bibliothecary 12.0.0 → 12.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 12b592879fc7f4fbe3622f495e8ef989b541c81487915b693d02907cedeb62a0
-  data.tar.gz: fd266f3924f202a864017c52ff1c2eb84fd68c4451b16b95e6aa44d80b850598
+  metadata.gz: a0dbcee666f0bade61cdab50c1adf3feccd919c961db92df409845b0d8930a8f
+  data.tar.gz: cff0b5d9c69db6d9438c7d976e503096d75f8ea8991f318e800fdbb8caccc323
 SHA512:
-  metadata.gz: e4622e4be1424fd679fac201929bcdf77ed02f0f5782799cf506c93af1d21b803a7e8319e8f471b4747eb5d1a02dba3c0bf8914bae3c4a7a9c95c1b49c37c7b8
-  data.tar.gz: 16950d0fdfcf98cbef1b0faeb61fe1e398816b5499a2fe7af02ea3380975fce4bf85e81a64bfc2d9bb382753f2bdd538e2a46896e8a7e08476716a777adc32aa
+  metadata.gz: 2e1299ec112f03c1322b7084c65e14685a74b778c11cd82c0bde376d7f3ca06be08a01f76139b4237d78671fcfd91779edf7f457e756c98f7344b3f4712594de
+  data.tar.gz: 82388cba64ac674b92b77d364c05787f4ab2effd2dcd244c860b06d2761be4ba30f42a70adf3b3e80cb2d48e11fa12deedac46323447bd887db4d703a8bd9467

data/.circleci/config.yml

@@ -5,7 +5,7 @@ orbs:
 executors:
   bibliothecary:
     docker:
-      - image: cimg/ruby:3.2.4
+      - image: cimg/ruby:3.2.6
     working_directory: ~/bibliothecary
 
 
@@ -20,6 +20,7 @@ commands:
             bundle lock --add-platform x86_64-linux
       - ruby/install-deps:
           bundler-version: "2.3"
+          key: gems-v3
 
 
 jobs:

data/.rubocop.yml

@@ -1,8 +1,16 @@
 ---
 
+# Without this, CI might pickup nested dep's rubocop files in vendor/
+inherit_mode:
+  merge:
+    - Exclude
+
 AllCops:
-  DisabledByDefault: true
-  TargetRubyVersion: 3.0
+  NewCops: enable
+  TargetRubyVersion: 3.2.6
+  Exclude:
+    - spec/fixtures/**/*
+    - vendor/bundle/**/* # This is actually needed for CI, not for biblio itself
 
 
 Metrics/BlockLength:

data/.ruby-version

@@ -1 +1 @@
-3.2.4
+3.2.6

data/CHANGELOG.md

@@ -13,6 +13,19 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ### Removed
 
+## [12.1.0] - 2025-01-30
+
+### Added
+
+- Populate Bibliothecary::Dependency#source field in all parsers. This makes the source field useful when consuming 
+  from Bibliothecary, and removes a step from consumers having to populate this field themselves.
+
+### Changed
+
+- Improved Rubocop rules to make future spec changes easier via Rubocop auto-correcting formatting violations.
+
+### Removed
+
 ## [12.0.0] - 2025-01-27
 
 ### Removed

data/Gemfile

@@ -1,9 +1,24 @@
+# frozen_string_literal: true
+
 source "https://rubygems.org"
 
 # Specify your gem's dependencies in bibliothecary.gemspec
 gemspec
 
+group :development do
+  gem "pry"
+end
+
+group :development, :test do
+  gem "rake", "~> 12.0"
+  gem "rubocop", "~> 1.71"
+  gem "rubocop-rails"
+  gem "rubocop-rake" # This is needed by packageurl-ruby, until it reclassifies it as a dev dependency.
+end
+
 group :test do
-  gem "simplecov"
   gem "codeclimate-test-reporter", "~> 1.0.0"
+  gem "rspec", "~> 3.0"
+  gem "simplecov"
+  gem "webmock"
 end

data/Rakefile

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require "bundler/gem_tasks"
 require "rspec/core/rake_task"
 

data/bibliothecary.gemspec

@@ -1,9 +1,12 @@
-# coding: utf-8
-lib = File.expand_path("../lib", __FILE__)
+# frozen_string_literal: true
+
+lib = File.expand_path("lib", __dir__)
 $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
 require "bibliothecary/version"
 
 Gem::Specification.new do |spec|
+  spec.required_ruby_version = ">= 3.2.0"
+
   spec.name          = "bibliothecary"
   spec.version       = Bibliothecary::VERSION
   spec.authors       = ["Andrew Nesbitt"]
@@ -18,19 +21,14 @@ Gem::Specification.new do |spec|
   spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
   spec.require_paths = ["lib"]
 
-  spec.add_dependency "tomlrb", "~> 2.0"
+  spec.add_dependency "commander"
+  spec.add_dependency "deb_control"
   spec.add_dependency "librariesio-gem-parser"
   spec.add_dependency "ox", ">= 2.8.1"
-  spec.add_dependency "typhoeus"
-  spec.add_dependency "deb_control"
-  spec.add_dependency "sdl4r"
-  spec.add_dependency "commander"
   spec.add_dependency "packageurl-ruby"
+  spec.add_dependency "sdl4r"
+  spec.add_dependency "tomlrb", "~> 2.0"
+  spec.add_dependency "typhoeus"
 
-  spec.add_development_dependency "pry"
-  spec.add_development_dependency "rake", "~> 12.0"
-  spec.add_development_dependency "rspec", "~> 3.0"
-  spec.add_development_dependency "webmock"
-  spec.add_development_dependency "rubocop"
-  spec.add_development_dependency "rubocop-rails"
+  spec.metadata["rubygems_mfa_required"] = "true"
 end

data/bin/bibliothecary

@@ -1,6 +1,7 @@
 #!/usr/bin/env ruby
+# frozen_string_literal: true
 
-lib = File.expand_path("../../lib", __FILE__)
+lib = File.expand_path("../lib", __dir__)
 $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
 
 require "bibliothecary/cli"

data/bin/console

@@ -1,4 +1,5 @@
 #!/usr/bin/env ruby
+# frozen_string_literal: true
 
 require "bundler/setup"
 require "bibliothecary"

data/lib/bibliothecary/analyser/analysis.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Bibliothecary
   module Analyser
     module Analysis
@@ -42,25 +44,29 @@ module Bibliothecary
 
         dependencies_to_analysis(info, kind, dependencies)
       rescue Bibliothecary::FileParsingError => e
-        Bibliothecary::Analyser::create_error_analysis(platform_name, info.relative_path, kind, e.message, e.location)
+        Bibliothecary::Analyser.create_error_analysis(platform_name, info.relative_path, kind, e.message, e.location)
       end
       alias analyze_contents_from_info analyse_contents_from_info
 
       def dependencies_to_analysis(info, kind, dependencies)
-        dependencies = dependencies || [] # work around any legacy parsers that return nil
+        dependencies ||= [] # work around any legacy parsers that return nil
         if generic?
           grouped = dependencies.group_by { |dep| dep[:platform] }
           all_analyses = grouped.keys.map do |platform|
-            deplatformed_dependencies = grouped[platform].map { |d| d.delete(:platform); d }
-            Bibliothecary::Analyser::create_analysis(platform, info.relative_path, kind, deplatformed_dependencies)
+            deplatformed_dependencies = grouped[platform].map do |d|
+              d.delete(:platform)
+              d
+            end
+            Bibliothecary::Analyser.create_analysis(platform, info.relative_path, kind, deplatformed_dependencies)
           end
           # this is to avoid a larger refactor for the time being. The larger refactor
           # needs to make analyse_contents return multiple analysis, or add another
           # method that can return multiple and deprecate analyse_contents, perhaps.
           raise "File contains zero or multiple platforms, currently must have exactly one" if all_analyses.length != 1
+
           all_analyses.first
         else
-          Bibliothecary::Analyser::create_analysis(platform_name, info.relative_path, kind, dependencies)
+          Bibliothecary::Analyser.create_analysis(platform_name, info.relative_path, kind, dependencies)
         end
       end
 
@@ -81,8 +87,7 @@ module Bibliothecary
         # this comment, some of the parsers return [] or nil to mean an error
         # which is confusing to users.
         send(details[:parser], contents, options: options.merge(filename: filename))
-
-      rescue Exception => e # default is StandardError but C bindings throw Exceptions
+      rescue Exception => e # default is StandardError but C bindings throw Exceptions # rubocop:disable Lint/RescueException
         # the C xml parser also puts a newline at the end of the message
         location = e.backtrace_locations[0]
           .to_s
@@ -97,7 +102,7 @@ module Bibliothecary
 
         kind = determine_kind_from_info(info)
         relate_to_kind = first_matching_mapping_details(info)
-          .fetch(:related_to, %w(manifest lockfile).reject { |k| k == kind })
+          .fetch(:related_to, %w[manifest lockfile].reject { |k| k == kind })
         dirname = File.dirname(info.relative_path)
 
         infos

data/lib/bibliothecary/analyser/determinations.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Bibliothecary
   module Analyser
     module Determinations

data/lib/bibliothecary/analyser/matchers.rb

@@ -1,42 +1,42 @@
+# frozen_string_literal: true
+
 module Bibliothecary
   module Analyser
     module Matchers
       def match_filename(filename, case_insensitive: false)
         if case_insensitive
-          lambda { |path| path.downcase == filename.downcase || path.downcase.end_with?("/" + filename.downcase) }
+          ->(path) { path.downcase == filename.downcase || path.downcase.end_with?("/#{filename.downcase}") }
         else
-          lambda { |path| path == filename || path.end_with?("/" + filename) }
+          ->(path) { path == filename || path.end_with?("/#{filename}") }
         end
       end
 
       def match_filenames(*filenames)
         lambda do |path|
           filenames.any? { |f| path == f } ||
-            filenames.any? { |f| path.end_with?("/" + f) }
+            filenames.any? { |f| path.end_with?("/#{f}") }
         end
       end
 
       def match_extension(filename, case_insensitive: false)
         if case_insensitive
-          lambda { |path| path.downcase.end_with?(filename.downcase) }
+          ->(path) { path.downcase.end_with?(filename.downcase) }
         else
-          lambda { |path| path.end_with?(filename) }
+          ->(path) { path.end_with?(filename) }
         end
       end
 
       def mapping_entry_match?(matcher, details, info)
-        if matcher.call(info.relative_path)
-          # we only want to load contents if we don't have them already
-          # and there's a content_matcher method to use
-          return true if details[:content_matcher].nil?
-          # this is the libraries.io case where we won't load all .xml
-          # files (for example) just to look at their contents, we'll
-          # assume they are not manifests.
-          return false if info.contents.nil?
-          return send(details[:content_matcher], info.contents)
-        else
-          return false
-        end
+        return false unless matcher.call(info.relative_path)
+        # we only want to load contents if we don't have them already
+        # and there's a content_matcher method to use
+        return true if details[:content_matcher].nil?
+        # this is the libraries.io case where we won't load all .xml
+        # files (for example) just to look at their contents, we'll
+        # assume they are not manifests.
+        return false if info.contents.nil?
+
+        send(details[:content_matcher], info.contents)
       end
 
       # this is broken with contents=nil because it can't look at file

data/lib/bibliothecary/analyser.rb

@@ -1,10 +1,12 @@
-require_relative "./analyser/matchers.rb"
-require_relative "./analyser/determinations.rb"
-require_relative "./analyser/analysis.rb"
+# frozen_string_literal: true
+
+require_relative "analyser/matchers"
+require_relative "analyser/determinations"
+require_relative "analyser/analysis"
 
 module Bibliothecary
   module Analyser
-    def self.create_error_analysis(platform_name, relative_path, kind, message, location=nil)
+    def self.create_error_analysis(platform_name, relative_path, kind, message, location = nil)
       {
         platform: platform_name,
         path: relative_path,
@@ -53,15 +55,16 @@ module Bibliothecary
       end
 
       def platform_name
-        self.name.to_s.split("::").last.downcase
+        name.to_s.split("::").last.downcase
       end
 
-      def map_dependencies(hash, key, type)
-        hash.fetch(key,[]).map do |name, requirement|
+      def map_dependencies(hash, key, type, source = nil)
+        hash.fetch(key, []).map do |name, requirement|
           Dependency.new(
             name: name,
             requirement: requirement,
             type: type,
+            source: source
           )
         end
       end
@@ -75,7 +78,7 @@ module Bibliothecary
       def add_multi_parser(klass)
         raise "No mapping found! You should place the add_multi_parser call below def self.mapping." unless respond_to?(:mapping)
 
-        original_mapping = self.mapping
+        original_mapping = mapping
 
         define_singleton_method(:mapping) do
           original_mapping.merge(klass.mapping)

data/lib/bibliothecary/cli.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require "bibliothecary/version"
 require "bibliothecary"
 require "commander"
@@ -20,7 +22,7 @@ module Bibliothecary
           output = Bibliothecary.analyse(options.path)
           output.each do |file_contents|
             puts "#{file_contents[:path]} (#{file_contents[:platform]})"
-            file_contents[:dependencies].group_by{|d| d[:type] }.each do |type, deps|
+            file_contents[:dependencies].group_by { |d| d[:type] }.each do |type, deps|
               puts "  #{type}"
               deps.each do |dep|
                 puts "    #{dep[:name]} #{dep[:requirement]}"

data/lib/bibliothecary/configuration.rb

@@ -1,13 +1,8 @@
+# frozen_string_literal: true
+
 module Bibliothecary
   class Configuration
-    attr_accessor :ignored_dirs
-    attr_accessor :ignored_files
-    attr_accessor :carthage_parser_host
-    attr_accessor :clojars_parser_host
-    attr_accessor :mix_parser_host
-    attr_accessor :conda_parser_host
-    attr_accessor :swift_parser_host
-    attr_accessor :cabal_parser_host
+    attr_accessor :ignored_dirs, :ignored_files, :carthage_parser_host, :clojars_parser_host, :mix_parser_host, :conda_parser_host, :swift_parser_host, :cabal_parser_host
 
     def initialize
       @ignored_dirs = [".git", "node_modules", "bower_components", "vendor", "dist"]

data/lib/bibliothecary/dependency.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Bibliothecary
   # Dependency represents a single unique dependency that was parsed out of a manifest.
   #
@@ -19,21 +21,21 @@ module Bibliothecary
   # @source [String] source An optional string to store the location of the manifest that contained this
   #   dependency, e.g. "src/package.json".
   class Dependency
-    FIELDS = [
-      :name,
-      :requirement,
-      :original_requirement,
-      :platform,
-      :type,
-      :direct,
-      :deprecated,
-      :local,
-      :optional,
-      :original_name,
-      :source,
-    ]
+    FIELDS = %i[
+      name
+      requirement
+      original_requirement
+      platform
+      type
+      direct
+      deprecated
+      local
+      optional
+      original_name
+      source
+    ].freeze
 
-    attr_reader *FIELDS
+    attr_reader(*FIELDS)
 
     def initialize(
       name:,
@@ -64,7 +66,7 @@ module Bibliothecary
     def eql?(other)
       FIELDS.all? { |f| public_send(f) == other.public_send(f) }
     end
-    alias :== :eql?
+    alias == eql?
 
     def [](key)
       public_send(key)

data/lib/bibliothecary/exceptions.rb

@@ -1,6 +1,9 @@
+# frozen_string_literal: true
+
 module Bibliothecary
   class RemoteParsingError < StandardError
     attr_accessor :code
+
     def initialize(msg, code)
       @code = code
       super(msg)
@@ -9,11 +12,12 @@ module Bibliothecary
 
   class FileParsingError < StandardError
     attr_accessor :filename, :location
-    def initialize(msg, filename, location=nil)
+
+    def initialize(msg, filename, location = nil)
       @filename = filename
       @location = location # source code location of the error, e.g. "lib/hi.rb:34"
       msg = "#{filename}: #{msg}" unless msg.include?(filename)
-      super("#{msg}")
+      super(msg.to_s)
     end
   end
 end

data/lib/bibliothecary/file_info.rb

@@ -1,24 +1,22 @@
+# frozen_string_literal: true
+
 require "pathname"
 
 module Bibliothecary
   # A representation of a file on the filesystem, with location information
   # and package manager information if needed.
   class FileInfo
-    attr_reader :folder_path
-    attr_reader :relative_path
-    attr_reader :full_path
+    attr_reader :folder_path, :relative_path, :full_path
     attr_accessor :package_manager
 
     def contents
       @contents ||=
-        begin
-          if @folder_path.nil?
-            # if we have no folder_path then we aren't dealing with a
-            # file that's actually on the filesystem
-            nil
-          else
-            Bibliothecary.utf8_string(File.open(@full_path).read)
-          end
+        if @folder_path.nil?
+          # if we have no folder_path then we aren't dealing with a
+          # file that's actually on the filesystem
+          nil
+        else
+          Bibliothecary.utf8_string(File.read(@full_path))
         end
     end
 

data/lib/bibliothecary/multi_parsers/bundler_like_manifest.rb

@@ -1,20 +1,23 @@
+# frozen_string_literal: true
+
 module Bibliothecary
   module MultiParsers
     module BundlerLikeManifest
       # this takes parsed Bundler and Bundler-like (CocoaPods)
       # manifests and turns them into a list of dependencies.
-      def parse_ruby_manifest(manifest)
+      def parse_ruby_manifest(manifest, source = nil)
         manifest.dependencies.inject([]) do |deps, dep|
           deps.push(Dependency.new(
-            name: dep.name,
-            requirement: dep
-              .requirement
-              .requirements
-              .sort_by(&:last)
-              .map { |op, version| "#{op} #{version}" }
-              .join(", "),
-            type: dep.type.to_s,
-          ))
+                      name: dep.name,
+                      requirement: dep
+                        .requirement
+                        .requirements
+                        .sort_by(&:last)
+                        .map { |op, version| "#{op} #{version}" }
+                        .join(", "),
+                      type: dep.type.to_s,
+                      source: source
+                    ))
         end.uniq
       end
     end

data/lib/bibliothecary/multi_parsers/cyclonedx.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require "json"
 require "ox"
 
@@ -28,23 +30,24 @@ module Bibliothecary
           @parse_queue = parse_queue.dup
         end
 
-        def <<(purl)
+        def add(purl, source = nil)
           mapping = PurlUtil::PURL_TYPE_MAPPING[purl.type]
           return unless mapping
 
           @manifests[mapping] ||= Set.new
-          @manifests[mapping] <<  Dependency.new(
+          @manifests[mapping] << Dependency.new(
             name: PurlUtil.full_name(purl),
             requirement: purl.version,
             type: "lockfile",
+            source: source
           )
         end
 
         # Iterates over each manifest entry in the parse_queue, and accepts a block which will
         # be called on each component. The block has two jobs: 1) add more sub-components
         # to parse (if they exist), and 2) return the components purl.
-        def parse!(&block)
-          while @parse_queue.length > 0
+        def parse!(source = nil, &block)
+          until @parse_queue.empty?
             component = @parse_queue.shift
 
             purl_text = block.call(component, @parse_queue)
@@ -53,7 +56,7 @@ module Bibliothecary
 
             purl = PackageURL.parse(purl_text)
 
-            self << purl
+            add(purl, source)
           end
         end
 
@@ -88,7 +91,6 @@ module Bibliothecary
       end
 
       def parse_cyclonedx_json(file_contents, options: {})
-
         manifest = try_cache(options, options[:filename]) do
           JSON.parse(file_contents)
         end
@@ -97,7 +99,7 @@ module Bibliothecary
 
         entries = ManifestEntries.new(parse_queue: manifest["components"])
 
-        entries.parse! do |component, parse_queue|
+        entries.parse!(options.fetch(:filename, nil)) do |component, parse_queue|
           parse_queue.concat(component["components"]) if component["components"]
 
           component["purl"]
@@ -120,7 +122,7 @@ module Bibliothecary
 
         entries = ManifestEntries.new(parse_queue: root.locate("components/*"))
 
-        entries.parse! do |component, parse_queue|
+        entries.parse!(options.fetch(:filename, nil)) do |component, parse_queue|
           # #locate returns an empty array if nothing is found, so we can
           # always safely concatenate it to the parse queue.
           parse_queue.concat(component.locate("components/*"))

data/lib/bibliothecary/multi_parsers/dependencies_csv.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require "csv"
 
 module Bibliothecary
@@ -55,7 +57,7 @@ module Bibliothecary
               /^(manifest |)type$/i,
             ],
           },
-        }
+        }.freeze
 
         attr_reader :result
 
@@ -79,7 +81,7 @@ module Bibliothecary
               # some column have default data to fall back on
               if row_data
                 obj[header.to_sym] = row_data
-              elsif info.has_key?(:default)
+              elsif info.key?(:default)
                 # if the default is nil, don't even add the key to the hash
                 obj[header.to_sym] = info[:default] if info[:default]
               else
@@ -99,6 +101,7 @@ module Bibliothecary
           unless header_examination_results[:missing].empty?
             raise "Missing required headers #{header_examination_results[:missing].join(', ')} in CSV. Check to make sure header names are all lowercase."
           end
+
           @header_mappings = header_examination_results[:found]
 
           table
@@ -114,7 +117,7 @@ module Bibliothecary
 
             if results.empty?
               # if a header has a default value it's optional
-              obj[:missing] << header unless info.has_key?(:default)
+              obj[:missing] << header unless info.key?(:default)
             else
               # select the highest priority header possible
               obj[:found][header] ||= nil
@@ -139,7 +142,11 @@ module Bibliothecary
         csv_file
           .result
           .find_all { |dependency| dependency[:platform] == platform_name.to_s }
-          .map { |dep_kvs| Dependency.new(**dep_kvs) }
+          .map do |dep_kvs|
+            Dependency.new(
+              **dep_kvs, source: options.fetch(:filename, nil)
+            )
+          end
       end
     end
   end

data/lib/bibliothecary/multi_parsers/json_runtime.rb

@@ -1,13 +1,16 @@
+# frozen_string_literal: true
+
 module Bibliothecary
   module MultiParsers
     # Provide JSON Runtime Manifest parsing
     module JSONRuntime
-      def parse_json_runtime_manifest(file_contents, options: {}) # rubocop:disable Lint/UnusedMethodArgument
-        JSON.parse(file_contents).fetch("dependencies",[]).map do |name, requirement|
+      def parse_json_runtime_manifest(file_contents, options: {})
+        JSON.parse(file_contents).fetch("dependencies", []).map do |name, requirement|
           Dependency.new(
             name: name,
             requirement: requirement,
             type: "runtime",
+            source: options.fetch(:filename, nil)
           )
         end
       end