From fb413d769249a235ca2e4abef36861392aecab20 Mon Sep 17 00:00:00 2001 From: uttam282005 Date: Sat, 14 Feb 2026 15:41:58 +0530 Subject: [PATCH 1/5] add helper functions for parsing npm version Signed-off-by: uttam282005 --- src/packagedcode/npm.py | 46 ++++++++++++++++++++++++++++++++++++++++- 1 file changed, 45 insertions(+), 1 deletion(-) diff --git a/src/packagedcode/npm.py b/src/packagedcode/npm.py index 7618e830c1..d386d20df6 100644 --- a/src/packagedcode/npm.py +++ b/src/packagedcode/npm.py @@ -715,7 +715,11 @@ def parse(cls, location, package_only=False): else: name = dep ns, _ , name = name.rpartition('/') - version = dep_data.get('version') + version_string = dep_data.get('version') + version_info = parse_npm_version(version_string) + version = get_version(version_info) + + extra_data = {} dep_purl = PackageURL( type=cls.default_package_type, @@ -1878,6 +1882,46 @@ def deps_mapper(deps, package, field_name, is_direct=True): return package +def parse_npm_version(version_string): + version_string = version_string.strip() + + if version_string.startswith("git+"): + type = 'git' + + elif version_string.startswith("https:", "http"): + type = 'remote-tarball' + + elif version_string.startswith("file:"): + type = 'local' + + elif re.match(r"^\d+\.\d+\.\d+", version_string): + type = "semver" + + else: + type = 'unknown' + + return {'type': type, 'url': version_string} + +def get_version(version_info): + type = version_info['type'] + version_string = version_info['url'] + + version = None + + if type == 'semver': + version = version_string + + elif type == 'remote-tarball': + version_match = re.search(r'[-_](\d+\.\d+\.\d+[^/]*)', version_string) + if version_match: + version = version_match.group(1) + version = re.sub(r'\.tgz$', '', version) + + elif type == 'git': + if '#' in version_string: + _, _, version = version_string.rpartition('#') + + return version person_parser = re.compile( r'^(?P[^\(<]+)' From a4bf695132434e3915d1370564814e652aac7b58 Mon Sep 17 00:00:00 2001 From: uttam282005 Date: Mon, 16 Feb 2026 14:32:36 +0530 Subject: [PATCH 2/5] add version and bundled info in extra_data Signed-off-by: uttam282005 --- src/packagedcode/npm.py | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/src/packagedcode/npm.py b/src/packagedcode/npm.py index d386d20df6..e0255f3706 100644 --- a/src/packagedcode/npm.py +++ b/src/packagedcode/npm.py @@ -690,6 +690,7 @@ def parse(cls, location, package_only=False): is_dev = dep_data.get('dev', False) is_optional = dep_data.get('optional', False) is_devoptional = dep_data.get('devOptional', False) + is_bundled = dep_data.get('bundled', False) if is_dev or is_devoptional: is_runtime = False is_optional = True @@ -717,9 +718,13 @@ def parse(cls, location, package_only=False): ns, _ , name = name.rpartition('/') version_string = dep_data.get('version') version_info = parse_npm_version(version_string) - version = get_version(version_info) - extra_data = {} + extra_data = { + 'version_type': version_info['type'], + 'url': version_info['url'] + } + + version = get_version(version_info) dep_purl = PackageURL( type=cls.default_package_type, @@ -736,6 +741,7 @@ def parse(cls, location, package_only=False): is_optional=is_optional, is_pinned=True, is_direct=False, + extra_data=extra_data if extra_data else None, ) # URLs and checksums From cdd76f1e33d84e48c2aa8e15895556a9c012bff1 Mon Sep 17 00:00:00 2001 From: uttam282005 Date: Tue, 17 Feb 2026 22:54:26 +0530 Subject: [PATCH 3/5] add tests Signed-off-by: uttam282005 --- src/packagedcode/npm.py | 10 +- .../package-lock-bundled/package-lock.json | 31 ++ .../package-lock.json-expected | 321 ++++++++++++ .../npm/package-lock-git/package-lock.json | 28 + .../package-lock.json-expected | 212 ++++++++ .../npm/package-lock-local/package-lock.json | 37 ++ .../package-lock.json-expected | 369 ++++++++++++++ .../package-lock-tarball/package-lock.json | 33 ++ .../package-lock.json-expected | 481 ++++++++++++++++++ tests/packagedcode/test_npm.py | 24 + 10 files changed, 1542 insertions(+), 4 deletions(-) create mode 100644 tests/packagedcode/data/npm/package-lock-bundled/package-lock.json create mode 100644 tests/packagedcode/data/npm/package-lock-bundled/package-lock.json-expected create mode 100644 tests/packagedcode/data/npm/package-lock-git/package-lock.json create mode 100644 tests/packagedcode/data/npm/package-lock-git/package-lock.json-expected create mode 100644 tests/packagedcode/data/npm/package-lock-local/package-lock.json create mode 100644 tests/packagedcode/data/npm/package-lock-local/package-lock.json-expected create mode 100644 tests/packagedcode/data/npm/package-lock-tarball/package-lock.json create mode 100644 tests/packagedcode/data/npm/package-lock-tarball/package-lock.json-expected diff --git a/src/packagedcode/npm.py b/src/packagedcode/npm.py index e0255f3706..512a62e774 100644 --- a/src/packagedcode/npm.py +++ b/src/packagedcode/npm.py @@ -720,9 +720,11 @@ def parse(cls, location, package_only=False): version_info = parse_npm_version(version_string) extra_data = { - 'version_type': version_info['type'], - 'url': version_info['url'] + 'is_bundled': is_bundled } + if version_info['type'] != "semver": + extra_data['version_type'] = version_info['type'], + extra_data['url'] = version_info['url'] version = get_version(version_info) @@ -741,7 +743,7 @@ def parse(cls, location, package_only=False): is_optional=is_optional, is_pinned=True, is_direct=False, - extra_data=extra_data if extra_data else None, + extra_data=extra_data ) # URLs and checksums @@ -1894,7 +1896,7 @@ def parse_npm_version(version_string): if version_string.startswith("git+"): type = 'git' - elif version_string.startswith("https:", "http"): + elif version_string.startswith("https:") or version_string.startswith("http:"): type = 'remote-tarball' elif version_string.startswith("file:"): diff --git a/tests/packagedcode/data/npm/package-lock-bundled/package-lock.json b/tests/packagedcode/data/npm/package-lock-bundled/package-lock.json new file mode 100644 index 0000000000..fa7b546e82 --- /dev/null +++ b/tests/packagedcode/data/npm/package-lock-bundled/package-lock.json @@ -0,0 +1,31 @@ +{ + "name": "purge-artifacts-action", + "version": "0.0.1", + "lockfileVersion": 1, + "requires": true, + "dependencies": { + "@actions/core": { + "version": "1.2.2", + "resolved": "https://registry.npmjs.org/@actions/core/-/core-1.2.2.tgz", + "integrity": "sha512-IbCx7oefq+Gi6FWbSs2Fnw8VkEI6Y4gvjrYprY3RV//ksq/KPMlClOerJ4jRosyal6zkUIc8R9fS/cpRMlGClg==" + }, + "abbrev": { + "version": "1.1.1", + "bundled": true, + "dev": true, + "optional": true + }, + "ansi-regex": { + "version": "2.1.1", + "bundled": true, + "dev": true, + "optional": true + }, + "aproba": { + "version": "1.2.0", + "bundled": true, + "dev": true, + "optional": true + } + } +} diff --git a/tests/packagedcode/data/npm/package-lock-bundled/package-lock.json-expected b/tests/packagedcode/data/npm/package-lock-bundled/package-lock.json-expected new file mode 100644 index 0000000000..2ecccc394a --- /dev/null +++ b/tests/packagedcode/data/npm/package-lock-bundled/package-lock.json-expected @@ -0,0 +1,321 @@ +[ + { + "type": "npm", + "namespace": "", + "name": "purge-artifacts-action", + "version": "0.0.1", + "qualifiers": {}, + "subpath": null, + "primary_language": "JavaScript", + "description": null, + "release_date": null, + "parties": [], + "keywords": [], + "homepage_url": null, + "download_url": null, + "size": null, + "sha1": null, + "md5": null, + "sha256": null, + "sha512": null, + "bug_tracking_url": null, + "code_view_url": null, + "vcs_url": null, + "copyright": null, + "holder": null, + "declared_license_expression": null, + "declared_license_expression_spdx": null, + "license_detections": [], + "other_license_expression": null, + "other_license_expression_spdx": null, + "other_license_detections": [], + "extracted_license_statement": null, + "notice_text": null, + "source_packages": [], + "file_references": [], + "is_private": false, + "is_virtual": false, + "extra_data": { + "lockfile_version": 1 + }, + "dependencies": [ + { + "purl": "pkg:npm/%40actions/core@1.2.2", + "extracted_requirement": "1.2.2", + "scope": "dependencies", + "is_runtime": true, + "is_optional": false, + "is_pinned": true, + "is_direct": false, + "resolved_package": { + "type": "npm", + "namespace": "@actions", + "name": "core", + "version": "1.2.2", + "qualifiers": {}, + "subpath": null, + "primary_language": "JavaScript", + "description": null, + "release_date": null, + "parties": [], + "keywords": [], + "homepage_url": null, + "download_url": "https://registry.npmjs.org/@actions/core/-/core-1.2.2.tgz", + "size": null, + "sha1": null, + "md5": null, + "sha256": null, + "sha512": "21b0b1ee879fabe1a2e8559b4acd859f0f1590423a63882f8eb629ad8dd157ffe4b2afca3cc94294e7ab2788d1a2cc9a97ace450873c47d7d2fdca5132518296", + "bug_tracking_url": null, + "code_view_url": null, + "vcs_url": null, + "copyright": null, + "holder": null, + "declared_license_expression": null, + "declared_license_expression_spdx": null, + "license_detections": [], + "other_license_expression": null, + "other_license_expression_spdx": null, + "other_license_detections": [], + "extracted_license_statement": null, + "notice_text": null, + "source_packages": [], + "file_references": [ + [ + { + "path": "@actions/core", + "size": 0, + "sha1": null, + "md5": null, + "sha256": null, + "sha512": null, + "extra_data": {} + } + ] + ], + "is_private": false, + "is_virtual": true, + "extra_data": {}, + "dependencies": [], + "repository_homepage_url": "https://www.npmjs.com/package/@actions/core", + "repository_download_url": "https://registry.npmjs.org/@actions/core/-/core-1.2.2.tgz", + "api_data_url": "https://registry.npmjs.org/@actions%2fcore/1.2.2", + "datasource_id": "npm_package_lock_json", + "purl": "pkg:npm/%40actions/core@1.2.2" + }, + "extra_data": { + "is_bundled": false + } + }, + { + "purl": "pkg:npm/abbrev@1.1.1", + "extracted_requirement": "1.1.1", + "scope": "devDependencies", + "is_runtime": false, + "is_optional": true, + "is_pinned": true, + "is_direct": false, + "resolved_package": { + "type": "npm", + "namespace": "", + "name": "abbrev", + "version": "1.1.1", + "qualifiers": {}, + "subpath": null, + "primary_language": "JavaScript", + "description": null, + "release_date": null, + "parties": [], + "keywords": [], + "homepage_url": null, + "download_url": null, + "size": null, + "sha1": null, + "md5": null, + "sha256": null, + "sha512": null, + "bug_tracking_url": null, + "code_view_url": null, + "vcs_url": null, + "copyright": null, + "holder": null, + "declared_license_expression": null, + "declared_license_expression_spdx": null, + "license_detections": [], + "other_license_expression": null, + "other_license_expression_spdx": null, + "other_license_detections": [], + "extracted_license_statement": null, + "notice_text": null, + "source_packages": [], + "file_references": [ + [ + { + "path": "abbrev", + "size": 0, + "sha1": null, + "md5": null, + "sha256": null, + "sha512": null, + "extra_data": {} + } + ] + ], + "is_private": false, + "is_virtual": true, + "extra_data": {}, + "dependencies": [], + "repository_homepage_url": "https://www.npmjs.com/package/abbrev", + "repository_download_url": "https://registry.npmjs.org/abbrev/-/abbrev-1.1.1.tgz", + "api_data_url": "https://registry.npmjs.org/abbrev/1.1.1", + "datasource_id": "npm_package_lock_json", + "purl": "pkg:npm/abbrev@1.1.1" + }, + "extra_data": { + "is_bundled": true + } + }, + { + "purl": "pkg:npm/ansi-regex@2.1.1", + "extracted_requirement": "2.1.1", + "scope": "devDependencies", + "is_runtime": false, + "is_optional": true, + "is_pinned": true, + "is_direct": false, + "resolved_package": { + "type": "npm", + "namespace": "", + "name": "ansi-regex", + "version": "2.1.1", + "qualifiers": {}, + "subpath": null, + "primary_language": "JavaScript", + "description": null, + "release_date": null, + "parties": [], + "keywords": [], + "homepage_url": null, + "download_url": null, + "size": null, + "sha1": null, + "md5": null, + "sha256": null, + "sha512": null, + "bug_tracking_url": null, + "code_view_url": null, + "vcs_url": null, + "copyright": null, + "holder": null, + "declared_license_expression": null, + "declared_license_expression_spdx": null, + "license_detections": [], + "other_license_expression": null, + "other_license_expression_spdx": null, + "other_license_detections": [], + "extracted_license_statement": null, + "notice_text": null, + "source_packages": [], + "file_references": [ + [ + { + "path": "ansi-regex", + "size": 0, + "sha1": null, + "md5": null, + "sha256": null, + "sha512": null, + "extra_data": {} + } + ] + ], + "is_private": false, + "is_virtual": true, + "extra_data": {}, + "dependencies": [], + "repository_homepage_url": "https://www.npmjs.com/package/ansi-regex", + "repository_download_url": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-2.1.1.tgz", + "api_data_url": "https://registry.npmjs.org/ansi-regex/2.1.1", + "datasource_id": "npm_package_lock_json", + "purl": "pkg:npm/ansi-regex@2.1.1" + }, + "extra_data": { + "is_bundled": true + } + }, + { + "purl": "pkg:npm/aproba@1.2.0", + "extracted_requirement": "1.2.0", + "scope": "devDependencies", + "is_runtime": false, + "is_optional": true, + "is_pinned": true, + "is_direct": false, + "resolved_package": { + "type": "npm", + "namespace": "", + "name": "aproba", + "version": "1.2.0", + "qualifiers": {}, + "subpath": null, + "primary_language": "JavaScript", + "description": null, + "release_date": null, + "parties": [], + "keywords": [], + "homepage_url": null, + "download_url": null, + "size": null, + "sha1": null, + "md5": null, + "sha256": null, + "sha512": null, + "bug_tracking_url": null, + "code_view_url": null, + "vcs_url": null, + "copyright": null, + "holder": null, + "declared_license_expression": null, + "declared_license_expression_spdx": null, + "license_detections": [], + "other_license_expression": null, + "other_license_expression_spdx": null, + "other_license_detections": [], + "extracted_license_statement": null, + "notice_text": null, + "source_packages": [], + "file_references": [ + [ + { + "path": "aproba", + "size": 0, + "sha1": null, + "md5": null, + "sha256": null, + "sha512": null, + "extra_data": {} + } + ] + ], + "is_private": false, + "is_virtual": true, + "extra_data": {}, + "dependencies": [], + "repository_homepage_url": "https://www.npmjs.com/package/aproba", + "repository_download_url": "https://registry.npmjs.org/aproba/-/aproba-1.2.0.tgz", + "api_data_url": "https://registry.npmjs.org/aproba/1.2.0", + "datasource_id": "npm_package_lock_json", + "purl": "pkg:npm/aproba@1.2.0" + }, + "extra_data": { + "is_bundled": true + } + } + ], + "repository_homepage_url": "https://www.npmjs.com/package/purge-artifacts-action", + "repository_download_url": "https://registry.npmjs.org/purge-artifacts-action/-/purge-artifacts-action-0.0.1.tgz", + "api_data_url": "https://registry.npmjs.org/purge-artifacts-action/0.0.1", + "datasource_id": "npm_package_lock_json", + "purl": "pkg:npm/purge-artifacts-action@0.0.1" + } +] \ No newline at end of file diff --git a/tests/packagedcode/data/npm/package-lock-git/package-lock.json b/tests/packagedcode/data/npm/package-lock-git/package-lock.json new file mode 100644 index 0000000000..c985000d3d --- /dev/null +++ b/tests/packagedcode/data/npm/package-lock-git/package-lock.json @@ -0,0 +1,28 @@ +{ + "name": "megak", + "version": "1.0.0", + "lockfileVersion": 1, + "requires": true, + "dependencies": { + "": { + "name": "megak", + "version": "1.0.0", + "license": "ISC", + "devDependencies": { + "nodemon": "^2.0.9", + "ts-node-dev": "^1.1.8" + } + }, + "slp-unit-test-data": { + "version": "git+https://github.com/simpleledger/slp-unit-test-data.git#22d9c5c95c3f1e1fb75958a82a211f4e99dcb9f1", + "from": "git+https://github.com/simpleledger/slp-unit-test-data.git", + "dev": true + }, + "yn": { + "version": "3.1.1", + "resolved": "https://registry.npmjs.org/yn/-/yn-3.1.1.tgz", + "integrity": "sha512-Ux4ygGWsu2c7isFWe8Yu1YluJmqVhxqK2cLXNQA5AcC3QfbGNpM7fu0Y8b/z16pXLnFxZYvWhd3fhBY9DLmC6Q==", + "dev": true + } + } +} diff --git a/tests/packagedcode/data/npm/package-lock-git/package-lock.json-expected b/tests/packagedcode/data/npm/package-lock-git/package-lock.json-expected new file mode 100644 index 0000000000..f3fe48c1d0 --- /dev/null +++ b/tests/packagedcode/data/npm/package-lock-git/package-lock.json-expected @@ -0,0 +1,212 @@ +[ + { + "type": "npm", + "namespace": "", + "name": "megak", + "version": "1.0.0", + "qualifiers": {}, + "subpath": null, + "primary_language": "JavaScript", + "description": null, + "release_date": null, + "parties": [], + "keywords": [], + "homepage_url": null, + "download_url": null, + "size": null, + "sha1": null, + "md5": null, + "sha256": null, + "sha512": null, + "bug_tracking_url": null, + "code_view_url": null, + "vcs_url": null, + "copyright": null, + "holder": null, + "declared_license_expression": "isc", + "declared_license_expression_spdx": "ISC", + "license_detections": [ + { + "license_expression": "isc", + "license_expression_spdx": "ISC", + "matches": [ + { + "license_expression": "isc", + "license_expression_spdx": "ISC", + "from_file": null, + "start_line": 1, + "end_line": 1, + "matcher": "1-spdx-id", + "score": 100.0, + "matched_length": 1, + "match_coverage": 100.0, + "rule_relevance": 100, + "rule_identifier": "spdx-license-identifier-isc-9931cb7ad33c2eb18f322c94660b670a84186baa", + "rule_url": null, + "matched_text": "ISC" + } + ], + "identifier": "isc-6c4320cc-eb5b-3792-8c56-b8565fff1119" + } + ], + "other_license_expression": null, + "other_license_expression_spdx": null, + "other_license_detections": [], + "extracted_license_statement": "ISC", + "notice_text": null, + "source_packages": [], + "file_references": [], + "is_private": false, + "is_virtual": false, + "extra_data": { + "lockfile_version": 1 + }, + "dependencies": [ + { + "purl": "pkg:npm/slp-unit-test-data@22d9c5c95c3f1e1fb75958a82a211f4e99dcb9f1", + "extracted_requirement": "22d9c5c95c3f1e1fb75958a82a211f4e99dcb9f1", + "scope": "devDependencies", + "is_runtime": false, + "is_optional": true, + "is_pinned": true, + "is_direct": false, + "resolved_package": { + "type": "npm", + "namespace": "", + "name": "slp-unit-test-data", + "version": "22d9c5c95c3f1e1fb75958a82a211f4e99dcb9f1", + "qualifiers": {}, + "subpath": null, + "primary_language": "JavaScript", + "description": null, + "release_date": null, + "parties": [], + "keywords": [], + "homepage_url": null, + "download_url": null, + "size": null, + "sha1": null, + "md5": null, + "sha256": null, + "sha512": null, + "bug_tracking_url": null, + "code_view_url": null, + "vcs_url": null, + "copyright": null, + "holder": null, + "declared_license_expression": null, + "declared_license_expression_spdx": null, + "license_detections": [], + "other_license_expression": null, + "other_license_expression_spdx": null, + "other_license_detections": [], + "extracted_license_statement": null, + "notice_text": null, + "source_packages": [], + "file_references": [ + [ + { + "path": "slp-unit-test-data", + "size": 0, + "sha1": null, + "md5": null, + "sha256": null, + "sha512": null, + "extra_data": {} + } + ] + ], + "is_private": false, + "is_virtual": true, + "extra_data": {}, + "dependencies": [], + "repository_homepage_url": "https://www.npmjs.com/package/slp-unit-test-data", + "repository_download_url": "https://registry.npmjs.org/slp-unit-test-data/-/slp-unit-test-data-22d9c5c95c3f1e1fb75958a82a211f4e99dcb9f1.tgz", + "api_data_url": "https://registry.npmjs.org/slp-unit-test-data/22d9c5c95c3f1e1fb75958a82a211f4e99dcb9f1", + "datasource_id": "npm_package_lock_json", + "purl": "pkg:npm/slp-unit-test-data@22d9c5c95c3f1e1fb75958a82a211f4e99dcb9f1" + }, + "extra_data": { + "is_bundled": false, + "version_type": [ + "git" + ], + "url": "git+https://github.com/simpleledger/slp-unit-test-data.git#22d9c5c95c3f1e1fb75958a82a211f4e99dcb9f1" + } + }, + { + "purl": "pkg:npm/yn@3.1.1", + "extracted_requirement": "3.1.1", + "scope": "devDependencies", + "is_runtime": false, + "is_optional": true, + "is_pinned": true, + "is_direct": false, + "resolved_package": { + "type": "npm", + "namespace": "", + "name": "yn", + "version": "3.1.1", + "qualifiers": {}, + "subpath": null, + "primary_language": "JavaScript", + "description": null, + "release_date": null, + "parties": [], + "keywords": [], + "homepage_url": null, + "download_url": "https://registry.npmjs.org/yn/-/yn-3.1.1.tgz", + "size": null, + "sha1": null, + "md5": null, + "sha256": null, + "sha512": "531e328065acbb673b8ac1567bc62ed5896e266a95871a8ad9c2d735003901c0b741f6c636933b7eed18f1bff3d7aa572e7171658bd685dddf84163d0cb982e9", + "bug_tracking_url": null, + "code_view_url": null, + "vcs_url": null, + "copyright": null, + "holder": null, + "declared_license_expression": null, + "declared_license_expression_spdx": null, + "license_detections": [], + "other_license_expression": null, + "other_license_expression_spdx": null, + "other_license_detections": [], + "extracted_license_statement": null, + "notice_text": null, + "source_packages": [], + "file_references": [ + [ + { + "path": "yn", + "size": 0, + "sha1": null, + "md5": null, + "sha256": null, + "sha512": null, + "extra_data": {} + } + ] + ], + "is_private": false, + "is_virtual": true, + "extra_data": {}, + "dependencies": [], + "repository_homepage_url": "https://www.npmjs.com/package/yn", + "repository_download_url": "https://registry.npmjs.org/yn/-/yn-3.1.1.tgz", + "api_data_url": "https://registry.npmjs.org/yn/3.1.1", + "datasource_id": "npm_package_lock_json", + "purl": "pkg:npm/yn@3.1.1" + }, + "extra_data": { + "is_bundled": false + } + } + ], + "repository_homepage_url": "https://www.npmjs.com/package/megak", + "repository_download_url": "https://registry.npmjs.org/megak/-/megak-1.0.0.tgz", + "api_data_url": "https://registry.npmjs.org/megak/1.0.0", + "datasource_id": "npm_package_lock_json", + "purl": "pkg:npm/megak@1.0.0" + } +] \ No newline at end of file diff --git a/tests/packagedcode/data/npm/package-lock-local/package-lock.json b/tests/packagedcode/data/npm/package-lock-local/package-lock.json new file mode 100644 index 0000000000..081bf353ba --- /dev/null +++ b/tests/packagedcode/data/npm/package-lock-local/package-lock.json @@ -0,0 +1,37 @@ +{ + "name": "babel-runtime", + "version": "6.23.0", + "lockfileVersion": 1, + "requires": true, + "dependencies": { + "@frontity/flat-theme": { + "version": "file:packages/flat-theme", + "requires": { + "@frontity/components": "^1.3.0", + "@frontity/html2react": "^1.3.0", + "frontity": "^1.5.2", + "react-spinners": "^0.5.4", + "react-spring": "8.0.27" + } + }, + "babel-template": { + "version": "6.25.0", + "resolved": "https://registry.npmjs.org/babel-template/-/babel-template-6.25.0.tgz", + "integrity": "sha1-ZlJBFmt8KqTGGdceGSlpVSsQwHE=", + "dev": true, + "requires": { + "babel-runtime": "6.25.0", + "babel-traverse": "6.25.0", + "babel-types": "6.25.0", + "babylon": "6.18.0", + "lodash": "4.17.4" + } + }, + "to-fast-properties": { + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/to-fast-properties/-/to-fast-properties-1.0.3.tgz", + "integrity": "sha1-uDVx+k2MJbguIxsG46MFXeTKGkc=", + "dev": true + } + } +} diff --git a/tests/packagedcode/data/npm/package-lock-local/package-lock.json-expected b/tests/packagedcode/data/npm/package-lock-local/package-lock.json-expected new file mode 100644 index 0000000000..a5c43399af --- /dev/null +++ b/tests/packagedcode/data/npm/package-lock-local/package-lock.json-expected @@ -0,0 +1,369 @@ +[ + { + "type": "npm", + "namespace": "", + "name": "babel-runtime", + "version": "6.23.0", + "qualifiers": {}, + "subpath": null, + "primary_language": "JavaScript", + "description": null, + "release_date": null, + "parties": [], + "keywords": [], + "homepage_url": null, + "download_url": null, + "size": null, + "sha1": null, + "md5": null, + "sha256": null, + "sha512": null, + "bug_tracking_url": null, + "code_view_url": null, + "vcs_url": null, + "copyright": null, + "holder": null, + "declared_license_expression": null, + "declared_license_expression_spdx": null, + "license_detections": [], + "other_license_expression": null, + "other_license_expression_spdx": null, + "other_license_detections": [], + "extracted_license_statement": null, + "notice_text": null, + "source_packages": [], + "file_references": [], + "is_private": false, + "is_virtual": false, + "extra_data": { + "lockfile_version": 1 + }, + "dependencies": [ + { + "purl": "pkg:npm/%40frontity/flat-theme", + "extracted_requirement": null, + "scope": "dependencies", + "is_runtime": true, + "is_optional": false, + "is_pinned": true, + "is_direct": false, + "resolved_package": { + "type": "npm", + "namespace": "@frontity", + "name": "flat-theme", + "version": null, + "qualifiers": {}, + "subpath": null, + "primary_language": "JavaScript", + "description": null, + "release_date": null, + "parties": [], + "keywords": [], + "homepage_url": null, + "download_url": null, + "size": null, + "sha1": null, + "md5": null, + "sha256": null, + "sha512": null, + "bug_tracking_url": null, + "code_view_url": null, + "vcs_url": null, + "copyright": null, + "holder": null, + "declared_license_expression": null, + "declared_license_expression_spdx": null, + "license_detections": [], + "other_license_expression": null, + "other_license_expression_spdx": null, + "other_license_detections": [], + "extracted_license_statement": null, + "notice_text": null, + "source_packages": [], + "file_references": [ + [ + { + "path": "@frontity/flat-theme", + "size": 0, + "sha1": null, + "md5": null, + "sha256": null, + "sha512": null, + "extra_data": {} + } + ] + ], + "is_private": false, + "is_virtual": true, + "extra_data": {}, + "dependencies": [ + { + "purl": "pkg:npm/%40frontity/components", + "extracted_requirement": "^1.3.0", + "scope": "dependencies", + "is_runtime": true, + "is_optional": false, + "is_pinned": false, + "is_direct": true, + "resolved_package": {}, + "extra_data": {} + }, + { + "purl": "pkg:npm/%40frontity/html2react", + "extracted_requirement": "^1.3.0", + "scope": "dependencies", + "is_runtime": true, + "is_optional": false, + "is_pinned": false, + "is_direct": true, + "resolved_package": {}, + "extra_data": {} + }, + { + "purl": "pkg:npm/frontity", + "extracted_requirement": "^1.5.2", + "scope": "dependencies", + "is_runtime": true, + "is_optional": false, + "is_pinned": false, + "is_direct": true, + "resolved_package": {}, + "extra_data": {} + }, + { + "purl": "pkg:npm/react-spinners", + "extracted_requirement": "^0.5.4", + "scope": "dependencies", + "is_runtime": true, + "is_optional": false, + "is_pinned": false, + "is_direct": true, + "resolved_package": {}, + "extra_data": {} + }, + { + "purl": "pkg:npm/react-spring", + "extracted_requirement": "8.0.27", + "scope": "dependencies", + "is_runtime": true, + "is_optional": false, + "is_pinned": false, + "is_direct": true, + "resolved_package": {}, + "extra_data": {} + } + ], + "repository_homepage_url": "https://www.npmjs.com/package/@frontity/flat-theme", + "repository_download_url": null, + "api_data_url": "https://registry.npmjs.org/@frontity%2fflat-theme", + "datasource_id": "npm_package_lock_json", + "purl": "pkg:npm/%40frontity/flat-theme" + }, + "extra_data": { + "is_bundled": false, + "version_type": [ + "local" + ], + "url": "file:packages/flat-theme" + } + }, + { + "purl": "pkg:npm/babel-template@6.25.0", + "extracted_requirement": "6.25.0", + "scope": "devDependencies", + "is_runtime": false, + "is_optional": true, + "is_pinned": true, + "is_direct": false, + "resolved_package": { + "type": "npm", + "namespace": "", + "name": "babel-template", + "version": "6.25.0", + "qualifiers": {}, + "subpath": null, + "primary_language": "JavaScript", + "description": null, + "release_date": null, + "parties": [], + "keywords": [], + "homepage_url": null, + "download_url": "https://registry.npmjs.org/babel-template/-/babel-template-6.25.0.tgz", + "size": null, + "sha1": "665241166b7c2aa4c619d71e192969552b10c071", + "md5": null, + "sha256": null, + "sha512": null, + "bug_tracking_url": null, + "code_view_url": null, + "vcs_url": null, + "copyright": null, + "holder": null, + "declared_license_expression": null, + "declared_license_expression_spdx": null, + "license_detections": [], + "other_license_expression": null, + "other_license_expression_spdx": null, + "other_license_detections": [], + "extracted_license_statement": null, + "notice_text": null, + "source_packages": [], + "file_references": [ + [ + { + "path": "babel-template", + "size": 0, + "sha1": null, + "md5": null, + "sha256": null, + "sha512": null, + "extra_data": {} + } + ] + ], + "is_private": false, + "is_virtual": true, + "extra_data": {}, + "dependencies": [ + { + "purl": "pkg:npm/babel-runtime", + "extracted_requirement": "6.25.0", + "scope": "devDependencies", + "is_runtime": false, + "is_optional": true, + "is_pinned": false, + "is_direct": true, + "resolved_package": {}, + "extra_data": {} + }, + { + "purl": "pkg:npm/babel-traverse", + "extracted_requirement": "6.25.0", + "scope": "devDependencies", + "is_runtime": false, + "is_optional": true, + "is_pinned": false, + "is_direct": true, + "resolved_package": {}, + "extra_data": {} + }, + { + "purl": "pkg:npm/babel-types", + "extracted_requirement": "6.25.0", + "scope": "devDependencies", + "is_runtime": false, + "is_optional": true, + "is_pinned": false, + "is_direct": true, + "resolved_package": {}, + "extra_data": {} + }, + { + "purl": "pkg:npm/babylon", + "extracted_requirement": "6.18.0", + "scope": "devDependencies", + "is_runtime": false, + "is_optional": true, + "is_pinned": false, + "is_direct": true, + "resolved_package": {}, + "extra_data": {} + }, + { + "purl": "pkg:npm/lodash", + "extracted_requirement": "4.17.4", + "scope": "devDependencies", + "is_runtime": false, + "is_optional": true, + "is_pinned": false, + "is_direct": true, + "resolved_package": {}, + "extra_data": {} + } + ], + "repository_homepage_url": "https://www.npmjs.com/package/babel-template", + "repository_download_url": "https://registry.npmjs.org/babel-template/-/babel-template-6.25.0.tgz", + "api_data_url": "https://registry.npmjs.org/babel-template/6.25.0", + "datasource_id": "npm_package_lock_json", + "purl": "pkg:npm/babel-template@6.25.0" + }, + "extra_data": { + "is_bundled": false + } + }, + { + "purl": "pkg:npm/to-fast-properties@1.0.3", + "extracted_requirement": "1.0.3", + "scope": "devDependencies", + "is_runtime": false, + "is_optional": true, + "is_pinned": true, + "is_direct": false, + "resolved_package": { + "type": "npm", + "namespace": "", + "name": "to-fast-properties", + "version": "1.0.3", + "qualifiers": {}, + "subpath": null, + "primary_language": "JavaScript", + "description": null, + "release_date": null, + "parties": [], + "keywords": [], + "homepage_url": null, + "download_url": "https://registry.npmjs.org/to-fast-properties/-/to-fast-properties-1.0.3.tgz", + "size": null, + "sha1": "b83571fa4d8c25b82e231b06e3a3055de4ca1a47", + "md5": null, + "sha256": null, + "sha512": null, + "bug_tracking_url": null, + "code_view_url": null, + "vcs_url": null, + "copyright": null, + "holder": null, + "declared_license_expression": null, + "declared_license_expression_spdx": null, + "license_detections": [], + "other_license_expression": null, + "other_license_expression_spdx": null, + "other_license_detections": [], + "extracted_license_statement": null, + "notice_text": null, + "source_packages": [], + "file_references": [ + [ + { + "path": "to-fast-properties", + "size": 0, + "sha1": null, + "md5": null, + "sha256": null, + "sha512": null, + "extra_data": {} + } + ] + ], + "is_private": false, + "is_virtual": true, + "extra_data": {}, + "dependencies": [], + "repository_homepage_url": "https://www.npmjs.com/package/to-fast-properties", + "repository_download_url": "https://registry.npmjs.org/to-fast-properties/-/to-fast-properties-1.0.3.tgz", + "api_data_url": "https://registry.npmjs.org/to-fast-properties/1.0.3", + "datasource_id": "npm_package_lock_json", + "purl": "pkg:npm/to-fast-properties@1.0.3" + }, + "extra_data": { + "is_bundled": false + } + } + ], + "repository_homepage_url": "https://www.npmjs.com/package/babel-runtime", + "repository_download_url": "https://registry.npmjs.org/babel-runtime/-/babel-runtime-6.23.0.tgz", + "api_data_url": "https://registry.npmjs.org/babel-runtime/6.23.0", + "datasource_id": "npm_package_lock_json", + "purl": "pkg:npm/babel-runtime@6.23.0" + } +] \ No newline at end of file diff --git a/tests/packagedcode/data/npm/package-lock-tarball/package-lock.json b/tests/packagedcode/data/npm/package-lock-tarball/package-lock.json new file mode 100644 index 0000000000..1149d2d2dd --- /dev/null +++ b/tests/packagedcode/data/npm/package-lock-tarball/package-lock.json @@ -0,0 +1,33 @@ +{ + "name": "SaaS_IHRM_Vue", + "version": "1.0.0", + "lockfileVersion": 1, + "requires": true, + "dependencies": { + "abbrev": { + "version": "https://registry.npmjs.org/abbrev/-/abbrev-1.1.0.tgz", + "integrity": "sha1-0FVMIlZjbi9W58LlrRg/hZQo2B8=", + "dev": true + }, + "ansi-regex": { + "version": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-2.1.1.tgz", + "integrity": "sha1-w7M6te42DYbg5ijwRorn7yfWVN8=" + }, + "ansi-styles": { + "version": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-2.2.1.tgz", + "integrity": "sha1-tDLdM1i2NM914eRmQ2gkBTPB3b4=" + }, + "num2fraction": { + "version": "http://registry.npm.taobao.org/num2fraction/download/num2fraction-1.2.2.tgz", + "bundled": true + }, + "postcss": { + "version": "http://registry.npm.taobao.org/postcss/download/postcss-6.0.21.tgz", + "bundled": true + }, + "postcss-value-parser": { + "version": "http://registry.npm.taobao.org/postcss-value-parser/download/postcss-value-parser-3.3.0.tgz", + "bundled": true + } + } +} diff --git a/tests/packagedcode/data/npm/package-lock-tarball/package-lock.json-expected b/tests/packagedcode/data/npm/package-lock-tarball/package-lock.json-expected new file mode 100644 index 0000000000..20108d055d --- /dev/null +++ b/tests/packagedcode/data/npm/package-lock-tarball/package-lock.json-expected @@ -0,0 +1,481 @@ +[ + { + "type": "npm", + "namespace": "", + "name": "SaaS_IHRM_Vue", + "version": "1.0.0", + "qualifiers": {}, + "subpath": null, + "primary_language": "JavaScript", + "description": null, + "release_date": null, + "parties": [], + "keywords": [], + "homepage_url": null, + "download_url": null, + "size": null, + "sha1": null, + "md5": null, + "sha256": null, + "sha512": null, + "bug_tracking_url": null, + "code_view_url": null, + "vcs_url": null, + "copyright": null, + "holder": null, + "declared_license_expression": null, + "declared_license_expression_spdx": null, + "license_detections": [], + "other_license_expression": null, + "other_license_expression_spdx": null, + "other_license_detections": [], + "extracted_license_statement": null, + "notice_text": null, + "source_packages": [], + "file_references": [], + "is_private": false, + "is_virtual": false, + "extra_data": { + "lockfile_version": 1 + }, + "dependencies": [ + { + "purl": "pkg:npm/abbrev@1.1.0", + "extracted_requirement": "1.1.0", + "scope": "devDependencies", + "is_runtime": false, + "is_optional": true, + "is_pinned": true, + "is_direct": false, + "resolved_package": { + "type": "npm", + "namespace": "", + "name": "abbrev", + "version": "1.1.0", + "qualifiers": {}, + "subpath": null, + "primary_language": "JavaScript", + "description": null, + "release_date": null, + "parties": [], + "keywords": [], + "homepage_url": null, + "download_url": null, + "size": null, + "sha1": "d0554c2256636e2f56e7c2e5ad183f859428d81f", + "md5": null, + "sha256": null, + "sha512": null, + "bug_tracking_url": null, + "code_view_url": null, + "vcs_url": null, + "copyright": null, + "holder": null, + "declared_license_expression": null, + "declared_license_expression_spdx": null, + "license_detections": [], + "other_license_expression": null, + "other_license_expression_spdx": null, + "other_license_detections": [], + "extracted_license_statement": null, + "notice_text": null, + "source_packages": [], + "file_references": [ + [ + { + "path": "abbrev", + "size": 0, + "sha1": null, + "md5": null, + "sha256": null, + "sha512": null, + "extra_data": {} + } + ] + ], + "is_private": false, + "is_virtual": true, + "extra_data": {}, + "dependencies": [], + "repository_homepage_url": "https://www.npmjs.com/package/abbrev", + "repository_download_url": "https://registry.npmjs.org/abbrev/-/abbrev-1.1.0.tgz", + "api_data_url": "https://registry.npmjs.org/abbrev/1.1.0", + "datasource_id": "npm_package_lock_json", + "purl": "pkg:npm/abbrev@1.1.0" + }, + "extra_data": { + "is_bundled": false, + "version_type": [ + "remote-tarball" + ], + "url": "https://registry.npmjs.org/abbrev/-/abbrev-1.1.0.tgz" + } + }, + { + "purl": "pkg:npm/ansi-regex@2.1.1", + "extracted_requirement": "2.1.1", + "scope": "dependencies", + "is_runtime": true, + "is_optional": false, + "is_pinned": true, + "is_direct": false, + "resolved_package": { + "type": "npm", + "namespace": "", + "name": "ansi-regex", + "version": "2.1.1", + "qualifiers": {}, + "subpath": null, + "primary_language": "JavaScript", + "description": null, + "release_date": null, + "parties": [], + "keywords": [], + "homepage_url": null, + "download_url": null, + "size": null, + "sha1": "c3b33ab5ee360d86e0e628f0468ae7ef27d654df", + "md5": null, + "sha256": null, + "sha512": null, + "bug_tracking_url": null, + "code_view_url": null, + "vcs_url": null, + "copyright": null, + "holder": null, + "declared_license_expression": null, + "declared_license_expression_spdx": null, + "license_detections": [], + "other_license_expression": null, + "other_license_expression_spdx": null, + "other_license_detections": [], + "extracted_license_statement": null, + "notice_text": null, + "source_packages": [], + "file_references": [ + [ + { + "path": "ansi-regex", + "size": 0, + "sha1": null, + "md5": null, + "sha256": null, + "sha512": null, + "extra_data": {} + } + ] + ], + "is_private": false, + "is_virtual": true, + "extra_data": {}, + "dependencies": [], + "repository_homepage_url": "https://www.npmjs.com/package/ansi-regex", + "repository_download_url": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-2.1.1.tgz", + "api_data_url": "https://registry.npmjs.org/ansi-regex/2.1.1", + "datasource_id": "npm_package_lock_json", + "purl": "pkg:npm/ansi-regex@2.1.1" + }, + "extra_data": { + "is_bundled": false, + "version_type": [ + "remote-tarball" + ], + "url": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-2.1.1.tgz" + } + }, + { + "purl": "pkg:npm/ansi-styles@2.2.1", + "extracted_requirement": "2.2.1", + "scope": "dependencies", + "is_runtime": true, + "is_optional": false, + "is_pinned": true, + "is_direct": false, + "resolved_package": { + "type": "npm", + "namespace": "", + "name": "ansi-styles", + "version": "2.2.1", + "qualifiers": {}, + "subpath": null, + "primary_language": "JavaScript", + "description": null, + "release_date": null, + "parties": [], + "keywords": [], + "homepage_url": null, + "download_url": null, + "size": null, + "sha1": "b432dd3358b634cf75e1e4664368240533c1ddbe", + "md5": null, + "sha256": null, + "sha512": null, + "bug_tracking_url": null, + "code_view_url": null, + "vcs_url": null, + "copyright": null, + "holder": null, + "declared_license_expression": null, + "declared_license_expression_spdx": null, + "license_detections": [], + "other_license_expression": null, + "other_license_expression_spdx": null, + "other_license_detections": [], + "extracted_license_statement": null, + "notice_text": null, + "source_packages": [], + "file_references": [ + [ + { + "path": "ansi-styles", + "size": 0, + "sha1": null, + "md5": null, + "sha256": null, + "sha512": null, + "extra_data": {} + } + ] + ], + "is_private": false, + "is_virtual": true, + "extra_data": {}, + "dependencies": [], + "repository_homepage_url": "https://www.npmjs.com/package/ansi-styles", + "repository_download_url": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-2.2.1.tgz", + "api_data_url": "https://registry.npmjs.org/ansi-styles/2.2.1", + "datasource_id": "npm_package_lock_json", + "purl": "pkg:npm/ansi-styles@2.2.1" + }, + "extra_data": { + "is_bundled": false, + "version_type": [ + "remote-tarball" + ], + "url": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-2.2.1.tgz" + } + }, + { + "purl": "pkg:npm/num2fraction@1.2.2", + "extracted_requirement": "1.2.2", + "scope": "dependencies", + "is_runtime": true, + "is_optional": false, + "is_pinned": true, + "is_direct": false, + "resolved_package": { + "type": "npm", + "namespace": "", + "name": "num2fraction", + "version": "1.2.2", + "qualifiers": {}, + "subpath": null, + "primary_language": "JavaScript", + "description": null, + "release_date": null, + "parties": [], + "keywords": [], + "homepage_url": null, + "download_url": null, + "size": null, + "sha1": null, + "md5": null, + "sha256": null, + "sha512": null, + "bug_tracking_url": null, + "code_view_url": null, + "vcs_url": null, + "copyright": null, + "holder": null, + "declared_license_expression": null, + "declared_license_expression_spdx": null, + "license_detections": [], + "other_license_expression": null, + "other_license_expression_spdx": null, + "other_license_detections": [], + "extracted_license_statement": null, + "notice_text": null, + "source_packages": [], + "file_references": [ + [ + { + "path": "num2fraction", + "size": 0, + "sha1": null, + "md5": null, + "sha256": null, + "sha512": null, + "extra_data": {} + } + ] + ], + "is_private": false, + "is_virtual": true, + "extra_data": {}, + "dependencies": [], + "repository_homepage_url": "https://www.npmjs.com/package/num2fraction", + "repository_download_url": "https://registry.npmjs.org/num2fraction/-/num2fraction-1.2.2.tgz", + "api_data_url": "https://registry.npmjs.org/num2fraction/1.2.2", + "datasource_id": "npm_package_lock_json", + "purl": "pkg:npm/num2fraction@1.2.2" + }, + "extra_data": { + "is_bundled": true, + "version_type": [ + "remote-tarball" + ], + "url": "http://registry.npm.taobao.org/num2fraction/download/num2fraction-1.2.2.tgz" + } + }, + { + "purl": "pkg:npm/postcss@6.0.21", + "extracted_requirement": "6.0.21", + "scope": "dependencies", + "is_runtime": true, + "is_optional": false, + "is_pinned": true, + "is_direct": false, + "resolved_package": { + "type": "npm", + "namespace": "", + "name": "postcss", + "version": "6.0.21", + "qualifiers": {}, + "subpath": null, + "primary_language": "JavaScript", + "description": null, + "release_date": null, + "parties": [], + "keywords": [], + "homepage_url": null, + "download_url": null, + "size": null, + "sha1": null, + "md5": null, + "sha256": null, + "sha512": null, + "bug_tracking_url": null, + "code_view_url": null, + "vcs_url": null, + "copyright": null, + "holder": null, + "declared_license_expression": null, + "declared_license_expression_spdx": null, + "license_detections": [], + "other_license_expression": null, + "other_license_expression_spdx": null, + "other_license_detections": [], + "extracted_license_statement": null, + "notice_text": null, + "source_packages": [], + "file_references": [ + [ + { + "path": "postcss", + "size": 0, + "sha1": null, + "md5": null, + "sha256": null, + "sha512": null, + "extra_data": {} + } + ] + ], + "is_private": false, + "is_virtual": true, + "extra_data": {}, + "dependencies": [], + "repository_homepage_url": "https://www.npmjs.com/package/postcss", + "repository_download_url": "https://registry.npmjs.org/postcss/-/postcss-6.0.21.tgz", + "api_data_url": "https://registry.npmjs.org/postcss/6.0.21", + "datasource_id": "npm_package_lock_json", + "purl": "pkg:npm/postcss@6.0.21" + }, + "extra_data": { + "is_bundled": true, + "version_type": [ + "remote-tarball" + ], + "url": "http://registry.npm.taobao.org/postcss/download/postcss-6.0.21.tgz" + } + }, + { + "purl": "pkg:npm/postcss-value-parser@3.3.0", + "extracted_requirement": "3.3.0", + "scope": "dependencies", + "is_runtime": true, + "is_optional": false, + "is_pinned": true, + "is_direct": false, + "resolved_package": { + "type": "npm", + "namespace": "", + "name": "postcss-value-parser", + "version": "3.3.0", + "qualifiers": {}, + "subpath": null, + "primary_language": "JavaScript", + "description": null, + "release_date": null, + "parties": [], + "keywords": [], + "homepage_url": null, + "download_url": null, + "size": null, + "sha1": null, + "md5": null, + "sha256": null, + "sha512": null, + "bug_tracking_url": null, + "code_view_url": null, + "vcs_url": null, + "copyright": null, + "holder": null, + "declared_license_expression": null, + "declared_license_expression_spdx": null, + "license_detections": [], + "other_license_expression": null, + "other_license_expression_spdx": null, + "other_license_detections": [], + "extracted_license_statement": null, + "notice_text": null, + "source_packages": [], + "file_references": [ + [ + { + "path": "postcss-value-parser", + "size": 0, + "sha1": null, + "md5": null, + "sha256": null, + "sha512": null, + "extra_data": {} + } + ] + ], + "is_private": false, + "is_virtual": true, + "extra_data": {}, + "dependencies": [], + "repository_homepage_url": "https://www.npmjs.com/package/postcss-value-parser", + "repository_download_url": "https://registry.npmjs.org/postcss-value-parser/-/postcss-value-parser-3.3.0.tgz", + "api_data_url": "https://registry.npmjs.org/postcss-value-parser/3.3.0", + "datasource_id": "npm_package_lock_json", + "purl": "pkg:npm/postcss-value-parser@3.3.0" + }, + "extra_data": { + "is_bundled": true, + "version_type": [ + "remote-tarball" + ], + "url": "http://registry.npm.taobao.org/postcss-value-parser/download/postcss-value-parser-3.3.0.tgz" + } + } + ], + "repository_homepage_url": "https://www.npmjs.com/package/SaaS_IHRM_Vue", + "repository_download_url": "https://registry.npmjs.org/SaaS_IHRM_Vue/-/SaaS_IHRM_Vue-1.0.0.tgz", + "api_data_url": "https://registry.npmjs.org/SaaS_IHRM_Vue/1.0.0", + "datasource_id": "npm_package_lock_json", + "purl": "pkg:npm/saas_ihrm_vue@1.0.0" + } +] \ No newline at end of file diff --git a/tests/packagedcode/test_npm.py b/tests/packagedcode/test_npm.py index 0be0bfe0ca..a762ef50ef 100644 --- a/tests/packagedcode/test_npm.py +++ b/tests/packagedcode/test_npm.py @@ -289,6 +289,30 @@ def test_parse_package_lock_v2_alias(self): packages = npm.NpmPackageLockJsonHandler.parse(test_file) self.check_packages_data(packages, expected_loc, regen=REGEN_TEST_FIXTURES) + def test_parse_package_lock_with_bundled_dependencies(self): + test_file = self.get_test_loc('npm/package-lock-bundled/package-lock.json') + expected_loc = self.get_test_loc('npm/package-lock-bundled/package-lock.json-expected') + packages = npm.NpmPackageLockJsonHandler.parse(test_file) + self.check_packages_data(packages, expected_loc, regen=REGEN_TEST_FIXTURES) + + def test_parse_package_lock_with_git_sources(self): + test_file = self.get_test_loc('npm/package-lock-git/package-lock.json') + expected_loc = self.get_test_loc('npm/package-lock-git/package-lock.json-expected') + packages = npm.NpmPackageLockJsonHandler.parse(test_file) + self.check_packages_data(packages, expected_loc, regen=REGEN_TEST_FIXTURES) + + def test_parse_package_lock_with_tarball_sources(self): + test_file = self.get_test_loc('npm/package-lock-tarball/package-lock.json') + expected_loc = self.get_test_loc('npm/package-lock-tarball/package-lock.json-expected') + packages = npm.NpmPackageLockJsonHandler.parse(test_file) + self.check_packages_data(packages, expected_loc, regen=REGEN_TEST_FIXTURES) + + def test_parse_package_lock_with_local_sources(self): + test_file = self.get_test_loc('npm/package-lock-local/package-lock.json') + expected_loc = self.get_test_loc('npm/package-lock-local/package-lock.json-expected') + packages = npm.NpmPackageLockJsonHandler.parse(test_file) + self.check_packages_data(packages, expected_loc, regen=REGEN_TEST_FIXTURES) + def test_is_datafile_npm_shrinkwrap_json(self): test_file = self.get_test_loc('npm/npm-shrinkwrap/npm-shrinkwrap.json') assert npm.NpmShrinkwrapJsonHandler.is_datafile(test_file) From e6f44192d44b44ec21a7266590279608ebd8669e Mon Sep 17 00:00:00 2001 From: uttam282005 Date: Wed, 18 Feb 2026 01:42:50 +0530 Subject: [PATCH 4/5] temporarly rollback is_bundled support Signed-off-by: uttam282005 --- src/packagedcode/npm.py | 8 +- .../package-lock-bundled/package-lock.json | 31 -- .../package-lock.json-expected | 321 ------------------ tests/packagedcode/test_npm.py | 6 - 4 files changed, 3 insertions(+), 363 deletions(-) delete mode 100644 tests/packagedcode/data/npm/package-lock-bundled/package-lock.json delete mode 100644 tests/packagedcode/data/npm/package-lock-bundled/package-lock.json-expected diff --git a/src/packagedcode/npm.py b/src/packagedcode/npm.py index 512a62e774..600fc981d3 100644 --- a/src/packagedcode/npm.py +++ b/src/packagedcode/npm.py @@ -690,7 +690,6 @@ def parse(cls, location, package_only=False): is_dev = dep_data.get('dev', False) is_optional = dep_data.get('optional', False) is_devoptional = dep_data.get('devOptional', False) - is_bundled = dep_data.get('bundled', False) if is_dev or is_devoptional: is_runtime = False is_optional = True @@ -719,9 +718,7 @@ def parse(cls, location, package_only=False): version_string = dep_data.get('version') version_info = parse_npm_version(version_string) - extra_data = { - 'is_bundled': is_bundled - } + extra_data = {} if version_info['type'] != "semver": extra_data['version_type'] = version_info['type'], extra_data['url'] = version_info['url'] @@ -743,8 +740,9 @@ def parse(cls, location, package_only=False): is_optional=is_optional, is_pinned=True, is_direct=False, - extra_data=extra_data ) + if extra_data: + dependency.extra_data = extra_data # URLs and checksums misc = get_urls(ns, name, version) diff --git a/tests/packagedcode/data/npm/package-lock-bundled/package-lock.json b/tests/packagedcode/data/npm/package-lock-bundled/package-lock.json deleted file mode 100644 index fa7b546e82..0000000000 --- a/tests/packagedcode/data/npm/package-lock-bundled/package-lock.json +++ /dev/null @@ -1,31 +0,0 @@ -{ - "name": "purge-artifacts-action", - "version": "0.0.1", - "lockfileVersion": 1, - "requires": true, - "dependencies": { - "@actions/core": { - "version": "1.2.2", - "resolved": "https://registry.npmjs.org/@actions/core/-/core-1.2.2.tgz", - "integrity": "sha512-IbCx7oefq+Gi6FWbSs2Fnw8VkEI6Y4gvjrYprY3RV//ksq/KPMlClOerJ4jRosyal6zkUIc8R9fS/cpRMlGClg==" - }, - "abbrev": { - "version": "1.1.1", - "bundled": true, - "dev": true, - "optional": true - }, - "ansi-regex": { - "version": "2.1.1", - "bundled": true, - "dev": true, - "optional": true - }, - "aproba": { - "version": "1.2.0", - "bundled": true, - "dev": true, - "optional": true - } - } -} diff --git a/tests/packagedcode/data/npm/package-lock-bundled/package-lock.json-expected b/tests/packagedcode/data/npm/package-lock-bundled/package-lock.json-expected deleted file mode 100644 index 2ecccc394a..0000000000 --- a/tests/packagedcode/data/npm/package-lock-bundled/package-lock.json-expected +++ /dev/null @@ -1,321 +0,0 @@ -[ - { - "type": "npm", - "namespace": "", - "name": "purge-artifacts-action", - "version": "0.0.1", - "qualifiers": {}, - "subpath": null, - "primary_language": "JavaScript", - "description": null, - "release_date": null, - "parties": [], - "keywords": [], - "homepage_url": null, - "download_url": null, - "size": null, - "sha1": null, - "md5": null, - "sha256": null, - "sha512": null, - "bug_tracking_url": null, - "code_view_url": null, - "vcs_url": null, - "copyright": null, - "holder": null, - "declared_license_expression": null, - "declared_license_expression_spdx": null, - "license_detections": [], - "other_license_expression": null, - "other_license_expression_spdx": null, - "other_license_detections": [], - "extracted_license_statement": null, - "notice_text": null, - "source_packages": [], - "file_references": [], - "is_private": false, - "is_virtual": false, - "extra_data": { - "lockfile_version": 1 - }, - "dependencies": [ - { - "purl": "pkg:npm/%40actions/core@1.2.2", - "extracted_requirement": "1.2.2", - "scope": "dependencies", - "is_runtime": true, - "is_optional": false, - "is_pinned": true, - "is_direct": false, - "resolved_package": { - "type": "npm", - "namespace": "@actions", - "name": "core", - "version": "1.2.2", - "qualifiers": {}, - "subpath": null, - "primary_language": "JavaScript", - "description": null, - "release_date": null, - "parties": [], - "keywords": [], - "homepage_url": null, - "download_url": "https://registry.npmjs.org/@actions/core/-/core-1.2.2.tgz", - "size": null, - "sha1": null, - "md5": null, - "sha256": null, - "sha512": "21b0b1ee879fabe1a2e8559b4acd859f0f1590423a63882f8eb629ad8dd157ffe4b2afca3cc94294e7ab2788d1a2cc9a97ace450873c47d7d2fdca5132518296", - "bug_tracking_url": null, - "code_view_url": null, - "vcs_url": null, - "copyright": null, - "holder": null, - "declared_license_expression": null, - "declared_license_expression_spdx": null, - "license_detections": [], - "other_license_expression": null, - "other_license_expression_spdx": null, - "other_license_detections": [], - "extracted_license_statement": null, - "notice_text": null, - "source_packages": [], - "file_references": [ - [ - { - "path": "@actions/core", - "size": 0, - "sha1": null, - "md5": null, - "sha256": null, - "sha512": null, - "extra_data": {} - } - ] - ], - "is_private": false, - "is_virtual": true, - "extra_data": {}, - "dependencies": [], - "repository_homepage_url": "https://www.npmjs.com/package/@actions/core", - "repository_download_url": "https://registry.npmjs.org/@actions/core/-/core-1.2.2.tgz", - "api_data_url": "https://registry.npmjs.org/@actions%2fcore/1.2.2", - "datasource_id": "npm_package_lock_json", - "purl": "pkg:npm/%40actions/core@1.2.2" - }, - "extra_data": { - "is_bundled": false - } - }, - { - "purl": "pkg:npm/abbrev@1.1.1", - "extracted_requirement": "1.1.1", - "scope": "devDependencies", - "is_runtime": false, - "is_optional": true, - "is_pinned": true, - "is_direct": false, - "resolved_package": { - "type": "npm", - "namespace": "", - "name": "abbrev", - "version": "1.1.1", - "qualifiers": {}, - "subpath": null, - "primary_language": "JavaScript", - "description": null, - "release_date": null, - "parties": [], - "keywords": [], - "homepage_url": null, - "download_url": null, - "size": null, - "sha1": null, - "md5": null, - "sha256": null, - "sha512": null, - "bug_tracking_url": null, - "code_view_url": null, - "vcs_url": null, - "copyright": null, - "holder": null, - "declared_license_expression": null, - "declared_license_expression_spdx": null, - "license_detections": [], - "other_license_expression": null, - "other_license_expression_spdx": null, - "other_license_detections": [], - "extracted_license_statement": null, - "notice_text": null, - "source_packages": [], - "file_references": [ - [ - { - "path": "abbrev", - "size": 0, - "sha1": null, - "md5": null, - "sha256": null, - "sha512": null, - "extra_data": {} - } - ] - ], - "is_private": false, - "is_virtual": true, - "extra_data": {}, - "dependencies": [], - "repository_homepage_url": "https://www.npmjs.com/package/abbrev", - "repository_download_url": "https://registry.npmjs.org/abbrev/-/abbrev-1.1.1.tgz", - "api_data_url": "https://registry.npmjs.org/abbrev/1.1.1", - "datasource_id": "npm_package_lock_json", - "purl": "pkg:npm/abbrev@1.1.1" - }, - "extra_data": { - "is_bundled": true - } - }, - { - "purl": "pkg:npm/ansi-regex@2.1.1", - "extracted_requirement": "2.1.1", - "scope": "devDependencies", - "is_runtime": false, - "is_optional": true, - "is_pinned": true, - "is_direct": false, - "resolved_package": { - "type": "npm", - "namespace": "", - "name": "ansi-regex", - "version": "2.1.1", - "qualifiers": {}, - "subpath": null, - "primary_language": "JavaScript", - "description": null, - "release_date": null, - "parties": [], - "keywords": [], - "homepage_url": null, - "download_url": null, - "size": null, - "sha1": null, - "md5": null, - "sha256": null, - "sha512": null, - "bug_tracking_url": null, - "code_view_url": null, - "vcs_url": null, - "copyright": null, - "holder": null, - "declared_license_expression": null, - "declared_license_expression_spdx": null, - "license_detections": [], - "other_license_expression": null, - "other_license_expression_spdx": null, - "other_license_detections": [], - "extracted_license_statement": null, - "notice_text": null, - "source_packages": [], - "file_references": [ - [ - { - "path": "ansi-regex", - "size": 0, - "sha1": null, - "md5": null, - "sha256": null, - "sha512": null, - "extra_data": {} - } - ] - ], - "is_private": false, - "is_virtual": true, - "extra_data": {}, - "dependencies": [], - "repository_homepage_url": "https://www.npmjs.com/package/ansi-regex", - "repository_download_url": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-2.1.1.tgz", - "api_data_url": "https://registry.npmjs.org/ansi-regex/2.1.1", - "datasource_id": "npm_package_lock_json", - "purl": "pkg:npm/ansi-regex@2.1.1" - }, - "extra_data": { - "is_bundled": true - } - }, - { - "purl": "pkg:npm/aproba@1.2.0", - "extracted_requirement": "1.2.0", - "scope": "devDependencies", - "is_runtime": false, - "is_optional": true, - "is_pinned": true, - "is_direct": false, - "resolved_package": { - "type": "npm", - "namespace": "", - "name": "aproba", - "version": "1.2.0", - "qualifiers": {}, - "subpath": null, - "primary_language": "JavaScript", - "description": null, - "release_date": null, - "parties": [], - "keywords": [], - "homepage_url": null, - "download_url": null, - "size": null, - "sha1": null, - "md5": null, - "sha256": null, - "sha512": null, - "bug_tracking_url": null, - "code_view_url": null, - "vcs_url": null, - "copyright": null, - "holder": null, - "declared_license_expression": null, - "declared_license_expression_spdx": null, - "license_detections": [], - "other_license_expression": null, - "other_license_expression_spdx": null, - "other_license_detections": [], - "extracted_license_statement": null, - "notice_text": null, - "source_packages": [], - "file_references": [ - [ - { - "path": "aproba", - "size": 0, - "sha1": null, - "md5": null, - "sha256": null, - "sha512": null, - "extra_data": {} - } - ] - ], - "is_private": false, - "is_virtual": true, - "extra_data": {}, - "dependencies": [], - "repository_homepage_url": "https://www.npmjs.com/package/aproba", - "repository_download_url": "https://registry.npmjs.org/aproba/-/aproba-1.2.0.tgz", - "api_data_url": "https://registry.npmjs.org/aproba/1.2.0", - "datasource_id": "npm_package_lock_json", - "purl": "pkg:npm/aproba@1.2.0" - }, - "extra_data": { - "is_bundled": true - } - } - ], - "repository_homepage_url": "https://www.npmjs.com/package/purge-artifacts-action", - "repository_download_url": "https://registry.npmjs.org/purge-artifacts-action/-/purge-artifacts-action-0.0.1.tgz", - "api_data_url": "https://registry.npmjs.org/purge-artifacts-action/0.0.1", - "datasource_id": "npm_package_lock_json", - "purl": "pkg:npm/purge-artifacts-action@0.0.1" - } -] \ No newline at end of file diff --git a/tests/packagedcode/test_npm.py b/tests/packagedcode/test_npm.py index a762ef50ef..f089deb643 100644 --- a/tests/packagedcode/test_npm.py +++ b/tests/packagedcode/test_npm.py @@ -289,12 +289,6 @@ def test_parse_package_lock_v2_alias(self): packages = npm.NpmPackageLockJsonHandler.parse(test_file) self.check_packages_data(packages, expected_loc, regen=REGEN_TEST_FIXTURES) - def test_parse_package_lock_with_bundled_dependencies(self): - test_file = self.get_test_loc('npm/package-lock-bundled/package-lock.json') - expected_loc = self.get_test_loc('npm/package-lock-bundled/package-lock.json-expected') - packages = npm.NpmPackageLockJsonHandler.parse(test_file) - self.check_packages_data(packages, expected_loc, regen=REGEN_TEST_FIXTURES) - def test_parse_package_lock_with_git_sources(self): test_file = self.get_test_loc('npm/package-lock-git/package-lock.json') expected_loc = self.get_test_loc('npm/package-lock-git/package-lock.json-expected') From d95ab5daa928b3128edc966b821435734bafe9b4 Mon Sep 17 00:00:00 2001 From: uttam282005 Date: Wed, 18 Feb 2026 01:44:09 +0530 Subject: [PATCH 5/5] regen test fixtures Signed-off-by: uttam282005 --- .../data/npm/package-lock-git/package-lock.json-expected | 5 +---- .../npm/package-lock-local/package-lock.json-expected | 9 ++------- .../npm/package-lock-tarball/package-lock.json-expected | 6 ------ 3 files changed, 3 insertions(+), 17 deletions(-) diff --git a/tests/packagedcode/data/npm/package-lock-git/package-lock.json-expected b/tests/packagedcode/data/npm/package-lock-git/package-lock.json-expected index f3fe48c1d0..58cfe83b77 100644 --- a/tests/packagedcode/data/npm/package-lock-git/package-lock.json-expected +++ b/tests/packagedcode/data/npm/package-lock-git/package-lock.json-expected @@ -127,7 +127,6 @@ "purl": "pkg:npm/slp-unit-test-data@22d9c5c95c3f1e1fb75958a82a211f4e99dcb9f1" }, "extra_data": { - "is_bundled": false, "version_type": [ "git" ], @@ -198,9 +197,7 @@ "datasource_id": "npm_package_lock_json", "purl": "pkg:npm/yn@3.1.1" }, - "extra_data": { - "is_bundled": false - } + "extra_data": {} } ], "repository_homepage_url": "https://www.npmjs.com/package/megak", diff --git a/tests/packagedcode/data/npm/package-lock-local/package-lock.json-expected b/tests/packagedcode/data/npm/package-lock-local/package-lock.json-expected index a5c43399af..4ee5c40815 100644 --- a/tests/packagedcode/data/npm/package-lock-local/package-lock.json-expected +++ b/tests/packagedcode/data/npm/package-lock-local/package-lock.json-expected @@ -160,7 +160,6 @@ "purl": "pkg:npm/%40frontity/flat-theme" }, "extra_data": { - "is_bundled": false, "version_type": [ "local" ], @@ -287,9 +286,7 @@ "datasource_id": "npm_package_lock_json", "purl": "pkg:npm/babel-template@6.25.0" }, - "extra_data": { - "is_bundled": false - } + "extra_data": {} }, { "purl": "pkg:npm/to-fast-properties@1.0.3", @@ -355,9 +352,7 @@ "datasource_id": "npm_package_lock_json", "purl": "pkg:npm/to-fast-properties@1.0.3" }, - "extra_data": { - "is_bundled": false - } + "extra_data": {} } ], "repository_homepage_url": "https://www.npmjs.com/package/babel-runtime", diff --git a/tests/packagedcode/data/npm/package-lock-tarball/package-lock.json-expected b/tests/packagedcode/data/npm/package-lock-tarball/package-lock.json-expected index 20108d055d..cf7bde7030 100644 --- a/tests/packagedcode/data/npm/package-lock-tarball/package-lock.json-expected +++ b/tests/packagedcode/data/npm/package-lock-tarball/package-lock.json-expected @@ -104,7 +104,6 @@ "purl": "pkg:npm/abbrev@1.1.0" }, "extra_data": { - "is_bundled": false, "version_type": [ "remote-tarball" ], @@ -176,7 +175,6 @@ "purl": "pkg:npm/ansi-regex@2.1.1" }, "extra_data": { - "is_bundled": false, "version_type": [ "remote-tarball" ], @@ -248,7 +246,6 @@ "purl": "pkg:npm/ansi-styles@2.2.1" }, "extra_data": { - "is_bundled": false, "version_type": [ "remote-tarball" ], @@ -320,7 +317,6 @@ "purl": "pkg:npm/num2fraction@1.2.2" }, "extra_data": { - "is_bundled": true, "version_type": [ "remote-tarball" ], @@ -392,7 +388,6 @@ "purl": "pkg:npm/postcss@6.0.21" }, "extra_data": { - "is_bundled": true, "version_type": [ "remote-tarball" ], @@ -464,7 +459,6 @@ "purl": "pkg:npm/postcss-value-parser@3.3.0" }, "extra_data": { - "is_bundled": true, "version_type": [ "remote-tarball" ],