bibliothecary 8.4.6 → 8.5.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/bibliothecary/parsers/npm.rb +28 -2
- data/lib/bibliothecary/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: ac52b349e3c70feee32a4866adc7d81a850467dcc167cd0227c20dadafcb78a9
|
|
4
|
+
data.tar.gz: 7127e1e85bf737dacbfaf84d91fd3c8e0ea527d7337e0381d1ca36a8677289c3
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 476ced972f0f89192fb42fa2d9a12bc279ef8635211040e3e9c73cd0ab242e997193fae9f21c4a305956f5f8b188b12cf3a67fd054200a589202e6337755d990
|
|
7
|
+
data.tar.gz: 8167b963298ad218bbbc0b7666f3e8a0622781321a64c2558c816946ddfd69c284cf4842bb8c99681c5ea84edf1d665ce8a2291753f16a6447ab388a5982f7ce
|
|
@@ -38,7 +38,15 @@ module Bibliothecary
|
|
|
38
38
|
|
|
39
39
|
def self.parse_package_lock(file_contents, options: {})
|
|
40
40
|
manifest = JSON.parse(file_contents)
|
|
41
|
-
|
|
41
|
+
# https://docs.npmjs.com/cli/v9/configuring-npm/package-lock-json#lockfileversion
|
|
42
|
+
if manifest["lockfileVersion"].to_i <= 1
|
|
43
|
+
# lockfileVersion 1 uses the "dependencies" object
|
|
44
|
+
parse_package_lock_v1(manifest)
|
|
45
|
+
else
|
|
46
|
+
# lockfileVersion 2 has backwards-compatability by including both "packages" and the legacy "dependencies" object
|
|
47
|
+
# lockfileVersion 3 has no backwards-compatibility and only includes the "packages" object
|
|
48
|
+
parse_package_lock_v2(manifest)
|
|
49
|
+
end
|
|
42
50
|
end
|
|
43
51
|
|
|
44
52
|
class << self
|
|
@@ -46,6 +54,24 @@ module Bibliothecary
|
|
|
46
54
|
alias_method :parse_shrinkwrap, :parse_package_lock
|
|
47
55
|
end
|
|
48
56
|
|
|
57
|
+
def self.parse_package_lock_v1(manifest)
|
|
58
|
+
parse_package_lock_deps_recursively(manifest.fetch('dependencies', []))
|
|
59
|
+
end
|
|
60
|
+
|
|
61
|
+
def self.parse_package_lock_v2(manifest)
|
|
62
|
+
# "packages" is a flat object where each key is the installed location of the dep, e.g. node_modules/foo/node_modules/bar.
|
|
63
|
+
manifest
|
|
64
|
+
.fetch("packages")
|
|
65
|
+
.reject { |name, dep| name == "" } # this is the lockfile's package itself
|
|
66
|
+
.map do |name, dep|
|
|
67
|
+
{
|
|
68
|
+
name: name.split("node_modules/").last,
|
|
69
|
+
requirement: dep["version"],
|
|
70
|
+
type: dep.fetch("dev", false) || dep.fetch("devOptional", false) ? "development" : "runtime"
|
|
71
|
+
}
|
|
72
|
+
end
|
|
73
|
+
end
|
|
74
|
+
|
|
49
75
|
def self.parse_package_lock_deps_recursively(dependencies, depth=1)
|
|
50
76
|
dependencies.flat_map do |name, requirement|
|
|
51
77
|
type = requirement.fetch("dev", false) ? 'development' : 'runtime'
|
|
@@ -55,7 +81,7 @@ module Bibliothecary
|
|
|
55
81
|
[]
|
|
56
82
|
else
|
|
57
83
|
parse_package_lock_deps_recursively(requirement.fetch('dependencies', []), depth + 1)
|
|
58
|
-
|
|
84
|
+
end
|
|
59
85
|
|
|
60
86
|
[{
|
|
61
87
|
name: name,
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: bibliothecary
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 8.
|
|
4
|
+
version: 8.5.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Andrew Nesbitt
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2022-11-
|
|
11
|
+
date: 2022-11-23 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: tomlrb
|