Skip to content

Update BaseNpmLockHandler to handle latest pacakge-lock.json file#4749

Open
uttam282005 wants to merge 5 commits intoaboutcode-org:developfrom
uttam282005:upgrade-package-lock.json-parse
Open

Update BaseNpmLockHandler to handle latest pacakge-lock.json file#4749
uttam282005 wants to merge 5 commits intoaboutcode-org:developfrom
uttam282005:upgrade-package-lock.json-parse

Conversation

@uttam282005
Copy link
Contributor

@uttam282005 uttam282005 commented Feb 16, 2026
edited
Loading

Fixes #3493

from official npm docs for package-lock.json file (version: 11.10.0 latest)
docs

Dependency objects have the following fields-
version: a specifier that varies depending on the nature of the package, and is usable in fetching a new copy of it.
bundled dependencies: Regardless of source, this is a version number that is purely for informational purposes.
registry sources: This is a version number. (eg, 1.2.3)
git sources: This is a git specifier with resolved committish. (eg, git+https://example.com/foo/bar#115311855adb0789a0466714ed48a1499ffea97e)
http tarball sources: This is the URL of the tarball. (eg, https://example.com/example-1.3.0.tgz)
local tarball sources: This is the file URL of the tarball. (eg file:///opt/storage/example-1.3.0.tgz)
local link sources: This is the file URL of the link. (eg file:libs/our-module)

Tasks

  • Reviewed contribution guidelines
  • PR is descriptively titled 📑 and links the original issue above 🔗
  • Tests pass -- look for a green checkbox ✔️ a few minutes after opening your PR
    Run tests locally to check for errors.
  • Commits are in uniquely-named feature branch and has no merge conflicts 📁
  • Updated documentation pages (if applicable)
  • Updated CHANGELOG.rst (if applicable)

@uttam282005 uttam282005 reopened this Feb 16, 2026
@uttam282005 uttam282005 changed the title Update npm lock file parser to handle latest pacakge-lock.json file Update <code>BaseNpmLockHandler<code> to handle latest pacakge-lock.json file Feb 16, 2026
@uttam282005 uttam282005 changed the title Update <code>BaseNpmLockHandler<code> to handle latest pacakge-lock.json file Update BaseNpmLockHandler to handle latest pacakge-lock.json file Feb 16, 2026
@uttam282005
add helper functions for parsing npm version
fb413d7 
Signed-off-by: uttam282005 <uttam282005@gmail.com>
@uttam282005
add version and bundled info in extra_data
a4bf695 
Signed-off-by: uttam282005 <uttam282005@gmail.com>
@uttam282005
add tests
cdd76f1 
Signed-off-by: uttam282005 <uttam282005@gmail.com>
@uttam282005 uttam282005 force-pushed the upgrade-package-lock.json-parse branch from 013c4a0 to cdd76f1 Compare February 17, 2026 17:30
@uttam282005
temporarly rollback is_bundled support
e6f4419 
Signed-off-by: uttam282005 <uttam282005@gmail.com>
@uttam282005
regen test fixtures
d95ab5d 
Signed-off-by: uttam282005 <uttam282005@gmail.com>
@uttam282005 uttam282005 marked this pull request as ready for review February 17, 2026 20:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Ensure we can collect the latest package-lock.json including file indirections for versions

1 participant

@uttam282005

Comments