ort
ort copied to clipboard
oss-review-toolkit
NPM analyzer not recognize package.json if contains workspaces
I wanted to analyse az NPM project with ORT, but it don't recognize the project (it has package-lock.json file).
Command how I run:
ort analyze -m npm -i /scan/frontend/ -o /tmp/ort-frontend/
________ _____________________
\_____ \\______ \__ ___/ the OSS Review Toolkit, version 099677ef14.
/ | \| _/ | |
/ | \ | \ | | Running 'analyze' under Java 17.0.2 on Linux with
\_______ /____|_ / |____| 16 CPUs and a maximum of 7956 MiB of memory.
\/ \/
Environment variables:
ORT_CONFIG_DIR = /root/.ort/config
ORT_DATA_DIR = /root/.ort
TERM = xterm
Looking for analyzer-specific configuration in the following files and directories:
/root/.ort/config/curations.yml (does not exist)
/root/.ort/config/curations (does not exist)
/scan/frontend/.ort.yml (does not exist)
/root/.ort/config/resolutions.yml (does not exist)
The following package managers are activated:
NPM
Analyzing project path:
/scan/frontend
No definition files found.
Found 0 project(s) and 0 package(s) in total (not counting excluded ones).
Applied 0 curation(s) from 1 provider(s).
Writing analyzer result to '/tmp/ort-frontend/analyzer-result.yml'.
Resolved issues: 0 errors, 0 warnings, 0 hints.
Unresolved issues: 0 errors, 0 warnings, 0 hints.
package.json:
{
"name": "random-project",
"version": "0.1.0",
"private": true,
"license": "UNLICENSED",
"scripts": {
"lint": "npm run lint --workspaces",
"lint-fix": "npm run lint-fix --workspaces",
"format": "npm run format --workspaces",
"format-check": "npm run format-check --workspaces",
"spell": "cspell \"**/*\"",
"build": "npm run build --workspaces",
"test": "npm run test --workspaces",
"test-silent": "npm run test-silent --workspaces",
"test:coverage": "npm run test:coverage --workspaces "
},
"dependencies": {
"typescript": "^4.4.4",
"@types/node": "^16.11.7",
"@types/react": "^17.0.34",
"@types/react-dom": "^17.0.11"
},
"devDependencies": {
"@types/jest": "^26.0.0",
"@types/lodash": "^4.14.176",
"@types/react-router-dom": "^5.3.2",
"@types/styled-components": "^5.1.15",
"@typescript-eslint/eslint-plugin": "^4.28.4",
"@typescript-eslint/parser": "^4.33.0",
"babel-plugin-styled-components": "^2.0.2",
"cross-env": "^7.0.3",
"eslint": "^7.31.0",
"eslint-config-airbnb": "^19.0.0",
"eslint-config-airbnb-base": "^15.0.0",
"eslint-config-prettier": "^8.3.0",
"eslint-plugin-import": "^2.23.4",
"eslint-plugin-jest": "^25.2.4",
"eslint-plugin-jsx-a11y": "^6.4.1",
"eslint-plugin-prettier": "^4.0.0",
"eslint-plugin-react": "^7.24.0",
"eslint-plugin-react-hooks": "^4.2.0",
"eslint-plugin-sort-imports-es6-autofix": "^0.6.0",
"jest": "26.6.0",
"npm-run-all": "^4.1.5",
"prettier": "^2.3.2",
"ts-jest": "^26.0.0"
},
"workspaces": [
"packages/workspace-one",
"packages/workspace-two"
]
}
Looks like we currently assume anything with workspaces to be a Yarn project:
https://github.com/oss-review-toolkit/ort/blob/11150b4d0298fe09f24f671f63263806e3a0b167/analyzer/src/main/kotlin/managers/utils/NodeSupport.kt#L140-L151
@mecseid - would ort analyze -m yarn -i /scan/frontend/ -o /tmp/ort-frontend/ work around the problem?
@fviernau Yes, it works, but it will not use the package-lock.json, and instead of npm ci (or yarn install --frozen-lockfile) it will run a simple yarn install.
@ppuritscher @porsche-rishisaxena this is the issue you're also affected by.
@mecseid mind giving https://github.com/oss-review-toolkit/ort/pull/7979 a try?