New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More →
snyk-go-plugin
Advanced tools
snyk-go-plugin - npm Package Compare versions
Comparing version 1.3.1 to 1.3.2
| var fs = require('fs'); | ||
| var path = require('path'); | ||
| var toml = require('toml'); | ||
| var graphlib = require('graphlib'); | ||
@@ -42,8 +43,20 @@ var subProcess = require('./sub-process'); | ||
| ) | ||
| }).then(function (tree) { | ||
| tree = JSON.parse(tree); | ||
| }).then(function (graph) { | ||
| graph = JSON.parse(graph); | ||
| graph = graphlib.json.read(graph); | ||
| if (!graphlib.alg.isAcyclic(graph)) { | ||
| throw new Error( | ||
| 'Go import cycle detected (not allowed by the Go compiler)'); | ||
| } | ||
| var root = graph.node('.'); | ||
| if (!root) { | ||
| throw new Error('Failed parsing dependency graph'); | ||
| } | ||
| var projectRootPath = getProjectRootFromTargetFile(targetFile); | ||
| var pkgsTree = recursivelyBuildPkgTree( | ||
| tree, lockedVersions, projectRootPath, []); | ||
| graph, root, lockedVersions, projectRootPath, []); | ||
@@ -119,11 +132,14 @@ pkgsTree.packageFormatVersion = 'golang:0.0.1'; | ||
| function recursivelyBuildPkgTree( | ||
| goDepsTree, | ||
| lockedVersions, | ||
| projectRootPath, | ||
| fromPath) { | ||
| graph, | ||
| node, | ||
| lockedVersions, | ||
| projectRootPath, | ||
| fromPath) { | ||
| var isRoot = (fromPath.length == 0); | ||
| var isProjSubpkg = isProjSubpackage(goDepsTree.Dir, projectRootPath); | ||
| var isProjSubpkg = isProjSubpackage(node.Dir, projectRootPath); | ||
| var pkg = { | ||
| name: (isRoot ? goDepsTree.FullImportPath : goDepsTree.Name), | ||
| name: (isRoot ? node.FullImportPath : node.Name), | ||
| dependencies: {}, | ||
@@ -149,5 +165,8 @@ } | ||
| goDepsTree.Deps && goDepsTree.Deps.forEach(function (dep) { | ||
| var children = graph.successors(node.Name); | ||
| children.forEach(function (depName) { | ||
| var dep = graph.node(depName); | ||
| var child = recursivelyBuildPkgTree( | ||
| dep, lockedVersions, projectRootPath, pkg.from); | ||
| graph, dep, lockedVersions, projectRootPath, pkg.from); | ||
@@ -154,0 +173,0 @@ if (isInternalPackage(child.name) || child._isProjSubpkg) { |
@@ -19,2 +19,3 @@ { | ||
| "dependencies": { | ||
| "graphlib": "^2.1.1", | ||
| "toml": "^2.3.2" | ||
@@ -28,3 +29,3 @@ }, | ||
| }, | ||
| "version": "1.3.1" | ||
| "version": "1.3.2" | ||
| } |
Sorry, the diff of this file is not supported yet
No alert changes
Improved metrics
- Total package byte prevSize
- increased by9.96%
15986
- Lines of code
- increased by12.69%
506
Worsened metrics
- Dependency count
- increased by100%
2
Dependency changes
+ Addedgraphlib@^2.1.1
+ Addedgraphlib@2.1.8(transitive)
+ Addedlodash@4.17.21(transitive)