Exemplo n.º 1
0
def convert_to_nexus_hosted(dep_name, dep_info):
    """
    Convert the input dependency not from the NPM registry to a Nexus hosted dependency.

    :param str dep_name: the name of the dependency
    :param dict dep_info: the dependency info from the npm lock file (e.g. package-lock.json)
    :return: the dependency information of the Nexus hosted version to use in the npm lock file
        instead of the original
    :raise CachitoError: if the dependency is from an unsupported location or has an unexpected
        format in the lock file
    """
    # The version value for a dependency outside of the npm registry is the identifier to use for
    # commands such as `npm pack` or `npm install`
    # Examples of version values:
    #   git+https://github.com/ReactiveX/rxjs.git#dfa239d41b97504312fa95e13f4d593d95b49c4b
    #   github:ReactiveX/rxjs#78032157f5c1655436829017bbda787565b48c30
    #   https://github.com/jsplumb/jsplumb/archive/2.10.2.tar.gz
    dep_identifier = dep_info["version"]

    dep = JSDependency(name=dep_name, source=dep_identifier, integrity=dep_info.get("integrity"))
    dep_in_nexus = process_non_registry_dependency(dep)

    converted_dep_info = copy.deepcopy(dep_info)
    # The "from" value is the original value from package.json for some locations
    converted_dep_info.pop("from", None)
    converted_dep_info.update(
        {
            "integrity": dep_in_nexus.integrity,
            "resolved": dep_in_nexus.source,
            "version": dep_in_nexus.version,
        }
    )
    return converted_dep_info
Exemplo n.º 2
0
def _convert_to_nexus_hosted(dep_name, dep_source, dep_info):
    """
    Convert the input dependency not from the NPM registry to a Nexus hosted dependency.

    :param str dep_name: the name of the dependency
    :param str dep_source: the source (url or relative path) of the dependency
    :param dict dep_info: the dependency info from the yarn lock file
    :return: a dict with the "version" and "integrity" keys to replace in the lock file
    :raise CachitoError: if the dependency is from an unsupported location or has an unexpected
        format in the lock file
    """
    integrity = dep_info.get("integrity")
    if integrity:
        integrity = _pick_strongest_crypto_hash(integrity)
    else:
        # For http(s) non-registry dependencies, yarn does not seem to include the "integrity" key
        # by default. It does, however, include a sha1 hash in the resolved url fragment.
        url = urlparse(dep_source)
        if url.fragment and url.scheme in ("http", "https"):
            integrity = convert_hex_sha_to_npm(url.fragment, "sha1")

    dep = JSDependency(name=dep_name, source=dep_source, integrity=integrity)
    dep_in_nexus = process_non_registry_dependency(dep)

    return {
        "integrity": dep_in_nexus.integrity,
        # "resolved": this value must be filled in later, after Cachito downloads the dependencies
        "version": dep_in_nexus.version,
    }
Exemplo n.º 3
0
def _convert_to_nexus_hosted(dep_name, dep_source, dep_info):
    """
    Convert the input dependency not from the NPM registry to a Nexus hosted dependency.

    :param str dep_name: the name of the dependency
    :param str dep_source: the source (url or relative path) of the dependency
    :param dict dep_info: the dependency info from the yarn lock file
    :return: the dependency information of the Nexus hosted version to use in the yarn lock file
        instead of the original
    :raise CachitoError: if the dependency is from an unsupported location or has an unexpected
        format in the lock file
    """
    integrity = dep_info.get("integrity")
    if integrity:
        integrity = _pick_strongest_crypto_hash(integrity)
    else:
        # For http(s) non-registry dependencies, yarn does not seem to include the "integrity" key
        # by default. It does, however, include a sha1 hash in the resolved url fragment.
        url = urlparse(dep_source)
        if url.fragment and url.scheme in ("http", "https"):
            integrity = convert_hex_sha_to_npm(url.fragment, "sha1")

    dep = JSDependency(name=dep_name, source=dep_source, integrity=integrity)
    dep_in_nexus = process_non_registry_dependency(dep)

    converted_dep_info = copy.deepcopy(dep_info)
    converted_dep_info.update({
        "integrity": dep_in_nexus.integrity,
        "resolved": dep_in_nexus.source,
        "version": dep_in_nexus.version,
    })
    return converted_dep_info
Exemplo n.º 4
0

@mock.patch("cachito.workers.pkg_managers.yarn.convert_hex_sha_to_npm")
@mock.patch("cachito.workers.pkg_managers.yarn._pick_strongest_crypto_hash")
@mock.patch("cachito.workers.pkg_managers.yarn.process_non_registry_dependency"
            )
@pytest.mark.parametrize(
    "dep_name, dep_source, dep_info, expected_jsdep, convert_sha_call",
    [
        (
            "subpackage",
            "file:./subpackage",
            {
                "version": "1.0.0"
            },
            JSDependency("subpackage", source="file:./subpackage"),
            None,
        ),
        (
            "fecha",
            "https://example.org/fecha.tar.gz#123456",
            {
                "version": "2.0.0"
            },
            JSDependency(
                "fecha",
                source="https://example.org/fecha.tar.gz#123456",
                integrity=MOCK_INTEGRITY,
            ),
            ("123456", "sha1"),
        ),