From c27ba72ea3d7271d824b516e5e48bf143f916eb0 Mon Sep 17 00:00:00 2001 From: Aryan Rajoria Date: Sun, 15 Sep 2024 00:13:26 +0530 Subject: [PATCH] update according to purl spec Signed-off-by: Aryan Rajoria --- utils.js | 127 ++++++++++++++++++++++++++++--------------------------- 1 file changed, 65 insertions(+), 62 deletions(-) diff --git a/utils.js b/utils.js index 8f19f4db6..56fa1b85f 100644 --- a/utils.js +++ b/utils.js @@ -1781,65 +1781,65 @@ export async function parsePnpmLock(pnpmLock, parentComponent = null) { try { // In lock file version 9, direct dependencies is under importers - const rootDirectDeps = - lockfileVersion >= 9 - ? yamlObj.importers["."]?.dependencies || {} - : yamlObj.dependencies || {}; - const rootDevDeps = - lockfileVersion >= 9 - ? yamlObj.importers["."]?.devDependencies || {} - : {}; - const rootOptionalDeps = - lockfileVersion >= 9 - ? yamlObj.importers["."]?.optionalDependencies || {} - : {}; - const ddeplist = []; - // Find the root optional dependencies - for (const rdk of Object.keys(rootDevDeps)) { - let version = getVersionNumPnpm(rootDevDeps[rdk]); - const dpurl = new PackageURL( - "npm", - "", - rdk, - version, - null, - null, - ).toString(); - possibleOptionalDeps[decodeURIComponent(dpurl)] = true; - } - for (const rdk of Object.keys(rootOptionalDeps)) { - let version = getVersionNumPnpm(rootOptionalDeps[rdk]); - const dpurl = new PackageURL( - "npm", - "", - rdk, - version, - null, - null, - ).toString(); - possibleOptionalDeps[decodeURIComponent(dpurl)] = true; - } - for (const dk of Object.keys(rootDirectDeps)) { - let version = getVersionNumPnpm(rootDirectDeps[dk]); - const dpurl = new PackageURL( - "npm", - "", - dk, - version, - null, - null, - ).toString(); - ddeplist.push(decodeURIComponent(dpurl)); - if (lockfileVersion >= 9) { - // These are direct dependencies so cannot be optional - possibleOptionalDeps[decodeURIComponent(dpurl)] = false; - } + const rootDirectDeps = + lockfileVersion >= 9 + ? yamlObj.importers["."]?.dependencies || {} + : yamlObj.dependencies || {}; + const rootDevDeps = + lockfileVersion >= 9 + ? yamlObj.importers["."]?.devDependencies || {} + : {}; + const rootOptionalDeps = + lockfileVersion >= 9 + ? yamlObj.importers["."]?.optionalDependencies || {} + : {}; + const ddeplist = []; + // Find the root optional dependencies + for (const rdk of Object.keys(rootDevDeps)) { + let version = getVersionNumPnpm(rootDevDeps[rdk]); + const dpurl = new PackageURL( + "npm", + "", + rdk, + version, + null, + null, + ).toString(); + possibleOptionalDeps[decodeURIComponent(dpurl)] = true; + } + for (const rdk of Object.keys(rootOptionalDeps)) { + let version = getVersionNumPnpm(rootOptionalDeps[rdk]); + const dpurl = new PackageURL( + "npm", + "", + rdk, + version, + null, + null, + ).toString(); + possibleOptionalDeps[decodeURIComponent(dpurl)] = true; + } + for (const dk of Object.keys(rootDirectDeps)) { + let version = getVersionNumPnpm(rootDirectDeps[dk]); + const dpurl = new PackageURL( + "npm", + "", + dk, + version, + null, + null, + ).toString(); + ddeplist.push(decodeURIComponent(dpurl)); + if (lockfileVersion >= 9) { + // These are direct dependencies so cannot be optional + possibleOptionalDeps[decodeURIComponent(dpurl)] = false; } + } - dependenciesList.push({ - ref: decodeURIComponent(ppurl), - dependsOn: ddeplist, - }); + dependenciesList.push({ + ref: decodeURIComponent(ppurl), + dependsOn: ddeplist, + }); // pnpm-lock.yaml contains more than root dependencies in importers // TODO: verify if this is a good way to check. @@ -1849,23 +1849,26 @@ export async function parsePnpmLock(pnpmLock, parentComponent = null) { const componentDeps = yamlObj['importers'][importedComponentName]['dependencies'] || {}; const componentDevDeps = yamlObj['importers'][importedComponentName]['devDependencies'] || {}; const optionalDeps = yamlObj['importers'][importedComponentName]['optionalDependencies'] || {}; - + let name = importedComponentName.split('/'); - name = name[name.length -1]; + let lastname = name[name.length -1]; + + let subpath = "name.filter(part => part !== '.' && part !== '..').join('/'); // if name is '.' continue loop - if (name == '.'){ + if (name == ""){ continue; } // TODO: verify as we had seen before with rush there can be ../name in pnpm-lock-yaml + // subpath not added here let compPurl = new PackageURL( "npm", parentComponent.group, - parentComponent.name + "/" + name, + parentComponent.name + "/" + lastname, parentComponent.version, null, - null, + subpath, ).toString(); // Find the component optional dependencies let comDepList = [];