Merge pull request #15 from snyk/feat/support-dev-dependencies

feat: add support for different type of dependencies

lib/index.ts

@@ -3,20 +3,29 @@ import * as fs from 'fs';
 import * as path from 'path';
 import * as _ from 'lodash';
 
-export {
-  buildDepTree,
-  buildDepTreeFromFiles,
-};
+enum DepType {
+  prod = 'prod',
+  dev = 'dev',
+}
 
 interface PkgTree {
   name: string;
   version: string;
   dependencies?: {
     [dep: string]: PkgTree;
   };
+  depType?: DepType;
+  hasDevDependencies?: boolean;
 }
 
-async function buildDepTree(targetFileRaw: string, lockFileRaw: string): Promise<PkgTree> {
+export {
+  buildDepTree,
+  buildDepTreeFromFiles,
+  PkgTree,
+  DepType,
+};
+
+async function buildDepTree(targetFileRaw: string, lockFileRaw: string, includeDev = false): Promise<PkgTree> {
 
   const lockFile = JSON.parse(lockFileRaw);
   const targetFile = JSON.parse(targetFileRaw);
@@ -30,6 +39,7 @@ async function buildDepTree(targetFileRaw: string, lockFileRaw: string): Promise
 
   const depTree: PkgTree = {
     dependencies: {},
+    hasDevDependencies: !!targetFile.devDependencies && Object.keys(targetFile.devDependencies).length > 0,
     name: targetFile.name,
     version: targetFile.version,
   };
@@ -40,12 +50,20 @@ async function buildDepTree(targetFileRaw: string, lockFileRaw: string): Promise
     depTree.dependencies[dep] = await buildSubTreeRecursive(dep, [], lockFile);
   }));
 
+  if (includeDev && targetFile.devDependencies) {
+    const topLevelDevDeps = Object.keys(targetFile.devDependencies);
+    await Promise.all(topLevelDevDeps.map(async (dep) => {
+      depTree.dependencies[dep] = await buildSubTreeRecursive(dep, [], lockFile);
+    }));
+  }
+
   return depTree;
 }
 
 async function buildSubTreeRecursive(dep: string, depKeys: string[], lockFile: object): Promise<PkgTree> {
 
   const depSubTree: PkgTree = {
+    depType: undefined,
     dependencies: {},
     name: dep,
     version: undefined,
@@ -61,6 +79,7 @@ async function buildSubTreeRecursive(dep: string, depKeys: string[], lockFile: o
   if (deps && deps[dep]) {
     // update the tree
     depSubTree.version = deps[dep].version;
+    depSubTree.depType = deps[dep].dev ? DepType.dev : DepType.prod;
     // repeat the process for dependencies of looked-up dep
     const newDeps = deps[dep].requires ? Object.keys(deps[dep].requires) : [];
     await Promise.all(newDeps.map(async (subDep) => {
@@ -87,7 +106,8 @@ function getDepPath(depKeys: string[]) {
   return depPath;
 }
 
-async function buildDepTreeFromFiles(root: string, targetFilePath: string, lockFilePath: string): Promise<PkgTree> {
+async function buildDepTreeFromFiles(
+  root: string, targetFilePath: string, lockFilePath: string, includeDev = false): Promise<PkgTree> {
   if (!root || !lockFilePath || !lockFilePath) {
     throw new Error('Missing required parameters for parseLockFile()');
   }
@@ -105,5 +125,5 @@ async function buildDepTreeFromFiles(root: string, targetFilePath: string, lockF
   const targetFile = fs.readFileSync(targetFileFullPath, 'utf-8');
   const lockFile = fs.readFileSync(lockFileFullPath, 'utf-8');
 
-  return await buildDepTree(targetFile, lockFile);
+  return await buildDepTree(targetFile, lockFile, includeDev);
 }

test/lib/fixtures/empty-dev-deps/package.json

@@ -0,0 +1,22 @@
+{
+  "name": "goof",
+  "version": "0.0.3",
+  "description": "A vulnerable todo demo application",
+  "homepage": "https://snyk.io/",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/Snyk/snyk-todo-list-demo-app/"
+  },
+  "scripts": {
+    "start": "node app.js",
+    "build": "browserify -r jquery > public/js/bundle.js",
+    "cleanup": "mongo express-todo --eval 'db.todos.remove({});'"
+  },
+  "engines": {
+    "node": "6.14.1"
+  },
+  "dependencies": {
+    "adm-zip": "0.4.7"
+  },
+  "devDependencies": {}
+}