Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

WIP: Add javascript dep tree parser #2134

Closed
wants to merge 9 commits into from
Closed

WIP: Add javascript dep tree parser #2134

wants to merge 9 commits into from

Conversation

noqcks
Copy link
Contributor

@noqcks noqcks commented Sep 15, 2023
edited
Loading

implements the same functionality desired by #2020

This PR implements a new cataloger called javascript-cataloger that collects full dependency trees and packages with for javascript ecosystem pkg managers -- [pnpm, yarn, npm]

This allows one to see the relationships between packages such as with the dependencies field in CycloneDX https://cyclonedx.org/docs/1.5/json/#dependencies

// NewJavascriptCataloger returns a new JavaScript cataloger object based on detection
// of npm based packages and lock files to provide a complete dependency graph of the
// packages.
func NewJavascriptCataloger() *generic.GroupedCataloger {
	return generic.NewGroupedCataloger("javascript-cataloger").
		WithParserByGlobColocation(parseJavascript, "**/yarn.lock", []string{"**/package.json", "**/yarn.lock"}).
		WithParserByGlobColocation(parseJavascript, "**/package-lock.json", []string{"**/package.json", "**/package-lock.json"}).
		WithParserByGlobColocation(parseJavascript, "**/pnpm-lock.yaml", []string{"**/package.json", "**/pnpm-lock.yaml"})
}

EDIT: just making some final tests pass before this can go for review.

@noqcks
add relationship sorting
90dafe1 
Signed-off-by: Benji Visser <[email protected]>
@noqcks
add new groupedCataloger
29b0f21 
Signed-off-by: Benji Visser <[email protected]>
@noqcks
adding test fixtures for grouped cataloger
57edce1 
Signed-off-by: Benji Visser <[email protected]>
@noqcks
adding methods and test for generic grouped parser
98582e1 
Signed-off-by: Benji Visser <[email protected]>
@noqcks
add js deps parser
6ba1bfb 
Signed-off-by: Benji Visser <[email protected]>
@noqcks
lint fix
c85b263 
Signed-off-by: Benji Visser <[email protected]>
@noqcks
lint-fix
d59a788 
Signed-off-by: Benji Visser <[email protected]>
@noqcks
fix relationship sorting + tests
f2e530e 
Signed-off-by: Benji Visser <[email protected]>
@noqcks noqcks changed the title Add javascript dependencies parser Add javascript dep tree parser Sep 15, 2023
@noqcks
fix parse_yarn_lock_test
fc315a9 
Signed-off-by: Benji Visser <[email protected]>
@noqcks noqcks changed the title Add javascript dep tree parser WIP: Add javascript dep tree parser Sep 15, 2023
@noqcks noqcks closed this Sep 15, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@noqcks