Skip to content
This repository has been archived by the owner on Nov 23, 2021. It is now read-only.

Commit

Permalink
node: only run npm if there is no yarn, else might be duplicates. Ret…
Browse files Browse the repository at this point in the history
…urn all versions of a dep not just the highest. ruby: was using the global defined in nodejs (#26)

Signed-off-by: mcoops <[email protected]>
  • Loading branch information
mcoops authored Jun 1, 2021
1 parent 98c2220 commit 136b2be
Show file tree
Hide file tree
Showing 3 changed files with 44 additions and 30 deletions.
18 changes: 14 additions & 4 deletions deplist.go
Original file line number Diff line number Diff line change
Expand Up @@ -91,7 +91,17 @@ func GetDeps(fullPath string) ([]Dependency, Bitmask, error) {

switch filename := info.Name(); filename {
// for now only go for yarn and npm
case "yarn.lock", "package-lock.json":
case "package-lock.json":
// if theres not a yarn.lock fall thru
if _, err := os.Stat(
filepath.Join(
filepath.Dir(path),
"yarn.lock")); err == nil {
return nil
}
fallthrough

case "yarn.lock":
pkgs, err := scan.GetNodeJSDeps(path)
if err != nil {
return err
Expand All @@ -101,12 +111,12 @@ func GetDeps(fullPath string) ([]Dependency, Bitmask, error) {
foundTypes.DepFoundAddFlag(LangNodeJS)
}

for name, version := range pkgs {
for _, p := range pkgs {
deps = append(deps,
Dependency{
DepType: LangNodeJS,
Path: name,
Version: strings.Replace(version, "v", "", 1),
Path: p.Name,
Version: p.Version,
Files: []string{},
})
}
Expand Down
54 changes: 29 additions & 25 deletions internal/scan/nodejs.go
Original file line number Diff line number Diff line change
Expand Up @@ -6,8 +6,6 @@ import (
"os/exec"
"path/filepath"
"strings"

"golang.org/x/mod/semver"
)

type yarnDependencies []yarnDependency
Expand All @@ -33,23 +31,27 @@ type npmListOutput struct {
Dependencies map[string]npmDependency `json:"dependencies"`
}

var gathered map[string]string
type NodeJSGather struct {
Name string
Version string
}

// TODO: remove this global
var gatheredNode map[string]NodeJSGather

func recordPackage(packageName, version string) {
// compare everything
if !strings.HasPrefix(version, "v") {
version = "v" + version
// opposite now, we don't care if its specifying version ranges like 5.x.x,
// or 5.* etc. Just get the versions.
if len(version) > 0 &&
(version[0] == '^' || version[0] == '~' || version[0] == '*' || version[len(version)-1] == 'x') {
return
}
version = strings.Replace(version, "^", "", 1)
version = strings.Replace(version, "~", "", 1)

version = strings.Replace(version, "x", "0", 1)
version = strings.Replace(version, "*", "0.0.0", 1)

if oldVersion, ok := gathered[packageName]; ok {
gathered[packageName] = semver.Max(oldVersion, version)
} else {
gathered[packageName] = version
if _, ok := gatheredNode[packageName+version]; !ok {
gatheredNode[packageName+version] = NodeJSGather{
Name: packageName,
Version: version,
}
}
}

Expand All @@ -62,10 +64,10 @@ func gatherYarnNode(dep yarnDependency) {

if splitIdx != -1 {
name = dep.Name[:splitIdx]
version = "v" + dep.Name[splitIdx+1:]
version = dep.Name[splitIdx+1:]
} else {
name = dep.Name
version = "v0.0.0"
version = ""
}

recordPackage(name, version)
Expand All @@ -84,7 +86,7 @@ func gatherNPMNode(name string, dependency npmDependency) {
}
}

func GetNodeJSDeps(path string) (map[string]string, error) {
func GetNodeJSDeps(path string) (map[string]NodeJSGather, error) {
switch filepath.Base(path) {
case "yarn.lock":
return getYarnDeps(path)
Expand All @@ -94,9 +96,9 @@ func GetNodeJSDeps(path string) (map[string]string, error) {
return nil, fmt.Errorf("unknown NodeJS dependency file %q", path)
}

func getYarnDeps(path string) (map[string]string, error) {
func getYarnDeps(path string) (map[string]NodeJSGather, error) {
var yarnOutput yarnOutput
gathered = make(map[string]string)
gatheredNode = make(map[string]NodeJSGather)

dirPath := filepath.Dir(path)

Expand All @@ -115,19 +117,21 @@ func getYarnDeps(path string) (map[string]string, error) {
gatherYarnNode(deps)
}

return gathered, nil
return gatheredNode, nil
}

func getNPMDeps(path string) (map[string]string, error) {
func getNPMDeps(path string) (map[string]NodeJSGather, error) {
var npmOutput npmListOutput
gathered = make(map[string]string)
gatheredNode = make(map[string]NodeJSGather)

cmd := exec.Command("npm", "list", "--prod", "--json", "--depth=99")
cmd.Dir = filepath.Dir(path)

data, err := cmd.Output()

if err != nil {
// npm has a nasty habbit of not returning cleanly so if there is data
// just attempt to unmarshal
if data == nil && err != nil {
return nil, err
}

Expand All @@ -140,5 +144,5 @@ func getNPMDeps(path string) (map[string]string, error) {
gatherNPMNode(depName, dep)
}

return gathered, nil
return gatheredNode, nil
}
2 changes: 1 addition & 1 deletion internal/scan/ruby.go
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ import (
)

func GetRubyDeps(path string) (map[string]string, error) {
gathered = make(map[string]string)
gathered := make(map[string]string)

dirPath := filepath.Dir(path)

Expand Down

0 comments on commit 136b2be

Please sign in to comment.