bibliothecary 14.4.0 → 15.1.0

data/lib/bibliothecary/multi_parsers/spdx.rb

@@ -9,9 +9,9 @@ Warning[:experimental] = true
 
 module Bibliothecary
   module MultiParsers
-    module Spdx
+    class Spdx
       include Bibliothecary::Analyser
-      include Bibliothecary::Analyser::TryCache
+      extend Bibliothecary::Analyser::TryCache
 
       # e.g. 'SomeText:' (allowing for leading whitespace)
       WELLFORMED_LINE_REGEXP = /^\s*[a-zA-Z]+:/
@@ -43,19 +43,26 @@ module Bibliothecary
         }
       end
 
-      def parse_spdx_tag_value(file_contents, options: {})
+      def self.platform_name
+        raise "Spdx is a multi-parser and does not have a platform name."
+      end
+
+      def self.parse_spdx_tag_value(file_contents, options: {})
         entries = try_cache(options, options[:filename]) do
-          parse_spdx_tag_value_file_contents(file_contents, options.fetch(:filename, nil))
+          parse_spdx_tag_value_file_contents(
+            file_contents,
+            options.fetch(:filename, nil)
+          )
         end
 
         raise NoEntries if entries.empty?
 
-        Bibliothecary::ParserResult.new(dependencies: entries[platform_name.to_sym] || [])
+        Bibliothecary::ParserResult.new(dependencies: entries.to_a)
       end
 
-      def parse_spdx_tag_value_file_contents(file_contents, source = nil)
-        entries = {}
-        spdx_name = spdx_version = platform = purl_name = purl_version = nil
+      def self.parse_spdx_tag_value_file_contents(file_contents, source = nil)
+        entries = Set.new
+        spdx_name = spdx_version = platform = purl_name = purl_version = purl_type = nil
 
         file_contents.each_line do |line|
           stripped_line = line.strip
@@ -68,10 +75,10 @@ module Bibliothecary
             # > A new package Information section is denoted by the package name (7.1) field.
             add_entry(entries: entries, platform: platform, purl_name: purl_name,
                       spdx_name: spdx_name, purl_version: purl_version, spdx_version: spdx_version,
-                      source: source)
+                      source: source, purl_type: purl_type)
 
             # reset for this new package
-            spdx_name = spdx_version = platform = purl_name = purl_version = nil
+            spdx_name = spdx_version = platform = purl_name = purl_version = purl_type = nil
 
             # capture the new package's name
             spdx_name = match[1]
@@ -79,65 +86,123 @@ module Bibliothecary
             spdx_version = match[1]
           elsif (match = stripped_line.match(PURL_REGEXP))
             purl = PackageURL.parse(match[1])
-            platform ||= PurlUtil::PURL_TYPE_MAPPING[purl.type]
+            purl_type ||= purl&.type
+            # Use the mapped purl->bibliothecary platform, or else fall back to original platform itself.
+            platform = PurlUtil::PURL_TYPE_MAPPING.fetch(purl_type, purl_type)
             purl_name ||= PurlUtil.full_name(purl)
-            purl_version ||= purl.version
+            purl_version ||= purl&.version
           end
         end
 
         add_entry(entries: entries, platform: platform, purl_name: purl_name,
                   spdx_name: spdx_name, purl_version: purl_version, spdx_version: spdx_version,
-                  source: source)
+                  source: source, purl_type: purl_type)
 
         entries
       end
 
-      def skip_tag_value_line?(stripped_line)
+      def self.skip_tag_value_line?(stripped_line)
         # Ignore blank lines and comments
         stripped_line.empty? || stripped_line.start_with?("#")
       end
 
-      def parse_spdx_json(file_contents, options: {})
+      def self.parse_spdx_json(file_contents, options: {})
         entries = try_cache(options, options[:filename]) do
-          parse_spdx_json_file_contents(file_contents, options.fetch(:filename, nil))
+          parse_spdx_json_file_contents(
+            file_contents,
+            options.fetch(:filename, nil)
+          )
         end
 
         raise NoEntries if entries.empty?
 
-        Bibliothecary::ParserResult.new(dependencies: entries[platform_name.to_sym] || [])
+        Bibliothecary::ParserResult.new(dependencies: entries.to_a)
       end
 
-      def parse_spdx_json_file_contents(file_contents, source = nil)
-        entries = {}
+      def self.parse_spdx_json_file_contents(file_contents, source = nil)
         manifest = JSON.parse(file_contents)
 
+        if manifest.key?("spdxVersion")
+          parse_spdx_2_json_file_contents(manifest, source)
+        elsif manifest.key?("@context")
+          parse_spdx_3_json_file_contents(manifest, source)
+        else
+          Set.new
+        end
+      end
+
+      def self.parse_spdx_2_json_file_contents(manifest, source)
+        entries = Set.new
         manifest["packages"]&.each do |package|
           spdx_name = package["name"]
           spdx_version = package["versionInfo"]
 
           first_purl_string = package["externalRefs"]&.find { |ref| ref["referenceType"] == "purl" }&.dig("referenceLocator")
           purl = first_purl_string && PackageURL.parse(first_purl_string)
-          platform = PurlUtil::PURL_TYPE_MAPPING[purl&.type]
+          purl_type = purl&.type
+          # Use the mapped purl->bibliothecary platform, or else fall back to original platform itself.
+          platform = PurlUtil::PURL_TYPE_MAPPING.fetch(purl_type, purl_type)
           purl_name = PurlUtil.full_name(purl)
           purl_version = purl&.version
 
           add_entry(entries: entries, platform: platform, purl_name: purl_name,
                     spdx_name: spdx_name, purl_version: purl_version, spdx_version: spdx_version,
-                    source: source)
+                    source: source, purl_type: purl_type)
         end
+        entries
+      end
+
+      def self.parse_spdx_3_json_file_contents(manifest, source)
+        entries = Set.new
+        manifest.fetch("@graph", [])
+          .select do |element|
+            types = Array(element["type"] || element["@type"])
+            # "software_Package" is the common one, but these may differ and include namespaces
+            types.any? { |t| t.to_s.match?(/Package$/i) }
+          end
+          .each do |element|
+            spdx_name = element["name"]
+            spdx_version = element["software_packageVersion"] || element["packageVersion"] || element["versionInfo"]
+
+            purl_string = element["externalIdentifier"]&.find do |ext_id|
+              ext_id_type = ext_id["externalIdentifierType"] || ext_id["identifierType"]
+              ext_id_type&.match?(/purl/i)
+            end&.dig("identifier")
+
+            purl_string ||= element.fetch("externalRef", [])
+              .map { |ref| ref.fetch("locator", nil) }
+              .compact
+              .map(&:first)
+              .find { |locator| locator.start_with?("pkg:") }
+
+            purl_string ||= element.fetch("software_packageUrl", nil)
+
+            next unless purl_string
+
+            purl = PackageURL.parse(purl_string)
+            purl_type = purl&.type
+            # Use the mapped purl->bibliothecary platform, or else fall back to original platform itself.
+            platform = PurlUtil::PURL_TYPE_MAPPING.fetch(purl_type, purl_type)
+            purl_name = PurlUtil.full_name(purl)
+            purl_version = purl&.version
+
+            add_entry(entries: entries, platform: platform, purl_name: purl_name,
+                      spdx_name: spdx_name, purl_version: purl_version, spdx_version: spdx_version,
+                      source: source, purl_type: purl_type)
+          end
 
         entries
       end
 
-      def add_entry(entries:, platform:, purl_name:, spdx_name:, purl_version:, spdx_version:, source: nil)
+      def self.add_entry(entries:, platform:, purl_name:, spdx_name:, purl_version:, spdx_version:, source: nil, purl_type: nil)
         package_name = purl_name || spdx_name
         package_version = purl_version || spdx_version
 
-        return unless platform && package_name && package_version
+        return unless package_name && package_version
+        return unless platform
 
-        entries[platform.to_sym] ||= []
-        entries[platform.to_sym] << Dependency.new(
-          platform: platform.to_s,
+        entries << Dependency.new(
+          platform: platform ? platform.to_s : purl_type,
           name: package_name,
           requirement: package_version,
           type: "lockfile",

data/lib/bibliothecary/{multi_parsers → parser_mixins}/bundler_like_manifest.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 module Bibliothecary
-  module MultiParsers
+  module ParserMixins
     module BundlerLikeManifest
       # this takes parsed Bundler and Bundler-like (CocoaPods)
       # manifests and turns them into a list of dependencies.

data/lib/bibliothecary/{multi_parsers → parser_mixins}/json_runtime.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 module Bibliothecary
-  module MultiParsers
+  module ParserMixins
     # Provide JSON Runtime Manifest parsing
     module JSONRuntime
       def parse_json_runtime_manifest(file_contents, options: {})

data/lib/bibliothecary/parsers/bower.rb

@@ -16,8 +16,6 @@ module Bibliothecary
         }
       end
 
-      add_multi_parser(Bibliothecary::MultiParsers::DependenciesCSV)
-
       def self.parse_manifest(file_contents, options: {})
         json = JSON.parse(file_contents)
         dependencies = map_dependencies(json, "dependencies", "runtime", options.fetch(:filename, nil)) +

data/lib/bibliothecary/parsers/cargo.rb

@@ -18,10 +18,6 @@ module Bibliothecary
         }
       end
 
-      add_multi_parser(Bibliothecary::MultiParsers::CycloneDX)
-      add_multi_parser(Bibliothecary::MultiParsers::Spdx)
-      add_multi_parser(Bibliothecary::MultiParsers::DependenciesCSV)
-
       def self.parse_manifest(file_contents, options: {})
         manifest = Tomlrb.parse(file_contents)
 

data/lib/bibliothecary/parsers/cocoapods.rb

@@ -7,7 +7,7 @@ module Bibliothecary
   module Parsers
     class CocoaPods
       include Bibliothecary::Analyser
-      extend Bibliothecary::MultiParsers::BundlerLikeManifest
+      extend Bibliothecary::ParserMixins::BundlerLikeManifest
 
       NAME_VERSION = '(?! )(.*?)(?: \(([^-]*)(?:-(.*))?\))?'
       NAME_VERSION_4 = /^ {4}#{NAME_VERSION}$/
@@ -35,8 +35,6 @@ module Bibliothecary
         }
       end
 
-      add_multi_parser(Bibliothecary::MultiParsers::DependenciesCSV)
-
       def self.parse_podfile_lock(file_contents, options: {})
         manifest = YAML.load file_contents
         dependencies = manifest["PODS"].map do |row|

data/lib/bibliothecary/parsers/conan.rb

@@ -25,10 +25,6 @@ module Bibliothecary
         }
       end
 
-      add_multi_parser(Bibliothecary::MultiParsers::CycloneDX)
-      add_multi_parser(Bibliothecary::MultiParsers::Spdx)
-      add_multi_parser(Bibliothecary::MultiParsers::DependenciesCSV)
-
       def self.parse_conanfile_py(file_contents, options: {})
         dependencies = []
 

data/lib/bibliothecary/parsers/conda.rb

@@ -20,10 +20,6 @@ module Bibliothecary
         }
       end
 
-      add_multi_parser(Bibliothecary::MultiParsers::CycloneDX)
-      add_multi_parser(Bibliothecary::MultiParsers::DependenciesCSV)
-      add_multi_parser(Bibliothecary::MultiParsers::Spdx)
-
       def self.parse_conda(file_contents, options: {})
         manifest = YAML.load(file_contents)
         deps = manifest["dependencies"]

data/lib/bibliothecary/parsers/cpan.rb

@@ -21,8 +21,6 @@ module Bibliothecary
         }
       end
 
-      add_multi_parser(Bibliothecary::MultiParsers::DependenciesCSV)
-
       def self.parse_json_manifest(file_contents, options: {})
         manifest = JSON.parse file_contents
         dependencies = manifest["prereqs"].map do |_group, deps|

data/lib/bibliothecary/parsers/cran.rb

@@ -18,10 +18,6 @@ module Bibliothecary
         }
       end
 
-      add_multi_parser(Bibliothecary::MultiParsers::CycloneDX)
-      add_multi_parser(Bibliothecary::MultiParsers::DependenciesCSV)
-      add_multi_parser(Bibliothecary::MultiParsers::Spdx)
-
       def self.parse_description(file_contents, options: {})
         manifest = DebControl::ControlFileBase.parse(file_contents)
         dependencies = parse_section(manifest, "Depends", options.fetch(:filename, nil)) +

data/lib/bibliothecary/parsers/dub.rb

@@ -7,7 +7,7 @@ module Bibliothecary
   module Parsers
     class Dub
       include Bibliothecary::Analyser
-      extend Bibliothecary::MultiParsers::JSONRuntime
+      extend Bibliothecary::ParserMixins::JSONRuntime
 
       def self.mapping
         {
@@ -22,8 +22,6 @@ module Bibliothecary
         }
       end
 
-      add_multi_parser(Bibliothecary::MultiParsers::DependenciesCSV)
-
       def self.parse_sdl_manifest(file_contents, options: {})
         ParserResult.new(
           dependencies: SdlParser.new(:runtime, file_contents, platform_name, options.fetch(:filename, nil)).dependencies

data/lib/bibliothecary/parsers/elm.rb

@@ -6,7 +6,7 @@ module Bibliothecary
   module Parsers
     class Elm
       include Bibliothecary::Analyser
-      extend Bibliothecary::MultiParsers::JSONRuntime
+      extend Bibliothecary::ParserMixins::JSONRuntime
 
       def self.mapping
         {
@@ -21,8 +21,6 @@ module Bibliothecary
         }
       end
 
-      add_multi_parser(Bibliothecary::MultiParsers::DependenciesCSV)
-
       def self.parse_json_lock(file_contents, options: {})
         manifest = JSON.parse file_contents
         dependencies = manifest.map do |name, requirement|

data/lib/bibliothecary/parsers/go.rb

@@ -72,10 +72,6 @@ module Bibliothecary
         }
       end
 
-      add_multi_parser(Bibliothecary::MultiParsers::CycloneDX)
-      add_multi_parser(Bibliothecary::MultiParsers::Spdx)
-      add_multi_parser(Bibliothecary::MultiParsers::DependenciesCSV)
-
       def self.parse_godep_json(file_contents, options: {})
         manifest = JSON.parse file_contents
         dependencies = map_dependencies(manifest, "Deps", "ImportPath", "Rev", "runtime", options.fetch(:filename, nil))

data/lib/bibliothecary/parsers/haxelib.rb

@@ -6,7 +6,7 @@ module Bibliothecary
   module Parsers
     class Haxelib
       include Bibliothecary::Analyser
-      extend Bibliothecary::MultiParsers::JSONRuntime
+      extend Bibliothecary::ParserMixins::JSONRuntime
 
       def self.mapping
         {
@@ -16,8 +16,6 @@ module Bibliothecary
           },
         }
       end
-
-      add_multi_parser(Bibliothecary::MultiParsers::DependenciesCSV)
     end
   end
 end

data/lib/bibliothecary/parsers/julia.rb

@@ -14,8 +14,6 @@ module Bibliothecary
         }
       end
 
-      add_multi_parser(Bibliothecary::MultiParsers::DependenciesCSV)
-
       def self.parse_require(file_contents, options: {})
         deps = []
         file_contents.split("\n").each do |line|

data/lib/bibliothecary/parsers/maven.rb

@@ -133,10 +133,6 @@ module Bibliothecary
         }
       end
 
-      add_multi_parser(Bibliothecary::MultiParsers::CycloneDX)
-      add_multi_parser(Bibliothecary::MultiParsers::Spdx)
-      add_multi_parser(Bibliothecary::MultiParsers::DependenciesCSV)
-
       def self.parse_ivy_manifest(file_contents, options: {})
         manifest = Ox.parse file_contents
         dependencies = manifest.dependencies.locate("dependency").map do |dependency|

data/lib/bibliothecary/parsers/meteor.rb

@@ -6,7 +6,7 @@ module Bibliothecary
   module Parsers
     class Meteor
       include Bibliothecary::Analyser
-      extend Bibliothecary::MultiParsers::JSONRuntime
+      extend Bibliothecary::ParserMixins::JSONRuntime
 
       def self.mapping
         {
@@ -16,8 +16,6 @@ module Bibliothecary
           },
         }
       end
-
-      add_multi_parser(Bibliothecary::MultiParsers::DependenciesCSV)
     end
   end
 end

data/lib/bibliothecary/parsers/npm.rb

@@ -43,10 +43,6 @@ module Bibliothecary
         }
       end
 
-      add_multi_parser(Bibliothecary::MultiParsers::CycloneDX)
-      add_multi_parser(Bibliothecary::MultiParsers::Spdx)
-      add_multi_parser(Bibliothecary::MultiParsers::DependenciesCSV)
-
       def self.parse_package_lock(file_contents, options: {})
         manifest = JSON.parse(file_contents)
         # https://docs.npmjs.com/cli/v9/configuring-npm/package-lock-json#lockfileversion

data/lib/bibliothecary/parsers/nuget.rb

@@ -7,7 +7,7 @@ module Bibliothecary
   module Parsers
     class Nuget
       include Bibliothecary::Analyser
-      extend Bibliothecary::MultiParsers::JSONRuntime
+      extend Bibliothecary::ParserMixins::JSONRuntime
 
       def self.mapping
         {
@@ -46,10 +46,6 @@ module Bibliothecary
         }
       end
 
-      add_multi_parser(Bibliothecary::MultiParsers::CycloneDX)
-      add_multi_parser(Bibliothecary::MultiParsers::DependenciesCSV)
-      add_multi_parser(Bibliothecary::MultiParsers::Spdx)
-
       def self.parse_project_lock_json(file_contents, options: {})
         manifest = JSON.parse file_contents
         dependencies = manifest.fetch("libraries", []).map do |name, _requirement|
@@ -68,32 +64,32 @@ module Bibliothecary
       def self.parse_packages_lock_json(file_contents, options: {})
         manifest = JSON.parse file_contents
 
-        frameworks = {}
-        manifest.fetch("dependencies", []).each do |framework, deps|
-          frameworks[framework] = deps
-            .reject { |_name, details| details["type"] == "Project" } # Projects do not have versions
-            .map do |name, details|
-              Dependency.new(
-                name: name,
-                # 'resolved' has been set in all examples so far
-                # so fallback to requested is pure paranoia
-                requirement: details.fetch("resolved", details.fetch("requested", "*")),
-                type: "runtime",
-                source: options.fetch(:filename, nil),
-                platform: platform_name
-              )
-            end
-        end
-
-        unless frameworks.empty?
-          # we should really return multiple manifests, but bibliothecary doesn't
-          # do that yet so at least pick deterministically.
+        # NOTE: here we are merging dependencies from potentially >1 target framework. The versions
+        # across target frameworks in package.lock.json are not guaranteed to be the same, so e.g. a
+        # single packages.lock.json may include both "Newtonsoft.Json@13.01" and "Newtonsoft.Json@12.0.3". This
+        # should be more comprehensive than just returning one arbitrary framework's deps, but we're losing the
+        # fidelity of which target framework a given dependency was used in. Someday, bibliothecary could
+        # include a new Dependency field like "architecture" or "framework" and add the metadata for each dep there.
+        dependencies = manifest
+          .fetch("dependencies", [])
+          .flat_map do |_framework, framework_dependencies|
+            framework_dependencies
+              .reject { |_name, details| details["type"] == "Project" } # Projects do not have versions
+              .map do |name, details|
+                Dependency.new(
+                  name: name,
+                  # 'resolved' has been set in all examples so far
+                  # so fallback to requested is pure paranoia
+                  requirement: details.fetch("resolved", details.fetch("requested", "*")),
+                  type: "runtime",
+                  source: options.fetch(:filename, nil),
+                  platform: platform_name
+                )
+              end
+          end
+          .uniq
 
-          # Note, frameworks can be empty, so remove empty ones and then return the last sorted item if any
-          frameworks.delete_if { |_k, v| v.empty? }
-          return ParserResult.new(dependencies: frameworks[frameworks.keys.max]) unless frameworks.empty?
-        end
-        ParserResult.new(dependencies: [])
+        ParserResult.new(dependencies: dependencies)
       end
 
       def self.parse_packages_config(file_contents, options: {})

data/lib/bibliothecary/parsers/packagist.rb

@@ -20,10 +20,6 @@ module Bibliothecary
         }
       end
 
-      add_multi_parser(Bibliothecary::MultiParsers::CycloneDX)
-      add_multi_parser(Bibliothecary::MultiParsers::DependenciesCSV)
-      add_multi_parser(Bibliothecary::MultiParsers::Spdx)
-
       def self.parse_lockfile(file_contents, options: {})
         manifest = JSON.parse file_contents
         dependencies = manifest.fetch("packages", []).map do |dependency|

data/lib/bibliothecary/parsers/pub.rb

@@ -20,8 +20,6 @@ module Bibliothecary
         }
       end
 
-      add_multi_parser(Bibliothecary::MultiParsers::DependenciesCSV)
-
       def self.parse_yaml_manifest(file_contents, options: {})
         manifest = YAML.load file_contents
         dependencies = map_dependencies(manifest, "dependencies", "runtime", options.fetch(:filename, nil)) +

data/lib/bibliothecary/parsers/pypi.rb

@@ -84,10 +84,6 @@ module Bibliothecary
         }
       end
 
-      add_multi_parser(Bibliothecary::MultiParsers::CycloneDX)
-      add_multi_parser(Bibliothecary::MultiParsers::DependenciesCSV)
-      add_multi_parser(Bibliothecary::MultiParsers::Spdx)
-
       def self.parser_pylock(file_contents, options: {})
         lockfile = Tomlrb.parse(file_contents)
         dependencies = lockfile["packages"].map do |d|

data/lib/bibliothecary/parsers/rubygems.rb

@@ -6,7 +6,7 @@ module Bibliothecary
   module Parsers
     class Rubygems
       include Bibliothecary::Analyser
-      extend Bibliothecary::MultiParsers::BundlerLikeManifest
+      extend Bibliothecary::ParserMixins::BundlerLikeManifest
 
       NAME_VERSION = '(?! )(.*?)(?: \(([^-]*)(?:-(.*))?\))?'
       NAME_VERSION_4 = /^ {4}#{NAME_VERSION}$/
@@ -32,10 +32,6 @@ module Bibliothecary
         }
       end
 
-      add_multi_parser(Bibliothecary::MultiParsers::CycloneDX)
-      add_multi_parser(Bibliothecary::MultiParsers::DependenciesCSV)
-      add_multi_parser(Bibliothecary::MultiParsers::Spdx)
-
       def self.parse_gemfile_lock(file_contents, options: {})
         dependencies = file_contents.lines(chomp: true).map do |line|
           match = line.match(NAME_VERSION_4)

data/lib/bibliothecary/parsers/shard.rb

@@ -20,8 +20,6 @@ module Bibliothecary
         }
       end
 
-      add_multi_parser(Bibliothecary::MultiParsers::DependenciesCSV)
-
       def self.parse_yaml_lockfile(file_contents, options: {})
         manifest = YAML.load file_contents
         dependencies = map_dependencies(manifest, "shards", "runtime", options.fetch(:filename, nil))

data/lib/bibliothecary/parsers/vcpkg.rb

@@ -19,10 +19,6 @@ module Bibliothecary
         }
       end
 
-      add_multi_parser(Bibliothecary::MultiParsers::CycloneDX)
-      add_multi_parser(Bibliothecary::MultiParsers::Spdx)
-      add_multi_parser(Bibliothecary::MultiParsers::DependenciesCSV)
-
       def self.parse_vcpkg_json(file_contents, options: {})
         dependencies = []
         manifest = JSON.parse(file_contents)

data/lib/bibliothecary/related_files_info.rb

@@ -2,7 +2,7 @@
 
 module Bibliothecary
   class RelatedFilesInfo
-    attr_reader :path, :platform, :manifests, :lockfiles
+    attr_reader :path, :parser, :manifests, :lockfiles
 
     # Create a set of RelatedFilesInfo for the provided file_infos,
     # where each RelatedFilesInfo contains all the file_infos
@@ -18,10 +18,10 @@ module Bibliothecary
           returns.append(RelatedFilesInfo.new([file_info]))
         end
 
-        file_infos_by_directory_by_package_manager = groupable.group_by(&:package_manager)
+        file_infos_by_directory_by_parser = groupable.group_by(&:parser)
 
-        file_infos_by_directory_by_package_manager.each_value do |file_infos_in_directory_for_package_manager|
-          returns.append(RelatedFilesInfo.new(file_infos_in_directory_for_package_manager))
+        file_infos_by_directory_by_parser.each_value do |file_infos_in_directory_for_parser|
+          returns.append(RelatedFilesInfo.new(file_infos_in_directory_for_parser))
         end
       end
 
@@ -29,34 +29,38 @@ module Bibliothecary
     end
 
     def initialize(file_infos)
-      package_manager = file_infos.first.package_manager
+      parser = file_infos.first.parser
       ordered_file_infos = file_infos
 
-      if package_manager.respond_to?(:lockfile_preference_order)
-        ordered_file_infos = package_manager.lockfile_preference_order(file_infos)
+      if parser.respond_to?(:lockfile_preference_order)
+        ordered_file_infos = parser.lockfile_preference_order(file_infos)
       end
 
-      @platform = package_manager.platform_name
+      @parser = parser.parser_name
       @path = Pathname.new(File.dirname(file_infos.first.relative_path)).cleanpath.to_path
 
-      @manifests = filter_file_infos_by_package_manager_type(
+      @manifests = filter_file_infos_by_parser_type(
         file_infos: ordered_file_infos,
-        package_manager: package_manager,
+        parser: parser,
         type: "manifest"
       )
 
-      @lockfiles = filter_file_infos_by_package_manager_type(
+      @lockfiles = filter_file_infos_by_parser_type(
         file_infos: ordered_file_infos,
-        package_manager: package_manager,
+        parser: parser,
         type: "lockfile"
       )
     end
 
+    def platform
+      raise "Bibliothecary::RelatedFileInfo#platform() has been removed in bibliothecary 15.0.0. Use parser() instead, which now includes MultiParsers."
+    end
+
     private
 
-    def filter_file_infos_by_package_manager_type(file_infos:, package_manager:, type:)
-      # `package_manager.determine_kind_from_info(info)` can be an Array, so use include? which also works for string
-      file_infos.select { |info| package_manager.determine_kind_from_info(info).include?(type) }.map(&:relative_path)
+    def filter_file_infos_by_parser_type(file_infos:, parser:, type:)
+      # `parser.determine_kind_from_info(info)` can be an Array, so use include? which also works for string
+      file_infos.select { |info| parser.determine_kind_from_info(info).include?(type) }.map(&:relative_path)
     end
   end
 end