我需要获取package-lock.json的所有库和版本。
提供上下文。我在 jenkins 中运行一个安全模块,该模块负责为每个应用程序制作库清单。这个想法是将所有父版本与您自己的需求结合起来。
例如:
{
"name": "node-demo",
"version": "1.0.0",
"lockfileVersion": 1,
"requires": true,
"dependencies": {
"accepts": {
"version": "1.3.4",
"resolved": "https://registry.npmjs.org/accepts/-/accepts-1.3.4.tgz",
"integrity": "sha1-hiRnWMfdbSGmR0/whKR0DsBesh8=",
"requires": {
"mime-types": "~2.1.16",
"negotiator": "0.6.1"
}
}
}从这个包中,我们需要取出并构建一个 json: 像这样的库列表:
libraries: [
{libName: "accepts" , libVersion: "1.3.4" parent: null}
{libName: "mime-types", libVersion: "~2.1.16", parent: "accepts"}
{libName: "negotiator", libVersion: "0.6.1", parent: "accepts}
]还有一个细节,作为一个 jenkins,我需要运行在 bash 中执行此操作的脚本。他们知道是否已经构建了类似的东西
谢谢!
我假设您正在寻找节点解决方案,看到nodejs标签。幸运的是,节点本身需要 json 文件。一旦我们从package-lock.json获取数据,我们就可以轻松提取数据:
const lockJson = require('./package-lock.json'); // edit path if needed
const libraries = [];
// Loop through dependencies keys (as it is an object)
Object.keys(lockJson.dependencies).forEach((dependencyName) => {
const dependencyData = lockJson.dependencies[dependencyName];
libraries.push({
libName: dependencyName,
libVersion: dependencyData.version,
parent: null,
});
// Loop through requires subdependencies
if (dependencyData.requires) {
Object.keys(dependencyData.requires).forEach((subdependencyName) => {
const subdependencyVersion = dependencyData.requires[subdependencyName];
libraries.push({
libName: subdependencyName,
libVersion: subdependencyVersion,
parent: dependencyName,
});
});
}
});
console.log(libraries);
将其另存为convert.js并使用node convert.js运行它。
希望有帮助,干杯!