def convert_to_nexus_hosted(dep_name, dep_info): """ Convert the input dependency not from the NPM registry to a Nexus hosted dependency. :param str dep_name: the name of the dependency :param dict dep_info: the dependency info from the npm lock file (e.g. package-lock.json) :return: the dependency information of the Nexus hosted version to use in the npm lock file instead of the original :raise CachitoError: if the dependency is from an unsupported location or has an unexpected format in the lock file """ # The version value for a dependency outside of the npm registry is the identifier to use for # commands such as `npm pack` or `npm install` # Examples of version values: # git+https://github.com/ReactiveX/rxjs.git#dfa239d41b97504312fa95e13f4d593d95b49c4b # github:ReactiveX/rxjs#78032157f5c1655436829017bbda787565b48c30 # https://github.com/jsplumb/jsplumb/archive/2.10.2.tar.gz dep_identifier = dep_info["version"] dep = JSDependency(name=dep_name, source=dep_identifier, integrity=dep_info.get("integrity")) dep_in_nexus = process_non_registry_dependency(dep) converted_dep_info = copy.deepcopy(dep_info) # The "from" value is the original value from package.json for some locations converted_dep_info.pop("from", None) converted_dep_info.update( { "integrity": dep_in_nexus.integrity, "resolved": dep_in_nexus.source, "version": dep_in_nexus.version, } ) return converted_dep_info
def _convert_to_nexus_hosted(dep_name, dep_source, dep_info): """ Convert the input dependency not from the NPM registry to a Nexus hosted dependency. :param str dep_name: the name of the dependency :param str dep_source: the source (url or relative path) of the dependency :param dict dep_info: the dependency info from the yarn lock file :return: a dict with the "version" and "integrity" keys to replace in the lock file :raise CachitoError: if the dependency is from an unsupported location or has an unexpected format in the lock file """ integrity = dep_info.get("integrity") if integrity: integrity = _pick_strongest_crypto_hash(integrity) else: # For http(s) non-registry dependencies, yarn does not seem to include the "integrity" key # by default. It does, however, include a sha1 hash in the resolved url fragment. url = urlparse(dep_source) if url.fragment and url.scheme in ("http", "https"): integrity = convert_hex_sha_to_npm(url.fragment, "sha1") dep = JSDependency(name=dep_name, source=dep_source, integrity=integrity) dep_in_nexus = process_non_registry_dependency(dep) return { "integrity": dep_in_nexus.integrity, # "resolved": this value must be filled in later, after Cachito downloads the dependencies "version": dep_in_nexus.version, }
def _convert_to_nexus_hosted(dep_name, dep_source, dep_info): """ Convert the input dependency not from the NPM registry to a Nexus hosted dependency. :param str dep_name: the name of the dependency :param str dep_source: the source (url or relative path) of the dependency :param dict dep_info: the dependency info from the yarn lock file :return: the dependency information of the Nexus hosted version to use in the yarn lock file instead of the original :raise CachitoError: if the dependency is from an unsupported location or has an unexpected format in the lock file """ integrity = dep_info.get("integrity") if integrity: integrity = _pick_strongest_crypto_hash(integrity) else: # For http(s) non-registry dependencies, yarn does not seem to include the "integrity" key # by default. It does, however, include a sha1 hash in the resolved url fragment. url = urlparse(dep_source) if url.fragment and url.scheme in ("http", "https"): integrity = convert_hex_sha_to_npm(url.fragment, "sha1") dep = JSDependency(name=dep_name, source=dep_source, integrity=integrity) dep_in_nexus = process_non_registry_dependency(dep) converted_dep_info = copy.deepcopy(dep_info) converted_dep_info.update({ "integrity": dep_in_nexus.integrity, "resolved": dep_in_nexus.source, "version": dep_in_nexus.version, }) return converted_dep_info
@mock.patch("cachito.workers.pkg_managers.yarn.convert_hex_sha_to_npm") @mock.patch("cachito.workers.pkg_managers.yarn._pick_strongest_crypto_hash") @mock.patch("cachito.workers.pkg_managers.yarn.process_non_registry_dependency" ) @pytest.mark.parametrize( "dep_name, dep_source, dep_info, expected_jsdep, convert_sha_call", [ ( "subpackage", "file:./subpackage", { "version": "1.0.0" }, JSDependency("subpackage", source="file:./subpackage"), None, ), ( "fecha", "https://example.org/fecha.tar.gz#123456", { "version": "2.0.0" }, JSDependency( "fecha", source="https://example.org/fecha.tar.gz#123456", integrity=MOCK_INTEGRITY, ), ("123456", "sha1"), ),