Feat: Lockfile Parser

[justshiv]

• [x] Ready for review
• [x] Follows CONTRIBUTING rules
• [ ] Reviewed by Snyk internal team

What does this PR do?

Adds a parseLockfile function to parse the lockfile and returns a PaketLock of groups indexed by group name. Paket lockfiles are split into separable groups with different settings, restrictions & dependencies.

Example input to parseLockfile:

IMPORT-TARGETS: FALSE
FRAMEWORK: NET452
NUGET
  remote: https://api.nuget.org/v3/index.json
    FSharp.Charting (0.90.14)

Current example output:

{
  "main": {
    "name": "main",
    "repositories": {
      "NUGET": [
        "https://api.nuget.org/v3/index.json"
      ]
    },
    "dependencies": [
      {
        "name": "FSharp.Charting",
        "options": {},
        "version": "0.90.14",
        "group": "main",
        "remote": "https://api.nuget.org/v3/index.json",
        "repository": "NUGET",
        "dependencies": []
      }
    ],
    "options": {
      "import-targets": "false",
      "framework": "net452"
    }
  }
}

It also adds the skeletons of parse which will generate the full tree to return to our plugin. As this is yet to be built out and requires the inclusion of paket.dependencies I haven't added tests for this section.

[justshiv]

It was requested that we add any meta to the main PaketLock returned object as discussed here: https://github.com/snyk/snyk-paket-parser/pull/17#discussion_r255164278.

I have done this by indexing the main return object by groups and then added the meta to each group as the meta is group specific. If you have any suggestions on how you can further collect meta information to send on the root object and you can add it within the scope of this PR please do.

[justshiv]

I've found 2 fixtures that we don't handle well:

• git-and-github throws an error because there is an indentation of 3 spaces. How do we want to handle this error gracefully?
• multiple-remotes has 2 remotes listed before a list of dependencies. We currently ignore the first remote link entirely in this case. We need to address how to handle this.

[Kirill89]

Small optional notes:

• I prefer to not call default group main because what if user will call real group main? We will overwrite it?
• We can create array of groups on top level instead of object name => object. In this case name will be optional and we will solve (1).
• Let’s not convert option names to lower case (to save ability to reprint file from parsed data).
• I’m not sure if we need repositories on group level (it can’t help us because we have remote and repository in each dependency - we can easily use it).
• Not sure if we need group on dependency level.

[CLAassistant]

All committers have signed the CLA.

[snyksec]

:tada: This PR is included in version 1.2.0 :tada:

The release is available on:

• npm package (@latest dist-tag)
• GitHub release

Your semantic-release bot :package::rocket: