Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added optional dependency detection for npm lockfiles (version 2 and 3) #1030

Merged
merged 3 commits into from
Mar 13, 2024
Merged

Added optional dependency detection for npm lockfiles (version 2 and 3) #1030

merged 3 commits into from
Mar 13, 2024

Conversation

RushabhBhansali
Copy link
Contributor

@RushabhBhansali RushabhBhansali commented Mar 13, 2024
edited

Summary:

Currently optionalDependencies in npm lockfiles are not detected by NpmLockFile3Detector and NpmDetectorWithRoots. This is fixed by this PR.

Details

  • optionalDependencies are now registered same as the regular dependencies, "optional" status is not reflected in Detection.

Testing

  • added unit test for optional Dependencies detection.
  • Noticed that dev Dependency unit tests were missing, added those as well.
  • Locally verified that optional Dependencies are registered in the scan manifest.
  • Added verification test resources for lockfile 3

Related issue: #560

@RushabhBhansali RushabhBhansali requested a review from a team as a code owner March 13, 2024 17:18
@codecov Codecov
Copy link

codecov bot commented Mar 13, 2024
edited

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 75.4%. Comparing base (5be8728) to head (0b1727a).

Additional details and impacted files 
@@          Coverage Diff          @@
##            main   #1030   +/-   ##
=====================================
  Coverage   75.4%   75.4%           
=====================================
  Files        236     236           
  Lines      10408   10409    +1     
  Branches    1039    1040    +1     
=====================================
+ Hits        7851    7852    +1     
  Misses      2267    2267           
  Partials     290     290

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@RushabhBhansali
Copy link
Contributor Author

Verification test failures are expected due to addition of optional dependencies.

@github-actions GitHub Actions
Copy link

github-actions bot commented Mar 13, 2024
edited

👋 Hi! It looks like you modified some files in the Detectors folder.
You may need to bump the detector versions if any of the following scenarios apply:

  • The detector detects more or fewer components than before
  • The detector generates different parent/child graph relationships than before
  • The detector generates different devDependencies values than before

If none of the above scenarios apply, feel free to ignore this comment 🙂

@RushabhBhansali RushabhBhansali merged commit 0bbeeee into main Mar 13, 2024
21 of 24 checks passed
@RushabhBhansali RushabhBhansali deleted the users/rbhnsali/npm-optional-Dependency-detection branch March 13, 2024 21:55
@cobya cobya added type:feature Feature (new functionality) detector:npm The npm detector labels Mar 15, 2024
@cobya cobya mentioned this pull request May 15, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@grvillic grvillic grvillic approved these changes

@cobya cobya Awaiting requested review from cobya cobya is a code owner automatically assigned from microsoft/ose-component-detection-maintainers

Assignees
No one assigned
Labels
detector:npm The npm detector type:feature Feature (new functionality)
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@RushabhBhansali @grvillic @cobya