Class: Dependabot::NpmAndYarn::FileParser
- Inherits:
-
FileParsers::Base
- Object
- FileParsers::Base
- Dependabot::NpmAndYarn::FileParser
- Defined in:
- lib/dependabot/npm_and_yarn/file_parser.rb,
lib/dependabot/npm_and_yarn/file_parser/lockfile_parser.rb,
lib/dependabot/npm_and_yarn/file_parser/yarn_lockfile_parser.rb
Defined Under Namespace
Classes: LockfileParser, YarnLockfileParser
Constant Summary collapse
- DEPENDENCY_TYPES =
%w(dependencies devDependencies optionalDependencies).freeze
- CENTRAL_REGISTRIES =
%w( https://registry.npmjs.org http://registry.npmjs.org https://registry.yarnpkg.com ).freeze
- GIT_URL_REGEX =
%r{ (?<git_prefix>^|^git.*?|^github:|^bitbucket:|^gitlab:|github\.com/) (?<username>[a-z0-9-]+)/ (?<repo>[a-z0-9_.-]+) ( (?:\#semver:(?<semver>.+))| (?:\#(?=[\^~=<>*])(?<semver>.+))| (?:\#(?<ref>.+)) )?$ }ix.freeze
Instance Method Summary collapse
Instance Method Details
#parse ⇒ Object
39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 |
# File 'lib/dependabot/npm_and_yarn/file_parser.rb', line 39 def parse dependency_set = DependencySet.new dependency_set += manifest_dependencies dependency_set += lockfile_dependencies dependencies = dependency_set.dependencies # TODO: Currently, Dependabot can't handle dependencies that have both # a git source *and* a non-git source. Fix that! dependencies.reject do |dep| git_reqs = dep.requirements.select { |r| r.dig(:source, :type) == "git" } next false if git_reqs.none? next true if git_reqs.map { |r| r.fetch(:source) }.uniq.count > 1 dep.requirements.any? { |r| r.dig(:source, :type) != "git" } end end |