Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improve npm instrumentation #7177

Merged
merged 7 commits into from
Apr 26, 2023
Merged

Improve npm instrumentation #7177

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
e4f4176
Reuse `parsed_package_json` method
deivid-rodriguez Apr 19, 2023
9f944ba
Move logic to resolve package manager to separate class
deivid-rodriguez Apr 19, 2023
726669e
Little refactor
deivid-rodriguez Apr 19, 2023
50f98a5
Fix yarn version memoization
deivid-rodriguez Apr 19, 2023
3566b13
Fix lockfile memoizations
deivid-rodriguez Apr 19, 2023
803ca3d
Check ignore package lock setting at a better place
deivid-rodriguez Apr 19, 2023
9d8333c
Run `yarn --version` just once
deivid-rodriguez Apr 21, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
33 changes: 20 additions & 13 deletions npm_and_yarn/lib/dependabot/npm_and_yarn/file_fetcher.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@
require "dependabot/file_fetchers"
require "dependabot/file_fetchers/base"
require "dependabot/npm_and_yarn/helpers"
require "dependabot/npm_and_yarn/package_manager"
require "dependabot/npm_and_yarn/file_parser"
require "dependabot/npm_and_yarn/file_parser/lockfile_parser"

Expand Down Expand Up @@ -80,7 +81,7 @@ def fetch_files

def npm_files
fetched_npm_files = []
fetched_npm_files << package_lock if package_lock && !ignore_package_lock?
fetched_npm_files << package_lock if package_lock
fetched_npm_files << shrinkwrap if shrinkwrap
fetched_npm_files << npmrc if npmrc
fetched_npm_files << inferred_npmrc if inferred_npmrc
Expand Down Expand Up @@ -152,33 +153,39 @@ def inferred_npmrc # rubocop:disable Metrics/PerceivedComplexity
def yarn_version
return @yarn_version if defined?(@yarn_version)

package = JSON.parse(package_json.content)
if (package_manager = package.fetch("packageManager", nil))
get_yarn_version_from_package_json(package_manager)
elsif yarn_lock
Helpers.yarn_version_numeric(yarn_lock)
end
@yarn_version = package_manager.locked_version("yarn") || guess_yarn_version
end

def guess_yarn_version
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

now that is a function name that gives me confidence in what it does! 😁

return unless yarn_lock

Helpers.yarn_version_numeric(yarn_lock)
end

def get_yarn_version_from_package_json(package_manager)
version_match = package_manager.match(/yarn@(?<version>\d+.\d+.\d+)/)
version_match&.named_captures&.fetch("version", nil)
def package_manager
@package_manager ||= PackageManager.new(parsed_package_json)
end

def package_json
@package_json ||= fetch_file_from_host("package.json")
end

def package_lock
@package_lock ||= fetch_file_if_present("package-lock.json")
return @package_lock if defined?(@package_lock)

@package_lock = fetch_file_if_present("package-lock.json") unless ignore_package_lock?
end

def yarn_lock
@yarn_lock ||= fetch_file_if_present("yarn.lock")
return @yarn_lock if defined?(@yarn_lock)

@yarn_lock = fetch_file_if_present("yarn.lock")
end

def shrinkwrap
@shrinkwrap ||= fetch_file_if_present("npm-shrinkwrap.json")
return @shrinkwrap if defined?(@shrinkwrap)

@shrinkwrap = fetch_file_if_present("npm-shrinkwrap.json")
end

def npmrc
Expand Down
4 changes: 4 additions & 0 deletions npm_and_yarn/lib/dependabot/npm_and_yarn/helpers.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,10 @@ def self.yarn_berry?(yarn_lock)
end

def self.yarn_major_version
@yarn_major_version ||= fetch_yarn_major_version
end

def self.fetch_yarn_major_version
output = SharedHelpers.run_shell_command("yarn --version")
Version.new(output).major
end
Expand Down
19 changes: 19 additions & 0 deletions npm_and_yarn/lib/dependabot/npm_and_yarn/package_manager.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
# frozen_string_literal: true

module Dependabot
module NpmAndYarn
class PackageManager
def initialize(package_json)
@package_json = package_json
end

def locked_version(name)
locked = @package_json.fetch("packageManager", nil)
return unless locked

version_match = locked.match(/#{name}@(?<version>\d+.\d+.\d+)/)
version_match&.named_captures&.fetch("version", nil)
end
end
end
end