ecosystems-bibliothecary 15.1.0 → 15.2.0

data/lib/bibliothecary/parsers/deno.rb

@@ -0,0 +1,98 @@
+# frozen_string_literal: true
+
+require "json"
+
+module Bibliothecary
+  module Parsers
+    class Deno
+      include Bibliothecary::Analyser
+
+      def self.file_patterns
+        ["deno.json", "deno.jsonc", "deno.lock"]
+      end
+
+      def self.mapping
+        {
+          match_filename("deno.json") => {
+            kind: "manifest",
+            parser: :parse_manifest,
+          },
+          match_filename("deno.jsonc") => {
+            kind: "manifest",
+            parser: :parse_manifest,
+          },
+          match_filename("deno.lock") => {
+            kind: "lockfile",
+            parser: :parse_lockfile,
+          },
+        }
+      end
+
+      def self.parse_manifest(file_contents, options: {})
+        manifest = JSON.parse(file_contents)
+        source = options.fetch(:filename, nil)
+
+        dependencies = manifest.fetch("imports", {}).map do |alias_name, specifier|
+          name, requirement = parse_specifier(specifier)
+          next unless name
+
+          Dependency.new(
+            name: name,
+            requirement: requirement,
+            type: "runtime",
+            source: source,
+            platform: platform_name
+          )
+        end.compact
+
+        ParserResult.new(dependencies: dependencies)
+      end
+
+      def self.parse_lockfile(file_contents, options: {})
+        manifest = JSON.parse(file_contents)
+        source = options.fetch(:filename, nil)
+
+        dependencies = manifest.fetch("specifiers", {}).map do |specifier, resolved_version|
+          name, _requirement = parse_specifier(specifier)
+          next unless name
+
+          Dependency.new(
+            name: name,
+            requirement: resolved_version,
+            type: "runtime",
+            source: source,
+            platform: platform_name
+          )
+        end.compact
+
+        ParserResult.new(dependencies: dependencies)
+      end
+
+      # Parses specifiers like:
+      #   "npm:chalk@1" => ["chalk", "1"]
+      #   "npm:chalk" => ["chalk", "*"]
+      #   "jsr:@std/path@^1" => ["@std/path", "^1"]
+      #   "jsr:@std/path" => ["@std/path", "*"]
+      def self.parse_specifier(specifier)
+        return nil unless specifier.start_with?("npm:", "jsr:")
+
+        # Remove the protocol prefix
+        without_protocol = specifier.sub(/^(npm|jsr):/, "")
+
+        # Handle scoped packages (@scope/name@version)
+        if without_protocol.start_with?("@")
+          # Split on @ but keep the first @ for the scope
+          parts = without_protocol[1..].split("@", 2)
+          name = "@#{parts[0]}"
+          requirement = parts[1] || "*"
+        else
+          # Regular package (name@version)
+          name, requirement = without_protocol.split("@", 2)
+          requirement ||= "*"
+        end
+
+        [name, requirement]
+      end
+    end
+  end
+end

data/lib/bibliothecary/parsers/docker.rb

@@ -8,6 +8,10 @@ module Bibliothecary
 
       DOCKER_COMPOSE_REGEXP = /docker-compose[a-zA-Z0-9\-_\.]*\.yml$/
 
+      def self.file_patterns
+        ["docker-compose*.yml", "Dockerfile"]
+      end
+
       def self.mapping
         {
           lambda { |p| DOCKER_COMPOSE_REGEXP.match(p) } => {

data/lib/bibliothecary/parsers/dub.rb

@@ -9,6 +9,10 @@ module Bibliothecary
 
       SDL_DEPENDENCY_REGEXP = /^dependency\s+"([^"]+)"(?:\s+version="([^"]+)")?/
 
+      def self.file_patterns
+        ["dub.json", "dub.sdl"]
+      end
+
       def self.mapping
         {
           match_filename("dub.json") => {

data/lib/bibliothecary/parsers/dvc.rb

@@ -5,6 +5,10 @@ module Bibliothecary
     class DVC
       include Bibliothecary::Analyser
 
+      def self.file_patterns
+        ["dvc.yaml"]
+      end
+
       def self.mapping
         {
           match_filename("dvc.yaml") => {

data/lib/bibliothecary/parsers/elm.rb

@@ -7,6 +7,10 @@ module Bibliothecary
     class Elm
       include Bibliothecary::Analyser
 
+      def self.file_patterns
+        ["elm-package.json", "elm_dependencies.json", "elm-stuff/exact-dependencies.json"]
+      end
+
       def self.mapping
         {
           match_filenames("elm-package.json", "elm_dependencies.json") => {

data/lib/bibliothecary/parsers/go.rb

@@ -18,6 +18,10 @@ module Bibliothecary
       GOMOD_MULTILINE_END_REGEXP = /^\)/
       GOSUM_REGEXP = /^(.+)\s+(.+)\s+(.+)$/
 
+      def self.file_patterns
+        ["go.mod", "go.sum", "glide.yaml", "glide.lock", "Godeps/Godeps.json", "Godeps", "vendor/manifest", "vendor/vendor.json", "Gopkg.toml", "Gopkg.lock", "go-resolved-dependencies.json"]
+      end
+
       def self.mapping
         {
           # Go Modules (recommended)

data/lib/bibliothecary/parsers/hackage.rb

@@ -15,6 +15,10 @@ module Bibliothecary
       # Matches stack.yaml.lock hackage entries like: hackage: fuzzyset-0.2.4@sha256:...
       STACK_LOCK_REGEXP = /hackage:\s*([a-zA-Z0-9-]+)-([0-9.]+)@/
 
+      def self.file_patterns
+        ["*.cabal", "*cabal.config", "stack.yaml.lock", "cabal.project.freeze"]
+      end
+
       def self.mapping
         {
           match_extension(".cabal") => {
@@ -29,6 +33,10 @@ module Bibliothecary
             kind: "lockfile",
             parser: :parse_stack_yaml_lock,
           },
+          match_filename("cabal.project.freeze") => {
+            kind: "lockfile",
+            parser: :parse_cabal_project_freeze,
+          },
         }
       end
 
@@ -196,6 +204,53 @@ module Bibliothecary
 
         ParserResult.new(dependencies: deps)
       end
+
+      def self.parse_cabal_project_freeze(file_contents, options: {})
+        source = options.fetch(:filename, "cabal.project.freeze")
+        deps = []
+
+        # Parse constraints field which can span multiple lines
+        # Format: constraints: any.pkg ==version, any.pkg2 ==version2, ...
+        # Also handles flag constraints like: any.pkg +flag -flag2
+        constraints = nil
+        file_contents.each_line do |line|
+          if line =~ /^constraints:\s*(.*)/i
+            constraints = $1.strip
+          elsif line =~ /^\s+(.*)/ && constraints
+            constraints += " " + $1.strip
+          elsif line =~ /^[a-z]/i && constraints
+            break
+          end
+        end
+
+        return ParserResult.new(dependencies: []) unless constraints
+
+        constraints.split(",").each do |dep_str|
+          dep_str = dep_str.strip
+          next if dep_str.empty?
+
+          # Format: any.package ==version or any.package +flag -flag
+          # Skip flag-only entries (no version constraint)
+          next unless dep_str.include?("==")
+
+          # Remove "any." prefix and parse
+          dep_str = dep_str.sub(/^any\./, "")
+
+          # Extract name and version: "package ==version" or "package ==version +flag"
+          match = dep_str.match(/^([a-zA-Z][a-zA-Z0-9-]*)\s*==\s*([\d.]+)/)
+          next unless match
+
+          deps << Dependency.new(
+            platform: platform_name,
+            name: match[1],
+            requirement: match[2],
+            type: "runtime",
+            source: source
+          )
+        end
+
+        ParserResult.new(dependencies: deps)
+      end
     end
   end
 end

data/lib/bibliothecary/parsers/haxelib.rb

@@ -7,6 +7,10 @@ module Bibliothecary
     class Haxelib
       include Bibliothecary::Analyser
 
+      def self.file_patterns
+        ["haxelib.json"]
+      end
+
       def self.mapping
         {
           match_filename("haxelib.json") => {

data/lib/bibliothecary/parsers/hex.rb

@@ -10,6 +10,13 @@ module Bibliothecary
       HEX_LOCK_REGEXP = /"([^"]+)":\s*\{:hex,\s*:[^,]+,\s*"([^"]+)"/
       GIT_LOCK_REGEXP = /"([^"]+)":\s*\{:git,\s*"([^"]+)",\s*"([^"]+)"/
 
+      # Matches rebar.lock entries: {<<"name">>,{pkg,<<"name">>,<<"version">>},N}
+      REBAR_LOCK_REGEXP = /\{<<"([^"]+)">>,\{pkg,<<"[^"]+">>,<<"([^"]+)">>},\d+\}/
+
+      def self.file_patterns
+        ["mix.exs", "mix.lock", "gleam.toml", "manifest.toml", "rebar.lock"]
+      end
+
       def self.mapping
         {
           match_filename("mix.exs") => {
@@ -20,9 +27,26 @@ module Bibliothecary
             kind: "lockfile",
             parser: :parse_mix_lock,
           },
+          match_filename("gleam.toml") => {
+            kind: "manifest",
+            parser: :parse_gleam_toml,
+          },
+          match_filename("manifest.toml") => {
+            kind: "lockfile",
+            parser: :parse_gleam_manifest,
+            content_matcher: :gleam_manifest?,
+          },
+          match_filename("rebar.lock") => {
+            kind: "lockfile",
+            parser: :parse_rebar_lock,
+          },
         }
       end
 
+      def self.gleam_manifest?(file_contents)
+        file_contents.include?("# This file was generated by Gleam")
+      end
+
 
       def self.parse_mix(file_contents, options: {})
         source = options.fetch(:filename, "mix.exs")
@@ -74,6 +98,71 @@ module Bibliothecary
 
         ParserResult.new(dependencies: deps)
       end
+
+      def self.parse_gleam_toml(file_contents, options: {})
+        source = options.fetch(:filename, "gleam.toml")
+        manifest = Tomlrb.parse(file_contents)
+        deps = []
+
+        manifest.fetch("dependencies", {}).each do |name, requirement|
+          deps << Dependency.new(
+            platform: platform_name,
+            name: name,
+            requirement: requirement,
+            type: "runtime",
+            source: source
+          )
+        end
+
+        manifest.fetch("dev-dependencies", {}).each do |name, requirement|
+          deps << Dependency.new(
+            platform: platform_name,
+            name: name,
+            requirement: requirement,
+            type: "development",
+            source: source
+          )
+        end
+
+        ParserResult.new(dependencies: deps)
+      end
+
+      def self.parse_gleam_manifest(file_contents, options: {})
+        source = options.fetch(:filename, "manifest.toml")
+        manifest = Tomlrb.parse(file_contents)
+        deps = []
+
+        manifest.fetch("packages", []).each do |pkg|
+          next unless pkg["source"] == "hex"
+
+          deps << Dependency.new(
+            platform: platform_name,
+            name: pkg["name"],
+            requirement: pkg["version"],
+            type: "runtime",
+            source: source
+          )
+        end
+
+        ParserResult.new(dependencies: deps)
+      end
+
+      def self.parse_rebar_lock(file_contents, options: {})
+        source = options.fetch(:filename, "rebar.lock")
+        deps = []
+
+        file_contents.scan(REBAR_LOCK_REGEXP) do |name, version|
+          deps << Dependency.new(
+            platform: platform_name,
+            name: name,
+            requirement: version,
+            type: "runtime",
+            source: source
+          )
+        end
+
+        ParserResult.new(dependencies: deps)
+      end
     end
   end
 end

data/lib/bibliothecary/parsers/homebrew.rb

@@ -5,6 +5,10 @@ module Bibliothecary
 
       HOMEBREW_REGEXP = /^brew\s(.+),?\s?/
 
+      def self.file_patterns
+        ["Brewfile", "Brewfile.lock.json"]
+      end
+
       def self.mapping
         {
           match_filename("Brewfile", case_insensitive: true) => {

data/lib/bibliothecary/parsers/julia.rb

@@ -5,12 +5,24 @@ module Bibliothecary
     class Julia
       include Bibliothecary::Analyser
 
+      def self.file_patterns
+        ["REQUIRE", "Project.toml", "Manifest.toml"]
+      end
+
       def self.mapping
         {
           match_filename("REQUIRE", case_insensitive: true) => {
             kind: "manifest",
             parser: :parse_require,
           },
+          match_filename("Project.toml") => {
+            kind: "manifest",
+            parser: :parse_project_toml,
+          },
+          match_filename("Manifest.toml") => {
+            kind: "lockfile",
+            parser: :parse_manifest_toml,
+          },
         }
       end
 
@@ -41,6 +53,49 @@ module Bibliothecary
         end
         ParserResult.new(dependencies: deps)
       end
+
+      def self.parse_project_toml(file_contents, options: {})
+        source = options.fetch(:filename, "Project.toml")
+        manifest = Tomlrb.parse(file_contents)
+        deps = []
+
+        manifest.fetch("deps", {}).each do |name, _uuid|
+          deps << Dependency.new(
+            name: name,
+            requirement: "*",
+            type: "runtime",
+            source: source,
+            platform: platform_name
+          )
+        end
+
+        ParserResult.new(dependencies: deps)
+      end
+
+      def self.parse_manifest_toml(file_contents, options: {})
+        source = options.fetch(:filename, "Manifest.toml")
+        manifest = Tomlrb.parse(file_contents)
+        deps = []
+
+        manifest.fetch("deps", {}).each do |name, entries|
+          # entries is an array of package entries (usually just one)
+          entry = entries.is_a?(Array) ? entries.first : entries
+          next unless entry.is_a?(Hash)
+
+          version = entry["version"]
+          next unless version
+
+          deps << Dependency.new(
+            name: name,
+            requirement: version,
+            type: "runtime",
+            source: source,
+            platform: platform_name
+          )
+        end
+
+        ParserResult.new(dependencies: deps)
+      end
     end
   end
 end

data/lib/bibliothecary/parsers/luarocks.rb

@@ -5,6 +5,10 @@ module Bibliothecary
     class LuaRocks
       include Bibliothecary::Analyser
 
+      def self.file_patterns
+        ["*.rockspec"]
+      end
+
       def self.mapping
         {
           match_extension(".rockspec") => {

data/lib/bibliothecary/parsers/maven.rb

@@ -62,6 +62,10 @@ module Bibliothecary
       # e.g. "[info]  "
       SBT_IGNORE_REGEXP = /^\[info\]\s*$/
 
+      def self.file_patterns
+        ["ivy.xml", "pom.xml", "build.gradle", "build.gradle.kts", "gradle-dependencies-q.txt", "maven-resolved-dependencies.txt", "sbt-update-full.txt", "maven-dependency-tree.txt", "maven-dependency-tree.dot", "gradle.lockfile", "verification-metadata.xml"]
+      end
+
       # Copied from the "strings-ansi" gem, because it seems abandoned: https://github.com/piotrmurach/strings-ansi/pull/2
       # From: https://github.com/piotrmurach/strings-ansi/blob/35d0c9430cf0a8022dc12bdab005bce296cb9f00/lib/strings/ansi.rb#L14-L29
       # License: MIT

data/lib/bibliothecary/parsers/meteor.rb

@@ -7,6 +7,10 @@ module Bibliothecary
     class Meteor
       include Bibliothecary::Analyser
 
+      def self.file_patterns
+        ["versions.json"]
+      end
+
       def self.mapping
         {
           match_filename("versions.json") => {

data/lib/bibliothecary/parsers/mlflow.rb

@@ -5,6 +5,10 @@ module Bibliothecary
     class MLflow
       include Bibliothecary::Analyser
 
+      def self.file_patterns
+        ["MLmodel"]
+      end
+
       def self.mapping
         {
           match_filename("MLmodel") => {

data/lib/bibliothecary/parsers/nimble.rb

@@ -9,6 +9,10 @@ module Bibliothecary
       # or: requires "packagename"
       REQUIRES_REGEXP = /^\s*requires\s+"([^"]+)"/
 
+      def self.file_patterns
+        ["*.nimble"]
+      end
+
       def self.mapping
         {
           match_extension(".nimble") => {