How to use @snyk/dep-graph - 5 common examples

To help you get started, we’ve selected a few @snyk/dep-graph examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github snyk / snyk / src / lib / snyk-test / nodejs / index.ts View on Github external
},
      body: {
        ...pkg,
        targetFile: pkg.targetFile || options.file,
        projectNameOverride: options.projectName,
        policy: policy && policy.toString(),
        hasDevDependencies: pkg.hasDevDependencies,
      },
      modules: getLockFileDeps ? undefined : pkg,
    };
  }

  debug('converting dep-tree to dep-graph', {name: pkg.name, targetFile: pkg.targetFile || options.file});
  // Graphs are more compact and robust representations.
  // Legacy parts of the code are still using trees, but will eventually be fully migrated.
  const depGraph = await depGraphLib.legacy.depTreeToGraph(pkg, options.packageManager);
  debug('done converting dep-tree to dep-graph', {uniquePkgsCount: depGraph.getPkgs().length});

  return {
    method: 'POST',
    // The "new" endpoint, accepting dependency graphs.
    // The old one, using dependency trees, is now fully deprecated and is only used
    // by the old versions of the CLI.
    url: snykConfig.API + '/test-dep-graph',
    qs: common.assembleQueryString(options),
    json: true,
    headers: {
      'x-is-ci': isCI,
      'authorization': 'token ' + snyk.api,
    },
    body: {
      depGraph,
github snyk / snyk / src / lib / monitor.ts View on Github external
let treeMissingDeps: string[];
  let pkg = info.package;
  const pluginMeta = info.plugin;
  const policyPath = meta['policy-path'] || root;
  const policyLocations = [policyPath]
    .concat(pluckPolicies(pkg))
    .filter(Boolean);

  if (['npm', 'yarn'].includes(meta.packageManager)) {
    const { filteredDepTree, missingDeps } = filterOutMissingDeps(info.package);
    pkg = filteredDepTree;
    treeMissingDeps = missingDeps;
  }

  const depGraph: depGraphLib.DepGraph = await depGraphLib.legacy.depTreeToGraph(
    pkg,
    packageManager,
  );

  // docker doesn't have a policy as it can be run from anywhere
  if (!meta.isDocker || !policyLocations.length) {
    await snyk.policy.create();
  }
  const policy = await snyk.policy.load(policyLocations, { loose: true });

  const target = await projectMetadata.getInfo(pkg, meta);
  const targetFileRelativePath = targetFile
    ? path.join(path.resolve(root), targetFile)
    : '';

  if (target && target.branch) {
github snyk / snyk / src / lib / monitor / prune-dep-tree.ts View on Github external
export async function pruneTree(
  tree: DepTree,
  packageManagerName: string,
): Promise {
  // Pruning requires conversion to the graph first.
  // This is slow.
  const graph = await depGraphLib.legacy.depTreeToGraph(
    tree,
    packageManagerName,
  );
  const prunedTree: DepTree = (await depGraphLib.legacy.graphToDepTree(
    graph,
    packageManagerName,
    { deduplicateWithinTopLevelDeps: true },
  )) as DepTree;
  // Transplant pruned dependencies in the original tree (we want to keep all other fields):
  tree.dependencies = prunedTree.dependencies;
  return tree;
}
github snyk / snyk / src / lib / monitor.ts View on Github external
async function pruneTree(
  tree: DepTree,
  packageManagerName: string,
): Promise {
  debug('pruning dep tree');
  // Pruning requires conversion to the graph first.
  // This is slow.
  const graph = await depGraphLib.legacy.depTreeToGraph(
    tree,
    packageManagerName,
  );
  const prunedTree: DepTree = (await depGraphLib.legacy.graphToDepTree(
    graph,
    packageManagerName,
    { deduplicateWithinTopLevelDeps: true },
  )) as DepTree;
  // Transplant pruned dependencies in the original tree (we want to keep all other fields):
  tree.dependencies = prunedTree.dependencies;
  debug('finished pruning dep tree');
  return tree;
}
github snyk / snyk / src / lib / monitor / prune-dep-tree.ts View on Github external
export async function pruneTree(
  tree: DepTree,
  packageManagerName: string,
): Promise {
  // Pruning requires conversion to the graph first.
  // This is slow.
  const graph = await depGraphLib.legacy.depTreeToGraph(
    tree,
    packageManagerName,
  );
  const prunedTree: DepTree = (await depGraphLib.legacy.graphToDepTree(
    graph,
    packageManagerName,
    { deduplicateWithinTopLevelDeps: true },
  )) as DepTree;
  // Transplant pruned dependencies in the original tree (we want to keep all other fields):
  tree.dependencies = prunedTree.dependencies;
  return tree;
}

@snyk/dep-graph

Snyk dependency graph library

Apache-2.0
Latest version published 7 months ago

Package Health Score

66 / 100
Full package analysis

Popular @snyk/dep-graph functions

Similar packages