YarnParser - A parser for Yarn lockfiles

Someone in the Elixir’s Discord guild needed a parser for yarn lock files, and I wanted to try and learn parser combinators, so I wrote a yarn lock files parser

hex.pm
Documentation
GitHub repo

Example usage:

iex> input = 
  """
  # Some comment
  # yarn lockfile v1
  key1, key2:
    val1 true
    subkey1:
      val2 123
  """

iex> {:ok, parsed} = YarnParser.decode(input)
iex> parsed
{:ok,
  %{
    "comments" => ["# Some comment", "# yarn lockfile v1"],
    "key1" => %{
      "val1" => true,
      "subkey1" => %{
        "val2" => 123
      }
    },
    "key2" => %{
      "val1" => true,
      "subkey1" => %{
        "val2" => 123
      }
    }
  }
}

iex> YarnParser.get_version(parsed)
1

It currently doesn’t handle merge conflicts like the original parser and I need to improve error messages(mostly regarding invalid indentation).

3 Likes

I published version 0.3.0, it renames YarnParser.parse to YarnParser.decode and adds encoding functionality:

%{
  "prop1" => "val1",
  "block1" => %{
    "prop2" => true
  },
  "prop3" => 123
} |> YarnParser.encode()
# THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY.
# yarn lockfile v1

block1:
  prop2 true

prop1 val1
prop3 123
1 Like

What are te use cases for parsing lockfiles in general?

I did not ask what they needed it for, but from what I’ve read, some people parse them to gather dependencies from multiple projects or languages, but I don’t know what is done then.
Things like dependabot come to mind.

It could also be used to generate a bill of materials like the one used in SBoM - Mix task to generate a Software Bill-of-Materials (SBoM)

2 Likes

I’m pretty sure I know who it was that was looking to parse a yarn.lock file. :smiley: I’ve been building some tooling to support analysis of dependencies in different language ecosystems as part of a research project. I asked a student to look into it - as both an exercise in understanding the “lock” model, as well as digging into parsers and behaviours in Elixir. We’ve been using the YarnParser, which works great.

3 Likes

Version 0.4.0 was published

It turns out Yarn 2 now uses YAML instead of their own format, so now YarnParser uses YamlElixir to parse newer lockfiles. Version detection is automatic.

There was also a change in the API, the decode function returns a YarnLock struct that holds lockfile metadata and dependencies. It should be easier to get the lockfile’s version and other stuff now.

2 Likes