forked from seal-io/syft
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat: add support for pnpm (anchore#1166)
- Loading branch information
1 parent
baccab8
commit c40cfcd
Showing
4 changed files
with
168 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,43 @@ | ||
package javascript | ||
|
||
import ( | ||
"fmt" | ||
"io" | ||
|
||
"github.com/anchore/syft/syft/artifact" | ||
"github.com/anchore/syft/syft/pkg" | ||
"github.com/anchore/syft/syft/pkg/cataloger/common" | ||
"gopkg.in/yaml.v3" | ||
) | ||
|
||
// integrity check | ||
var _ common.ParserFn = parsePnpmLock | ||
|
||
type pnpmLockYaml struct { | ||
Dependencies map[string]string `json:"dependencies"` | ||
} | ||
|
||
func parsePnpmLock(path string, reader io.Reader) ([]*pkg.Package, []artifact.Relationship, error) { | ||
bytes, err := io.ReadAll(reader) | ||
if err != nil { | ||
return nil, nil, fmt.Errorf("failed to load pnpm-lock.yaml file: %w", err) | ||
} | ||
|
||
var pkgs []*pkg.Package | ||
var lockFile pnpmLockYaml | ||
|
||
if err := yaml.Unmarshal(bytes, &lockFile); err != nil { | ||
return nil, nil, fmt.Errorf("failed to parse pnpm-lock.yaml file: %w", err) | ||
} | ||
|
||
for name, version := range lockFile.Dependencies { | ||
pkgs = append(pkgs, &pkg.Package{ | ||
Name: name, | ||
Version: version, | ||
Language: pkg.JavaScript, | ||
Type: pkg.NpmPkg, | ||
}) | ||
} | ||
|
||
return pkgs, nil, nil | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,52 @@ | ||
package javascript | ||
|
||
import ( | ||
"os" | ||
"testing" | ||
|
||
"github.com/anchore/syft/syft/pkg" | ||
"github.com/go-test/deep" | ||
) | ||
|
||
func fixtureP(str string) *string { | ||
return &str | ||
} | ||
|
||
func TestParsePnpmLock(t *testing.T) { | ||
expected := []*pkg.Package{ | ||
{ | ||
Name: "nanoid", | ||
Version: "3.3.4", | ||
Language: pkg.JavaScript, | ||
Type: pkg.NpmPkg, | ||
}, | ||
{ | ||
Name: "picocolors", | ||
Version: "1.0.0", | ||
Language: pkg.JavaScript, | ||
Type: pkg.NpmPkg, | ||
}, | ||
{ | ||
Name: "source-map-js", | ||
Version: "1.0.2", | ||
Language: pkg.JavaScript, | ||
Type: pkg.NpmPkg, | ||
}, | ||
} | ||
|
||
fixture, err := os.Open("test-fixtures/pnpm/pnpm-lock.yaml") | ||
if err != nil { | ||
t.Fatalf("failed to open fixture: %+v", err) | ||
} | ||
|
||
// TODO: no relationships are under test yet | ||
actual, _, err := parsePnpmLock(fixture.Name(), fixture) | ||
if err != nil { | ||
t.Error(err) | ||
} | ||
|
||
differences := deep.Equal(expected, actual) | ||
if differences != nil { | ||
t.Errorf("returned package list differed from expectation: %+v", differences) | ||
} | ||
} |
72 changes: 72 additions & 0 deletions
72
syft/pkg/cataloger/javascript/test-fixtures/pnpm/pnpm-lock.yaml
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.