Handle yarn package aliases better

AyanSinhaMahapatra · AyanSinhaMahapatra · commit 7d596f1483a7 · 2024-04-26T17:18:43.000+05:30
Reference: #3555 Signed-off-by: Ayan Sinha Mahapatra <ayansmahapatra@gmail.com>
diff --git a/src/packagedcode/npm.py b/src/packagedcode/npm.py
@@ -12,6 +12,7 @@
 import logging
 import json
 import re
+import sys
 import urllib.parse
 from functools import partial
 from itertools import islice
@@ -35,8 +36,10 @@
 
 
 SCANCODE_DEBUG_PACKAGE = os.environ.get('SCANCODE_DEBUG_PACKAGE', False)
+SCANCODE_DEBUG_PACKAGE_NPM = os.environ.get('SCANCODE_DEBUG_PACKAGE_NPM', False)
 
 TRACE = SCANCODE_DEBUG_PACKAGE
+TRACE_NPM = SCANCODE_DEBUG_PACKAGE_NPM
 
 
 def logger_debug(*args):
@@ -45,8 +48,7 @@ def logger_debug(*args):
 
 logger = logging.getLogger(__name__)
 
-if TRACE:
-    import sys
+if TRACE or TRACE_NPM:
     logging.basicConfig(stream=sys.stdout)
     logger.setLevel(logging.DEBUG)
 
@@ -643,11 +645,16 @@ def parse(cls, location, package_only=False):
                         # <alias-package>@npm:<package>
                         if "@npm:" in ns:
                             ns = ns.split(':')[1]
+                        if "@npm:" in name:
+                            name = name.split(':')[1]
                         top_requirements.append((ns, name, constraint,))
 
                 else:
                     raise Exception('Inconsistent content')
 
+            if TRACE_NPM:
+                logger_debug(f'YarnLockV1Handler: parse: top_requirements: {top_requirements}')
+
             # top_requirements should be all for the same package
             ns_names = set([(ns, name) for ns, name, _constraint in top_requirements])
             assert len(ns_names) == 1, f'Different names for same dependency is not supported: {ns_names!r}'
diff --git a/tests/packagedcode/data/npm/yarn-lock/v1-complex2/yarn.lock-expected b/tests/packagedcode/data/npm/yarn-lock/v1-complex2/yarn.lock-expected
@@ -191,7 +191,7 @@
       },
       {
         "purl": "pkg:npm/change-case@5.4.4",
-        "extracted_requirement": "^5.4.3 ^5.4.4",
+        "extracted_requirement": "^5.4.3 ^5.4.4 ^5.4.3",
         "scope": "dependencies",
         "is_runtime": true,
         "is_optional": false,
@@ -242,7 +242,7 @@
       },
       {
         "purl": "pkg:npm/esbuild@0.19.12",
-        "extracted_requirement": "^0.19.3 ~0.19.10",
+        "extracted_requirement": "^0.19.3 ~0.17.6 || ~0.18.0 || ~0.19.0 ~0.19.10",
         "scope": "dependencies",
         "is_runtime": true,
         "is_optional": false,
@@ -314,7 +314,7 @@
       },
       {
         "purl": "pkg:npm/globby@11.1.0",
-        "extracted_requirement": "^11.0.3 ^11.0.4 ^11.1.0",
+        "extracted_requirement": "^11.0.4 ^11.0.3 ^11.0.4 ^11.1.0",
         "scope": "dependencies",
         "is_runtime": true,
         "is_optional": false,
@@ -558,7 +558,7 @@
       },
       {
         "purl": "pkg:npm/string-width@4.2.3",
-        "extracted_requirement": "^1.0.2 || 2 || 3 || 4 ^4.1.0 ^4.2.0 ^4.2.3",
+        "extracted_requirement": "^4.2.0 ^1.0.2 || 2 || 3 || 4 ^4.1.0 ^4.2.0 ^4.2.3",
         "scope": "dependencies",
         "is_runtime": true,
         "is_optional": false,
@@ -722,7 +722,7 @@
       },
       {
         "purl": "pkg:npm/strip-ansi@6.0.1",
-        "extracted_requirement": "^6.0.0 ^6.0.1",
+        "extracted_requirement": "^6.0.1 ^6.0.0 ^6.0.1",
         "scope": "dependencies",
         "is_runtime": true,
         "is_optional": false,
@@ -846,7 +846,7 @@
       },
       {
         "purl": "pkg:npm/wrap-ansi@7.0.0",
-        "extracted_requirement": "^7.0.0",
+        "extracted_requirement": "^7.0.0 ^7.0.0",
         "scope": "dependencies",
         "is_runtime": true,
         "is_optional": false,
