More juice-shop edge cases

Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com>
CycloneDX · Dec 30, 2024 · 3ebac9c · 3ebac9c
1 parent d25cf5a
commit 3ebac9c
Show file tree

Hide file tree

Showing 2 changed files with 26 additions and 7 deletions.
diff --git a/lib/helpers/utils.js b/lib/helpers/utils.js
@@ -1181,11 +1181,17 @@ export async function parsePkgLock(pkgLockFile, options = {}) {
           value: "true",
         });
       }
-      if (!node?.isRegistryDependency) {
-        pkg.properties.push({
-          name: "cdx:npm:isRegistryDependency",
-          value: "false",
-        });
+      // This getter method could fail with errors at times.
+      // Example Error: Invalid tag name "^>=6.0.0" of package "^>=6.0.0": Tags may not have any characters that encodeURIComponent encodes.
+      try {
+        if (!node?.isRegistryDependency) {
+          pkg.properties.push({
+            name: "cdx:npm:isRegistryDependency",
+            value: "false",
+          });
+        }
+      } catch (err) {
+        // ignore
       }
       if (node?.isWorkspace) {
         pkg.properties.push({
@@ -1383,7 +1389,11 @@ export async function parsePkgLock(pkgLockFile, options = {}) {
       // if we can't find the version of the edge, continue
       // it may be an optional peer dependency
       if (!targetVersion || !targetName) {
-        if (DEBUG_MODE && !options.deep && edge?.type !== "optional") {
+        if (
+          DEBUG_MODE &&
+          !options.deep &&
+          !["optional", "peer", "peerOptional"].includes(edge?.type)
+        ) {
           if (!targetVersion) {
             console.log(
               `Unable to determine the version for the dependency ${edge.name} from the path ${edge?.from?.path}. This is likely an edge case that is not handled.`,
@@ -1396,6 +1406,15 @@ export async function parsePkgLock(pkgLockFile, options = {}) {
             );
           }
         }
+        // juice-shop
+        // Lock files created with --legacy-peer-deps will have certain peer dependencies missing
+        // This flags any non-missing peers
+        if (DEBUG_MODE && edge?.type === "peer" && edge?.error !== "MISSING") {
+          console.log(
+            `Unable to determine the version for the dependency ${edge.name} from the path ${edge?.from?.path}. This is likely an edge case that is not handled.`,
+            edge,
+          );
+        }
         continue;
       }
       const depPurlString = decodeURIComponent(

diff --git a/types/lib/helpers/utils.d.ts.map b/types/lib/helpers/utils.d.ts.map