@snyk/dep-graph - npm Package Compare versions

2

dist/core/builder.d.ts

		@@ -13,5 +13,5 @@ import * as types from './types';
		constructor(pkgManager: types.PkgManager, rootPkg?: types.PkgInfo);
		addPkgNode(pkgInfo: types.PkgInfo, nodeId: string): void;
		addPkgNode(pkgInfo: types.PkgInfo, nodeId: string, nodeInfo?: types.NodeInfo): void;
		connectDep(parentNodeId: string, depNodeId: string): void;
		build(): types.DepGraph;
		}

4

dist/core/builder.js

		@@ -39,3 +39,3 @@ "use strict";
		// TODO: this can create disconnected nodes
		DepGraphBuilder.prototype.addPkgNode = function (pkgInfo, nodeId) {
		DepGraphBuilder.prototype.addPkgNode = function (pkgInfo, nodeId, nodeInfo) {
		if (nodeId === this._rootNodeId) {
		@@ -48,3 +48,3 @@ throw new Error('DepGraphBuilder.addPkgNode() cant override root node');
		this._pkgNodes[pkgId].add(nodeId);
		this._graph.setNode(nodeId, { pkgId: pkgId });
		this._graph.setNode(nodeId, { pkgId: pkgId, info: nodeInfo });
		};
		@@ -51,0 +51,0 @@ // TODO: this can create cycles

3

dist/core/create-from-json.js

		@@ -22,2 +22,3 @@ "use strict";
		var _b = _a[_i], id = _b.id, info = _b.info;
		// TODO: avoid this, instead just use `info` as is
		pkgs[id] = info.version ? info : tslib_1.__assign({}, info, { version: null });
		@@ -32,3 +33,3 @@ }
		pkgNodes[pkgId].add(node.nodeId);
		graph.setNode(node.nodeId, { pkgId: pkgId });
		graph.setNode(node.nodeId, { pkgId: pkgId, info: node.info });
		}
		@@ -35,0 +36,0 @@ for (var _e = 0, _f = depGraphData.graph.nodes; _e < _f.length; _e++) {

2

dist/core/dep-graph.d.ts

		@@ -24,2 +24,3 @@ import * as graphlib from 'graphlib';
		getPkgs(): types.PkgInfo[];
		getNode(nodeId: string): types.NodeInfo;
		getNodePkg(nodeId: string): types.PkgInfo;
		@@ -33,4 +34,5 @@ getPkgNodeIds(pkg: types.Pkg): string[];
		toJSON(): types.DepGraphData;
		private getGraphNode;
		private pathsFromNodeToRoot;
		private countNodePathsToRoot;
		}

31

dist/core/dep-graph.js

		@@ -43,8 +43,7 @@ "use strict";
		};
		DepGraphImpl.prototype.getNode = function (nodeId) {
		return this.getGraphNode(nodeId).info \|\| {};
		};
		DepGraphImpl.prototype.getNodePkg = function (nodeId) {
		var node = this._graph.node(nodeId);
		if (!node) {
		throw new Error("no such node: " + nodeId);
		}
		return this._pkgs[node.pkgId];
		return this._pkgs[this.getGraphNode(nodeId).pkgId];
		};
		@@ -107,7 +106,12 @@ DepGraphImpl.prototype.getPkgNodeIds = function (pkg) {
		.map(function (depNodeId) { return ({ nodeId: depNodeId }); });
		acc.push({
		var node = _this._graph.node(nodeId);
		var elem = {
		nodeId: nodeId,
		pkgId: _this._graph.node(nodeId).pkgId,
		pkgId: node.pkgId,
		deps: deps,
		});
		};
		if (!_.isEmpty(node.info)) {
		elem.info = node.info;
		}
		acc.push(elem);
		return acc;
		@@ -130,2 +134,9 @@ }, []);
		};
		DepGraphImpl.prototype.getGraphNode = function (nodeId) {
		var node = this._graph.node(nodeId);
		if (!node) {
		throw new Error("no such node: " + nodeId);
		}
		return node;
		};
		DepGraphImpl.prototype.pathsFromNodeToRoot = function (nodeId) {
		@@ -149,3 +160,3 @@ var _this = this;
		if (this._countNodePathsToRootCache.has(nodeId)) {
		return this._countNodePathsToRootCache.get(nodeId);
		return this._countNodePathsToRootCache.get(nodeId) \|\| 0;
		}
		@@ -163,3 +174,3 @@ var parentNodesIds = this.getNodeParentsNodeIds(nodeId);
		};
		DepGraphImpl.SCHEMA_VERSION = '1.0.0';
		DepGraphImpl.SCHEMA_VERSION = '1.1.0';
		return DepGraphImpl;
		@@ -166,0 +177,0 @@ }());

2

dist/core/errors/custom-error.d.ts

		export declare class CustomError extends Error {
		constructor(message: any);
		constructor(message: string);
		}

2

dist/core/errors/validation-error.d.ts

		import { CustomError } from './custom-error';
		export declare class ValidationError extends CustomError {
		constructor(message: any);
		constructor(message: string);
		}

12

dist/core/types.d.ts

		@@ -9,5 +9,16 @@ export interface Pkg {
		}
		export interface VersionProvenance {
		type: string;
		location: string;
		property?: {
		name: string;
		};
		}
		export interface NodeInfo {
		versionProvenance?: VersionProvenance;
		}
		export interface GraphNode {
		nodeId: string;
		pkgId: string;
		info?: NodeInfo;
		deps: Array<{
		@@ -46,2 +57,3 @@ nodeId: string;
		readonly rootNodeId: string;
		getNode(nodeId: string): NodeInfo;
		getNodePkg(nodeId: string): PkgInfo;
		@@ -48,0 +60,0 @@ getPkgNodeIds(pkg: Pkg): string[];

1

dist/legacy/index.d.ts

		@@ -6,2 +6,3 @@ import * as types from '../core/types';
		version?: string;
		versionProvenance?: types.VersionProvenance;
		dependencies?: {
		@@ -8,0 +9,0 @@ [depName: string]: DepTreeDep;

35

dist/legacy/index.js

		@@ -8,2 +8,3 @@ "use strict";
		var event_loop_spinner_1 = require("./event-loop-spinner");
		var objectHash = require("object-hash");
		function depTreeToGraph(depTree, pkgManagerName) {
		@@ -47,9 +48,14 @@ return tslib_1.__awaiter(this, void 0, void 0, function () {
		return tslib_1.__awaiter(this, void 0, void 0, function () {
		var getNodeId, depNodesIds, hash, deps, depNames, _i, _a, depName, dep, subtreeHash, depPkg, depNodeId, treeHash, pkgNodeId, pkg, _b, depNodesIds_1, depNodeId;
		var getNodeId, depNodesIds, hash, deps, depNames, _i, _a, depName, dep, subtreeHash, depPkg, depNodeId, nodeInfo, treeHash, pkgNodeId, pkg, nodeInfo, _b, depNodesIds_1, depNodeId;
		return tslib_1.__generator(this, function (_c) {
		switch (_c.label) {
		case 0:
		getNodeId = function (name, version, hashId) { return name + "@" + (version \|\| '') + "\|" + hashId; };
		getNodeId = function (name, version, hashId) {
		return name + "@" + (version \|\| '') + "\|" + hashId;
		};
		depNodesIds = [];
		hash = crypto.createHash('sha1');
		if (depTree.versionProvenance) {
		hash.update(objectHash(depTree.versionProvenance));
		}
		deps = depTree.dependencies \|\| {};
		@@ -72,3 +78,7 @@ depNames = _.keys(deps).filter(function (d) { return !!deps[d]; });
		depNodesIds.push(depNodeId);
		builder.addPkgNode(depPkg, depNodeId);
		nodeInfo = {};
		if (dep.versionProvenance) {
		nodeInfo.versionProvenance = dep.versionProvenance;
		}
		builder.addPkgNode(depPkg, depNodeId, nodeInfo);
		hash.update(depNodeId);
		@@ -80,3 +90,3 @@ _c.label = 3;
		case 4:
		treeHash = depNames.length ? hash.digest('hex') : 'leaf';
		treeHash = hash.digest('hex');
		if (isRoot) {
		@@ -91,3 +101,7 @@ pkgNodeId = builder.rootNodeId;
		pkgNodeId = getNodeId(pkg.name, pkg.version, treeHash);
		builder.addPkgNode(pkg, pkgNodeId);
		nodeInfo = {};
		if (depTree.versionProvenance) {
		nodeInfo.versionProvenance = depTree.versionProvenance;
		}
		builder.addPkgNode(pkg, pkgNodeId, nodeInfo);
		}
		@@ -110,3 +124,3 @@ for (_b = 0, depNodesIds_1 = depNodesIds; _b < depNodesIds_1.length; _b++) {
		return tslib_1.__awaiter(this, void 0, void 0, function () {
		var builder, nodesMap, _i, _a, pkg, nodeIds, i, nodeId, newNodeId, _b, _c, pkg, _d, _e, nodeId, _f, _g, depNodeId, parentNode, childNode;
		var builder, nodesMap, _i, _a, pkg, nodeIds, i, nodeId, nodeInfo, newNodeId, _b, _c, pkg, _d, _e, nodeId, _f, _g, depNodeId, parentNode, childNode;
		return tslib_1.__generator(this, function (_h) {
		@@ -128,2 +142,3 @@ switch (_h.label) {
		}
		nodeInfo = depGraph.getNode(nodeId);
		newNodeId = void 0;
		@@ -137,3 +152,3 @@ if (nodeIds.length === 1) {
		nodesMap[nodeId] = newNodeId;
		builder.addPkgNode(pkg, newNodeId);
		builder.addPkgNode(pkg, newNodeId, nodeInfo);
		}
		@@ -224,3 +239,3 @@ if (!eventLoopSpinner.isStarving()) return [3 /break/, 3];
		return tslib_1.__awaiter(this, void 0, void 0, function () {
		var nodePkg, depTree, depInstanceIds, _i, depInstanceIds_1, depInstId, subtree;
		var nodePkg, nodeInfo, depTree, depInstanceIds, _i, depInstanceIds_1, depInstId, subtree;
		return tslib_1.__generator(this, function (_a) {
		@@ -230,5 +245,9 @@ switch (_a.label) {
		nodePkg = depGraph.getNodePkg(nodeId);
		nodeInfo = depGraph.getNode(nodeId);
		depTree = {};
		depTree.name = nodePkg.name;
		depTree.version = nodePkg.version;
		if (nodeInfo.versionProvenance) {
		depTree.versionProvenance = nodeInfo.versionProvenance;
		}
		depInstanceIds = depGraph.getNodeDepsNodeIds(nodeId);
		@@ -235,0 +254,0 @@ if (!depInstanceIds \|\| depInstanceIds.length === 0) {

18

package.json

		@@ -31,9 +31,12 @@ {
		"@types/graphlib": "^2.1.4",
		"@types/jest": "^23",
		"@types/jest": "^24",
		"@types/lodash": "^4",
		"@types/node": "^8",
		"jest": "^23",
		"ts-jest": "^23",
		"ts-node": "^7",
		"@types/object-hash": "^1.2.0",
		"@types/semver": "^5",
		"jest": "^24",
		"ts-jest": "^24",
		"ts-node": "^8",
		"tslint": "^5",
		"typescript": "^3.1.6"
		"typescript": "^3.3.3333"
		},
		@@ -43,6 +46,7 @@ "dependencies": {
		"lodash": "^4",
		"source-map-support": "^0.5.9",
		"object-hash": "^1.3.1",
		"source-map-support": "^0.5.11",
		"tslib": "^1.9.3"
		},
		"version": "1.4.1"
		"version": "1.5.0"
		}

13

README.md

		@@ -92,2 +92,11 @@ ![Snyk logo](https://snyk.io/style/asset/logo/snyk-print.svg)
		pkgId: string;
		info?: {
		versionProvenance?: {
		type: string;
		location: string;
		property?: {
		name: string;
		};
		};
		};
		deps: Array<{
		@@ -122,1 +131,5 @@ nodeId: string;
		```

		The `legacy` conversion functions aim to maintain extra data that might be attached to the dep-tree and is dependant upon in code that wasn't yet updated to use solely dep-graphs:
		* `targetOS` which exists on tree roots for Docker scans
		* `versionProvenance` which might exist on the nodes of maven trees, storing information about the source manifest that caused the specfic version to be resolved

dist/core/builder.js.map