bibliothecary 8.7.7 → 8.8.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/bibliothecary/parsers/npm.rb +12 -2
- data/lib/bibliothecary/parsers/pypi.rb +20 -6
- data/lib/bibliothecary/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: dc9dd3ee94e4de1a66c6dabac392832a1ba6805dbef22398665697a85bc8a420
|
4
|
+
data.tar.gz: 800a427c7e9fbe6d12d116c1c0e57373136421dd99b6fc272218fad3c47db72d
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: d8da425a16d0378c3a73658df752804af3f9c78d31eccb7a26e0abf0b469f0dfa9c8a1d17f907c77255015499e9f947b1b63823641762be161cb4248afb8a2b6
|
7
|
+
data.tar.gz: 16d78e7dc17c53d79a6b634dde2ca7b73d8cccaa9db4435956ef752de6fa7c73a6d92a8486576beab838bc12a328016274ca850f2b54ed7e875110c1e38f0a74
|
@@ -63,12 +63,18 @@ module Bibliothecary
|
|
63
63
|
# "packages" is a flat object where each key is the installed location of the dep, e.g. node_modules/foo/node_modules/bar.
|
64
64
|
manifest
|
65
65
|
.fetch("packages")
|
66
|
-
|
66
|
+
# there are a couple of scenarios where a package's name won't start with node_modules
|
67
|
+
# 1. name == "", this is the lockfile's package itself
|
68
|
+
# 2. when a package is a local path dependency, it will appear in package-lock.json twice.
|
69
|
+
# * One occurrence has the node_modules/ prefix in the name (which we keep)
|
70
|
+
# * The other occurrence's name is the path to the local dependency (which has less information, and is duplicative, so we discard)
|
71
|
+
.select { |name, _dep| name.start_with?("node_modules") }
|
67
72
|
.map do |name, dep|
|
68
73
|
{
|
69
74
|
name: name.split("node_modules/").last,
|
70
|
-
requirement: dep["version"],
|
75
|
+
requirement: dep["version"] || "*",
|
71
76
|
type: dep.fetch("dev", false) || dep.fetch("devOptional", false) ? "development" : "runtime",
|
77
|
+
local: dep.fetch("link", false),
|
72
78
|
}
|
73
79
|
end
|
74
80
|
end
|
@@ -101,6 +107,9 @@ module Bibliothecary
|
|
101
107
|
map_dependencies(manifest, "devDependencies", "development")
|
102
108
|
)
|
103
109
|
.reject { |dep| dep[:name].start_with?("//") } # Omit comment keys. They are valid in package.json: https://groups.google.com/g/nodejs/c/NmL7jdeuw0M/m/yTqI05DRQrIJ
|
110
|
+
.each do |dep|
|
111
|
+
dep[:local] = dep[:requirement].start_with?("file:")
|
112
|
+
end
|
104
113
|
end
|
105
114
|
|
106
115
|
def self.parse_yarn_lock(file_contents, options: {}) # rubocop:disable Lint/UnusedMethodArgument
|
@@ -115,6 +124,7 @@ module Bibliothecary
|
|
115
124
|
requirement: dep[:version],
|
116
125
|
lockfile_requirement: dep[:requirement],
|
117
126
|
type: dep[:type],
|
127
|
+
local: dep[:requirement]&.start_with?("file:"),
|
118
128
|
}
|
119
129
|
end
|
120
130
|
end
|
@@ -9,8 +9,8 @@ module Bibliothecary
|
|
9
9
|
# Optional Group 2 is [extras].
|
10
10
|
# Capture Group 3 is Version
|
11
11
|
REQUIRE_REGEXP = /([a-zA-Z0-9]+[a-zA-Z0-9\-_\.]+)(?:\[.*?\])*([><=\w\.,]+)?/
|
12
|
-
|
13
12
|
REQUIREMENTS_REGEXP = /^#{REQUIRE_REGEXP}/
|
13
|
+
|
14
14
|
MANIFEST_REGEXP = /.*require[^\/]*(\/)?[^\/]*\.(txt|pip|in)$/
|
15
15
|
# TODO: can this be a more specific regexp so it doesn't match something like ".yarn/cache/create-require-npm-1.0.0.zip"?
|
16
16
|
PIP_COMPILE_REGEXP = /.*require.*$/
|
@@ -45,6 +45,10 @@ module Bibliothecary
|
|
45
45
|
kind: "lockfile",
|
46
46
|
parser: :parse_requirements_txt,
|
47
47
|
},
|
48
|
+
match_filename("pip-dependency-graph.json") => { # Exported from pipdeptree --json
|
49
|
+
kind: "lockfile",
|
50
|
+
parser: :parse_dependency_tree_json,
|
51
|
+
},
|
48
52
|
match_filename("setup.py") => {
|
49
53
|
kind: "manifest",
|
50
54
|
parser: :parse_setup_py,
|
@@ -226,6 +230,18 @@ module Bibliothecary
|
|
226
230
|
# should be treated as.
|
227
231
|
NoEggSpecified = Class.new(ArgumentError)
|
228
232
|
|
233
|
+
def self.parse_dependency_tree_json(file_contents, options: {})
|
234
|
+
JSON.parse(file_contents)
|
235
|
+
.map do |pkg|
|
236
|
+
{
|
237
|
+
name: pkg.dig("package", "package_name"),
|
238
|
+
requirement: pkg.dig("package", "installed_version"),
|
239
|
+
type: "runtime",
|
240
|
+
}
|
241
|
+
end
|
242
|
+
.uniq
|
243
|
+
end
|
244
|
+
|
229
245
|
# Parses a requirements.txt file, following the
|
230
246
|
# https://pip.pypa.io/en/stable/cli/pip_install/#requirement-specifiers
|
231
247
|
# and https://pip.pypa.io/en/stable/topics/vcs-support/#git.
|
@@ -252,10 +268,7 @@ module Bibliothecary
|
|
252
268
|
deps << result.merge(
|
253
269
|
type: type
|
254
270
|
)
|
255
|
-
|
256
|
-
match = line.delete(" ").match(REQUIREMENTS_REGEXP)
|
257
|
-
next unless match
|
258
|
-
|
271
|
+
elsif (match = line.delete(" ").match(REQUIREMENTS_REGEXP))
|
259
272
|
deps << {
|
260
273
|
name: match[1],
|
261
274
|
requirement: match[-1] || "*",
|
@@ -263,7 +276,8 @@ module Bibliothecary
|
|
263
276
|
}
|
264
277
|
end
|
265
278
|
end
|
266
|
-
|
279
|
+
|
280
|
+
deps.uniq
|
267
281
|
end
|
268
282
|
|
269
283
|
def self.parse_requirements_txt_url(url)
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: bibliothecary
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 8.
|
4
|
+
version: 8.8.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Andrew Nesbitt
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2024-
|
11
|
+
date: 2024-05-29 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: tomlrb
|