From 8a2a7bf65247c603b0917436a8f79e3b3b9cb129 Mon Sep 17 00:00:00 2001 From: Gareth Jones Date: Sat, 26 Aug 2023 08:16:11 +1200 Subject: [PATCH] fix: support peer dependencies in v6 versions of PNPM lockfiles (#209) --- .../fixtures/pnpm/peer-dependencies-v6.yaml | 46 +++++++++++++++++++ pkg/lockfile/parse-pnpm-lock.go | 2 +- pkg/lockfile/parse-pnpm-lock_test.go | 43 +++++++++++++++++ 3 files changed, 90 insertions(+), 1 deletion(-) create mode 100644 pkg/lockfile/fixtures/pnpm/peer-dependencies-v6.yaml diff --git a/pkg/lockfile/fixtures/pnpm/peer-dependencies-v6.yaml b/pkg/lockfile/fixtures/pnpm/peer-dependencies-v6.yaml new file mode 100644 index 00000000..68f3a01b --- /dev/null +++ b/pkg/lockfile/fixtures/pnpm/peer-dependencies-v6.yaml @@ -0,0 +1,46 @@ +lockfileVersion: '6.0' + +settings: + autoInstallPeers: true + excludeLinksFromLockfile: false + +dependencies: + react-dom: + specifier: ^18.2.0 + version: 18.2.0(react@18.2.0) + +packages: + + /js-tokens@4.0.0: + resolution: {integrity: sha512-RdJUflcE3cUzKiMqQgsCu06FPu9UdIJO0beYbPhHN4k6apgJtifcoCtT9bcxOpYBtpD2kCM6Sbzg4CausW/PKQ==} + dev: false + + /loose-envify@1.4.0: + resolution: {integrity: sha512-lyuxPGr/Wfhrlem2CL/UcnUc1zcqKAImBDzukY7Y5F/yQiNdko6+fRLevlw1HgMySw7f611UIY408EtxRSoK3Q==} + hasBin: true + dependencies: + js-tokens: 4.0.0 + dev: false + + /react-dom@18.2.0(react@18.2.0): + resolution: {integrity: sha512-6IMTriUmvsjHUjNtEDudZfuDQUoWXVxKHhlEGSk81n4YFS+r/Kl99wXiwlVXtPBtJenozv2P+hxDsw9eA7Xo6g==} + peerDependencies: + react: ^18.2.0 + dependencies: + loose-envify: 1.4.0 + react: 18.2.0 + scheduler: 0.23.0 + dev: false + + /react@18.2.0: + resolution: {integrity: sha512-/3IjMdb2L9QbBdWiW5e3P2/npwMBaU9mHCSCUzNln0ZCYbcfTsGbTJrU/kGemdH2IWmB2ioZ+zkxtmq6g09fGQ==} + engines: {node: '>=0.10.0'} + dependencies: + loose-envify: 1.4.0 + dev: false + + /scheduler@0.23.0: + resolution: {integrity: sha512-CtuThmgHNg7zIZWAXi3AsyIzA3n4xx7aNyjwC2VJldO2LMVDhFK+63xGqq6CsJH4rTAt6/M+N4GhZiDYPx9eUw==} + dependencies: + loose-envify: 1.4.0 + dev: false diff --git a/pkg/lockfile/parse-pnpm-lock.go b/pkg/lockfile/parse-pnpm-lock.go index 8db2fbbc..0d4adad1 100644 --- a/pkg/lockfile/parse-pnpm-lock.go +++ b/pkg/lockfile/parse-pnpm-lock.go @@ -107,7 +107,7 @@ func extractPnpmPackageNameAndVersion(dependencyPath string) (string, string) { func parseNameAtVersion(value string) (name string, version string) { // look for pattern "name@version", where name is allowed to contain zero or more "@" - matches := regexp.MustCompile(`^(.+)@([\d.]+)$`).FindStringSubmatch(value) + matches := regexp.MustCompile(`^(.+)@([\d.]+)(?:\(|$)`).FindStringSubmatch(value) if len(matches) != 3 { return name, "" diff --git a/pkg/lockfile/parse-pnpm-lock_test.go b/pkg/lockfile/parse-pnpm-lock_test.go index 48fba288..568dc293 100644 --- a/pkg/lockfile/parse-pnpm-lock_test.go +++ b/pkg/lockfile/parse-pnpm-lock_test.go @@ -167,6 +167,49 @@ func TestParsePnpmLock_PeerDependencies(t *testing.T) { }) } +func TestParsePnpmLock_PeerDependenciesV6(t *testing.T) { + t.Parallel() + + packages, err := lockfile.ParsePnpmLock("fixtures/pnpm/peer-dependencies-v6.yaml") + + if err != nil { + t.Errorf("Got unexpected error: %v", err) + } + + expectPackages(t, packages, []lockfile.PackageDetails{ + { + Name: "js-tokens", + Version: "4.0.0", + Ecosystem: lockfile.PnpmEcosystem, + CompareAs: lockfile.PnpmEcosystem, + }, + { + Name: "loose-envify", + Version: "1.4.0", + Ecosystem: lockfile.PnpmEcosystem, + CompareAs: lockfile.PnpmEcosystem, + }, + { + Name: "react-dom", + Version: "18.2.0", + Ecosystem: lockfile.PnpmEcosystem, + CompareAs: lockfile.PnpmEcosystem, + }, + { + Name: "react", + Version: "18.2.0", + Ecosystem: lockfile.PnpmEcosystem, + CompareAs: lockfile.PnpmEcosystem, + }, + { + Name: "scheduler", + Version: "0.23.0", + Ecosystem: lockfile.PnpmEcosystem, + CompareAs: lockfile.PnpmEcosystem, + }, + }) +} + func TestParsePnpmLock_PeerDependenciesAdvanced(t *testing.T) { t.Parallel()