snyk-resolve-deps
Advanced tools
Comparing version 1.1.5 to 1.1.6-alpha1
@@ -51,3 +51,4 @@ #!/usr/bin/env node | ||
count.forEach(function (dep) { | ||
console.log(' - %s - %s', dep.full, dep.from.join(' > ')); | ||
console.log(' - %s (%s) - %s', dep.full, dep.depType, | ||
(dep.from || []).join(' > ')); | ||
}); | ||
@@ -54,0 +55,0 @@ return; |
module.exports = loadModules; | ||
var depTypes = require('./consts'); | ||
var depTypes = require('./dep-types'); | ||
var fs = require('then-fs'); | ||
@@ -74,2 +74,3 @@ var _ = require('lodash'); | ||
__dependencies: pkg.dependencies, | ||
__optionalDependencies: pkg.optionalDependencies, | ||
__filename: pkg.__filename, | ||
@@ -136,18 +137,11 @@ }; | ||
var depType = rootDepType; | ||
if (pkg.dependencies && pkg.dependencies[curr.name]) { | ||
depType = depTypes.PROD; | ||
} else if (pkg.devDependencies && pkg.devDependencies[curr.name]) { | ||
depType = depTypes.DEV; | ||
} | ||
var depInfo = depTypes(curr.name, pkg); | ||
var depType = depInfo.type || rootDepType; | ||
var depFrom = depInfo.from; | ||
var valid = false; | ||
if (pkg.dependencies) { | ||
valid = semver.satisfies(curr.version, pkg.dependencies[curr.name]); | ||
if (depFrom) { | ||
valid = semver.satisfies(curr.version, depFrom); | ||
} | ||
var depFrom = depType === depTypes.DEV ? | ||
pkg.devDependencies[curr.name] : | ||
pkg.dependencies[curr.name]; | ||
acc[curr.name] = { | ||
@@ -165,2 +159,3 @@ name: curr.name, | ||
__dependencies: curr.dependencies, | ||
__optionalDependencies: curr.optionalDependencies, | ||
__filename: curr.__filename, | ||
@@ -176,9 +171,2 @@ }; | ||
// TODO decide if we can really remove this - I can't see how it's ever | ||
// called in real life... | ||
// if (deps.length === 0) { | ||
// modules.dependencies = false; | ||
// return modules; | ||
// } | ||
var promises = deps.map(function (dep) { | ||
@@ -185,0 +173,0 @@ var depType = modules.dependencies[dep].depType; |
@@ -6,6 +6,9 @@ module.exports = logicalTree; | ||
var walk = require('./walk'); | ||
var depTypes = require('./consts'); | ||
var path = require('path'); | ||
var depTypes = require('./dep-types'); | ||
var colour = require('ansicolors'); | ||
var _ = require('lodash'); | ||
var format = require('util').format; | ||
var ext = colour.bgBlack(colour.green('extraneous')); | ||
var problems = []; | ||
@@ -34,24 +37,24 @@ /** | ||
} | ||
var logicalRoot = copy(fileTree); | ||
problems = []; | ||
var logicalRoot = copy(fileTree, fileTree.__from, true); | ||
logicalRoot.dependencies = walkDeps(fileTree, fileTree); | ||
if (fileTree.problems && fileTree.problems.length) { | ||
logicalRoot.problems = fileTree.problems.slice(0); | ||
} | ||
var removedPaths = []; | ||
// do a shallow pass on the deps and strip out dev deps | ||
Object.keys(fileTree.dependencies).forEach(function (name) { | ||
var dep = fileTree.dependencies[name]; | ||
// if we're not interested in devDeps, then strip them out | ||
if (!options.dev && dep.depType === depTypes.DEV) { | ||
// since dev deps are only ever on the root, we know we can remove it | ||
// directly from the logicalRoot.dependencies | ||
removedPaths.push(dep.__from); | ||
delete logicalRoot.dependencies[dep.name]; | ||
return; | ||
} | ||
}); | ||
if (!options.dev) { | ||
// do a shallow pass on the deps and strip out dev deps | ||
Object.keys(fileTree.dependencies).forEach(function (name) { | ||
var dep = fileTree.dependencies[name]; | ||
// if we're not interested in devDeps, then strip them out | ||
if (dep.depType === depTypes.DEV) { | ||
// since dev deps are only ever on the root, we know we can remove it | ||
// directly from the logicalRoot.dependencies | ||
removedPaths.push(dep.__from); | ||
delete logicalRoot.dependencies[dep.name]; | ||
return; | ||
} | ||
}); | ||
} | ||
walk(fileTree.dependencies, function (dep) { | ||
@@ -68,9 +71,16 @@ if (!dep.__used) { | ||
dep.extraneous = true; | ||
dep.depType = depTypes.EXTRANEOUS; | ||
var issue = ext + ': ' + dep.name + '@' + dep.version + ' (from ' + | ||
dep.dep + ') > ' + dep.__filename; | ||
dep.problems = [issue]; | ||
problem(logicalRoot, issue); | ||
insertLeaf(logicalRoot, dep, fileTree); | ||
var leaf = copy(dep); | ||
var issue = format('%s: %s@%s (from %s) > %s', ext, leaf.name, | ||
leaf.version, leaf.dep, path.relative('.', leaf.__filename)); | ||
leaf.problems = [issue]; | ||
problems.push(issue); | ||
leaf.extraneous = true; | ||
leaf.depType = depTypes.EXTRANEOUS; | ||
leaf.dependencies = walkDeps(fileTree, dep); | ||
walk(leaf.dependencies, function (dep) { | ||
dep.extraneous = true; | ||
dep.depType = depTypes.EXTRANEOUS; | ||
}); | ||
insertLeaf(logicalRoot, leaf, dep.__from); | ||
} | ||
@@ -80,2 +90,3 @@ }); | ||
logicalRoot.pluck = pluck.bind(null, fileTree); | ||
logicalRoot.problems = problems.slice(0); | ||
@@ -85,4 +96,4 @@ return logicalRoot; | ||
function insertLeaf(tree, leaf) { | ||
var path = (leaf.__from || []).slice(1, -1); // remove the root of the path | ||
function insertLeaf(tree, leaf, from) { | ||
var path = (from || []).slice(1, -1); // remove the root of the path | ||
var entry = tree.dependencies; | ||
@@ -97,27 +108,38 @@ for (var i = 0; i < path.length; i++) { | ||
function problem(root, issue) { | ||
if (!root.problems) { | ||
root.problems = []; | ||
function walkDeps(root, tree, from) { | ||
if (!from) { | ||
from = tree.__from; | ||
} | ||
root.problems.push(issue); | ||
} | ||
function walkDeps(root, tree) { | ||
// only include the devDeps on the root level package | ||
var deps = _.extend({}, tree.__dependencies, | ||
tree.__from && tree.__from.length === 1 ? tree.__devDependencies : {}); | ||
tree.__from && from.length === 1 ? tree.__devDependencies : {}); | ||
deps = _.extend(deps, tree.__optionalDependencies); | ||
return Object.keys(deps).reduce(function walkDepsPicker(acc, curr) { | ||
var version = deps[curr]; | ||
var dep = pluck(root, tree.__from, curr, version); | ||
// only attempt to walk this dep if it's not in our path already | ||
if (tree.__from.indexOf(curr) === -1) { | ||
var version = deps[curr]; | ||
var dep = pluck(root, tree.__from, curr, version); | ||
if (!dep) { | ||
problem(root, 'missing: ' + curr + '@' + version + | ||
', required by ' + tree.name + '@' + tree.version); | ||
return acc; | ||
} | ||
if (!dep) { | ||
problems.push(format('missing: %s@%s, required by %s', curr, version, | ||
from.join(' > '))); | ||
return acc; | ||
} | ||
var pkg = acc[dep.name] = copy(dep, tree.__from.concat(dep.name)); | ||
if (!dep.__used) { | ||
dep.__used = true; | ||
pkg.dependencies = walkDeps(root, dep); | ||
if (from.indexOf(dep.name) === -1) { | ||
var pkg = acc[dep.name] = copy(dep, from.concat(dep.name)); | ||
dep.__used = true; | ||
var info = depTypes(dep.name, { | ||
dependencies: tree.__dependencies, | ||
devDependencies: tree.__devDependencies, | ||
optionalDependencies: tree.__optionalDependencies, | ||
}); | ||
pkg.depType = info.type; | ||
pkg.dep = info.from; | ||
pkg.dependencies = walkDeps(root, dep, pkg.from); | ||
} | ||
} | ||
@@ -129,11 +151,20 @@ | ||
function copy(leaf, from) { | ||
function copy(leaf, from, ignoreDeps) { | ||
if (!from) { | ||
from = leaf.__from; | ||
} | ||
var res = Object.keys(leaf).reduce(function copyIterator(acc, curr) { | ||
if (leaf[curr] !== undefined && curr.indexOf('__') !== 0) { | ||
acc[curr] = leaf[curr]; | ||
if (curr !== 'dependencies') { | ||
acc[curr] = leaf[curr]; | ||
} | ||
} | ||
return acc; | ||
}, {}); | ||
res.from = (from || leaf.__from).slice(0); | ||
res.from = from.slice(0); | ||
res.__filename = leaf.__filename; | ||
return res; | ||
} |
{ | ||
"name": "snyk-resolve-deps", | ||
"description": "Resolves a node package tree with combined support for both npm@2 and npm@3.", | ||
"version": "1.1.6-alpha1", | ||
"main": "lib/index.js", | ||
@@ -13,5 +14,6 @@ "directories": { | ||
"lint": "jscs cli/*.js lib/*.js -v", | ||
"check-tests": "! grep 'test.only' test/*.test.js -n", | ||
"env": "node -e 'console.log(process.env, process.versions)'", | ||
"cover": "tap test/*.test.js --cov --coverage-report=lcov", | ||
"test": "npm run lint && tap test/*.test.js --cov --timeout=60", | ||
"test": "npm run check-tests && npm run lint && tap test/*.test.js --cov --timeout=60", | ||
"semantic-release": "semantic-release pre && npm publish && semantic-release post" | ||
@@ -24,3 +26,3 @@ }, | ||
"semantic-release": "^4.3.5", | ||
"snyk-resolve-deps-fixtures": "^1.1.2", | ||
"snyk-resolve-deps-fixtures": "^1.1.3", | ||
"tap": "^5.1.1", | ||
@@ -40,3 +42,2 @@ "tap-only": "0.0.5", | ||
"semver": "^5.1.0", | ||
"snyk": "*", | ||
"snyk-module": "^1.0.2", | ||
@@ -49,4 +50,3 @@ "snyk-resolve": "^1.0.0", | ||
"url": "https://github.com/Snyk/resolve-deps.git" | ||
}, | ||
"version": "1.1.5" | ||
} | ||
} | ||
} |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
No v1
QualityPackage is not semver >=1. This means it is not stable and does not support ^ ranges.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Wildcard dependency
QualityPackage has a dependency with a floating version range. This can cause issues if the dependency publishes a new major version.
Found 1 instance in 1 package
303529
10
41
984
0
2
- Removedsnyk@*
- Removed@sentry-internal/tracing@7.119.2(transitive)
- Removed@sentry/core@7.119.2(transitive)
- Removed@sentry/integrations@7.119.2(transitive)
- Removed@sentry/node@7.119.2(transitive)
- Removed@sentry/types@7.119.2(transitive)
- Removed@sentry/utils@7.119.2(transitive)
- Removedboolean@3.2.0(transitive)
- Removeddefine-data-property@1.1.4(transitive)
- Removeddefine-properties@1.2.1(transitive)
- Removeddetect-node@2.1.0(transitive)
- Removedes-define-property@1.0.0(transitive)
- Removedes-errors@1.3.0(transitive)
- Removedes6-error@4.1.1(transitive)
- Removedescape-string-regexp@4.0.0(transitive)
- Removedfunction-bind@1.1.2(transitive)
- Removedget-intrinsic@1.2.4(transitive)
- Removedglobal-agent@3.0.0(transitive)
- Removedglobalthis@1.0.4(transitive)
- Removedgopd@1.0.1(transitive)
- Removedhas-property-descriptors@1.0.2(transitive)
- Removedhas-proto@1.0.3(transitive)
- Removedhas-symbols@1.0.3(transitive)
- Removedhasown@2.0.2(transitive)
- Removedimmediate@3.0.6(transitive)
- Removedjson-stringify-safe@5.0.1(transitive)
- Removedlie@3.1.1(transitive)
- Removedlocalforage@1.10.0(transitive)
- Removedmatcher@3.0.0(transitive)
- Removedobject-keys@1.1.1(transitive)
- Removedroarr@2.15.4(transitive)
- Removedsemver@7.6.3(transitive)
- Removedsemver-compare@1.0.0(transitive)
- Removedserialize-error@7.0.1(transitive)
- Removedsnyk@1.1293.1(transitive)
- Removedsprintf-js@1.1.3(transitive)
- Removedtype-fest@0.13.1(transitive)