packageslockjson

Documentation

Overview

Package packageslockjson extracts packages.lock.json files.

Index

• Constants
• type Config
  • func DefaultConfig() Config
• type Extractor
  • func New(cfg Config) *Extractor
  • func (e Extractor) Extract(ctx context.Context, input *filesystem.ScanInput) ([]*extractor.Inventory, error)
  • func (e Extractor) FileRequired(path string, fileinfo fs.FileInfo) bool
  • func (e Extractor) Name() string
  • func (e Extractor) ToCPEs(i *extractor.Inventory) ([]string, error)
  • func (e Extractor) ToPURL(i *extractor.Inventory) (*purl.PackageURL, error)
  • func (e Extractor) Version() int
• type PackageInfo
• type PackagesLockJSON
  • func Parse(r io.Reader) (PackagesLockJSON, error)

Constants

const (
	// Name is the unique name of this extractor.
	Name = "dotnet/packageslockjson"
)

Types

type Config

type Config struct {
	// Stats is a stats collector for reporting metrics.
	Stats stats.Collector
	// MaxFileSizeBytes is the maximum file size this extractor will unmarshal. If
	// `FileRequired` gets a bigger file, it will return false,
	MaxFileSizeBytes int64
}

Config is the configuration for the Extractor.

func DefaultConfig

func DefaultConfig() Config

DefaultConfig returns the default configuration for the extractor.

type Extractor

type Extractor struct {
	// contains filtered or unexported fields
}

Extractor extracts packages from inside a packages.lock.json.

func New

func New(cfg Config) *Extractor

New returns a requirements.txt extractor.

For most use cases, initialize with: ``` e := New(DefaultConfig()) ```

func (Extractor) Extract

func (e Extractor) Extract(ctx context.Context, input *filesystem.ScanInput) ([]*extractor.Inventory, error)

Extract returns a list of dependencies in a packages.lock.json file.

func (Extractor) FileRequired

func (e Extractor) FileRequired(path string, fileinfo fs.FileInfo) bool

FileRequired returns true if the specified file is marked executable.

func (Extractor) Name

func (e Extractor) Name() string

Name of the extractor.

func (Extractor) ToCPEs

func (e Extractor) ToCPEs(i *extractor.Inventory) ([]string, error)

ToCPEs is not applicable as this extractor does not infer CPEs from the Inventory.

func (Extractor) ToPURL

func (e Extractor) ToPURL(i *extractor.Inventory) (*purl.PackageURL, error)

ToPURL converts an inventory created by this extractor into a PURL.

func (Extractor) Version

func (e Extractor) Version() int

Version of the extractor.

type PackageInfo

type PackageInfo struct {
	// Resolved is the resolved version for this dependency.
	Resolved     string            `json:"resolved"`
	Dependencies map[string]string `json:"dependencies"`
}

PackageInfo represents a single package's info, including its resolved version, and its dependencies

type PackagesLockJSON

type PackagesLockJSON struct {
	Dependencies map[string]map[string]PackageInfo `json:"dependencies"`
}

PackagesLockJSON represents the `packages.lock.json` file generated from running `dotnet restore --use-lock-file`. The schema path we care about is: "dependencies" -> target framework moniker -> package name -> package info

func Parse

func Parse(r io.Reader) (PackagesLockJSON, error)

Parse returns a struct representing the structure of a .NET project's packages.lock.json file.