snyk-go-parser - npm Package Compare versions

Comparing version 1.0.2 to 1.1.0

dist/index.d.ts

 import { parseGoPkgConfig, parseGoVendorConfig } from './parser';
 import { DepTree, GoPackageManagerType, GoProjectConfig } from './types';
+interface DepDict {
+    [dep: string]: DepTree;
+}
+export interface DepTree {
+    name: string;
+    version: string;
+    dependencies?: DepDict;
+}
 export { GoPackageManagerType };
 export { parseGoPkgConfig, parseGoVendorConfig, GoProjectConfig };
-export declare function buildGoPkgDepTree(manifestFileContents: string, lockFileContents: string, options?: any): Promise<DepTree>;
-export declare function buildGoVendorDepTree(manifestFileContents: string, options?: any): Promise<DepTree>;
+export declare function buildGoPkgDepTree(manifestFileContents: string, lockFileContents: string, options?: unknown): Promise<DepTree>;
+export declare function buildGoVendorDepTree(manifestFileContents: string, options?: unknown): Promise<DepTree>;
+export declare function buildGoModDepTree(manifestFileContents: string, options?: unknown): DepTree;

dist/index.js

@@ -7,2 +7,5 @@ "use strict";
 exports.parseGoVendorConfig = parser_1.parseGoVendorConfig;
+var gomod_parser_1 = require("./gomod-parser");
+// TODO(kyegupov): make all build* functions sync
+// TODO(kyegupov): pin down the types for "options"
 // Build dep tree from the manifest/lock files only.
@@ -30,5 +33,36 @@ // This does not scan the source code for imports, so it's not accurate;
 exports.buildGoVendorDepTree = buildGoVendorDepTree;
-function buildGoDepTree(goProjectConfig) {
+// We are not using go.sum file here because it's not actually a lockfile and contains dependencies
+// that are actually long gone.
+function buildGoModDepTree(manifestFileContents, options) {
     var e_1, _a;
+    // We actually use only some bits of the go.mod contents
+    var goMod = gomod_parser_1.parseGoMod(manifestFileContents);
     var depTree = {
+        name: goMod.moduleName,
+        version: '0.0.0',
+        dependencies: {},
+    };
+    var dependencies = depTree.dependencies;
+    try {
+        for (var _b = tslib_1.__values(goMod.requires), _c = _b.next(); !_c.done; _c = _b.next()) {
+            var req = _c.value;
+            dependencies[req.moduleName] = {
+                name: req.moduleName,
+                version: gomod_parser_1.toSnykVersion(req.version),
+            };
+        }
+    }
+    catch (e_1_1) { e_1 = { error: e_1_1 }; }
+    finally {
+        try {
+            if (_c && !_c.done && (_a = _b.return)) _a.call(_b);
+        }
+        finally { if (e_1) throw e_1.error; }
+    }
+    return depTree;
+}
+exports.buildGoModDepTree = buildGoModDepTree;
+function buildGoDepTree(goProjectConfig) {
+    var e_2, _a;
+    var depTree = {
         name: goProjectConfig.packageName || 'root',
@@ -38,13 +72,13 @@ version: '0.0.0',
     };
+    var dependencies = depTree.dependencies;
     try {
         for (var _b = tslib_1.__values(Object.keys(goProjectConfig.lockedVersions)), _c = _b.next(); !_c.done; _c = _b.next()) {
             var dep = _c.value;
-            depTree.dependencies[dep] = {
+            dependencies[dep] = {
                 name: dep,
                 version: goProjectConfig.lockedVersions[dep].version,
-                dependencies: {},
             };
         }
     }
-    catch (e_1_1) { e_1 = { error: e_1_1 }; }
+    catch (e_2_1) { e_2 = { error: e_2_1 }; }
     finally {
@@ -54,3 +88,3 @@ try {
         }
-        finally { if (e_1) throw e_1.error; }
+        finally { if (e_2) throw e_2.error; }
     }
@@ -57,0 +91,0 @@ return depTree;

dist/parser.js

@@ -5,2 +5,3 @@ "use strict";
 var errors_1 = require("./errors/");
+// TODO(kyegupov): split into go-dep-parser and go-vendor-parser files
 function parseGoPkgConfig(manifestFileContents, lockFileContents) {
@@ -67,8 +68,8 @@ if (!manifestFileContents && !lockFileContents) {
     try {
+        var gvJson = JSON.parse(jsonStr);
         var goProjectConfig_1 = {
             ignoredPkgs: [],
             lockedVersions: {},
+            packageName: gvJson.rootPath,
         };
-        var gvJson = JSON.parse(jsonStr);
-        goProjectConfig_1.packageName = gvJson.rootPath;
         var packages = (gvJson.package || gvJson.Package);
@@ -75,0 +76,0 @@ if (packages) {

dist/types.d.ts

@@ -1,2 +0,2 @@
-export declare type GoPackageManagerType = 'golangdep' | 'govendor';
+export declare type GoPackageManagerType = 'golangdep' | 'govendor' | 'gomod';
 export interface LockedDep {
@@ -10,6 +10,39 @@ name: string;
 export interface GoProjectConfig {
-    ignoredPkgs: string[];
+    ignoredPkgs?: string[];
     lockedVersions: LockedDeps;
     packageName?: string;
 }
+export interface GoMod {
+    moduleName: string;
+    golangVersion?: string;
+    requires: Require[];
+    replaces: Replace[];
+    excludes: ModuleAndVersion[];
+}
+export interface ModuleExactVersion {
+    exactVersion: string;
+    incompatible: boolean;
+}
+export interface ModulePseudoVersion {
+    baseVersion: string;
+    suffix: string;
+    hash: string;
+    timestamp: string;
+}
+export interface ModuleAndVersion {
+    moduleName: string;
+    version: ModuleVersion;
+}
+export declare type ModuleVersion = ModuleExactVersion | ModulePseudoVersion;
+export interface Require extends ModuleAndVersion {
+    indirect: boolean;
+}
+export interface ModuleAndMaybeVersion {
+    moduleName: string;
+    version?: ModuleVersion;
+}
+export interface Replace {
+    oldMod: ModuleAndMaybeVersion;
+    newMod: ModuleAndMaybeVersion;
+}
 export interface DepTree {
@@ -16,0 +49,0 @@ name: string;

package.json

@@ -40,3 +40,3 @@ {
   },
-  "version": "1.0.2"
+  "version": "1.1.0"
 }

No alert changes

Improved metrics

Total package byte prevSize

30104

90.11%

Number of package files

21

16.67%

Lines of code

462

110%

No dependency changes