lockfile

package
v1.6.0-alpha Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 17, 2024 License: Apache-2.0 Imports: 20 Imported by: 17

Documentation

Index

Constants

View Source 
const PipenvEcosystem = PipEcosystem
View Source 
const PnpmEcosystem = NpmEcosystem
View Source 
const PoetryEcosystem = PipEcosystem
View Source 
const YarnEcosystem = NpmEcosystem

Variables

View Source 
var ErrExtractorNotFound = errors.New("could not determine extractor")
View Source 
var ErrOpenNotSupported = errors.New("this file does not support opening files")
View Source 
var ErrParserNotFound = errors.New("could not determine parser")

Functions

func ListExtractors added in v1.4.0 

func ListExtractors() []string

func ListParsers 

func ListParsers() []string

Types

type ApkInstalledExtractor added in v1.4.0 

type ApkInstalledExtractor struct{}

func (ApkInstalledExtractor) Extract added in v1.4.0 

func (e ApkInstalledExtractor) Extract(f DepFile) ([]PackageDetails, error)

func (ApkInstalledExtractor) ShouldExtract added in v1.4.0 

func (e ApkInstalledExtractor) ShouldExtract(path string) bool

type CSVExtractor added in v1.4.0 

type CSVExtractor struct{}

func (CSVExtractor) Extract added in v1.4.0 

func (e CSVExtractor) Extract(f DepFile) ([]PackageDetails, error)

func (CSVExtractor) ShouldExtract added in v1.4.0 

func (e CSVExtractor) ShouldExtract(_ string) bool

type CargoLockExtractor added in v1.4.0 

type CargoLockExtractor struct{}

func (CargoLockExtractor) Extract added in v1.4.0 

func (e CargoLockExtractor) Extract(f DepFile) ([]PackageDetails, error)

func (CargoLockExtractor) ShouldExtract added in v1.4.0 

func (e CargoLockExtractor) ShouldExtract(path string) bool

type CargoLockFile 

type CargoLockFile struct {
	Version  int                `toml:"version"`
	Packages []CargoLockPackage `toml:"package"`
}

type CargoLockPackage 

type CargoLockPackage struct {
	Name    string `toml:"name"`
	Version string `toml:"version"`
}

type ComposerLock 

type ComposerLock struct {
	Packages    []ComposerPackage `json:"packages"`
	PackagesDev []ComposerPackage `json:"packages-dev"`
}

type ComposerLockExtractor added in v1.4.0 

type ComposerLockExtractor struct{}

func (ComposerLockExtractor) Extract added in v1.4.0 

func (e ComposerLockExtractor) Extract(f DepFile) ([]PackageDetails, error)

func (ComposerLockExtractor) ShouldExtract added in v1.4.0 

func (e ComposerLockExtractor) ShouldExtract(path string) bool

type ComposerPackage 

type ComposerPackage struct {
	Name    string `json:"name"`
	Version string `json:"version"`
	Dist    struct {
		Reference string `json:"reference"`
	} `json:"dist"`
}

type ConanGraphLock added in v1.2.0 

type ConanGraphLock struct {
	Nodes map[string]ConanGraphNode `json:"nodes"`
}

type ConanGraphNode added in v1.2.0 

type ConanGraphNode struct {
	Pref      string `json:"pref"`
	Ref       string `json:"ref"`
	Options   string `json:"options"`
	PackageID string `json:"package_id"`
	Prev      string `json:"prev"`
	Path      string `json:"path"`
	Context   string `json:"context"`
}

type ConanLockExtractor added in v1.4.0 

type ConanLockExtractor struct{}

func (ConanLockExtractor) Extract added in v1.4.0 

func (e ConanLockExtractor) Extract(f DepFile) ([]PackageDetails, error)

func (ConanLockExtractor) ShouldExtract added in v1.4.0 

func (e ConanLockExtractor) ShouldExtract(path string) bool

type ConanLockFile added in v1.2.0 

type ConanLockFile struct {
	Version string `json:"version"`
	// conan v0.4- lockfiles use "graph_lock", "profile_host" and "profile_build"
	GraphLock    ConanGraphLock `json:"graph_lock,omitempty"`
	ProfileHost  string         `json:"profile_host,omitempty"`
	ProfileBuild string         `json:"profile_build,omitempty"`
	// conan v0.5+ lockfiles use "requires", "build_requires" and "python_requires"
	Requires       []string `json:"requires,omitempty"`
	BuildRequires  []string `json:"build_requires,omitempty"`
	PythonRequires []string `json:"python_requires,omitempty"`
}

type ConanReference added in v1.2.0 

type ConanReference struct {
	Name            string
	Version         string
	Username        string
	Channel         string
	RecipeRevision  string
	PackageID       string
	PackageRevision string
	TimeStamp       string
}

type DepFile added in v1.4.0 

type DepFile interface {
	io.Reader

	// Open opens an NestedDepFile based on the path of the
	// current DepFile if the provided path is relative.
	//
	// If the path is an absolute path, then it is opened absolutely.
	Open(path string) (NestedDepFile, error)

	Path() string
}

DepFile is an abstraction for a file that has been opened for extraction, and that knows how to open other DepFiles relative to itself.

type DpkgStatusExtractor added in v1.4.0 

type DpkgStatusExtractor struct{}

func (DpkgStatusExtractor) Extract added in v1.4.0 

func (e DpkgStatusExtractor) Extract(f DepFile) ([]PackageDetails, error)

func (DpkgStatusExtractor) ShouldExtract added in v1.4.0 

func (e DpkgStatusExtractor) ShouldExtract(path string) bool

type Ecosystem 

type Ecosystem string
const AlpineEcosystem Ecosystem = "Alpine"
const BundlerEcosystem Ecosystem = "RubyGems"
const CRANEcosystem Ecosystem = "CRAN"
const CargoEcosystem Ecosystem = "crates.io"
const ComposerEcosystem Ecosystem = "Packagist"
const ConanEcosystem Ecosystem = "ConanCenter"

TODO this is tentative and subject to change depending on the OSV schema 

const DebianEcosystem Ecosystem = "Debian"
const GoEcosystem Ecosystem = "Go"
const MavenEcosystem Ecosystem = "Maven"
const MixEcosystem Ecosystem = "Hex"
const NpmEcosystem Ecosystem = "npm"
const NuGetEcosystem Ecosystem = "NuGet"
const PipEcosystem Ecosystem = "PyPI"
const PubEcosystem Ecosystem = "Pub"

func KnownEcosystems 

func KnownEcosystems() []Ecosystem

KnownEcosystems returns a list of ecosystems that `lockfile` supports automatically inferring an extractor for based on a file path.

func (Ecosystem) IsDevGroup added in v1.6.0 

func (sys Ecosystem) IsDevGroup(groups []string) bool

IsDevGroup returns if any string in groups indicates the development dependency group for the specified ecosystem.

type Extractor added in v1.4.0 

type Extractor interface {
	// ShouldExtract checks if the Extractor should be used for the given path.
	ShouldExtract(path string) bool
	Extract(f DepFile) ([]PackageDetails, error)
}

func FindExtractor added in v1.4.0 

func FindExtractor(path, extractAs string) (Extractor, string)

type GemfileLockExtractor added in v1.4.0 

type GemfileLockExtractor struct{}

func (GemfileLockExtractor) Extract added in v1.4.0 

func (e GemfileLockExtractor) Extract(f DepFile) ([]PackageDetails, error)

func (GemfileLockExtractor) ShouldExtract added in v1.4.0 

func (e GemfileLockExtractor) ShouldExtract(path string) bool

type GoLockExtractor added in v1.4.0 

type GoLockExtractor struct{}

func (GoLockExtractor) Extract added in v1.4.0 

func (e GoLockExtractor) Extract(f DepFile) ([]PackageDetails, error)

func (GoLockExtractor) ShouldExtract added in v1.4.0 

func (e GoLockExtractor) ShouldExtract(path string) bool

type GradleLockExtractor added in v1.4.0 

type GradleLockExtractor struct{}

func (GradleLockExtractor) Extract added in v1.4.0 

func (e GradleLockExtractor) Extract(f DepFile) ([]PackageDetails, error)

func (GradleLockExtractor) ShouldExtract added in v1.4.0 

func (e GradleLockExtractor) ShouldExtract(path string) bool

type LocalFile added in v1.4.0 

type LocalFile struct {
	io.ReadCloser
	// contains filtered or unexported fields
}

A LocalFile represents a file that exists on the local filesystem.

func (LocalFile) Open added in v1.4.0 

func (f LocalFile) Open(path string) (NestedDepFile, error)

func (LocalFile) Path added in v1.4.0 

func (f LocalFile) Path() string

type Lockfile 

type Lockfile struct {
	FilePath string   `json:"filePath"`
	ParsedAs string   `json:"parsedAs"`
	Packages Packages `json:"packages"`
}

func ExtractDeps added in v1.4.0 

func ExtractDeps(f DepFile, extractAs string) (Lockfile, error)

func FromApkInstalled added in v1.2.0 

func FromApkInstalled(pathToInstalled string) (Lockfile, error)

FromApkInstalled attempts to parse the given file as an "apk-installed" lockfile used by the Alpine Package Keeper (apk) to record installed packages.

func FromCSVFile 

func FromCSVFile(pathToCSV string, parseAs string) (Lockfile, error)

func FromCSVRows 

func FromCSVRows(filePath string, parseAs string, rows []string) (Lockfile, error)

func FromDpkgStatus added in v1.2.0 

func FromDpkgStatus(pathToStatus string) (Lockfile, error)

FromDpkgStatus attempts to parse the given file as an "dpkg-status" lockfile used by the Debian Package (dpkg) to record installed packages.

func FromOSVScannerResults added in v1.4.0 

func FromOSVScannerResults(pathToInstalled string) (Lockfile, error)

FromOSVScannerResults attempts to extract packages stored in the OSVScannerResults format

func Parse 

func Parse(pathToLockfile string, parseAs string) (Lockfile, error)

Parse attempts to extract a collection of package details from a lockfile, using one of the native parsers.

The parser is selected based on the name of the file, which can be overridden with the "parseAs" parameter.

func (Lockfile) String 

func (l Lockfile) String() string

type MavenLockDependency 

type MavenLockDependency struct {
	XMLName    xml.Name `xml:"dependency"`
	GroupID    string   `xml:"groupId"`
	ArtifactID string   `xml:"artifactId"`
	Version    string   `xml:"version"`
	Scope      string   `xml:"scope"`
}

func (MavenLockDependency) ResolveVersion 

func (mld MavenLockDependency) ResolveVersion(lockfile MavenLockFile) string

type MavenLockExtractor added in v1.4.0 

type MavenLockExtractor struct{}

func (MavenLockExtractor) Extract added in v1.4.0 

func (e MavenLockExtractor) Extract(f DepFile) ([]PackageDetails, error)

func (MavenLockExtractor) ShouldExtract added in v1.4.0 

func (e MavenLockExtractor) ShouldExtract(path string) bool

type MavenLockFile 

type MavenLockFile struct {
	XMLName             xml.Name              `xml:"project"`
	ModelVersion        string                `xml:"modelVersion"`
	GroupID             string                `xml:"groupId"`
	ArtifactID          string                `xml:"artifactId"`
	Properties          MavenLockProperties   `xml:"properties"`
	Dependencies        []MavenLockDependency `xml:"dependencies>dependency"`
	ManagedDependencies []MavenLockDependency `xml:"dependencyManagement>dependencies>dependency"`
}

type MavenLockProperties 

type MavenLockProperties struct {
	// contains filtered or unexported fields
}

func (*MavenLockProperties) UnmarshalXML 

func (p *MavenLockProperties) UnmarshalXML(d *xml.Decoder, start xml.StartElement) error

type MixLockExtractor added in v1.4.0 

type MixLockExtractor struct{}

func (MixLockExtractor) Extract added in v1.4.0 

func (e MixLockExtractor) Extract(f DepFile) ([]PackageDetails, error)

func (MixLockExtractor) ShouldExtract added in v1.4.0 

func (e MixLockExtractor) ShouldExtract(path string) bool

type NestedDepFile added in v1.4.0 

type NestedDepFile interface {
	io.Closer
	DepFile
}

NestedDepFile is an abstraction for a file that has been opened while extracting another file, and would need to be closed.

func OpenLocalDepFile added in v1.4.0 

func OpenLocalDepFile(path string) (NestedDepFile, error)

type NpmLockDependency 

type NpmLockDependency struct {
	// For an aliased package, Version is like "npm:[name]@[version]"
	Version      string                       `json:"version"`
	Dependencies map[string]NpmLockDependency `json:"dependencies,omitempty"`

	Dev      bool `json:"dev,omitempty"`
	Optional bool `json:"optional,omitempty"`
}

type NpmLockExtractor added in v1.4.0 

type NpmLockExtractor struct{}

func (NpmLockExtractor) Extract added in v1.4.0 

func (e NpmLockExtractor) Extract(f DepFile) ([]PackageDetails, error)

func (NpmLockExtractor) ShouldExtract added in v1.4.0 

func (e NpmLockExtractor) ShouldExtract(path string) bool

type NpmLockPackage 

type NpmLockPackage struct {
	// For an aliased package, Name is the real package name
	Name         string            `json:"name"`
	Version      string            `json:"version"`
	Resolved     string            `json:"resolved"`
	Dependencies map[string]string `json:"dependencies"`

	Dev         bool `json:"dev,omitempty"`
	DevOptional bool `json:"devOptional,omitempty"`
	Optional    bool `json:"optional,omitempty"`
}

type NpmLockfile 

type NpmLockfile struct {
	Version int `json:"lockfileVersion"`
	// npm v1- lockfiles use "dependencies"
	Dependencies map[string]NpmLockDependency `json:"dependencies"`
	// npm v2+ lockfiles use "packages"
	Packages map[string]NpmLockPackage `json:"packages,omitempty"`
}

type NuGetLockExtractor added in v1.4.0 

type NuGetLockExtractor struct{}

func (NuGetLockExtractor) Extract added in v1.4.0 

func (e NuGetLockExtractor) Extract(f DepFile) ([]PackageDetails, error)

func (NuGetLockExtractor) ShouldExtract added in v1.4.0 

func (e NuGetLockExtractor) ShouldExtract(path string) bool

type NuGetLockPackage added in v1.1.0 

type NuGetLockPackage struct {
	Resolved string `json:"resolved"`
}

type NuGetLockfile added in v1.1.0 

type NuGetLockfile struct {
	Version      int                                    `json:"version"`
	Dependencies map[string]map[string]NuGetLockPackage `json:"dependencies"`
}

NuGetLockfile contains the required dependency information as defined in https://github.com/NuGet/NuGet.Client/blob/6.5.0.136/src/NuGet.Core/NuGet.ProjectModel/ProjectLockFile/PackagesLockFileFormat.cs

type OSVScannerResultsExtractor added in v1.4.0 

type OSVScannerResultsExtractor struct{}

func (OSVScannerResultsExtractor) Extract added in v1.4.0 

func (e OSVScannerResultsExtractor) Extract(f DepFile) ([]PackageDetails, error)

func (OSVScannerResultsExtractor) ShouldExtract added in v1.4.0 

func (e OSVScannerResultsExtractor) ShouldExtract(path string) bool

type PackageDetails 

type PackageDetails struct {
	Name      string    `json:"name"`
	Version   string    `json:"version"`
	Commit    string    `json:"commit,omitempty"`
	Ecosystem Ecosystem `json:"ecosystem,omitempty"`
	CompareAs Ecosystem `json:"compareAs,omitempty"`
	DepGroups []string  `json:"-"`
}

func ParseApkInstalled added in v1.1.0 

func ParseApkInstalled(pathToLockfile string) ([]PackageDetails, error)

func ParseCargoLock 

func ParseCargoLock(pathToLockfile string) ([]PackageDetails, error)

func ParseComposerLock 

func ParseComposerLock(pathToLockfile string) ([]PackageDetails, error)

func ParseConanLock added in v1.2.0 

func ParseConanLock(pathToLockfile string) ([]PackageDetails, error)

func ParseDpkgStatus added in v1.2.0 

func ParseDpkgStatus(pathToLockfile string) ([]PackageDetails, error)

func ParseGemfileLock 

func ParseGemfileLock(pathToLockfile string) ([]PackageDetails, error)

func ParseGoLock 

func ParseGoLock(pathToLockfile string) ([]PackageDetails, error)

func ParseGradleLock added in v1.0.1 

func ParseGradleLock(pathToLockfile string) ([]PackageDetails, error)

func ParseMavenLock 

func ParseMavenLock(pathToLockfile string) ([]PackageDetails, error)

func ParseMixLock 

func ParseMixLock(pathToLockfile string) ([]PackageDetails, error)

func ParseNpmLock 

func ParseNpmLock(pathToLockfile string) ([]PackageDetails, error)

func ParseNuGetLock added in v1.1.0 

func ParseNuGetLock(pathToLockfile string) ([]PackageDetails, error)

func ParseOSVScannerResults added in v1.4.0 

func ParseOSVScannerResults(pathToLockfile string) ([]PackageDetails, error)

func ParsePipenvLock added in v1.1.0 

func ParsePipenvLock(pathToLockfile string) ([]PackageDetails, error)

func ParsePnpmLock 

func ParsePnpmLock(pathToLockfile string) ([]PackageDetails, error)

func ParsePoetryLock 

func ParsePoetryLock(pathToLockfile string) ([]PackageDetails, error)

func ParsePubspecLock 

func ParsePubspecLock(pathToLockfile string) ([]PackageDetails, error)

func ParseRenvLock added in v1.5.0 

func ParseRenvLock(pathToLockfile string) ([]PackageDetails, error)

func ParseRequirementsTxt 

func ParseRequirementsTxt(pathToLockfile string) ([]PackageDetails, error)

func ParseYarnLock 

func ParseYarnLock(pathToLockfile string) ([]PackageDetails, error)

type PackageDetailsParser 

type PackageDetailsParser = func(pathToLockfile string) ([]PackageDetails, error)

func FindParser 

func FindParser(pathToLockfile string, parseAs string) (PackageDetailsParser, string)

type Packages 

type Packages []PackageDetails

func (Packages) Ecosystems 

func (ps Packages) Ecosystems() []Ecosystem

type PipenvLock added in v1.1.0 

type PipenvLock struct {
	Packages    map[string]PipenvPackage `json:"default"`
	PackagesDev map[string]PipenvPackage `json:"develop"`
}

type PipenvLockExtractor added in v1.4.0 

type PipenvLockExtractor struct{}

func (PipenvLockExtractor) Extract added in v1.4.0 

func (e PipenvLockExtractor) Extract(f DepFile) ([]PackageDetails, error)

func (PipenvLockExtractor) ShouldExtract added in v1.4.0 

func (e PipenvLockExtractor) ShouldExtract(path string) bool

type PipenvPackage added in v1.1.0 

type PipenvPackage struct {
	Version string `json:"version"`
}

type PnpmLockExtractor added in v1.4.0 

type PnpmLockExtractor struct{}

func (PnpmLockExtractor) Extract added in v1.4.0 

func (e PnpmLockExtractor) Extract(f DepFile) ([]PackageDetails, error)

func (PnpmLockExtractor) ShouldExtract added in v1.4.0 

func (e PnpmLockExtractor) ShouldExtract(path string) bool

type PnpmLockPackage 

type PnpmLockPackage struct {
	Resolution PnpmLockPackageResolution `yaml:"resolution"`
	Name       string                    `yaml:"name"`
	Version    string                    `yaml:"version"`
	Dev        bool                      `yaml:"dev"`
}

type PnpmLockPackageResolution 

type PnpmLockPackageResolution struct {
	Tarball string `yaml:"tarball"`
	Commit  string `yaml:"commit"`
	Repo    string `yaml:"repo"`
	Type    string `yaml:"type"`
}

type PnpmLockfile 

type PnpmLockfile struct {
	Version  float64                    `yaml:"lockfileVersion"`
	Packages map[string]PnpmLockPackage `yaml:"packages,omitempty"`
}

func (*PnpmLockfile) UnmarshalYAML added in v1.3.2 

func (l *PnpmLockfile) UnmarshalYAML(unmarshal func(interface{}) error) error

type PoetryLockExtractor added in v1.4.0 

type PoetryLockExtractor struct{}

func (PoetryLockExtractor) Extract added in v1.4.0 

func (e PoetryLockExtractor) Extract(f DepFile) ([]PackageDetails, error)

func (PoetryLockExtractor) ShouldExtract added in v1.4.0 

func (e PoetryLockExtractor) ShouldExtract(path string) bool

type PoetryLockFile 

type PoetryLockFile struct {
	Version  int                 `toml:"version"`
	Packages []PoetryLockPackage `toml:"package"`
}

type PoetryLockPackage 

type PoetryLockPackage struct {
	Name     string                  `toml:"name"`
	Version  string                  `toml:"version"`
	Optional bool                    `toml:"optional"`
	Source   PoetryLockPackageSource `toml:"source"`
}

type PoetryLockPackageSource 

type PoetryLockPackageSource struct {
	Type   string `toml:"type"`
	Commit string `toml:"resolved_reference"`
}

type PubspecLockDescription 

type PubspecLockDescription struct {
	Name string `yaml:"name"`
	URL  string `yaml:"url"`
	Path string `yaml:"path"`
	Ref  string `yaml:"resolved-ref"`
}

func (*PubspecLockDescription) UnmarshalYAML 

func (pld *PubspecLockDescription) UnmarshalYAML(value *yaml.Node) error

type PubspecLockExtractor added in v1.4.0 

type PubspecLockExtractor struct{}

func (PubspecLockExtractor) Extract added in v1.4.0 

func (e PubspecLockExtractor) Extract(f DepFile) ([]PackageDetails, error)

func (PubspecLockExtractor) ShouldExtract added in v1.4.0 

func (e PubspecLockExtractor) ShouldExtract(path string) bool

type PubspecLockPackage 

type PubspecLockPackage struct {
	Source      string                 `yaml:"source"`
	Description PubspecLockDescription `yaml:"description"`
	Version     string                 `yaml:"version"`
	Dependency  string                 `yaml:"dependency"`
}

type PubspecLockfile 

type PubspecLockfile struct {
	Packages map[string]PubspecLockPackage `yaml:"packages,omitempty"`
	Sdks     map[string]string             `yaml:"sdks"`
}

type RenvLockExtractor added in v1.5.0 

type RenvLockExtractor struct{}

func (RenvLockExtractor) Extract added in v1.5.0 

func (e RenvLockExtractor) Extract(f DepFile) ([]PackageDetails, error)

func (RenvLockExtractor) ShouldExtract added in v1.5.0 

func (e RenvLockExtractor) ShouldExtract(path string) bool

type RenvLockfile added in v1.5.0 

type RenvLockfile struct {
	Packages map[string]RenvPackage `json:"Packages"`
}

type RenvPackage added in v1.5.0 

type RenvPackage struct {
	Package    string `json:"Package"`
	Version    string `json:"Version"`
	Repository string `json:"Repository"`
}

type RequirementsTxtExtractor added in v1.4.0 

type RequirementsTxtExtractor struct{}

func (RequirementsTxtExtractor) Extract added in v1.4.0 

func (e RequirementsTxtExtractor) Extract(f DepFile) ([]PackageDetails, error)

func (RequirementsTxtExtractor) ShouldExtract added in v1.4.0 

func (e RequirementsTxtExtractor) ShouldExtract(path string) bool

type YarnLockExtractor added in v1.4.0 

type YarnLockExtractor struct{}

func (YarnLockExtractor) Extract added in v1.4.0 

func (e YarnLockExtractor) Extract(f DepFile) ([]PackageDetails, error)

func (YarnLockExtractor) ShouldExtract added in v1.4.0 

func (e YarnLockExtractor) ShouldExtract(path string) bool

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.