Single-quoted strings in importmap.rb

[nsilva-ta]

Shouldn't we use single-quoted strings inside importmap.rb by default?

When there is a single-quoted string inside importmap.rb, as following example:

pin 'jquery' # @3.4.1

the entry will be ignored when the command ./bin/importmap audit is executed, and the vulnerability in the version of jquery is not reported.

[dhh]

Not a fan of single quotes. We've moved to double quotes everywhere. Sounds like it's a bug in the audit regexp not recognizing both. Do explore a fix to that 👍

[dkniffin]

The issue is on this line:

importmap-rails/lib/importmap/npm.rb

Line 56 in ad2cbb5

importmap.scan(/^pin "([^"]*)".* #.*@(\d+\.\d+\.\d+(?:[^\s]*)).*$/)

It only checks for double-quotes. The regex needs to be updated to handle single quotes as well

[dhh]

Feel free to add a PR that also picks up single quotes for this.