Documentation
¶
Overview ¶
Package parsers provides parsers for various dependency management files.
This file contains constants for dependency types and metadata sources used across all parsers to ensure consistency and prevent typos.
Package parsers provides dependency parsing utilities for npm ecosystem lock files.
The DependencyFilter implements an optimized filtering mechanism using a single map with structured scope data, reducing memory allocations by 75% compared to the previous multi-map approach. This optimization significantly improves performance for large projects with thousands of dependencies.
Index ¶
- Constants
- Variables
- func DetectYarnVersion(content []byte) string
- func GetLockfileVersion(content []byte) int
- func GetPnpmLockfileVersion(content []byte) string
- func GetWorkspacePackages(content []byte) []string
- func IsWorkspaceProject(content []byte) bool
- func ParseCargoLock(lockContent []byte, cargoTomlContent string) []types.Dependency
- func ParsePackageJSONEnhanced(content []byte) []types.Dependency
- func ParsePackageLock(content []byte, packageJSON *PackageJSON) []types.Dependency
- func ParsePackageLockWithOptions(content []byte, packageJSON *PackageJSON, packageJSONContent []byte, ...) []types.Dependency
- func ParsePnpmLock(content []byte) []types.Dependency
- func ParsePnpmLockWithOptions(content []byte, options NPMLockFileOptions) []types.Dependency
- func ParsePoetryLock(lockContent []byte, pyprojectContent string) []types.Dependency
- func ParseUvLock(content []byte, projectName string) []types.Dependency
- func ParseYarnLock(lockContent []byte, packageJSON *PackageJSON) []types.Dependency
- func ParseYarnLockWithOptions(lockContent []byte, packageJSON *PackageJSON, options NPMLockFileOptions) []types.Dependency
- type CargoToml
- type CocoaPodsParser
- type ComposerJSON
- type ConanParser
- func (p *ConanParser) ExtractDependencies(content string) []types.Dependency
- func (p *ConanParser) ExtractDependenciesFromFiles(conanContent string, packagesFiles []types.File, currentPath string, ...) []types.Dependency
- func (p *ConanParser) ParseConanDependency(depString string, scope string) types.Dependency
- type DelphiParser
- type DelphiProject
- type DenoLock
- type DenoParser
- type Dependency
- type DependencyFilter
- func (f *DependencyFilter) AddDirectDependenciesFromMaps(prod, dev, peer, optional map[string]bool)
- func (f *DependencyFilter) AddDirectDependency(name, scope string)
- func (f *DependencyFilter) CreateAndAppendDependency(depType, name, version, sourceFile string, dependencies *[]types.Dependency)
- func (f *DependencyFilter) CreateDependency(depType, name, version, sourceFile string) *types.Dependency
- func (f *DependencyFilter) GetScope(name string) string
- func (f *DependencyFilter) ShouldInclude(name string) bool
- type DependencyScope
- type DirectoryPackagesProps
- type DockerComposeParser
- type DockerService
- type DockerfileInfo
- type DockerfileParser
- type DotNetPackage
- type DotNetParser
- func (p *DotNetParser) GetFrameworkType(framework string) string
- func (p *DotNetParser) IsLegacyFramework(framework string) bool
- func (p *DotNetParser) IsModernFramework(framework string) bool
- func (p *DotNetParser) ParseCsproj(content, filePath string) DotNetProject
- func (p *DotNetParser) ParseDirectoryPackagesProps(content string) map[string]string
- func (p *DotNetParser) ParsePackagesConfig(content string) []types.Dependency
- type DotNetProject
- type DotenvDetector
- type GemfileLockParser
- func (p *GemfileLockParser) ParseGemfileLock(content string) []types.Dependency
- func (p *GemfileLockParser) ParseGemfileLockWithMetadata(content string) ([]types.Dependency, map[string]interface{})
- func (p *GemfileLockParser) ParseGemfileLockWithMetadataAndOptions(content string, options ParseGemfileLockOptions) ([]types.Dependency, map[string]interface{})
- func (p *GemfileLockParser) ParseGemfileLockWithOptions(content string, options ParseGemfileLockOptions) []types.Dependency
- type GitHubActionsJob
- type GitHubActionsParser
- type GitHubActionsService
- type GitHubActionsStep
- type GitHubActionsWorkflow
- type GoModInfo
- type GolangParser
- type GradleDependency
- type GradleParser
- type GradleProjectInfo
- type ItemGroup
- type LegacyProject
- type MavenActivation
- type MavenActivationFile
- type MavenActivationOS
- type MavenActivationProperty
- type MavenBuild
- type MavenDependencies
- type MavenDependency
- type MavenDependencyListParser
- type MavenDependencyManagement
- type MavenExclusion
- type MavenParent
- type MavenParser
- type MavenPlugin
- type MavenProfile
- type MavenProject
- type NPMLockFileOptions
- type NodeJSParser
- type PHPParser
- type Package
- type PackageInfo
- type PackageJSON
- type PackageJSONEnhanced
- type PackageLockJSON
- type PackageReference
- type PackageVersion
- type PackagesConfig
- type ParseGemfileLockOptions
- type ParsePackageLockOptions
- type PnpmDependency
- type PnpmImporter
- type PnpmLockfile
- type PnpmPackage
- type PnpmResolution
- type Project
- type ProjectReference
- type PropertyGroup
- type PythonDependency
- type PythonParser
- type RubyParser
- type RustParser
- type TerraformInfo
- type TerraformParser
- type TerraformProvider
- type TerraformResource
- type UvDependencyRef
- type UvLockfile
- type UvPackage
- type UvSource
Constants ¶
const ( // JavaScript/TypeScript ecosystem DependencyTypeNpm = "npm" DependencyTypeDeno = "deno" DependencyTypeNode = "node" // Python ecosystem DependencyTypePython = "python" // Ruby ecosystem DependencyTypeRuby = "ruby" // Go ecosystem DependencyTypeGolang = "golang" // Rust ecosystem DependencyTypeRust = "cargo" // JVM ecosystem DependencyTypeMaven = "maven" DependencyTypeGradle = "gradle" // PHP ecosystem DependencyTypePHP = "php" // .NET ecosystem DependencyTypeDotnet = "dotnet" // C/C++ ecosystem DependencyTypeConan = "conan" // iOS/macOS ecosystem DependencyTypeCocoapods = "cocoapods" // Infrastructure as Code DependencyTypeTerraform = "terraform" // CI/CD DependencyTypeGitHubAction = "githubAction" // Containers DependencyTypeDocker = "docker" // Other DependencyTypeDelphi = "delphi" )
Dependency type constants define the type field for dependencies. These constants ensure consistency across all parsers and prevent typos.
const ( // JavaScript/TypeScript ecosystem MetadataSourcePackageJSON = "package.json" MetadataSourcePackageLock = "package-lock.json" MetadataSourceYarnLock = "yarn.lock" MetadataSourcePnpmLock = "pnpm-lock.yaml" MetadataSourceDenoJSON = "deno.json" MetadataSourceDenoLock = "deno.lock" // Python ecosystem MetadataSourceRequirementsTxt = "requirements.txt" MetadataSourcePipfile = "Pipfile" MetadataSourcePoetryLock = "poetry.lock" // Ruby ecosystem MetadataSourceGemfile = "Gemfile" MetadataSourceGemfileLock = "Gemfile.lock" // Go ecosystem MetadataSourceGoMod = "go.mod" MetadataSourceGoSum = "go.sum" // Rust ecosystem MetadataSourceCargoToml = "Cargo.toml" MetadataSourceCargoLock = "Cargo.lock" // JVM ecosystem MetadataSourcePomXML = "pom.xml" MetadataSourceBuildGradle = "build.gradle" // PHP ecosystem MetadataSourceComposerJSON = "composer.json" MetadataSourceComposerLock = "composer.lock" // .NET ecosystem MetadataSourceCsproj = ".csproj" MetadataSourcePackagesConfig = "packages.config" // C/C++ ecosystem MetadataSourceConanfile = "conanfile.txt" MetadataSourceConanfilePy = "conanfile.py" // Delphi ecosystem MetadataSourceDproj = ".dproj" // iOS/macOS ecosystem MetadataSourcePodfile = "Podfile" MetadataSourcePodfileLock = "Podfile.lock" // Infrastructure as Code MetadataSourceTerraform = ".tf" // CI/CD MetadataSourceGitHubWorkflow = ".github/workflows" // Containers MetadataSourceDockerfile = "Dockerfile" MetadataSourceDockerCompose = "docker-compose.yml" )
Metadata source constants define the source file for dependency metadata. These constants ensure consistency across all parsers and prevent typos.
const (
// DefaultJDKVersion for profile activation (following deps.dev pattern)
DefaultJDKVersion = "11.0.8"
)
Profile activation defaults (aligned with deps.dev) These can be overridden for specific environments
Variables ¶
var ( // DefaultOSActivation settings (following deps.dev pattern) // Based on Linux/Unix/amd64 environment DefaultOSActivation = struct { Name string Family string Arch string Version string }{ Name: "linux", Family: "unix", Arch: "amd64", Version: "5.10.0", } )
Functions ¶
func DetectYarnVersion ¶
DetectYarnVersion detects the yarn.lock version format
func GetLockfileVersion ¶
GetLockfileVersion detects the package-lock.json version format
func GetPnpmLockfileVersion ¶
GetPnpmLockfileVersion detects the pnpm-lock.yaml version format
func GetWorkspacePackages ¶
GetWorkspacePackages extracts workspace package patterns from package.json
func IsWorkspaceProject ¶
IsWorkspaceProject checks if package.json indicates a workspace project Based on deps.dev patterns for npm/yarn workspace detection
func ParseCargoLock ¶
func ParseCargoLock(lockContent []byte, cargoTomlContent string) []types.Dependency
ParseCargoLock parses Cargo.lock content and returns direct dependencies with resolved versions Direct dependencies are identified by cross-referencing with Cargo.toml
func ParsePackageJSONEnhanced ¶
func ParsePackageJSONEnhanced(content []byte) []types.Dependency
ParsePackageJSONEnhanced parses package.json content and returns direct dependencies with semantic version constraints Enhanced with deps.dev patterns for semantic version preservation and workspace support
func ParsePackageLock ¶
func ParsePackageLock(content []byte, packageJSON *PackageJSON) []types.Dependency
ParsePackageLock parses package-lock.json content and returns comprehensive dependencies Enhanced with deps.dev patterns for transitive dependency analysis and scope detection
func ParsePackageLockWithOptions ¶
func ParsePackageLockWithOptions(content []byte, packageJSON *PackageJSON, packageJSONContent []byte, options ParsePackageLockOptions) []types.Dependency
ParsePackageLockWithOptions parses package-lock.json content with configurable options Enhanced with deps.dev patterns for transitive dependency analysis and scope detection packageJSONContent is the raw package.json bytes (optional, for peer/optional dependency detection)
func ParsePnpmLock ¶
func ParsePnpmLock(content []byte) []types.Dependency
ParsePnpmLock parses pnpm-lock.yaml content and returns direct dependencies only Enhanced with deps.dev patterns for workspace support and semantic version handling
func ParsePnpmLockWithOptions ¶
func ParsePnpmLockWithOptions(content []byte, options NPMLockFileOptions) []types.Dependency
ParsePnpmLockWithOptions parses pnpm-lock.yaml content with configurable options
func ParsePoetryLock ¶
func ParsePoetryLock(lockContent []byte, pyprojectContent string) []types.Dependency
ParsePoetryLock parses poetry.lock content and returns direct dependencies with resolved versions Direct dependencies are identified by cross-referencing with pyproject.toml
func ParseUvLock ¶
func ParseUvLock(content []byte, projectName string) []types.Dependency
ParseUvLock parses uv.lock content and returns direct dependencies with resolved versions Direct dependencies are identified by finding the project's own package entry (source.editable = ".") and extracting its dependencies list
func ParseYarnLock ¶
func ParseYarnLock(lockContent []byte, packageJSON *PackageJSON) []types.Dependency
ParseYarnLock parses yarn.lock content and returns direct dependencies only Enhanced with deps.dev patterns for semantic version preservation and workspace support
func ParseYarnLockWithOptions ¶
func ParseYarnLockWithOptions(lockContent []byte, packageJSON *PackageJSON, options NPMLockFileOptions) []types.Dependency
ParseYarnLockWithOptions parses yarn.lock content with configurable options
Types ¶
type CargoToml ¶
type CargoToml struct {
Package struct {
Name string `toml:"name"`
License string `toml:"license"`
} `toml:"package"`
Dependencies map[string]interface{} `toml:"dependencies"`
DevDependencies map[string]interface{} `toml:"dev-dependencies"`
BuildDependencies map[string]interface{} `toml:"build-dependencies"`
WorkspaceDeps map[string]interface{} `toml:"workspace.dependencies"`
}
CargoToml represents the structure of Cargo.toml ( the parts we need)
type CocoaPodsParser ¶
type CocoaPodsParser struct{}
CocoaPodsParser handles CocoaPods-specific file parsing (Podfile, Podfile.lock)
func NewCocoaPodsParser ¶
func NewCocoaPodsParser() *CocoaPodsParser
NewCocoaPodsParser creates a new CocoaPods parser
func (*CocoaPodsParser) ExtractDependencies ¶
func (p *CocoaPodsParser) ExtractDependencies(content, filename string) []types.Dependency
ExtractDependencies extracts dependencies from either Podfile or Podfile.lock content
func (*CocoaPodsParser) ParsePodfile ¶
func (p *CocoaPodsParser) ParsePodfile(content string) []types.Dependency
ParsePodfile parses Podfile and extracts pod dependencies with versions Matches patterns like: pod 'PodName', 'version' or pod "PodName", "version"
func (*CocoaPodsParser) ParsePodfileLock ¶
func (p *CocoaPodsParser) ParsePodfileLock(content string) []types.Dependency
ParsePodfileLock parses Podfile.lock and extracts pod dependencies with versions Matches patterns in the PODS section like: - PodName (version)
type ComposerJSON ¶
type ComposerJSON struct {
Name string `json:"name"`
License string `json:"license"`
Require map[string]string `json:"require"`
RequireDev map[string]string `json:"require-dev"`
}
ComposerJSON represents the structure of composer.json
type ConanParser ¶
type ConanParser struct {
// contains filtered or unexported fields
}
ConanParser handles Conan dependency parsing from conanfile.py and packages*.txt files
func (*ConanParser) ExtractDependencies ¶
func (p *ConanParser) ExtractDependencies(content string) []types.Dependency
ExtractDependencies extracts Conan dependencies from conanfile.py content
func (*ConanParser) ExtractDependenciesFromFiles ¶
func (p *ConanParser) ExtractDependenciesFromFiles(conanContent string, packagesFiles []types.File, currentPath string, provider types.Provider) []types.Dependency
ExtractDependenciesFromFiles extracts Conan dependencies from conanfile.py and packages*.txt files
func (*ConanParser) ParseConanDependency ¶
func (p *ConanParser) ParseConanDependency(depString string, scope string) types.Dependency
ParseConanDependency parses a Conan dependency string in format "name/version" or "name/version/user/channel#build"
type DelphiParser ¶
type DelphiParser struct{}
DelphiParser handles Delphi project file parsing (.dproj)
func NewDelphiParser ¶
func NewDelphiParser() *DelphiParser
NewDelphiParser creates a new DelphiParser instance
func (*DelphiParser) CreateDependencies ¶
func (p *DelphiParser) CreateDependencies(project DelphiProject) []types.Dependency
CreateDependencies creates dependency objects from Delphi project packages
func (*DelphiParser) IsFMX ¶
func (p *DelphiParser) IsFMX(framework string) bool
IsFMX checks if the project uses FireMonkey (FMX) framework
func (*DelphiParser) IsVCL ¶
func (p *DelphiParser) IsVCL(framework string) bool
IsVCL checks if the project uses VCL framework
func (*DelphiParser) ParseDproj ¶
func (p *DelphiParser) ParseDproj(content, filename string) DelphiProject
ParseDproj parses a .dproj file and extracts project information
type DelphiProject ¶
type DelphiProject struct {
Name string
Framework string // VCL or FMX
Packages []string // DCC_UsePackage entries
}
DelphiProject represents a parsed Delphi project
type DenoParser ¶
type DenoParser struct{}
DenoParser handles Deno-specific file parsing (deno.lock)
func (*DenoParser) ParseDenoLock ¶
func (p *DenoParser) ParseDenoLock(content string) (string, []types.Dependency)
ParseDenoLock parses deno.lock and extracts version and dependencies
type Dependency ¶
Dependency represents different Cargo dependency formats
type DependencyFilter ¶
type DependencyFilter struct {
// contains filtered or unexported fields
}
DependencyFilter handles filtering of npm dependencies based on direct/transitive settings
func NewDependencyFilter ¶
func NewDependencyFilter(options NPMLockFileOptions) *DependencyFilter
NewDependencyFilter creates a new dependency filter with the given options and direct dependencies
func (*DependencyFilter) AddDirectDependenciesFromMaps ¶
func (f *DependencyFilter) AddDirectDependenciesFromMaps(prod, dev, peer, optional map[string]bool)
AddDirectDependenciesFromMaps adds direct dependencies from scope maps
func (*DependencyFilter) AddDirectDependency ¶
func (f *DependencyFilter) AddDirectDependency(name, scope string)
AddDirectDependency adds a direct dependency to the filter
func (*DependencyFilter) CreateAndAppendDependency ¶
func (f *DependencyFilter) CreateAndAppendDependency(depType, name, version, sourceFile string, dependencies *[]types.Dependency)
CreateAndAppendDependency creates a dependency and appends it to the slice if it should be included
func (*DependencyFilter) CreateDependency ¶
func (f *DependencyFilter) CreateDependency(depType, name, version, sourceFile string) *types.Dependency
CreateDependency creates a types.Dependency if the name should be included
func (*DependencyFilter) GetScope ¶
func (f *DependencyFilter) GetScope(name string) string
GetScope returns the scope for a dependency, or empty string for transitive dependencies
func (*DependencyFilter) ShouldInclude ¶
func (f *DependencyFilter) ShouldInclude(name string) bool
ShouldInclude returns true if the dependency should be included based on filter settings
type DependencyScope ¶
type DependencyScope struct {
// contains filtered or unexported fields
}
DependencyScope represents the scope of a dependency with bit flags for efficient storage
type DirectoryPackagesProps ¶
type DirectoryPackagesProps struct {
XMLName xml.Name `xml:"Project"`
ItemGroups []ItemGroup `xml:"ItemGroup"`
}
DirectoryPackagesProps represents Directory.Packages.props file structure (central package management)
type DockerComposeParser ¶
type DockerComposeParser struct{}
DockerComposeParser handles docker-compose.yml/yaml parsing
func NewDockerComposeParser ¶
func NewDockerComposeParser() *DockerComposeParser
NewDockerComposeParser creates a new Docker Compose parser
func (*DockerComposeParser) CreateDependency ¶
func (p *DockerComposeParser) CreateDependency(service DockerService) types.Dependency
CreateDependency creates a dependency object from a Docker Compose service
func (*DockerComposeParser) ParseDockerCompose ¶
func (p *DockerComposeParser) ParseDockerCompose(content string) []DockerService
ParseDockerCompose parses docker-compose.yml/yaml and extracts services
type DockerService ¶
DockerService represents a service in docker-compose
type DockerfileInfo ¶
type DockerfileInfo struct {
File string `json:"file,omitempty"`
BaseImages []string `json:"base_images,omitempty"`
ExposedPorts []int `json:"exposed_ports,omitempty"`
MultiStage bool `json:"multi_stage,omitempty"`
Stages []string `json:"stages,omitempty"`
}
DockerfileInfo represents parsed information from a Dockerfile
type DockerfileParser ¶
type DockerfileParser struct{}
DockerfileParser handles Dockerfile parsing
func NewDockerfileParser ¶
func NewDockerfileParser() *DockerfileParser
NewDockerfileParser creates a new Dockerfile parser
func (*DockerfileParser) CreateDependencies ¶
func (p *DockerfileParser) CreateDependencies(info *DockerfileInfo) []types.Dependency
CreateDependencies creates dependency objects from Dockerfile base images
func (*DockerfileParser) ParseDockerfile ¶
func (p *DockerfileParser) ParseDockerfile(content string) *DockerfileInfo
ParseDockerfile parses a Dockerfile and extracts base images, exposed ports, and multi-stage info
type DotNetPackage ¶
type DotNetPackage struct {
Name string
Version string
Scope string // prod, dev, build
Metadata map[string]interface{} // Additional package metadata
}
DotNetPackage represents a NuGet package reference
type DotNetParser ¶
type DotNetParser struct{}
DotNetParser handles .NET project file parsing (.csproj)
func NewDotNetParser ¶
func NewDotNetParser() *DotNetParser
NewDotNetParser creates a new DotNetParser instance
func (*DotNetParser) GetFrameworkType ¶
func (p *DotNetParser) GetFrameworkType(framework string) string
GetFrameworkType determines if the framework is modern .NET or legacy .NET Framework
func (*DotNetParser) IsLegacyFramework ¶
func (p *DotNetParser) IsLegacyFramework(framework string) bool
IsLegacyFramework checks if the target framework is legacy .NET Framework
func (*DotNetParser) IsModernFramework ¶
func (p *DotNetParser) IsModernFramework(framework string) bool
IsModernFramework checks if the target framework is modern .NET (5+)
func (*DotNetParser) ParseCsproj ¶
func (p *DotNetParser) ParseCsproj(content, filePath string) DotNetProject
ParseCsproj parses a .csproj file and extracts project information
func (*DotNetParser) ParseDirectoryPackagesProps ¶
func (p *DotNetParser) ParseDirectoryPackagesProps(content string) map[string]string
ParseDirectoryPackagesProps parses Directory.Packages.props file and returns package versions
func (*DotNetParser) ParsePackagesConfig ¶
func (p *DotNetParser) ParsePackagesConfig(content string) []types.Dependency
ParsePackagesConfig parses packages.config file and returns dependencies
type DotNetProject ¶
type DotNetProject struct {
Name string
PackageId string // NuGet package ID (defaults to Name/AssemblyName if not specified)
Framework string
Packages []DotNetPackage
ProjectReferences []string // Paths to referenced projects
}
DotNetProject represents a parsed .NET project
type DotenvDetector ¶
type DotenvDetector struct {
// contains filtered or unexported fields
}
DotenvDetector handles .env.example file detection
func NewDotenvDetector ¶
func NewDotenvDetector(provider types.Provider, rules []types.Rule) *DotenvDetector
NewDotenvDetector creates a new dotenv detector
func (*DotenvDetector) DetectInDotEnv ¶
func (d *DotenvDetector) DetectInDotEnv(files []types.File, currentPath string, basePath string) *types.Payload
DetectInDotEnv detects technologies from .env.example files Returns a virtual payload that gets merged into the parent
type GemfileLockParser ¶
type GemfileLockParser struct{}
GemfileLockParser handles Gemfile.lock parsing
func NewGemfileLockParser ¶
func NewGemfileLockParser() *GemfileLockParser
NewGemfileLockParser creates a new Gemfile.lock parser
func (*GemfileLockParser) ParseGemfileLock ¶
func (p *GemfileLockParser) ParseGemfileLock(content string) []types.Dependency
ParseGemfileLock parses Gemfile.lock and extracts exact gem versions By default, only returns direct dependencies. Use ParseGemfileLockWithOptions to include transitive dependencies.
func (*GemfileLockParser) ParseGemfileLockWithMetadata ¶
func (p *GemfileLockParser) ParseGemfileLockWithMetadata(content string) ([]types.Dependency, map[string]interface{})
ParseGemfileLockWithMetadata parses Gemfile.lock and extracts additional metadata By default, only returns direct dependencies. Use ParseGemfileLockWithMetadataAndOptions to include transitive dependencies.
func (*GemfileLockParser) ParseGemfileLockWithMetadataAndOptions ¶
func (p *GemfileLockParser) ParseGemfileLockWithMetadataAndOptions(content string, options ParseGemfileLockOptions) ([]types.Dependency, map[string]interface{})
ParseGemfileLockWithMetadataAndOptions parses Gemfile.lock with configurable options and extracts additional metadata
func (*GemfileLockParser) ParseGemfileLockWithOptions ¶
func (p *GemfileLockParser) ParseGemfileLockWithOptions(content string, options ParseGemfileLockOptions) []types.Dependency
ParseGemfileLockWithOptions parses Gemfile.lock with configurable options
type GitHubActionsJob ¶
type GitHubActionsJob struct {
RunsOn string `yaml:"runs-on"`
TimeoutMinutes int `yaml:"timeout-minutes"`
Container interface{} `yaml:"container"` // Can be string or object
Services map[string]GitHubActionsService `yaml:"services"`
Steps []GitHubActionsStep `yaml:"steps"`
}
type GitHubActionsParser ¶
type GitHubActionsParser struct{}
GitHubActionsParser handles GitHub Actions workflow file parsing
func NewGitHubActionsParser ¶
func NewGitHubActionsParser() *GitHubActionsParser
NewGitHubActionsParser creates a new GitHub Actions parser
func (*GitHubActionsParser) CreateDependencies ¶
func (p *GitHubActionsParser) CreateDependencies(workflow *GitHubActionsWorkflow) ([]types.Dependency, []string)
CreateDependencies creates dependency objects from a GitHub Actions workflow
func (*GitHubActionsParser) ParseWorkflow ¶
func (p *GitHubActionsParser) ParseWorkflow(content string) (*GitHubActionsWorkflow, error)
ParseWorkflow parses a GitHub Actions workflow YAML file
type GitHubActionsService ¶
type GitHubActionsService struct {
Image string `yaml:"image"`
}
type GitHubActionsStep ¶
type GitHubActionsWorkflow ¶
type GitHubActionsWorkflow struct {
Name string `yaml:"name"`
On interface{} `yaml:"on"`
Jobs map[string]GitHubActionsJob `yaml:"jobs"`
}
GitHubActionsWorkflow represents a GitHub Actions workflow file structure
type GolangParser ¶
type GolangParser struct{}
GolangParser handles Go-specific file parsing (go.mod)
func (*GolangParser) ParseGoModWithInfo ¶
func (p *GolangParser) ParseGoModWithInfo(content string) ([]types.Dependency, *GoModInfo)
ParseGoModWithInfo parses go.mod and returns both dependencies and module info
type GradleDependency ¶
GradleDependency represents a parsed Gradle dependency
type GradleParser ¶
type GradleParser struct{}
GradleParser handles Gradle-specific file parsing (build.gradle, build.gradle.kts)
func NewGradleParser ¶
func NewGradleParser() *GradleParser
NewGradleParser creates a new Gradle parser
func (*GradleParser) ParseGradle ¶
func (p *GradleParser) ParseGradle(content string) []types.Dependency
ParseGradle parses build.gradle or build.gradle.kts and extracts Gradle dependencies
func (*GradleParser) ParseProjectInfo ¶
func (p *GradleParser) ParseProjectInfo(content string) GradleProjectInfo
ParseProjectInfo extracts group, name, and version from Gradle build file
type GradleProjectInfo ¶
GradleProjectInfo holds extracted Gradle project information
type ItemGroup ¶
type ItemGroup struct {
PackageReferences []PackageReference `xml:"PackageReference"`
ProjectReferences []ProjectReference `xml:"ProjectReference"`
}
type LegacyProject ¶
type LegacyProject struct {
XMLName xml.Name `xml:"Project"`
ToolsVersion string `xml:"ToolsVersion,attr"`
DefaultTargets string `xml:"DefaultTargets,attr"`
PropertyGroups []PropertyGroup `xml:"PropertyGroup"`
ItemGroups []ItemGroup `xml:"ItemGroup"`
}
Legacy .NET Framework project structures
type MavenActivation ¶
type MavenActivation struct {
ActiveByDefault string `xml:"activeByDefault"`
JDK string `xml:"jdk"`
OS MavenActivationOS `xml:"os"`
Property MavenActivationProperty `xml:"property"`
File MavenActivationFile `xml:"file"`
}
MavenActivation represents profile activation conditions
type MavenActivationFile ¶
MavenActivationFile represents file-based activation
type MavenActivationOS ¶
type MavenActivationOS struct {
Name string `xml:"name"`
Family string `xml:"family"`
Arch string `xml:"arch"`
Version string `xml:"version"`
}
MavenActivationOS represents OS-based activation
type MavenActivationProperty ¶
MavenActivationProperty represents property-based activation
type MavenBuild ¶
type MavenBuild struct {
Plugins []MavenPlugin `xml:"plugins>plugin"`
}
MavenBuild represents the build section
type MavenDependencies ¶
type MavenDependencies struct {
Dependencies []MavenDependency `xml:"dependency"`
}
MavenDependencies holds the list of dependencies
type MavenDependency ¶
type MavenDependency struct {
GroupId string `xml:"groupId"`
ArtifactId string `xml:"artifactId"`
Version string `xml:"version"`
Scope string `xml:"scope,omitempty"`
Type string `xml:"type,omitempty"` // pom, jar, war, ear, etc.
Classifier string `xml:"classifier,omitempty"` // sources, javadoc, etc.
Optional bool `xml:"optional,omitempty"`
Exclusions []MavenExclusion `xml:"exclusions>exclusion"`
}
MavenDependency represents a single Maven dependency
type MavenDependencyListParser ¶
type MavenDependencyListParser struct{}
MavenDependencyListParser handles parsing of Maven dependency list output
To generate the dependency list file, run:
mvn dependency:list -DoutputFile=dependency-list.txt
This command:
- Resolves all dependencies (direct and transitive) with their exact versions
- Resolves Maven special versions (LATEST, RELEASE) to actual version numbers
- Resolves property references (${spring.boot.version}) to concrete values
- Outputs all resolved dependencies to dependency-list.txt
The output format is:
groupId:artifactId:type:version:scope [optional module info]
Example:
org.springframework.boot:spring-boot-starter-web:jar:4.0.1:compile -- module spring.boot.starter.web [auto]
The parser extracts resolved versions for dependencies declared in pom.xml. By default, only direct dependencies are used (includeTransitive=false). Set includeTransitive=true to include all transitive dependencies.
func NewMavenDependencyListParser ¶
func NewMavenDependencyListParser() *MavenDependencyListParser
NewMavenDependencyListParser creates a new Maven dependency list parser
func (*MavenDependencyListParser) ParseDependencyList ¶
func (p *MavenDependencyListParser) ParseDependencyList(content string, includeTransitive bool) []types.Dependency
ParseDependencyList parses Maven dependency:list output Format: groupId:artifactId:type:version:scope [optional module info] Example: org.springframework.boot:spring-boot-starter-web:jar:4.0.1:compile -- module spring.boot.starter.web [auto] If includeTransitive is false, returns all dependencies (filtering should be done by caller) If includeTransitive is true, returns all dependencies
type MavenDependencyManagement ¶
type MavenDependencyManagement struct {
Dependencies []MavenDependency `xml:"dependencies>dependency"`
}
MavenDependencyManagement holds the dependency management section
type MavenExclusion ¶
MavenExclusion represents a dependency exclusion
type MavenParent ¶
type MavenParent struct {
GroupId string `xml:"groupId"`
ArtifactId string `xml:"artifactId"`
Version string `xml:"version"`
RelativePath string `xml:"relativePath"`
}
MavenParent represents the parent POM reference
type MavenParser ¶
type MavenParser struct{}
MavenParser handles Maven-specific file parsing (pom.xml)
func (*MavenParser) ExtractProjectInfo ¶
func (p *MavenParser) ExtractProjectInfo(content string) MavenProject
ExtractProjectInfo extracts groupId and artifactId from pom.xml
func (*MavenParser) ParsePomXML ¶
func (p *MavenParser) ParsePomXML(content string) []types.Dependency
ParsePomXML parses pom.xml and extracts Maven dependencies with property resolution This is the simple version without parent POM resolution
func (*MavenParser) ParsePomXMLWithProvider ¶
func (p *MavenParser) ParsePomXMLWithProvider(content string, pomDir string, provider types.Provider) []types.Dependency
ParsePomXMLWithProvider parses pom.xml with parent POM resolution support If provider and pomDir are given, it will look up parent POMs to inherit properties
type MavenPlugin ¶
type MavenPlugin struct {
GroupId string `xml:"groupId"`
ArtifactId string `xml:"artifactId"`
Version string `xml:"version"`
Dependencies []MavenDependency `xml:"dependencies>dependency"`
}
MavenPlugin represents a Maven plugin
type MavenProfile ¶
type MavenProfile struct {
ID string `xml:"id"`
Activation MavenActivation `xml:"activation"`
Dependencies MavenDependencies `xml:"dependencies"`
DependencyManagement MavenDependencyManagement `xml:"dependencyManagement"`
}
MavenProfile represents a Maven build profile (aligned with deps.dev)
type MavenProject ¶
type MavenProject struct {
XMLName xml.Name `xml:"project"`
GroupId string `xml:"groupId"`
ArtifactId string `xml:"artifactId"`
Version string `xml:"version"`
Packaging string `xml:"packaging"`
Parent MavenParent `xml:"parent"`
Dependencies MavenDependencies `xml:"dependencies"`
DependencyManagement MavenDependencyManagement `xml:"dependencyManagement"`
Profiles []MavenProfile `xml:"profiles>profile"`
Modules []string `xml:"modules>module"`
Build MavenBuild `xml:"build"`
}
MavenProject represents a parsed pom.xml structure
type NPMLockFileOptions ¶
type NPMLockFileOptions struct {
IncludeTransitive bool // Include transitive dependencies (default: false for direct dependencies only)
}
NPMLockFileOptions contains common options for npm ecosystem lock file parsers
type NodeJSParser ¶
type NodeJSParser struct{}
NodeJSParser handles Node.js-specific file parsing (package.json)
func NewNodeJSParser ¶
func NewNodeJSParser() *NodeJSParser
NewNodeJSParser creates a new Node.js parser
func (*NodeJSParser) CreateDependencies ¶
func (p *NodeJSParser) CreateDependencies(pkg *PackageJSON, depNames []string) []types.Dependency
CreateDependencies creates a list of Dependency objects from package.json
func (*NodeJSParser) ExtractDependencies ¶
func (p *NodeJSParser) ExtractDependencies(pkg *PackageJSON) []string
ExtractDependencies extracts all dependency names from package.json (dependencies + devDependencies)
func (*NodeJSParser) ParsePackageJSON ¶
func (p *NodeJSParser) ParsePackageJSON(content []byte) (*PackageJSON, error)
ParsePackageJSON parses package.json content and returns the parsed structure
type PHPParser ¶
type PHPParser struct{}
PHPParser handles PHP-specific file parsing (composer.json)
func (*PHPParser) ParseComposerJSON ¶
ParseComposerJSON parses composer.json and extracts project info and dependencies
type PackageInfo ¶
type PackageInfo struct {
Version string `json:"version"`
Resolved string `json:"resolved,omitempty"`
Link bool `json:"link,omitempty"`
Dev bool `json:"dev,omitempty"`
Optional bool `json:"optional,omitempty"`
Bundled bool `json:"bundled,omitempty"`
Dependencies map[string]PackageInfo `json:"dependencies,omitempty"`
}
PackageInfo represents a package in package-lock.json Enhanced with deps.dev patterns for better dependency classification
type PackageJSON ¶
type PackageJSON struct {
Name string `json:"name"`
Dependencies map[string]string `json:"dependencies"`
DevDependencies map[string]string `json:"devDependencies"`
}
PackageJSON represents the structure of package.json
type PackageJSONEnhanced ¶
type PackageJSONEnhanced struct {
Name string `json:"name"`
Version string `json:"version"`
Dependencies map[string]string `json:"dependencies"`
DevDependencies map[string]string `json:"devDependencies"`
PeerDependencies map[string]string `json:"peerDependencies"`
OptionalDependencies map[string]string `json:"optionalDependencies"`
Workspaces []string `json:"workspaces"`
Workspace string `json:"workspace"`
}
PackageJSON represents the structure of package.json Enhanced version with additional fields for comprehensive dependency analysis
type PackageLockJSON ¶
type PackageLockJSON struct {
Name string `json:"name"`
Version string `json:"version"`
LockfileVersion int `json:"lockfileVersion"`
Packages map[string]PackageInfo `json:"packages"`
Dependencies map[string]PackageInfo `json:"dependencies,omitempty"` // v2 format
}
PackageLockJSON represents the structure of package-lock.json Enhanced with deps.dev patterns for comprehensive dependency analysis
type PackageReference ¶
type PackageReference struct {
Include string `xml:"Include,attr"`
Version string `xml:"Version,attr"`
Condition string `xml:"Condition,attr"` // For conditional references (e.g., Debug/Release)
PrivateAssets string `xml:"PrivateAssets,attr"` // For build-time only dependencies
IncludeAssets string `xml:"IncludeAssets,attr"` // Asset inclusion control
ExcludeAssets string `xml:"ExcludeAssets,attr"` // Asset exclusion control
}
type PackageVersion ¶
type PackagesConfig ¶
PackagesConfig represents packages.config file structure (legacy .NET Framework)
type ParseGemfileLockOptions ¶
type ParseGemfileLockOptions struct {
IncludeTransitive bool // Include transitive dependencies (default: false for backward compatibility)
}
ParseGemfileLockOptions contains configuration options for ParseGemfileLock
type ParsePackageLockOptions ¶
type ParsePackageLockOptions struct {
IncludeTransitive bool // Include transitive dependencies (default: false for backward compatibility)
}
ParsePackageLockOptions contains configuration options for ParsePackageLock
type PnpmDependency ¶
PnpmDependency represents a dependency in pnpm-lock.yaml Enhanced with deps.dev patterns for semantic version preservation
type PnpmImporter ¶
type PnpmImporter struct {
Dependencies map[string]PnpmDependency `yaml:"dependencies"`
DevDependencies map[string]PnpmDependency `yaml:"devDependencies"`
OptionalDependencies map[string]PnpmDependency `yaml:"optionalDependencies"`
}
PnpmImporter represents an importer in pnpm-lock.yaml Enhanced with deps.dev patterns for better dependency classification
type PnpmLockfile ¶
type PnpmLockfile struct {
LockfileVersion string `yaml:"lockfileVersion"`
Importers map[string]PnpmImporter `yaml:"importers"`
Packages map[string]PnpmPackage `yaml:"packages,omitempty"` // v9+ format
}
PnpmLockfile represents the structure of pnpm-lock.yaml Enhanced with deps.dev patterns for comprehensive dependency analysis
type PnpmPackage ¶
type PnpmPackage struct {
Resolution PnpmResolution `yaml:"resolution"`
Name string `yaml:"name,omitempty"`
Version string `yaml:"version"`
Dev bool `yaml:"dev,omitempty"`
Optional bool `yaml:"optional,omitempty"`
}
PnpmPackage represents a package in pnpm-lock.yaml (v9+ format) Enhanced with deps.dev patterns for workspace and resolution support
type PnpmResolution ¶
type PnpmResolution struct {
Directory string `yaml:"directory,omitempty"`
Tarball string `yaml:"tarball,omitempty"`
Git string `yaml:"git,omitempty"`
}
PnpmResolution represents package resolution information
type Project ¶
type Project struct {
XMLName xml.Name `xml:"Project"`
Sdk string `xml:"Sdk,attr"`
PropertyGroups []PropertyGroup `xml:"PropertyGroup"`
ItemGroups []ItemGroup `xml:"ItemGroup"`
}
XML structures for parsing .csproj files
type ProjectReference ¶
type ProjectReference struct {
Include string `xml:"Include,attr"`
}
type PropertyGroup ¶
type PythonDependency ¶
type PythonDependency struct {
Name string // Package name
Extras string // [extra1,extra2]
Constraint string // >=1.0,<2.0
Environment string // ; python_version >= "3.8"
}
PythonDependency represents a PEP 508 compliant dependency (deps.dev pattern)
type PythonParser ¶
type PythonParser struct{}
PythonParser handles Python-specific file parsing with deps.dev patterns
func NewPythonParser ¶
func NewPythonParser() *PythonParser
NewPythonParser creates a new Python parser
func (*PythonParser) ParseRequirementsTxt ¶
func (p *PythonParser) ParseRequirementsTxt(content string) []types.Dependency
ParseRequirementsTxt parses requirements.txt with full PEP 508 compliance
type RubyParser ¶
type RubyParser struct{}
RubyParser handles Ruby-specific file parsing (Gemfile)
func (*RubyParser) ParseGemfile ¶
func (p *RubyParser) ParseGemfile(content string) []types.Dependency
ParseGemfile parses Gemfile and extracts gem dependencies with versions Handles groups (development, test), git sources, paths, platforms, and other options
type RustParser ¶
type RustParser struct{}
RustParser handles Rust-specific file parsing (Cargo.toml)
func (*RustParser) ParseCargoToml ¶
func (p *RustParser) ParseCargoToml(content string) (string, string, []types.Dependency, bool)
ParseCargoToml parses Cargo.toml and extracts project info and dependencies
type TerraformInfo ¶
type TerraformInfo struct {
File string `json:"file,omitempty"`
Providers []string `json:"providers,omitempty"`
ResourcesByProvider map[string]int `json:"resources_by_provider,omitempty"`
ResourcesByCategory map[string]int `json:"resources_by_category,omitempty"`
TotalResources int `json:"total_resources,omitempty"`
}
TerraformInfo represents aggregated information from a Terraform file
type TerraformParser ¶
type TerraformParser struct{}
TerraformParser handles Terraform-specific file parsing (.tf and .terraform.lock.hcl)
func NewTerraformParser ¶
func NewTerraformParser() *TerraformParser
NewTerraformParser creates a new Terraform parser
func (*TerraformParser) AggregateTerraformResources ¶
func (p *TerraformParser) AggregateTerraformResources(resources []TerraformResource) *TerraformInfo
AggregateTerraformResources aggregates resources into TerraformInfo
func (*TerraformParser) ParseTerraformLock ¶
func (p *TerraformParser) ParseTerraformLock(content string) []TerraformProvider
ParseTerraformLock parses .terraform.lock.hcl and extracts providers
func (*TerraformParser) ParseTerraformResources ¶
func (p *TerraformParser) ParseTerraformResources(content string) []TerraformResource
ParseTerraformResources parses .tf files and extracts full resource information
type TerraformProvider ¶
TerraformProvider represents a provider in terraform.lock.hcl
type TerraformResource ¶
type TerraformResource struct {
Type string // e.g., "aws_instance", "google_storage_bucket"
Name string // e.g., "web_server", "app_bucket"
Provider string // e.g., "aws", "google", "azurerm"
Category string // e.g., "compute", "storage", "database"
}
TerraformResource represents a parsed Terraform resource
type UvDependencyRef ¶
UvDependencyRef represents a dependency reference
type UvLockfile ¶
UvLockfile represents the structure of uv.lock (TOML format)
type UvPackage ¶
type UvPackage struct {
Name string `yaml:"name"`
Version string `yaml:"version"`
Source UvSource `yaml:"source"`
Dependencies []UvDependencyRef `yaml:"dependencies"`
OptionalDependencies map[string][]UvDependencyRef `yaml:"optional-dependencies"`
}
UvPackage represents a package entry in uv.lock
Source Files
¶
- cargo_lock.go
- cocoapods.go
- conan.go
- constants.go
- delphi.go
- deno.go
- docker_compose.go
- dockerfile.go
- dotenv.go
- dotnet.go
- gemfile.go
- gemfile_lock.go
- github_actions.go
- golang.go
- gradle.go
- maven.go
- maven_dependency_list.go
- nodejs.go
- npm_common.go
- npm_lock.go
- package_json.go
- php.go
- pnpm_lock.go
- poetry_lock.go
- python.go
- rust.go
- terraform.go
- uv_lock.go
- yarn_lock.go