bibliothecary 8.4.6 → 8.5.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (4) hide show
  1. checksums.yaml +4 -4
  2. data/lib/bibliothecary/parsers/npm.rb +28 -2
  3. data/lib/bibliothecary/version.rb +1 -1
  4. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 33e04a00975f760b9181b0abd40f0e95d16cd13be398a451b66fb23515df11fa
4
- data.tar.gz: 697ee1d7cbebdb1a1cfbce80263ef1d3d9a7d68e154aca137988e14ba96a8c22
3
+ metadata.gz: ac52b349e3c70feee32a4866adc7d81a850467dcc167cd0227c20dadafcb78a9
4
+ data.tar.gz: 7127e1e85bf737dacbfaf84d91fd3c8e0ea527d7337e0381d1ca36a8677289c3
5
5
  SHA512:
6
- metadata.gz: 792317a507641d26ec0903d59962c4e9949e253926346128c6c9d56c82a2716484163fe2c1cf626c10d967c19872c9c610fd12f9dcb7f2c5f27270be05a4ce29
7
- data.tar.gz: 24795027d27690ea19467426cc9499ea93941d9eae184b02100900bfb6eb310f8f9de94e1baa24d2969e51f03b6a85c995bb16c53f5b77c4a011a9622309556e
6
+ metadata.gz: 476ced972f0f89192fb42fa2d9a12bc279ef8635211040e3e9c73cd0ab242e997193fae9f21c4a305956f5f8b188b12cf3a67fd054200a589202e6337755d990
7
+ data.tar.gz: 8167b963298ad218bbbc0b7666f3e8a0622781321a64c2558c816946ddfd69c284cf4842bb8c99681c5ea84edf1d665ce8a2291753f16a6447ab388a5982f7ce
data/lib/bibliothecary/parsers/npm.rb CHANGED
@@ -38,7 +38,15 @@ module Bibliothecary
38
38
 
39
39
  def self.parse_package_lock(file_contents, options: {})
40
40
  manifest = JSON.parse(file_contents)
41
- parse_package_lock_deps_recursively(manifest.fetch('dependencies', []))
41
+ # https://docs.npmjs.com/cli/v9/configuring-npm/package-lock-json#lockfileversion
42
+ if manifest["lockfileVersion"].to_i <= 1
43
+ # lockfileVersion 1 uses the "dependencies" object
44
+ parse_package_lock_v1(manifest)
45
+ else
46
+ # lockfileVersion 2 has backwards-compatability by including both "packages" and the legacy "dependencies" object
47
+ # lockfileVersion 3 has no backwards-compatibility and only includes the "packages" object
48
+ parse_package_lock_v2(manifest)
49
+ end
42
50
  end
43
51
 
44
52
  class << self
@@ -46,6 +54,24 @@ module Bibliothecary
46
54
  alias_method :parse_shrinkwrap, :parse_package_lock
47
55
  end
48
56
 
57
+ def self.parse_package_lock_v1(manifest)
58
+ parse_package_lock_deps_recursively(manifest.fetch('dependencies', []))
59
+ end
60
+
61
+ def self.parse_package_lock_v2(manifest)
62
+ # "packages" is a flat object where each key is the installed location of the dep, e.g. node_modules/foo/node_modules/bar.
63
+ manifest
64
+ .fetch("packages")
65
+ .reject { |name, dep| name == "" } # this is the lockfile's package itself
66
+ .map do |name, dep|
67
+ {
68
+ name: name.split("node_modules/").last,
69
+ requirement: dep["version"],
70
+ type: dep.fetch("dev", false) || dep.fetch("devOptional", false) ? "development" : "runtime"
71
+ }
72
+ end
73
+ end
74
+
49
75
  def self.parse_package_lock_deps_recursively(dependencies, depth=1)
50
76
  dependencies.flat_map do |name, requirement|
51
77
  type = requirement.fetch("dev", false) ? 'development' : 'runtime'
@@ -55,7 +81,7 @@ module Bibliothecary
55
81
  []
56
82
  else
57
83
  parse_package_lock_deps_recursively(requirement.fetch('dependencies', []), depth + 1)
58
- end
84
+ end
59
85
 
60
86
  [{
61
87
  name: name,
data/lib/bibliothecary/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Bibliothecary
2
- VERSION = "8.4.6"
2
+ VERSION = "8.5.0"
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: bibliothecary
3
3
  version: !ruby/object:Gem::Version
4
- version: 8.4.6
4
+ version: 8.5.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Andrew Nesbitt
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-11-08 00:00:00.000000000 Z
11
+ date: 2022-11-23 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: tomlrb