Let's Build a Thing: NPM Dependency Checker - Part 3
Series start along with dev notes: Let’s Build: NPM Dependency Checker
Previous part: Let’s Build: NPM Dependency Checker - Part 2
GitHub: NPM Dependency Checker
note: Unless noted, the coding for this part is taking place in the ndc.ex file in /lib/
So our project is setup and we are ready to rock n roll. Let’s start thinking about the small functions that will be needed to accomplish our required task for this application.
We’re going to start using a couple new libraries in this part, so we need to update mix.exs so it knows about them. We also need to grab those dependencies.
Open mix.exs and make sure your deps section looks like this:
Staying in mix.exs, make sure your application section looks like this:
We’ll go over why we’re adding these later in this article.
Our first hurdle is repo information. How are we going to get it and what do we need?
Before we can do anything we need to figure out the GitHub URL for a given repo. There are a couple of ways to do this:
- We could visit the NPMJS.org page for the repo.
- We could use “npm view
“ on the command line, which will give us back a large blob of text about the repo.
Neither option is super clean, but the second is best. If we were to choose the first option, we’d need to fetch a webpage and then hunt through it looking for a node that contained a link to the repo and then get that link. Using a combo such as HTTPotion and Floki is easy enough, but the problem comes with the lack of great identifiers in the NPMJS page code and the number of links on the page.
Instead, we’re going to execute a system command and work through the output.
Let’s create a simple function that accepts one argument, performs the system command we want and returns the output.
When this function is executed, you’ll get back a massive (and disgusting) output, like this:
If you want to see a pretty version, just run this command in your terminal:
Ok, so that’s complete and working. What we’re after if that homepage link. Let’s pipe this output into a function that cleans it up a bit.
Given our original data, the output from this point is something like this:
As you can see, it’s a list with two elements and it’s close to what we need. The get_package_repo_url function returns the second element.
We now have the repo’s URL and can move forward.
While we could use the URL we have at this point (https://github.com/facebook/jest#readme) and then find the package.json link and then click it and so forth, there’s an easier way.
What we’re really after now is the source code for the package.json file. In that file is our dependencies and devDependencies.
If you go a GitHub repo, click on a file to view its source and then click on the raw button to view only its source code and nothing else, you’ll notice that the url is something like this:
Our current url is: https://github.com/facebook/jest#readme
We need a function that will take in a url and replace some things. Let’s do that now.
- We are going to dump “#readme” from the link if it’s there as we don’t need it.
- We are going to replace “github” with “raw.githubusercontent”.
- We are going to add “/master/package.json” to the end of the string to complete the url.
In transform_repo_raw_json_url we pass in a repo, which is a URL string (like: “https://github.com/facebook/jest#readme“).
We then perform two replaces and one concatenation. The end result is a url like this: https://raw.githubusercontent.com/someuser/somerepo/master/package.json
We’re making great progress! From here, we can fetch that page and have the data we need.
There’s a main problem though. If we fetch the page, it will not be JSON. We’re going to fix that problem quickly.
At this point we have the url for the package.json file we want to consume. Our goal is to read the dependencies so that we can do stuff with them.
This function will be reworked in an upcoming segment. For now, we want to get it working.
Rather than throw up a .get into an existing function, I’m moving the call into its own function so that I can handle exceptions and so that the code is easier to maintain, read, etc.
In the falling function we will pass in repo, which is the package.json url. If the url is valid, the function will send the body of that response to another function (explained in a moment).
If all goes well, the contents of the package.json file for the repo is now being sent to decode_body.
The body of the response we got back isn’t JSON. It’s just a nice messy string. Take a look:
Fortunately, there’s a library called Poison that we can use to decode JSON (and encode).
So let’s build a function that accepts the response JSON body and build us a map we can use to finally get at these packages.
The first thing we need to do is create a module attribute that will hold the fields we are interested in for the decoding.
Now that we have our attribute in place we can write the decode_body function.
In our decode_body function we accept an argument and use Poison to decode it. We then take the @excepted_fields and basically create a nice map with the data we expect.
The end result is quite lovely. We get back a list of up to two items (dependencies and devDependencies) just like this:
As you can see we have maps to work with. Now we can get a list of dependencies for this repo!
We’ve got our list and we’re closing in on a major milestone. Now we need to parse out the dependencies.
Let’s build a function that accepts a dependencies_list and prints out the dependencies.
The function parse_dependencies takes the dependencies_list and iterates over the first element in the list. Obviously this is a little bit of a problem since our dependencies_list could have multiple elements, but let’s just stand this up for now and come back to it.
You’ll notice that we’re passing in elem(x, 1) to iterate_dependencies. That’s because we have at that point is a tuple with an Atom (label of either dependencies or devDependencies) as the first element. The second element is a map.
Let’s write the iterate_dependencies function. For now, we’re just going to IO.inspect it into the terminal.
Whew, that’s a lot of stuff we did. Let’s wrap this part up and get ready for what’s next.
There was a lot of coding for this part. At this point you can build the application and use it. If you feel lost, check out the branch for this part and make sure your code matches up.
Here’s what you can now do:
- Using terminal, navigate to the ndc folder and enter mix escript.build to build the application.
- In terminal, use it and see the result:
Here are a few things on the thought list:
- I found an error (testing is working on some repos and not others). Oh noes! The fix is coming in the next part.
- We’re doing a lot of trusting with our functions. We need tests!
- We need to refactor parse_dependencies to handle all the elements it’s given.
- We need to create a struct or something to hold dependency data.
- We need to log the dependency name and version number. Maybe a count too?
Let’s get going on the next part.