Class: Importmap::Npm

Inherits:
Object
  • Object
show all
Defined in:
lib/importmap/npm.rb

Defined Under Namespace

Classes: OutdatedPackage, VulnerablePackage

Constant Summary collapse

Error = 
Class.new(StandardError)
HTTPError = 
Class.new(Error)

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(importmap_path = "config/importmap.rb") ⇒ Npm

Returns a new instance of Npm.



12
13
14
 
# File 'lib/importmap/npm.rb', line 12

def initialize(importmap_path = "config/importmap.rb")
  @importmap_path = Pathname.new(importmap_path)
end

Instance Attribute Details

#base_uriObject

Returns the value of attribute base_uri.



9
10
11
 
# File 'lib/importmap/npm.rb', line 9

def base_uri
  @base_uri
end

Instance Method Details

#outdated_packagesObject 



16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
 
# File 'lib/importmap/npm.rb', line 16

def outdated_packages
  packages_with_versions.each.with_object([]) do |(package, current_version), outdated_packages|
    outdated_package = OutdatedPackage.new(name: package,
                                           current_version: current_version)

    if !(response = get_package(package))
      outdated_package.error = 'Response error'
    elsif (error = response['error'])
      outdated_package.error = error
    else
      latest_version = find_latest_version(response)
      next unless outdated?(current_version, latest_version)

      outdated_package.latest_version = latest_version
    end

    outdated_packages << outdated_package
  end.sort_by(&:name)
end

#packages_with_versionsObject 



47
48
49
50
51
52
53
 
# File 'lib/importmap/npm.rb', line 47

def packages_with_versions
  # We cannot use the name after "pin" because some dependencies are loaded from inside packages
  # Eg. pin "buffer", to: "https://ga.jspm.io/npm:@jspm/[email protected]/nodelibs/browser/buffer.js"

  importmap.scan(/^pin .*(?<=npm:|npm\/|skypack\.dev\/|unpkg\.com\/)(.*)(?=@\d+\.\d+\.\d+)@(\d+\.\d+\.\d+(?:[^\/\s["']]*)).*$/) |
    importmap.scan(/^pin ["']([^["']]*)["'].* #.*@(\d+\.\d+\.\d+(?:[^\s]*)).*$/)
end

#vulnerable_packagesObject 



36
37
38
39
40
41
42
43
44
45
 
# File 'lib/importmap/npm.rb', line 36

def vulnerable_packages
  get_audit.flat_map do |package, vulnerabilities|
    vulnerabilities.map do |vulnerability|
      VulnerablePackage.new(name: package,
                            severity: vulnerability['severity'],
                            vulnerable_versions: vulnerability['vulnerable_versions'],
                            vulnerability: vulnerability['title'])
    end
  end.sort_by { |p| [p.name, p.severity] }
end