Documentation
¶
Overview ¶
Package fromnpm implements an annotator for packages that were installed from the NPM repositories. This is used to determine if NPM package is a locally-published package or not to identify package name collisions on the NPM registry.
Index ¶
Constants ¶
const (
// Name of the Annotator.
Name = "misc/from-npm"
)
Variables ¶
This section is empty.
Functions ¶
func MapNPMProjectRootsToPackages ¶
MapNPMProjectRootsToPackages maps the root-level directories to packages where they were installed from. Note that only NPM packages from root/node_modules/../package.json are considered. For example, if package @foo/bar was installed from root/node_modules/foo/bar/package.json, then the map will contain root as the key and package @foo/bar as the value.
func ResolvedFromLockfile ¶
ResolvedFromLockfile looks for lockfiles in the given root directory and returns a map of package names in the lockfile and whether they were resolved from the NPM registry. If no lockfile is found, it returns an error. The first non-empty lockfile it finds per the priority list gets parsed and returned. For example, when given /tmp as root, it will look through the following lockfiles in this order: 1. /tmp/npm-shrinkwrap.json 2. /tmp/package-lock.json 3. /tmp/node_modules/.package-lock.json
Types ¶
type Annotator ¶
type Annotator struct{}
Annotator adds annotations to NPM packages that are installed from the NPM repositories. This is used to determine if NPM package is a locally-published package or not to identify package name collisions on the NPM registry.
func (*Annotator) Annotate ¶
func (a *Annotator) Annotate(ctx context.Context, input *annotator.ScanInput, results *inventory.Inventory) error
Annotate adds annotations to NPM packages from /node_modules/../package.json that are installed from the NPM repositories.
func (Annotator) Requirements ¶
func (Annotator) Requirements() *plugin.Capabilities
Requirements of the annotator.
Source Files