github.com/anchore/syft@v1.38.2/syft/pkg/cataloger/javascript/dependency.go

github.com/anchore/syft@v1.38.2/syft/pkg/cataloger/javascript/dependency.go (about)

     1  package javascript
     2  
     3  import (
     4  	"fmt"
     5  	"strings"
     6  
     7  	"github.com/anchore/packageurl-go"
     8  	"github.com/anchore/syft/internal/log"
     9  	"github.com/anchore/syft/syft/pkg"
    10  	"github.com/anchore/syft/syft/pkg/cataloger/internal/dependency"
    11  )
    12  
    13  func packageLockDependencySpecifier(p pkg.Package) dependency.Specification {
    14  	meta, ok := p.Metadata.(pkg.NpmPackageLockEntry)
    15  	if !ok {
    16  		log.Tracef("cataloger failed to extract package lock metadata for package %+v", p.Name)
    17  		return dependency.Specification{}
    18  	}
    19  
    20  	provides := []string{p.Name}
    21  
    22  	var requires []string
    23  
    24  	for name, dependencySpecifier := range meta.Dependencies {
    25  		purl, err := packageurl.FromString(strings.ReplaceAll(dependencySpecifier, "npm:", "pkg:npm/"))
    26  		if err == nil {
    27  			// if the package url is valid, include the name from the package url since this is likely an alias
    28  			var fullName = fmt.Sprintf("%s/%s", purl.Namespace, purl.Name)
    29  			requires = append(requires, fullName)
    30  		} else {
    31  			fmt.Println("error", err)
    32  		}
    33  
    34  		requires = append(requires, name)
    35  	}
    36  
    37  	return dependency.Specification{
    38  		ProvidesRequires: dependency.ProvidesRequires{
    39  			Provides: provides,
    40  			Requires: requires,
    41  		},
    42  	}
    43  }
    44  
    45  func pnpmLockDependencySpecifier(p pkg.Package) dependency.Specification {
    46  	meta, ok := p.Metadata.(pkg.PnpmLockEntry)
    47  	if !ok {
    48  		log.Tracef("cataloger failed to extract pnpm lock metadata for package %+v", p.Name)
    49  		return dependency.Specification{}
    50  	}
    51  
    52  	provides := []string{p.Name}
    53  
    54  	var requires []string
    55  
    56  	for name := range meta.Dependencies {
    57  		requires = append(requires, name)
    58  	}
    59  	return dependency.Specification{
    60  		ProvidesRequires: dependency.ProvidesRequires{
    61  			Provides: provides,
    62  			Requires: requires,
    63  		},
    64  	}
    65  }
    66  
    67  func yarnLockDependencySpecifier(p pkg.Package) dependency.Specification {
    68  	meta, ok := p.Metadata.(pkg.YarnLockEntry)
    69  	if !ok {
    70  		log.Tracef("cataloger failed to extract yarn lock metadata for package %+v", p.Name)
    71  		return dependency.Specification{}
    72  	}
    73  
    74  	provides := []string{p.Name}
    75  
    76  	var requires []string
    77  
    78  	for name := range meta.Dependencies {
    79  		requires = append(requires, name)
    80  	}
    81  	return dependency.Specification{
    82  		ProvidesRequires: dependency.ProvidesRequires{
    83  			Provides: provides,
    84  			Requires: requires,
    85  		},
    86  	}
    87  }