■ ■ ■ ■ ■ ■ ■
syft/pkg/cataloger/javascript/parse_pnpm_lock.go
| skipped 2 lines |
3 | 3 | | import ( |
4 | 4 | | "fmt" |
5 | 5 | | "io" |
| 6 | + | "strings" |
6 | 7 | | |
7 | 8 | | "gopkg.in/yaml.v3" |
8 | 9 | | |
| skipped 7 lines |
16 | 17 | | var _ generic.Parser = parsePnpmLock |
17 | 18 | | |
18 | 19 | | type pnpmLockYaml struct { |
19 | | - | Dependencies map[string]string `json:"dependencies"` |
| 20 | + | Dependencies map[string]string `json:"dependencies"` |
| 21 | + | Packages map[string]interface{} `json:"packages"` |
20 | 22 | | } |
21 | 23 | | |
22 | 24 | | func parsePnpmLock(resolver source.FileResolver, _ *generic.Environment, reader source.LocationReadCloser) ([]pkg.Package, []artifact.Relationship, error) { |
| skipped 10 lines |
33 | 35 | | } |
34 | 36 | | |
35 | 37 | | for name, version := range lockFile.Dependencies { |
| 38 | + | pkgs = append(pkgs, newPnpmPackage(resolver, reader.Location, name, version)) |
| 39 | + | } |
| 40 | + | |
| 41 | + | // parse packages from packages section of pnpm-lock.yaml |
| 42 | + | for nameVersion := range lockFile.Packages { |
| 43 | + | nameVersionSplit := strings.Split(strings.TrimPrefix(nameVersion, "/"), "/") |
| 44 | + | |
| 45 | + | // last element in split array is version |
| 46 | + | version := nameVersionSplit[len(nameVersionSplit)-1] |
| 47 | + | |
| 48 | + | // construct name from all array items other than last item (version) |
| 49 | + | name := strings.Join(nameVersionSplit[:len(nameVersionSplit)-1], "/") |
| 50 | + | |
36 | 51 | | pkgs = append(pkgs, newPnpmPackage(resolver, reader.Location, name, version)) |
37 | 52 | | } |
38 | 53 | | |
| skipped 5 lines |