snyk-resolve-deps
Advanced tools
Comparing version 1.5.0 to 1.5.1-alpha1
@@ -8,4 +8,2 @@ module.exports = pluck; | ||
function pluck(root, path, name, range) { | ||
debug('plucking %s@%s', name, range); | ||
if (range === 'latest') { | ||
@@ -27,52 +25,36 @@ range = '*'; | ||
// do a check to see if the last item in the path is actually the package | ||
// we're looking for, and if it is, drop it | ||
if (from.length) { | ||
var tip = moduleToObject(from.slice(-1).pop()); | ||
// note: this could miss the situation when dep@2 > dep@1 ...unsure | ||
if (tip.name === name) { | ||
from.pop(); | ||
} | ||
// we're looking for, and if it's not, push it on | ||
if (from.length !== 0 && moduleToObject(from.slice(-1).pop()).name === name) { | ||
from.pop(); | ||
} | ||
// strip any extraneous data from the package names | ||
from = from.map(stripVersion); | ||
// then we always put the target package on the end of the chain | ||
// to ensure it's in exactly the right format to be used in `getMatch` | ||
from.push(name + '@' + range); | ||
// walk the depth of `from` to find the `dependencies` property from `root` | ||
// if it can't be found, pop `from` and try again until `from` is empty | ||
do { | ||
var pkg = findPackage(root, from.slice(0), name, range); | ||
debug('using forward search %s@%s in %s', from.join(' > ')); | ||
if (pkg) { | ||
return pkg; | ||
} | ||
} while (from.pop()); | ||
var match = false; | ||
var leaf = root; | ||
var realPath = []; | ||
return false; | ||
} | ||
while (from.length) { | ||
var pkg = moduleToObject(from[0]); | ||
var test = getMatch(leaf, pkg.name, pkg.version); | ||
function findPackage(root, from, name, range) { | ||
var deps; | ||
do { | ||
deps = from.reduce(findDependencyLeaf, root); | ||
} while (!deps && from.shift()); | ||
var match = getMatch(deps, name, range); | ||
if (match) { | ||
return match; | ||
if (test) { | ||
from.shift(); | ||
realPath.push(leaf); | ||
leaf = test; | ||
} else { | ||
leaf = realPath.pop(); | ||
if (!leaf) { | ||
return false; | ||
} | ||
} | ||
} | ||
} | ||
function findDependencyLeaf(acc, curr) { | ||
if (acc.dependencies && acc.dependencies[curr]) { | ||
return acc.dependencies[curr]; | ||
} | ||
return false; | ||
return leaf.name === name ? leaf : false; | ||
} | ||
function stripVersion(value) { | ||
// support passing the value as the vuln.from | ||
return moduleToObject(value).name; | ||
} | ||
function getMatch(root, name, range) { | ||
@@ -79,0 +61,0 @@ var dep = root.dependencies && root.dependencies[name]; |
{ | ||
"name": "snyk-resolve-deps", | ||
"version": "1.5.1-alpha1", | ||
"description": "Resolves a node package tree with combined support for both npm@2 and npm@3.", | ||
@@ -41,3 +42,3 @@ "main": "lib/index.js", | ||
"semver": "^5.1.0", | ||
"snyk-module": "^1.0.2", | ||
"snyk-module": "^1.5.0", | ||
"snyk-resolve": "^1.0.0", | ||
@@ -51,4 +52,3 @@ "snyk-tree": "^1.0.0", | ||
"url": "https://github.com/Snyk/resolve-deps.git" | ||
}, | ||
"version": "1.5.0" | ||
} | ||
} | ||
} |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
No v1
QualityPackage is not semver >=1. This means it is not stable and does not support ^ ranges.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
317252
48
1039
2
Updatedsnyk-module@^1.5.0