Add parser for `swift-show-dependencies.deplock`

nexB / scancode-toolkit

:mag: ScanCode detects licenses, copyrights, dependencies by "scanning code" ... to discover and inventory open source and third-party packages used in your code. Sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase, the Google Summer of Code, Azure credits, nexB and others generous sponsors!

https://github.com/nexB/scancode-toolkit/releases/

2.02k stars 533 forks source link

Add parser for `swift-show-dependencies.deplock` #3829

Closed keshav-space closed 6 days ago

keshav-space commented 1 week ago

Reference: https://github.com/nexB/scancode.io/issues/1278

Tasks

[x] Reviewed contribution guidelines
[x] PR is descriptively titled 📑 and links the original issue above 🔗
[x] Tests pass -- look for a green checkbox ✔️ a few minutes after opening your PR Run tests locally to check for errors.
[x] Commits are in uniquely-named feature branch and has no merge conflicts 📁
[x] Updated documentation pages (if applicable)
[x] Updated CHANGELOG.rst (if applicable)

AyanSinhaMahapatra commented 1 week ago

One more question, I assume we cannot parse Package.swift files like this one here: https://github.com/swift-cloud/VercelUI/blob/main/Package.swift right, becuase this is in swift and not parseable in python easily?

keshav-space commented 6 days ago

One more question, I assume we cannot parse Package.swift files like this one here: https://github.com/swift-cloud/VercelUI/blob/main/Package.swift right, becuase this is in swift and not parseable in python easily?

@AyanSinhaMahapatra We are not directly parsing the Package.swift file, but we parse the Package.swift.deplock, which is a JSON dump of Package.swift. In the future, we may add support for natively parsing the Package.swift file, and we can use Tree-Sitter (an optional dependency) for creating and parsing the Swift AST.