snyk-nodejs-lockfile-parser 1.35.1 → 1.36.0

package/dist/cli-parsers/cli-parser-types.d.ts

@@ -0,0 +1,27 @@
+export interface FormattedCliOutput {
+    topLevelDeps: string[];
+    dependencies: FlatDependenciesMap;
+}
+export declare type FlatDependenciesMap = Map<string, string[]>;
+export declare type YarnInfoOutput = Array<{
+    value: string;
+    children: {
+        Version: string;
+        Dependents?: string[];
+        Dependencies?: {
+            descriptor: string;
+            locator: string;
+        }[];
+    };
+}>;
+export interface YarnListTree {
+    name: string;
+    children: {
+        name: string;
+        color: string;
+        shadow: boolean;
+    }[];
+    hint: string | null;
+    color: string | null;
+    depth: number;
+}

package/dist/cli-parsers/cli-parser-types.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=cli-parser-types.js.map

package/dist/cli-parsers/cli-parser-types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"cli-parser-types.js","sourceRoot":"","sources":["../../lib/cli-parsers/cli-parser-types.ts"],"names":[],"mappings":""}

package/dist/cli-parsers/cli-parser-utils.d.ts

@@ -0,0 +1,5 @@
+export declare const extractNameAndIdentifier: (candidate: string) => {
+    name: string;
+    identifier: string;
+};
+export declare const extractCorrectIdentifierBySemver: (possibleMatches: string[], versionToMatch: string) => string;

package/dist/cli-parsers/cli-parser-utils.js

@@ -0,0 +1,34 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.extractCorrectIdentifierBySemver = exports.extractNameAndIdentifier = void 0;
+const semver = require("semver");
+const extractNameAndIdentifier = (candidate) => {
+    const index = candidate.indexOf('@', 1);
+    const name = candidate.slice(0, index);
+    const identifier = candidate.slice(index + 1);
+    return { name, identifier };
+};
+exports.extractNameAndIdentifier = extractNameAndIdentifier;
+// This function will choose an item in a particular list that satisfies the semver provided
+// i.e. possibleMatches = [debug@1.2.0, debug@2.2.6] and versionToMatch = debug@~2.2.0
+// will result in debug@2.2.6 - This is required as yarn list does not have the resolved semver
+// in dependencies.
+const extractCorrectIdentifierBySemver = (possibleMatches, versionToMatch) => {
+    const { name: nameToMatch, identifier: identifierToMatch, } = exports.extractNameAndIdentifier(versionToMatch);
+    const hasQualifiers = isNaN(parseInt(identifierToMatch[0]));
+    if (!hasQualifiers) {
+        return versionToMatch;
+    }
+    // Check for matching name, if only one found shortcircuit
+    const match = possibleMatches
+        .filter((name) => name.startsWith(nameToMatch))
+        .filter((name) => semver.satisfies(exports.extractNameAndIdentifier(name).identifier, identifierToMatch))
+        .map((name) => ({
+        name,
+        identifier: exports.extractNameAndIdentifier(name).identifier,
+    }))
+        .reduce((acc, item) => semver.gt(item.identifier, acc.identifier) ? item : acc);
+    return match.name;
+};
+exports.extractCorrectIdentifierBySemver = extractCorrectIdentifierBySemver;
+//# sourceMappingURL=cli-parser-utils.js.map

package/dist/cli-parsers/cli-parser-utils.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"cli-parser-utils.js","sourceRoot":"","sources":["../../lib/cli-parsers/cli-parser-utils.ts"],"names":[],"mappings":";;;AAAA,iCAAiC;AAE1B,MAAM,wBAAwB,GAAG,CACtC,SAAiB,EACqB,EAAE;IACxC,MAAM,KAAK,GAAG,SAAS,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;IACxC,MAAM,IAAI,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC;IACvC,MAAM,UAAU,GAAG,SAAS,CAAC,KAAK,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC;IAC9C,OAAO,EAAE,IAAI,EAAE,UAAU,EAAE,CAAC;AAC9B,CAAC,CAAC;AAPW,QAAA,wBAAwB,4BAOnC;AAEF,4FAA4F;AAC5F,sFAAsF;AACtF,+FAA+F;AAC/F,mBAAmB;AACZ,MAAM,gCAAgC,GAAG,CAC9C,eAAyB,EACzB,cAAsB,EACd,EAAE;IACV,MAAM,EACJ,IAAI,EAAE,WAAW,EACjB,UAAU,EAAE,iBAAiB,GAC9B,GAAG,gCAAwB,CAAC,cAAc,CAAC,CAAC;IAE7C,MAAM,aAAa,GAAG,KAAK,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAC5D,IAAI,CAAC,aAAa,EAAE;QAClB,OAAO,cAAc,CAAC;KACvB;IACD,0DAA0D;IAC1D,MAAM,KAAK,GAAG,eAAe;SAC1B,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,WAAW,CAAC,CAAC;SAC9C,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CACf,MAAM,CAAC,SAAS,CACd,gCAAwB,CAAC,IAAI,CAAC,CAAC,UAAU,EACzC,iBAAiB,CAClB,CACF;SACA,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;QACd,IAAI;QACJ,UAAU,EAAE,gCAAwB,CAAC,IAAI,CAAC,CAAC,UAAU;KACtD,CAAC,CAAC;SACF,MAAM,CAAC,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE,CACpB,MAAM,CAAC,EAAE,CAAC,IAAI,CAAC,UAAU,EAAE,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,CACxD,CAAC;IAEJ,OAAO,KAAK,CAAC,IAAI,CAAC;AACpB,CAAC,CAAC;AA/BW,QAAA,gCAAgC,oCA+B3C"}

package/dist/cli-parsers/index.d.ts

@@ -0,0 +1,2 @@
+import { DepGraph } from '@snyk/dep-graph';
+export declare const buildDepGraphFromCliOutput: (rawCliOutput: string, lockfileContent: string, manifestFileContent: string) => DepGraph;

package/dist/cli-parsers/index.js

@@ -0,0 +1,44 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.buildDepGraphFromCliOutput = void 0;
+const dep_graph_1 = require("@snyk/dep-graph");
+const __1 = require("..");
+const parsers_1 = require("../parsers");
+const cli_parser_utils_1 = require("./cli-parser-utils");
+const yarn_info_parser_1 = require("./yarn-info-parser");
+const yarn_list_parser_1 = require("./yarn-list-parser");
+const buildDepGraphFromCliOutput = (rawCliOutput, lockfileContent, manifestFileContent) => {
+    const manifestDependencies = JSON.parse(manifestFileContent).dependencies || {};
+    const lockfileType = __1.getYarnLockfileType(lockfileContent);
+    const { name: rootName, version: rootVersion } = JSON.parse(manifestFileContent);
+    const pkgManagerVersion = lockfileType === parsers_1.LockfileType.yarn ? '1' : '2';
+    // Build depMap object from the cli output
+    const formattedCliOutput = pkgManagerVersion === '1'
+        ? yarn_list_parser_1.parseYarnListOutput(rawCliOutput, manifestDependencies)
+        : yarn_info_parser_1.parseYarnInfoOutput(rawCliOutput);
+    const rootPkgInfo = rootName
+        ? Object.assign({ name: rootName }, (rootVersion && { version: rootVersion })) : undefined;
+    const pkgManager = {
+        name: 'yarn',
+        version: pkgManagerVersion,
+    };
+    const builder = new dep_graph_1.DepGraphBuilder(pkgManager, rootPkgInfo);
+    const { topLevelDeps, dependencies: depMap } = formattedCliOutput;
+    // Add all nodes
+    [...depMap.keys()].forEach((name) => {
+        const { name: pkgName, identifier: pkgVersion } = cli_parser_utils_1.extractNameAndIdentifier(name);
+        builder.addPkgNode({ name: pkgName, version: pkgVersion.split(':').pop() }, name);
+    });
+    // Deal with root special case first
+    const rootNodeId = builder.rootNodeId;
+    topLevelDeps.forEach((dep) => builder.connectDep(rootNodeId, dep));
+    // Now rest of deps
+    [...depMap.entries()].forEach(([parent, deps]) => {
+        deps.forEach((dep) => {
+            builder.connectDep(parent, dep);
+        });
+    });
+    return builder.build();
+};
+exports.buildDepGraphFromCliOutput = buildDepGraphFromCliOutput;
+//# sourceMappingURL=index.js.map

package/dist/cli-parsers/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../lib/cli-parsers/index.ts"],"names":[],"mappings":";;;AAAA,+CAA4D;AAC5D,0BAAyC;AACzC,wCAA0C;AAE1C,yDAA8D;AAC9D,yDAAyD;AACzD,yDAAyD;AAElD,MAAM,0BAA0B,GAAG,CACxC,YAAoB,EACpB,eAAuB,EACvB,mBAA2B,EACjB,EAAE;IACZ,MAAM,oBAAoB,GACxB,IAAI,CAAC,KAAK,CAAC,mBAAmB,CAAC,CAAC,YAAY,IAAI,EAAE,CAAC;IAErD,MAAM,YAAY,GAAG,uBAAmB,CAAC,eAAe,CAAC,CAAC;IAE1D,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,WAAW,EAAE,GAAG,IAAI,CAAC,KAAK,CACzD,mBAAmB,CACpB,CAAC;IAEF,MAAM,iBAAiB,GACrB,YAAY,KAAK,sBAAY,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC;IAEjD,0CAA0C;IAC1C,MAAM,kBAAkB,GACtB,iBAAiB,KAAK,GAAG;QACvB,CAAC,CAAC,sCAAmB,CAAC,YAAY,EAAE,oBAAoB,CAAC;QACzD,CAAC,CAAC,sCAAmB,CAAC,YAAY,CAAC,CAAC;IAExC,MAAM,WAAW,GAAuC,QAAQ;QAC9D,CAAC,iBAAG,IAAI,EAAE,QAAQ,IAAK,CAAC,WAAW,IAAI,EAAE,OAAO,EAAE,WAAW,EAAE,CAAC,EAChE,CAAC,CAAC,SAAS,CAAC;IAEd,MAAM,UAAU,GAAG;QACjB,IAAI,EAAE,MAAM;QACZ,OAAO,EAAE,iBAAiB;KAC3B,CAAC;IAEF,MAAM,OAAO,GAAG,IAAI,2BAAe,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC;IAE7D,MAAM,EAAE,YAAY,EAAE,YAAY,EAAE,MAAM,EAAE,GAAG,kBAAkB,CAAC;IAElE,gBAAgB;IAChB,CAAC,GAAG,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,EAAE;QAClC,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,UAAU,EAAE,UAAU,EAAE,GAAG,2CAAwB,CACxE,IAAI,CACL,CAAC;QACF,OAAO,CAAC,UAAU,CAChB,EAAE,IAAI,EAAE,OAAO,EAAE,OAAO,EAAE,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,EAAY,EAAE,EACjE,IAAI,CACL,CAAC;IACJ,CAAC,CAAC,CAAC;IAEH,oCAAoC;IACpC,MAAM,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC;IACtC,YAAY,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,OAAO,CAAC,UAAU,CAAC,UAAU,EAAE,GAAG,CAAC,CAAC,CAAC;IAEnE,mBAAmB;IACnB,CAAC,GAAG,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,EAAE,IAAI,CAAC,EAAE,EAAE;QAC/C,IAAI,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,EAAE;YACnB,OAAO,CAAC,UAAU,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;QAClC,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,OAAO,OAAO,CAAC,KAAK,EAAE,CAAC;AACzB,CAAC,CAAC;AA3DW,QAAA,0BAA0B,8BA2DrC"}

package/dist/cli-parsers/yarn-info-parser.d.ts

@@ -0,0 +1,2 @@
+import { FormattedCliOutput } from './cli-parser-types';
+export declare const parseYarnInfoOutput: (rawYarnInfoOutput: string) => FormattedCliOutput;

package/dist/cli-parsers/yarn-info-parser.js

@@ -0,0 +1,21 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.parseYarnInfoOutput = void 0;
+const parseYarnInfoOutput = (rawYarnInfoOutput) => {
+    const formattedYarnInfo = rawYarnInfoOutput
+        .split('\n')
+        .filter(Boolean)
+        .map((el) => JSON.parse(el));
+    const formattedInfoOutput = formattedYarnInfo.reduce((result, { value, children }) => {
+        var _a;
+        const dependencies = ((_a = children.Dependencies) === null || _a === void 0 ? void 0 : _a.map((el) => el.locator.replace(/@virtual:.*#/, '@'))) || [];
+        return result.set(value, dependencies);
+    }, new Map());
+    const rootWorkspaceKey = [...formattedInfoOutput.keys()].find((el) => el.includes('@workspace:.'));
+    const topLevelDeps = formattedInfoOutput.get(rootWorkspaceKey) || [];
+    // Now we have rootdeps we delete the key
+    formattedInfoOutput.delete(rootWorkspaceKey);
+    return { topLevelDeps, dependencies: formattedInfoOutput };
+};
+exports.parseYarnInfoOutput = parseYarnInfoOutput;
+//# sourceMappingURL=yarn-info-parser.js.map

package/dist/cli-parsers/yarn-info-parser.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"yarn-info-parser.js","sourceRoot":"","sources":["../../lib/cli-parsers/yarn-info-parser.ts"],"names":[],"mappings":";;;AAMO,MAAM,mBAAmB,GAAG,CACjC,iBAAyB,EACL,EAAE;IACtB,MAAM,iBAAiB,GAAmB,iBAAiB;SACxD,KAAK,CAAC,IAAI,CAAC;SACX,MAAM,CAAC,OAAO,CAAC;SACf,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,CAAC;IAE/B,MAAM,mBAAmB,GAAwB,iBAAiB,CAAC,MAAM,CACvE,CAAC,MAAM,EAAE,EAAE,KAAK,EAAE,QAAQ,EAAE,EAAE,EAAE;;QAC9B,MAAM,YAAY,GAChB,CAAA,MAAA,QAAQ,CAAC,YAAY,0CAAE,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,CAChC,EAAE,CAAC,OAAO,CAAC,OAAO,CAAC,cAAc,EAAE,GAAG,CAAC,CACxC,KAAI,EAAE,CAAC;QAEV,OAAO,MAAM,CAAC,GAAG,CAAC,KAAK,EAAE,YAAY,CAAC,CAAC;IACzC,CAAC,EACD,IAAI,GAAG,EAAoB,CAC5B,CAAC;IAEF,MAAM,gBAAgB,GAAG,CAAC,GAAG,mBAAmB,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,EAAE,EAAE,EAAE,CACnE,EAAE,CAAC,QAAQ,CAAC,cAAc,CAAC,CAClB,CAAC;IACZ,MAAM,YAAY,GAChB,mBAAmB,CAAC,GAAG,CAAC,gBAAgB,CAAC,IAAI,EAAE,CAAC;IAElD,yCAAyC;IACzC,mBAAmB,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC;IAE7C,OAAO,EAAE,YAAY,EAAE,YAAY,EAAE,mBAAmB,EAAE,CAAC;AAC7D,CAAC,CAAC;AA9BW,QAAA,mBAAmB,uBA8B9B"}

package/dist/cli-parsers/yarn-list-parser.d.ts

@@ -0,0 +1,2 @@
+import { FormattedCliOutput } from './cli-parser-types';
+export declare const parseYarnListOutput: (rawYarnListOutput: string, manifestDependencies: Record<string, string>) => FormattedCliOutput;

package/dist/cli-parsers/yarn-list-parser.js

@@ -0,0 +1,24 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.parseYarnListOutput = void 0;
+const cli_parser_utils_1 = require("./cli-parser-utils");
+const parseYarnListOutput = (rawYarnListOutput, manifestDependencies) => {
+    const formattedYarnList = JSON.parse(rawYarnListOutput).data
+        .trees;
+    // Reference to all (resolved) dep names to help cleanup in next step
+    const names = formattedYarnList.map((tree) => tree.name);
+    const formattedListOutput = formattedYarnList.reduce((result, tree) => {
+        const dependencies = tree.children.map((child) => cli_parser_utils_1.extractCorrectIdentifierBySemver(names, child.name));
+        return result.set(tree.name, dependencies);
+    }, new Map());
+    const topLevelDeps = getTopLevelDependencies(formattedListOutput, manifestDependencies);
+    return { topLevelDeps, dependencies: formattedListOutput };
+};
+exports.parseYarnListOutput = parseYarnListOutput;
+const getTopLevelDependencies = (formattedListOutput, topLevelDeps) => {
+    // This logic is to construct an item for the rootPkg because
+    // we are dealing with a flat map so far so can't tell
+    const names = [...formattedListOutput.keys()];
+    return Object.entries(topLevelDeps).map(([name, version]) => cli_parser_utils_1.extractCorrectIdentifierBySemver(names, `${name}@${version}`));
+};
+//# sourceMappingURL=yarn-list-parser.js.map

package/dist/cli-parsers/yarn-list-parser.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"yarn-list-parser.js","sourceRoot":"","sources":["../../lib/cli-parsers/yarn-list-parser.ts"],"names":[],"mappings":";;;AAKA,yDAAsE;AAE/D,MAAM,mBAAmB,GAAG,CACjC,iBAAyB,EACzB,oBAA4C,EACxB,EAAE;IACtB,MAAM,iBAAiB,GAAmB,IAAI,CAAC,KAAK,CAAC,iBAAiB,CAAC,CAAC,IAAI;SACzE,KAAK,CAAC;IAET,qEAAqE;IACrE,MAAM,KAAK,GAAG,iBAAiB,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAEzD,MAAM,mBAAmB,GAAwB,iBAAiB,CAAC,MAAM,CACvE,CAAC,MAAM,EAAE,IAAI,EAAE,EAAE;QACf,MAAM,YAAY,GAAG,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAC/C,mDAAgC,CAAC,KAAK,EAAE,KAAK,CAAC,IAAI,CAAC,CACpD,CAAC;QAEF,OAAO,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE,YAAY,CAAC,CAAC;IAC7C,CAAC,EACD,IAAI,GAAG,EAAoB,CAC5B,CAAC;IAEF,MAAM,YAAY,GAAG,uBAAuB,CAC1C,mBAAmB,EACnB,oBAAoB,CACrB,CAAC;IAEF,OAAO,EAAE,YAAY,EAAE,YAAY,EAAE,mBAAmB,EAAE,CAAC;AAC7D,CAAC,CAAC;AA3BW,QAAA,mBAAmB,uBA2B9B;AAEF,MAAM,uBAAuB,GAAG,CAC9B,mBAAwC,EACxC,YAAoC,EACpC,EAAE;IACF,6DAA6D;IAC7D,sDAAsD;IACtD,MAAM,KAAK,GAAG,CAAC,GAAG,mBAAmB,CAAC,IAAI,EAAE,CAAC,CAAC;IAC9C,OAAO,MAAM,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,OAAO,CAAC,EAAE,EAAE,CAC1D,mDAAgC,CAAC,KAAK,EAAE,GAAG,IAAI,IAAI,OAAO,EAAE,CAAC,CAC9D,CAAC;AACJ,CAAC,CAAC"}

package/dist/index.d.ts

@@ -1,6 +1,8 @@
 import { ManifestFile, PkgTree, Scope, LockfileType, getYarnWorkspaces } from './parsers';
 import { UnsupportedRuntimeError, InvalidUserInputError, OutOfSyncError } from './errors';
-export { buildDepTree, buildDepTreeFromFiles, getYarnWorkspacesFromFiles, getYarnWorkspaces, PkgTree, Scope, LockfileType, UnsupportedRuntimeError, InvalidUserInputError, OutOfSyncError, ManifestFile, };
+import { buildDepGraphFromCliOutput } from './cli-parsers';
+export { buildDepTree, buildDepTreeFromFiles, buildDepGraphFromCliOutput, getYarnWorkspacesFromFiles, getYarnWorkspaces, PkgTree, Scope, LockfileType, UnsupportedRuntimeError, InvalidUserInputError, OutOfSyncError, ManifestFile, };
 declare function buildDepTree(manifestFileContents: string, lockFileContents: string, includeDev?: boolean, lockfileType?: LockfileType, strict?: boolean, defaultManifestFileName?: string): Promise<PkgTree>;
 declare function buildDepTreeFromFiles(root: string, manifestFilePath: string, lockFilePath: string, includeDev?: boolean, strict?: boolean): Promise<PkgTree>;
 declare function getYarnWorkspacesFromFiles(root: any, manifestFilePath: string): string[] | false;
+export declare function getYarnLockfileType(lockFileContents: string, root?: string, lockFilePath?: string): LockfileType;

package/dist/index.js

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.OutOfSyncError = exports.InvalidUserInputError = exports.UnsupportedRuntimeError = exports.LockfileType = exports.Scope = exports.getYarnWorkspaces = exports.getYarnWorkspacesFromFiles = exports.buildDepTreeFromFiles = exports.buildDepTree = void 0;
+exports.getYarnLockfileType = exports.OutOfSyncError = exports.InvalidUserInputError = exports.UnsupportedRuntimeError = exports.LockfileType = exports.Scope = exports.getYarnWorkspaces = exports.getYarnWorkspacesFromFiles = exports.buildDepGraphFromCliOutput = exports.buildDepTreeFromFiles = exports.buildDepTree = void 0;
 const fs = require("fs");
 const path = require("path");
 const parsers_1 = require("./parsers");
@@ -14,6 +14,8 @@ const errors_1 = require("./errors");
 Object.defineProperty(exports, "UnsupportedRuntimeError", { enumerable: true, get: function () { return errors_1.UnsupportedRuntimeError; } });
 Object.defineProperty(exports, "InvalidUserInputError", { enumerable: true, get: function () { return errors_1.InvalidUserInputError; } });
 Object.defineProperty(exports, "OutOfSyncError", { enumerable: true, get: function () { return errors_1.OutOfSyncError; } });
+const cli_parsers_1 = require("./cli-parsers");
+Object.defineProperty(exports, "buildDepGraphFromCliOutput", { enumerable: true, get: function () { return cli_parsers_1.buildDepGraphFromCliOutput; } });
 async function buildDepTree(manifestFileContents, lockFileContents, includeDev = false, lockfileType, strict = true, defaultManifestFileName = 'package.json') {
     if (!lockfileType) {
         lockfileType = parsers_1.LockfileType.npm;
@@ -100,4 +102,5 @@ function getYarnLockfileType(lockFileContents, root, lockFilePath) {
         return parsers_1.LockfileType.yarn;
     }
 }
+exports.getYarnLockfileType = getYarnLockfileType;
 //# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../lib/index.ts"],"names":[],"mappings":";;;AAAA,yBAAyB;AACzB,6BAA6B;AAC7B,uCASmB;AAgBjB,sFApBA,eAAK,OAoBA;AACL,6FAnBA,sBAAY,OAmBA;AAHZ,kGAfA,2BAAiB,OAeA;AAbnB,uEAAkE;AAClE,iEAA4D;AAC5D,mEAA8D;AAC9D,qCAIkB;AAUhB,wGAbA,gCAAuB,OAaA;AACvB,sGAbA,8BAAqB,OAaA;AACrB,+FAbA,uBAAc,OAaA;AAIhB,KAAK,UAAU,YAAY,CACzB,oBAA4B,EAC5B,gBAAwB,EACxB,UAAU,GAAG,KAAK,EAClB,YAA2B,EAC3B,SAAkB,IAAI,EACtB,0BAAkC,cAAc;IAEhD,IAAI,CAAC,YAAY,EAAE;QACjB,YAAY,GAAG,sBAAY,CAAC,GAAG,CAAC;KACjC;SAAM,IAAI,YAAY,KAAK,sBAAY,CAAC,IAAI,EAAE;QAC7C,YAAY,GAAG,mBAAmB,CAAC,gBAAgB,CAAC,CAAC;KACtD;IAED,IAAI,cAA8B,CAAC;IACnC,QAAQ,YAAY,EAAE;QACpB,KAAK,sBAAY,CAAC,GAAG;YACnB,cAAc,GAAG,IAAI,uCAAiB,EAAE,CAAC;YACzC,MAAM;QACR,KAAK,sBAAY,CAAC,IAAI;YACpB,cAAc,GAAG,IAAI,iCAAc,EAAE,CAAC;YACtC,MAAM;QACR,KAAK,sBAAY,CAAC,KAAK;YACrB,cAAc,GAAG,IAAI,mCAAe,EAAE,CAAC;YACvC,MAAM;QACR;YACE,MAAM,IAAI,8BAAqB,CAC7B,4BAA4B;gBAC1B,GAAG,YAAY,+CAA+C;gBAC9D,YAAY,CACf,CAAC;KACL;IAED,MAAM,YAAY,GAAiB,2BAAiB,CAAC,oBAAoB,CAAC,CAAC;IAC3E,IAAI,CAAC,YAAY,CAAC,IAAI,EAAE;QACtB,YAAY,CAAC,IAAI,GAAG,IAAI,CAAC,UAAU,CAAC,uBAAuB,CAAC;YAC1D,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,uBAAuB,CAAC;YACxC,CAAC,CAAC,uBAAuB,CAAC;KAC7B;IAED,MAAM,QAAQ,GAAa,cAAc,CAAC,aAAa,CAAC,gBAAgB,CAAC,CAAC;IAC1E,OAAO,cAAc,CAAC,iBAAiB,CACrC,YAAY,EACZ,QAAQ,EACR,UAAU,EACV,MAAM,CACP,CAAC;AACJ,CAAC;AA5DC,oCAAY;AA8Dd,KAAK,UAAU,qBAAqB,CAClC,IAAY,EACZ,gBAAwB,EACxB,YAAoB,EACpB,UAAU,GAAG,KAAK,EAClB,MAAM,GAAG,IAAI;IAEb,IAAI,CAAC,IAAI,IAAI,CAAC,gBAAgB,IAAI,CAAC,YAAY,EAAE;QAC/C,MAAM,IAAI,KAAK,CAAC,yDAAyD,CAAC,CAAC;KAC5E;IAED,MAAM,oBAAoB,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,gBAAgB,CAAC,CAAC;IAClE,MAAM,gBAAgB,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,YAAY,CAAC,CAAC;IAE1D,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,oBAAoB,CAAC,EAAE;QACxC,MAAM,IAAI,8BAAqB,CAC7B,wCAAwC;YACtC,aAAa,oBAAoB,EAAE,CACtC,CAAC;KACH;IACD,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,gBAAgB,CAAC,EAAE;QACpC,MAAM,IAAI,8BAAqB,CAC7B,kCAAkC,GAAG,gBAAgB,CACtD,CAAC;KACH;IAED,MAAM,oBAAoB,GAAG,EAAE,CAAC,YAAY,CAAC,oBAAoB,EAAE,OAAO,CAAC,CAAC;IAC5E,MAAM,gBAAgB,GAAG,EAAE,CAAC,YAAY,CAAC,gBAAgB,EAAE,OAAO,CAAC,CAAC;IAEpE,IAAI,YAA0B,CAAC;IAC/B,IAAI,YAAY,CAAC,QAAQ,CAAC,mBAAmB,CAAC,EAAE;QAC9C,YAAY,GAAG,sBAAY,CAAC,GAAG,CAAC;KACjC;SAAM,IAAI,YAAY,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE;QAC7C,YAAY,GAAG,mBAAmB,CAAC,gBAAgB,EAAE,IAAI,EAAE,YAAY,CAAC,CAAC;KAC1E;SAAM;QACL,MAAM,IAAI,8BAAqB,CAC7B,oBAAoB,YAAY,IAAI;YAClC,uDAAuD,CAC1D,CAAC;KACH;IAED,OAAO,MAAM,YAAY,CACvB,oBAAoB,EACpB,gBAAgB,EAChB,UAAU,EACV,YAAY,EACZ,MAAM,EACN,gBAAgB,CACjB,CAAC;AACJ,CAAC;AA9GC,sDAAqB;AAgHvB,SAAS,0BAA0B,CACjC,IAAI,EACJ,gBAAwB;IAExB,IAAI,CAAC,IAAI,IAAI,CAAC,gBAAgB,EAAE;QAC9B,MAAM,IAAI,KAAK,CACb,8DAA8D,CAC/D,CAAC;KACH;IACD,MAAM,oBAAoB,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,gBAAgB,CAAC,CAAC;IAClE,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,oBAAoB,CAAC,EAAE;QACxC,MAAM,IAAI,8BAAqB,CAC7B,wCAAwC;YACtC,aAAa,oBAAoB,EAAE,CACtC,CAAC;KACH;IACD,MAAM,oBAAoB,GAAG,EAAE,CAAC,YAAY,CAAC,oBAAoB,EAAE,OAAO,CAAC,CAAC;IAE5E,OAAO,2BAAiB,CAAC,oBAAoB,CAAC,CAAC;AACjD,CAAC;AAlIC,gEAA0B;AAoI5B,SAAS,mBAAmB,CAC1B,gBAAwB,EACxB,IAAa,EACb,YAAqB;IAErB,IACE,gBAAgB,CAAC,QAAQ,CAAC,YAAY,CAAC;QACvC,CAAC,IAAI;YACH,YAAY;YACZ,EAAE,CAAC,UAAU,CACX,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,YAAY,CAAC,OAAO,CAAC,WAAW,EAAE,aAAa,CAAC,CAAC,CACrE,CAAC,EACJ;QACA,OAAO,sBAAY,CAAC,KAAK,CAAC;KAC3B;SAAM;QACL,OAAO,sBAAY,CAAC,IAAI,CAAC;KAC1B;AACH,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../lib/index.ts"],"names":[],"mappings":";;;AAAA,yBAAyB;AACzB,6BAA6B;AAC7B,uCASmB;AAkBjB,sFAtBA,eAAK,OAsBA;AACL,6FArBA,sBAAY,OAqBA;AAHZ,kGAjBA,2BAAiB,OAiBA;AAfnB,uEAAkE;AAClE,iEAA4D;AAC5D,mEAA8D;AAC9D,qCAIkB;AAYhB,wGAfA,gCAAuB,OAeA;AACvB,sGAfA,8BAAqB,OAeA;AACrB,+FAfA,uBAAc,OAeA;AAbhB,+CAA2D;AAKzD,2GALO,wCAA0B,OAKP;AAY5B,KAAK,UAAU,YAAY,CACzB,oBAA4B,EAC5B,gBAAwB,EACxB,UAAU,GAAG,KAAK,EAClB,YAA2B,EAC3B,SAAkB,IAAI,EACtB,0BAAkC,cAAc;IAEhD,IAAI,CAAC,YAAY,EAAE;QACjB,YAAY,GAAG,sBAAY,CAAC,GAAG,CAAC;KACjC;SAAM,IAAI,YAAY,KAAK,sBAAY,CAAC,IAAI,EAAE;QAC7C,YAAY,GAAG,mBAAmB,CAAC,gBAAgB,CAAC,CAAC;KACtD;IAED,IAAI,cAA8B,CAAC;IACnC,QAAQ,YAAY,EAAE;QACpB,KAAK,sBAAY,CAAC,GAAG;YACnB,cAAc,GAAG,IAAI,uCAAiB,EAAE,CAAC;YACzC,MAAM;QACR,KAAK,sBAAY,CAAC,IAAI;YACpB,cAAc,GAAG,IAAI,iCAAc,EAAE,CAAC;YACtC,MAAM;QACR,KAAK,sBAAY,CAAC,KAAK;YACrB,cAAc,GAAG,IAAI,mCAAe,EAAE,CAAC;YACvC,MAAM;QACR;YACE,MAAM,IAAI,8BAAqB,CAC7B,4BAA4B;gBAC1B,GAAG,YAAY,+CAA+C;gBAC9D,YAAY,CACf,CAAC;KACL;IAED,MAAM,YAAY,GAAiB,2BAAiB,CAAC,oBAAoB,CAAC,CAAC;IAC3E,IAAI,CAAC,YAAY,CAAC,IAAI,EAAE;QACtB,YAAY,CAAC,IAAI,GAAG,IAAI,CAAC,UAAU,CAAC,uBAAuB,CAAC;YAC1D,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,uBAAuB,CAAC;YACxC,CAAC,CAAC,uBAAuB,CAAC;KAC7B;IAED,MAAM,QAAQ,GAAa,cAAc,CAAC,aAAa,CAAC,gBAAgB,CAAC,CAAC;IAC1E,OAAO,cAAc,CAAC,iBAAiB,CACrC,YAAY,EACZ,QAAQ,EACR,UAAU,EACV,MAAM,CACP,CAAC;AACJ,CAAC;AA7DC,oCAAY;AA+Dd,KAAK,UAAU,qBAAqB,CAClC,IAAY,EACZ,gBAAwB,EACxB,YAAoB,EACpB,UAAU,GAAG,KAAK,EAClB,MAAM,GAAG,IAAI;IAEb,IAAI,CAAC,IAAI,IAAI,CAAC,gBAAgB,IAAI,CAAC,YAAY,EAAE;QAC/C,MAAM,IAAI,KAAK,CAAC,yDAAyD,CAAC,CAAC;KAC5E;IAED,MAAM,oBAAoB,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,gBAAgB,CAAC,CAAC;IAClE,MAAM,gBAAgB,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,YAAY,CAAC,CAAC;IAE1D,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,oBAAoB,CAAC,EAAE;QACxC,MAAM,IAAI,8BAAqB,CAC7B,wCAAwC;YACtC,aAAa,oBAAoB,EAAE,CACtC,CAAC;KACH;IACD,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,gBAAgB,CAAC,EAAE;QACpC,MAAM,IAAI,8BAAqB,CAC7B,kCAAkC,GAAG,gBAAgB,CACtD,CAAC;KACH;IAED,MAAM,oBAAoB,GAAG,EAAE,CAAC,YAAY,CAAC,oBAAoB,EAAE,OAAO,CAAC,CAAC;IAC5E,MAAM,gBAAgB,GAAG,EAAE,CAAC,YAAY,CAAC,gBAAgB,EAAE,OAAO,CAAC,CAAC;IAEpE,IAAI,YAA0B,CAAC;IAC/B,IAAI,YAAY,CAAC,QAAQ,CAAC,mBAAmB,CAAC,EAAE;QAC9C,YAAY,GAAG,sBAAY,CAAC,GAAG,CAAC;KACjC;SAAM,IAAI,YAAY,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE;QAC7C,YAAY,GAAG,mBAAmB,CAAC,gBAAgB,EAAE,IAAI,EAAE,YAAY,CAAC,CAAC;KAC1E;SAAM;QACL,MAAM,IAAI,8BAAqB,CAC7B,oBAAoB,YAAY,IAAI;YAClC,uDAAuD,CAC1D,CAAC;KACH;IAED,OAAO,MAAM,YAAY,CACvB,oBAAoB,EACpB,gBAAgB,EAChB,UAAU,EACV,YAAY,EACZ,MAAM,EACN,gBAAgB,CACjB,CAAC;AACJ,CAAC;AA/GC,sDAAqB;AAiHvB,SAAS,0BAA0B,CACjC,IAAI,EACJ,gBAAwB;IAExB,IAAI,CAAC,IAAI,IAAI,CAAC,gBAAgB,EAAE;QAC9B,MAAM,IAAI,KAAK,CACb,8DAA8D,CAC/D,CAAC;KACH;IACD,MAAM,oBAAoB,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,gBAAgB,CAAC,CAAC;IAClE,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,oBAAoB,CAAC,EAAE;QACxC,MAAM,IAAI,8BAAqB,CAC7B,wCAAwC;YACtC,aAAa,oBAAoB,EAAE,CACtC,CAAC;KACH;IACD,MAAM,oBAAoB,GAAG,EAAE,CAAC,YAAY,CAAC,oBAAoB,EAAE,OAAO,CAAC,CAAC;IAE5E,OAAO,2BAAiB,CAAC,oBAAoB,CAAC,CAAC;AACjD,CAAC;AAlIC,gEAA0B;AAoI5B,SAAgB,mBAAmB,CACjC,gBAAwB,EACxB,IAAa,EACb,YAAqB;IAErB,IACE,gBAAgB,CAAC,QAAQ,CAAC,YAAY,CAAC;QACvC,CAAC,IAAI;YACH,YAAY;YACZ,EAAE,CAAC,UAAU,CACX,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,YAAY,CAAC,OAAO,CAAC,WAAW,EAAE,aAAa,CAAC,CAAC,CACrE,CAAC,EACJ;QACA,OAAO,sBAAY,CAAC,KAAK,CAAC;KAC3B;SAAM;QACL,OAAO,sBAAY,CAAC,IAAI,CAAC;KAC1B;AACH,CAAC;AAjBD,kDAiBC"}

package/package.json

@@ -31,6 +31,7 @@
   ],
   "homepage": "https://github.com/snyk/nodejs-lockfile-parser#readme",
   "dependencies": {
+    "@snyk/dep-graph": "^1.28.0",
     "@snyk/graphlib": "2.1.9-patch.3",
     "@yarnpkg/core": "^2.4.0",
     "@yarnpkg/lockfile": "^1.1.0",
@@ -41,6 +42,7 @@
     "lodash.isempty": "^4.4.0",
     "lodash.set": "^4.3.2",
     "lodash.topairs": "^4.3.0",
+    "semver": "^7.3.5",
     "snyk-config": "^4.0.0-rc.2",
     "tslib": "^1.9.3",
     "uuid": "^8.3.0"
@@ -48,6 +50,7 @@
   "devDependencies": {
     "@types/jest": "^26.0.23",
     "@types/node": "^12.0.0",
+    "@types/semver": "^7.3.6",
     "@types/uuid": "^8.3.0",
     "@typescript-eslint/eslint-plugin": "^4.20.0",
     "@typescript-eslint/parser": "^4.0.0",
@@ -61,5 +64,5 @@
     "ts-node": "^9.1.1",
     "typescript": "^4.1.0"
   },
-  "version": "1.35.1"
+  "version": "1.36.0"
 }