HEX
Server: Apache
System: Linux webd004.cluster130.gra.hosting.ovh.net 5.15.206-ovh-vps-grsec-zfs-classid #1 SMP Fri May 15 02:41:25 UTC 2026 x86_64
User: frenchy (106757)
PHP: 7.4.33
Disabled: _dyuweyrj4,_dyuweyrj4r,dl
$ pwd: /home/f/r/e/frenchy/www/french-american.org/current/node_modules/snyk-python-plugin/dist/
Upload Files
File: /home/f/r/e/frenchy/www/french-american.org/current/node_modules/snyk-python-plugin/dist/index.js
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
const tslib_1 = require("tslib");
const path = require("path");
const subProcess = require("./sub-process");
const inspect_implementation_1 = require("./inspect-implementation");
const apply_remediation_implementation_1 = require("./apply-remediation-implementation");
// Given a path to a manifest file and assuming that all the packages (transitively required by the
// manifest) were installed (e.g. using `pip install`), produce a tree of dependencies.
function inspect(root, targetFile, options) {
    return tslib_1.__awaiter(this, void 0, void 0, function* () {
        if (!options) {
            options = {};
        }
        let command = options.command || 'python';
        const includeDevDeps = !!(options.dev || false);
        let baseargs = [];
        if (path.basename(targetFile) === 'Pipfile') {
            // Check that pipenv is available by running it.
            const pipenvCheckProc = subProcess.executeSync('pipenv', ['--version']);
            if (pipenvCheckProc.status !== 0) {
                throw new Error('Failed to run `pipenv`; please make sure it is installed.');
            }
            command = 'pipenv';
            baseargs = ['run', 'python'];
        }
        const [plugin, pkg] = yield Promise.all([
            inspect_implementation_1.getMetaData(command, baseargs, root, targetFile),
            inspect_implementation_1.getDependencies(command, baseargs, root, targetFile, options.allowMissing || false, includeDevDeps, options.args),
        ]);
        return { plugin, package: pkg };
    });
}
exports.inspect = inspect;
// Given contents of manifest file(s) and a set of upgrades, and assuming that all the packages
// were installed (e.g. using `pip install`), produce the updated manifests by detecting the
// provenance of top-level packages and replacing their specifications and adding "pinned" packages
// to the manifest.
// Currently only supported for `requirements.txt` - at least one file named `**/requirements.txt`
// must be in the manifests.
function applyRemediationToManifests(root, manifests, upgrades, options) {
    return tslib_1.__awaiter(this, void 0, void 0, function* () {
        const manifestNames = Object.keys(manifests);
        const targetFile = manifestNames.find((fn) => path.basename(fn) === 'requirements.txt');
        if (!targetFile ||
            !manifestNames.every((fn) => path.basename(fn) === 'requirements.txt' ||
                path.basename(fn) === 'constraints.txt')) {
            throw new Error('Remediation only supported for requirements.txt and constraints.txt files');
        }
        // Calculate provenance via Python code.
        // This currently requires costly setup of a virtual environment, when
        // called from pip-deps.
        // Alternative approaches to consider:
        // - modify python code to not require installed packages in this case
        // - replicate the parser of requirements.txt in JS code (in pip-deps?)
        const provOptions = Object.assign({}, options);
        provOptions.args = provOptions.args || [];
        provOptions.args.push('--only-provenance');
        const topLevelDeps = (yield inspect(root, targetFile, provOptions)).package;
        apply_remediation_implementation_1.applyUpgrades(manifests, upgrades, topLevelDeps);
        return manifests;
    });
}
exports.applyRemediationToManifests = applyRemediationToManifests;
//# sourceMappingURL=index.js.map
@ Telegram