Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

npm-aliases: handle aliases for package-lock.json #1349

Merged
merged 1 commit into from
Nov 20, 2022
Merged

npm-aliases: handle aliases for package-lock.json #1349

merged 1 commit into from
Nov 20, 2022

Conversation

Mikcl
Copy link
Contributor

@Mikcl Mikcl commented Nov 18, 2022
edited by kzantow
Loading

Fixes #1314

This only addresses npm/package-lock.json aliases.
Addresses package-lock.json version 1-3.

the package.json that the package-lock.jsons examples were derived from:
https://gist.github.com/Mikcl/aef4d180f4275b66252dca32b6668375#file-package-json

Mikcl referenced this pull request Nov 18, 2022
@robcresswell
feat: Add support for npm lockfile version 3 (#1206)
9d8244b 
This PR adds support for npm lockfile version 3, which drops the
"dependencies" key and uses "packages" instead. I've refactored the
lockfile parser to make the distinction between the versions explicit
rather than the implicit behaviour before. It _might_ be worth splitting
into separate files at some point, but the logic is so minimal that I
haven't done it.

Fixes #1203
Signed-off-by: Rob Cresswell <robcresswell@users.noreply.github.com>
@Mikcl Mikcl mentioned this pull request Nov 18, 2022
Merged
kzantow
kzantow previously approved these changes Nov 19, 2022
View reviewed changes
Copy link
Contributor

@kzantow kzantow left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @Mikcl this looks great, and thanks for adding tests 👍

syft/pkg/cataloger/javascript/parse_package_lock.go Outdated Show resolved Hide resolved
@kzantow kzantow dismissed their stale review November 19, 2022 16:31

It looks like there are some checks failing in lint & tests

@kzantow
Copy link
Contributor

kzantow commented Nov 20, 2022
edited
Loading

Hi @Mikcl could you sign-off your commits? The easiest way would be to squash to one and just sign-off and force push that one, probably. https://github.com/anchore/syft/blob/main/CONTRIBUTING.md#sign-off-your-work

kzantow
kzantow approved these changes Nov 20, 2022
View reviewed changes
syft/pkg/cataloger/javascript/package.go Outdated Show resolved Hide resolved
@Mikcl
npm-aliases: handle aliases for package-lock.json
437e267 
Signed-off-by: mikcl <mikesmikes400@gmail.com>
@kzantow kzantow merged commit 04880c0 into anchore:main Nov 20, 2022
GijsCalis pushed a commit to GijsCalis/syft that referenced this pull request Feb 19, 2024
@Mikcl
feat(npm): handle aliases in package-lock.json (anchore#1349)
f52b8f7
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kzantow kzantow kzantow approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

syft fails to resolve npm package aliases
2 participants
@Mikcl @kzantow