Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feat/npm support scan of npm projects without lockfiles #578

Merged
merged 1 commit into from May 14, 2024
Merged

Feat/npm support scan of npm projects without lockfiles #578

merged 1 commit into from May 14, 2024

Conversation

adrobuta
Copy link
Contributor

@adrobuta adrobuta commented Apr 10, 2024
edited

  • Ready for review
  • Follows CONTRIBUTING rules
  • Reviewed by Snyk internal team

What does this PR do?

Adds support for scanning npm projects that do not contain package.json/package-lock.json/yarn.lock files in the application root directory:

  • Adding dependency to resolve-deps which can traverse node_modules directory and return a depgraph
  • Adding functionality to persist the node_modules from the image layer to a temporary directory and passing the path to the call to resolveDeps library
  • a depGraph is constructed when package.json or package.json and package-lock.json/yarn.lock is missing from the application directory
  • when package.json is missing from the application directory, the name of the rootPkg is set to the parent dir of the node_modules folder and the version for it is reported being "1.0.0"
  • when package.json is missing from the application directory, the default package manager reported for the depGraph is npm

Where should the reviewer start?

How should this be manually tested?

Any background context you want to provide?

What are the relevant tickets?

Screenshots

Additional questions

@adrobuta adrobuta requested a review from a team as a code owner April 10, 2024 14:16
@adrobuta adrobuta force-pushed the feat/npm-scan-without-lockfiles branch 5 times, most recently from 32a626a to 43fb2f9 Compare April 17, 2024 09:29
@adrobuta adrobuta changed the title Feat/npm support scannin npm projects without lockfiles Feat/npm support scan of npm projects without lockfiles Apr 17, 2024
@adrobuta adrobuta force-pushed the feat/npm-scan-without-lockfiles branch 22 times, most recently from a3f32c5 to f59879f Compare April 24, 2024 07:56
@danlucian danlucian deleted the feat/npm-scan-without-lockfiles branch April 26, 2024 11:41
@danlucian danlucian restored the feat/npm-scan-without-lockfiles branch April 26, 2024 11:51
@adrobuta adrobuta reopened this Apr 26, 2024
@adrobuta adrobuta force-pushed the feat/npm-scan-without-lockfiles branch 2 times, most recently from 2ce6290 to 5d1556d Compare April 26, 2024 15:17
@adrobuta adrobuta force-pushed the feat/npm-scan-without-lockfiles branch 2 times, most recently from 5d21fce to 5236672 Compare May 8, 2024 11:00
@ChristinaDara ChristinaDara force-pushed the feat/npm-scan-without-lockfiles branch 3 times, most recently from c1aa27d to 30b67ba Compare May 9, 2024 14:16
@adrobuta adrobuta force-pushed the feat/npm-scan-without-lockfiles branch 2 times, most recently from c1285cb to c1aa27d Compare May 9, 2024 15:17
@ChristinaDara ChristinaDara force-pushed the feat/npm-scan-without-lockfiles branch 2 times, most recently from a85fecb to c0a0267 Compare May 9, 2024 17:53
@adrobuta adrobuta force-pushed the feat/npm-scan-without-lockfiles branch 10 times, most recently from c54e8fb to 72f518d Compare May 14, 2024 09:53
@adrobuta @danlucian @neil-snyk
feat: support npm project scan without lock files UNIFY-68
77038db 
Co-authored-by: danlucian <lucian.rosu@snyk.io>
Co-authored-by: neil     <neil.lowrie@snyk.io>
@adrobuta adrobuta force-pushed the feat/npm-scan-without-lockfiles branch from 72f518d to 77038db Compare May 14, 2024 14:15
@adrobuta adrobuta merged commit 07f739a into main May 14, 2024
14 checks passed
@adrobuta adrobuta deleted the feat/npm-scan-without-lockfiles branch May 14, 2024 14:44
@team-lumos
Copy link
Collaborator

🎉 This PR is included in version 6.12.0 🎉

The release is available on:

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@neil-snyk neil-snyk neil-snyk approved these changes

Assignees
No one assigned
Labels
released
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@adrobuta @team-lumos @neil-snyk @danlucian