		@@ -43,17 +43,16 @@ var fs = require('fs');
		function getDependencies(root, targetFile) {
		var lockedVersions;
		var config;
		return new Promise(function (resolve, reject) {
		try {
		lockedVersions = parseLockFile(root, targetFile);
		resolve(lockedVersions);
		} catch (e) {
		reject(new Error(
		'failed parsing ' + targetFile + ': ' + e.message));
		}
		config = parseConfig(root, targetFile);
		resolve(config);
		}).then(function () {
		var goTreeTool = path.join(__dirname, '..', 'gosrc', 'deps-tree.go')
		var goResolveTool = path.join(__dirname, '..', 'gosrc', 'resolve-deps.go')

		var ignorePkgsParam;
		if (config.ignoredPkgs && config.ignoredPkgs.length > 0) {
		ignorePkgsParam = '-ignoredPkgs=' + config.ignoredPkgs.join(',');
		}
		return subProcess.execute(
		'go',
		['run', goTreeTool],
		['run', goResolveTool, ignorePkgsParam],
		{ cwd: root }
		@@ -70,3 +69,8 @@ )

		var root = graph.node('.');
		// A project can contain several "entry points",
		// i.e. pkgs with no local dependants.
		// To create a tree, we add edges from a "virutal root",
		// to these source nodes.
		var VIRTUAL_ROOT_NODE_ID = '.'
		var root = graph.node(VIRTUAL_ROOT_NODE_ID);
		if (!root) {
		@@ -76,6 +80,12 @@ throw new Error('Failed parsing dependency graph');

		graph.sources().forEach(function (nodeId) {
		if (nodeId != VIRTUAL_ROOT_NODE_ID) {
		graph.setEdge(VIRTUAL_ROOT_NODE_ID, nodeId)
		}
		});

		var projectRootPath = getProjectRootFromTargetFile(targetFile);

		var pkgsTree = recursivelyBuildPkgTree(
		graph, root, lockedVersions, projectRootPath, [], {});
		graph, root, config.lockedVersions, projectRootPath, [], {});
		delete pkgsTree._counts;
		@@ -264,10 +274,19 @@

		function parseLockFile(root, targetFile) {
		function parseConfig(root, targetFile) {
		var config = {
		ignoredPkgs: [],
		lockedVersions: {},
		};

		var pkgManager = pkgManagerByTarget(targetFile);
		switch (pkgManager) {
		case 'dep': {
		return parseDepLock(root, targetFile);
		config.lockedVersions = parseDepLock(root, targetFile);
		var manifest = parseDepManifest(root, targetFile);
		config.ignoredPkgs = manifest.ignored;
		break;
		}
		case 'govendor': {
		return parseGovendorLock(root, targetFile);
		config.lockedVersions = parseGovendorLock(root, targetFile);
		break;
		}
		@@ -278,53 +297,81 @@ default: {
		}

		return config;
		}

		function parseDepLock(root, targetFile) {
		var lock = fs.readFileSync(path.join(root, targetFile));
		try {
		var lock = fs.readFileSync(path.join(root, targetFile));

		// TODO: handle parse error
		var lockJson = toml.parse(String(lock))
		var lockJson = toml.parse(String(lock))

		var deps = {};
		lockJson.projects && lockJson.projects.forEach(function (proj) {
		var version = proj.version \|\| ('#' + proj.revision);
		var deps = {};
		lockJson.projects && lockJson.projects.forEach(function (proj) {
		var version = proj.version \|\| ('#' + proj.revision);

		proj.packages.forEach(function (subpackageName) {
		var name =
		(subpackageName == '.' ? proj.name : proj.name + '/' + subpackageName);
		proj.packages.forEach(function (subpackageName) {
		var name =
		(subpackageName == '.' ?
		proj.name :
		proj.name + '/' + subpackageName);

		var dep = {
		name: name,
		version: version,
		}
		var dep = {
		name: name,
		version: version,
		}

		deps[dep.name] = dep;
		deps[dep.name] = dep;
		});
		});
		});

		return deps;
		return deps;
		} catch (e) {
		throw (new Error('failed parsing ' + targetFile + ': ' + e.message));
		}
		}

		function parseDepManifest(root, targetFile) {
		var manifestDir = path.dirname(path.join(root, targetFile))
		var manifestPath = path.resolve(path.join(manifestDir, 'Gopkg.toml'))

		try {
		var manifestToml = fs.readFileSync(manifestPath);

		var manifestJson = toml.parse(String(manifestToml)) \|\| {};

		manifestJson.ignored = manifestJson.ignored \|\| [];

		return manifestJson;
		} catch (e) {
		throw (new Error('failed parsing Gopkg.toml:' + e.message));
		}
		}

		// TODO: branch, old Version can be a tag too?
		function parseGovendorLock(root, targetFile) {
		var lock = fs.readFileSync(path.join(root, targetFile));
		try {
		var lock = fs.readFileSync(path.join(root, targetFile));

		var deps = {};
		var lockJson = JSON.parse(lock);
		var deps = {};
		var lockJson = JSON.parse(lock);

		var packages = lockJson.package \|\| lockJson.Package;
		var packages = lockJson.package \|\| lockJson.Package;

		packages && packages.forEach(function (pkg) {
		var revision = pkg.revision \|\| pkg.Revision \|\| pkg.version \|\| pkg.Version;
		packages && packages.forEach(function (pkg) {
		var revision = pkg.revision \|\| pkg.Revision \|\| pkg.version \|\| pkg.Version;

		var version = pkg.versionExact \|\| ('#' + revision);
		var version = pkg.versionExact \|\| ('#' + revision);

		var dep = {
		name: pkg.path,
		version: version,
		}
		var dep = {
		name: pkg.path,
		version: version,
		}

		deps[dep.name] = dep;
		});
		deps[dep.name] = dep;
		});

		return deps;
		return deps;
		} catch (e) {
		throw (new Error('failed parsing ' + targetFile + ': ' + e.message));
		}
		}
		@@ -331,0 +378,0 @@

package.json

		@@ -30,3 +30,3 @@ {
		},
		"version": "1.3.9"
		"version": "1.4.0"
		}

gosrc/deps-tree.go

snyk-go-plugin - npm Package Compare versions

New alerts

Fixed alerts

Improved metrics