Skip to content
This repository has been archived by the owner on May 3, 2022. It is now read-only.

Commit

Permalink
Merge pull request #18 from sandacontiume/master
Browse files Browse the repository at this point in the history
filter out declared optional dependencies which are not installed by npm, from the output
  • Loading branch information
JeroenKnoops authored Jan 29, 2020
2 parents 6098266 + b2dc253 commit 89015ee
Show file tree
Hide file tree
Showing 10 changed files with 260 additions and 46 deletions.
4 changes: 4 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -19,3 +19,7 @@
npm-debug.log*
yarn-debug.log*
yarn-error.log*

# output files
dependencies.js
dependencies.js.txt
9 changes: 9 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
# CHANGELOG

## 0.0.6
- Excluding from the input file those dependencies that are declared as optional, and no other mandatory dependency requires them.
We did this because we noticed that dependencies that are declared as optional and are not required by any mandatory dependency, are simply not installed in the node_modules folder.

## 0.0.5
- including graceful degradation when no dependencies

40 changes: 39 additions & 1 deletion README.md
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
[![Build Status](https://travis-ci.com/philips-software/npm-dependencies-extractor.svg?branch=master)](https://travis-ci.com/philips-software/npm-dependencies-extractor)

# npm-dependencies-extractor
This is a CLI package that provides a command *extract-dependencies* to extract the flat list of (all) dependencies from a package-lock.json file (or another file with the same structure of your choice. If you want, instead of the package-lock.json, you may specify as input file the JSON file generated by the npm command to list json dependencies, such as:
This is a CLI package that provides a command *extract-dependencies* to extract the flat list of (all installed) dependencies from a package-lock.json file (or another file with the same structure of your choice. If you want, instead of the package-lock.json, you may specify as input file the JSON file generated by the npm command to list json dependencies, such as:
```
npm list --json > inputFile.json
```
Expand Down Expand Up @@ -30,6 +30,13 @@ The second output format is a txt file containing an array of dependencies, one
[email protected]
```

# Status
0.0.6, see [CHANGELOG.md](./CHANGELOG.md)

## Technology stack
- Javascript
- This software is intended to be used standalone, as a command-line tool

## Prerequisites
- you should have Node installed (this script was tested with node v8.12.0)

Expand Down Expand Up @@ -78,6 +85,11 @@ extract-dependencies [options]
| --output [filename]| -o | Js filename to which the flat list of dependencies is written. If the file already exists, it will be overwritten. Default value: dependencies.js. One more representation of the flat dependencies is generated, in the form of text (as <output>.txt)
| --verbose | | Verbose output of commands and errors

### Sample usage

```
npm run extract-dependencies -- -i ./test-data/input-with-optionals/package-lock-with-2-mandatory-dependencies.json --verbose
```

## Usage scenarios

Expand Down Expand Up @@ -111,3 +123,29 @@ extract-dependencies [options]
>
> Currenlty supported values for encoding are: utf8, utf16le
## Owners
See [CODEOWNERS](./CODEOWNERS)

## Maintainers
See [MAINTAINERS.md](./MAINTAINERS.md)

## Contributing
See [CONTRIBUTING.md](./CONTRIBUTING.md)

## License
See [LICENSE.md](./LICENSE.md)

## Author
Sanda Contiu

## Keywords
- dependencies
- npm
- sbom
- software bill of material
- flat list
- extract
- retrieve
- dependencies flat list
- extract dependencies
- list dependencies
43 changes: 12 additions & 31 deletions package-lock.json

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

6 changes: 5 additions & 1 deletion package.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "npm-dependencies-extractor",
"version": "0.0.5",
"version": "0.0.6",
"description": "Retrieves the (flat) list of package dependencies for Javascript projects using npm",
"main": "index.js",
"repository": "philips-software/npm-dependencies-extractor",
Expand All @@ -18,7 +18,11 @@
"keywords": [
"dependencies",
"npm",
"sbom",
"software bill of material",
"flat list",
"extract",
"retrieve",
"dependencies flat list",
"extract dependencies",
"list dependencies"
Expand Down
32 changes: 19 additions & 13 deletions src/dependencies-extractor.js
Original file line number Diff line number Diff line change
Expand Up @@ -3,22 +3,27 @@ const {
formatDependencyAsJsonObject,
} = require('./formatter');

const isDependencyOptional = ({ jsonDependencyDetails }) => Object.keys(jsonDependencyDetails).includes('optional')
&& (jsonDependencyDetails.optional === true);

// Gets the dependencies from the 'dependencies' attribute
const getRecursivelyDependenciesReducer = (accumulator, currentPackageKeyPairTwoSizedArray) => {
// Push the current package info (name and version only)
accumulator.push(
formatDependencyAsJsonObject(
currentPackageKeyPairTwoSizedArray[0],
currentPackageKeyPairTwoSizedArray[1].version,
),
);

if (Object.keys(currentPackageKeyPairTwoSizedArray[1]).includes('dependencies')) {
// go recursively and concatenate the found dependencies
accumulator = accumulator.concat( // eslint-disable-line no-param-reassign
Object.entries(currentPackageKeyPairTwoSizedArray[1].dependencies)
.reduce(getRecursivelyDependenciesReducer, []),
if (!isDependencyOptional({ jsonDependencyDetails: currentPackageKeyPairTwoSizedArray[1] })) {
// Push the current package info (name and version only)
accumulator.push(
formatDependencyAsJsonObject(
currentPackageKeyPairTwoSizedArray[0],
currentPackageKeyPairTwoSizedArray[1].version,
),
);

if (Object.keys(currentPackageKeyPairTwoSizedArray[1]).includes('dependencies')) {
// go recursively and concatenate the found dependencies
accumulator = accumulator.concat( // eslint-disable-line no-param-reassign
Object.entries(currentPackageKeyPairTwoSizedArray[1].dependencies)
.reduce(getRecursivelyDependenciesReducer, []),
);
}
}
return accumulator;
};
Expand All @@ -34,4 +39,5 @@ const getFlatListOfDependencies = inputJsonDependencies => utilities

module.exports = {
getFlatListOfDependencies,
isDependencyOptional,
};
Loading

0 comments on commit 89015ee

Please sign in to comment.