def _convert_to_nexus_hosted(dep_name, dep_source, dep_info):
"""
Convert the input dependency not from the NPM registry to a Nexus hosted dependency.
:param str dep_name: the name of the dependency
:param str dep_source: the source (url or relative path) of the dependency
:param dict dep_info: the dependency info from the yarn lock file
:return: a dict with the "version" and "integrity" keys to replace in the lock file
:raise CachitoError: if the dependency is from an unsupported location or has an unexpected
format in the lock file
"""
integrity = dep_info.get("integrity")
if integrity:
integrity = _pick_strongest_crypto_hash(integrity)
else:
# For http(s) non-registry dependencies, yarn does not seem to include the "integrity" key
# by default. It does, however, include a sha1 hash in the resolved url fragment.
url = urlparse(dep_source)
if url.fragment and url.scheme in ("http", "https"):
integrity = convert_hex_sha_to_npm(url.fragment, "sha1")
dep = JSDependency(name=dep_name, source=dep_source, integrity=integrity)
dep_in_nexus = process_non_registry_dependency(dep)
return {
"integrity": dep_in_nexus.integrity,
# "resolved": this value must be filled in later, after Cachito downloads the dependencies
"version": dep_in_nexus.version,
}
def _convert_to_nexus_hosted(dep_name, dep_source, dep_info):
"""
Convert the input dependency not from the NPM registry to a Nexus hosted dependency.
:param str dep_name: the name of the dependency
:param str dep_source: the source (url or relative path) of the dependency
:param dict dep_info: the dependency info from the yarn lock file
:return: the dependency information of the Nexus hosted version to use in the yarn lock file
instead of the original
:raise CachitoError: if the dependency is from an unsupported location or has an unexpected
format in the lock file
"""
integrity = dep_info.get("integrity")
if integrity:
integrity = _pick_strongest_crypto_hash(integrity)
else:
# For http(s) non-registry dependencies, yarn does not seem to include the "integrity" key
# by default. It does, however, include a sha1 hash in the resolved url fragment.
url = urlparse(dep_source)
if url.fragment and url.scheme in ("http", "https"):
integrity = convert_hex_sha_to_npm(url.fragment, "sha1")
dep = JSDependency(name=dep_name, source=dep_source, integrity=integrity)
dep_in_nexus = process_non_registry_dependency(dep)
converted_dep_info = copy.deepcopy(dep_info)
converted_dep_info.update({
"integrity": dep_in_nexus.integrity,
"resolved": dep_in_nexus.source,
"version": dep_in_nexus.version,
})
return converted_dep_info
def test_convert_hex_sha_to_npm(checksum, algorithm, expected):
assert general_js.convert_hex_sha_to_npm(checksum, algorithm) == expected