nodejs-lockfile-parser
nodejs-lockfile-parser copied to clipboard
fix: throw 'not implemented' error in buildDepTree for npm v2/v3 lockfiles
- [ ] Tests written and linted
- [ ] Documentation written / README.md updated https://snyk.io/docs/snyk-for-node/
- [ ] Follows CONTRIBUTING agreement
- [ ] Commit history is tidy https://git-scm.com/book/en/v2/Git-Branching-Rebasing
- [ ] Reviewed by Snyk team
What this does
throw not implemented
error in buildDepTree
for npm v2/v3 lockfiles
better than OutOfSyncError
from getDependencyTree
OutOfSyncError: Dependency @cycle/http was not found in package-lock.json. Your package.json and package-lock.json are probably out of sync. Please run "npm install" and try again.
at PackageLockParser.getDependencyTree (node_modules/snyk-nodejs-lockfile-parser/dist/parsers/lock-parser-base.js:124:27)
at async PackageLockParser.getDependencyTree (node_modules/snyk-nodejs-lockfile-parser/dist/parsers/package-lock-parser.js:28:32)
code: 422,
dependencyName: '@cycle/http',
lockFileType: 'npm7'
problem in PackageLockParser.getDepMap
:
packageLock.dependencies is undefined, it should use packageLock.packages
https://github.com/snyk/nodejs-lockfile-parser/blob/103bb2de2e8391fab2b35c57e8c64b14e8205e3e/lib/parsers/package-lock-parser.ts#L110
so the not implemented
error is thrown in getDepMap
before calling flattenLockfileRec
to implement support for v2/v3 npm lockfiles, a good place would be getDepMap
protected getDepMapV2(packageLock: PackageLock): DepMap {
// TODO implement
}
protected getDepMap(lockfile: Lockfile): DepMap {
const packageLock = lockfile as PackageLock;
if (packageLock.lockfileVersion == 2) {
return this.getDepMapV2(packageLock);
}
Notes for the reviewer
low priority