Class: Licensed::Sources::NPM

Inherits:
Source
  • Object
show all
Defined in:
lib/licensed/sources/npm.rb

Defined Under Namespace

Classes: Dependency

Instance Attribute Summary

Attributes inherited from Source

#config

Instance Method Summary collapse

Methods inherited from Source

#dependencies, full_type, #ignored?, inherited, #initialize, register_source, require_matched_dependency_version, #source_config, type, type_and_version

Constructor Details

This class inherits a constructor from Licensed::Sources::Source

Instance Method Details

#enabled?Boolean

Returns:

  • (Boolean) 


26
27
28
 
# File 'lib/licensed/sources/npm.rb', line 26

def enabled?
  Licensed::Shell.tool_available?("npm") && File.exist?(package_json_path)
end

#enumerate_dependenciesObject 



30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
 
# File 'lib/licensed/sources/npm.rb', line 30

def enumerate_dependencies
  packages.map do |name, package|
    next if package["name"] == project_name

    errors = package["problems"] unless package["path"]
    Dependency.new(
      name: name,
      version: package["version"] || package["required"],
      path: package["path"],
      errors: Array(errors),
      metadata: {
        "type"     => NPM.type,
        "name"     => package["name"],
        "summary"  => package["description"],
        "homepage" => package["homepage"]
      }
    )
  end
end

#extract_version(parent, name) ⇒ Object 



161
162
163
 
# File 'lib/licensed/sources/npm.rb', line 161

def extract_version(parent, name)
  parent&.dig("_dependencies", name) || peer_dependency(parent, name)
end

#include_non_production?Boolean

Returns whether to include non production dependencies based on the licensed configuration settings

Returns:

  • (Boolean) 


135
136
137
 
# File 'lib/licensed/sources/npm.rb', line 135

def include_non_production?
  config.dig("npm", "production_only") == false
end

#missing_peer?(parent, dependency, name) ⇒ Boolean

Returns:

  • (Boolean) 


139
140
141
142
143
144
145
146
147
148
149
 
# File 'lib/licensed/sources/npm.rb', line 139

def missing_peer?(parent, dependency, name)
  # return true if dependency is marked as "peerMissing"
  return true if dependency["peerMissing"]

  # return false unless the parent has registered the dependency
  # as a peer
  return false unless peer_dependency(parent, name)
  # return true if the dependency itself is marked as missing
  return true if dependency["missing"]
  dependency.empty? && parent&.dig("peerDependenciesMeta", name, "optional")
end

#npm_versionObject

Returns the currently installed version of npm as a Gem::Version object



123
124
125
126
127
 
# File 'lib/licensed/sources/npm.rb', line 123

def npm_version
  @npm_version ||= begin
    Gem::Version.new(Licensed::Shell.execute("npm", "-v").strip)
  end
end

#package_jsonObject

Returns the parse package.json for the current project



172
173
174
175
176
177
178
179
 
# File 'lib/licensed/sources/npm.rb', line 172

def package_json
  return unless File.exist?(package_json_path)

  @package_json ||= JSON.parse(File.read(package_json_path))
rescue JSON::ParserError => e
  message = "Licensed was unable to parse package.json. JSON Error: #{e.message}"
  raise Licensed::Sources::Source::Error, message
end

#package_json_pathObject 



181
182
183
 
# File 'lib/licensed/sources/npm.rb', line 181

def package_json_path
  @package_json_path ||= File.join(config.pwd, "package.json")
end

#package_metadataObject

Returns parsed package metadata returned from ‘npm list`



83
84
85
86
87
88
89
90
91
 
# File 'lib/licensed/sources/npm.rb', line 83

def package_metadata
  return @package_metadata if defined?(@package_metadata)
  @package_metadata = JSON.parse(package_metadata_command)
rescue JSON::ParserError => e
  message = "Licensed was unable to parse the output from 'npm list'. JSON Error: #{e.message}"
  npm_error = package_metadata_error
  message = "#{message}. npm Error: #{npm_error}" if npm_error
  raise Licensed::Sources::Source::Error, message
end

#package_metadata_argsObject

Returns an array of arguments that should be used for all ‘npm list` calls, regardless of how the output is formatted



111
112
113
114
115
116
117
118
119
120
 
# File 'lib/licensed/sources/npm.rb', line 111

def package_metadata_args
  args = []
  args << "--production" unless include_non_production?

  # on npm 7+, the --all argument is necessary to evaluate the project's
  # full dependency tree
  args << "--all" if npm_version >= Gem::Version.new("7.0.0")

  return args
end

#package_metadata_commandObject

Returns the output from running ‘npm list` to get package metadata



102
103
104
105
106
107
 
# File 'lib/licensed/sources/npm.rb', line 102

def package_metadata_command
  args = %w(--json --long)
  args.concat(package_metadata_args)

  Licensed::Shell.execute("npm", "list", *args, allow_failure: true)
end

#package_metadata_errorObject

Returns an error, if one exists, from running ‘npm list` to get package metadata



94
95
96
97
98
99
 
# File 'lib/licensed/sources/npm.rb', line 94

def package_metadata_error
  Licensed::Shell.execute("npm", "list", *package_metadata_args)
  return ""
rescue Licensed::Shell::Error => e
  return e.message
end

#packagesObject 



50
51
52
53
54
55
56
57
58
59
60
61
62
63
 
# File 'lib/licensed/sources/npm.rb', line 50

def packages
  root_dependencies = package_metadata["dependencies"]
  recursive_dependencies(root_dependencies).each_with_object({}) do |(name, results), hsh|
    results.uniq! { |package| package["version"] }
    if results.size == 1
      hsh[name] = results[0]
    else
      results.each do |package|
        name_with_version = "#{name}-#{package["version"]}"
        hsh[name_with_version] = package
      end
    end
  end
end

#peer_dependency(parent, name) ⇒ Object 



151
152
153
154
155
156
157
158
159
 
# File 'lib/licensed/sources/npm.rb', line 151

def peer_dependency(parent, name)
  return unless parent.is_a?(Hash)

  peerDependencies = parent["peerDependencies"]
  # "peerDependencies" could be set to the string "[Circular]"
  return unless peerDependencies.is_a?(Hash)

  peerDependencies[name]
end

#project_nameObject

Returns the current projects name



166
167
168
169
 
# File 'lib/licensed/sources/npm.rb', line 166

def project_name
  return unless package_json
  package_json["name"]
end

#recursive_dependencies(dependencies, result = {}, parent = nil) ⇒ Object

Recursively parse dependency JSON data. Returns a hash mapping the package name to it’s metadata



67
68
69
70
71
72
73
74
75
76
77
78
79
80
 
# File 'lib/licensed/sources/npm.rb', line 67

def recursive_dependencies(dependencies, result = {}, parent = nil)
  dependencies.each do |name, dependency|
    next if missing_peer?(parent, dependency, name)
    next if yarn_lock_present && dependency["missing"]
    next if dependency["extraneous"] && dependency["missing"]

    dependency["name"] = name
    dependency["version"] ||= extract_version(parent, name) if dependency["missing"]

    (result[name] ||= []) << dependency
    recursive_dependencies(dependency["dependencies"] || {}, result, dependency)
  end
  result
end

#yarn_lock_presentObject

Returns true if a yarn.lock file exists in the current directory



130
131
132
 
# File 'lib/licensed/sources/npm.rb', line 130

def yarn_lock_present
  @yarn_lock_present ||= File.exist?(config.pwd.join("yarn.lock"))
end