fix: package-json.lock files are generated even if npm is not the package manager

README.md

@@ -157,8 +157,8 @@ public class ExhortExample {
         CompletableFuture<MixedReport> mixedStackReport = exhortApi.stackAnalysisMixed("/path/to/pom.xml");
 
         // get a AnalysisReport future holding a deserialized Component Analysis report
-        var manifestContent = Files.readAllBytes(Paths.get("/path/to/pom.xml"));
-        CompletableFuture<AnalysisReport> componentReport = exhortApi.componentAnalysis("pom.xml", manifestContent);
+        var manifestContent = Files.readAllBytes(Path.of("/path/to/pom.xml"));
+        CompletableFuture<AnalysisReport> componentReport = exhortApi.componentAnalysis("/path/to/pom.xml", manifestContent);
     }
 }
 ```

pom.xml

@@ -23,10 +23,10 @@
     <jakarta.mail.version>2.0.2</jakarta.mail.version>
     <cyclonedx.version>7.3.2</cyclonedx.version>
     <!-- Testing Dependencies -->
-    <assertj.version>3.24.2</assertj.version>
-    <junit-jupiter.version>5.9.1</junit-jupiter.version>
-    <junit-pioneer.version>2.0.1</junit-pioneer.version>
-    <mockito.version>5.3.1</mockito.version>
+    <assertj.version>3.27.3</assertj.version>
+    <junit-jupiter.version>5.10.5</junit-jupiter.version>
+    <junit-pioneer.version>2.3.0</junit-pioneer.version>
+    <mockito.version>5.17.0</mockito.version>
     <!-- Plugins -->
     <maven-clean-plugin.version>3.2.0</maven-clean-plugin.version>
     <maven-compiler-plugin.version>3.11.0</maven-compiler-plugin.version>
@@ -42,18 +42,18 @@
     <maven-resources-plugin.version>3.3.1</maven-resources-plugin.version>
     <maven-site-plugin.version>4.0.0-M6</maven-site-plugin.version>
     <maven-source-plugin.version>3.2.1</maven-source-plugin.version>
-    <maven-surefire-plugin.version>3.1.2</maven-surefire-plugin.version>
+    <maven-surefire-plugin.version>3.5.3</maven-surefire-plugin.version>
     <build-helper-maven-plugin.version>3.4.0</build-helper-maven-plugin.version>
     <extra-enforcer-rules.version>1.6.2</extra-enforcer-rules.version>
     <flatten-maven-plugin.version>1.4.1</flatten-maven-plugin.version>
     <jacoco-maven-plugin.version>0.8.10</jacoco-maven-plugin.version>
-    <junit-platform-maven-plugin.version>1.1.7</junit-platform-maven-plugin.version>
+    <junit-platform-maven-plugin.version>1.1.8</junit-platform-maven-plugin.version>
     <license-maven-plugin.version>4.1</license-maven-plugin.version>
     <openapi-generator-maven-plugin.version>6.6.0</openapi-generator-maven-plugin.version>
     <pitest-maven.version>1.13.2</pitest-maven.version>
     <pitest-junit5-plugin.version>1.1.2</pitest-junit5-plugin.version>
     <versions-maven-plugin.version>2.15.0</versions-maven-plugin.version>
-    <maven-failsafe-plugin.version>3.2.5</maven-failsafe-plugin.version>
+    <maven-failsafe-plugin.version>3.5.3</maven-failsafe-plugin.version>
   </properties>
 
   <licenses>
@@ -215,11 +215,6 @@
       <artifactId>junit-jupiter-api</artifactId>
       <scope>test</scope>
     </dependency>
-<!--    <dependency>-->
-<!--      <groupId>org.junit.jupiter</groupId>-->
-<!--      <artifactId>junit-jupiter-engine</artifactId>-->
-<!--      <scope>test</scope>-->
-<!--    </dependency>-->
     <dependency>
       <groupId>org.junit.jupiter</groupId>
       <artifactId>junit-jupiter-params</artifactId>
@@ -453,7 +448,6 @@ limitations under the License.]]>
       <plugin>
         <groupId>de.sormuras.junit</groupId>
         <artifactId>junit-platform-maven-plugin</artifactId>
-<!--        <extensions>true</extensions>-->
         <executions>
           <execution>
             <id>Launch JUNit Platform</id>
@@ -464,10 +458,6 @@ limitations under the License.]]>
           </execution>
         </executions>
         <configuration>
-<!--          <tags>-->
-<!--            <tag>ExhortApi</tag>-->
-<!--            <tag>Operations</tag>-->
-<!--          </tags>-->
           <skip>${skip.junit_platform}</skip>
           <classNamePatterns>
             <pattern>.*Exhort_Api_Test</pattern>

src/main/java/com/redhat/exhort/Api.java

@@ -99,15 +99,15 @@ public int hashCode() {
   /**
    * Use for creating a component analysis deserialized Json report for a given type and content.
    *
-   * @param manifestType the type of the manifest, i.e. {@code pom.xml}
+   * @param manifest the path of the manifest, example {@code /path/to/pom.xml}
    * @param manifestContent a byte array of the manifest's content
    * @return the deserialized Json report as an AnalysisReport wrapped in a CompletableFuture
    * @throws IOException when failed to load the manifest content
    */
-  CompletableFuture<AnalysisReport> componentAnalysis(String manifestType, byte[] manifestContent)
+  CompletableFuture<AnalysisReport> componentAnalysis(String manifest, byte[] manifestContet)
       throws IOException;
 
-  CompletableFuture<AnalysisReport> componentAnalysis(String manifestFile) throws IOException;
+  CompletableFuture<AnalysisReport> componentAnalysis(String manifest) throws IOException;
 
   CompletableFuture<Map<ImageRef, AnalysisReport>> imageAnalysis(Set<ImageRef> imageRefs)
       throws IOException;

src/main/java/com/redhat/exhort/Provider.java

@@ -25,6 +25,9 @@
  * manifest type for constructing backend requests.
  */
 public abstract class Provider {
+
+  public static final String PROP_MATCH_MANIFEST_VERSIONS = "MATCH_MANIFEST_VERSIONS";
+
   /**
    * Content is used to aggregate a content buffer and a content type. These will be used to
    * construct the backend API request.
@@ -42,29 +45,32 @@ public Content(byte[] buffer, String type) {
   /** The ecosystem of this provider, i.e. maven. */
   public final Ecosystem.Type ecosystem;
 
+  public final Path manifest;
+
   protected final ObjectMapper objectMapper = new ObjectMapper();
 
-  protected Provider(Ecosystem.Type ecosystem) {
+  protected Provider(Ecosystem.Type ecosystem, Path manifest) {
     this.ecosystem = ecosystem;
+    this.manifest = manifest;
   }
 
   /**
    * Use for providing content for a stack analysis request.
    *
-   * @param manifestPath the Path for the manifest file
    * @return A Content record aggregating the body content and content type
    * @throws IOException when failed to load the manifest file
    */
-  public abstract Content provideStack(Path manifestPath) throws IOException;
+  public abstract Content provideStack() throws IOException;
 
   /**
    * Use for providing content for a component analysis request.
    *
-   * @param manifestContent the content of the manifest file
    * @return A Content record aggregating the body content and content type
    * @throws IOException when failed to load the manifest content
    */
-  public abstract Content provideComponent(byte[] manifestContent) throws IOException;
+  public abstract Content provideComponent() throws IOException;
 
-  public abstract Content provideComponent(Path manifestPath) throws IOException;
+  public boolean validateLockFile(Path lockFile) {
+    return true;
+  }
 }

src/main/java/com/redhat/exhort/api/PackageRef.java

@@ -24,8 +24,6 @@
 
 public class PackageRef {
 
-  private static final String MAVEN_TYPE = "maven";
-
   @JsonSerialize(using = PackageURLSerializer.class)
   @JsonValue
   private final PackageURL purl;

src/main/java/com/redhat/exhort/image/ImageUtils.java

@@ -16,27 +16,24 @@
 package com.redhat.exhort.image;
 
 import static com.redhat.exhort.image.Platform.EMPTY_PLATFORM;
-import static com.redhat.exhort.impl.ExhortApi.getStringValueEnvironment;
 
 import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.databind.JsonNode;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.fasterxml.jackson.databind.node.ObjectNode;
 import com.fasterxml.jackson.databind.node.TextNode;
 import com.github.packageurl.MalformedPackageURLException;
-import com.redhat.exhort.logging.LoggersFactory;
 import com.redhat.exhort.tools.Operations;
+import com.redhat.exhort.utils.Environment;
 import java.io.File;
 import java.io.IOException;
 import java.util.AbstractMap;
-import java.util.ArrayList;
 import java.util.Collections;
 import java.util.EnumSet;
 import java.util.List;
 import java.util.Map;
 import java.util.Objects;
 import java.util.function.Supplier;
-import java.util.logging.Logger;
 import java.util.stream.Collectors;
 import java.util.stream.StreamSupport;
 
@@ -59,8 +56,6 @@ public class ImageUtils {
   private static final String MEDIA_TYPE_OCI1_MANIFEST_LIST =
       "application/vnd.oci.image.index.v1+json";
 
-  private static final Logger logger = LoggersFactory.getLogger(ImageUtils.class.getName());
-
   private static final ObjectMapper OBJECT_MAPPER = new ObjectMapper();
 
   private static final Map<String, String> archMapping =
@@ -95,7 +90,7 @@ public class ImageUtils {
           new AbstractMap.SimpleEntry<>("aarch64", "v8"));
 
   static String updatePATHEnv(String execPath) {
-    String path = System.getenv("PATH");
+    String path = Environment.get("PATH");
     if (path != null) {
       return String.format("PATH=%s%s%s", path, File.pathSeparator, execPath);
     } else {
@@ -133,8 +128,8 @@ static Operations.ProcessExecOutput execSyft(ImageRef imageRef) {
     var docker = Operations.getCustomPathOrElse("docker");
     var podman = Operations.getCustomPathOrElse("podman");
 
-    var syftConfigPath = getStringValueEnvironment(EXHORT_SYFT_CONFIG_PATH, "");
-    var imageSource = getStringValueEnvironment(EXHORT_SYFT_IMAGE_SOURCE, "");
+    var syftConfigPath = Environment.get(EXHORT_SYFT_CONFIG_PATH, "");
+    var imageSource = Environment.get(EXHORT_SYFT_IMAGE_SOURCE, "");
     SyftImageSource.getImageSource(imageSource);
 
     var dockerPath =
@@ -199,29 +194,23 @@ static List<String> getSyftEnvs(String dockerPath, String podmanPath) {
     } else if (!podmanPath.isEmpty()) {
       path = podmanPath;
     }
-    var envPath = path != null ? updatePATHEnv(path) : null;
-
-    List<String> envs = new ArrayList<>(1);
-    if (envPath != null) {
-      envs.add(envPath);
-    }
-    return envs;
+    return path != null ? List.of(updatePATHEnv(path)) : Collections.emptyList();
   }
 
   public static Platform getImagePlatform() {
-    var platform = getStringValueEnvironment(EXHORT_IMAGE_PLATFORM, "");
+    var platform = Environment.get(EXHORT_IMAGE_PLATFORM, "");
     if (!platform.isEmpty()) {
       return new Platform(platform);
     }
 
-    var imageSource = getStringValueEnvironment(EXHORT_SYFT_IMAGE_SOURCE, "");
+    var imageSource = Environment.get(EXHORT_SYFT_IMAGE_SOURCE, "");
     SyftImageSource source = SyftImageSource.getImageSource(imageSource);
 
-    var os = getStringValueEnvironment(EXHORT_IMAGE_OS, "");
+    var os = Environment.get(EXHORT_IMAGE_OS, "");
     if (os.isEmpty()) {
       os = source.getOs();
     }
-    var arch = getStringValueEnvironment(EXHORT_IMAGE_ARCH, "");
+    var arch = Environment.get(EXHORT_IMAGE_ARCH, "");
     if (arch.isEmpty()) {
       arch = source.getArch();
     }
@@ -230,7 +219,7 @@ public static Platform getImagePlatform() {
         return new Platform(os, arch, null);
       }
 
-      var variant = getStringValueEnvironment(EXHORT_IMAGE_VARIANT, "");
+      var variant = Environment.get(EXHORT_IMAGE_VARIANT, "");
       if (variant.isEmpty()) {
         variant = source.getVariant();
       }
@@ -429,8 +418,8 @@ static Map<Platform, String> getSingleImageDigest(ImageRef imageRef)
   static Operations.ProcessExecOutput execSkopeoInspect(ImageRef imageRef, boolean raw) {
     var skopeo = Operations.getCustomPathOrElse("skopeo");
 
-    var configPath = getStringValueEnvironment(EXHORT_SKOPEO_CONFIG_PATH, "");
-    var daemonHost = getStringValueEnvironment(EXHORT_IMAGE_SERVICE_ENDPOINT, "");
+    var configPath = Environment.get(EXHORT_SKOPEO_CONFIG_PATH, "");
+    var daemonHost = Environment.get(EXHORT_IMAGE_SERVICE_ENDPOINT, "");
 
     String[] cmd;
     if (daemonHost.isEmpty()) {