Contents

# frozen_string_literal: true

module Spandx
  module Parsers
    class PipfileLock < Base
      def self.matches?(filename)
        filename.match?(/Pipfile.*\.lock/)
      end

      def parse(lockfile)
        results = []
        dependencies_from(lockfile) do |x|
          results << Dependency.new(
            name: x[:name],
            version: x[:version],
            licenses: x[:licenses]
          )
        end
        results
      end

      private

      def dependencies_from(lockfile)
        json = JSON.parse(IO.read(lockfile))
        each_dependency(pypi_for(json), json) do |name, version, definition|
          yield({ name: name, version: version, licenses: [catalogue[definition['license']]] })
        end
      end

      def each_dependency(pypi, json, groups: %w[default develop])
        groups.each do |group|
          json[group].each do |name, value|
            version = canonicalize(value['version'])
            yield name, version, pypi.definition_for(name, version)
          end
        end
      end

      def canonicalize(version)
        version.gsub(/==/, '')
      end

      def pypi_for(json)
        Gateways::PyPI.new(
          sources: Gateways::PyPI::Source.sources_from(json)
        )
      end
    end
  end
end

Version data entries

9 entries across 9 versions & 1 rubygems

Version	Path
spandx-0.5.0	lib/spandx/parsers/pipfile_lock.rb
spandx-0.4.1	lib/spandx/parsers/pipfile_lock.rb
spandx-0.4.0	lib/spandx/parsers/pipfile_lock.rb
spandx-0.3.0	lib/spandx/parsers/pipfile_lock.rb
spandx-0.2.0	lib/spandx/parsers/pipfile_lock.rb
spandx-0.1.7	lib/spandx/parsers/pipfile_lock.rb
spandx-0.1.6	lib/spandx/parsers/pipfile_lock.rb
spandx-0.1.5	lib/spandx/parsers/pipfile_lock.rb
spandx-0.1.4	lib/spandx/parsers/pipfile_lock.rb