Skip to content

Commit 4f49985

Browse files
AyanSinhaMahapatraAyanSinhaMahapatra
authored
Merge pull request #3751 from nexB/fix-yarn-lock-v1-parser
Fix yarn lock v1 parser to handle aliases better
2 parents 9994223 + 7d596f1 commit 4f49985

File tree

4 files changed

+1143
-2
lines changed

4 files changed

+1143
-2
lines changed

src/packagedcode/npm.py

Lines changed: 9 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,7 @@
1212
import logging
1313
import json
1414
import re
15+
import sys
1516
import urllib.parse
1617
from functools import partial
1718
from itertools import islice
@@ -35,8 +36,10 @@
3536

3637

3738
SCANCODE_DEBUG_PACKAGE = os.environ.get('SCANCODE_DEBUG_PACKAGE', False)
39+
SCANCODE_DEBUG_PACKAGE_NPM = os.environ.get('SCANCODE_DEBUG_PACKAGE_NPM', False)
3840

3941
TRACE = SCANCODE_DEBUG_PACKAGE
42+
TRACE_NPM = SCANCODE_DEBUG_PACKAGE_NPM
4043

4144

4245
def logger_debug(*args):
@@ -45,8 +48,7 @@ def logger_debug(*args):
4548

4649
logger = logging.getLogger(__name__)
4750

48-
if TRACE:
49-
import sys
51+
if TRACE or TRACE_NPM:
5052
logging.basicConfig(stream=sys.stdout)
5153
logger.setLevel(logging.DEBUG)
5254

@@ -643,11 +645,16 @@ def parse(cls, location, package_only=False):
643645
# <alias-package>@npm:<package>
644646
if "@npm:" in ns:
645647
ns = ns.split(':')[1]
648+
if "@npm:" in name:
649+
name = name.split(':')[1]
646650
top_requirements.append((ns, name, constraint,))
647651

648652
else:
649653
raise Exception('Inconsistent content')
650654

655+
if TRACE_NPM:
656+
logger_debug(f'YarnLockV1Handler: parse: top_requirements: {top_requirements}')
657+
651658
# top_requirements should be all for the same package
652659
ns_names = set([(ns, name) for ns, name, _constraint in top_requirements])
653660
assert len(ns_names) == 1, f'Different names for same dependency is not supported: {ns_names!r}'

tests/packagedcode/data/npm/yarn-lock/v1-complex2/yarn.lock

Lines changed: 109 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,109 @@
1+
# THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY.
2+
# yarn lockfile v1
3+
4+
5+
"@babel/core@^7.0.0", "@babel/core@^7.23.3", "@babel/core@^7.23.9":
6+
version "7.24.4"
7+
resolved "https://registry.yarnpkg.com/@babel/core/-/core-7.24.4.tgz#1f758428e88e0d8c563874741bc4ffc4f71a4717"
8+
integrity sha512-MBVlMXP+kkl5394RBLSxxk/iLTeVGuXTV3cIDXavPpMMqnSnt6apKgan/U8O3USWZCWZT/TbgfEpKa4uMgN4Dg==
9+
dependencies:
10+
"@babel/parser" "^7.24.4"
11+
"@babel/types" "^7.24.0"
12+
json5 "^2.2.3"
13+
semver "^6.3.1"
14+
15+
ansi-styles@^3.2.0, ansi-styles@^3.2.1:
16+
version "3.2.1"
17+
resolved "https://registry.yarnpkg.com/ansi-styles/-/ansi-styles-3.2.1.tgz#41fbb20243e50b12be0f04b8dedbf07520ce841d"
18+
integrity sha512-VT0ZI6kZRdTh8YyJw3SMbYm/u+NqfsAxEpWO0Pf9sq8/e94WxxOpPKx9FR1FlyCtOVDNOQ+8ntlqFxiRc+r5qA==
19+
dependencies:
20+
color-convert "^1.9.0"
21+
22+
change-case@^5.4.3, change-case@^5.4.4, "latest-change-case@npm:change-case@^5.4.3":
23+
version "5.4.4"
24+
resolved "https://registry.yarnpkg.com/change-case/-/change-case-5.4.4.tgz#0d52b507d8fb8f204343432381d1a6d7bff97a02"
25+
integrity sha512-HRQyTk2/YPEkt9TnUPbOpr64Uw3KOicFWPVBb+xiHvd6eBx/qPr9xqfBFDT8P2vWsvvz4jbEkfDe71W3VyNu2w==
26+
27+
esbuild@^0.19.3, "esbuild@npm:esbuild@~0.17.6 || ~0.18.0 || ~0.19.0", esbuild@~0.19.10:
28+
version "0.19.12"
29+
resolved "https://registry.yarnpkg.com/esbuild/-/esbuild-0.19.12.tgz#dc82ee5dc79e82f5a5c3b4323a2a641827db3e04"
30+
integrity sha512-aARqgq8roFBj054KvQr5f1sFu0D65G+miZRCuJyJ0G13Zwx7vRar5Zhn2tkQNzIXcBrNVsv/8stehpj+GAjgbg==
31+
optionalDependencies:
32+
"@esbuild/android-arm64" "0.19.12"
33+
"@esbuild/android-x64" "0.19.12"
34+
35+
"globby-legacy@npm:globby@^11.0.4", globby@^11.0.3, globby@^11.0.4, globby@^11.1.0:
36+
version "11.1.0"
37+
resolved "https://registry.yarnpkg.com/globby/-/globby-11.1.0.tgz#bd4be98bb042f83d796f7e3811991fbe82a0d34b"
38+
integrity sha512-jhIXaOzy1sb8IyocaruWSn1TjmnBVs8Ayhcy83rmxNJ8q2uWKCAj3CnJY+KpGSXCueAPc0i05kVvVKtP1t9S3g==
39+
dependencies:
40+
array-union "^2.1.0"
41+
dir-glob "^3.0.1"
42+
fast-glob "^3.2.9"
43+
ignore "^5.2.0"
44+
merge2 "^1.4.1"
45+
slash "^3.0.0"
46+
47+
globby@10.0.1:
48+
version "10.0.1"
49+
resolved "https://registry.yarnpkg.com/globby/-/globby-10.0.1.tgz#4782c34cb75dd683351335c5829cc3420e606b22"
50+
integrity sha512-sSs4inE1FB2YQiymcmTv6NWENryABjUNPeWhOvmn4SjtKybglsyPZxFB3U1/+L1bYi0rNZDqCLlHyLYDl1Pq5A==
51+
dependencies:
52+
"@types/glob" "^7.1.1"
53+
array-union "^2.1.0"
54+
dir-glob "^3.0.1"
55+
fast-glob "^3.0.3"
56+
glob "^7.1.3"
57+
ignore "^5.1.1"
58+
merge2 "^1.2.3"
59+
slash "^3.0.0"
60+
61+
"string-width-cjs@npm:string-width@^4.2.0", "string-width@^1.0.2 || 2 || 3 || 4", string-width@^4.1.0, string-width@^4.2.0, string-width@^4.2.3:
62+
version "4.2.3"
63+
resolved "https://registry.yarnpkg.com/string-width/-/string-width-4.2.3.tgz#269c7117d27b05ad2e536830a8ec895ef9c6d010"
64+
integrity sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g==
65+
dependencies:
66+
emoji-regex "^8.0.0"
67+
is-fullwidth-code-point "^3.0.0"
68+
strip-ansi "^6.0.1"
69+
70+
string-width@^3.0.0, string-width@^3.1.0:
71+
version "3.1.0"
72+
resolved "https://registry.yarnpkg.com/string-width/-/string-width-3.1.0.tgz#22767be21b62af1081574306f69ac51b62203961"
73+
integrity sha512-vafcv6KjVZKSgz06oM/H6GDBrAtz8vdhQakGjFIvNrHA6y3HCF1CInLy+QLq8dTJPQ1b+KDUqDFctkdRW44e1w==
74+
dependencies:
75+
emoji-regex "^7.0.1"
76+
is-fullwidth-code-point "^2.0.0"
77+
strip-ansi "^5.1.0"
78+
79+
"strip-ansi-cjs@npm:strip-ansi@^6.0.1", strip-ansi@^6.0.0, strip-ansi@^6.0.1:
80+
version "6.0.1"
81+
resolved "https://registry.yarnpkg.com/strip-ansi/-/strip-ansi-6.0.1.tgz#9e26c63d30f53443e9489495b2105d37b67a85d9"
82+
integrity sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==
83+
dependencies:
84+
ansi-regex "^5.0.1"
85+
86+
strip-ansi@^3.0.0, strip-ansi@^3.0.1:
87+
version "3.0.1"
88+
resolved "https://registry.yarnpkg.com/strip-ansi/-/strip-ansi-3.0.1.tgz#6a385fb8853d952d5ff05d0e8aaf94278dc63dcf"
89+
integrity sha512-VhumSSbBqDTP8p2ZLKj40UjBCV4+v8bUSEpUb4KjRgWk9pbqGF4REFj6KEagidb2f/M6AzC0EmFyDNGaw9OCzg==
90+
dependencies:
91+
ansi-regex "^2.0.0"
92+
93+
"wrap-ansi-cjs@npm:wrap-ansi@^7.0.0", wrap-ansi@^7.0.0:
94+
version "7.0.0"
95+
resolved "https://registry.yarnpkg.com/wrap-ansi/-/wrap-ansi-7.0.0.tgz#67e145cff510a6a6984bdf1152911d69d2eb9e43"
96+
integrity sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q==
97+
dependencies:
98+
ansi-styles "^4.0.0"
99+
string-width "^4.1.0"
100+
strip-ansi "^6.0.0"
101+
102+
wrap-ansi@^5.1.0:
103+
version "5.1.0"
104+
resolved "https://registry.yarnpkg.com/wrap-ansi/-/wrap-ansi-5.1.0.tgz#1fd1f67235d5b6d0fee781056001bfb694c03b09"
105+
integrity sha512-QC1/iN/2/RPVJ5jYK8BGttj5z83LmSKmvbvrXPNCLZSEb32KKVDJDl/MOt2N01qU2H/FkzEa9PKto1BqDjtd7Q==
106+
dependencies:
107+
ansi-styles "^3.2.0"
108+
string-width "^3.0.0"
109+
strip-ansi "^5.0.0"

0 commit comments

Comments
 (0)