bibliothecary 7.2.0 → 7.3.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +1 -3
- data/lib/bibliothecary/parsers/maven.rb +6 -4
- data/lib/bibliothecary/parsers/npm.rb +28 -14
- data/lib/bibliothecary/parsers/pypi.rb +4 -0
- data/lib/bibliothecary/related_files_info.rb +3 -0
- data/lib/bibliothecary/version.rb +1 -1
- metadata +6 -6
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 5dece4dd0ba501561d36353606c81211a31727e01168effc7bbfdf0dc9ceec19
|
|
4
|
+
data.tar.gz: 4aa63636cf6e4697e9c35c2965f7cfe16bbe82f408d28f37c10fed678a1e893f
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 0e3aa9619424e7ddc658a61779463d92a21ce7c80b364c61da52c4e05ae82f00aa3e792385f3552dbf5be0a240a4ae5cdee1b413b6b5412ffc2c038cd69a82c9
|
|
7
|
+
data.tar.gz: df88033afb288b0dcff8babb62eccda691aebc74aa1f19f209c6407c6cdddab4caf39420b23d012c51540988f7f7ffc9a81aa562724cf0dfe5eb6465e3801524
|
data/README.md
CHANGED
|
@@ -53,8 +53,6 @@ All available config options are in: https://github.com/librariesio/bibliothecar
|
|
|
53
53
|
|
|
54
54
|
## Supported package manager file formats
|
|
55
55
|
|
|
56
|
-
- Hackage
|
|
57
|
-
- \*.cabal
|
|
58
56
|
- npm
|
|
59
57
|
- package.json
|
|
60
58
|
- package-lock.json
|
|
@@ -151,7 +149,7 @@ All available config options are in: https://github.com/librariesio/bibliothecar
|
|
|
151
149
|
- Haxelib
|
|
152
150
|
- haxelib.json
|
|
153
151
|
- Hackage
|
|
154
|
-
-
|
|
152
|
+
- \*.cabal
|
|
155
153
|
- cabal.config
|
|
156
154
|
|
|
157
155
|
## Development
|
|
@@ -127,10 +127,12 @@ module Bibliothecary
|
|
|
127
127
|
|
|
128
128
|
split = gradle_dep_match.captures[0]
|
|
129
129
|
|
|
130
|
-
|
|
131
|
-
|
|
132
|
-
|
|
133
|
-
|
|
130
|
+
|
|
131
|
+
dep = line
|
|
132
|
+
.split(split)[1].sub(/(\((c|n|\*)\))$/, "") # line ending legend: (c) means a dependency constraint, (n) means not resolved, or (*) means resolved previously, e.g. org.springframework.boot:spring-boot-starter-web:2.1.0.M3 (*)
|
|
133
|
+
.sub(/ FAILED$/, "") # dependency could not be resolved (but still may have a version)
|
|
134
|
+
.sub(" -> ", ":") # handle version arrow syntax
|
|
135
|
+
.strip.split(":")
|
|
134
136
|
|
|
135
137
|
# A testImplementation line can look like this so just skip those
|
|
136
138
|
# \--- org.springframework.security:spring-security-test (n)
|
|
@@ -5,6 +5,9 @@ module Bibliothecary
|
|
|
5
5
|
class NPM
|
|
6
6
|
include Bibliothecary::Analyser
|
|
7
7
|
|
|
8
|
+
# Max depth to recurse into the "dependencies" property of package-lock.json
|
|
9
|
+
PACKAGE_LOCK_JSON_MAX_DEPTH = 10
|
|
10
|
+
|
|
8
11
|
def self.mapping
|
|
9
12
|
{
|
|
10
13
|
match_filename("package.json") => {
|
|
@@ -43,26 +46,25 @@ module Bibliothecary
|
|
|
43
46
|
|
|
44
47
|
def self.parse_package_lock(file_contents)
|
|
45
48
|
manifest = JSON.parse(file_contents)
|
|
46
|
-
manifest.fetch('dependencies',[])
|
|
47
|
-
|
|
48
|
-
type = 'development'
|
|
49
|
-
else
|
|
50
|
-
type = 'runtime'
|
|
51
|
-
end
|
|
52
|
-
|
|
53
|
-
version = nil
|
|
54
|
-
|
|
55
|
-
if requirement.key?("from")
|
|
56
|
-
version = requirement["from"][/#(?:semver:)?v?(.*)/, 1]
|
|
57
|
-
end
|
|
49
|
+
parse_package_lock_deps_recursively(manifest.fetch('dependencies', []))
|
|
50
|
+
end
|
|
58
51
|
|
|
52
|
+
def self.parse_package_lock_deps_recursively(dependencies, depth=1)
|
|
53
|
+
dependencies.flat_map do |name, requirement|
|
|
54
|
+
type = requirement.fetch("dev", false) ? 'development' : 'runtime'
|
|
55
|
+
version = requirement.key?("from") ? requirement["from"][/#(?:semver:)?v?(.*)/, 1] : nil
|
|
59
56
|
version ||= requirement["version"].split("#").last
|
|
57
|
+
child_dependencies = if depth >= PACKAGE_LOCK_JSON_MAX_DEPTH
|
|
58
|
+
[]
|
|
59
|
+
else
|
|
60
|
+
parse_package_lock_deps_recursively(requirement.fetch('dependencies', []), depth + 1)
|
|
61
|
+
end
|
|
60
62
|
|
|
61
|
-
{
|
|
63
|
+
[{
|
|
62
64
|
name: name,
|
|
63
65
|
requirement: version,
|
|
64
66
|
type: type
|
|
65
|
-
}
|
|
67
|
+
}] + child_dependencies
|
|
66
68
|
end
|
|
67
69
|
end
|
|
68
70
|
|
|
@@ -95,6 +97,18 @@ module Bibliothecary
|
|
|
95
97
|
transform_tree_to_array(manifest.fetch('dependencies', {}))
|
|
96
98
|
end
|
|
97
99
|
|
|
100
|
+
def self.lockfile_preference_order(file_infos)
|
|
101
|
+
files = file_infos.each_with_object({}) do |file_info, obj|
|
|
102
|
+
obj[File.basename(file_info.full_path)] = file_info
|
|
103
|
+
end
|
|
104
|
+
|
|
105
|
+
if files["npm-shrinkwrap.json"]
|
|
106
|
+
[files["npm-shrinkwrap.json"]] + files.values.reject { |fi| File.basename(fi.full_path) == "npm-shrinkwrap.json" }
|
|
107
|
+
else
|
|
108
|
+
files.values
|
|
109
|
+
end
|
|
110
|
+
end
|
|
111
|
+
|
|
98
112
|
private_class_method def self.transform_tree_to_array(deps_by_name)
|
|
99
113
|
deps_by_name.map do |name, metadata|
|
|
100
114
|
[
|
|
@@ -26,6 +26,10 @@ module Bibliothecary
|
|
|
26
26
|
parser: :parse_requirements_txt,
|
|
27
27
|
can_have_lockfile: false
|
|
28
28
|
},
|
|
29
|
+
match_filename('requirements.frozen') => { # pattern exists to store frozen deps in requirements.frozen
|
|
30
|
+
parser: :parse_requirements_txt,
|
|
31
|
+
kind: 'lockfile',
|
|
32
|
+
},
|
|
29
33
|
match_filename('pip-resolved-dependencies.txt') => { # Inferred from pip
|
|
30
34
|
kind: 'lockfile',
|
|
31
35
|
parser: :parse_requirements_txt,
|
|
@@ -19,6 +19,9 @@ module Bibliothecary
|
|
|
19
19
|
|
|
20
20
|
def initialize(file_infos)
|
|
21
21
|
package_manager = file_infos.first.package_manager
|
|
22
|
+
if package_manager.respond_to?(:lockfile_preference_order)
|
|
23
|
+
file_infos = package_manager.lockfile_preference_order(file_infos)
|
|
24
|
+
end
|
|
22
25
|
@platform = package_manager.platform_name
|
|
23
26
|
@path = Pathname.new(File.dirname(file_infos.first.relative_path)).cleanpath.to_path
|
|
24
27
|
# `package_manager.determine_kind_from_info(info)` can be an Array, so use include? which also works for string
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: bibliothecary
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 7.2
|
|
4
|
+
version: 7.3.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Andrew Nesbitt
|
|
8
|
-
autorequire:
|
|
8
|
+
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-
|
|
11
|
+
date: 2021-11-29 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: tomlrb
|
|
@@ -206,7 +206,7 @@ dependencies:
|
|
|
206
206
|
- - ">="
|
|
207
207
|
- !ruby/object:Gem::Version
|
|
208
208
|
version: '0'
|
|
209
|
-
description:
|
|
209
|
+
description:
|
|
210
210
|
email:
|
|
211
211
|
- andrewnez@gmail.com
|
|
212
212
|
executables:
|
|
@@ -274,7 +274,7 @@ homepage: https://github.com/librariesio/bibliothecary
|
|
|
274
274
|
licenses:
|
|
275
275
|
- AGPL-3.0
|
|
276
276
|
metadata: {}
|
|
277
|
-
post_install_message:
|
|
277
|
+
post_install_message:
|
|
278
278
|
rdoc_options: []
|
|
279
279
|
require_paths:
|
|
280
280
|
- lib
|
|
@@ -290,7 +290,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
290
290
|
version: '0'
|
|
291
291
|
requirements: []
|
|
292
292
|
rubygems_version: 3.1.2
|
|
293
|
-
signing_key:
|
|
293
|
+
signing_key:
|
|
294
294
|
specification_version: 4
|
|
295
295
|
summary: Find and parse manifests
|
|
296
296
|
test_files: []
|