importmap 0.1.0

data/lib/importmap/framework/rails_framework.rb

@@ -0,0 +1,11 @@
+class Importmap::Framework
+  module RailsFramework
+    def framework_class
+      Rails
+    end
+
+    def boot
+      require "./config/environment"
+    end
+  end
+end

data/lib/importmap/framework.rb

@@ -0,0 +1,49 @@
+require "active_support/core_ext/string/inflections"
+
+module Importmap
+  class Framework
+
+    @@instance = nil
+    def self.instance
+      @@instance ||= new
+    end
+
+    def initialize
+      require framework_name
+      Importmap::Framework.send(:include, include_framework)
+    end
+
+    def framework_name
+      ENV['IMPORTMAP_FRAMEWORK'] || infer_from_gemfile || "jets"
+    end
+
+    # define at bottom so methods take precedence
+    def include_framework
+      if supported_frameworks.include?(framework_name)
+        "Importmap::Framework::#{framework_name.camelize}Framework".constantize
+      else
+        raise "Need to use a supported framework: #{supported_frameworks.join(', ')}"
+      end
+    end
+
+    def infer_from_gemfile
+      return unless File.exist?("Gemfile")
+      lines = IO.readlines("Gemfile")
+      lines.each do |line|
+        next if line =~ /^\s*#/ # skip comments
+        gem_name = line.match(/gem ['"](\w+)['"]/)&.captures&.first
+        if supported_frameworks.include?(gem_name)
+          return gem_name
+        end
+      end
+      nil
+    end
+
+    # To add another framework:
+    # 1. add to this list
+    # 2. define a module in importmap/framework/#{framework_name}_framework.rb
+    def supported_frameworks
+      %w[jets rails]
+    end
+  end
+end

data/lib/importmap/map.rb

@@ -0,0 +1,158 @@
+require "pathname"
+
+class Importmap::Map
+  attr_reader :packages, :directories
+
+  class InvalidFile < StandardError; end
+
+  def initialize
+    @packages, @directories = {}, {}
+    @cache = {}
+  end
+
+  def draw(path = nil, &block)
+    if path && File.exist?(path)
+      begin
+        instance_eval(File.read(path), path.to_s)
+      rescue StandardError => e
+        Importmap.framework.logger.error "Unable to parse import map from #{path}: #{e.message}"
+        raise InvalidFile, "Unable to parse import map from #{path}: #{e.message}"
+      end
+    elsif block_given?
+      instance_eval(&block)
+    end
+
+    self
+  end
+
+  def pin(name, to: nil, preload: false)
+    clear_cache
+    @packages[name] = MappedFile.new(name: name, path: to || "#{name}.js", preload: preload)
+  end
+
+  def pin_all_from(dir, under: nil, to: nil, preload: false)
+    clear_cache
+    @directories[dir] = MappedDir.new(dir: dir, under: under, path: to, preload: preload)
+  end
+
+  # Returns an array of all the resolved module paths of the pinned packages. The `resolver` must respond to
+  # `path_to_asset`, such as `ActionController::Base.helpers` or `ApplicationController.helpers`. You'll want to use the
+  # resolver that has been configured for the `asset_host` you want these resolved paths to use. In case you need to
+  # resolve for different asset hosts, you can pass in a custom `cache_key` to vary the cache used by this method for
+  # the different cases.
+  def preloaded_module_paths(resolver:, cache_key: :preloaded_module_paths)
+    cache_as(cache_key) do
+      resolve_asset_paths(expanded_preloading_packages_and_directories, resolver: resolver).values
+    end
+  end
+
+  # Returns a JSON hash (as a string) of all the resolved module paths of the pinned packages in the import map format.
+  # The `resolver` must respond to `path_to_asset`, such as `ActionController::Base.helpers` or
+  # `ApplicationController.helpers`. You'll want to use the resolver that has been configured for the `asset_host` you
+  # want these resolved paths to use. In case you need to resolve for different asset hosts, you can pass in a custom
+  # `cache_key` to vary the cache used by this method for the different cases.
+  def to_json(resolver:, cache_key: :json)
+    cache_as(cache_key) do
+      JSON.pretty_generate({ "imports" => resolve_asset_paths(expanded_packages_and_directories, resolver: resolver) })
+    end
+  end
+
+  # Returns a SHA1 digest of the import map json that can be used as a part of a page etag to
+  # ensure that a html cache is invalidated when the import map is changed.
+  #
+  # Example:
+  #
+  #   class ApplicationController < ActionController::Base
+  #     etag { Importmap.framework.application.importmap.digest(resolver: helpers) if request.format&.html? }
+  #   end
+  def digest(resolver:)
+    Digest::SHA1.hexdigest(to_json(resolver: resolver).to_s)
+  end
+
+  # Returns an instance ActiveSupport::EventedFileUpdateChecker configured to clear the cache of the map
+  # when the directories passed on initialization via `watches:` have changes. This is used in development
+  # and test to ensure the map caches are reset when javascript files are changed.
+  def cache_sweeper(watches: nil)
+    if watches
+      @cache_sweeper =
+        Importmap.framework.application.config.file_watcher.new([], Array(watches).collect { |dir| [ dir.to_s, "js"] }.to_h) do
+          clear_cache
+        end
+    else
+      @cache_sweeper
+    end
+  end
+
+  private
+    MappedDir  = Struct.new(:dir, :path, :under, :preload, keyword_init: true)
+    MappedFile = Struct.new(:name, :path, :preload, keyword_init: true)
+
+    def cache_as(name)
+      if result = @cache[name.to_s]
+        result
+      else
+        @cache[name.to_s] = yield
+      end
+    end
+
+    def clear_cache
+      @cache.clear
+    end
+
+    def rescuable_asset_error?(error)
+      Importmap.framework.application.config.importmap.rescuable_asset_errors.any? { |e| error.is_a?(e) }
+    end
+
+    def resolve_asset_paths(paths, resolver:)
+      paths.transform_values do |mapping|
+        begin
+          resolver.path_to_asset(mapping.path)
+        rescue => e
+          if rescuable_asset_error?(e)
+            Importmap.framework.logger.warn "Importmap skipped missing path: #{mapping.path}"
+            nil
+          else
+            raise e
+          end
+        end
+      end.compact
+    end
+
+    def expanded_preloading_packages_and_directories
+      expanded_packages_and_directories.select { |name, mapping| mapping.preload }
+    end
+
+    def expanded_packages_and_directories
+      @packages.dup.tap { |expanded| expand_directories_into expanded }
+    end
+
+    def expand_directories_into(paths)
+      @directories.values.each do |mapping|
+        if (absolute_path = absolute_root_of(mapping.dir)).exist?
+          find_javascript_files_in_tree(absolute_path).each do |filename|
+            module_filename = filename.relative_path_from(absolute_path)
+            module_name     = module_name_from(module_filename, mapping)
+            module_path     = module_path_from(module_filename, mapping)
+
+            paths[module_name] = MappedFile.new(name: module_name, path: module_path, preload: mapping.preload)
+          end
+        end
+      end
+    end
+
+    def module_name_from(filename, mapping)
+      [ mapping.under, filename.to_s.remove(filename.extname).remove(/\/?index$/).presence ].compact.join("/")
+    end
+
+    def module_path_from(filename, mapping)
+      [ mapping.path || mapping.under, filename.to_s ].compact.join("/")
+    end
+
+    def find_javascript_files_in_tree(path)
+      Dir[path.join("**/*.js{,m}")].collect { |file| Pathname.new(file) }.select(&:file?)
+    end
+
+    def absolute_root_of(path)
+      (pathname = Pathname.new(path)).absolute? ? pathname : Importmap.framework.root.join(path)
+    end
+end

data/lib/importmap/npm.rb

@@ -0,0 +1,124 @@
+require "net/http"
+require "uri"
+require "json"
+
+module Importmap
+  class Npm
+    Error     = Class.new(StandardError)
+    HTTPError = Class.new(Error)
+
+    singleton_class.attr_accessor :base_uri
+    self.base_uri = URI("https://registry.npmjs.org")
+
+    def initialize(importmap_path = "config/importmap.rb")
+      @importmap_path = Pathname.new(importmap_path)
+    end
+
+    def outdated_packages
+      packages_with_versions.each.with_object([]) do |(package, current_version), outdated_packages|
+        outdated_package = OutdatedPackage.new(name: package,
+                                              current_version: current_version)
+
+        if !(response = get_package(package))
+          outdated_package.error = 'Response error'
+        elsif (error = response['error'])
+          outdated_package.error = error
+        else
+          latest_version = find_latest_version(response)
+          next unless outdated?(current_version, latest_version)
+
+          outdated_package.latest_version = latest_version
+        end
+
+        outdated_packages << outdated_package
+      end.sort_by(&:name)
+    end
+
+    def vulnerable_packages
+      get_audit.flat_map do |package, vulnerabilities|
+        vulnerabilities.map do |vulnerability|
+          VulnerablePackage.new(name: package,
+                                severity: vulnerability['severity'],
+                                vulnerable_versions: vulnerability['vulnerable_versions'],
+                                vulnerability: vulnerability['title'])
+        end
+      end.sort_by { |p| [p.name, p.severity] }
+    end
+
+    def packages_with_versions
+      # We cannot use the name after "pin" because some dependencies are loaded from inside packages
+      # Eg. pin "buffer", to: "https://ga.jspm.io/npm:@jspm/core@2.0.0-beta.19/nodelibs/browser/buffer.js"
+
+      importmap.scan(/^pin .*(?<=npm:|npm\/|skypack\.dev\/|unpkg\.com\/)(.*)(?=@\d+\.\d+\.\d+)@(\d+\.\d+\.\d+(?:[^\/\s"]*)).*$/) |
+        importmap.scan(/^pin "([^"]*)".* #.*@(\d+\.\d+\.\d+(?:[^\s]*)).*$/)
+    end
+
+    private
+      OutdatedPackage   = Struct.new(:name, :current_version, :latest_version, :error, keyword_init: true)
+      VulnerablePackage = Struct.new(:name, :severity, :vulnerable_versions, :vulnerability, keyword_init: true)
+
+
+
+      def importmap
+        @importmap ||= File.read(@importmap_path)
+      end
+
+      def get_package(package)
+        uri = self.class.base_uri.dup
+        uri.path = "/" + package
+        response = get_json(uri)
+
+        JSON.parse(response)
+      rescue JSON::ParserError
+        nil
+      end
+
+      def get_json(uri)
+        request = Net::HTTP::Get.new(uri)
+        request["Content-Type"] = "application/json"
+
+        response = Net::HTTP.start(uri.hostname, uri.port, use_ssl: true) { |http|
+          http.request(request)
+        }
+
+        response.body
+      rescue => error
+        raise HTTPError, "Unexpected transport error (#{error.class}: #{error.message})"
+      end
+
+      def find_latest_version(response)
+        latest_version = response.dig('dist-tags', 'latest')
+        return latest_version if latest_version
+
+        return unless response['versions']
+
+        response['versions'].keys.map { |v| Gem::Version.new(v) rescue nil }.compact.sort.last
+      end
+
+      def outdated?(current_version, latest_version)
+        Gem::Version.new(current_version) < Gem::Version.new(latest_version)
+      rescue ArgumentError
+        current_version.to_s < latest_version.to_s
+      end
+
+      def get_audit
+        uri = self.class.base_uri.dup
+        uri.path = "/-/npm/v1/security/advisories/bulk"
+
+        body = packages_with_versions.each.with_object({}) { |(package, version), data|
+          data[package] ||= []
+          data[package] << version
+        }
+        return {} if body.empty?
+
+        response = post_json(uri, body)
+        JSON.parse(response.body)
+      end
+
+      def post_json(uri, body)
+        Net::HTTP.post(uri, body.to_json, "Content-Type" => "application/json")
+      rescue => error
+        raise HTTPError, "Unexpected transport error (#{error.class}: #{error.message})"
+      end
+  end
+end

data/lib/importmap/packager.rb

@@ -0,0 +1,145 @@
+require "net/http"
+require "uri"
+require "json"
+
+module Importmap
+  class Packager
+    Error        = Class.new(StandardError)
+    HTTPError    = Class.new(Error)
+    ServiceError = Error.new(Error)
+
+    singleton_class.attr_accessor :endpoint
+    self.endpoint = URI("https://api.jspm.io/generate")
+
+    attr_reader :vendor_path
+
+    def initialize(importmap_path = "config/importmap.rb", vendor_path: "vendor/javascript")
+      @importmap_path = Pathname.new(importmap_path)
+      @vendor_path    = Pathname.new(vendor_path)
+    end
+
+    def import(*packages, env: "production", from: "jspm")
+      response = post_json({
+        "install"      => Array(packages),
+        "flattenScope" => true,
+        "env"          => [ "browser", "module", env ],
+        "provider"     => from.to_s,
+      })
+
+      case response.code
+      when "200"        then extract_parsed_imports(response)
+      when "404", "401" then nil
+      else                   handle_failure_response(response)
+      end
+    end
+
+    def pin_for(package, url)
+      %(pin "#{package}", to: "#{url}")
+    end
+
+    def vendored_pin_for(package, url)
+      filename = package_filename(package)
+      version  = extract_package_version_from(url)
+
+      if "#{package}.js" == filename
+        %(pin "#{package}" # #{version})
+      else
+        %(pin "#{package}", to: "#{filename}" # #{version})
+      end
+    end
+
+    def packaged?(package)
+      importmap.match(/^pin ["']#{package}["'].*$/)
+    end
+
+    def download(package, url)
+      ensure_vendor_directory_exists
+      remove_existing_package_file(package)
+      download_package_file(package, url)
+    end
+
+    def remove(package)
+      remove_existing_package_file(package)
+      remove_package_from_importmap(package)
+    end
+
+    private
+      def post_json(body)
+        Net::HTTP.post(self.class.endpoint, body.to_json, "Content-Type" => "application/json")
+      rescue => error
+        raise HTTPError, "Unexpected transport error (#{error.class}: #{error.message})"
+      end
+
+      def extract_parsed_imports(response)
+        JSON.parse(response.body).dig("map", "imports")
+      end
+
+      def handle_failure_response(response)
+        if error_message = parse_service_error(response)
+          raise ServiceError, error_message
+        else
+          raise HTTPError, "Unexpected response code (#{response.code})"
+        end
+      end
+
+      def parse_service_error(response)
+        JSON.parse(response.body.to_s)["error"]
+      rescue JSON::ParserError
+        nil
+      end
+
+      def importmap
+        @importmap ||= File.read(@importmap_path)
+      end
+
+
+      def ensure_vendor_directory_exists
+        FileUtils.mkdir_p @vendor_path
+      end
+
+      def remove_existing_package_file(package)
+        FileUtils.rm_rf vendored_package_path(package)
+      end
+
+      def remove_package_from_importmap(package)
+        all_lines = File.readlines(@importmap_path)
+        with_lines_removed = all_lines.grep_v(/pin ["']#{package}["']/)
+
+        File.open(@importmap_path, "w") do |file|
+          with_lines_removed.each { |line| file.write(line) }
+        end
+      end
+
+      def download_package_file(package, url)
+        response = Net::HTTP.get_response(URI(url))
+
+        if response.code == "200"
+          save_vendored_package(package, response.body)
+        else
+          handle_failure_response(response)
+        end
+      end
+
+      def save_vendored_package(package, source)
+        File.open(vendored_package_path(package), "w+") do |vendored_package|
+          vendored_package.write remove_sourcemap_comment_from(source).force_encoding("UTF-8")
+        end
+      end
+
+      def remove_sourcemap_comment_from(source)
+        source.gsub(/^\/\/# sourceMappingURL=.*/, "")
+      end
+
+      def vendored_package_path(package)
+        @vendor_path.join(package_filename(package))
+      end
+
+      def package_filename(package)
+        package.gsub("/", "--") + ".js"
+      end
+
+      def extract_package_version_from(url)
+        url.match(/@\d+\.\d+\.\d+/)&.to_a&.first
+      end
+  end
+end

data/lib/importmap/reloader.rb

@@ -0,0 +1,20 @@
+class Importmap::Reloader
+  delegate :execute_if_updated, :execute, :updated?, to: :updater
+
+  def reload!
+    import_map_paths.each { |path| Importmap.framework.application.importmap.draw(path) }
+  end
+
+  private
+    def updater
+      @updater ||= config.file_watcher.new(import_map_paths) { reload! }
+    end
+
+    def import_map_paths
+      config.importmap.paths
+    end
+
+    def config
+      Importmap.framework.application.config
+    end
+end

data/lib/importmap/version.rb

@@ -0,0 +1,3 @@
+module Importmap
+  VERSION = "0.1.0"
+end

data/lib/importmap.rb

@@ -0,0 +1,24 @@
+$stdout.sync = true unless ENV["IMPORTMAP_STDOUT_SYNC"] == "0"
+
+$:.unshift(File.expand_path("../", __FILE__))
+
+require "importmap/autoloader"
+Importmap::Autoloader.setup
+
+require "memoist"
+require "pathname"
+require "rainbow/ext/string"
+
+module Importmap
+  class Error < StandardError; end
+
+  def framework
+    Framework.instance.framework_class
+  end
+
+  def framework_boot
+    Framework.instance.boot
+  end
+
+  extend self
+end

data/spec/cli_spec.rb

@@ -0,0 +1,26 @@
+describe Importmap::CLI do
+  before(:all) do
+    @args = "--from Tung"
+  end
+
+  describe "importmap" do
+    it "hello" do
+      out = execute("exe/importmap hello world #{@args}")
+      expect(out).to include("from: Tung\nHello world")
+    end
+
+    commands = {
+      "hell" => "hello",
+      "hello" => "name",
+      "hello -" =>  "--from",
+      "hello name" => "--from",
+      "hello name --" => "--from",
+    }
+    commands.each do |command, expected_word|
+      it "completion #{command}" do
+        out = execute("exe/importmap completion #{command}")
+        expect(out).to include(expected_word) # only checking for one word for simplicity
+      end
+    end
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,29 @@
+ENV["IMPORTMAP_TEST"] = "1"
+
+# CodeClimate test coverage: https://docs.codeclimate.com/docs/configuring-test-coverage
+# require 'simplecov'
+# SimpleCov.start
+
+require "pp"
+require "byebug"
+root = File.expand_path("../", File.dirname(__FILE__))
+require "#{root}/lib/importmap"
+
+module Helper
+  def execute(cmd)
+    puts "Running: #{cmd}" if show_command?
+    out = `#{cmd}`
+    puts out if show_command?
+    out
+  end
+
+  # Added SHOW_COMMAND because DEBUG is also used by other libraries like
+  # bundler and it shows its internal debugging logging also.
+  def show_command?
+    ENV['DEBUG'] || ENV['SHOW_COMMAND']
+  end
+end
+
+RSpec.configure do |c|
+  c.include Helper
+end