Fix the issue of direct/transitive for Npm (#176)

* Fix the issue of direct/transitive for Npm --------- Signed-off-by: Jiyeong Seok <[email protected]>
fosslight · Oct 13, 2023 · a13b2e4 · a13b2e4
1 parent 46d363f
commit a13b2e4
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 4 deletions.
diff --git a/requirements.txt b/requirements.txt
@@ -4,7 +4,7 @@ lxml
 virtualenv
 pyyaml
 lastversion
-fosslight_util>=1.4.24
+fosslight_util>=1.4.29
 PyGithub
 requirements-parser
 defusedxml
diff --git a/src/fosslight_dependency/package_manager/Npm.py b/src/fosslight_dependency/package_manager/Npm.py
@@ -42,7 +42,7 @@ def start_license_checker(self):
  tmp_custom_json = 'custom.json'
  license_checker_cmd = f'license-checker --excludePrivatePackages --production --json --out {self.input_file_name}'
  custom_path_option = ' --customPath '
- npm_install_cmd = 'npm install --prod'
+ npm_install_cmd = 'npm install --omit=dev'
 
  if os.path.isdir(node_modules) != 1:
  logger.info("node_modules directory is not existed. So it executes 'npm install'.")
@@ -64,6 +64,8 @@ def start_license_checker(self):
  else:
  self.append_input_package_list_file(self.input_file_name)
 
+ if self.flag_tmp_node_modules:
+ shutil.rmtree(node_modules, ignore_errors=True)
  os.remove(tmp_custom_json)
 
  return ret
@@ -77,13 +79,19 @@ def make_custom_json(self, tmp_custom_json):
  def parse_rel_dependencies(self, rel_name, rel_ver, rel_dependencies):
  _dependencies = 'dependencies'
  _version = 'version'
+ _peer = 'peerMissing'
 
  for rel_dep_name in rel_dependencies.keys():
  # Optional, non-installed dependencies are listed as empty objects
  if rel_dependencies[rel_dep_name] == {}:
  continue
+ if _peer in rel_dependencies[rel_dep_name]:
+ if rel_dependencies[rel_dep_name][_peer]:
+ continue
  if f'{rel_name}({rel_ver})' not in self.relation_tree:
  self.relation_tree[f'{rel_name}({rel_ver})'] = []
+ elif f'{rel_dep_name}({rel_dependencies[rel_dep_name][_version]})' in self.relation_tree[f'{rel_name}({rel_ver})']:
+ continue
  self.relation_tree[f'{rel_name}({rel_ver})'].append(f'{rel_dep_name}({rel_dependencies[rel_dep_name][_version]})')
  if _dependencies in rel_dependencies[rel_dep_name]:
  self.parse_rel_dependencies(rel_dep_name, rel_dependencies[rel_dep_name][_version],
@@ -94,7 +102,7 @@ def parse_transitive_relationship(self):
  _version = 'version'
  _name = 'name'
 
- cmd = 'npm ls -a --prod --json -s'
+ cmd = 'npm ls -a --omit=dev --json -s'
  result = subprocess.run(cmd, shell=True, capture_output=True, text=True)
  rel_tree = result.stdout
  if rel_tree is None:
@@ -114,7 +122,15 @@ def parse_transitive_relationship(self):
 
  def parse_direct_dependencies(self):
  try:
- self.parse_transitive_relationship()
+ if os.path.isfile(const.SUPPORT_PACKAE.get(self.package_manager_name)):
+ if not self.flag_tmp_node_modules:
+ shutil.move(node_modules, f'tmp_fl_{node_modules}')
+ self.parse_transitive_relationship()
+ if not self.flag_tmp_node_modules:
+ shutil.move(f'tmp_fl_{node_modules}', node_modules)
+ else:
+ logger.info('Direct/transitive support is not possible because the package.json file does not exist.')
+ self.direct_dep = False
  except Exception as e:
  logger.warning(f'Cannot print direct/transitive dependency: {e}')
  self.direct_dep = False