snyk-nodejs-lockfile-parser/dist/dep-graph-builders/pnpm/parse-workspace.js

Generate a dep tree given a lockfile

"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.parsePnpmWorkspace = void 0;
const debugModule = require("debug");
const path = require("path");
const util_1 = require("../util");
const build_dep_graph_pnpm_1 = require("./build-dep-graph-pnpm");
const index_1 = require("./lockfile-parser/index");
const utils_1 = require("../../utils");
const utils_2 = require("./utils");
const debug = debugModule('snyk-pnpm-workspaces');
// Compute project versions map
// This is needed because the lockfile doesn't present the version of
// a project that's part of a workspace, we need to retrieve it from
// its corresponding package.json
function computeProjectVersionMaps(root, targets) {
    const projectsVersionMap = {};
    for (const target of targets) {
        const directory = path.join(root, target);
        const packageJsonFileName = path.join(directory, 'package.json');
        const packageJson = (0, utils_2.getFileContents)(root, packageJsonFileName);
        try {
            const parsedPkgJson = (0, util_1.parsePkgJson)(packageJson.content);
            projectsVersionMap[target] = {
                version: parsedPkgJson.version,
                name: parsedPkgJson.name,
            };
        }
        catch (err) {
            debug(`Error getting version for project: ${packageJsonFileName}. ERROR: ${err}`);
            continue;
        }
    }
    return projectsVersionMap;
}
const parsePnpmWorkspace = async (root, workspaceDir, options) => {
    const scannedProjects = [];
    const { includeDevDeps, includePeerDeps, includeOptionalDeps, strictOutOfSync, pruneWithinTopLevelDeps, } = options;
    const pnpmLockfileContents = (0, utils_2.getFileContents)(root, path.join(workspaceDir, 'pnpm-lock.yaml')).content;
    const lockfileVersion = (0, utils_1.getPnpmLockfileVersion)(pnpmLockfileContents);
    const lockFileParser = (0, index_1.getPnpmLockfileParser)(pnpmLockfileContents, lockfileVersion);
    const projectVersionsMaps = computeProjectVersionMaps(workspaceDir, Object.keys(lockFileParser.importers));
    for (const importer of Object.keys(lockFileParser.importers)) {
        const resolvedImporterPath = path.join(workspaceDir, importer);
        const packagePath = path.join(resolvedImporterPath, 'package.json');
        debug(`Processing project ${packagePath} as part of a pnpm workspace`);
        const pkgJsonFile = (0, utils_2.getFileContents)(root, packagePath);
        const pkgJson = (0, util_1.parsePkgJson)(pkgJsonFile.content);
        lockFileParser.workspaceArgs = {
            isWorkspace: true,
            projectsVersionMap: projectVersionsMaps,
        };
        try {
            const depGraph = await (0, build_dep_graph_pnpm_1.buildDepGraphPnpm)(lockFileParser, pkgJson, {
                includeDevDeps,
                includePeerDeps,
                strictOutOfSync,
                includeOptionalDeps,
                pruneWithinTopLevelDeps,
            }, importer);
            const project = {
                packageManager: 'pnpm',
                targetFile: path.relative(root, pkgJsonFile.fileName),
                depGraph,
                plugin: {
                    name: 'snyk-nodejs-lockfile-parser',
                    runtime: process.version,
                },
            };
            scannedProjects.push(project);
        }
        catch (e) {
            debug(`Error process workspace: ${pkgJsonFile.fileName}. ERROR: ${e}`);
        }
    }
    return scannedProjects;
};
exports.parsePnpmWorkspace = parsePnpmWorkspace;
//# sourceMappingURL=parse-workspace.js.map