Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

When we display package manifest and lock files, hyperlink to the upstream package repo web page #403

Open
pombredanne opened this issue Feb 24, 2022 · 16 comments
Open

When we display package manifest and lock files, hyperlink to the upstream package repo web page #403

pombredanne opened this issue Feb 24, 2022 · 16 comments
Labels
web-ui

Comments

@pombredanne
Copy link
Member

When we display a package manifest or lockfile in the resource details, we should have a way to add a hyperlink to the upstream repository web page for this repo: for instance when we browse a requirements.txt lockfile, if it contains: scancode-toolkit==30.0.1 we should recognize this and link to https://pypi.org/project/scancode-toolkit/30.1.0/

We can parse manifests alright and we can create URLs based on the ScanCode TK packagedcode classes.
@soma2000-lang
Copy link

soma2000-lang commented Mar 2, 2022
edited
Loading

@pombredanne can I work on this

@pombredanne
Copy link
Member Author

@soma2000-lang sure thing. If you do, I think starting with requirements.txt files would be great. Another easy one would be go.mod and go.sum

@soma2000-lang
Copy link

Ok

@the-illuminatus
Copy link

@pombredanne is this issue unresolved?. I would love to work on it in case it is before mentioned.

@pombredanne
Copy link
Member Author

@the-illuminatus I have not heard back from Soma and there has been no pending PRs... so go for it!
Note that you can likely reuse the URL templates and functions to get the proper URL that exist in scancode-toolkit packagedcode code. See https://github.com/nexB/scancode-toolkit/blob/fff140efd68dd0098f09ad1bc675569f1f1ad6ae/src/packagedcode/pypi.py#L1163

@the-illuminatus
Copy link

the-illuminatus commented Apr 10, 2022 via email

@pombredanne
Copy link
Member Author

A good example of a similar UI would be the hyperlinking in this https://gitlab.com/gitlab-org/security-products/analyzers/gemnasium/-/blob/master/Gemfile ... or https://gitlab.com/gitlab-org/security-products/analyzers/gemnasium-python/-/blob/v2/requirements.txt
In the SCIO UI, when we look a Codebase Resource content and that's a manifest file, we should get the URLs collected from SCTK or just use a few heuristics to hyperlink to the public package repo

@the-illuminatus
Copy link

the-illuminatus commented Jul 25, 2022 via email

@pombredanne
Copy link
Member Author

@the-illuminatus Thanks! note also that @lf32 was interested in fixing it.

@35C4n0r
Copy link

35C4n0r commented Aug 28, 2022

@pombredanne is this issue still open?

@lf32
Copy link

lf32 commented Aug 28, 2022
edited
Loading

Yes, It's open

@melencholicmice
Copy link

melencholicmice commented Jan 19, 2023
edited
Loading

@lf32 @pombredanne
is this issue still open? I would like to look into in.

@lf32
Copy link

lf32 commented Jan 27, 2023

Yes @melencholicmice, this is still in open.

@melencholicmice
Copy link

@pombredanne @lf32 Hello sir i had few doubts in this issue , i will be really thankful if you can help me in them

  • should i create a hyperlink to webpage in extracted_requirement section or should i make some new column in the table ?
  • I'm making a class for getting urls with different methods like get_pypi_url , get_npm_url etc , so in which section should this class go to maintain the code consistency of this project

@AyanSinhaMahapatra
Copy link
Member

should i create a hyperlink to webpage in extracted_requirement section or should i make some new column in the table ?

We have to make the hyperlink in resource view in scancode.io.

Let's assume we scan using this download URL: https://github.com/nexB/python-inspector/releases/download/v0.9.4/python-inspector-0.9.4.tar.gz and use the scan_codebase/scan_package pipeline. We will have a requirements.txt like this:

py-inspector-requirements

Here each requirement will be a hyperlink, i.e. attrs will link to the latest version of attrs -> https://pypi.org/project/attrs/
If this had a version constraint: like pip install attrs==22.2.0 we would then link to https://pypi.org/project/attrs/22.2.0/ instead.

I'm making a class for getting urls with different methods like get_pypi_url , get_npm_url etc , so in which section should this class go to maintain the code consistency of this project

The code could go in https://github.com/nexB/scancode.io/blob/main/scanpipe/pipes/resolve.py, but this can be discussed more in the PR review stage, first step would be to get something working first, maybe with a few supported type of manifests, then we can think more about generalizing and supporting more lockfiles/manifests.

@gopalM-3
Copy link

Greetings @pombredanne and @AyanSinhaMahapatra,

I have executed ScanCode.io locally and comprehended the issue along with the anticipated outcome, and I'd love to fix this. As this is my first endeavor in resolving an issue for a public project, I kindly request guidance on how to commence the process and identification of the particular file requiring code adjustments.

Thank you!

@tdruez tdruez removed good first issue Good for newcomers easy labels Mar 18, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
web-ui
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
9 participants
@tdruez @pombredanne @AyanSinhaMahapatra @soma2000-lang @35C4n0r @the-illuminatus @gopalM-3 @lf32 @melencholicmice