Skip to content

feat(npm): add support for lockfile v3 #490

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 17 commits into from
Apr 7, 2023
Merged

feat(npm): add support for lockfile v3 #490

merged 17 commits into from
Apr 7, 2023
+631 −27

Conversation

@melotic
Copy link
Member

@melotic melotic commented Mar 28, 2023

Closes #476

@github-actions
Copy link

github-actions bot commented Mar 28, 2023
edited
Loading

👋 Hi! It looks like you modified some files in the Detectors folder.
You may need to bump the detector versions if any of the following scenarios apply:

  • The detector detects more or fewer components than before
  • The detector generates different parent/child graph relationships than before
  • The detector generates different devDependencies values than before

If none of the above scenarios apply, feel free to ignore this comment 🙂

@melotic melotic marked this pull request as ready for review March 28, 2023 22:17
@melotic melotic requested a review from a team as a code owner March 28, 2023 22:17
@melotic melotic requested a review from Omotola March 28, 2023 22:17
@melotic
Copy link
Member Author

melotic commented Mar 28, 2023

Open questions for the NPM team:

  • We do not have access to the ancestors of a current node to determine if a component is nested into another one (i.e. node_modules/x/node_modules/y). So, we recursively find the shortest path to the root note to determine the ancestors. Is there a possibility for multiple paths back to the root node? Or if that's possible, will the component always be placed in the root? (i.e. node_modules/y)

@melotic melotic force-pushed the justinperez/npm-decereal branch from 978866b to 1326d24 Compare March 29, 2023 17:53
melotic added 3 commits March 30, 2023 15:13
@melotic
test(npm): add double component
2376062
@melotic
fix: add log for missing pkgs
73b7db4
@melotic
Merge branch 'main' into justinperez/npm-decereal
2a3ec5b 
# Conflicts:
#	src/Microsoft.ComponentDetection.Detectors/npm/NpmComponentDetectorWithRoots.cs
@melotic melotic merged commit 4c53d00 into main Apr 7, 2023
@melotic melotic deleted the justinperez/npm-decereal branch April 7, 2023 19:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@JamieMagee JamieMagee JamieMagee approved these changes

@Omotola Omotola Awaiting requested review from Omotola Omotola is a code owner automatically assigned from microsoft/ose-component-detection-maintainers

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Add support for NPM lockfileVersion v3

3 participants

@melotic @JamieMagee