Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: fix npm alias present in requires of dependencies #5703

Merged
merged 1 commit into from May 7, 2023
Merged

fix: fix npm alias present in requires of dependencies #5703

merged 1 commit into from May 7, 2023

Conversation

phoenix741
Copy link
Contributor

Hi,

In my project, i have a dependencies of a dependencies of a dependencies ... that have an alias :

└─┬ rimraf@5.0.0
  └─┬ glob@10.2.2
    └─┬ jackspeak@2.2.0
      └─┬ @isaacs/cliui@8.0.2
        └── string-width-cjs@npm:string-width@4.2.3

So in the the package-lock.json i have this in the dependencies section :

    "node_modules/@isaacs/cliui": {
      "version": "8.0.2",
      "resolved": "https://registry.npmjs.org/@isaacs/cliui/-/cliui-8.0.2.tgz",
      "integrity": "sha512-O8jcjabXaleOG9DQ0+ARXWZBTfnP4WNAqzuiJK7ll44AmxGKv/J2M4TPjxjY3znBCfvBXFzucm1twdyFybFqEA==",
      "dependencies": {
        "string-width": "^5.1.2",
        "string-width-cjs": "npm:string-width@^4.2.0",
        "strip-ansi": "^7.0.1",
        "strip-ansi-cjs": "npm:strip-ansi@^6.0.1",
        "wrap-ansi": "^8.1.0",
        "wrap-ansi-cjs": "npm:wrap-ansi@^7.0.0"
      },
      "engines": {
        "node": ">=12"
      }
    },

The call of the API with the payload return me that the dependencie tree is invalid

curl --location --request POST 'https://registry.npmjs.org/-/npm/v1/security/audits' --header 'Content-Type: application/json' --data '@/tmp/payload.json'
{"statusCode":400,"error":"Bad Request","message":"Invalid package tree, run  npm install  to rebuild your package-lock.json"}%

As alias (npm:*) is removed from requires of a npm project with the method NodePackageAnalyzer.shouldSkipDependency, the dependencies tree reference missing package.

My modifcation add a test to remove this alias too.

Fixes Issue

Maybe #3717

Description of Change

The change is to add in the requires section of the dependencies of dependencies the same filter that for other dependencies.

Have test cases been added to cover the new functionality?

no

@boring-cyborg boring-cyborg bot added the core changes to core label May 5, 2023
@phoenix741
fix: fix npm alias present in requires of dependencies
4510c8c 
Alias (npm:*) from requires of a npm project are removed with the method NodePackageAnalyzer.shouldSkipDependency but not from the dependencies of dependencies. This modification is used to update this.
@jeremylong jeremylong added this to the 8.3.0 milestone May 7, 2023
jeremylong
jeremylong approved these changes May 7, 2023
View reviewed changes
Copy link
Owner

@jeremylong jeremylong left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@jeremylong jeremylong merged commit fc84eed into jeremylong:main May 7, 2023
7 checks passed
@kybercryst4l kybercryst4l mentioned this pull request Jun 2, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jeremylong jeremylong jeremylong approved these changes

Assignees
No one assigned
Labels
core changes to core
Projects
None yet
Milestone
8.3.0
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@phoenix741 @jeremylong