class Dependabot::Composer::MetadataFinder

Private Instance Methods

look_up_source() click to toggle source
# File lib/dependabot/composer/metadata_finder.rb, line 14
def look_up_source
  source_from_dependency || look_up_source_from_packagist
end
look_up_source_from_packagist() click to toggle source
# File lib/dependabot/composer/metadata_finder.rb, line 27
def look_up_source_from_packagist
  return nil if packagist_listing&.fetch("packages", nil) == []
  return nil unless packagist_listing&.dig("packages", dependency.name.downcase)

  version_listings =
    packagist_listing["packages"][dependency.name.downcase].
    select { |version, _| Composer::Version.correct?(version) }.
    sort_by { |version, _| Composer::Version.new(version) }.
    map { |_, listing| listing }.
    reverse

  potential_source_urls =
    version_listings.
    flat_map { |info| [info["homepage"], info.dig("source", "url")] }.
    compact

  source_url = potential_source_urls.find { |url| Source.from_url(url) }

  Source.from_url(source_url)
end
packagist_listing() click to toggle source
# File lib/dependabot/composer/metadata_finder.rb, line 48
def packagist_listing
  return @packagist_listing unless @packagist_listing.nil?

  response = Excon.get(
    "https://packagist.org/p/#{dependency.name.downcase}.json",
    idempotent: true,
    **SharedHelpers.excon_defaults
  )

  return nil unless response.status == 200

  @packagist_listing = JSON.parse(response.body)
end
source_from_dependency() click to toggle source
# File lib/dependabot/composer/metadata_finder.rb, line 18
def source_from_dependency
  source_url =
    dependency.requirements.
    map { |r| r.fetch(:source) }.compact.
    first&.fetch(:url, nil)

  Source.from_url(source_url)
end