Fork me on GitHub
#tools-deps
<
2022-06-06
>
pavlosmelissinos07:06:30

Is there a way to get the dependency tree of a project as data? I'm trying to figure out the paths that lead to a specific transitive dependency and clojure -Stree | grep <dependency name> -B 8 unfortunately includes a lot of garbage from other branches, which I'm not interested in. It's quite possible that I'm focusing on the wrong thing, so happy to consider a different approach as well! edit: The real "why" is that there's a known vulnerability for one of my transitive dependencies, so I'm trying to figure out which of my direct dependencies will be affected if I upgrade it (override it with a newer version)! 🙂

Alex Miller (Clojure team)13:06:06

You can get data from clj -X:deps tree :format :edn

❤️ 2
pavlosmelissinos15:06:21

Oh sweet, thanks! Is this documented? On my phone right now but I swear I looked in the https://clojure.org/reference/deps_and_cli first and couldn't find it. 😅

dpsutton19:06:33

what’s the way to invoke -X with an environment variable? clj -X :filename $OUT_FILE style?

hiredman19:06:37

With any additional escaping, those args pass through read-string

dpsutton19:06:28

yeah. but i need to enable expansion in the shell and then ensure it’s readable to clojure and i’ve forgotten the exact sequence of double and single quotes necessary to thread that needle

borkdude21:06:44

@dpsutton

$ bb -e "*command-line-args*" $OUTFILE
("foo")
$ bb -e "*command-line-args*" \"$OUTFILE\"
("\"foo\"")
$ bb -e "(edn/read-string (first *command-line-args*))" \"$OUTFILE\"
"foo"

🙏 1
seancorfield21:06:28

clojure -X :filename '"'$OUTFILE'"'

seancorfield21:06:55

(I use that in several invocations -- also with '"'$(...)'"')