Skip to content

Fix handling of git-authenticated npm dependencies being misdetected as aliases #4754

Open
dikshaa2909 wants to merge 1 commit intoaboutcode-org:developfrom
dikshaa2909:fix-4753-git-auth-dep-name
Open

Fix handling of git-authenticated npm dependencies being misdetected as aliases #4754
dikshaa2909 wants to merge 1 commit intoaboutcode-org:developfrom
dikshaa2909:fix-4753-git-auth-dep-name

Conversation

@dikshaa2909
Copy link

@dikshaa2909 dikshaa2909 commented Feb 17, 2026

Fixes #4753

Summary

Fix incorrect alias detection for git-authenticated npm dependencies.

Dependencies like:

"private-lib": "git+ssh://git@github.com:org/repo.git#v1.0.0"

were incorrectly treated as alias dependencies because the logic only checked for ":" and "@" in the requirement string.

This change excludes git-based URLs (git+, git:, git@, ssh://, http://, https://) from alias detection.

Changes

  • Updated alias detection condition in:
    • BaseNpmHandler.update_dependencies_by_purl
    • deps_mapper
  • Added test to ensure declared dependency name is preserved.

Tasks

  • Reviewed contribution guidelines
  • PR is descriptively titled and links the original issue
  • Tests pass locally
  • Feature branch created from develop
  • Updated documentation (not applicable)
  • Updated CHANGELOG (if required by maintainers)

@dikshaa2909
Fix git-authenticated npm dependency alias detection (fixes aboutcode…
7446343 
…-org#4753)

Signed-off-by: dikshaa2909 <dikshadeware@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Authenticated Git dependency in package.json parsed as package "git" instead of declared dependency name

1 participant

@dikshaa2909

Comments