从package-lock.json获取库

Question

我需要获得所有的库和包的版本-lock.json。

给出上下文。我在jenkins中运行了一个安全模块，该模块负责为每个应用程序清点库。这个想法是把所有的父版本都带上你自己的需求。

例如：

​

{
  "name": "node-demo",
  "version": "1.0.0",
  "lockfileVersion": 1,
  "requires": true,
  "dependencies": {
    "accepts": {
      "version": "1.3.4",
      "resolved": "https://registry.npmjs.org/accepts/-/accepts-1.3.4.tgz",
      "integrity": "sha1-hiRnWMfdbSGmR0/whKR0DsBesh8=",
      "requires": {
        "mime-types": "~2.1.16",
        "negotiator": "0.6.1"
      }
    }
}

​

我们需要从这个包中取出并构建一个json，如下所示的库列表：

​

libraries: [
{libName: "accepts" , libVersion: "1.3.4" parent: null}
{libName: "mime-types", libVersion: "~2.1.16", parent: "accepts"}
{libName: "negotiator", libVersion: "0.6.1", parent: "accepts}
]

​

还有一个细节，作为一名jenkins成员，我需要在bash中运行执行此操作的脚本。他们知道是否已经构建了类似的东西

谢谢!

Answer 1

我假设你正在寻找节点解决方案，看到了nodejs标签。幸运的是，node本身就需要json文件。一旦我们从package-lock.json获得数据，我们就可以很容易地提取数据：

const lockJson = require('./package-lock.json'); // edit path if needed

const libraries = [];

// Loop through dependencies keys (as it is an object)
Object.keys(lockJson.dependencies).forEach((dependencyName) => {
  const dependencyData = lockJson.dependencies[dependencyName];

  libraries.push({
    libName: dependencyName,
    libVersion: dependencyData.version,
    parent: null,
  });

  // Loop through requires subdependencies      
  if (dependencyData.requires) {
    Object.keys(dependencyData.requires).forEach((subdependencyName) => {
      const subdependencyVersion = dependencyData.requires[subdependencyName];

      libraries.push({
        libName: subdependencyName,
        libVersion: subdependencyVersion,
        parent: dependencyName,
      });
    });
  }
});

console.log(libraries);

将其另存为convert.js并使用node convert.js运行它。

希望这能有所帮助，干杯！