Outdated package normalization

[MartinKolarik]

Looking into #657, I found npm now allows the repository property to be a string:

For GitHub, GitHub gist, Bitbucket, or GitLab repositories you can use the same shortcut syntax you use for npm install:

{
  "repository": "npm/npm",
  "repository": "github:user/repo",
  "repository": "gist:11081aaa281",
  "repository": "bitbucket:user/repo",
  "repository": "gitlab:user/repo"
}

The first case (not sure about others right now) isn't currently handled correctly:

	"githubRepo": null, // should not be null
	"repository": {
		"type": "git",
		"url": "npm/security-holder", // probably should be an actual URL?
		"project": "security-holder",
		"user": "npm",
		"host": "github.com",
		"path": "",
		"branch": "master"
	},

Npm's tool normalize-package-data normalizes this to the object format in the latest version. As it turns out, however, nice-package, which is used in this project, doesn't use normalize-package-data despite claiming so in the readme, it uses normalize-registry-metadata instead, which seems abandoned.

The reason repository has at least some information is it goes through hosted-git-info as well, which handles this format. This is likely not blocking #657 since we can check for repository.project and repository.user but still, the normalization library looks fairly outdated and there may be various other cases where it doesn't parse correct data.

[Haroenv]

Great catch, I wasn't aware that the normalisation has changed

[MartinKolarik]

Note that we currently don't handle repository.directory field because of the old hosted-git-info version. Might be something to fix on our side if we don't decide to upgrade that package as the field is useful for mono repos: https://github.com/jupyterlab/jupyterlab/issues/6443

[Haroenv]

Maybe we switch to the new version, but patch the breaking changes?

[MartinKolarik]

Maybe we switch to the new version, but patch the breaking changes?

It's an option for sure.