depup-cli 0.2.0

Check dependency versions across Maven and npm ecosystems
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176

//! npm package manager resolver.
//!
//! Uses `npm list --json` and `npm outdated --json` for package data.
//! Dev dependencies are classified by reading `devDependencies` from `package.json`
//! since `npm list` doesn't distinguish them.

use std::collections::HashMap;
use std::path::Path;
use std::process::Stdio;

use anyhow::{Context, Result};
use serde::Deserialize;
use tokio::process::Command;

use super::{OutdatedEntry, PackageManagerResolver, read_dev_dependency_names};

/// npm resolver implementation.
pub struct Npm;

#[derive(Debug, Deserialize)]
struct ListOutput {
    #[serde(default)]
    dependencies: HashMap<String, ListEntry>,
}

#[derive(Debug, Deserialize)]
struct ListEntry {
    #[serde(default)]
    version: String,
}

#[derive(Debug, Deserialize)]
struct OutdatedOutput {
    #[serde(default)]
    current: String,
    #[serde(default)]
    latest: String,
}

impl PackageManagerResolver for Npm {
    async fn list_packages(&self, dir: &Path) -> Result<Vec<(String, String, bool)>> {
        let output = Command::new("npm")
            .args(["list", "--json", "--depth", "0"])
            .current_dir(dir)
            .stdout(Stdio::piped())
            .stderr(Stdio::piped())
            .output()
            .await
            .with_context(|| format!("Failed to run 'npm list' in {}", dir.display()))?;

        let stdout = String::from_utf8_lossy(&output.stdout);
        if stdout.trim().is_empty() {
            return Ok(Vec::new());
        }

        let list: ListOutput = serde_json::from_str(&stdout)
            .with_context(|| format!("Failed to parse npm list JSON in {}", dir.display()))?;

        let dev_deps = read_dev_dependency_names(dir);

        let packages = list
            .dependencies
            .into_iter()
            .map(|(name, entry)| {
                let is_dev = dev_deps.contains(&name);
                (name, entry.version, is_dev)
            })
            .collect();
        Ok(packages)
    }

    async fn outdated_packages(&self, dir: &Path) -> Result<HashMap<String, OutdatedEntry>> {
        let output = Command::new("npm")
            .args(["outdated", "--json"])
            .current_dir(dir)
            .stdout(Stdio::piped())
            .stderr(Stdio::piped())
            .output()
            .await
            .with_context(|| format!("Failed to run 'npm outdated' in {}", dir.display()))?;

        let stdout = String::from_utf8_lossy(&output.stdout);
        if stdout.trim().is_empty() {
            return Ok(HashMap::new());
        }

        let packages: HashMap<String, OutdatedOutput> = serde_json::from_str(&stdout)
            .with_context(|| format!("Failed to parse npm outdated JSON in {}", dir.display()))?;

        Ok(packages
            .into_iter()
            .map(|(name, entry)| {
                (
                    name,
                    OutdatedEntry {
                        current: entry.current,
                        latest: entry.latest,
                    },
                )
            })
            .collect())
    }

    async fn update_packages(&self, dir: &Path) -> Result<String> {
        let output = Command::new("npm")
            .args(["update"])
            .current_dir(dir)
            .stdout(Stdio::piped())
            .stderr(Stdio::piped())
            .output()
            .await
            .with_context(|| format!("Failed to run 'npm update' in {}", dir.display()))?;

        if !output.status.success() {
            let stderr = String::from_utf8_lossy(&output.stderr);
            anyhow::bail!("npm update failed in {}: {}", dir.display(), stderr.trim());
        }
        Ok(String::from_utf8_lossy(&output.stdout).to_string())
    }
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn parse_list_output() {
        let json =
            r#"{"dependencies":{"react":{"version":"18.2.0"},"express":{"version":"4.18.2"}}}"#;
        let list: ListOutput = serde_json::from_str(json).unwrap();
        assert_eq!(list.dependencies.len(), 2);
        assert_eq!(list.dependencies["react"].version, "18.2.0");
        assert_eq!(list.dependencies["express"].version, "4.18.2");
    }

    #[test]
    fn parse_list_output_empty_deps() {
        let json = r#"{"dependencies":{}}"#;
        let list: ListOutput = serde_json::from_str(json).unwrap();
        assert!(list.dependencies.is_empty());
    }

    #[test]
    fn parse_list_output_missing_deps_field() {
        let json = r#"{}"#;
        let list: ListOutput = serde_json::from_str(json).unwrap();
        assert!(list.dependencies.is_empty());
    }

    #[test]
    fn parse_outdated_output() {
        let json = r#"{"current":"4.18.2","latest":"5.0.0"}"#;
        let entry: OutdatedOutput = serde_json::from_str(json).unwrap();
        assert_eq!(entry.current, "4.18.2");
        assert_eq!(entry.latest, "5.0.0");
    }

    #[test]
    fn parse_outdated_output_as_map() {
        let json = r#"{"express":{"current":"4.18.2","latest":"5.0.0"},"react":{"current":"18.2.0","latest":"19.0.0"}}"#;
        let packages: HashMap<String, OutdatedOutput> = serde_json::from_str(json).unwrap();
        assert_eq!(packages.len(), 2);
        assert_eq!(packages["express"].current, "4.18.2");
        assert_eq!(packages["express"].latest, "5.0.0");
        assert_eq!(packages["react"].current, "18.2.0");
        assert_eq!(packages["react"].latest, "19.0.0");
    }

    #[test]
    fn parse_outdated_output_defaults() {
        let json = r#"{}"#;
        let entry: OutdatedOutput = serde_json::from_str(json).unwrap();
        assert_eq!(entry.current, "");
        assert_eq!(entry.latest, "");
    }
}