component-detection icon indicating copy to clipboard operation
component-detection copied to clipboard

Published 20 hours ago verified publisher icon microsoft

Add PNPM 6 support

Open grvillic opened this issue 3 years ago • 1 comments

Context

Detector scans PNPM 5 properly and picks up all dependencies as expected, same can't be said for PNPM 6. It seems that PNPM 6 is having silent failures when parsing pnpm-lock.yaml files, hence not only it doesn't pick up any dependency, but it makes it hard to realize the lack of coverage.

Problem

  • Lack of PNPM 6 Support
  • Silent failures

Error log: LogFailedReadingFile logged SyntaxErrorException: (Line: 20485, Col: 135, Idx: 618058) - (Line: 20485, Col: 139, Idx: 618062): While scanning a plain scalar, find unexpected ':'

Solution

Add support for PNPM 6 detection and parsing

grvillic avatar Dec 09 '21 15:12 grvillic

One of the potential issues I've found while investigating this is the use of github URLs in pnpm-lock.yaml files instead of component versions, ex:

"github.com/xmldom/xmldom/c568938641cc1f121cef5b4df80fcfda1e489b6e"
"github.com/faisalil/react-native-mock/[email protected]"
"github.com/joonhocho/react-native-android-action-sheet/f7436395ffb41e23a7770de18601d703913b5a95"

cobya avatar Mar 28 '22 18:03 cobya