Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[npm] Track packages without integrity #795

Closed
prabhu opened this issue Dec 31, 2023 · 1 comment · Fixed by #796
Closed

[npm] Track packages without integrity #795

prabhu opened this issue Dec 31, 2023 · 1 comment · Fixed by #796
Labels
enhancement New feature or request

Comments

@prabhu
Copy link
Contributor

prabhu commented Dec 31, 2023

We might have packages without integrity in the lock file.


"adm-zip": {
  "version": "0.5.10"
},

Instead of

    "adm-zip": {
      "version": "0.5.10",
      "resolved": "https://registry.npmjs.org/adm-zip/-/adm-zip-0.5.10.tgz",
      "integrity": "sha512-x0HvcHqVJNTPk/Bw8JbLWlWoo6Wwnsug0fnYYro1HBrjxZ3G7/AZk7Ahv8JwDe1uIcz8eBqvu86FuF1POiG7vQ=="
    },

These are currently getting skipped due to

cdxgen/utils.js

Line 744 in fcdcced

if (!edgeToIntegrity) {

Let's track these as optional instead.
@prabhu prabhu added the enhancement New feature or request label Dec 31, 2023
@prabhu
Copy link
Contributor Author

prabhu commented Jan 2, 2024

Related npm bugs:

npm/cli#4263
npm/cli#6301

prabhu added a commit that referenced this issue Jan 2, 2024
@prabhu
Fixes #795. Also removes some obvious cycles while constructing depen…
e48c8a6 
…dency list

Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com>
@prabhu prabhu mentioned this issue Jan 2, 2024
Merged
prabhu added a commit that referenced this issue Jan 3, 2024
@prabhu
Fixes #795 (#796)
30a6d3d 
Fixes #795. Also removes some obvious cycles while constructing dependency list

Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com>
@prabhu prabhu mentioned this issue Mar 27, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fixes #795 CycloneDX/cdxgen
1 participant
@prabhu