dependabot-npm_and_yarn 0.216.2 → 0.218.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 2df51373de95ce542233cbb690f059ee015534e3e57d69470031491f9dd89794
4
- data.tar.gz: c8e33eea70d6765a96e87248ebc4b5f8cedb49ea03e9c1abf79bdaddfc6cda00
3
+ metadata.gz: 7206f2db6166afbdb898d6bc710f53255a7ee8426eb820642e56bdd967ddc079
4
+ data.tar.gz: 6525f3d43debb1e9f09a612ca04589f29a4c14b1c16b27c86fb1140270ab5c18
5
5
  SHA512:
6
- metadata.gz: 27c3502dd326b7b82738fa402d2e46c6054750af2e029b08f5c97b8f51e946c7090754e0679050116bbb6f572635aea77b77f4951ff19d703ff090e5308a5033
7
- data.tar.gz: bdbfbb9f4896a58635cc9eef900f00a6e2ef02c438bb8a072fa83c199d532c9c92742ed805e8e39ddb3a5b746f50a457a7a29c4963870eddb61d0c4b7cc15957
6
+ metadata.gz: 6f867a7d9a6cdef47a73c6d13b263b02e6622ff97282322c289fb46567548e6f58dd05588e7dd03e915183ed51ecd1532c9dd818452d0672521d1f43ede98d18
7
+ data.tar.gz: d55ba2258422781d317652cc712a349cbd43391aa9730ea1f1b79f7198c48cba24abb3956199278f796d76bb74e3bfa1c789e62eb5f930c47ff6d95d79282751
@@ -0,0 +1,5 @@
1
+ const lockfileParser = require("./lockfile-parser");
2
+
3
+ module.exports = {
4
+ parseLockfile: lockfileParser.parse,
5
+ };
@@ -0,0 +1,77 @@
1
+ /* PNPM-LOCK.YAML PARSER
2
+ *
3
+ * Inputs:
4
+ * - directory containing a pnpm-lock.yaml file
5
+ *
6
+ * Outputs:
7
+ * - JSON formatted information of dependencies (name, version, dependency-type)
8
+ */
9
+ const { readWantedLockfile } = require("@pnpm/lockfile-file");
10
+ const dependencyPath = require("@pnpm/dependency-path");
11
+
12
+ async function parse(directory) {
13
+ const lockfile = await readWantedLockfile(directory, {
14
+ ignoreIncompatible: true
15
+ });
16
+
17
+ return Object.entries(lockfile.packages ?? {})
18
+ .map(([depPath, pkgSnapshot]) => nameVerDevFromPkgSnapshot(depPath, pkgSnapshot, Object.values(lockfile.importers)))
19
+ }
20
+
21
+ function nameVerDevFromPkgSnapshot(depPath, pkgSnapshot, projectSnapshots) {
22
+ let name;
23
+ let version;
24
+
25
+ if (!pkgSnapshot.name) {
26
+ const pkgInfo = dependencyPath.parse(depPath);
27
+ name = pkgInfo.name;
28
+ version = pkgInfo.version;
29
+ } else {
30
+ name = pkgSnapshot.name;
31
+ version = pkgSnapshot.version;
32
+ }
33
+
34
+ let specifiers = [];
35
+ let aliased = false;
36
+
37
+ projectSnapshots.every(projectSnapshot => {
38
+ const projectSpecifiers = projectSnapshot.specifiers;
39
+
40
+ if (Object.values(projectSpecifiers).some(specifier => specifier.startsWith(`npm:${name}@`) || specifier == `npm:${name}`)) {
41
+ aliased = true;
42
+ return false;
43
+ }
44
+
45
+ currentSpecifier = projectSpecifiers[name];
46
+
47
+ if (!currentSpecifier) {
48
+ return true;
49
+ }
50
+
51
+ let specifierVersion = currentSpecifier.version;
52
+
53
+ if (!currentSpecifier.version) {
54
+ specifierVersion = projectSnapshot.dependencies?.[name] || projectSnapshot.devDependencies?.[name] || projectSnapshot.optionalDependencies?.[name]
55
+ }
56
+
57
+ if (
58
+ specifierVersion == version ||
59
+ specifierVersion.startsWith(`${version}_`) || // lockfileVersion 5.4
60
+ specifierVersion.startsWith(`${version}(`) // lockfileVersion 6.0
61
+ ) {
62
+ specifiers.push(currentSpecifier.specifier || currentSpecifier);
63
+ }
64
+
65
+ return true;
66
+ });
67
+
68
+ return {
69
+ name: name,
70
+ version: version,
71
+ dev: pkgSnapshot.dev,
72
+ specifiers: specifiers,
73
+ aliased: aliased
74
+ }
75
+ }
76
+
77
+ module.exports = { parse };