licensee icon indicating copy to clipboard operation
licensee copied to clipboard
verified publisher icon cashapp

Support Kotlin JS npm dependencies

Open hfhbd opened this issue 2 years ago • 2 comments

Currently, we support Maven coordinates only. Kotlin JS also supports npm dependencies, which would be nice to support too to have one dependency (and spdx) report. npm stores the license information in the package.json, so parsing these files is easy, it is json and we already uses kotlinx-serialization.

Open question: How to get these files: Could we use Gradle's downloader (somehow)? What about configuration cache? How does KGP fetch the dependencies. AFAIK it is done by yarn during execution (kotlinNodeJsSetup), but we should check it.

(Related, what about cocoapods?)

hfhbd avatar May 18 '23 08:05 hfhbd

Assuming we can get access to the node_modules directory in a stable way, its format is standardized (I think?) and contains all of the package.json files for parsing.

JakeWharton avatar May 19 '23 19:05 JakeWharton

Presumably also have to depend on whatever task is responsible for running the yarn install.

JakeWharton avatar May 19 '23 19:05 JakeWharton