Skip to content

Commit

Permalink
feat: add support for pnpm (anchore#1166)
Browse files Browse the repository at this point in the history
  • Loading branch information
cpendery authored and aiwantaozi committed Oct 20, 2022
1 parent baccab8 commit c40cfcd
Show file tree
Hide file tree
Showing 4 changed files with 168 additions and 0 deletions.
1 change: 1 addition & 0 deletions syft/pkg/cataloger/javascript/cataloger.go
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@ func NewJavascriptLockCataloger() *common.GenericCataloger {
globParsers := map[string]common.ParserFn{
"**/package-lock.json": parsePackageLock,
"**/yarn.lock": parseYarnLock,
"**/pnpm-lock.yaml": parsePnpmLock,
}

return common.NewGenericCataloger(nil, globParsers, "javascript-lock-cataloger", addLicenses)
Expand Down
43 changes: 43 additions & 0 deletions syft/pkg/cataloger/javascript/parse_pnpm_lock.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,43 @@
package javascript

import (
"fmt"
"io"

"github.com/anchore/syft/syft/artifact"
"github.com/anchore/syft/syft/pkg"
"github.com/anchore/syft/syft/pkg/cataloger/common"
"gopkg.in/yaml.v3"
)

// integrity check
var _ common.ParserFn = parsePnpmLock

type pnpmLockYaml struct {
Dependencies map[string]string `json:"dependencies"`
}

func parsePnpmLock(path string, reader io.Reader) ([]*pkg.Package, []artifact.Relationship, error) {
bytes, err := io.ReadAll(reader)
if err != nil {
return nil, nil, fmt.Errorf("failed to load pnpm-lock.yaml file: %w", err)
}

var pkgs []*pkg.Package
var lockFile pnpmLockYaml

if err := yaml.Unmarshal(bytes, &lockFile); err != nil {
return nil, nil, fmt.Errorf("failed to parse pnpm-lock.yaml file: %w", err)
}

for name, version := range lockFile.Dependencies {
pkgs = append(pkgs, &pkg.Package{
Name: name,
Version: version,
Language: pkg.JavaScript,
Type: pkg.NpmPkg,
})
}

return pkgs, nil, nil
}
52 changes: 52 additions & 0 deletions syft/pkg/cataloger/javascript/parse_pnpm_lock_test.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
package javascript

import (
"os"
"testing"

"github.com/anchore/syft/syft/pkg"
"github.com/go-test/deep"
)

func fixtureP(str string) *string {
return &str
}

func TestParsePnpmLock(t *testing.T) {
expected := []*pkg.Package{
{
Name: "nanoid",
Version: "3.3.4",
Language: pkg.JavaScript,
Type: pkg.NpmPkg,
},
{
Name: "picocolors",
Version: "1.0.0",
Language: pkg.JavaScript,
Type: pkg.NpmPkg,
},
{
Name: "source-map-js",
Version: "1.0.2",
Language: pkg.JavaScript,
Type: pkg.NpmPkg,
},
}

fixture, err := os.Open("test-fixtures/pnpm/pnpm-lock.yaml")
if err != nil {
t.Fatalf("failed to open fixture: %+v", err)
}

// TODO: no relationships are under test yet
actual, _, err := parsePnpmLock(fixture.Name(), fixture)
if err != nil {
t.Error(err)
}

differences := deep.Equal(expected, actual)
if differences != nil {
t.Errorf("returned package list differed from expectation: %+v", differences)
}
}
72 changes: 72 additions & 0 deletions syft/pkg/cataloger/javascript/test-fixtures/pnpm/pnpm-lock.yaml

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

0 comments on commit c40cfcd

Please sign in to comment.