fix: optional deps default true and handle undefined version (#10)

snyk · Apr 29, 2024 · 079fa6f · 079fa6f
1 parent f9989d5
commit 079fa6f
Show file tree

Hide file tree

Showing 12 changed files with 190 additions and 11 deletions.
diff --git a/lib/lock-parser/build-dep-graph.ts b/lib/lock-parser/build-dep-graph.ts
@@ -41,7 +41,7 @@ export async function buildDepGraph(
         lockFileContents,
         {
           includeDevDeps: options.includeDevDeps,
-          includeOptionalDeps: options.includeOptionalDeps,
+          includeOptionalDeps: options.includeOptionalDeps || true,
           pruneWithinTopLevelDeps: true,
           strictOutOfSync: options.strictOutOfSync,
         },

diff --git a/lib/workspaces/pnpm-workspaces-parser.ts b/lib/workspaces/pnpm-workspaces-parser.ts
@@ -36,7 +36,7 @@ function computeProjectVersionMaps(root: string, targetFiles) {
       const projectVersion = parsedPkgJson.version;
       projectsVersionMap[
         normalizeFilePath(pathUtil.relative(root, directory))
-      ] = projectVersion;
+      ] = projectVersion || 'undefined';
     } catch (err: any) {
       debug(
         `Error getting version for project: ${packageJsonFileName}. ERROR: ${err}`,
@@ -132,7 +132,7 @@ export async function processPnpmWorkspaces(
         pnpmLock.content,
         {
           includeDevDeps: settings.dev || false,
-          includeOptionalDeps: settings.optional || false,
+          includeOptionalDeps: settings.optional || true,
           pruneWithinTopLevelDeps: true,
           strictOutOfSync:
             settings.strictOutOfSync === undefined

diff --git a/package.json b/package.json
@@ -42,7 +42,7 @@
     "lodash.isempty": "^4.4.0",
     "lodash.sortby": "^4.7.0",
     "micromatch": "4.0.2",
-    "snyk-nodejs-lockfile-parser": "^1.53.1",
+    "snyk-nodejs-lockfile-parser": "^1.53.2",
     "snyk-resolve-deps": "4.8.0"
   },
   "devDependencies": {

diff --git a/test/fixtures/pnpm/lock-v5/undefined-package-version/package.json b/test/fixtures/pnpm/lock-v5/undefined-package-version/package.json
@@ -0,0 +1,13 @@
+{
+    "name": "pnpm-shallow-goof",
+    "version": "0.0.1",
+    "description": "A vulnerable demo application",
+    "homepage": "https://snyk.io/",
+    "repository": {
+        "type": "git",
+        "url": "https://github.com/snyk-fixtures/pnpm-shallow-goof"
+    },
+    "dependencies": {
+        "a": "workspace:*"
+    }
+}
diff --git a/test/fixtures/pnpm/lock-v5/undefined-package-version/packages/pkg-a/package.json b/test/fixtures/pnpm/lock-v5/undefined-package-version/packages/pkg-a/package.json
@@ -0,0 +1,16 @@
+{
+    "name": "a",
+    "description": "",
+    "main": "index.js",
+    "scripts": {
+      "test": "echo \"Error: no test specified\" && exit 1"
+    },
+    "keywords": [],
+    "author": "",
+    "license": "ISC",
+    "dependencies": {
+        "node-uuid": "1.4.0",
+        "qs": "0.0.6"
+    }
+  }
+
diff --git a/test/fixtures/pnpm/lock-v5/undefined-package-version/pnpm-lock.yaml b/test/fixtures/pnpm/lock-v5/undefined-package-version/pnpm-lock.yaml
diff --git a/test/fixtures/pnpm/lock-v5/undefined-package-version/pnpm-workspace.yaml b/test/fixtures/pnpm/lock-v5/undefined-package-version/pnpm-workspace.yaml
diff --git a/test/fixtures/pnpm/lock-v6/undefined-package-version/package.json b/test/fixtures/pnpm/lock-v6/undefined-package-version/package.json
@@ -0,0 +1,13 @@
+{
+    "name": "pnpm-shallow-goof",
+    "version": "0.0.1",
+    "description": "A vulnerable demo application",
+    "homepage": "https://snyk.io/",
+    "repository": {
+        "type": "git",
+        "url": "https://github.com/snyk-fixtures/pnpm-shallow-goof"
+    },
+    "dependencies": {
+        "a": "workspace:*"
+    }
+}
diff --git a/test/fixtures/pnpm/lock-v6/undefined-package-version/packages/pkg-a/package.json b/test/fixtures/pnpm/lock-v6/undefined-package-version/packages/pkg-a/package.json
@@ -0,0 +1,16 @@
+{
+    "name": "a",
+    "description": "",
+    "main": "index.js",
+    "scripts": {
+      "test": "echo \"Error: no test specified\" && exit 1"
+    },
+    "keywords": [],
+    "author": "",
+    "license": "ISC",
+    "dependencies": {
+        "node-uuid": "1.4.0",
+        "qs": "0.0.6"
+    }
+  }
+
diff --git a/test/fixtures/pnpm/lock-v6/undefined-package-version/pnpm-lock.yaml b/test/fixtures/pnpm/lock-v6/undefined-package-version/pnpm-lock.yaml
diff --git a/test/fixtures/pnpm/lock-v6/undefined-package-version/pnpm-workspace.yaml b/test/fixtures/pnpm/lock-v6/undefined-package-version/pnpm-workspace.yaml
diff --git a/test/workspaces/pnpm-workspaces-parser.spec.ts b/test/workspaces/pnpm-workspaces-parser.spec.ts
@@ -14,35 +14,91 @@ describe('process pnpm workspaces', () => {
         packageManager: 'pnpm',
         lockFileVersion: '5',
         fixture: 'workspace-with-isolated-pkgs',
+        projects: 3,
+        targetFiles: [
+          'pnpm-lock.yaml',
+          'packages/pkg-a/package.json',
+          'packages/pkg-b/package.json',
+        ],
       },
       {
         packageManager: 'pnpm',
         lockFileVersion: '6',
         fixture: 'workspace-with-isolated-pkgs',
+        projects: 3,
+        targetFiles: [
+          'pnpm-lock.yaml',
+          'packages/pkg-a/package.json',
+          'packages/pkg-b/package.json',
+        ],
       },
       {
         packageManager: 'pnpm',
         lockFileVersion: '5',
         fixture: 'workspace-with-cross-ref',
+        projects: 3,
+        targetFiles: [
+          'pnpm-lock.yaml',
+          'packages/pkg-a/package.json',
+          'packages/pkg-b/package.json',
+        ],
       },
       {
         packageManager: 'pnpm',
         lockFileVersion: '6',
         fixture: 'workspace-with-cross-ref',
+        projects: 3,
+        targetFiles: [
+          'pnpm-lock.yaml',
+          'packages/pkg-a/package.json',
+          'packages/pkg-b/package.json',
+        ],
       },
       {
         packageManager: 'pnpm',
         lockFileVersion: '5',
         fixture: 'workspace-empty-config-file',
+        projects: 3,
+        targetFiles: [
+          'pnpm-lock.yaml',
+          'packages/pkg-a/package.json',
+          'packages/pkg-b/package.json',
+        ],
       },
       {
         packageManager: 'pnpm',
         lockFileVersion: '6',
         fixture: 'workspace-with-cross-ref',
+        projects: 3,
+        targetFiles: [
+          'pnpm-lock.yaml',
+          'packages/pkg-a/package.json',
+          'packages/pkg-b/package.json',
+        ],
+      },
+      {
+        packageManager: 'pnpm',
+        lockFileVersion: '5',
+        fixture: 'undefined-package-version',
+        projects: 2,
+        targetFiles: ['pnpm-lock.yaml', 'packages/pkg-a/package.json'],
+      },
+      {
+        packageManager: 'pnpm',
+        lockFileVersion: '6',
+        fixture: 'undefined-package-version',
+        projects: 2,
+        targetFiles: ['pnpm-lock.yaml', 'packages/pkg-a/package.json'],
       },
     ])(
       'should build valid dep graph for $packageManager, lockfile version = $lockFileVersion',
-      async ({ packageManager, lockFileVersion, fixture }) => {
+      async ({
+        packageManager,
+        lockFileVersion,
+        fixture,
+        projects,
+        targetFiles,
+      }) => {
         const fixturePath = path.resolve(
           __dirname,
           '..',
@@ -54,13 +110,17 @@ describe('process pnpm workspaces', () => {
         process.chdir(fixturePath);
         const currentDir = process.cwd();
 
-        const result = await processPnpmWorkspaces(currentDir, {}, [
-          `${currentDir}/pnpm-lock.yaml`,
-          `${currentDir}/packages/pkg-a/package.json`,
-          `${currentDir}/packages/pkg-b/package.json`,
-        ]);
+        const resolvedTargetFiles = targetFiles.map(
+          (file) => `${currentDir}/${file}`,
+        );
+
+        const result = await processPnpmWorkspaces(
+          currentDir,
+          {},
+          resolvedTargetFiles,
+        );
         expect(result.plugin.name).toEqual('snyk-nodejs-pnpm-workspaces');
-        expect(result.scannedProjects.length).toEqual(3);
+        expect(result.scannedProjects.length).toEqual(projects);
         expect(result.scannedProjects[0].depGraph?.toJSON()).not.toEqual({});
       },
     );