/
npm-lock-parser.ts
133 lines (122 loc) · 3.79 KB
/
npm-lock-parser.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
import * as baseDebug from 'debug';
const debug = baseDebug('snyk-test');
import * as path from 'path';
import { spinner } from '../../spinner';
import * as analytics from '../../analytics';
import * as fs from 'fs';
import * as lockFileParser from 'snyk-nodejs-lockfile-parser';
import {
NodeLockfileVersion,
PkgTree,
InvalidUserInputError,
ProjectParseOptions,
} from 'snyk-nodejs-lockfile-parser';
import { Options } from '../types';
import { DepGraph } from '@snyk/dep-graph';
export async function parse(
root: string,
targetFile: string,
options: Options,
): Promise<PkgTree | DepGraph> {
const lockFileFullPath = path.resolve(root, targetFile);
if (!fs.existsSync(lockFileFullPath)) {
throw new Error(
'Lockfile ' + targetFile + ' not found at location: ' + lockFileFullPath,
);
}
const fullPath = path.parse(lockFileFullPath);
const manifestFileFullPath = path.resolve(fullPath.dir, 'package.json');
const shrinkwrapFullPath = path.resolve(fullPath.dir, 'npm-shrinkwrap.json');
if (!fs.existsSync(manifestFileFullPath)) {
throw new Error(
`Could not find package.json at ${manifestFileFullPath} ` +
`(lockfile found at ${targetFile})`,
);
}
if (fs.existsSync(shrinkwrapFullPath)) {
throw new Error(
'Both `npm-shrinkwrap.json` and `package-lock.json` were found in ' +
fullPath.dir +
'.\n' +
'Please run your command again specifying `--file=package.json` flag.',
);
}
analytics.add('local', true);
analytics.add('generating-node-dependency-tree', {
lockFile: true,
targetFile,
});
const resolveModuleSpinnerLabel = `Analyzing npm dependencies for ${lockFileFullPath}`;
debug(resolveModuleSpinnerLabel);
const strictOutOfSync = options.strictOutOfSync !== false;
const lockfileVersion = lockFileParser.getLockfileVersionFromFile(
lockFileFullPath,
);
if (
lockfileVersion === NodeLockfileVersion.YarnLockV1 ||
lockfileVersion === NodeLockfileVersion.YarnLockV2
) {
return await buildDepGraph(
root,
manifestFileFullPath,
lockFileFullPath,
lockfileVersion,
{
includeDevDeps: options.dev || false,
includeOptionalDeps: true,
strictOutOfSync,
pruneCycles: true,
},
);
}
try {
await spinner(resolveModuleSpinnerLabel);
return lockFileParser.buildDepTreeFromFiles(
root,
manifestFileFullPath,
lockFileFullPath,
options.dev,
strictOutOfSync,
);
} finally {
await spinner.clear<void>(resolveModuleSpinnerLabel)();
}
}
async function buildDepGraph(
root: string,
manifestFilePath: string,
lockfilePath: string,
lockfileVersion: NodeLockfileVersion,
options: ProjectParseOptions,
): Promise<DepGraph> {
const manifestFileFullPath = path.resolve(root, manifestFilePath);
const lockFileFullPath = path.resolve(root, lockfilePath);
if (!fs.existsSync(manifestFileFullPath)) {
throw new InvalidUserInputError(
'Target file package.json not found at ' +
`location: ${manifestFileFullPath}`,
);
}
if (!fs.existsSync(lockFileFullPath)) {
throw new InvalidUserInputError(
'Lockfile not found at location: ' + lockFileFullPath,
);
}
const manifestFileContents = fs.readFileSync(manifestFileFullPath, 'utf-8');
const lockFileContents = fs.readFileSync(lockFileFullPath, 'utf-8');
switch (lockfileVersion) {
case NodeLockfileVersion.YarnLockV1:
return await lockFileParser.parseYarnLockV1Project(
manifestFileContents,
lockFileContents,
options,
);
case NodeLockfileVersion.YarnLockV2:
return lockFileParser.parseYarnLockV2Project(
manifestFileContents,
lockFileContents,
options,
);
}
throw new Error('Failed to build dep graph from current project');
}