Drop miners/composer.py file

ziadhany · ziadhany · commit 24785ef27fff · 2025-12-07T18:37:16.000+02:00
Signed-off-by: ziad hany &lt;ziadhany2016@gmail.com&gt;
diff --git a/minecode_pipelines/miners/composer.py b/minecode_pipelines/miners/composer.py
diff --git a/minecode_pipelines/pipes/composer.py b/minecode_pipelines/pipes/composer.py
@@ -20,15 +20,110 @@
 # ScanCode.io is a free software code scanning tool from nexB Inc. and others.
 # Visit https://github.com/aboutcode-org/scancode.io for support and download.
 
-from minecode_pipelines.miners.composer import get_composer_packages
-from minecode_pipelines.miners.composer import load_composer_packages
-from minecode_pipelines.miners.composer import get_composer_purl
-
+import json
+from minecode_pipelines.utils import get_temp_file
+from aboutcode.hashid import get_core_purl
+import requests
+from packageurl import PackageURL
 from minecode_pipelines.utils import cycle_from_index, grouper
 
 PACKAGE_BATCH_SIZE = 100
 
 
+def get_composer_packages():
+    """
+    Fetch all Composer packages from Packagist and save them to a temporary JSON file.
+    Response example:
+    {
+        "packageNames" ["0.0.0/composer-include-files", "0.0.0/laravel-env-shim"]
+    }
+    """
+
+    response = requests.get("https://packagist.org/packages/list.json")
+    if not response.ok:
+        return
+
+    packages = response.json()
+    temp_file = get_temp_file("ComposerPackages", "json")
+    with open(temp_file, "w", encoding="utf-8") as f:
+        json.dump(packages, f, indent=4)
+
+    return temp_file
+
+
+def get_composer_purl(vendor, package):
+    """
+    Fetch all available Package URLs (purls) for a Composer package from Packagist.
+    Response example:
+    {
+      "minified": "composer/2.0",
+      "packages": [
+        {
+          "monolog/monolog": {
+            "0": {
+              "name": "monolog/monolog",
+              "version": "3.9.0"
+            }
+          }
+        }
+      ],
+      "security-advisories": [
+        {
+          "advisoryId": "PKSA-dmw8-jd8k-q3c6",
+          "affectedVersions": ">=1.8.0,<1.12.0"
+        }
+      ]
+    }
+    get_composer_purl("monolog", "monolog")
+    -> ["pkg:composer/monolog/monolog@3.9.0", "pkg:composer/monolog/monolog@3.8.0", ...]
+    """
+    purls = []
+    url = f"https://repo.packagist.org/p2/{vendor}/{package}.json"
+
+    try:
+        response = requests.get(url, timeout=10)
+        response.raise_for_status()
+    except requests.RequestException:
+        return None, purls
+
+    data = response.json()
+    packages = data.get("packages", {})
+    releases = packages.get(f"{vendor}/{package}", [])
+
+    for release in releases:
+        version = release.get("version")
+        if version:
+            purl = PackageURL(
+                type="composer",
+                namespace=vendor,
+                name=package,
+                version=version,
+            )
+            purls.append(purl.to_string())
+
+    base_purl = None
+    if purls:
+        first_purl = purls[0]
+        base_purl = get_core_purl(first_purl)
+    return base_purl, purls
+
+
+def load_composer_packages(packages_file):
+    """Load and return a list of (vendor, package) tuples from a JSON file."""
+    with open(packages_file, encoding="utf-8") as f:
+        packages_data = json.load(f)
+
+    package_names = packages_data.get("packageNames", [])
+    result = []
+
+    for item in package_names:
+        if "/" in item:
+            vendor, package = item.split("/", 1)
+            result.append((vendor, package))
+
+    return result
+
+
 def mine_composer_packages():
     """Mine Composer package names from Packagist and return List of (vendor, package) tuples."""
     packages_file = get_composer_packages()
diff --git a/minecode_pipelines/tests/pipes/test_composer.py b/minecode_pipelines/tests/pipes/test_composer.py
@@ -12,9 +12,9 @@
 from unittest.mock import patch, MagicMock
 from django.test import SimpleTestCase
 
-from minecode_pipelines.miners.composer import get_composer_packages
-from minecode_pipelines.miners.composer import load_composer_packages
-from minecode_pipelines.miners.composer import get_composer_purl
+from minecode_pipelines.pipes.composer import get_composer_packages
+from minecode_pipelines.pipes.composer import load_composer_packages
+from minecode_pipelines.pipes.composer import get_composer_purl
 
 DATA_DIR = Path(__file__).parent.parent / "test_data" / "composer"
 
