diff --git a/src/packagedcode/npm.py b/src/packagedcode/npm.py index 7618e830c1..600fc981d3 100644 --- a/src/packagedcode/npm.py +++ b/src/packagedcode/npm.py @@ -715,7 +715,15 @@ def parse(cls, location, package_only=False): else: name = dep ns, _ , name = name.rpartition('/') - version = dep_data.get('version') + version_string = dep_data.get('version') + version_info = parse_npm_version(version_string) + + extra_data = {} + if version_info['type'] != "semver": + extra_data['version_type'] = version_info['type'], + extra_data['url'] = version_info['url'] + + version = get_version(version_info) dep_purl = PackageURL( type=cls.default_package_type, @@ -733,6 +741,8 @@ def parse(cls, location, package_only=False): is_pinned=True, is_direct=False, ) + if extra_data: + dependency.extra_data = extra_data # URLs and checksums misc = get_urls(ns, name, version) @@ -1878,6 +1888,46 @@ def deps_mapper(deps, package, field_name, is_direct=True): return package +def parse_npm_version(version_string): + version_string = version_string.strip() + + if version_string.startswith("git+"): + type = 'git' + + elif version_string.startswith("https:") or version_string.startswith("http:"): + type = 'remote-tarball' + + elif version_string.startswith("file:"): + type = 'local' + + elif re.match(r"^\d+\.\d+\.\d+", version_string): + type = "semver" + + else: + type = 'unknown' + + return {'type': type, 'url': version_string} + +def get_version(version_info): + type = version_info['type'] + version_string = version_info['url'] + + version = None + + if type == 'semver': + version = version_string + + elif type == 'remote-tarball': + version_match = re.search(r'[-_](\d+\.\d+\.\d+[^/]*)', version_string) + if version_match: + version = version_match.group(1) + version = re.sub(r'\.tgz$', '', version) + + elif type == 'git': + if '#' in version_string: + _, _, version = version_string.rpartition('#') + + return version person_parser = re.compile( r'^(?P[^\(<]+)' diff --git a/tests/packagedcode/data/npm/package-lock-git/package-lock.json b/tests/packagedcode/data/npm/package-lock-git/package-lock.json new file mode 100644 index 0000000000..c985000d3d --- /dev/null +++ b/tests/packagedcode/data/npm/package-lock-git/package-lock.json @@ -0,0 +1,28 @@ +{ + "name": "megak", + "version": "1.0.0", + "lockfileVersion": 1, + "requires": true, + "dependencies": { + "": { + "name": "megak", + "version": "1.0.0", + "license": "ISC", + "devDependencies": { + "nodemon": "^2.0.9", + "ts-node-dev": "^1.1.8" + } + }, + "slp-unit-test-data": { + "version": "git+https://github.com/simpleledger/slp-unit-test-data.git#22d9c5c95c3f1e1fb75958a82a211f4e99dcb9f1", + "from": "git+https://github.com/simpleledger/slp-unit-test-data.git", + "dev": true + }, + "yn": { + "version": "3.1.1", + "resolved": "https://registry.npmjs.org/yn/-/yn-3.1.1.tgz", + "integrity": "sha512-Ux4ygGWsu2c7isFWe8Yu1YluJmqVhxqK2cLXNQA5AcC3QfbGNpM7fu0Y8b/z16pXLnFxZYvWhd3fhBY9DLmC6Q==", + "dev": true + } + } +} diff --git a/tests/packagedcode/data/npm/package-lock-git/package-lock.json-expected b/tests/packagedcode/data/npm/package-lock-git/package-lock.json-expected new file mode 100644 index 0000000000..58cfe83b77 --- /dev/null +++ b/tests/packagedcode/data/npm/package-lock-git/package-lock.json-expected @@ -0,0 +1,209 @@ +[ + { + "type": "npm", + "namespace": "", + "name": "megak", + "version": "1.0.0", + "qualifiers": {}, + "subpath": null, + "primary_language": "JavaScript", + "description": null, + "release_date": null, + "parties": [], + "keywords": [], + "homepage_url": null, + "download_url": null, + "size": null, + "sha1": null, + "md5": null, + "sha256": null, + "sha512": null, + "bug_tracking_url": null, + "code_view_url": null, + "vcs_url": null, + "copyright": null, + "holder": null, + "declared_license_expression": "isc", + "declared_license_expression_spdx": "ISC", + "license_detections": [ + { + "license_expression": "isc", + "license_expression_spdx": "ISC", + "matches": [ + { + "license_expression": "isc", + "license_expression_spdx": "ISC", + "from_file": null, + "start_line": 1, + "end_line": 1, + "matcher": "1-spdx-id", + "score": 100.0, + "matched_length": 1, + "match_coverage": 100.0, + "rule_relevance": 100, + "rule_identifier": "spdx-license-identifier-isc-9931cb7ad33c2eb18f322c94660b670a84186baa", + "rule_url": null, + "matched_text": "ISC" + } + ], + "identifier": "isc-6c4320cc-eb5b-3792-8c56-b8565fff1119" + } + ], + "other_license_expression": null, + "other_license_expression_spdx": null, + "other_license_detections": [], + "extracted_license_statement": "ISC", + "notice_text": null, + "source_packages": [], + "file_references": [], + "is_private": false, + "is_virtual": false, + "extra_data": { + "lockfile_version": 1 + }, + "dependencies": [ + { + "purl": "pkg:npm/slp-unit-test-data@22d9c5c95c3f1e1fb75958a82a211f4e99dcb9f1", + "extracted_requirement": "22d9c5c95c3f1e1fb75958a82a211f4e99dcb9f1", + "scope": "devDependencies", + "is_runtime": false, + "is_optional": true, + "is_pinned": true, + "is_direct": false, + "resolved_package": { + "type": "npm", + "namespace": "", + "name": "slp-unit-test-data", + "version": "22d9c5c95c3f1e1fb75958a82a211f4e99dcb9f1", + "qualifiers": {}, + "subpath": null, + "primary_language": "JavaScript", + "description": null, + "release_date": null, + "parties": [], + "keywords": [], + "homepage_url": null, + "download_url": null, + "size": null, + "sha1": null, + "md5": null, + "sha256": null, + "sha512": null, + "bug_tracking_url": null, + "code_view_url": null, + "vcs_url": null, + "copyright": null, + "holder": null, + "declared_license_expression": null, + "declared_license_expression_spdx": null, + "license_detections": [], + "other_license_expression": null, + "other_license_expression_spdx": null, + "other_license_detections": [], + "extracted_license_statement": null, + "notice_text": null, + "source_packages": [], + "file_references": [ + [ + { + "path": "slp-unit-test-data", + "size": 0, + "sha1": null, + "md5": null, + "sha256": null, + "sha512": null, + "extra_data": {} + } + ] + ], + "is_private": false, + "is_virtual": true, + "extra_data": {}, + "dependencies": [], + "repository_homepage_url": "https://www.npmjs.com/package/slp-unit-test-data", + "repository_download_url": "https://registry.npmjs.org/slp-unit-test-data/-/slp-unit-test-data-22d9c5c95c3f1e1fb75958a82a211f4e99dcb9f1.tgz", + "api_data_url": "https://registry.npmjs.org/slp-unit-test-data/22d9c5c95c3f1e1fb75958a82a211f4e99dcb9f1", + "datasource_id": "npm_package_lock_json", + "purl": "pkg:npm/slp-unit-test-data@22d9c5c95c3f1e1fb75958a82a211f4e99dcb9f1" + }, + "extra_data": { + "version_type": [ + "git" + ], + "url": "git+https://github.com/simpleledger/slp-unit-test-data.git#22d9c5c95c3f1e1fb75958a82a211f4e99dcb9f1" + } + }, + { + "purl": "pkg:npm/yn@3.1.1", + "extracted_requirement": "3.1.1", + "scope": "devDependencies", + "is_runtime": false, + "is_optional": true, + "is_pinned": true, + "is_direct": false, + "resolved_package": { + "type": "npm", + "namespace": "", + "name": "yn", + "version": "3.1.1", + "qualifiers": {}, + "subpath": null, + "primary_language": "JavaScript", + "description": null, + "release_date": null, + "parties": [], + "keywords": [], + "homepage_url": null, + "download_url": "https://registry.npmjs.org/yn/-/yn-3.1.1.tgz", + "size": null, + "sha1": null, + "md5": null, + "sha256": null, + "sha512": "531e328065acbb673b8ac1567bc62ed5896e266a95871a8ad9c2d735003901c0b741f6c636933b7eed18f1bff3d7aa572e7171658bd685dddf84163d0cb982e9", + "bug_tracking_url": null, + "code_view_url": null, + "vcs_url": null, + "copyright": null, + "holder": null, + "declared_license_expression": null, + "declared_license_expression_spdx": null, + "license_detections": [], + "other_license_expression": null, + "other_license_expression_spdx": null, + "other_license_detections": [], + "extracted_license_statement": null, + "notice_text": null, + "source_packages": [], + "file_references": [ + [ + { + "path": "yn", + "size": 0, + "sha1": null, + "md5": null, + "sha256": null, + "sha512": null, + "extra_data": {} + } + ] + ], + "is_private": false, + "is_virtual": true, + "extra_data": {}, + "dependencies": [], + "repository_homepage_url": "https://www.npmjs.com/package/yn", + "repository_download_url": "https://registry.npmjs.org/yn/-/yn-3.1.1.tgz", + "api_data_url": "https://registry.npmjs.org/yn/3.1.1", + "datasource_id": "npm_package_lock_json", + "purl": "pkg:npm/yn@3.1.1" + }, + "extra_data": {} + } + ], + "repository_homepage_url": "https://www.npmjs.com/package/megak", + "repository_download_url": "https://registry.npmjs.org/megak/-/megak-1.0.0.tgz", + "api_data_url": "https://registry.npmjs.org/megak/1.0.0", + "datasource_id": "npm_package_lock_json", + "purl": "pkg:npm/megak@1.0.0" + } +] \ No newline at end of file diff --git a/tests/packagedcode/data/npm/package-lock-local/package-lock.json b/tests/packagedcode/data/npm/package-lock-local/package-lock.json new file mode 100644 index 0000000000..081bf353ba --- /dev/null +++ b/tests/packagedcode/data/npm/package-lock-local/package-lock.json @@ -0,0 +1,37 @@ +{ + "name": "babel-runtime", + "version": "6.23.0", + "lockfileVersion": 1, + "requires": true, + "dependencies": { + "@frontity/flat-theme": { + "version": "file:packages/flat-theme", + "requires": { + "@frontity/components": "^1.3.0", + "@frontity/html2react": "^1.3.0", + "frontity": "^1.5.2", + "react-spinners": "^0.5.4", + "react-spring": "8.0.27" + } + }, + "babel-template": { + "version": "6.25.0", + "resolved": "https://registry.npmjs.org/babel-template/-/babel-template-6.25.0.tgz", + "integrity": "sha1-ZlJBFmt8KqTGGdceGSlpVSsQwHE=", + "dev": true, + "requires": { + "babel-runtime": "6.25.0", + "babel-traverse": "6.25.0", + "babel-types": "6.25.0", + "babylon": "6.18.0", + "lodash": "4.17.4" + } + }, + "to-fast-properties": { + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/to-fast-properties/-/to-fast-properties-1.0.3.tgz", + "integrity": "sha1-uDVx+k2MJbguIxsG46MFXeTKGkc=", + "dev": true + } + } +} diff --git a/tests/packagedcode/data/npm/package-lock-local/package-lock.json-expected b/tests/packagedcode/data/npm/package-lock-local/package-lock.json-expected new file mode 100644 index 0000000000..4ee5c40815 --- /dev/null +++ b/tests/packagedcode/data/npm/package-lock-local/package-lock.json-expected @@ -0,0 +1,364 @@ +[ + { + "type": "npm", + "namespace": "", + "name": "babel-runtime", + "version": "6.23.0", + "qualifiers": {}, + "subpath": null, + "primary_language": "JavaScript", + "description": null, + "release_date": null, + "parties": [], + "keywords": [], + "homepage_url": null, + "download_url": null, + "size": null, + "sha1": null, + "md5": null, + "sha256": null, + "sha512": null, + "bug_tracking_url": null, + "code_view_url": null, + "vcs_url": null, + "copyright": null, + "holder": null, + "declared_license_expression": null, + "declared_license_expression_spdx": null, + "license_detections": [], + "other_license_expression": null, + "other_license_expression_spdx": null, + "other_license_detections": [], + "extracted_license_statement": null, + "notice_text": null, + "source_packages": [], + "file_references": [], + "is_private": false, + "is_virtual": false, + "extra_data": { + "lockfile_version": 1 + }, + "dependencies": [ + { + "purl": "pkg:npm/%40frontity/flat-theme", + "extracted_requirement": null, + "scope": "dependencies", + "is_runtime": true, + "is_optional": false, + "is_pinned": true, + "is_direct": false, + "resolved_package": { + "type": "npm", + "namespace": "@frontity", + "name": "flat-theme", + "version": null, + "qualifiers": {}, + "subpath": null, + "primary_language": "JavaScript", + "description": null, + "release_date": null, + "parties": [], + "keywords": [], + "homepage_url": null, + "download_url": null, + "size": null, + "sha1": null, + "md5": null, + "sha256": null, + "sha512": null, + "bug_tracking_url": null, + "code_view_url": null, + "vcs_url": null, + "copyright": null, + "holder": null, + "declared_license_expression": null, + "declared_license_expression_spdx": null, + "license_detections": [], + "other_license_expression": null, + "other_license_expression_spdx": null, + "other_license_detections": [], + "extracted_license_statement": null, + "notice_text": null, + "source_packages": [], + "file_references": [ + [ + { + "path": "@frontity/flat-theme", + "size": 0, + "sha1": null, + "md5": null, + "sha256": null, + "sha512": null, + "extra_data": {} + } + ] + ], + "is_private": false, + "is_virtual": true, + "extra_data": {}, + "dependencies": [ + { + "purl": "pkg:npm/%40frontity/components", + "extracted_requirement": "^1.3.0", + "scope": "dependencies", + "is_runtime": true, + "is_optional": false, + "is_pinned": false, + "is_direct": true, + "resolved_package": {}, + "extra_data": {} + }, + { + "purl": "pkg:npm/%40frontity/html2react", + "extracted_requirement": "^1.3.0", + "scope": "dependencies", + "is_runtime": true, + "is_optional": false, + "is_pinned": false, + "is_direct": true, + "resolved_package": {}, + "extra_data": {} + }, + { + "purl": "pkg:npm/frontity", + "extracted_requirement": "^1.5.2", + "scope": "dependencies", + "is_runtime": true, + "is_optional": false, + "is_pinned": false, + "is_direct": true, + "resolved_package": {}, + "extra_data": {} + }, + { + "purl": "pkg:npm/react-spinners", + "extracted_requirement": "^0.5.4", + "scope": "dependencies", + "is_runtime": true, + "is_optional": false, + "is_pinned": false, + "is_direct": true, + "resolved_package": {}, + "extra_data": {} + }, + { + "purl": "pkg:npm/react-spring", + "extracted_requirement": "8.0.27", + "scope": "dependencies", + "is_runtime": true, + "is_optional": false, + "is_pinned": false, + "is_direct": true, + "resolved_package": {}, + "extra_data": {} + } + ], + "repository_homepage_url": "https://www.npmjs.com/package/@frontity/flat-theme", + "repository_download_url": null, + "api_data_url": "https://registry.npmjs.org/@frontity%2fflat-theme", + "datasource_id": "npm_package_lock_json", + "purl": "pkg:npm/%40frontity/flat-theme" + }, + "extra_data": { + "version_type": [ + "local" + ], + "url": "file:packages/flat-theme" + } + }, + { + "purl": "pkg:npm/babel-template@6.25.0", + "extracted_requirement": "6.25.0", + "scope": "devDependencies", + "is_runtime": false, + "is_optional": true, + "is_pinned": true, + "is_direct": false, + "resolved_package": { + "type": "npm", + "namespace": "", + "name": "babel-template", + "version": "6.25.0", + "qualifiers": {}, + "subpath": null, + "primary_language": "JavaScript", + "description": null, + "release_date": null, + "parties": [], + "keywords": [], + "homepage_url": null, + "download_url": "https://registry.npmjs.org/babel-template/-/babel-template-6.25.0.tgz", + "size": null, + "sha1": "665241166b7c2aa4c619d71e192969552b10c071", + "md5": null, + "sha256": null, + "sha512": null, + "bug_tracking_url": null, + "code_view_url": null, + "vcs_url": null, + "copyright": null, + "holder": null, + "declared_license_expression": null, + "declared_license_expression_spdx": null, + "license_detections": [], + "other_license_expression": null, + "other_license_expression_spdx": null, + "other_license_detections": [], + "extracted_license_statement": null, + "notice_text": null, + "source_packages": [], + "file_references": [ + [ + { + "path": "babel-template", + "size": 0, + "sha1": null, + "md5": null, + "sha256": null, + "sha512": null, + "extra_data": {} + } + ] + ], + "is_private": false, + "is_virtual": true, + "extra_data": {}, + "dependencies": [ + { + "purl": "pkg:npm/babel-runtime", + "extracted_requirement": "6.25.0", + "scope": "devDependencies", + "is_runtime": false, + "is_optional": true, + "is_pinned": false, + "is_direct": true, + "resolved_package": {}, + "extra_data": {} + }, + { + "purl": "pkg:npm/babel-traverse", + "extracted_requirement": "6.25.0", + "scope": "devDependencies", + "is_runtime": false, + "is_optional": true, + "is_pinned": false, + "is_direct": true, + "resolved_package": {}, + "extra_data": {} + }, + { + "purl": "pkg:npm/babel-types", + "extracted_requirement": "6.25.0", + "scope": "devDependencies", + "is_runtime": false, + "is_optional": true, + "is_pinned": false, + "is_direct": true, + "resolved_package": {}, + "extra_data": {} + }, + { + "purl": "pkg:npm/babylon", + "extracted_requirement": "6.18.0", + "scope": "devDependencies", + "is_runtime": false, + "is_optional": true, + "is_pinned": false, + "is_direct": true, + "resolved_package": {}, + "extra_data": {} + }, + { + "purl": "pkg:npm/lodash", + "extracted_requirement": "4.17.4", + "scope": "devDependencies", + "is_runtime": false, + "is_optional": true, + "is_pinned": false, + "is_direct": true, + "resolved_package": {}, + "extra_data": {} + } + ], + "repository_homepage_url": "https://www.npmjs.com/package/babel-template", + "repository_download_url": "https://registry.npmjs.org/babel-template/-/babel-template-6.25.0.tgz", + "api_data_url": "https://registry.npmjs.org/babel-template/6.25.0", + "datasource_id": "npm_package_lock_json", + "purl": "pkg:npm/babel-template@6.25.0" + }, + "extra_data": {} + }, + { + "purl": "pkg:npm/to-fast-properties@1.0.3", + "extracted_requirement": "1.0.3", + "scope": "devDependencies", + "is_runtime": false, + "is_optional": true, + "is_pinned": true, + "is_direct": false, + "resolved_package": { + "type": "npm", + "namespace": "", + "name": "to-fast-properties", + "version": "1.0.3", + "qualifiers": {}, + "subpath": null, + "primary_language": "JavaScript", + "description": null, + "release_date": null, + "parties": [], + "keywords": [], + "homepage_url": null, + "download_url": "https://registry.npmjs.org/to-fast-properties/-/to-fast-properties-1.0.3.tgz", + "size": null, + "sha1": "b83571fa4d8c25b82e231b06e3a3055de4ca1a47", + "md5": null, + "sha256": null, + "sha512": null, + "bug_tracking_url": null, + "code_view_url": null, + "vcs_url": null, + "copyright": null, + "holder": null, + "declared_license_expression": null, + "declared_license_expression_spdx": null, + "license_detections": [], + "other_license_expression": null, + "other_license_expression_spdx": null, + "other_license_detections": [], + "extracted_license_statement": null, + "notice_text": null, + "source_packages": [], + "file_references": [ + [ + { + "path": "to-fast-properties", + "size": 0, + "sha1": null, + "md5": null, + "sha256": null, + "sha512": null, + "extra_data": {} + } + ] + ], + "is_private": false, + "is_virtual": true, + "extra_data": {}, + "dependencies": [], + "repository_homepage_url": "https://www.npmjs.com/package/to-fast-properties", + "repository_download_url": "https://registry.npmjs.org/to-fast-properties/-/to-fast-properties-1.0.3.tgz", + "api_data_url": "https://registry.npmjs.org/to-fast-properties/1.0.3", + "datasource_id": "npm_package_lock_json", + "purl": "pkg:npm/to-fast-properties@1.0.3" + }, + "extra_data": {} + } + ], + "repository_homepage_url": "https://www.npmjs.com/package/babel-runtime", + "repository_download_url": "https://registry.npmjs.org/babel-runtime/-/babel-runtime-6.23.0.tgz", + "api_data_url": "https://registry.npmjs.org/babel-runtime/6.23.0", + "datasource_id": "npm_package_lock_json", + "purl": "pkg:npm/babel-runtime@6.23.0" + } +] \ No newline at end of file diff --git a/tests/packagedcode/data/npm/package-lock-tarball/package-lock.json b/tests/packagedcode/data/npm/package-lock-tarball/package-lock.json new file mode 100644 index 0000000000..1149d2d2dd --- /dev/null +++ b/tests/packagedcode/data/npm/package-lock-tarball/package-lock.json @@ -0,0 +1,33 @@ +{ + "name": "SaaS_IHRM_Vue", + "version": "1.0.0", + "lockfileVersion": 1, + "requires": true, + "dependencies": { + "abbrev": { + "version": "https://registry.npmjs.org/abbrev/-/abbrev-1.1.0.tgz", + "integrity": "sha1-0FVMIlZjbi9W58LlrRg/hZQo2B8=", + "dev": true + }, + "ansi-regex": { + "version": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-2.1.1.tgz", + "integrity": "sha1-w7M6te42DYbg5ijwRorn7yfWVN8=" + }, + "ansi-styles": { + "version": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-2.2.1.tgz", + "integrity": "sha1-tDLdM1i2NM914eRmQ2gkBTPB3b4=" + }, + "num2fraction": { + "version": "http://registry.npm.taobao.org/num2fraction/download/num2fraction-1.2.2.tgz", + "bundled": true + }, + "postcss": { + "version": "http://registry.npm.taobao.org/postcss/download/postcss-6.0.21.tgz", + "bundled": true + }, + "postcss-value-parser": { + "version": "http://registry.npm.taobao.org/postcss-value-parser/download/postcss-value-parser-3.3.0.tgz", + "bundled": true + } + } +} diff --git a/tests/packagedcode/data/npm/package-lock-tarball/package-lock.json-expected b/tests/packagedcode/data/npm/package-lock-tarball/package-lock.json-expected new file mode 100644 index 0000000000..cf7bde7030 --- /dev/null +++ b/tests/packagedcode/data/npm/package-lock-tarball/package-lock.json-expected @@ -0,0 +1,475 @@ +[ + { + "type": "npm", + "namespace": "", + "name": "SaaS_IHRM_Vue", + "version": "1.0.0", + "qualifiers": {}, + "subpath": null, + "primary_language": "JavaScript", + "description": null, + "release_date": null, + "parties": [], + "keywords": [], + "homepage_url": null, + "download_url": null, + "size": null, + "sha1": null, + "md5": null, + "sha256": null, + "sha512": null, + "bug_tracking_url": null, + "code_view_url": null, + "vcs_url": null, + "copyright": null, + "holder": null, + "declared_license_expression": null, + "declared_license_expression_spdx": null, + "license_detections": [], + "other_license_expression": null, + "other_license_expression_spdx": null, + "other_license_detections": [], + "extracted_license_statement": null, + "notice_text": null, + "source_packages": [], + "file_references": [], + "is_private": false, + "is_virtual": false, + "extra_data": { + "lockfile_version": 1 + }, + "dependencies": [ + { + "purl": "pkg:npm/abbrev@1.1.0", + "extracted_requirement": "1.1.0", + "scope": "devDependencies", + "is_runtime": false, + "is_optional": true, + "is_pinned": true, + "is_direct": false, + "resolved_package": { + "type": "npm", + "namespace": "", + "name": "abbrev", + "version": "1.1.0", + "qualifiers": {}, + "subpath": null, + "primary_language": "JavaScript", + "description": null, + "release_date": null, + "parties": [], + "keywords": [], + "homepage_url": null, + "download_url": null, + "size": null, + "sha1": "d0554c2256636e2f56e7c2e5ad183f859428d81f", + "md5": null, + "sha256": null, + "sha512": null, + "bug_tracking_url": null, + "code_view_url": null, + "vcs_url": null, + "copyright": null, + "holder": null, + "declared_license_expression": null, + "declared_license_expression_spdx": null, + "license_detections": [], + "other_license_expression": null, + "other_license_expression_spdx": null, + "other_license_detections": [], + "extracted_license_statement": null, + "notice_text": null, + "source_packages": [], + "file_references": [ + [ + { + "path": "abbrev", + "size": 0, + "sha1": null, + "md5": null, + "sha256": null, + "sha512": null, + "extra_data": {} + } + ] + ], + "is_private": false, + "is_virtual": true, + "extra_data": {}, + "dependencies": [], + "repository_homepage_url": "https://www.npmjs.com/package/abbrev", + "repository_download_url": "https://registry.npmjs.org/abbrev/-/abbrev-1.1.0.tgz", + "api_data_url": "https://registry.npmjs.org/abbrev/1.1.0", + "datasource_id": "npm_package_lock_json", + "purl": "pkg:npm/abbrev@1.1.0" + }, + "extra_data": { + "version_type": [ + "remote-tarball" + ], + "url": "https://registry.npmjs.org/abbrev/-/abbrev-1.1.0.tgz" + } + }, + { + "purl": "pkg:npm/ansi-regex@2.1.1", + "extracted_requirement": "2.1.1", + "scope": "dependencies", + "is_runtime": true, + "is_optional": false, + "is_pinned": true, + "is_direct": false, + "resolved_package": { + "type": "npm", + "namespace": "", + "name": "ansi-regex", + "version": "2.1.1", + "qualifiers": {}, + "subpath": null, + "primary_language": "JavaScript", + "description": null, + "release_date": null, + "parties": [], + "keywords": [], + "homepage_url": null, + "download_url": null, + "size": null, + "sha1": "c3b33ab5ee360d86e0e628f0468ae7ef27d654df", + "md5": null, + "sha256": null, + "sha512": null, + "bug_tracking_url": null, + "code_view_url": null, + "vcs_url": null, + "copyright": null, + "holder": null, + "declared_license_expression": null, + "declared_license_expression_spdx": null, + "license_detections": [], + "other_license_expression": null, + "other_license_expression_spdx": null, + "other_license_detections": [], + "extracted_license_statement": null, + "notice_text": null, + "source_packages": [], + "file_references": [ + [ + { + "path": "ansi-regex", + "size": 0, + "sha1": null, + "md5": null, + "sha256": null, + "sha512": null, + "extra_data": {} + } + ] + ], + "is_private": false, + "is_virtual": true, + "extra_data": {}, + "dependencies": [], + "repository_homepage_url": "https://www.npmjs.com/package/ansi-regex", + "repository_download_url": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-2.1.1.tgz", + "api_data_url": "https://registry.npmjs.org/ansi-regex/2.1.1", + "datasource_id": "npm_package_lock_json", + "purl": "pkg:npm/ansi-regex@2.1.1" + }, + "extra_data": { + "version_type": [ + "remote-tarball" + ], + "url": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-2.1.1.tgz" + } + }, + { + "purl": "pkg:npm/ansi-styles@2.2.1", + "extracted_requirement": "2.2.1", + "scope": "dependencies", + "is_runtime": true, + "is_optional": false, + "is_pinned": true, + "is_direct": false, + "resolved_package": { + "type": "npm", + "namespace": "", + "name": "ansi-styles", + "version": "2.2.1", + "qualifiers": {}, + "subpath": null, + "primary_language": "JavaScript", + "description": null, + "release_date": null, + "parties": [], + "keywords": [], + "homepage_url": null, + "download_url": null, + "size": null, + "sha1": "b432dd3358b634cf75e1e4664368240533c1ddbe", + "md5": null, + "sha256": null, + "sha512": null, + "bug_tracking_url": null, + "code_view_url": null, + "vcs_url": null, + "copyright": null, + "holder": null, + "declared_license_expression": null, + "declared_license_expression_spdx": null, + "license_detections": [], + "other_license_expression": null, + "other_license_expression_spdx": null, + "other_license_detections": [], + "extracted_license_statement": null, + "notice_text": null, + "source_packages": [], + "file_references": [ + [ + { + "path": "ansi-styles", + "size": 0, + "sha1": null, + "md5": null, + "sha256": null, + "sha512": null, + "extra_data": {} + } + ] + ], + "is_private": false, + "is_virtual": true, + "extra_data": {}, + "dependencies": [], + "repository_homepage_url": "https://www.npmjs.com/package/ansi-styles", + "repository_download_url": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-2.2.1.tgz", + "api_data_url": "https://registry.npmjs.org/ansi-styles/2.2.1", + "datasource_id": "npm_package_lock_json", + "purl": "pkg:npm/ansi-styles@2.2.1" + }, + "extra_data": { + "version_type": [ + "remote-tarball" + ], + "url": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-2.2.1.tgz" + } + }, + { + "purl": "pkg:npm/num2fraction@1.2.2", + "extracted_requirement": "1.2.2", + "scope": "dependencies", + "is_runtime": true, + "is_optional": false, + "is_pinned": true, + "is_direct": false, + "resolved_package": { + "type": "npm", + "namespace": "", + "name": "num2fraction", + "version": "1.2.2", + "qualifiers": {}, + "subpath": null, + "primary_language": "JavaScript", + "description": null, + "release_date": null, + "parties": [], + "keywords": [], + "homepage_url": null, + "download_url": null, + "size": null, + "sha1": null, + "md5": null, + "sha256": null, + "sha512": null, + "bug_tracking_url": null, + "code_view_url": null, + "vcs_url": null, + "copyright": null, + "holder": null, + "declared_license_expression": null, + "declared_license_expression_spdx": null, + "license_detections": [], + "other_license_expression": null, + "other_license_expression_spdx": null, + "other_license_detections": [], + "extracted_license_statement": null, + "notice_text": null, + "source_packages": [], + "file_references": [ + [ + { + "path": "num2fraction", + "size": 0, + "sha1": null, + "md5": null, + "sha256": null, + "sha512": null, + "extra_data": {} + } + ] + ], + "is_private": false, + "is_virtual": true, + "extra_data": {}, + "dependencies": [], + "repository_homepage_url": "https://www.npmjs.com/package/num2fraction", + "repository_download_url": "https://registry.npmjs.org/num2fraction/-/num2fraction-1.2.2.tgz", + "api_data_url": "https://registry.npmjs.org/num2fraction/1.2.2", + "datasource_id": "npm_package_lock_json", + "purl": "pkg:npm/num2fraction@1.2.2" + }, + "extra_data": { + "version_type": [ + "remote-tarball" + ], + "url": "http://registry.npm.taobao.org/num2fraction/download/num2fraction-1.2.2.tgz" + } + }, + { + "purl": "pkg:npm/postcss@6.0.21", + "extracted_requirement": "6.0.21", + "scope": "dependencies", + "is_runtime": true, + "is_optional": false, + "is_pinned": true, + "is_direct": false, + "resolved_package": { + "type": "npm", + "namespace": "", + "name": "postcss", + "version": "6.0.21", + "qualifiers": {}, + "subpath": null, + "primary_language": "JavaScript", + "description": null, + "release_date": null, + "parties": [], + "keywords": [], + "homepage_url": null, + "download_url": null, + "size": null, + "sha1": null, + "md5": null, + "sha256": null, + "sha512": null, + "bug_tracking_url": null, + "code_view_url": null, + "vcs_url": null, + "copyright": null, + "holder": null, + "declared_license_expression": null, + "declared_license_expression_spdx": null, + "license_detections": [], + "other_license_expression": null, + "other_license_expression_spdx": null, + "other_license_detections": [], + "extracted_license_statement": null, + "notice_text": null, + "source_packages": [], + "file_references": [ + [ + { + "path": "postcss", + "size": 0, + "sha1": null, + "md5": null, + "sha256": null, + "sha512": null, + "extra_data": {} + } + ] + ], + "is_private": false, + "is_virtual": true, + "extra_data": {}, + "dependencies": [], + "repository_homepage_url": "https://www.npmjs.com/package/postcss", + "repository_download_url": "https://registry.npmjs.org/postcss/-/postcss-6.0.21.tgz", + "api_data_url": "https://registry.npmjs.org/postcss/6.0.21", + "datasource_id": "npm_package_lock_json", + "purl": "pkg:npm/postcss@6.0.21" + }, + "extra_data": { + "version_type": [ + "remote-tarball" + ], + "url": "http://registry.npm.taobao.org/postcss/download/postcss-6.0.21.tgz" + } + }, + { + "purl": "pkg:npm/postcss-value-parser@3.3.0", + "extracted_requirement": "3.3.0", + "scope": "dependencies", + "is_runtime": true, + "is_optional": false, + "is_pinned": true, + "is_direct": false, + "resolved_package": { + "type": "npm", + "namespace": "", + "name": "postcss-value-parser", + "version": "3.3.0", + "qualifiers": {}, + "subpath": null, + "primary_language": "JavaScript", + "description": null, + "release_date": null, + "parties": [], + "keywords": [], + "homepage_url": null, + "download_url": null, + "size": null, + "sha1": null, + "md5": null, + "sha256": null, + "sha512": null, + "bug_tracking_url": null, + "code_view_url": null, + "vcs_url": null, + "copyright": null, + "holder": null, + "declared_license_expression": null, + "declared_license_expression_spdx": null, + "license_detections": [], + "other_license_expression": null, + "other_license_expression_spdx": null, + "other_license_detections": [], + "extracted_license_statement": null, + "notice_text": null, + "source_packages": [], + "file_references": [ + [ + { + "path": "postcss-value-parser", + "size": 0, + "sha1": null, + "md5": null, + "sha256": null, + "sha512": null, + "extra_data": {} + } + ] + ], + "is_private": false, + "is_virtual": true, + "extra_data": {}, + "dependencies": [], + "repository_homepage_url": "https://www.npmjs.com/package/postcss-value-parser", + "repository_download_url": "https://registry.npmjs.org/postcss-value-parser/-/postcss-value-parser-3.3.0.tgz", + "api_data_url": "https://registry.npmjs.org/postcss-value-parser/3.3.0", + "datasource_id": "npm_package_lock_json", + "purl": "pkg:npm/postcss-value-parser@3.3.0" + }, + "extra_data": { + "version_type": [ + "remote-tarball" + ], + "url": "http://registry.npm.taobao.org/postcss-value-parser/download/postcss-value-parser-3.3.0.tgz" + } + } + ], + "repository_homepage_url": "https://www.npmjs.com/package/SaaS_IHRM_Vue", + "repository_download_url": "https://registry.npmjs.org/SaaS_IHRM_Vue/-/SaaS_IHRM_Vue-1.0.0.tgz", + "api_data_url": "https://registry.npmjs.org/SaaS_IHRM_Vue/1.0.0", + "datasource_id": "npm_package_lock_json", + "purl": "pkg:npm/saas_ihrm_vue@1.0.0" + } +] \ No newline at end of file diff --git a/tests/packagedcode/test_npm.py b/tests/packagedcode/test_npm.py index 0be0bfe0ca..f089deb643 100644 --- a/tests/packagedcode/test_npm.py +++ b/tests/packagedcode/test_npm.py @@ -289,6 +289,24 @@ def test_parse_package_lock_v2_alias(self): packages = npm.NpmPackageLockJsonHandler.parse(test_file) self.check_packages_data(packages, expected_loc, regen=REGEN_TEST_FIXTURES) + def test_parse_package_lock_with_git_sources(self): + test_file = self.get_test_loc('npm/package-lock-git/package-lock.json') + expected_loc = self.get_test_loc('npm/package-lock-git/package-lock.json-expected') + packages = npm.NpmPackageLockJsonHandler.parse(test_file) + self.check_packages_data(packages, expected_loc, regen=REGEN_TEST_FIXTURES) + + def test_parse_package_lock_with_tarball_sources(self): + test_file = self.get_test_loc('npm/package-lock-tarball/package-lock.json') + expected_loc = self.get_test_loc('npm/package-lock-tarball/package-lock.json-expected') + packages = npm.NpmPackageLockJsonHandler.parse(test_file) + self.check_packages_data(packages, expected_loc, regen=REGEN_TEST_FIXTURES) + + def test_parse_package_lock_with_local_sources(self): + test_file = self.get_test_loc('npm/package-lock-local/package-lock.json') + expected_loc = self.get_test_loc('npm/package-lock-local/package-lock.json-expected') + packages = npm.NpmPackageLockJsonHandler.parse(test_file) + self.check_packages_data(packages, expected_loc, regen=REGEN_TEST_FIXTURES) + def test_is_datafile_npm_shrinkwrap_json(self): test_file = self.get_test_loc('npm/npm-shrinkwrap/npm-shrinkwrap.json') assert npm.NpmShrinkwrapJsonHandler.is_datafile(test_file)