bibliothecary 7.2.1 → 7.3.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: ba740dd30abb75fb073f3160d963a970ffa41099966e86a38558fc50c515c9bf
4
- data.tar.gz: 19de22f64f4390acd0c15781283d1089c85459aa989393485ab25337e246ef01
3
+ metadata.gz: 6bf41693f3224f06747aa8ea8799d369d68b262033689b900fe1a18c35803b85
4
+ data.tar.gz: 4cee903aaa6fff7e24e7ca4f8ddd162d2dd42af4ec04161fac21397622e6f5cd
5
5
  SHA512:
6
- metadata.gz: 9f7f301227e79af9a7f3bafc5484e39426c9d5faee1ee1c6a97f4173d6b438def08cf36ea3a8eedaa06d9ce0741ee6bf012b7aba1a972680c79b397ac57a1ac9
7
- data.tar.gz: 11bbaf66d5dcb32b042923abf85be353d96a6d1f09c1e641e0c40df215d9f70347e56b4d7afe81b5bb27a685318667c7c53d2ba24a2961e2a4dad72ad1c90273
6
+ metadata.gz: c178932cf88d945686cfa34ab2e9cf581c2b99878d51e2fc783e98804b63737f7f852a1017c81c4aec9c8ca7f425b54b3092722f95b767e37be07fce343a2740
7
+ data.tar.gz: b11a8ea3373f61fb2d1def0f203a400c864f30eec52faa77551d256cdc1a9c27e20e960b4151713982987faea0af8529e83f0d8606129613591487a358c26755
@@ -5,6 +5,9 @@ module Bibliothecary
5
5
  class NPM
6
6
  include Bibliothecary::Analyser
7
7
 
8
+ # Max depth to recurse into the "dependencies" property of package-lock.json
9
+ PACKAGE_LOCK_JSON_MAX_DEPTH = 10
10
+
8
11
  def self.mapping
9
12
  {
10
13
  match_filename("package.json") => {
@@ -43,26 +46,25 @@ module Bibliothecary
43
46
 
44
47
  def self.parse_package_lock(file_contents)
45
48
  manifest = JSON.parse(file_contents)
46
- manifest.fetch('dependencies',[]).map do |name, requirement|
47
- if requirement.fetch("dev", false)
48
- type = 'development'
49
- else
50
- type = 'runtime'
51
- end
52
-
53
- version = nil
54
-
55
- if requirement.key?("from")
56
- version = requirement["from"][/#(?:semver:)?v?(.*)/, 1]
57
- end
49
+ parse_package_lock_deps_recursively(manifest.fetch('dependencies', []))
50
+ end
58
51
 
52
+ def self.parse_package_lock_deps_recursively(dependencies, depth=1)
53
+ dependencies.flat_map do |name, requirement|
54
+ type = requirement.fetch("dev", false) ? 'development' : 'runtime'
55
+ version = requirement.key?("from") ? requirement["from"][/#(?:semver:)?v?(.*)/, 1] : nil
59
56
  version ||= requirement["version"].split("#").last
57
+ child_dependencies = if depth >= PACKAGE_LOCK_JSON_MAX_DEPTH
58
+ []
59
+ else
60
+ parse_package_lock_deps_recursively(requirement.fetch('dependencies', []), depth + 1)
61
+ end
60
62
 
61
- {
63
+ [{
62
64
  name: name,
63
65
  requirement: version,
64
66
  type: type
65
- }
67
+ }] + child_dependencies
66
68
  end
67
69
  end
68
70
 
@@ -1,3 +1,3 @@
1
1
  module Bibliothecary
2
- VERSION = "7.2.1"
2
+ VERSION = "7.3.0"
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: bibliothecary
3
3
  version: !ruby/object:Gem::Version
4
- version: 7.2.1
4
+ version: 7.3.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Andrew Nesbitt
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-10-15 00:00:00.000000000 Z
11
+ date: 2021-10-25 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: tomlrb