refactor: rename lib to pkg

pkg/dependency/parser/c/conan/parse.go

@@ -78,7 +78,7 @@ func (p *Parser) parseV1(lock LockFile) ([]ftypes.Package, []ftypes.Dependency,
 
 	// Parse dependency graph
 	for i, node := range lock.GraphLock.Nodes {
-		lib, ok := parsed[i]
+		pkg, ok := parsed[i]
 		if !ok {
 			continue
 		}
@@ -91,12 +91,12 @@ func (p *Parser) parseV1(lock LockFile) ([]ftypes.Package, []ftypes.Dependency,
 		}
 		if len(childDeps) != 0 {
 			deps = append(deps, ftypes.Dependency{
-				ID:        lib.ID,
+				ID:        pkg.ID,
 				DependsOn: childDeps,
 			})
 		}
 
-		pkgs = append(pkgs, lib)
+		pkgs = append(pkgs, pkg)
 	}
 	return pkgs, deps, nil
 }
@@ -107,7 +107,7 @@ func (p *Parser) parseV2(lock LockFile) ([]ftypes.Package, []ftypes.Dependency,
 	for _, req := range lock.Requires {
 		pkg, err := toPackage(req.Dependency, req.StartLine, req.EndLine)
 		if err != nil {
-			p.logger.Debug("Creating library entry from requirement failed", err)
+			p.logger.Debug("Creating package entry from requirement failed", err)
 			continue
 		}
 

pkg/dependency/parser/c/conan/parse_test.go

@@ -17,13 +17,13 @@ func TestParse(t *testing.T) {
 	tests := []struct {
 		name      string
 		inputFile string // Test input file
-		wantLibs  []ftypes.Package
+		wantPkgs  []ftypes.Package
 		wantDeps  []ftypes.Dependency
 	}{
 		{
 			name:      "happy path",
 			inputFile: "testdata/happy_v1_case1.lock",
-			wantLibs: []ftypes.Package{
+			wantPkgs: []ftypes.Package{
 				{
 					ID:           "pkga/0.0.1",
 					Name:         "pkga",
@@ -73,7 +73,7 @@ func TestParse(t *testing.T) {
 		{
 			name:      "happy path. lock file with revisions support",
 			inputFile: "testdata/happy_v1_case2.lock",
-			wantLibs: []ftypes.Package{
+			wantPkgs: []ftypes.Package{
 				{
 					ID:           "openssl/3.0.3",
 					Name:         "openssl",
@@ -111,7 +111,7 @@ func TestParse(t *testing.T) {
 		{
 			name:      "happy path conan v2",
 			inputFile: "testdata/happy_v2.lock",
-			wantLibs: []ftypes.Package{
+			wantPkgs: []ftypes.Package{
 				{
 					ID:      "matrix/1.3",
 					Name:    "matrix",
@@ -153,18 +153,18 @@ func TestParse(t *testing.T) {
 			require.NoError(t, err)
 			defer f.Close()
 
-			gotLibs, gotDeps, err := conan.NewParser().Parse(f)
+			gotPkgs, gotDeps, err := conan.NewParser().Parse(f)
 			require.NoError(t, err)
 
-			sort.Slice(gotLibs, func(i, j int) bool {
-				ret := strings.Compare(gotLibs[i].Name, gotLibs[j].Name)
+			sort.Slice(gotPkgs, func(i, j int) bool {
+				ret := strings.Compare(gotPkgs[i].Name, gotPkgs[j].Name)
 				if ret != 0 {
 					return ret < 0
 				}
-				return gotLibs[i].Version < gotLibs[j].Version
+				return gotPkgs[i].Version < gotPkgs[j].Version
 			})
 
-			assert.Equal(t, tt.wantLibs, gotLibs)
+			assert.Equal(t, tt.wantPkgs, gotPkgs)
 			assert.Equal(t, tt.wantDeps, gotDeps)
 		})
 	}

pkg/dependency/parser/conda/environment/parse.go

@@ -44,7 +44,7 @@ func (p *Parser) Parse(r xio.ReadSeekerAt) ([]ftypes.Package, []ftypes.Dependenc
 	var pkgs ftypes.Packages
 	for _, dep := range env.Dependencies {
 		pkg := p.toPackage(dep)
-		// Skip empty libs
+		// Skip empty pkgs
 		if pkg.Name == "" {
 			continue
 		}

pkg/dependency/parser/dart/pub/parse_test.go

@@ -63,13 +63,13 @@ func TestParser_Parse(t *testing.T) {
 			require.NoError(t, err)
 			defer f.Close()
 
-			gotLibs, _, err := pub.NewParser().Parse(f)
+			gotPkgs, _, err := pub.NewParser().Parse(f)
 			if !tt.wantErr(t, err, fmt.Sprintf("Parse(%v)", tt.inputFile)) {
 				return
 			}
 
-			sort.Sort(ftypes.Packages(gotLibs))
-			assert.Equal(t, tt.want, gotLibs)
+			sort.Sort(ftypes.Packages(gotPkgs))
+			assert.Equal(t, tt.want, gotPkgs)
 		})
 	}
 }

pkg/dependency/parser/golang/binary/parse_test.go

@@ -12,7 +12,7 @@ import (
 )
 
 func TestParse(t *testing.T) {
-	wantLibs := []ftypes.Package{
+	wantPkgs := []ftypes.Package{
 		{
 			Name:         "github.com/aquasecurity/test",
 			Version:      "",
@@ -46,17 +46,17 @@ func TestParse(t *testing.T) {
 		{
 			name:      "ELF",
 			inputFile: "testdata/test.elf",
-			want:      wantLibs,
+			want:      wantPkgs,
 		},
 		{
 			name:      "PE",
 			inputFile: "testdata/test.exe",
-			want:      wantLibs,
+			want:      wantPkgs,
 		},
 		{
 			name:      "Mach-O",
 			inputFile: "testdata/test.macho",
-			want:      wantLibs,
+			want:      wantPkgs,
 		},
 		{
 			name:      "with replace directive",

pkg/dependency/parser/java/pom/parse_test.go

@@ -541,7 +541,7 @@ func TestPom_Parse(t *testing.T) {
 			// [INFO] com.example:soft:jar:1.0.0
 			// [INFO] +- org.example:example-api:jar:1.7.30:compile
 			// [INFO] \- org.example:example-dependency:jar:1.2.3:compile
-			// Save DependsOn for each library - https://github.com/aquasecurity/go-dep-parser/pull/243#discussion_r1303904548
+			// Save DependsOn for each package - https://github.com/aquasecurity/go-dep-parser/pull/243#discussion_r1303904548
 			name:      "soft requirement",
 			inputFile: filepath.Join("testdata", "soft-requirement", "pom.xml"),
 			local:     true,
@@ -601,7 +601,7 @@ func TestPom_Parse(t *testing.T) {
 			// [INFO] +- org.example:example-dependency:jar:1.2.3:compile
 			// [INFO] |  \- org.example:example-api:jar:2.0.0:compile
 			// [INFO] \- org.example:example-dependency2:jar:2.3.4:compile
-			// Save DependsOn for each library - https://github.com/aquasecurity/go-dep-parser/pull/243#discussion_r1303904548
+			// Save DependsOn for each package - https://github.com/aquasecurity/go-dep-parser/pull/243#discussion_r1303904548
 			name:      "soft requirement with transitive dependencies",
 			inputFile: filepath.Join("testdata", "soft-requirement-with-transitive-dependencies", "pom.xml"),
 			local:     true,
@@ -672,7 +672,7 @@ func TestPom_Parse(t *testing.T) {
 			//[INFO] +- org.example:example-nested:jar:3.3.4:compile
 			//[INFO] \- org.example:example-dependency:jar:1.2.3:compile
 			//[INFO]    \- org.example:example-api:jar:2.0.0:compile
-			// Save DependsOn for each library - https://github.com/aquasecurity/go-dep-parser/pull/243#discussion_r1303904548
+			// Save DependsOn for each package - https://github.com/aquasecurity/go-dep-parser/pull/243#discussion_r1303904548
 			name:      "hard requirement for the specified version",
 			inputFile: filepath.Join("testdata", "hard-requirement", "pom.xml"),
 			local:     true,
@@ -1406,15 +1406,15 @@ func TestPom_Parse(t *testing.T) {
 
 			p := pom.NewParser(tt.inputFile, pom.WithReleaseRemoteRepos(remoteRepos), pom.WithOffline(tt.offline))
 
-			gotLibs, gotDeps, err := p.Parse(f)
+			gotPkgs, gotDeps, err := p.Parse(f)
 			if tt.wantErr != "" {
 				require.NotNil(t, err)
 				assert.Contains(t, err.Error(), tt.wantErr)
 				return
 			}
 			require.NoError(t, err)
 
-			assert.Equal(t, tt.want, gotLibs)
+			assert.Equal(t, tt.want, gotPkgs)
 			assert.Equal(t, tt.wantDeps, gotDeps)
 		})
 	}

pkg/dependency/parser/julia/manifest/parse_test.go

@@ -21,13 +21,13 @@ func TestParse(t *testing.T) {
 		{
 			name:     "Manifest v1.6",
 			file:     "testdata/primary/Manifest_v1.6.toml",
-			want:     juliaV1_6Libs,
+			want:     juliaV1_6Pkgs,
 			wantDeps: juliaV1_6Deps,
 		},
 		{
 			name:     "Manifest v1.8",
 			file:     "testdata/primary/Manifest_v1.8.toml",
-			want:     juliaV1_8Libs,
+			want:     juliaV1_8Pkgs,
 			wantDeps: juliaV1_8Deps,
 		},
 		{
@@ -45,13 +45,13 @@ func TestParse(t *testing.T) {
 		{
 			name:     "dep extensions v1.9",
 			file:     "testdata/dep_ext_v1.9/Manifest.toml",
-			want:     juliaV1_9DepExtLibs,
+			want:     juliaV1_9DepExtPkgs,
 			wantDeps: nil,
 		},
 		{
 			name:     "shadowed dep v1.9",
 			file:     "testdata/shadowed_dep_v1.9/Manifest.toml",
-			want:     juliaV1_9ShadowedDepLibs,
+			want:     juliaV1_9ShadowedDepPkgs,
 			wantDeps: juliaV1_9ShadowedDepDeps,
 		},
 	}

pkg/dependency/parser/julia/manifest/parse_testcase.go

@@ -3,7 +3,7 @@ package julia
 import ftypes "github.com/aquasecurity/trivy/pkg/fanal/types"
 
 var (
-	juliaV1_6Libs = []ftypes.Package{
+	juliaV1_6Pkgs = []ftypes.Package{
 		{ID: "ade2ca70-3891-5945-98fb-dc099432e06a", Name: "Dates", Version: "unknown", Locations: []ftypes.Location{{StartLine: 3, EndLine: 5}}},
 		{ID: "682c06a0-de6a-54ab-a142-c8b1cf79cde6", Name: "JSON", Version: "0.21.4", Locations: []ftypes.Location{{StartLine: 7, EndLine: 11}}},
 		{ID: "a63ad114-7e13-5084-954f-fe012c677804", Name: "Mmap", Version: "unknown", Locations: []ftypes.Location{{StartLine: 13, EndLine: 14}}},
@@ -24,7 +24,7 @@ var (
 		{ID: "de0858da-6303-5e67-8744-51eddeeeb8d7", DependsOn: []string{"4ec0a83e-493e-50e2-b9ac-8f72acf5a8f5"}},
 	}
 
-	juliaV1_8Libs = []ftypes.Package{
+	juliaV1_8Pkgs = []ftypes.Package{
 		{ID: "ade2ca70-3891-5945-98fb-dc099432e06a", Name: "Dates", Version: "1.8.5", Locations: []ftypes.Location{{StartLine: 7, EndLine: 9}}},
 		{ID: "682c06a0-de6a-54ab-a142-c8b1cf79cde6", Name: "JSON", Version: "0.21.4", Locations: []ftypes.Location{{StartLine: 11, EndLine: 15}}},
 		{ID: "a63ad114-7e13-5084-954f-fe012c677804", Name: "Mmap", Version: "1.8.5", Locations: []ftypes.Location{{StartLine: 17, EndLine: 18}}},
@@ -61,11 +61,11 @@ var (
 		{ID: "cf7118a7-6976-5b1a-9a39-7adc72f591a4", DependsOn: []string{"9a3f8284-a2c9-5f02-9a11-845980a1fd5c", "ea8e919c-243c-51af-8825-aaa63cd721ce"}},
 	}
 
-	juliaV1_9DepExtLibs = []ftypes.Package{
+	juliaV1_9DepExtPkgs = []ftypes.Package{
 		{ID: "621f4979-c628-5d54-868e-fcf4e3e8185c", Name: "AbstractFFTs", Version: "1.3.1", Locations: []ftypes.Location{{StartLine: 7, EndLine: 10}}},
 	}
 
-	juliaV1_9ShadowedDepLibs = []ftypes.Package{
+	juliaV1_9ShadowedDepPkgs = []ftypes.Package{
 		{ID: "ead4f63c-334e-11e9-00e6-e7f0a5f21b60", Name: "A", Version: "1.9.0", Locations: []ftypes.Location{{StartLine: 7, EndLine: 8}}},
 		{ID: "f41f7b98-334e-11e9-1257-49272045fb24", Name: "B", Version: "1.9.0", Locations: []ftypes.Location{{StartLine: 13, EndLine: 14}}},
 		{ID: "edca9bc6-334e-11e9-3554-9595dbb4349c", Name: "B", Version: "1.9.0", Locations: []ftypes.Location{{StartLine: 15, EndLine: 16}}},

pkg/dependency/parser/nodejs/npm/parse.go

@@ -128,9 +128,9 @@ func (p *Parser) parseV2(packages map[string]Package) ([]ftypes.Package, []ftype
 			}
 		}
 
-		pkgIndirect := isIndirectLib(pkgPath, directDeps)
+		pkgIndirect := isIndirectPkg(pkgPath, directDeps)
 
-		// There are cases when similar libraries use same dependencies
+		// There are cases when similar packages use same dependencies
 		// we need to add location for each these dependencies
 		if savedPkg, ok := pkgs[pkgID]; ok {
 			savedPkg.Dev = savedPkg.Dev && pkg.Dev
@@ -150,7 +150,7 @@ func (p *Parser) parseV2(packages map[string]Package) ([]ftypes.Package, []ftype
 			continue
 		}
 
-		lib := ftypes.Package{
+		newPkg := ftypes.Package{
 			ID:                 pkgID,
 			Name:               pkgName,
 			Version:            pkg.Version,
@@ -159,7 +159,7 @@ func (p *Parser) parseV2(packages map[string]Package) ([]ftypes.Package, []ftype
 			ExternalReferences: lo.Ternary(ref.URL != "", []ftypes.ExternalRef{ref}, nil),
 			Locations:          []ftypes.Location{location},
 		}
-		pkgs[pkgID] = lib
+		pkgs[pkgID] = newPkg
 
 		// npm builds graph using optional deps. e.g.:
 		// └─┬ [email protected]
@@ -179,7 +179,7 @@ func (p *Parser) parseV2(packages map[string]Package) ([]ftypes.Package, []ftype
 
 		if len(dependsOn) > 0 {
 			deps = append(deps, ftypes.Dependency{
-				ID:        lib.ID,
+				ID:        newPkg.ID,
 				DependsOn: dependsOn,
 			})
 		}
@@ -302,23 +302,23 @@ func (p *Parser) parseV1(dependencies map[string]Dependency, versions map[string
 		pkgs = append(pkgs, pkg)
 
 		dependsOn := make([]string, 0, len(dep.Requires))
-		for libName, requiredVer := range dep.Requires {
+		for pName, requiredVer := range dep.Requires {
 			// Try to resolve the version with nested dependencies first
-			if resolvedDep, ok := dep.Dependencies[libName]; ok {
-				libID := packageID(libName, resolvedDep.Version)
-				dependsOn = append(dependsOn, libID)
+			if resolvedDep, ok := dep.Dependencies[pName]; ok {
+				pkgID := packageID(pName, resolvedDep.Version)
+				dependsOn = append(dependsOn, pkgID)
 				continue
 			}
 
 			// Try to resolve the version with the higher level dependencies
-			if ver, ok := versions[libName]; ok {
-				dependsOn = append(dependsOn, packageID(libName, ver))
+			if ver, ok := versions[pName]; ok {
+				dependsOn = append(dependsOn, packageID(pName, ver))
 				continue
 			}
 
 			// It should not reach here.
 			p.logger.Warn("Unable to resolve the version",
-				log.String("name", libName), log.String("version", requiredVer))
+				log.String("name", pName), log.String("version", requiredVer))
 		}
 
 		if len(dependsOn) > 0 {
@@ -370,10 +370,10 @@ func uniqueDeps(deps []ftypes.Dependency) []ftypes.Dependency {
 	return uniqDeps
 }
 
-func isIndirectLib(pkgPath string, directDeps map[string]struct{}) bool {
+func isIndirectPkg(pkgPath string, directDeps map[string]struct{}) bool {
 	// A project can contain 2 different versions of the same dependency.
 	// e.g. `node_modules/string-width/node_modules/strip-ansi` and `node_modules/string-ansi`
-	// direct dependencies always have root path (`node_modules/<lib_name>`)
+	// direct dependencies always have root path (`node_modules/<pkg_name>`)
 	if _, ok := directDeps[pkgPath]; ok {
 		return false
 	}

pkg/dependency/parser/nodejs/npm/parse_testcase.go

@@ -10,7 +10,7 @@ var (
 	// npm install --save-dev [email protected]
 	// npm install --save-optional promise
 	// npm i --lockfile-version 1
-	// libraries are filled manually
+	// packages are filled manually
 
 	npmV1Pkgs = []ftypes.Package{
 		{
@@ -694,7 +694,7 @@ var (
 
 	// ... and
 	// npm i --lockfile-version 2
-	// same as npmV1Pkgs but change `Indirect` field to false for `[email protected]`, `[email protected]`, `@babel/[email protected]`, `[email protected]` and `[email protected]`  libraries.
+	// same as npmV1Pkgs but change `Indirect` field to false for `[email protected]`, `[email protected]`, `@babel/[email protected]`, `[email protected]` and `[email protected]`  packages.
 	// also need to get locations from `packages` struct
 	// --- lockfile version 3 ---
 	// npm i --lockfile-version 3
@@ -1312,7 +1312,7 @@ var (
 	// grep -v "functions/func1" ./package.json > tmpfile && mv tmpfile ./package.json
 	// sed -i 's/functions\/nested_func/functions\/*/g' package.json
 	// npm update
-	// libraries are filled manually
+	// packages are filled manually
 	npmV3WithWorkspacePkgs = []ftypes.Package{
 		{
 			ID:           "[email protected]",
@@ -1448,7 +1448,7 @@ var (
 	// npm init --force
 	// npm init -w ./functions/func1 --force
 	// npm install --save [email protected] -w func1
-	// libraries are filled manually
+	// packages are filled manually
 	npmV3WithoutRootDepsField = []ftypes.Package{
 		{
 			ID:           "[email protected]",

pkg/dependency/parser/nodejs/pnpm/parse.go

@@ -57,9 +57,9 @@ func (p *Parser) Parse(r xio.ReadSeekerAt) ([]ftypes.Package, []ftypes.Dependenc
 		return nil, nil, nil
 	}
 
-	libs, deps := p.parse(lockVer, lockFile)
+	pkgs, deps := p.parse(lockVer, lockFile)
 
-	return libs, deps, nil
+	return pkgs, deps, nil
 }
 
 func (p *Parser) parse(lockVer float64, lockFile LockFile) ([]ftypes.Package, []ftypes.Dependency) {

pkg/dependency/parser/php/composer/parse_test.go

@@ -161,10 +161,10 @@ func TestParse(t *testing.T) {
 			require.NoError(t, err)
 			defer f.Close()
 
-			gotLibs, gotDeps, err := NewParser().Parse(f)
+			gotPkgs, gotDeps, err := NewParser().Parse(f)
 			require.NoError(t, err)
 
-			assert.Equal(t, tt.wantPkgs, gotLibs)
+			assert.Equal(t, tt.wantPkgs, gotPkgs)
 			assert.Equal(t, tt.wantDeps, gotDeps)
 		})
 	}