class Dependabot::NpmAndYarn::UpdateChecker::LibraryDetector

Attributes

package_json_file[R]

Public Class Methods

new(package_json_file:) click to toggle source
# File lib/dependabot/npm_and_yarn/update_checker/library_detector.rb, line 11
def initialize(package_json_file:)
  @package_json_file = package_json_file
end

Public Instance Methods

library?() click to toggle source
# File lib/dependabot/npm_and_yarn/update_checker/library_detector.rb, line 15
def library?
  return false unless package_json_may_be_for_library?

  npm_response_matches_package_json?
end

Private Instance Methods

escaped_project_name() click to toggle source
# File lib/dependabot/npm_and_yarn/update_checker/library_detector.rb, line 57
def escaped_project_name
  project_name&.gsub("/", "%2F")
end
npm_response_matches_package_json?() click to toggle source
# File lib/dependabot/npm_and_yarn/update_checker/library_detector.rb, line 34
def npm_response_matches_package_json?
  project_description = parsed_package_json["description"]
  return false unless project_description

  # Check if the project is listed on npm. If it is, it's a library
  @project_npm_response ||= Excon.get(
    "https://registry.npmjs.org/#{escaped_project_name}",
    idempotent: true,
    **SharedHelpers.excon_defaults
  )

  return false unless @project_npm_response.status == 200

  @project_npm_response.body.force_encoding("UTF-8").encode.
    include?(project_description)
rescue Excon::Error::Socket, Excon::Error::Timeout, URI::InvalidURIError
  false
end
package_json_may_be_for_library?() click to toggle source
# File lib/dependabot/npm_and_yarn/update_checker/library_detector.rb, line 25
def package_json_may_be_for_library?
  return false unless project_name
  return false if project_name.match?(/\{\{.*\}\}/)
  return false unless parsed_package_json["version"]
  return false if parsed_package_json["private"]

  true
end
parsed_package_json() click to toggle source
# File lib/dependabot/npm_and_yarn/update_checker/library_detector.rb, line 61
def parsed_package_json
  @parsed_package_json ||= JSON.parse(package_json_file.content)
end
project_name() click to toggle source
# File lib/dependabot/npm_and_yarn/update_checker/library_detector.rb, line 53
def project_name
  parsed_package_json.fetch("name", nil)
end