yarn_lockfile_parser.rb
dependabot-npm_and_yarn-0.206.0 lib/dependabot/npm_and_yarn/file_parser/yarn_lockfile_parser.rb
dependabot-npm_and_yarn-0.205.1 lib/dependabot/npm_and_yarn/file_parser/yarn_lockfile_parser.rb
dependabot-npm_and_yarn-0.205.0 lib/dependabot/npm_and_yarn/file_parser/yarn_lockfile_parser.rb
dependabot-npm_and_yarn-0.204.0 lib/dependabot/npm_and_yarn/file_parser/yarn_lockfile_parser.rb
dependabot-npm_and_yarn-0.203.0 lib/dependabot/npm_and_yarn/file_parser/yarn_lockfile_parser.rb
dependabot-npm_and_yarn-0.202.0 lib/dependabot/npm_and_yarn/file_parser/yarn_lockfile_parser.rb
dependabot-npm_and_yarn-0.201.1 lib/dependabot/npm_and_yarn/file_parser/yarn_lockfile_parser.rb
dependabot-npm_and_yarn-0.201.0 lib/dependabot/npm_and_yarn/file_parser/yarn_lockfile_parser.rb
dependabot-npm_and_yarn-0.200.0 lib/dependabot/npm_and_yarn/file_parser/yarn_lockfile_parser.rb
dependabot-npm_and_yarn-0.199.0 lib/dependabot/npm_and_yarn/file_parser/yarn_lockfile_parser.rb
dependabot-npm_and_yarn-0.198.0 lib/dependabot/npm_and_yarn/file_parser/yarn_lockfile_parser.rb
dependabot-npm_and_yarn-0.197.0 lib/dependabot/npm_and_yarn/file_parser/yarn_lockfile_parser.rb
dependabot-npm_and_yarn-0.196.4 lib/dependabot/npm_and_yarn/file_parser/yarn_lockfile_parser.rb