Skip to content

Add basic npm overrides parsing to package.json #4130

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: develop
Choose a base branch
from
Open

Add basic npm overrides parsing to package.json #4130

wants to merge 2 commits into from

Conversation

divizbansal
Copy link

Fixes #4122

This PR adds a minimal approach to parse and store overrides in package.json into extra_data, plus tests.

Tasks

  • Reviewed contribution guidelines
  • PR is descriptively titled 📑 and links the original issue above 🔗
  • Tests pass -- look for a green checkbox ✔️ a few minutes after opening your PR
    Run tests locally to check for errors.
  • Commits are in uniquely-named feature branch and has no merge conflicts 📁
  • Updated documentation pages (if applicable)
  • Updated CHANGELOG.rst (if applicable)

@divizbansal
Add basic npm overrides parsing to package.json
7922295 
Signed-off-by: Diviz Bansal <bansalkrrish36@gmail.com>
@divizbansal
Add overrides parsing (Fix aboutcode-org#4122)
56aa1e7 
Signed-off-by: Diviz Bansal <bansalkrrish36@gmail.com>
AyanSinhaMahapatra
AyanSinhaMahapatra requested changes Apr 4, 2025
View reviewed changes
Copy link
Member

@AyanSinhaMahapatra AyanSinhaMahapatra left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@divizbansal Thanks++ for the PR. See comments for improvements

tests/licensedcode/data/license_db/license_dump/bash-exception-gpl.LICENSE
key: bash-exception-gpl
short_name: Bash exception to GPL
name: Bash exception to GPL
category: Copyleft
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These changes are not related to the issue, please remove these. Probably caused by your IDE settings

tests/packagedcode/data/npm/overrides_test/package.json
{
"name": "my-override-example",
"version": "1.0.0",
"overrides": {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you add real examples seen in the wild?
See https://github.com/search?q=path%3A*%2Fpackage.json+overrides&type=code

tests/packagedcode/test_npm.py
@@ -543,6 +543,24 @@ def test_npm_scan_with_private_package_json_and_yarn_lock(self):
expected_file, result_file, remove_uuid=True, regen=REGEN_TEST_FIXTURES
)

def test_parse_npm_package_json_with_overrides(self):
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tests will look like this:

scancode-toolkit/tests/packagedcode/test_npm.py

Line 191 in 56aa1e7

def test_parse_from_urls_dict_legacy_is_ignored(self):

src/packagedcode/npm.py
@@ -578,6 +578,10 @@ def _parse(cls, json_data, package_only=False):
if value:
extra_data[extra_data_field] = value

overrides = json_data.get('overrides')
if overrides:
extra_data['overrides'] = overrides
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is okay as a start but we need to do a bit more here.
See the go replace directives PR and reviews which is a similar issue: #3693 (comment)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@AyanSinhaMahapatra AyanSinhaMahapatra AyanSinhaMahapatra requested changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Support npm overrides
2 participants
@divizbansal @AyanSinhaMahapatra