refactor(package-managers): Align on lowercase lockfile in var names

integrations/jenkins/Jenkinsfile

@@ -169,7 +169,7 @@ pipeline {
 
         booleanParam(
             name: 'ALLOW_DYNAMIC_VERSIONS',
-            description: 'Allow dynamic versions of dependencies (support projects without lock files).',
+            description: 'Allow dynamic versions of dependencies (support projects without lockfiles).',
             defaultValue: false
         )
 

plugins/package-managers/bundler/src/main/kotlin/Bundler.kt

@@ -165,11 +165,11 @@ class Bundler(
         // [2]: https://github.com/jruby/jruby/discussions/7403
 
         val lockfiles = definitionFiles.map { it.resolveSibling(BUNDLER_LOCKFILE_NAME) }.filter { it.isFile }
-        val lockFilesBundlerVersion = lockfiles.mapNotNull {
+        val lockfilesBundlerVersion = lockfiles.mapNotNull {
             parseBundlerVersionFromLockfile(it)
         }.sortedWith(AlphaNumericComparator).lastOrNull()
 
-        val bundlerVersion = options[OPTION_BUNDLER_VERSION] ?: lockFilesBundlerVersion
+        val bundlerVersion = options[OPTION_BUNDLER_VERSION] ?: lockfilesBundlerVersion
 
         if (bundlerVersion != null) {
             val duration = measureTime {

plugins/package-managers/bundler/src/main/resources/resolve_dependencies.rb

@@ -18,7 +18,7 @@
 # License-Filename: LICENSE
 
 # This script mimics the behavior of calling the `bundle lock` CLI command, which resolves a `Gemfile`'s dependencies
-# and writes them along with the respective versions to a lock file [1]. Internally, Bundler tries to find the
+# and writes them along with the respective versions to a lockfile [1]. Internally, Bundler tries to find the
 # dependencies' `gemspec` files both locally and remotely, and retrieves the respective metadata. However, except for
 # the name, version, and transitive dependencies, the Bundler call discards any other metadata. To maintain all
 # metadata, this script basically follows the same steps, but then serializes all metadata as YAML for further

plugins/package-managers/cocoapods/src/main/kotlin/CocoaPods.kt

@@ -67,7 +67,7 @@ import org.semver4j.RangesListFactory
  *
  * As pre-condition for the analysis each respective definition file must have a sibling lockfile named 'Podfile.lock'.
  * The dependency tree is constructed solely based on parsing that lockfile. So, the dependency tree can be constructed
- * on any platform. Note that obtaining the dependency tree from the 'pod' command without a lock file has Xcode
+ * on any platform. Note that obtaining the dependency tree from the 'pod' command without a lockfile has Xcode
  * dependencies and is not supported by this class.
  *
  * The only interactions with the 'pod' command happen in order to obtain metadata for dependencies. Therefore,

plugins/package-managers/composer/src/main/kotlin/Composer.kt

@@ -128,11 +128,11 @@ class Composer(
             return listOf(result)
         }
 
-        val lockFile = ensureLockFile(workingDir)
+        val lockfile = ensureLockFile(workingDir)
 
-        logger.info { "Parsing lock file at '$lockFile'..." }
+        logger.info { "Parsing lockfile at '$lockfile'..." }
 
-        val json = jsonMapper.readTree(lockFile)
+        val json = jsonMapper.readTree(lockfile)
         val packages = parseInstalledPackages(json)
 
         // Let's also determine the "virtual" (replaced and provided) packages. These can be declared as
@@ -157,18 +157,18 @@ class Composer(
     private fun parseScope(
         scopeName: String,
         manifest: JsonNode,
-        lockFile: JsonNode,
+        lockfile: JsonNode,
         packages: Map<String, Package>,
         virtualPackages: Set<String>
     ): Scope {
         val requiredPackages = manifest[scopeName].fieldNamesOrEmpty().asSequence()
-        val dependencies = buildDependencyTree(requiredPackages, lockFile, packages, virtualPackages)
+        val dependencies = buildDependencyTree(requiredPackages, lockfile, packages, virtualPackages)
         return Scope(scopeName, dependencies)
     }
 
     private fun buildDependencyTree(
         dependencies: Sequence<String>,
-        lockFile: JsonNode,
+        lockfile: JsonNode,
         packages: Map<String, Package>,
         virtualPackages: Set<String>,
         dependencyBranch: List<String> = emptyList()
@@ -191,9 +191,9 @@ class Composer(
             }
 
             try {
-                val runtimeDependencies = getRuntimeDependencies(packageName, lockFile)
+                val runtimeDependencies = getRuntimeDependencies(packageName, lockfile)
                 val transitiveDependencies = buildDependencyTree(
-                    runtimeDependencies, lockFile, packages, virtualPackages, dependencyBranch + packageName
+                    runtimeDependencies, lockfile, packages, virtualPackages, dependencyBranch + packageName
                 )
                 packageReferences += packageInfo.toReference(dependencies = transitiveDependencies)
             } catch (e: IOException) {
@@ -278,11 +278,11 @@ class Composer(
     }
 
     private fun ensureLockFile(workingDir: File): File {
-        val lockFile = workingDir.resolve(COMPOSER_LOCK_FILE)
+        val lockfile = workingDir.resolve(COMPOSER_LOCK_FILE)
 
-        val hasLockFile = lockFile.isFile
+        val hasLockFile = lockfile.isFile
         requireLockfile(workingDir) { hasLockFile }
-        if (hasLockFile) return lockFile
+        if (hasLockFile) return lockfile
 
         val composerVersion = Semver(getVersion(workingDir))
         val args = listOfNotNull(
@@ -293,7 +293,7 @@ class Composer(
 
         run(workingDir, *args.toTypedArray())
 
-        return lockFile
+        return lockfile
     }
 }
 
@@ -307,9 +307,9 @@ private fun String.isPlatformDependency(): Boolean =
 private val COMPOSER_PLATFORM_TYPES = setOf("composer", "composer-plugin-api", "composer-runtime-api")
 private val PHP_PLATFORM_TYPES = setOf("php", "php-64bit", "php-ipv6", "php-zts", "php-debug")
 
-private fun getRuntimeDependencies(packageName: String, lockFile: JsonNode): Sequence<String> {
+private fun getRuntimeDependencies(packageName: String, lockfile: JsonNode): Sequence<String> {
     listOf("packages", "packages-dev").forEach {
-        lockFile[it]?.forEach { packageInfo ->
+        lockfile[it]?.forEach { packageInfo ->
             if (packageInfo["name"].textValueOrEmpty() == packageName) {
                 val requiredPackages = packageInfo["require"]
                 if (requiredPackages != null && requiredPackages.isObject) {
@@ -344,7 +344,7 @@ private fun parseVcsInfo(packageInfo: JsonNode): VcsInfo =
     }.orEmpty()
 
 /**
- * Get all names of "virtual" (replaced or provided) packages in the package or lock file.
+ * Get all names of "virtual" (replaced or provided) packages in the package or lockfile.
  *
  * While Composer also takes the versions of the virtual packages into account, we simply use priorities here. Since
  * Composer can't handle the same package in multiple version, we can assume that as soon as a package is found in
@@ -355,16 +355,16 @@ private fun parseVcsInfo(packageInfo: JsonNode): VcsInfo =
 private fun parseVirtualPackageNames(
     packages: Map<String, Package>,
     manifest: JsonNode,
-    lockFile: JsonNode
+    lockfile: JsonNode
 ): Set<String> {
     val replacedNames = mutableSetOf<String>()
 
-    // The contents of the manifest file, which can also define replacements, is not included in the lock file, so
+    // The contents of the manifest file, which can also define replacements, is not included in the lockfile, so
     // we parse the manifest file as well.
     replacedNames += parseVirtualNames(manifest)
 
     listOf("packages", "packages-dev").forEach { type ->
-        lockFile[type]?.flatMap { pkgInfo ->
+        lockfile[type]?.flatMap { pkgInfo ->
             parseVirtualNames(pkgInfo)
         }?.let {
             replacedNames += it

plugins/package-managers/go/src/main/kotlin/GoDep.kt

@@ -63,7 +63,7 @@ import org.ossreviewtoolkit.utils.ort.showStackTrace
 private val toml = Toml { ignoreUnknownKeys = true }
 
 /**
- * A map of legacy package manager file names "dep" can import, and their respective lock file names, if any.
+ * A map of legacy package manager file names "dep" can import, and their respective lockfile names, if any.
  */
 private val GO_LEGACY_MANIFESTS = mapOf(
     // The [Glide](https://github.com/Masterminds/glide) package manager uses a dedicated `glide.yaml` rules file for

plugins/package-managers/node/src/main/kotlin/utils/NpmDetection.kt

@@ -110,7 +110,7 @@ class NpmDetection(private val definitionFiles: Collection<File>) {
  * An enum of all supported Node package managers.
  */
 enum class NodePackageManager(
-    val lockFileName: String,
+    val lockfileName: String,
     val markerFileName: String? = null,
     val workspaceFileName: String = NodePackageManager.DEFINITION_FILE
 ) {
@@ -135,27 +135,27 @@ enum class NodePackageManager(
     },
 
     YARN("yarn.lock") {
-        private val lockFileMarker = "# yarn lockfile v1"
+        private val lockfileMarker = "# yarn lockfile v1"
 
         override fun hasLockFile(projectDir: File): Boolean {
-            val lockFile = projectDir.resolve(lockFileName)
-            if (!lockFile.isFile) return false
+            val lockfile = projectDir.resolve(lockfileName)
+            if (!lockfile.isFile) return false
 
-            return lockFile.useLines { lines ->
-                lines.take(2).lastOrNull() == lockFileMarker
+            return lockfile.useLines { lines ->
+                lines.take(2).lastOrNull() == lockfileMarker
             }
         }
     },
 
     YARN2("yarn.lock", markerFileName = ".yarnrc.yml") {
-        private val lockFileMarker = "__metadata:"
+        private val lockfileMarker = "__metadata:"
 
         override fun hasLockFile(projectDir: File): Boolean {
-            val lockFile = projectDir.resolve(lockFileName)
-            if (!lockFile.isFile) return false
+            val lockfile = projectDir.resolve(lockfileName)
+            if (!lockfile.isFile) return false
 
-            return lockFile.useLines { lines ->
-                lines.take(4).lastOrNull() == lockFileMarker
+            return lockfile.useLines { lines ->
+                lines.take(4).lastOrNull() == lockfileMarker
             }
         }
     };
@@ -188,9 +188,9 @@ enum class NodePackageManager(
     }
 
     /**
-     * Return true if the [projectDir] contains a lock file for this package manager, or return false otherwise.
+     * Return true if the [projectDir] contains a lockfile for this package manager, or return false otherwise.
      */
-    open fun hasLockFile(projectDir: File): Boolean = hasNonEmptyFile(projectDir, lockFileName)
+    open fun hasLockFile(projectDir: File): Boolean = hasNonEmptyFile(projectDir, lockfileName)
 
     /**
      * If the [projectDir] contains a workspace file for this package manager, return the list of package patterns, or

plugins/package-managers/node/src/test/kotlin/utils/NpmDetectionTest.kt

@@ -39,13 +39,13 @@ import org.ossreviewtoolkit.utils.test.shouldNotBeNull
 
 class NpmDetectionTest : WordSpec({
     "All Node package manager detections" should {
-        "ignore empty lock files" {
+        "ignore empty lockfiles" {
             NodePackageManager.entries.forAll {
-                val lockFile = tempdir().resolve(it.lockFileName).apply {
+                val lockfile = tempdir().resolve(it.lockfileName).apply {
                     writeText("")
                 }
 
-                it.hasLockFile(lockFile.parentFile) shouldBe false
+                it.hasLockFile(lockfile.parentFile) shouldBe false
             }
         }
 
@@ -69,20 +69,20 @@ class NpmDetectionTest : WordSpec({
             NodePackageManager.forDirectory(projectDir) shouldContainExactlyInAnyOrder NodePackageManager.entries
         }
 
-        "return only those managers whose lock files are present" {
+        "return only those managers whose lockfiles are present" {
             val projectDir = tempdir().apply {
                 resolve("package.json").writeText("{}")
-                resolve(NPM.lockFileName).writeText("{}")
-                resolve(PNPM.lockFileName).writeText("#")
+                resolve(NPM.lockfileName).writeText("{}")
+                resolve(PNPM.lockfileName).writeText("#")
             }
 
             NodePackageManager.forDirectory(projectDir).shouldContainExactlyInAnyOrder(NPM, PNPM)
         }
 
-        "return only NPM if distinguished by lock file" {
+        "return only NPM if distinguished by lockfile" {
             val projectDir = tempdir().apply {
                 resolve("package.json").writeText("{}")
-                resolve(NPM.lockFileName).writeText("{}")
+                resolve(NPM.lockfileName).writeText("{}")
             }
 
             NodePackageManager.forDirectory(projectDir).shouldContainExactlyInAnyOrder(NPM)
@@ -97,10 +97,10 @@ class NpmDetectionTest : WordSpec({
             NodePackageManager.forDirectory(projectDir).shouldContainExactlyInAnyOrder(NPM)
         }
 
-        "return only PNPM if distinguished by lock file" {
+        "return only PNPM if distinguished by lockfile" {
             val projectDir = tempdir().apply {
                 resolve("package.json").writeText("{}")
-                resolve(PNPM.lockFileName).writeText("#")
+                resolve(PNPM.lockfileName).writeText("#")
             }
 
             NodePackageManager.forDirectory(projectDir).shouldContainExactlyInAnyOrder(PNPM)
@@ -115,32 +115,32 @@ class NpmDetectionTest : WordSpec({
             NodePackageManager.forDirectory(projectDir).shouldContainExactlyInAnyOrder(PNPM)
         }
 
-        "return only YARN if distinguished by lock file" {
+        "return only YARN if distinguished by lockfile" {
             val projectDir = tempdir().apply {
                 resolve("package.json").writeText("{}")
-                resolve(YARN.lockFileName).writeText(YARN_LOCK_FILE_HEADER)
+                resolve(YARN.lockfileName).writeText(YARN_LOCK_FILE_HEADER)
             }
 
             NodePackageManager.forDirectory(projectDir).shouldContainExactlyInAnyOrder(YARN)
         }
 
-        "return only YARN2 if distinguished by lock file" {
+        "return only YARN2 if distinguished by lockfile" {
             val projectDir = tempdir().apply {
                 resolve("package.json").writeText("{}")
-                resolve(YARN2.lockFileName).writeText(YARN2_LOCK_FILE_HEADER)
+                resolve(YARN2.lockfileName).writeText(YARN2_LOCK_FILE_HEADER)
             }
 
             NodePackageManager.forDirectory(projectDir).shouldContainExactlyInAnyOrder(YARN2)
         }
     }
 
     "NPM detection" should {
-        "recognize lock files" {
-            val lockFile = tempdir().resolve(NPM.lockFileName).apply {
+        "recognize lockfiles" {
+            val lockfile = tempdir().resolve(NPM.lockfileName).apply {
                 writeText("{}")
             }
 
-            NPM.hasLockFile(lockFile.parentFile) shouldBe true
+            NPM.hasLockFile(lockfile.parentFile) shouldBe true
         }
 
         "parse workspace files" {
@@ -170,12 +170,12 @@ class NpmDetectionTest : WordSpec({
     }
 
     "PNPM detection" should {
-        "recognize lock files" {
-            val lockFile = tempdir().resolve(PNPM.lockFileName).apply {
+        "recognize lockfiles" {
+            val lockfile = tempdir().resolve(PNPM.lockfileName).apply {
                 writeText("lockfileVersion: '6.0'")
             }
 
-            PNPM.hasLockFile(lockFile.parentFile) shouldBe true
+            PNPM.hasLockFile(lockfile.parentFile) shouldBe true
         }
 
         "parse workspace files" {
@@ -203,12 +203,12 @@ class NpmDetectionTest : WordSpec({
     }
 
     "Yarn detection" should {
-        "recognize lock files" {
-            val lockFile = tempdir().resolve(YARN.lockFileName).apply {
+        "recognize lockfiles" {
+            val lockfile = tempdir().resolve(YARN.lockfileName).apply {
                 writeText(YARN_LOCK_FILE_HEADER)
             }
 
-            YARN.hasLockFile(lockFile.parentFile) shouldBe true
+            YARN.hasLockFile(lockfile.parentFile) shouldBe true
         }
 
         "parse workspace files" {
@@ -233,12 +233,12 @@ class NpmDetectionTest : WordSpec({
     }
 
     "Yarn2 detection" should {
-        "recognize lock files" {
-            val lockFile = tempdir().resolve(YARN2.lockFileName).apply {
+        "recognize lockfiles" {
+            val lockfile = tempdir().resolve(YARN2.lockfileName).apply {
                 writeText(YARN2_LOCK_FILE_HEADER)
             }
 
-            YARN2.hasLockFile(lockFile.parentFile) shouldBe true
+            YARN2.hasLockFile(lockfile.parentFile) shouldBe true
         }
 
         "parse workspace files" {

plugins/package-managers/pub/src/funTest/kotlin/PubFunTest.kt

@@ -43,14 +43,14 @@ class PubFunTest : WordSpec({
         "resolve dart http dependencies correctly".config(enabled = false) {
             val definitionFile = getAssetFile("projects/external/dart-http/pubspec.yaml")
             val expectedResultFile = getAssetFile("projects/external/dart-http-expected-output.yml")
-            val lockFile = definitionFile.resolveSibling("pubspec.lock").also {
+            val lockfile = definitionFile.resolveSibling("pubspec.lock").also {
                 getAssetFile("projects/external/dart-http-pubspec.lock").copyTo(it, overwrite = true)
             }
 
             val result = try {
                 create("Pub", allowDynamicVersions = true).resolveSingleProject(definitionFile)
             } finally {
-                lockFile.delete()
+                lockfile.delete()
             }
 
             result.toYaml() should matchExpectedResult(expectedResultFile, definitionFile)