bibliothecary 14.3.0 → 14.4.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 6707fc0443320dc26cce55e6adcd048042c13b1648efe3a134952c62e5288f1f
-  data.tar.gz: 7e53ee490a0f3eb7ab97470d30332247176c8ea73fdf88182c82da152de50c56
+  metadata.gz: d1f7fd4aeb8298f9fcb9b5edc69b7936eed8f112f3a6dde000edda36d641cfca
+  data.tar.gz: 4d9b619aab4813b3ee77a36b0fbb1588b561a3dd42275feeb216f01d19f8ea05
 SHA512:
-  metadata.gz: eea5b5ac599bbd4043a1caf1ff3f89d8356619f9f30a45715a8bb81628673934b58cec80b4234ff863bb41c5b1cfde33a9a00a8ceaa58ce256ec267d99cab292
-  data.tar.gz: 7dc7d4532c3da16a34d60e70e10022c773a2b4c748ec15efec8dda0eb3f2718f71f0f1162da28cd886e8e01138f9f945ab16bf8bcf4f4f44ebcf2a292a4a6f54
+  metadata.gz: a9a904ac75104ea34f45bfea2900475c89fd29a5d15ac065923d4e9d4c715ec6380d92ecea6499025063abe8f0146d2a89d9661f59f98cd216a4dcc6ce44b054
+  data.tar.gz: a4234dc007565e41587fa92ca7f970e5fdffd479debd202658e8a04edcf01943624df11aa1d0785398b87d10f694f3b84fb68fb985251315fbff67799f24fa2f

data/CHANGELOG.md

@@ -13,6 +13,12 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ### Removed
 
+## [14.4.0]
+
+### Added
+
+- Add suppport for vcpkg parsing
+
 ## [14.3.0]
 
 ### Added

data/lib/bibliothecary/parsers/vcpkg.rb

@@ -0,0 +1,111 @@
+# frozen_string_literal: true
+
+module Bibliothecary
+  module Parsers
+    class Vcpkg
+      include Bibliothecary::Analyser
+
+      def self.mapping
+        {
+          match_filename("vcpkg.json") => {
+            kind: "manifest",
+            parser: :parse_vcpkg_json,
+          },
+          # _generated-vcpkg-list.json is the output of `vcpkg list --x-json`.
+          match_filename("_generated-vcpkg-list.json") => {
+            kind: "lockfile",
+            parser: :parse_vcpkg_list_json,
+          },
+        }
+      end
+
+      add_multi_parser(Bibliothecary::MultiParsers::CycloneDX)
+      add_multi_parser(Bibliothecary::MultiParsers::Spdx)
+      add_multi_parser(Bibliothecary::MultiParsers::DependenciesCSV)
+
+      def self.parse_vcpkg_json(file_contents, options: {})
+        dependencies = []
+        manifest = JSON.parse(file_contents)
+        deps = manifest["dependencies"]
+
+        if !deps || deps.empty?
+          return ParserResult.new(dependencies: dependencies)
+        end
+
+        overrides = {}
+        manifest["overrides"]&.each do |override|
+          if override.is_a?(Hash) && override["name"]
+            override_version = override["version"] || override["version-semver"] || override["version-date"] || override["version-string"]
+            overrides[override["name"]] = format_requirement(override_version, override["port-version"])
+          end
+        end
+
+        deps.each do |dep|
+          if dep.is_a?(String)
+            # Simple string format: "boost-system"
+            name = dep
+            requirement = nil
+            is_development = false
+          elsif dep.is_a?(Hash)
+            # Object format: { "name": "cpprestsdk", "version>=": "2.10.0", ... }
+            name = dep["name"]
+            requirement = if dep["version>="]
+                            ">=#{dep['version>=']}"
+                          end
+            is_development = dep["host"] == true
+          end
+
+          # Skip entries with no name
+          next if name.nil? || name.empty?
+
+          requirement = overrides[name] if overrides[name]
+
+          dependencies << Dependency.new(
+            platform: platform_name,
+            name: name,
+            requirement: requirement,
+            type: is_development ? "development" : "runtime",
+            source: options.fetch(:filename, nil)
+          )
+        end
+
+        ParserResult.new(dependencies: dependencies)
+      end
+
+      def self.parse_vcpkg_list_json(file_contents, options: {})
+        # parses the output of `vcpkg list --x-json`
+        dependencies = []
+        manifest = JSON.parse(file_contents)
+
+        manifest.each_value do |package_info|
+          name = package_info["package_name"]
+          version = package_info["version"]
+          port_version = package_info["port_version"]
+
+          # Skip entries with no name
+          next if name.nil? || name.empty?
+
+          dependencies << Dependency.new(
+            platform: platform_name,
+            name: name,
+            requirement: format_requirement(version, port_version),
+            type: "runtime",
+            source: options.fetch(:filename, nil)
+          )
+        end
+
+        ParserResult.new(dependencies: dependencies)
+      end
+
+      def self.format_requirement(version, port_version)
+        return "*" unless version
+
+        if port_version && port_version > 0
+          return "#{version}##{port_version}"
+        end
+
+        version
+      end
+    end
+  end
+end

data/lib/bibliothecary/purl_util.rb

@@ -18,6 +18,7 @@ module Bibliothecary
       "gem" => :rubygems,
       "nuget" => :nuget,
       "pypi" => :pypi,
+      "vcpkg" => :vcpkg,
     }.freeze
 
     # @param purl [PackageURL]

data/lib/bibliothecary/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Bibliothecary
-  VERSION = "14.3.0"
+  VERSION = "14.4.0"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: bibliothecary
 version: !ruby/object:Gem::Version
-  version: 14.3.0
+  version: 14.4.0
 platform: ruby
 authors:
 - Andrew Nesbitt
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2025-11-12 00:00:00.000000000 Z
+date: 2025-11-24 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: commander
@@ -201,6 +201,7 @@ files:
 - lib/bibliothecary/parsers/pypi.rb
 - lib/bibliothecary/parsers/rubygems.rb
 - lib/bibliothecary/parsers/shard.rb
+- lib/bibliothecary/parsers/vcpkg.rb
 - lib/bibliothecary/purl_util.rb
 - lib/bibliothecary/related_files_info.rb
 - lib/bibliothecary/runner.rb