@snyk/gemfile - npm Package Compare versions

Comparing version 1.0.0 to 1.1.0

gemfile.js

@@ -6,3 +6,2 @@ 'use strict';
 const assert = require('assert');
-const util = require('util');
 
@@ -20,15 +19,2 @@ const GEMFILE_DEFAULT_LOCATION = path.resolve(process.cwd(), 'Gemfile.lock');
 
-const dupKeyMap = () => {
-  let counter = 0;
-  return new Proxy({}, {
-    set(target, key, value) {
-      if (target[key]) {
-        target[key + (counter++)] = target[key];
-      }
-      target[key] = value;
-      return true;
-    }
-  });
-};
-
 function interpret(string, extractMeta) {
@@ -43,6 +29,6 @@ assert(
   let line;
-  let level;
   let index = 0;
   let previousWhitespace = -1;
-  let gemfile = level = dupKeyMap();
+  let keyCount = {};
+  let gemfile = {};
   let lines = string.split('\n');
@@ -109,2 +95,12 @@ let stack = [];
 
+      // Do not throw away additional top-level key entries
+      // e.g. multiple GIT/GEM blocks
+      if (level[key]) {
+        if (keyCount[key] === undefined) {
+          keyCount[key] = 0;
+        } else {
+          keyCount[key]++;
+        }
+        level[key + keyCount[key]] = level[key];
+      }
       level[key] = data;
@@ -153,3 +149,3 @@
                                 return specs;
-                              }, {});  
+                              }, {});
     return gemfileMeta;
@@ -156,0 +152,0 @@ }

package.json

@@ -6,4 +6,3 @@ {
   "scripts": {
-    "test": "./node_modules/.bin/mocha --harmony",
-    "semantic-release": "semantic-release pre && npm publish && semantic-release post"
+    "test": "./node_modules/.bin/mocha"
   },
@@ -26,11 +25,10 @@ "repository": {
   "devDependencies": {
-    "chai": "^3.4.1",
-    "mocha": "^2.3.4",
-    "sinon": "^1.17.2",
-    "semantic-release": "^6.3.6"
+    "chai": "^4.2.0",
+    "mocha": "^5.2.0",
+    "sinon": "^7.1.1"
   },
-  "publishConfig": {
-    "access": "restricted"
+  "engines": {
+    "node": ">= 4.2.4"
   },
-  "version": "1.0.0"
-}
+  "version": "1.1.0"
+}

README.md

@@ -1,2 +0,2 @@
-## gemfile [![Build Status](https://travis-ci.org/treycordova/gemfile.svg?branch=master)](https://travis-ci.org/treycordova/gemfile) [![Version Status](https://img.shields.io/npm/v/gemfile.svg)](https://www.npmjs.org/package/gemfile)
+## gemfile
 ### A Gemfile.lock parser for Node.js represented with JSON.
@@ -3,0 +3,0 @@ #### Installation

test/gemfile.test.js

@@ -157,3 +157,13 @@ 'use strict';
     });
+
+    ['Gemfile', 'Gemfile2'].forEach(function(filename) {
+      it('returns exactly what we expect for ' + filename, function() {
+        let file = fs.readFileSync('test/' + filename + '.lock', 'utf8');
+        let expected = JSON.parse(
+          fs.readFileSync('test/' + filename + '.json', 'utf8'));
+        let output = gemfile.interpret(file, true);
+        assert.deepEqual(output, expected, 'deep equals');
+      });
+    });
   });
 });

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Major refactor

Supply chain risk

Package has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

59004

increased by155.4%

Dev dependency count

3

decreased by-25%

Number of package files

10

increased by11.11%

Lines of code

2061

increased by654.95%

Worsened metrics

Number of medium supply chain risk alerts

1

increased byInfinity%

No dependency changes