Skip to content

Commit

Permalink
fix(node): Represent workspace submodules as Projects
Browse files Browse the repository at this point in the history 
Previously, the submodules of any `Yarn` or `Pnpm` workspaces were
represented as packages. This was inconsistent, because ORT normally
represents any definition files found in the analyzed sources as a
`Project`, not as a `Package`. Besides being inconsistent, the `Package`
representation renders the `ort.yml` features unusable. For example,
workspace submodules could not be excluded via path excludes.
Furthermore, the previous implementation represented the workspace root
project (in case of Pnpm) as both, as a `Package` and as a `Project`.
Finally, the previous Package representation of a submodule did not have
any reference from any project scope. As a consequnce, any (license)
policy rules which operates only on non-excluded dependencies would have
disregarded the submodules and their transitive dependencies,
potentially leading to an incorrect underreporting of rule violations.

Extend the `NpmModuleInfo` class by the flag `isProject` and make use of
it in the `NpmDependencyHandler` for creating the packages and
determining the linkage type. This change guarantees that
`parsePackage()` is no more called for `Project`s, but only for
`Package`s which is why the project-specific logic is dropped from
`parsePackage()`. For projects the dedicated `parseProjects()` is now
consistently used instead.

As in the new representation there are no more unreferenced packages,
the dependency handler does take care of creating all packages. So, the
logic which calls `graph.addPackage()` for each module returned by
`parseInstalledModules()` became unnecessary and is dropped.

Note: This commit fixes multiple things at once, because it seemed too
complicated to fix each issue separately due to various chicken-egg
like problems.

Fixes #9196, fixes #8940.

Signed-off-by: Frank Viernau <[email protected]>
  • Loading branch information
@fviernau @sschuberth
fviernau authored and sschuberth committed Oct 8, 2024
1 parent 5884b02 commit 685e636
Show file tree
Hide file tree
Showing 6 changed files with 229 additions and 360 deletions.
242 changes: 92 additions & 150 deletions ...e-managers/node/src/funTest/assets/projects/synthetic/pnpm/workspaces-expected-output.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,42 @@ analyzer:
skip_excluded: false
result:
projects:
- id: "PNPM::pnpm-app-example:1.1.4"
definition_file_path: "plugins/package-managers/node/src/funTest/assets/projects/synthetic/pnpm/workspaces/src/app/package.json"
authors:
- "DavidWells"
declared_licenses:
- "ISC"
declared_licenses_processed:
spdx_expression: "ISC"
vcs:
type: ""
url: ""
revision: ""
path: ""
vcs_processed:
type: "Git"
url: "<REPLACE_URL_PROCESSED>"
revision: "<REPLACE_REVISION>"
path: "plugins/package-managers/node/src/funTest/assets/projects/synthetic/pnpm/workspaces/src/app"
homepage_url: ""
scopes:
- name: "dependencies"
dependencies:
- id: "PNPM::testing-pnpm-package-a:1.0.2"
linkage: "PROJECT_DYNAMIC"
dependencies:
- id: "NPM::chalk:5.0.1"
- id: "NPM::is-even:1.0.0"
dependencies:
- id: "NPM::is-odd:0.1.2"
dependencies:
- id: "NPM::is-number:3.0.0"
dependencies:
- id: "NPM::kind-of:3.2.2"
dependencies:
- id: "NPM::is-buffer:1.1.6"
- id: "NPM::sax:1.2.4"
- id: "PNPM::pnpm-workspaces:1.0.1"
definition_file_path: "plugins/package-managers/node/src/funTest/assets/projects/synthetic/pnpm/workspaces/package.json"
authors:
Expand All @@ -50,16 +86,31 @@ analyzer:
scopes:
- name: "dependencies"
dependencies:
- id: "NPM::chalk:4.0.0"
- id: "NPM::json-stable-stringify:1.0.1"
dependencies:
- id: "NPM::ansi-styles:4.3.0"
dependencies:
- id: "NPM::color-convert:2.0.1"
dependencies:
- id: "NPM::color-name:1.1.4"
- id: "NPM::supports-color:7.2.0"
dependencies:
- id: "NPM::has-flag:4.0.0"
- id: "NPM::jsonify:0.0.0"
- id: "PNPM::testing-pnpm-package-a:1.0.2"
definition_file_path: "plugins/package-managers/node/src/funTest/assets/projects/synthetic/pnpm/workspaces/src/packages/package-a/package.json"
authors:
- "Marcel Bochtler"
declared_licenses:
- "ISC"
declared_licenses_processed:
spdx_expression: "ISC"
vcs:
type: ""
url: ""
revision: ""
path: ""
vcs_processed:
type: "Git"
url: "<REPLACE_URL_PROCESSED>"
revision: "<REPLACE_REVISION>"
path: "plugins/package-managers/node/src/funTest/assets/projects/synthetic/pnpm/workspaces/src/packages/package-a"
homepage_url: ""
scopes:
- name: "dependencies"
dependencies:
- id: "NPM::chalk:5.0.1"
- id: "NPM::is-even:1.0.0"
dependencies:
Expand All @@ -70,28 +121,7 @@ analyzer:
- id: "NPM::kind-of:3.2.2"
dependencies:
- id: "NPM::is-buffer:1.1.6"
- id: "NPM::json-stable-stringify:1.0.1"
dependencies:
- id: "NPM::jsonify:0.0.0"
- id: "NPM::pnpm-workspaces:1.0.1"
dependencies:
- id: "NPM::json-stable-stringify:1.0.1"
dependencies:
- id: "NPM::jsonify:0.0.0"
- id: "NPM::sax:1.2.4"
- id: "NPM::testing-pnpm-package-a:1.0.2"
dependencies:
- id: "NPM::chalk:5.0.1"
- id: "NPM::is-even:1.0.0"
dependencies:
- id: "NPM::is-odd:0.1.2"
dependencies:
- id: "NPM::is-number:3.0.0"
dependencies:
- id: "NPM::kind-of:3.2.2"
dependencies:
- id: "NPM::is-buffer:1.1.6"
- id: "NPM::sax:1.2.4"
- name: "devDependencies"
dependencies:
- id: "NPM::require-uncached:2.0.0"
Expand All @@ -100,6 +130,38 @@ analyzer:
dependencies:
- id: "NPM::callsites:0.2.0"
- id: "NPM::resolve-from:1.0.1"
- id: "PNPM::testing-pnpm-package-b:1.0.2"
definition_file_path: "plugins/package-managers/node/src/funTest/assets/projects/synthetic/pnpm/workspaces/src/packages/package-b/package.json"
authors:
- "Marcel Bochtler"
declared_licenses:
- "ISC"
declared_licenses_processed:
spdx_expression: "ISC"
vcs:
type: ""
url: ""
revision: ""
path: ""
vcs_processed:
type: "Git"
url: "<REPLACE_URL_PROCESSED>"
revision: "<REPLACE_REVISION>"
path: "plugins/package-managers/node/src/funTest/assets/projects/synthetic/pnpm/workspaces/src/packages/package-b"
homepage_url: ""
scopes:
- name: "dependencies"
dependencies:
- id: "NPM::chalk:4.0.0"
dependencies:
- id: "NPM::ansi-styles:4.3.0"
dependencies:
- id: "NPM::color-convert:2.0.1"
dependencies:
- id: "NPM::color-name:1.1.4"
- id: "NPM::supports-color:7.2.0"
dependencies:
- id: "NPM::has-flag:4.0.0"
- id: "PNPM::testing-pnpm-package-c:1.0.0"
definition_file_path: "plugins/package-managers/node/src/funTest/assets/projects/synthetic/pnpm/workspaces/src/non-workspace/package-c/package.json"
authors:
Expand Down Expand Up @@ -604,66 +666,6 @@ analyzer:
url: "https://github.com/dcodeIO/long.js.git"
revision: "088e44e5e3343ef967698565678384fa474b003b"
path: ""
- id: "NPM::pnpm-app-example:1.1.4"
purl: "pkg:npm/[email protected]"
authors:
- "DavidWells"
declared_licenses:
- "ISC"
declared_licenses_processed:
spdx_expression: "ISC"
description: ""
homepage_url: ""
binary_artifact:
url: ""
hash:
value: ""
algorithm: ""
source_artifact:
url: ""
hash:
value: ""
algorithm: ""
vcs:
type: "Git"
url: "<REPLACE_URL>"
revision: "<REPLACE_REVISION>"
path: "plugins/package-managers/node/src/funTest/assets/projects/synthetic/pnpm/workspaces/src/app"
vcs_processed:
type: "Git"
url: "<REPLACE_URL_PROCESSED>"
revision: "<REPLACE_REVISION>"
path: "plugins/package-managers/node/src/funTest/assets/projects/synthetic/pnpm/workspaces/src/app"
- id: "NPM::pnpm-workspaces:1.0.1"
purl: "pkg:npm/[email protected]"
authors:
- "Marcel Bochtler"
declared_licenses:
- "MIT"
declared_licenses_processed:
spdx_expression: "MIT"
description: "PNPM workspaces test"
homepage_url: ""
binary_artifact:
url: ""
hash:
value: ""
algorithm: ""
source_artifact:
url: ""
hash:
value: ""
algorithm: ""
vcs:
type: "Git"
url: "<REPLACE_URL>"
revision: "<REPLACE_REVISION>"
path: "plugins/package-managers/node/src/funTest/assets/projects/synthetic/pnpm/workspaces"
vcs_processed:
type: "Git"
url: "<REPLACE_URL_PROCESSED>"
revision: "<REPLACE_REVISION>"
path: "plugins/package-managers/node/src/funTest/assets/projects/synthetic/pnpm/workspaces"
- id: "NPM::require-uncached:2.0.0"
purl: "pkg:npm/[email protected]"
authors:
Expand Down Expand Up @@ -785,66 +787,6 @@ analyzer:
url: "https://github.com/chalk/supports-color.git"
revision: "c5edf46896d1fc1826cb1183a60d61eecb65d749"
path: ""
- id: "NPM::testing-pnpm-package-a:1.0.2"
purl: "pkg:npm/[email protected]"
authors:
- "Marcel Bochtler"
declared_licenses:
- "ISC"
declared_licenses_processed:
spdx_expression: "ISC"
description: ""
homepage_url: ""
binary_artifact:
url: ""
hash:
value: ""
algorithm: ""
source_artifact:
url: ""
hash:
value: ""
algorithm: ""
vcs:
type: "Git"
url: "<REPLACE_URL>"
revision: "<REPLACE_REVISION>"
path: "plugins/package-managers/node/src/funTest/assets/projects/synthetic/pnpm/workspaces/src/packages/package-a"
vcs_processed:
type: "Git"
url: "<REPLACE_URL_PROCESSED>"
revision: "<REPLACE_REVISION>"
path: "plugins/package-managers/node/src/funTest/assets/projects/synthetic/pnpm/workspaces/src/packages/package-a"
- id: "NPM::testing-pnpm-package-b:1.0.2"
purl: "pkg:npm/[email protected]"
authors:
- "Marcel Bochtler"
declared_licenses:
- "ISC"
declared_licenses_processed:
spdx_expression: "ISC"
description: ""
homepage_url: ""
binary_artifact:
url: ""
hash:
value: ""
algorithm: ""
source_artifact:
url: ""
hash:
value: ""
algorithm: ""
vcs:
type: "Git"
url: "<REPLACE_URL>"
revision: "<REPLACE_REVISION>"
path: "plugins/package-managers/node/src/funTest/assets/projects/synthetic/pnpm/workspaces/src/packages/package-b"
vcs_processed:
type: "Git"
url: "<REPLACE_URL_PROCESSED>"
revision: "<REPLACE_REVISION>"
path: "plugins/package-managers/node/src/funTest/assets/projects/synthetic/pnpm/workspaces/src/packages/package-b"
scanner: null
advisor: null
evaluator: null
Expand Down
Loading

0 comments on commit 685e636

Please sign in to comment.