bibliothecary 8.7.6 → 8.8.0
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: d1780d8940244ee5e96aab6ad08266b28f1bfac65eabb9ae2fc811712ddbbb3a
|
|
4
|
+
data.tar.gz: ac03558d5e3f9f127664c8420f31273b3eacfefccc4c193c1aa6830f2b54f749
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 0ba1a48525ff6a464715b4d8210d5edf6269a31a785d2038f9228e5b591e83c128ff9adb33bc12d427da134afafb5e1b3808092f272105a7896e1db8895e67f6
|
|
7
|
+
data.tar.gz: 3737f2812866ea2d79f94d5c1dfecfcfb822ec2496d8eb013319d72d3218e8e4deb988232b046886ee616688f9cebd6c5c131186f8db2289bd3b372eb3dd8a67
|
|
@@ -81,11 +81,21 @@ module Bibliothecary
|
|
|
81
81
|
parser: :parse_cyclonedx_json,
|
|
82
82
|
ungroupable: true,
|
|
83
83
|
},
|
|
84
|
+
match_extension("cdx.json") => {
|
|
85
|
+
kind: "lockfile",
|
|
86
|
+
parser: :parse_cyclonedx_json,
|
|
87
|
+
ungroupable: true,
|
|
88
|
+
},
|
|
84
89
|
match_filename("cyclonedx.xml") => {
|
|
85
90
|
kind: "lockfile",
|
|
86
91
|
parser: :parse_cyclonedx_xml,
|
|
87
92
|
ungroupable: true,
|
|
88
93
|
},
|
|
94
|
+
match_extension(".cdx.xml") => {
|
|
95
|
+
kind: "lockfile",
|
|
96
|
+
parser: :parse_cyclonedx_xml,
|
|
97
|
+
ungroupable: true,
|
|
98
|
+
},
|
|
89
99
|
}
|
|
90
100
|
end
|
|
91
101
|
|
|
@@ -63,12 +63,18 @@ module Bibliothecary
|
|
|
63
63
|
# "packages" is a flat object where each key is the installed location of the dep, e.g. node_modules/foo/node_modules/bar.
|
|
64
64
|
manifest
|
|
65
65
|
.fetch("packages")
|
|
66
|
-
|
|
66
|
+
# there are a couple of scenarios where a package's name won't start with node_modules
|
|
67
|
+
# 1. name == "", this is the lockfile's package itself
|
|
68
|
+
# 2. when a package is a local path dependency, it will appear in package-lock.json twice.
|
|
69
|
+
# * One occurrence has the node_modules/ prefix in the name (which we keep)
|
|
70
|
+
# * The other occurrence's name is the path to the local dependency (which has less information, and is duplicative, so we discard)
|
|
71
|
+
.select { |name, _dep| name.start_with?("node_modules") }
|
|
67
72
|
.map do |name, dep|
|
|
68
73
|
{
|
|
69
74
|
name: name.split("node_modules/").last,
|
|
70
|
-
requirement: dep["version"],
|
|
75
|
+
requirement: dep["version"] || "*",
|
|
71
76
|
type: dep.fetch("dev", false) || dep.fetch("devOptional", false) ? "development" : "runtime",
|
|
77
|
+
local: dep.fetch("link", false),
|
|
72
78
|
}
|
|
73
79
|
end
|
|
74
80
|
end
|
|
@@ -101,6 +107,9 @@ module Bibliothecary
|
|
|
101
107
|
map_dependencies(manifest, "devDependencies", "development")
|
|
102
108
|
)
|
|
103
109
|
.reject { |dep| dep[:name].start_with?("//") } # Omit comment keys. They are valid in package.json: https://groups.google.com/g/nodejs/c/NmL7jdeuw0M/m/yTqI05DRQrIJ
|
|
110
|
+
.each do |dep|
|
|
111
|
+
dep[:local] = dep[:requirement].start_with?("file:")
|
|
112
|
+
end
|
|
104
113
|
end
|
|
105
114
|
|
|
106
115
|
def self.parse_yarn_lock(file_contents, options: {}) # rubocop:disable Lint/UnusedMethodArgument
|
|
@@ -115,6 +124,7 @@ module Bibliothecary
|
|
|
115
124
|
requirement: dep[:version],
|
|
116
125
|
lockfile_requirement: dep[:requirement],
|
|
117
126
|
type: dep[:type],
|
|
127
|
+
local: dep[:requirement]&.start_with?("file:"),
|
|
118
128
|
}
|
|
119
129
|
end
|
|
120
130
|
end
|
|
@@ -12,6 +12,7 @@ module Bibliothecary
|
|
|
12
12
|
|
|
13
13
|
REQUIREMENTS_REGEXP = /^#{REQUIRE_REGEXP}/
|
|
14
14
|
MANIFEST_REGEXP = /.*require[^\/]*(\/)?[^\/]*\.(txt|pip|in)$/
|
|
15
|
+
# TODO: can this be a more specific regexp so it doesn't match something like ".yarn/cache/create-require-npm-1.0.0.zip"?
|
|
15
16
|
PIP_COMPILE_REGEXP = /.*require.*$/
|
|
16
17
|
|
|
17
18
|
# Adapted from https://peps.python.org/pep-0508/#names
|
data/lib/bibliothecary.rb
CHANGED
|
@@ -17,7 +17,8 @@ Dir[File.expand_path("../bibliothecary/parsers/*.rb", __FILE__)].each do |file|
|
|
|
17
17
|
end
|
|
18
18
|
|
|
19
19
|
module Bibliothecary
|
|
20
|
-
VERSION_OPERATORS = /[~^<>*"]
|
|
20
|
+
VERSION_OPERATORS = /[~^<>*"]/.freeze
|
|
21
|
+
INVALID_UTF8_ERROR_REGEXP = /invalid byte sequence/.freeze
|
|
21
22
|
|
|
22
23
|
def self.analyse(path, ignore_unparseable_files: true)
|
|
23
24
|
runner.analyse(path, ignore_unparseable_files: ignore_unparseable_files)
|
|
@@ -81,6 +82,10 @@ module Bibliothecary
|
|
|
81
82
|
.dup # ensure we don't have a frozen string
|
|
82
83
|
.force_encoding("UTF-8") # treat all strings as utf8
|
|
83
84
|
.sub(/^\xEF\xBB\xBF/, "") # remove any Byte Order Marks so JSON, etc don't fail while parsing them.
|
|
85
|
+
rescue ArgumentError => e
|
|
86
|
+
# Bibliothecary doesn't need to analyze non-UTF8 files like binary files, so just return blank.
|
|
87
|
+
return "" if e.message.match?(INVALID_UTF8_ERROR_REGEXP)
|
|
88
|
+
raise e
|
|
84
89
|
end
|
|
85
90
|
|
|
86
91
|
class << self
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: bibliothecary
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 8.
|
|
4
|
+
version: 8.8.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Andrew Nesbitt
|
|
8
|
-
autorequire:
|
|
8
|
+
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2024-
|
|
11
|
+
date: 2024-05-09 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: tomlrb
|
|
@@ -248,7 +248,7 @@ dependencies:
|
|
|
248
248
|
- - ">="
|
|
249
249
|
- !ruby/object:Gem::Version
|
|
250
250
|
version: '0'
|
|
251
|
-
description:
|
|
251
|
+
description:
|
|
252
252
|
email:
|
|
253
253
|
- andrewnez@gmail.com
|
|
254
254
|
executables:
|
|
@@ -326,7 +326,7 @@ homepage: https://github.com/librariesio/bibliothecary
|
|
|
326
326
|
licenses:
|
|
327
327
|
- AGPL-3.0
|
|
328
328
|
metadata: {}
|
|
329
|
-
post_install_message:
|
|
329
|
+
post_install_message:
|
|
330
330
|
rdoc_options: []
|
|
331
331
|
require_paths:
|
|
332
332
|
- lib
|
|
@@ -341,8 +341,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
341
341
|
- !ruby/object:Gem::Version
|
|
342
342
|
version: '0'
|
|
343
343
|
requirements: []
|
|
344
|
-
rubygems_version: 3.
|
|
345
|
-
signing_key:
|
|
344
|
+
rubygems_version: 3.1.6
|
|
345
|
+
signing_key:
|
|
346
346
|
specification_version: 4
|
|
347
347
|
summary: Find and parse manifests
|
|
348
348
|
test_files: []
|