Add basic npm overrides parsing to package.json

divizbansal · divizbansal · commit 7922295d4a1f · 2025-02-04T17:42:12.000+05:30
Signed-off-by: Diviz Bansal &lt;bansalkrrish36@gmail.com&gt;
diff --git a/src/packagedcode/npm.py b/src/packagedcode/npm.py
@@ -578,6 +578,10 @@ def _parse(cls, json_data, package_only=False):
             if value:
                 extra_data[extra_data_field] = value
 
+        overrides = json_data.get('overrides')
+        if overrides:
+            extra_data['overrides'] = overrides    
+
         package.extra_data = extra_data
 
         for source, func in field_mappers:
diff --git a/tests/packagedcode/data/npm/alias/package.json.expected b/tests/packagedcode/data/npm/alias/package.json.expected
@@ -64,8 +64,27 @@
       ],
       "engines": {
         "node": "20 || >=22"
-      }
-    },
+      },
+      "overrides": {
+        "braces@3": "^3.0.3",
+        "axios@1.0.0 - 1.5.1": "^1.7.2",
+        "netlify-cli": {
+          "braces": "^3.0.3",
+          "micromatch": "^4.0.7",
+          "chokidar": {
+            "braces": "^3.0.3"
+          },
+          "http-proxy-middleware": {
+            "micromatch": {
+              ".": "^4.0.7",
+              "braces": "^3.0.3"
+            }
+          }
+        },
+        "micromatch@4.0.5": "^4.0.7",
+        "tar@6.1.11": "6.2"
+      }      
+          },
     "dependencies": [
       {
         "purl": "pkg:npm/strip-ansi",
diff --git a/tests/packagedcode/data/npm/overrides_test/package.json b/tests/packagedcode/data/npm/overrides_test/package.json
@@ -0,0 +1,11 @@
+{
+    "name": "my-override-example",
+    "version": "1.0.0",
+    "overrides": {
+      "@npm/foo": "1.0.0",
+      "@npm/bar@2.0.0": {
+        "@npm/foo": "2.5.0"
+      }
+    }
+  }
+  
diff --git a/tests/packagedcode/test_npm.py b/tests/packagedcode/test_npm.py
@@ -543,6 +543,24 @@ def test_npm_scan_with_private_package_json_and_yarn_lock(self):
             expected_file, result_file, remove_uuid=True, regen=REGEN_TEST_FIXTURES
         )
 
+    def test_parse_npm_package_json_with_overrides(self):
+        # 1) Point to your test package.json that has an "overrides" field
+        test_file = self.get_test_loc('npm/overrides_test/package.json')
+    
+        # 2) Parse it using the NpmPackageJsonHandler
+        packages = npm.NpmPackageJsonHandler.parse(test_file)
+        packages = list(packages)  # Convert generator to list
+    
+        # 3) Sanity check: We should get exactly 1 package
+        assert len(packages) == 1
+        package = packages[0]
+    
+        # 4) Verify that "overrides" got captured in extra_data
+        assert 'overrides' in package.extra_data
+        assert package.extra_data['overrides'].get('@npm/foo') == '1.0.0'
+        # If you have nested overrides, check those too:
+        # e.g. assert package.extra_data['overrides']['@npm/bar@2.0.0']['@npm/foo'] == '2.5.0'
+
 
 test_data = [
     (['MIT'], 'mit'),
