bibliothecary 8.4.5 → 8.5.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (8) hide show
  1. checksums.yaml +4 -4
  2. data/lib/bibliothecary/file_info.rb +1 -2
  3. data/lib/bibliothecary/parsers/npm.rb +28 -2
  4. data/lib/bibliothecary/runner/multi_manifest_filter.rb +1 -2
  5. data/lib/bibliothecary/runner.rb +1 -2
  6. data/lib/bibliothecary/version.rb +1 -1
  7. data/lib/bibliothecary.rb +6 -0
  8. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: f96049ef42a355a057a20317490f01d21221f7404f2902ba6a79553bf747bfaf
4
- data.tar.gz: ae2d328f4518584aba8c7b7f4da20f6e57dbf1bd0537114c2415eaf87c99f3f9
3
+ metadata.gz: ac52b349e3c70feee32a4866adc7d81a850467dcc167cd0227c20dadafcb78a9
4
+ data.tar.gz: 7127e1e85bf737dacbfaf84d91fd3c8e0ea527d7337e0381d1ca36a8677289c3
5
5
  SHA512:
6
- metadata.gz: f2f081d723f5bce1294f82de0300af497ea1b94ffa932567f5d74cd3b382578f576f4272648d2144c68aea7ca9eae49d835fd1e884786a820bef9659c54f5baf
7
- data.tar.gz: 58d93cbf354ed74b1d1c0e93ab3a4f6f8231ac8ce72060856147ce5eff5f6e830b2a01bdc0964be0d1c04f1d8b93acdc08ece1657dc1d4deb6f7cb8711870a8e
6
+ metadata.gz: 476ced972f0f89192fb42fa2d9a12bc279ef8635211040e3e9c73cd0ab242e997193fae9f21c4a305956f5f8b188b12cf3a67fd054200a589202e6337755d990
7
+ data.tar.gz: 8167b963298ad218bbbc0b7666f3e8a0622781321a64c2558c816946ddfd69c284cf4842bb8c99681c5ea84edf1d665ce8a2291753f16a6447ab388a5982f7ce
data/lib/bibliothecary/file_info.rb CHANGED
@@ -17,8 +17,7 @@ module Bibliothecary
17
17
  # file that's actually on the filesystem
18
18
  nil
19
19
  else
20
- # Remove any Byte Order Marks so JSON, etc don't fail while parsing them.
21
- File.open(@full_path).read.sub(/^\xEF\xBB\xBF/, '')
20
+ contents = Bibliothecary.utf8_string(File.open(@full_path).read)
22
21
  end
23
22
  end
24
23
  end
data/lib/bibliothecary/parsers/npm.rb CHANGED
@@ -38,7 +38,15 @@ module Bibliothecary
38
38
 
39
39
  def self.parse_package_lock(file_contents, options: {})
40
40
  manifest = JSON.parse(file_contents)
41
- parse_package_lock_deps_recursively(manifest.fetch('dependencies', []))
41
+ # https://docs.npmjs.com/cli/v9/configuring-npm/package-lock-json#lockfileversion
42
+ if manifest["lockfileVersion"].to_i <= 1
43
+ # lockfileVersion 1 uses the "dependencies" object
44
+ parse_package_lock_v1(manifest)
45
+ else
46
+ # lockfileVersion 2 has backwards-compatability by including both "packages" and the legacy "dependencies" object
47
+ # lockfileVersion 3 has no backwards-compatibility and only includes the "packages" object
48
+ parse_package_lock_v2(manifest)
49
+ end
42
50
  end
43
51
 
44
52
  class << self
@@ -46,6 +54,24 @@ module Bibliothecary
46
54
  alias_method :parse_shrinkwrap, :parse_package_lock
47
55
  end
48
56
 
57
+ def self.parse_package_lock_v1(manifest)
58
+ parse_package_lock_deps_recursively(manifest.fetch('dependencies', []))
59
+ end
60
+
61
+ def self.parse_package_lock_v2(manifest)
62
+ # "packages" is a flat object where each key is the installed location of the dep, e.g. node_modules/foo/node_modules/bar.
63
+ manifest
64
+ .fetch("packages")
65
+ .reject { |name, dep| name == "" } # this is the lockfile's package itself
66
+ .map do |name, dep|
67
+ {
68
+ name: name.split("node_modules/").last,
69
+ requirement: dep["version"],
70
+ type: dep.fetch("dev", false) || dep.fetch("devOptional", false) ? "development" : "runtime"
71
+ }
72
+ end
73
+ end
74
+
49
75
  def self.parse_package_lock_deps_recursively(dependencies, depth=1)
50
76
  dependencies.flat_map do |name, requirement|
51
77
  type = requirement.fetch("dev", false) ? 'development' : 'runtime'
@@ -55,7 +81,7 @@ module Bibliothecary
55
81
  []
56
82
  else
57
83
  parse_package_lock_deps_recursively(requirement.fetch('dependencies', []), depth + 1)
58
- end
84
+ end
59
85
 
60
86
  [{
61
87
  name: name,
data/lib/bibliothecary/runner/multi_manifest_filter.rb CHANGED
@@ -71,8 +71,7 @@ module Bibliothecary
71
71
 
72
72
  def each_analysis_and_rfis
73
73
  @multiple_file_entries.each do |file|
74
- # Remove any Byte Order Marks so JSON, etc don't fail while parsing them.
75
- contents = File.read(File.join(@path, file)).sub(/^\xEF\xBB\xBF/, '')
74
+ contents = Bibliothecary.utf8_string(File.read(File.join(@path, file)))
76
75
  analysis = @runner.analyse_file(file, contents)
77
76
  rfis_for_file = @related_files_info_entries.find_all { |rfi| rfi.lockfiles.include?(file) }
78
77
 
data/lib/bibliothecary/runner.rb CHANGED
@@ -116,8 +116,7 @@ module Bibliothecary
116
116
 
117
117
  # Read a manifest file and extract the list of dependencies from that file.
118
118
  def analyse_file(file_path, contents)
119
- # Remove any Byte Order Marks so JSON, etc don't fail while parsing them.
120
- contents = contents.sub(/^\xEF\xBB\xBF/, '')
119
+ contents = Bibliothecary.utf8_string(contents)
121
120
 
122
121
  package_managers.select { |pm| pm.match?(file_path, contents) }.map do |pm|
123
122
  pm.analyse_contents(file_path, contents, options: @options)
data/lib/bibliothecary/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Bibliothecary
2
- VERSION = "8.4.5"
2
+ VERSION = "8.5.0"
3
3
  end
data/lib/bibliothecary.rb CHANGED
@@ -75,6 +75,12 @@ module Bibliothecary
75
75
  configuration.ignored_files
76
76
  end
77
77
 
78
+ def self.utf8_string(string)
79
+ string
80
+ .force_encoding("UTF-8") # treat all strings as utf8
81
+ .sub(/^\xEF\xBB\xBF/, '') # remove any Byte Order Marks so JSON, etc don't fail while parsing them.
82
+ end
83
+
78
84
  class << self
79
85
  attr_writer :configuration
80
86
  alias analyze analyse
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: bibliothecary
3
3
  version: !ruby/object:Gem::Version
4
- version: 8.4.5
4
+ version: 8.5.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Andrew Nesbitt
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-11-07 00:00:00.000000000 Z
11
+ date: 2022-11-23 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: tomlrb