From ebde033ba87cfbfa1f94692ec89917a4aca617dc Mon Sep 17 00:00:00 2001 From: fraxken Date: Fri, 28 Nov 2025 12:41:23 +0100 Subject: [PATCH] refactor(scanner)!: implement name and version in rootDependency --- .changeset/tough-colts-taste.md | 5 +++++ workspaces/scanner/src/comparePayloads.ts | 10 +++++----- workspaces/scanner/src/depWalker.ts | 5 ++++- workspaces/scanner/src/types.ts | 5 ++++- workspaces/scanner/test/depWalker.spec.ts | 17 ++++++++++------- .../test/fixtures/extractors/express.json | 5 ++++- .../test/fixtures/extractors/strnum.json | 5 ++++- .../scannerPayloads/deeplyUpdatedPayload.json | 5 ++++- .../fixtures/scannerPayloads/nullAuthor.json | 5 ++++- .../scannerPayloads/otherRootDependency.json | 5 ++++- .../test/fixtures/scannerPayloads/payload.json | 5 ++++- .../fixtures/scannerPayloads/sameIdPayload.json | 5 ++++- .../scannerPayloads/scannerVersionChanged.json | 5 ++++- .../vulnerabilityStrategyChanged.json | 5 ++++- .../scannerPayloads/warningChangedPayload.json | 5 ++++- 15 files changed, 68 insertions(+), 24 deletions(-) create mode 100644 .changeset/tough-colts-taste.md diff --git a/.changeset/tough-colts-taste.md b/.changeset/tough-colts-taste.md new file mode 100644 index 00000000..b0ea7ca5 --- /dev/null +++ b/.changeset/tough-colts-taste.md @@ -0,0 +1,5 @@ +--- +"@nodesecure/scanner": major +--- + +Refactor payload rootDependency to include name and version diff --git a/workspaces/scanner/src/comparePayloads.ts b/workspaces/scanner/src/comparePayloads.ts index e41b3762..07fd1a56 100644 --- a/workspaces/scanner/src/comparePayloads.ts +++ b/workspaces/scanner/src/comparePayloads.ts @@ -94,17 +94,17 @@ export function comparePayloads( ); } - if (payload.rootDependencyName !== comparedPayload.rootDependencyName) { + if (payload.rootDependency.name !== comparedPayload.rootDependency.name) { throw new Error( - `You can't compare different package payloads '${payload.rootDependencyName}' and '${comparedPayload.rootDependencyName}'` + `You can't compare different package payloads '${payload.rootDependency.name}' and '${comparedPayload.rootDependency.name}'` ); } - const givenVersion = Object.keys(payload.dependencies[payload.rootDependencyName].versions)[0]; - const comparedVersion = Object.keys(comparedPayload.dependencies[comparedPayload.rootDependencyName].versions)[0]; + const givenVersion = payload.rootDependency.version; + const comparedVersion = comparedPayload.rootDependency.version; return { - title: `'${payload.rootDependencyName}@${givenVersion}' -> '${comparedPayload.rootDependencyName}@${comparedVersion}'`, + title: `'${payload.rootDependency.name}@${givenVersion}' -> '${comparedPayload.rootDependency.name}@${comparedVersion}'`, warnings: arrayDiff( payload.warnings, comparedPayload.warnings diff --git a/workspaces/scanner/src/depWalker.ts b/workspaces/scanner/src/depWalker.ts index 2cf08c77..a18027c9 100644 --- a/workspaces/scanner/src/depWalker.ts +++ b/workspaces/scanner/src/depWalker.ts @@ -113,7 +113,10 @@ export async function depWalker( const payload: Partial = { id: tempDir.id, - rootDependencyName: manifest.name ?? "workspace", + rootDependency: { + name: manifest.name ?? "workspace", + version: manifest.version ?? "0.0.0" + }, scannerVersion: packageVersion, vulnerabilityStrategy, warnings: [] diff --git a/workspaces/scanner/src/types.ts b/workspaces/scanner/src/types.ts index 27a36695..15986f5e 100644 --- a/workspaces/scanner/src/types.ts +++ b/workspaces/scanner/src/types.ts @@ -188,7 +188,10 @@ export interface Payload { /** Payload unique id */ id: string; /** Name of the analyzed package */ - rootDependencyName: string; + rootDependency: { + name: string; + version: string; + }; /** Global warnings list */ warnings: GlobalWarning[]; highlighted: { diff --git a/workspaces/scanner/test/depWalker.spec.ts b/workspaces/scanner/test/depWalker.spec.ts index bf3d47dc..df32a720 100644 --- a/workspaces/scanner/test/depWalker.spec.ts +++ b/workspaces/scanner/test/depWalker.spec.ts @@ -168,13 +168,13 @@ test("fetch payload of pacote on the npm registry", async() => { assert.deepEqual(Object.keys(result), [ "id", - "rootDependencyName", + "rootDependency", "scannerVersion", "vulnerabilityStrategy", "warnings", + "integrity", "highlighted", - "dependencies", - "integrity" + "dependencies" ]); assert.strictEqual(typeof result.integrity, "string"); }); @@ -188,13 +188,13 @@ test("fetch payload of pacote on the gitlab registry", async() => { assert.deepEqual(Object.keys(result), [ "id", - "rootDependencyName", + "rootDependency", "scannerVersion", "vulnerabilityStrategy", "warnings", + "integrity", "highlighted", - "dependencies", - "integrity" + "dependencies" ]); assert.strictEqual(typeof result.integrity, "string"); }); @@ -262,7 +262,10 @@ describe("scanner.cwd()", () => { path.join(kFixturePath, "workspace-no-name-version") ); - assert.strictEqual(result.rootDependencyName, "workspace"); + assert.deepStrictEqual(result.rootDependency, { + name: "workspace", + version: "0.0.0" + }); assert.strictEqual(result.integrity, null); }); }); diff --git a/workspaces/scanner/test/fixtures/extractors/express.json b/workspaces/scanner/test/fixtures/extractors/express.json index 11d5f0a7..c86a9f53 100644 --- a/workspaces/scanner/test/fixtures/extractors/express.json +++ b/workspaces/scanner/test/fixtures/extractors/express.json @@ -1,6 +1,9 @@ { "id": "XcwpAJ", - "rootDependencyName": "express", + "rootDependency": { + "name": "express", + "version": "4.21.2" + }, "scannerVersion": "6.1.0", "vulnerabilityStrategy": "none", "warnings": [ diff --git a/workspaces/scanner/test/fixtures/extractors/strnum.json b/workspaces/scanner/test/fixtures/extractors/strnum.json index 6f7e0a2b..29179d4c 100644 --- a/workspaces/scanner/test/fixtures/extractors/strnum.json +++ b/workspaces/scanner/test/fixtures/extractors/strnum.json @@ -1,6 +1,9 @@ { "id": "54mMPc", - "rootDependencyName": "strnum", + "rootDependency": { + "name": "strnum", + "version": "1.1.2" + }, "scannerVersion": "6.4.0", "vulnerabilityStrategy": "none", "warnings": [], diff --git a/workspaces/scanner/test/fixtures/scannerPayloads/deeplyUpdatedPayload.json b/workspaces/scanner/test/fixtures/scannerPayloads/deeplyUpdatedPayload.json index a596c76c..ed7aafd1 100644 --- a/workspaces/scanner/test/fixtures/scannerPayloads/deeplyUpdatedPayload.json +++ b/workspaces/scanner/test/fixtures/scannerPayloads/deeplyUpdatedPayload.json @@ -1,6 +1,9 @@ { "id": "hjnfnJ", - "rootDependencyName": "foo", + "rootDependency": { + "name": "foo", + "version": "2.0.0" + }, "warnings": [], "dependencies": { "foo": { diff --git a/workspaces/scanner/test/fixtures/scannerPayloads/nullAuthor.json b/workspaces/scanner/test/fixtures/scannerPayloads/nullAuthor.json index b6bac794..60ebe640 100644 --- a/workspaces/scanner/test/fixtures/scannerPayloads/nullAuthor.json +++ b/workspaces/scanner/test/fixtures/scannerPayloads/nullAuthor.json @@ -1,6 +1,9 @@ { "id": "YtK0Cx", - "rootDependencyName": "foo", + "rootDependency": { + "name": "foo", + "version": "2.0.0" + }, "warnings": [], "highlighted": {}, "vulnerabilityStrategy": "npm", diff --git a/workspaces/scanner/test/fixtures/scannerPayloads/otherRootDependency.json b/workspaces/scanner/test/fixtures/scannerPayloads/otherRootDependency.json index af69452f..df49b187 100644 --- a/workspaces/scanner/test/fixtures/scannerPayloads/otherRootDependency.json +++ b/workspaces/scanner/test/fixtures/scannerPayloads/otherRootDependency.json @@ -1,4 +1,7 @@ { "id": "hjnfnJ", - "rootDependencyName": "bar" + "rootDependency": { + "name": "bar", + "version": "0.0.0" + } } diff --git a/workspaces/scanner/test/fixtures/scannerPayloads/payload.json b/workspaces/scanner/test/fixtures/scannerPayloads/payload.json index b2b8fd88..58e025b2 100644 --- a/workspaces/scanner/test/fixtures/scannerPayloads/payload.json +++ b/workspaces/scanner/test/fixtures/scannerPayloads/payload.json @@ -1,6 +1,9 @@ { "id": "YuK0CL", - "rootDependencyName": "foo", + "rootDependency": { + "name": "foo", + "version": "2.0.0" + }, "warnings": [ { "type": "dangerous-dependency", diff --git a/workspaces/scanner/test/fixtures/scannerPayloads/sameIdPayload.json b/workspaces/scanner/test/fixtures/scannerPayloads/sameIdPayload.json index 3fa76cae..3b1ceec4 100644 --- a/workspaces/scanner/test/fixtures/scannerPayloads/sameIdPayload.json +++ b/workspaces/scanner/test/fixtures/scannerPayloads/sameIdPayload.json @@ -1,6 +1,9 @@ { "id": "YuK0CL", - "rootDependencyName": "foo", + "rootDependency": { + "name": "foo", + "version": "2.0.0" + }, "warnings": [], "highlighted": {}, "vulnerabilityStrategy": "npm", diff --git a/workspaces/scanner/test/fixtures/scannerPayloads/scannerVersionChanged.json b/workspaces/scanner/test/fixtures/scannerPayloads/scannerVersionChanged.json index eece813c..afaf48e1 100644 --- a/workspaces/scanner/test/fixtures/scannerPayloads/scannerVersionChanged.json +++ b/workspaces/scanner/test/fixtures/scannerPayloads/scannerVersionChanged.json @@ -1,6 +1,9 @@ { "id": "dhfnczisk", - "rootDependencyName": "foo", + "rootDependency": { + "name": "foo", + "version": "2.0.0" + }, "warnings": [], "highlighted": {}, "vulnerabilityStrategy": "npm", diff --git a/workspaces/scanner/test/fixtures/scannerPayloads/vulnerabilityStrategyChanged.json b/workspaces/scanner/test/fixtures/scannerPayloads/vulnerabilityStrategyChanged.json index 06af86fa..808db159 100644 --- a/workspaces/scanner/test/fixtures/scannerPayloads/vulnerabilityStrategyChanged.json +++ b/workspaces/scanner/test/fixtures/scannerPayloads/vulnerabilityStrategyChanged.json @@ -1,6 +1,9 @@ { "id": "dhfnczisk", - "rootDependencyName": "foo", + "rootDependency": { + "name": "foo", + "version": "2.0.0" + }, "warnings": [], "highlighted": {}, "vulnerabilityStrategy": "snyk", diff --git a/workspaces/scanner/test/fixtures/scannerPayloads/warningChangedPayload.json b/workspaces/scanner/test/fixtures/scannerPayloads/warningChangedPayload.json index 43d8de09..dae2cdf4 100644 --- a/workspaces/scanner/test/fixtures/scannerPayloads/warningChangedPayload.json +++ b/workspaces/scanner/test/fixtures/scannerPayloads/warningChangedPayload.json @@ -1,6 +1,9 @@ { "id": "hbefDHkf", - "rootDependencyName": "foo", + "rootDependency": { + "name": "foo", + "version": "2.0.0" + }, "warnings": [ { "type": "empty-package",