Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix package-lock.json deps with aliased names #1287

Merged
merged 1 commit into from
Nov 15, 2023
Merged

Fix package-lock.json deps with aliased names #1287

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,10 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).

- Show project ID after project creation

### Fixed

- Aliased dependency names in `package-lock.json`

## [5.8.1] - 2023-11-07

### Fixed
Expand Down
30 changes: 17 additions & 13 deletions lockfile/src/javascript.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,15 +30,15 @@ impl Parse for PackageLock {
let parsed: JsonValue = serde_json::from_str(data)?;

// Get a field as string from a JSON object.
let get_field = |value: &JsonValue, key| {
fn get_field(value: &JsonValue, key: &str) -> Option<String> {
value.get(key).and_then(|value| value.as_str()).map(|value| value.to_string())
};
}

// Get version field from JSON object.
let get_version = |value, name| {
fn get_version(value: &JsonValue, name: &str) -> anyhow::Result<String> {
get_field(value, "version")
.ok_or_else(|| anyhow!("Failed to parse version for '{name}' dependency"))
};
}

if let Some(deps) = parsed.get("packages").and_then(|v| v.as_object()) {
// Parser for package-lock.json >= v7.
Expand Down Expand Up @@ -80,9 +80,12 @@ impl Parse for PackageLock {
let resolved = get_field(keys, "resolved")
.ok_or_else(|| anyhow!("Dependency '{name}' is missing \"resolved\" key"))?;

// Handle aliased dependencies.
let name = get_field(keys, "name").unwrap_or_else(|| name.into());
mathew-horner marked this conversation as resolved.
Show resolved Hide resolved

// Get dependency version.
let version = if resolved.starts_with("https://registry.npmjs.org/") {
PackageVersion::FirstParty(get_version(keys, name)?)
PackageVersion::FirstParty(get_version(keys, &name)?)
} else if resolved.starts_with("git+") {
PackageVersion::Git(resolved)
} else if resolved.starts_with("http") {
Expand All @@ -94,7 +97,7 @@ impl Parse for PackageLock {
// Find registry's domain name.
match split.next() {
Some(registry) => PackageVersion::ThirdParty(ThirdPartyVersion {
version: get_version(keys, name)?,
version: get_version(keys, &name)?,
registry: registry.into(),
}),
None => {
Expand All @@ -105,11 +108,7 @@ impl Parse for PackageLock {
PackageVersion::Path(Some(resolved.into()))
};

packages.push(Package {
version,
name: name.into(),
package_type: PackageType::Npm,
});
packages.push(Package { version, name, package_type: PackageType::Npm });
}
Ok(packages)
} else if let Some(deps) = parsed.get("dependencies").and_then(|v| v.as_object()) {
Expand Down Expand Up @@ -424,7 +423,7 @@ mod tests {
let pkgs =
PackageLock.parse(include_str!("../../tests/fixtures/package-lock.json")).unwrap();

assert_eq!(pkgs.len(), 55);
assert_eq!(pkgs.len(), 56);

let expected_pkgs = [
Package {
Expand Down Expand Up @@ -469,9 +468,14 @@ mod tests {
version: PackageVersion::Path(Some("../node_modules/parentlink".into())),
package_type: PackageType::Npm,
},
Package {
name: "strip-ansi".into(),
version: PackageVersion::FirstParty("6.0.1".into()),
package_type: PackageType::Npm,
},
];
for expected_pkg in expected_pkgs {
assert!(pkgs.contains(&expected_pkg));
assert!(pkgs.contains(&expected_pkg), "Missing: {expected_pkg:?}");
}
}

Expand Down
2 changes: 2 additions & 0 deletions lockfile/src/lib.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ pub use golang::GoSum;
use ignore::WalkBuilder;
pub use java::{GradleLock, Pom};
pub use javascript::{PackageLock, Pnpm, YarnLock};
#[cfg(feature = "generator")]
pub use lockfile_generator as generator;
#[cfg(feature = "generator")]
use lockfile_generator::Generator;
Expand All @@ -22,6 +23,7 @@ use serde::{Deserialize, Serialize};
pub use spdx::Spdx;
use thiserror::Error;
use walkdir::WalkDir;

mod cargo;
mod csharp;
mod cyclonedx;
Expand Down
12 changes: 12 additions & 0 deletions tests/fixtures/package-lock.json
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.