snyk-nuget-plugin
Advanced tools
Comparing version 1.0.0 to 1.0.1
@@ -6,28 +6,23 @@ function Dependency(name, version, targetFramework) { | ||
this.dependencies = {}; | ||
this.path = ''; | ||
this.versionSpec = 'unknown'; | ||
} | ||
Object.defineProperty(Dependency.prototype, 'resolvedName', { | ||
get: function () { | ||
return this.name + '.' + this.version; | ||
}, | ||
}) | ||
/** | ||
* @argument {Dependency} dep | ||
*/ | ||
Dependency.prototype.addDependecy = function addDependecy(dep) { | ||
this.flatDependencyMap[dep.name] = | ||
this.flatDependencyMap[dep.name] || | ||
new Dependency(dep.name, dep.version, dep.targetFramework); | ||
this.dependencies.push(dep); | ||
Dependency.prototype.cloneShallow = function () { | ||
// clone, without the dependencies | ||
var result = new Dependency(this.name, this.version, this.targetFramework); | ||
result.versionSpec = this.versionSpec; | ||
return result; | ||
}; | ||
/** | ||
* @argument {string} name | ||
*/ | ||
Dependency.prototype.hasDependency = function hasDependency(name) { | ||
return this.flatDependencyMap[name] !== undefined; | ||
Dependency.from = { | ||
packgesConfigEntry: function (manifest) { | ||
var result = new Dependency( | ||
manifest.$.id, | ||
manifest.$.version, | ||
manifest.$.targetFramework); | ||
result.versionSpec = manifest.$.version; | ||
return result; | ||
}, | ||
}; | ||
module.exports = Dependency; |
111
lib/index.js
@@ -9,3 +9,4 @@ var fs = require('fs'); | ||
var dependencyTree = {}; | ||
var flattendPackageList = {}; | ||
var nuspecResolutions = {}; | ||
@@ -28,7 +29,2 @@ function isJSON(content) { | ||
var tree = { | ||
plugin: { | ||
name: 'NuGet', | ||
targetFile: targetFile, | ||
}, | ||
package: { | ||
name: projectRootFolder, | ||
@@ -38,6 +34,6 @@ version: null, | ||
dependencies: {}, | ||
}, | ||
from: null, | ||
}; | ||
var chain = new Promise(function (resolve, reject) { | ||
}; | ||
var chain = new Promise(function parseFileContents(resolve, reject) { | ||
// Parse the file content | ||
if (contentAsJson) { | ||
@@ -56,11 +52,14 @@ // skip parsing from XML | ||
}).then(function (rawXML) { | ||
var list = []; | ||
// collect installed packages and add to flat list | ||
var installedPackages = []; | ||
if (rawXML === contentAsJson) { | ||
// start parsing JSON data | ||
var rawDependencies = contentAsJson['dependencies']; | ||
if (rawDependencies) { | ||
for (var name in rawDependencies) { | ||
// Array<{ "libraryName": "version" }> | ||
var version = rawDependencies[name]; | ||
var newDependency = new Dependecy(name, version, null); | ||
if (newDependency.resolvedName.indexOf('System.') !== 0) { | ||
list.push(newDependency); | ||
if (newDependency.name.indexOf('System.') !== 0) { | ||
installedPackages.push(newDependency); | ||
} | ||
@@ -70,26 +69,24 @@ } | ||
} else { | ||
// start parsing XML data | ||
rawXML.packages.package.forEach(function (node) { | ||
var newDependency = | ||
new Dependecy(node.$.id, node.$.version, node.$.targetFramework); | ||
newDependency.path = | ||
path.resolve( | ||
projectRootFolder, | ||
'packages', | ||
newDependency.resolvedName); | ||
if (newDependency.resolvedName.indexOf('System.') !== 0) { | ||
list.push(newDependency); | ||
if (node.$.id.indexOf('System.') !== 0) { | ||
// include only non-system libraries | ||
var installedDependency = Dependecy.from.packgesConfigEntry(node); | ||
installedPackages.push(installedDependency); | ||
} | ||
}); | ||
} | ||
list.forEach(function (entry) { | ||
entry.path = path.resolve( | ||
projectRootFolder, | ||
'packages', | ||
entry.resolvedName); | ||
dependencyTree[entry.resolvedName] = entry; | ||
installedPackages.forEach(function (entry) { | ||
entry.path = | ||
path.resolve( | ||
projectRootFolder, | ||
'packages', | ||
entry.name + '.' + entry.version); | ||
flattendPackageList[entry.name] = entry; | ||
}); | ||
}).then(function () { | ||
// initiate collecting information from .nuget files on installed packages | ||
var nuspecParserChain = []; | ||
for (var resolvedName in dependencyTree) { | ||
var dep = dependencyTree[resolvedName]; | ||
for (var name in flattendPackageList) { | ||
var dep = flattendPackageList[name]; | ||
nuspecParserChain.push(parseNuspec(dep)); | ||
@@ -101,18 +98,46 @@ } | ||
if (!resolution) return; // jscs:ignore | ||
var node = dependencyTree[resolution.parent]; | ||
resolution.children.forEach(function (childNode) { | ||
var dependency = | ||
dependencyTree[childNode.resolvedName] || | ||
new Dependecy( | ||
childNode.name, | ||
childNode.version, | ||
childNode.targetFramework); | ||
node.dependencies[dependency.resolvedName] = dependency; | ||
nuspecResolutions[resolution.name] = resolution; | ||
}); | ||
}).then(function () { | ||
// .nuget parsing is complete, returned as array of promise resolutions | ||
// now the flat list should be rebuilt as a tree | ||
function buildTree(node, requiredChildren, repository) { | ||
requiredChildren.forEach(function (requiredChild) { | ||
var transitiveDependency; | ||
if (flattendPackageList[requiredChild.name]) { | ||
// fetch from repo | ||
transitiveDependency = | ||
flattendPackageList[requiredChild.name].cloneShallow(); | ||
transitiveDependency.versionSpec = | ||
requiredChild.versionSpec || transitiveDependency.versionSpec; | ||
} else { | ||
// create as new (uninstalled) | ||
transitiveDependency = new Dependecy( | ||
requiredChild.name, | ||
requiredChild.version, | ||
requiredChild.targetFramework); | ||
transitiveDependency.versionSpec = requiredChild.version; | ||
} | ||
var transitiveChildren = | ||
(nuspecResolutions[node.name] && | ||
nuspecResolutions[node.name].children) || []; | ||
buildTree(transitiveDependency, transitiveChildren, repository); | ||
node.dependencies[transitiveDependency.name] = transitiveDependency; | ||
}); | ||
}); | ||
for (var packageName in dependencyTree) { | ||
if (packageName.indexOf('System.') !== 0) { | ||
tree.package.dependencies[packageName] = dependencyTree[packageName]; | ||
} | ||
var _flatKeyCount = Object.keys(flattendPackageList).length; | ||
var _nugtKeyCount = Object.keys(nuspecResolutions).length; | ||
if (_nugtKeyCount >= _flatKeyCount) { | ||
// local folders scanned, build list from .nuspec | ||
for (var key in nuspecResolutions) { | ||
var resolution = nuspecResolutions[key]; | ||
var node = flattendPackageList[resolution.name].cloneShallow(); | ||
buildTree(node, resolution.children, flattendPackageList); | ||
tree.dependencies[node.name] = node; | ||
} | ||
} else { | ||
tree.dependencies = flattendPackageList; | ||
} | ||
return tree; | ||
@@ -119,0 +144,0 @@ })['catch'](function (err) { |
@@ -9,7 +9,7 @@ var zip = require('zip'); | ||
function parseNuspec(dependency) { | ||
function parseNuspec(library) { | ||
var P = new Promise(function (resolve, reject) { | ||
var nuspecPath = path.resolve( | ||
dependency.path, | ||
dependency.resolvedName + '.nupkg'); | ||
library.path, | ||
library.name + '.' + library.version + '.nupkg'); | ||
var rawZipped; | ||
@@ -33,3 +33,3 @@ | ||
} else { | ||
var dependencies = []; | ||
var ownDependencies = []; | ||
(result.package.metadata || []).forEach(function (metadata) { | ||
@@ -39,9 +39,12 @@ (metadata.dependencies || []).forEach(function (rawDependency) { | ||
(group.dependency || []).forEach(function (dep) { | ||
dependencies.push( | ||
new Dependency(dep.$.id, dep.$.version, group.$.targetFramework) // jscs:ignore | ||
); | ||
const transitiveDependency = new Dependency(dep.$.id, dep.$.version, group.$.targetFramework) // jscs:ignore | ||
transitiveDependency.versionSpec = dep.$.versionSpec | ||
ownDependencies.push(transitiveDependency); | ||
}) | ||
}); | ||
(rawDependency.dependency || []).forEach(function (dep) { | ||
dependencies.push(new Dependency(dep.$.id, dep.$.version, null)); | ||
const transitiveDependency = | ||
new Dependency(dep.$.id, dep.$.version, null); | ||
transitiveDependency.versionSpec = dep.$.version; | ||
ownDependencies.push(transitiveDependency); | ||
}); | ||
@@ -51,4 +54,4 @@ }) | ||
resolve({ | ||
parent: dependency.resolvedName, | ||
children: dependencies.filter(function (dep) { | ||
name: library.name, | ||
children: ownDependencies.filter(function (dep) { | ||
return dep.name.indexOf('System.') !== 0; | ||
@@ -55,0 +58,0 @@ }), |
@@ -1,1 +0,1 @@ | ||
{"name":"snyk-nuget-plugin","description":"![logo](https://res.cloudinary.com/snyk/image/upload/v1468845259/logo/snyk-dog.svg) ## Snyk: NuGet Plugin ***","main":"lib/index.js","scripts":{"lint":"jscs `find ./lib -name '*.js'` -v && jscs `find ./test -name '*.js'` -v","test":"npm run unit-test","unit-test":"tap `ls ./test/*.test.js` -R=spec","dev":"nodemon -x 'npm run unit-test'","semantic-release":"semantic-release pre && npm publish && semantic-release post"},"repository":{"type":"git","url":"https://github.com/snyk/snyk-nuget-plugin.git"},"keywords":["snyk","nuget"],"author":"snyk.io","license":"Apache-2.0","bugs":{"url":"https://github.com/snyk/snyk-nuget-plugin/issues"},"homepage":"https://github.com/snyk/snyk-nuget-plugin#readme","dependencies":{"es6-promise":"^4.1.1","xml2js":"^0.4.17","zip":"^1.2.0"},"devDependencies":{"jscs":"^3.0.7","nodemon":"^1.12.1","semantic-release":"^8.2.0","tap":"^10.7.0","tap-only":"0.0.5"},"version":"1.0.0"} | ||
{"name":"snyk-nuget-plugin","description":"![logo](https://res.cloudinary.com/snyk/image/upload/v1468845259/logo/snyk-dog.svg) ## Snyk: NuGet Plugin ***","main":"lib/index.js","scripts":{"lint":"jscs `find ./lib -name '*.js'` -v && jscs `find ./test -name '*.js'` -v","test":"npm run unit-test","unit-test":"tap `ls ./test/*.test.js` -R=spec","dev":"nodemon -x 'npm run unit-test'","semantic-release":"semantic-release pre && npm publish && semantic-release post"},"repository":{"type":"git","url":"https://github.com/snyk/snyk-nuget-plugin.git"},"keywords":["snyk","nuget"],"author":"snyk.io","license":"Apache-2.0","bugs":{"url":"https://github.com/snyk/snyk-nuget-plugin/issues"},"homepage":"https://github.com/snyk/snyk-nuget-plugin#readme","dependencies":{"es6-promise":"^4.1.1","xml2js":"^0.4.17","zip":"^1.2.0"},"devDependencies":{"jscs":"^3.0.7","nodemon":"^1.12.1","semantic-release":"^8.2.0","tap":"^10.7.0","tap-only":"0.0.5"},"version":"1.0.1"} |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
10440
243