我需要获取package-lock.json的所有库和版本。
给出上下文。我在jenkins中运行一个安全模块,负责为每个应用程序编制库存清单。想法是将所有父版本都带有您自己的需求。
例如:
{
"name": "node-demo",
"version": "1.0.0",
"lockfileVersion": 1,
"requires": true,
"dependencies": {
"accepts": {
"version": "1.3.4",
"resolved": "https://registry.npmjs.org/accepts/-/accepts-1.3.4.tgz",
"integrity": "sha1-hiRnWMfdbSGmR0/whKR0DsBesh8=",
"requires": {
"mime-types": "~2.1.16",
"negotiator": "0.6.1"
}
}
}
从这个包中,我们需要取出并构建一个带有以下内容的json: 像这样的库列表:
libraries: [
{libName: "accepts" , libVersion: "1.3.4" parent: null}
{libName: "mime-types", libVersion: "~2.1.16", parent: "accepts"}
{libName: "negotiator", libVersion: "0.6.1", parent: "accepts}
]
一个细节,作为詹金斯,我需要运行在bash中执行此操作的脚本。他们知道是否已经建立了类似的东西
谢谢!
答案 0 :(得分:2)
我假设您正在寻找节点解决方案,看到了nodejs标签。幸运的是,节点本身可以要求使用json文件。从package-lock.json获取数据后,我们可以轻松提取数据:
const lockJson = require('./package-lock.json'); // edit path if needed
const libraries = [];
// Loop through dependencies keys (as it is an object)
Object.keys(lockJson.dependencies).forEach((dependencyName) => {
const dependencyData = lockJson.dependencies[dependencyName];
libraries.push({
libName: dependencyName,
libVersion: dependencyData.version,
parent: null,
});
// Loop through requires subdependencies
if (dependencyData.requires) {
Object.keys(dependencyData.requires).forEach((subdependencyName) => {
const subdependencyVersion = dependencyData.requires[subdependencyName];
libraries.push({
libName: subdependencyName,
libVersion: subdependencyVersion,
parent: dependencyName,
});
});
}
});
console.log(libraries);
将其另存为convert.js并使用node convert.js运行。
希望有帮助,加油!