Skip to content
代码片段 群组 项目
未验证 提交 e689e896 编辑于 作者: Leaminn Ma's avatar Leaminn Ma 提交者: GitLab
浏览文件

Merge branch 'js-npm-lock-file-parser' into 'master'

Add JS NPM Lock file parser

See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/166903



Merged-by: default avatarLeaminn Ma <lma@gitlab.com>
Approved-by: default avatarLeaminn Ma <lma@gitlab.com>
Reviewed-by: default avatarLeaminn Ma <lma@gitlab.com>
Co-authored-by: default avatarEmerald-Jayde Henao <ejhenao@gitlab.com>
No related branches found
No related tags found
无相关合并请求
......@@ -46,6 +46,7 @@ The Repository X-Ray searches a maximum of two directory levels from the reposit
| Go | Go Modules | `go.mod` | 17.4 or later |
| Java | Gradle | `build.gradle` | 17.4 or later |
| Java | Maven | `pom.xml` | 17.4 or later |
| JavaScript | NPM | `package-lock.json` | 17.5 or later |
| Kotlin | Gradle | `build.gradle.kts` | 17.5 or later |
| PHP | Composer | `composer.lock`, `composer.json` | 17.5 or later |
| Python | Conda | `environment.yml` | 17.5 or later |
......
......@@ -26,6 +26,7 @@ module Constants
ConfigFiles::GoModules,
ConfigFiles::JavaGradle,
ConfigFiles::JavaMaven,
ConfigFiles::JavascriptNpmLock,
ConfigFiles::KotlinGradle,
ConfigFiles::PhpComposerLock,
ConfigFiles::PhpComposer,
......
# frozen_string_literal: true
module Ai
module Context
module Dependencies
module ConfigFiles
class JavascriptNpmLock < Base
NAME_PREFIX = 'node_modules/'
PUBLIC_REGISTRY_PREFIX = 'https://registry.npmjs.org/'
def self.file_name_glob
'package-lock.json'
end
def self.lang_name
'JavaScript'
end
private
### The first package is always an empty string representing the project itself
### Example format:
#
# "packages": {
# "": {
# "name": "countly-server",
# "version": "24.5.0"
# },
# "api/utils/countly-root": {
# "version": "0.1.0"
# },
# "node_modules/@babel/core/node_modules/convert-source-map": {
# "version": "2.0.0",
# "resolved": "https://registry.npmjs.org/...",
# "integrity": "sha512-...",
# "dev": true,
# "license": "MIT"
# }
# }
#
def extract_libs
parsed = ::Gitlab::Json.parse(content)
dig_in(parsed, 'packages').try(:filter_map) do |name, dep|
next if name.empty?
next unless dig_in(dep, 'resolved')&.start_with?(PUBLIC_REGISTRY_PREFIX)
Lib.new(name: name.delete_prefix(NAME_PREFIX), version: dig_in(dep, 'version'))
end
rescue JSON::ParserError
raise ParsingError, 'content is not valid JSON'
end
end
end
end
end
end
# frozen_string_literal: true
require 'spec_helper'
RSpec.describe Ai::Context::Dependencies::ConfigFiles::JavascriptNpmLock, feature_category: :code_suggestions do
it 'returns the expected language value' do
expect(described_class.lang).to eq('javascript')
end
it_behaves_like 'parsing a valid dependency config file' do
let(:config_file_content) do
<<~JSON
{
"name": "countly-server",
"version": "24.5.0",
"lockfileVersion": 3,
"requires": true,
"packages": {
"": {
"name": "countly-server",
"version": "24.5.0"
},
"api/utils/countly-root": {
"version": "0.1.0"
},
"node_modules/@babel/core/node_modules/convert-source-map": {
"version": "2.0.0",
"resolved": "https://registry.npmjs.org/...",
"integrity": "sha512-...",
"dev": true,
"license": "MIT"
},
"node_modules/@babel/test-package": {
"version": "1.2.3",
"resolved": "https://registry.npmjs.org/...",
"integrity": "sha512-...",
"dev": true,
"license": "MIT"
}
}
}
JSON
end
let(:expected_formatted_lib_names) do
['@babel/core/node_modules/convert-source-map (2.0.0)', '@babel/test-package (1.2.3)']
end
end
it_behaves_like 'parsing an invalid dependency config file' do
let(:expected_parsing_error_message) { 'content is not valid JSON' }
end
describe '.matches?' do
using RSpec::Parameterized::TableSyntax
where(:path, :matches) do
'package-lock.json' | true
'dir/package-lock.json' | true
'dir/subdir/package-lock.json' | true
'dir/package.json' | false
'Package-lock.json' | false
'package_lock.json' | false
end
with_them do
it 'matches the file name glob pattern at various directory levels' do
expect(described_class.matches?(path)).to eq(matches)
end
end
end
end
0% 加载中 .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册