Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(nodejs): parse package.json files alongside package-lock.json for licenses #2916

Merged
merged 18 commits into from
Mar 15, 2023
Merged

feat(nodejs): parse package.json files alongside package-lock.json for licenses #2916

merged 18 commits into from
Mar 15, 2023

Conversation

DmitriyLewen
Copy link
Contributor

@DmitriyLewen DmitriyLewen commented Sep 20, 2022
edited
Loading

Description

package-lock.json files do not contain dependency license information.
This PR parses */node_modules/<package_name>/package.json files alongside package-lock.json and identify licenses.

Checklist

  • I've read the guidelines for contributing to this repository.
  • I've followed the conventions in the PR title.
  • I've added tests that prove my fix is effective or that my feature works.
  • I've updated the documentation with the relevant information (if needed).
  • I've added usage information (if the PR introduces new options)
  • I've included a "before" and "after" example to the description (if the PR is a user interface change).

@naortalmor1
Copy link

Hey @DmitriyLewen,
Is there something new with that?

@DmitriyLewen DmitriyLewen marked this pull request as ready for review October 27, 2022 03:46
@DmitriyLewen
Copy link
Contributor Author

Hello @naortalmor1
It is currently required that @knqyf263 review this PR.

@DmitriyLewen DmitriyLewen self-assigned this Oct 27, 2022
@github-actions
Copy link

This PR is stale because it has been labeled with inactivity.

@github-actions github-actions bot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and will be auto-closed. label Dec 29, 2022
@knqyf263 knqyf263 added lifecycle/frozen Indicates that an issue or PR should not be auto-closed due to staleness. and removed lifecycle/stale Denotes an issue or PR has remained open with no activity and will be auto-closed. labels Jan 23, 2023
@knqyf263 knqyf263 mentioned this pull request Feb 9, 2023
Closed
@agdimech
Copy link

Any updates on this?

@knqyf263
Copy link
Collaborator

@DmitriyLewen Now, we can use post-analyzers like poetry. Would you rewrite this PR?

@DmitriyLewen DmitriyLewen changed the title feat(fs): merge licenses from package.json from node_modules folder to package-lock.json feat(node): parse package.json files alongside package-lock.json Mar 1, 2023
@DmitriyLewen DmitriyLewen changed the title feat(node): parse package.json files alongside package-lock.json feat(nodejs): parse package.json files alongside package-lock.json Mar 1, 2023
@knqyf263 knqyf263 merged commit 52cbfeb into main Mar 15, 2023
@knqyf263 knqyf263 deleted the feat/node-licenses-handler branch March 15, 2023 19:54
@knqyf263 knqyf263 changed the title feat(nodejs): parse package.json files alongside package-lock.json feat(nodejs): parse package.json files alongside package-lock.json for licenses Mar 16, 2023
@knqyf263 knqyf263 mentioned this pull request Mar 16, 2023
Closed
atombrella pushed a commit to atombrella/trivy that referenced this pull request Mar 25, 2023
@DmitriyLewen @knqyf263 @atombrella
feat(nodejs): parse package.json files alongside package-lock.json (a…
fba126c 
…quasecurity#2916)

Co-authored-by: knqyf263 <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@knqyf263 knqyf263 knqyf263 approved these changes

Assignees

@DmitriyLewen DmitriyLewen

Labels
lifecycle/frozen Indicates that an issue or PR should not be auto-closed due to staleness.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@DmitriyLewen @naortalmor1 @agdimech @knqyf263