snyk-resolve-deps
Advanced tools
Comparing version 4.1.2 to 4.2.0
@@ -7,4 +7,4 @@ "use strict"; | ||
function depTypes(depName, pkg) { | ||
var type = null; | ||
var from = 'unknown'; | ||
let type = null; | ||
let from = 'unknown'; | ||
if (pkg.devDependencies && pkg.devDependencies[depName]) { | ||
@@ -23,3 +23,3 @@ type = depTypes.DEV; | ||
} | ||
var bundled = !!(pkg.bundleDependencies && | ||
let bundled = !!(pkg.bundleDependencies && | ||
pkg.bundleDependencies[depName]); | ||
@@ -26,0 +26,0 @@ return { |
@@ -22,6 +22,6 @@ "use strict"; | ||
tryRequire.cache.reset(); // reset the package cache on re-run | ||
var opt = _.clone(options || {}); | ||
var pkgRoot = root; | ||
let opt = _.clone(options || {}); | ||
let pkgRoot = root; | ||
if (opt.file) { | ||
var pathInfo = path.parse(opt.file); | ||
let pathInfo = path.parse(opt.file); | ||
pkgRoot = path.resolve(pkgRoot, pathInfo.dir); | ||
@@ -32,3 +32,3 @@ opt.file = pathInfo.base; | ||
// ensure there's no missing packages our known root deps | ||
var missing = []; | ||
let missing = []; | ||
if (tree.__dependencies) { | ||
@@ -69,9 +69,9 @@ Object.keys(tree.__dependencies).forEach(function (name) { | ||
} | ||
var modules = {}; | ||
var dir = path.resolve(root, options.file || 'package.json'); | ||
let modules = {}; | ||
let dir = path.resolve(root, options.file || 'package.json'); | ||
// 1. read package.json for written deps | ||
var promise = tryRequire(dir).then(function (pkg) { | ||
let promise = tryRequire(dir).then(function (pkg) { | ||
// if there's a package found, collect this information too | ||
if (pkg) { | ||
var full = pkg.name + '@' + (pkg.version || '0.0.0'); | ||
let full = pkg.name + '@' + (pkg.version || '0.0.0'); | ||
modules = {}; | ||
@@ -116,3 +116,3 @@ applyExtraFields(pkg, modules, options.extraFields); | ||
return fs.readdir(path.resolve(root, 'node_modules')).then(function (dirs) { | ||
var res = dirs.map(function (dir) { | ||
let res = dirs.map(function (dir) { | ||
// completely ignore `.bin` npm helper dir | ||
@@ -145,4 +145,4 @@ // ~ can be a symlink to node_modules itself | ||
res.reduce(function (acc, curr) { | ||
var license; | ||
var licenses = curr.license || curr.licenses; | ||
let license; | ||
let licenses = curr.license || curr.licenses; | ||
if (Array.isArray(licenses)) { | ||
@@ -157,10 +157,10 @@ license = licenses.reduce(function (acc, curr) { | ||
} | ||
var depInfo = depTypes(curr.name, pkg); | ||
var depType = depInfo.type || rootDepType; | ||
var depFrom = depInfo.from; | ||
var valid = false; | ||
let depInfo = depTypes(curr.name, pkg); | ||
let depType = depInfo.type || rootDepType; | ||
let depFrom = depInfo.from; | ||
let valid = false; | ||
if (depFrom) { | ||
valid = semver.satisfies(curr.version, depFrom); | ||
} | ||
var full = curr.name + '@' + (curr.version || '0.0.0'); | ||
let full = curr.name + '@' + (curr.version || '0.0.0'); | ||
acc[curr.name] = {}; | ||
@@ -195,6 +195,6 @@ applyExtraFields(curr, acc[curr.name], options.extraFields); | ||
}).then(function (modules) { | ||
var deps = Object.keys(modules.dependencies); | ||
var promises = deps.map(function (dep) { | ||
var depType = modules.dependencies[dep].depType; | ||
var dir = path.dirname(modules.dependencies[dep].__filename); | ||
let deps = Object.keys(modules.dependencies); | ||
let promises = deps.map(function (dep) { | ||
let depType = modules.dependencies[dep].depType; | ||
let dir = path.dirname(modules.dependencies[dep].__filename); | ||
return loadModulesInternal(dir, depType, pkg); | ||
@@ -201,0 +201,0 @@ }); |
@@ -34,9 +34,9 @@ "use strict"; | ||
let problems = []; | ||
var logicalRoot = copy(fileTree, fileTree.__from); | ||
let logicalRoot = copy(fileTree, fileTree.__from); | ||
logicalRoot.dependencies = walkDeps(fileTree, fileTree, undefined, problems); | ||
var removedPaths = []; | ||
let removedPaths = []; | ||
if (!options.dev) { | ||
// do a shallow pass on the deps and strip out dev deps | ||
Object.keys(fileTree.dependencies).forEach(function (name) { | ||
var dep = fileTree.dependencies[name]; | ||
let dep = fileTree.dependencies[name]; | ||
// if we're not interested in devDeps, then strip them out | ||
@@ -56,4 +56,4 @@ if (dep.depType === depTypes.DEV) { | ||
if (!dep.__used) { | ||
var deppath = dep.__from.slice(0, -1).toString(); | ||
var removed = removedPaths.filter(function (path) { | ||
let deppath = dep.__from.slice(0, -1).toString(); | ||
let removed = removedPaths.filter(function (path) { | ||
return deppath.indexOf(path) === 0; | ||
@@ -64,4 +64,4 @@ }).length; | ||
} | ||
var leaf = copy(dep); | ||
var issue = format('%s: %s@%s (from %s) > %s', ext, leaf.name, leaf.version, leaf.dep, path.relative('.', leaf.__filename)); | ||
let leaf = copy(dep); | ||
let issue = format('%s: %s@%s (from %s) > %s', ext, leaf.name, leaf.version, leaf.dep, path.relative('.', leaf.__filename)); | ||
leaf.problems = [issue]; | ||
@@ -90,7 +90,7 @@ problems.push(issue); | ||
// remove the root of the path and covert to names only | ||
var path = (from || []).slice(1, -1).map(function (pkg) { | ||
let path = (from || []).slice(1, -1).map(function (pkg) { | ||
return moduleToObject(pkg).name; | ||
}); | ||
var entry = tree.dependencies; | ||
for (var i = 0; i < path.length; i++) { | ||
let entry = tree.dependencies; | ||
for (let i = 0; i < path.length; i++) { | ||
if (entry[path[i]]) { | ||
@@ -105,3 +105,3 @@ entry = entry[path[i]].dependencies; | ||
// only include the devDeps on the root level package | ||
var deps = _.extend({}, tree.__dependencies, tree.__from && from.length === 1 ? tree.__devDependencies : {}); | ||
let deps = _.extend({}, tree.__dependencies, tree.__from && from.length === 1 ? tree.__devDependencies : {}); | ||
deps = _.extend(deps, tree.__optionalDependencies); | ||
@@ -111,4 +111,4 @@ return Object.keys(deps).reduce(function walkDepsPicker(acc, curr) { | ||
if (tree.__from.indexOf(curr) === -1) { | ||
var version = deps[curr]; | ||
var dep = pluck(root, tree.__from, curr, version); | ||
let version = deps[curr]; | ||
let dep = pluck(root, tree.__from, curr, version); | ||
if (!dep) { | ||
@@ -119,5 +119,5 @@ problems.push(format('missing: %s@%s, required by %s', curr, version, from.join(' > '))); | ||
if (from.indexOf(dep.full) === -1) { | ||
var pkg = acc[dep.name] = copy(dep, from.concat(dep.full)); | ||
let pkg = acc[dep.name] = copy(dep, from.concat(dep.full)); | ||
dep.__used = true; | ||
var info = depTypes(dep.name, { | ||
let info = depTypes(dep.name, { | ||
dependencies: tree.__dependencies, | ||
@@ -143,3 +143,3 @@ devDependencies: tree.__devDependencies, | ||
} | ||
var res = Object.keys(leaf).reduce(function copyIterator(acc, curr) { | ||
let res = Object.keys(leaf).reduce(function copyIterator(acc, curr) { | ||
if (leaf[curr] !== undefined && curr.indexOf('__') !== 0) { | ||
@@ -158,3 +158,3 @@ if (curr !== 'dependencies') { | ||
delete tree.from; | ||
var deps = tree.dependencies; | ||
let deps = tree.dependencies; | ||
Object.keys(deps).forEach(function (name) { | ||
@@ -161,0 +161,0 @@ removeFromPaths(deps[name]); |
@@ -14,4 +14,4 @@ "use strict"; | ||
// package name). | ||
var from = path.slice(0); | ||
var rootPath = moduleToObject(from.shift(), parseOptions).name; | ||
let from = path.slice(0); | ||
let rootPath = moduleToObject(from.shift(), parseOptions).name; | ||
// if the root of the virtual tree doesn't even match our path, bail out | ||
@@ -31,8 +31,8 @@ if (rootPath !== root.name) { | ||
debug('using forward search %s@%s in %s', from.join(' > ')); | ||
var match = false; | ||
var leaf = root; | ||
var realPath = []; | ||
let match = false; | ||
let leaf = root; | ||
let realPath = []; | ||
while (from.length) { | ||
var pkg = moduleToObject(from[0], parseOptions); | ||
var test = getMatch(leaf, pkg.name, pkg.version); | ||
let pkg = moduleToObject(from[0], parseOptions); | ||
let test = getMatch(leaf, pkg.name, pkg.version); | ||
if (test) { | ||
@@ -54,13 +54,13 @@ from.shift(); | ||
function getMatch(root, name, range) { | ||
var dep = root.dependencies && root.dependencies[name]; | ||
let dep = root.dependencies && root.dependencies[name]; | ||
if (!dep) { | ||
return false; | ||
} | ||
var version = dep.version; | ||
let version = dep.version; | ||
debug('pluck match on name...checking version: %s ~= %s', version, range); | ||
// make sure it matches our range | ||
var semverMatch = semver.validRange(range) && | ||
let semverMatch = semver.validRange(range) && | ||
semver.valid(version) && | ||
semver.satisfies(version, range); | ||
var externalPackage = !semver.validRange(range) && | ||
let externalPackage = !semver.validRange(range) && | ||
range.indexOf(':/') !== -1; | ||
@@ -67,0 +67,0 @@ if (semverMatch || externalPackage) { |
"use strict"; | ||
function prune(pkg, shouldPrune) { | ||
var remove = shouldPrune(pkg); | ||
let remove = shouldPrune(pkg); | ||
if (!remove) { | ||
pkg.dependencies = {}; | ||
} | ||
var deps = Object.keys(pkg.dependencies || {}); | ||
let deps = Object.keys(pkg.dependencies || {}); | ||
if (deps.length) { | ||
@@ -9,0 +9,0 @@ remove = deps.filter(function (name) { |
"use strict"; | ||
const walk = require("./walk"); | ||
function unique(deps) { | ||
var res = copy(deps); | ||
let res = copy(deps); | ||
res.dependencies = {}; | ||
walk(deps, function (dep) { | ||
var shallowCopy = copy(dep); | ||
let shallowCopy = copy(dep); | ||
res.dependencies[dep.name + '@' + dep.version] = shallowCopy; | ||
@@ -9,0 +9,0 @@ }); |
@@ -8,3 +8,3 @@ "use strict"; | ||
Object.keys(deps).forEach(function (name) { | ||
var res = filter(deps[name], name, deps); | ||
let res = filter(deps[name], name, deps); | ||
if (!res && deps[name] && deps[name].dep) { | ||
@@ -11,0 +11,0 @@ walk(deps[name].dependencies, filter); |
@@ -60,3 +60,3 @@ { | ||
}, | ||
"version": "4.1.2" | ||
"version": "4.2.0" | ||
} |
@@ -10,5 +10,5 @@ # snyk-resolve-deps | ||
```js | ||
var resolveDeps = require('snyk-resolve-deps'); | ||
var asTree = require('snyk-tree'); | ||
var options = { dev: true }; | ||
let resolveDeps = require('snyk-resolve-deps'); | ||
let asTree = require('snyk-tree'); | ||
let options = { dev: true }; | ||
@@ -15,0 +15,0 @@ resolveDeps(process.cwd(), options).then(function (tree) { |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Major refactor
Supply chain riskPackage has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.
Found 1 instance in 1 package
0