snyk-paket-parser
Advanced tools
snyk-paket-parser - npm Package Compare versions
Comparing version 1.1.0 to 1.2.0
| "use strict"; | ||
| Object.defineProperty(exports, "__esModule", { value: true }); | ||
| const lock_parser_1 = require("./lock-parser"); | ||
| const path = require("path"); | ||
| const fs = require("fs"); | ||
| var DepType; | ||
| (function (DepType) { | ||
| DepType["prod"] = "prod"; | ||
| DepType["dev"] = "dev"; | ||
| })(DepType || (DepType = {})); | ||
| function parse(manifestFileContents, lockFileContents, includeDev = false) { | ||
| // parse manifestFileContents here too when the time comes | ||
| const lockFile = lock_parser_1.parseLockFile(lockFileContents); | ||
| return buildDependencyTree(lockFile, includeDev); | ||
| } | ||
| function parseFromFile(root, manifestFilePath, lockFilePath, includeDev = false) { | ||
| if (!root || !manifestFilePath || !lockFilePath) { | ||
| throw new Error('Missing required parameters for parseFromFile()'); | ||
| } | ||
| const manifestFileFullPath = path.resolve(root, manifestFilePath); | ||
| const lockFileeFullPath = path.resolve(root, lockFilePath); | ||
| if (!fs.existsSync(manifestFileFullPath)) { | ||
| throw new Error('No paket.dependencies file found at ' + | ||
| `location: ${manifestFileFullPath}`); | ||
| } | ||
| if (!fs.existsSync(lockFileeFullPath)) { | ||
| throw new Error('No paket.lock file found at ' + | ||
| `location: ${lockFileeFullPath}`); | ||
| } | ||
| const manifestFileContents = fs.readFileSync(manifestFileFullPath, 'utf-8'); | ||
| const lockFileContents = fs.readFileSync(manifestFileFullPath, 'utf-8'); | ||
| return parse(manifestFileContents, manifestFileContents, includeDev); | ||
| } | ||
| function buildDependencyTree( | ||
| /* manifestFile: PaketManifest, */ lockFile, includeDev = false) { | ||
| const depTree = { | ||
| dependencies: {}, | ||
| name: '', | ||
| version: '', | ||
| }; | ||
| for (const group of lockFile.groups) { | ||
| const isDev = group.name === 'build' || group.name === 'test' || group.name === 'tests'; | ||
| if (isDev && !includeDev) { | ||
| continue; | ||
| } | ||
| for (const dep of group.dependencies) { | ||
| depTree.dependencies[dep.name] = { | ||
| depType: isDev ? DepType.dev : DepType.prod, | ||
| dependencies: buildSubTree(dep.dependencies), | ||
| name: dep.name, | ||
| version: dep.version, | ||
| }; | ||
| } | ||
| } | ||
| return depTree; | ||
| } | ||
| exports.buildDependencyTree = buildDependencyTree; | ||
| function buildSubTree(dependency) { | ||
| const subTree = {}; | ||
| for (const dep of dependency) { | ||
| subTree[dep.name] = { | ||
| dependencies: {}, | ||
| name: dep.name, | ||
| version: dep.version, | ||
| }; | ||
| } | ||
| return subTree; | ||
| } | ||
| //# sourceMappingURL=index.js.map |
@@ -41,3 +41,3 @@ { | ||
| }, | ||
| "version": "1.1.0" | ||
| "version": "1.2.0" | ||
| } |
Sorry, the diff of this file is not supported yet
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Major refactor
Supply chain riskPackage has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.
Found 1 instance in 1 package
Filesystem access
Supply chain riskAccesses the file system, and could potentially read sensitive data.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by476.5%
26784
- Number of package files
- increased by66.67%
15
- Lines of code
- increased by964.1%
415
Worsened metrics
- Number of low supply chain risk alerts
- increased byInfinity%
1
- Number of medium supply chain risk alerts
- increased byInfinity%
1