■ ■ ■ ■ ■ ■ ■
syft/pkg/cataloger/javascript/parse_pnpm_lock.go
| skipped 2 lines |
| 3 | 3 | | import ( |
| 4 | 4 | | "fmt" |
| 5 | 5 | | "io" |
| | 6 | + | "strings" |
| 6 | 7 | | |
| 7 | 8 | | "gopkg.in/yaml.v3" |
| 8 | 9 | | |
| skipped 7 lines |
| 16 | 17 | | var _ generic.Parser = parsePnpmLock |
| 17 | 18 | | |
| 18 | 19 | | type pnpmLockYaml struct { |
| 19 | | - | Dependencies map[string]string `json:"dependencies"` |
| | 20 | + | Dependencies map[string]string `json:"dependencies"` |
| | 21 | + | Packages map[string]interface{} `json:"packages"` |
| 20 | 22 | | } |
| 21 | 23 | | |
| 22 | 24 | | func parsePnpmLock(resolver source.FileResolver, _ *generic.Environment, reader source.LocationReadCloser) ([]pkg.Package, []artifact.Relationship, error) { |
| skipped 10 lines |
| 33 | 35 | | } |
| 34 | 36 | | |
| 35 | 37 | | for name, version := range lockFile.Dependencies { |
| | 38 | + | pkgs = append(pkgs, newPnpmPackage(resolver, reader.Location, name, version)) |
| | 39 | + | } |
| | 40 | + | |
| | 41 | + | // parse packages from packages section of pnpm-lock.yaml |
| | 42 | + | for nameVersion := range lockFile.Packages { |
| | 43 | + | nameVersionSplit := strings.Split(strings.TrimPrefix(nameVersion, "/"), "/") |
| | 44 | + | |
| | 45 | + | // last element in split array is version |
| | 46 | + | version := nameVersionSplit[len(nameVersionSplit)-1] |
| | 47 | + | |
| | 48 | + | // construct name from all array items other than last item (version) |
| | 49 | + | name := strings.Join(nameVersionSplit[:len(nameVersionSplit)-1], "/") |
| | 50 | + | |
| 36 | 51 | | pkgs = append(pkgs, newPnpmPackage(resolver, reader.Location, name, version)) |
| 37 | 52 | | } |
| 38 | 53 | | |
| skipped 5 lines |
Shane Dell
committed
with
GitHub
1 year ago
1 parent b2b332e8