bibliothecary 7.2.0 → 7.3.2

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: ac170521ce85ef87c25442284632da0d641709136108e15f2b5b4e3050f9f56e
4
- data.tar.gz: b97db15b605b8f39687c10b70dd46023ce2ebfb8a1d7b9076a5151b81f871c8b
3
+ metadata.gz: 5dece4dd0ba501561d36353606c81211a31727e01168effc7bbfdf0dc9ceec19
4
+ data.tar.gz: 4aa63636cf6e4697e9c35c2965f7cfe16bbe82f408d28f37c10fed678a1e893f
5
5
  SHA512:
6
- metadata.gz: ac11fca807e0d45f9dff9984d180577853f238446112e9c65f8e298c26d26f100ad5b0071eba00d02bebbd7b84976aac497ec3cbf6c860839524730ef2945569
7
- data.tar.gz: ac4fb797dc8a121e93b85a05dc087cd2ed01114da5fbec082b704c3ae9201e5727434bd731338175d46fc1ea56fbfb5b8935e0c2fd9aa829c5c9e686855520da
6
+ metadata.gz: 0e3aa9619424e7ddc658a61779463d92a21ce7c80b364c61da52c4e05ae82f00aa3e792385f3552dbf5be0a240a4ae5cdee1b413b6b5412ffc2c038cd69a82c9
7
+ data.tar.gz: df88033afb288b0dcff8babb62eccda691aebc74aa1f19f209c6407c6cdddab4caf39420b23d012c51540988f7f7ffc9a81aa562724cf0dfe5eb6465e3801524
data/README.md CHANGED
@@ -53,8 +53,6 @@ All available config options are in: https://github.com/librariesio/bibliothecar
53
53
 
54
54
  ## Supported package manager file formats
55
55
 
56
- - Hackage
57
- - \*.cabal
58
56
  - npm
59
57
  - package.json
60
58
  - package-lock.json
@@ -151,7 +149,7 @@ All available config options are in: https://github.com/librariesio/bibliothecar
151
149
  - Haxelib
152
150
  - haxelib.json
153
151
  - Hackage
154
- - *.cabal
152
+ - \*.cabal
155
153
  - cabal.config
156
154
 
157
155
  ## Development
@@ -127,10 +127,12 @@ module Bibliothecary
127
127
 
128
128
  split = gradle_dep_match.captures[0]
129
129
 
130
- # org.springframework.boot:spring-boot-starter-web:2.1.0.M3 (*)
131
- # Lines can end with (c), (n), or (*)
132
- # to indicate that something was a dependency constraint (c), not resolved (n), or resolved previously (*).
133
- dep = line.split(split)[1].sub(/(\((c|n|\*)\))$/, "").sub(" -> ", ":").strip.split(":")
130
+
131
+ dep = line
132
+ .split(split)[1].sub(/(\((c|n|\*)\))$/, "") # line ending legend: (c) means a dependency constraint, (n) means not resolved, or (*) means resolved previously, e.g. org.springframework.boot:spring-boot-starter-web:2.1.0.M3 (*)
133
+ .sub(/ FAILED$/, "") # dependency could not be resolved (but still may have a version)
134
+ .sub(" -> ", ":") # handle version arrow syntax
135
+ .strip.split(":")
134
136
 
135
137
  # A testImplementation line can look like this so just skip those
136
138
  # \--- org.springframework.security:spring-security-test (n)
@@ -5,6 +5,9 @@ module Bibliothecary
5
5
  class NPM
6
6
  include Bibliothecary::Analyser
7
7
 
8
+ # Max depth to recurse into the "dependencies" property of package-lock.json
9
+ PACKAGE_LOCK_JSON_MAX_DEPTH = 10
10
+
8
11
  def self.mapping
9
12
  {
10
13
  match_filename("package.json") => {
@@ -43,26 +46,25 @@ module Bibliothecary
43
46
 
44
47
  def self.parse_package_lock(file_contents)
45
48
  manifest = JSON.parse(file_contents)
46
- manifest.fetch('dependencies',[]).map do |name, requirement|
47
- if requirement.fetch("dev", false)
48
- type = 'development'
49
- else
50
- type = 'runtime'
51
- end
52
-
53
- version = nil
54
-
55
- if requirement.key?("from")
56
- version = requirement["from"][/#(?:semver:)?v?(.*)/, 1]
57
- end
49
+ parse_package_lock_deps_recursively(manifest.fetch('dependencies', []))
50
+ end
58
51
 
52
+ def self.parse_package_lock_deps_recursively(dependencies, depth=1)
53
+ dependencies.flat_map do |name, requirement|
54
+ type = requirement.fetch("dev", false) ? 'development' : 'runtime'
55
+ version = requirement.key?("from") ? requirement["from"][/#(?:semver:)?v?(.*)/, 1] : nil
59
56
  version ||= requirement["version"].split("#").last
57
+ child_dependencies = if depth >= PACKAGE_LOCK_JSON_MAX_DEPTH
58
+ []
59
+ else
60
+ parse_package_lock_deps_recursively(requirement.fetch('dependencies', []), depth + 1)
61
+ end
60
62
 
61
- {
63
+ [{
62
64
  name: name,
63
65
  requirement: version,
64
66
  type: type
65
- }
67
+ }] + child_dependencies
66
68
  end
67
69
  end
68
70
 
@@ -95,6 +97,18 @@ module Bibliothecary
95
97
  transform_tree_to_array(manifest.fetch('dependencies', {}))
96
98
  end
97
99
 
100
+ def self.lockfile_preference_order(file_infos)
101
+ files = file_infos.each_with_object({}) do |file_info, obj|
102
+ obj[File.basename(file_info.full_path)] = file_info
103
+ end
104
+
105
+ if files["npm-shrinkwrap.json"]
106
+ [files["npm-shrinkwrap.json"]] + files.values.reject { |fi| File.basename(fi.full_path) == "npm-shrinkwrap.json" }
107
+ else
108
+ files.values
109
+ end
110
+ end
111
+
98
112
  private_class_method def self.transform_tree_to_array(deps_by_name)
99
113
  deps_by_name.map do |name, metadata|
100
114
  [
@@ -26,6 +26,10 @@ module Bibliothecary
26
26
  parser: :parse_requirements_txt,
27
27
  can_have_lockfile: false
28
28
  },
29
+ match_filename('requirements.frozen') => { # pattern exists to store frozen deps in requirements.frozen
30
+ parser: :parse_requirements_txt,
31
+ kind: 'lockfile',
32
+ },
29
33
  match_filename('pip-resolved-dependencies.txt') => { # Inferred from pip
30
34
  kind: 'lockfile',
31
35
  parser: :parse_requirements_txt,
@@ -19,6 +19,9 @@ module Bibliothecary
19
19
 
20
20
  def initialize(file_infos)
21
21
  package_manager = file_infos.first.package_manager
22
+ if package_manager.respond_to?(:lockfile_preference_order)
23
+ file_infos = package_manager.lockfile_preference_order(file_infos)
24
+ end
22
25
  @platform = package_manager.platform_name
23
26
  @path = Pathname.new(File.dirname(file_infos.first.relative_path)).cleanpath.to_path
24
27
  # `package_manager.determine_kind_from_info(info)` can be an Array, so use include? which also works for string
@@ -1,3 +1,3 @@
1
1
  module Bibliothecary
2
- VERSION = "7.2.0"
2
+ VERSION = "7.3.2"
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: bibliothecary
3
3
  version: !ruby/object:Gem::Version
4
- version: 7.2.0
4
+ version: 7.3.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Andrew Nesbitt
8
- autorequire:
8
+ autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-10-04 00:00:00.000000000 Z
11
+ date: 2021-11-29 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: tomlrb
@@ -206,7 +206,7 @@ dependencies:
206
206
  - - ">="
207
207
  - !ruby/object:Gem::Version
208
208
  version: '0'
209
- description:
209
+ description:
210
210
  email:
211
211
  - andrewnez@gmail.com
212
212
  executables:
@@ -274,7 +274,7 @@ homepage: https://github.com/librariesio/bibliothecary
274
274
  licenses:
275
275
  - AGPL-3.0
276
276
  metadata: {}
277
- post_install_message:
277
+ post_install_message:
278
278
  rdoc_options: []
279
279
  require_paths:
280
280
  - lib
@@ -290,7 +290,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
290
290
  version: '0'
291
291
  requirements: []
292
292
  rubygems_version: 3.1.2
293
- signing_key:
293
+ signing_key:
294
294
  specification_version: 4
295
295
  summary: Find and parse manifests
296
296
  test_files: []