def convert_to_nexus_hosted(dep_name, dep_info):
"""
Convert the input dependency not from the NPM registry to a Nexus hosted dependency.
:param str dep_name: the name of the dependency
:param dict dep_info: the dependency info from the npm lock file (e.g. package-lock.json)
:return: the dependency information of the Nexus hosted version to use in the npm lock file
instead of the original
:raise CachitoError: if the dependency is from an unsupported location or has an unexpected
format in the lock file
"""
# The version value for a dependency outside of the npm registry is the identifier to use for
# commands such as `npm pack` or `npm install`
# Examples of version values:
# git+https://github.com/ReactiveX/rxjs.git#dfa239d41b97504312fa95e13f4d593d95b49c4b
# github:ReactiveX/rxjs#78032157f5c1655436829017bbda787565b48c30
# https://github.com/jsplumb/jsplumb/archive/2.10.2.tar.gz
dep_identifier = dep_info["version"]
dep = JSDependency(name=dep_name, source=dep_identifier, integrity=dep_info.get("integrity"))
dep_in_nexus = process_non_registry_dependency(dep)
converted_dep_info = copy.deepcopy(dep_info)
# The "from" value is the original value from package.json for some locations
converted_dep_info.pop("from", None)
converted_dep_info.update(
{
"integrity": dep_in_nexus.integrity,
"resolved": dep_in_nexus.source,
"version": dep_in_nexus.version,
}
)
return converted_dep_info
def _convert_to_nexus_hosted(dep_name, dep_source, dep_info):
"""
Convert the input dependency not from the NPM registry to a Nexus hosted dependency.
:param str dep_name: the name of the dependency
:param str dep_source: the source (url or relative path) of the dependency
:param dict dep_info: the dependency info from the yarn lock file
:return: a dict with the "version" and "integrity" keys to replace in the lock file
:raise CachitoError: if the dependency is from an unsupported location or has an unexpected
format in the lock file
"""
integrity = dep_info.get("integrity")
if integrity:
integrity = _pick_strongest_crypto_hash(integrity)
else:
# For http(s) non-registry dependencies, yarn does not seem to include the "integrity" key
# by default. It does, however, include a sha1 hash in the resolved url fragment.
url = urlparse(dep_source)
if url.fragment and url.scheme in ("http", "https"):
integrity = convert_hex_sha_to_npm(url.fragment, "sha1")
dep = JSDependency(name=dep_name, source=dep_source, integrity=integrity)
dep_in_nexus = process_non_registry_dependency(dep)
return {
"integrity": dep_in_nexus.integrity,
# "resolved": this value must be filled in later, after Cachito downloads the dependencies
"version": dep_in_nexus.version,
}
def _convert_to_nexus_hosted(dep_name, dep_source, dep_info):
"""
Convert the input dependency not from the NPM registry to a Nexus hosted dependency.
:param str dep_name: the name of the dependency
:param str dep_source: the source (url or relative path) of the dependency
:param dict dep_info: the dependency info from the yarn lock file
:return: the dependency information of the Nexus hosted version to use in the yarn lock file
instead of the original
:raise CachitoError: if the dependency is from an unsupported location or has an unexpected
format in the lock file
"""
integrity = dep_info.get("integrity")
if integrity:
integrity = _pick_strongest_crypto_hash(integrity)
else:
# For http(s) non-registry dependencies, yarn does not seem to include the "integrity" key
# by default. It does, however, include a sha1 hash in the resolved url fragment.
url = urlparse(dep_source)
if url.fragment and url.scheme in ("http", "https"):
integrity = convert_hex_sha_to_npm(url.fragment, "sha1")
dep = JSDependency(name=dep_name, source=dep_source, integrity=integrity)
dep_in_nexus = process_non_registry_dependency(dep)
converted_dep_info = copy.deepcopy(dep_info)
converted_dep_info.update({
"integrity": dep_in_nexus.integrity,
"resolved": dep_in_nexus.source,
"version": dep_in_nexus.version,
})
return converted_dep_info
@mock.patch("cachito.workers.pkg_managers.yarn.convert_hex_sha_to_npm")
@mock.patch("cachito.workers.pkg_managers.yarn._pick_strongest_crypto_hash")
@mock.patch("cachito.workers.pkg_managers.yarn.process_non_registry_dependency"
)
@pytest.mark.parametrize(
"dep_name, dep_source, dep_info, expected_jsdep, convert_sha_call",
[
(
"subpackage",
"file:./subpackage",
{
"version": "1.0.0"
},
JSDependency("subpackage", source="file:./subpackage"),
None,
),
(
"fecha",
"https://example.org/fecha.tar.gz#123456",
{
"version": "2.0.0"
},
JSDependency(
"fecha",
source="https://example.org/fecha.tar.gz#123456",
integrity=MOCK_INTEGRITY,
),
("123456", "sha1"),
),
