从 package-lock.json 获取库

Question

我需要获取 package-lock.json 的所有库和版本。

给出上下文。我在 jenkins 中运行一个安全模块，负责为每个应用程序制作库清单。我们的想法是根据您自己的要求提供所有父版本。

例如：

{
  "name": "node-demo",
  "version": "1.0.0",
  "lockfileVersion": 1,
  "requires": true,
  "dependencies": {
    "accepts": {
      "version": "1.3.4",
      "resolved": "https://registry.npmjs.org/accepts/-/accepts-1.3.4.tgz",
      "integrity": "sha1-hiRnWMfdbSGmR0/whKR0DsBesh8=",
      "requires": {
        "mime-types": "~2.1.16",
        "negotiator": "0.6.1"
      }
    }
}

我们需要从这个包中取出并构建一个 json： 像这样的库列表：

libraries: [
{libName: "accepts" , libVersion: "1.3.4" parent: null}
{libName: "mime-types", libVersion: "~2.1.16", parent: "accepts"}
{libName: "negotiator", libVersion: "0.6.1", parent: "accepts}
]

更详细一点，作为一名詹金斯，我需要在 bash 中运行执行此操作的脚本。他们知道是否已经构建了类似的东西

谢谢！

Answer 1

我假设您正在寻找节点解决方案，看到 nodejs 标签。幸运的是节点本身可以​​需要 json 文件。一旦我们从package-lock.json 获取数据，我们就可以轻松提取数据：

const lockJson = require('./package-lock.json'); // edit path if needed

const libraries = [];

// Loop through dependencies keys (as it is an object)
Object.keys(lockJson.dependencies).forEach((dependencyName) => {
  const dependencyData = lockJson.dependencies[dependencyName];

  libraries.push({
    libName: dependencyName,
    libVersion: dependencyData.version,
    parent: null,
  });

  // Loop through requires subdependencies      
  if (dependencyData.requires) {
    Object.keys(dependencyData.requires).forEach((subdependencyName) => {
      const subdependencyVersion = dependencyData.requires[subdependencyName];

      libraries.push({
        libName: subdependencyName,
        libVersion: subdependencyVersion,
        parent: dependencyName,
      });
    });
  }
});

console.log(libraries);

将其保存为convert.js 并使用node convert.js 运行它。

希望对您有所帮助，干杯！