🚧

src/main/java/com/jfrog/ide/idea/scan/ScannerBase.java

@@ -185,7 +185,7 @@ private void scanAndUpdate(ProgressIndicator indicator) {
      * @param vulnerableDependencies a map of component IDs and the DependencyNode object matching each of them.
      * @param depTree                the project's dependency tree to walk through.
      */
-    private List<FileTreeNode> walkDepTree(Map<String, DependencyNode> vulnerableDependencies, DepTree depTree) {
+    protected List<FileTreeNode> walkDepTree(Map<String, DependencyNode> vulnerableDependencies, DepTree depTree) throws IOException {
         Map<String, DescriptorFileTreeNode> descriptorNodes = new HashMap<>();
         visitDepTreeNode(vulnerableDependencies, depTree, Collections.singletonList(depTree.getRootId()), descriptorNodes, new ArrayList<>(), new HashMap<>());
         return new CopyOnWriteArrayList<>(descriptorNodes.values());

src/main/java/com/jfrog/ide/idea/scan/SingleDescriptorScanner.java

@@ -1,12 +1,18 @@
 package com.jfrog.ide.idea.scan;
 
 import com.intellij.openapi.project.Project;
+import com.jfrog.ide.common.deptree.DepTree;
+import com.jfrog.ide.common.nodes.DependencyNode;
+import com.jfrog.ide.common.nodes.FileTreeNode;
 import com.jfrog.ide.common.scan.ComponentPrefix;
 import com.jfrog.ide.common.scan.ScanLogic;
 import com.jfrog.ide.idea.ui.ComponentsTree;
 import com.jfrog.ide.idea.ui.menus.filtermanager.ConsistentFilterManager;
 import org.jetbrains.annotations.NotNull;
 
+import java.io.IOException;
+import java.util.List;
+import java.util.Map;
 import java.util.concurrent.ExecutorService;
 
 public abstract class SingleDescriptorScanner extends ScannerBase {
@@ -39,4 +45,8 @@ public abstract class SingleDescriptorScanner extends ScannerBase {
                             ScanLogic scanLogic) {
         this(project, basePath, prefix, executor, "", scanLogic);
     }
+
+    protected List<FileTreeNode> walkDepTree(Map<String, DependencyNode> vulnerableDependencies, DepTree depTree) throws IOException {
+        return super.walkDepTree(vulnerableDependencies, depTree);
+    }
 }

src/main/java/com/jfrog/ide/idea/scan/YarnScanner.java

@@ -7,6 +7,9 @@
 import com.intellij.psi.PsiManager;
 import com.intellij.util.EnvironmentUtil;
 import com.jfrog.ide.common.deptree.DepTree;
+import com.jfrog.ide.common.nodes.DependencyNode;
+import com.jfrog.ide.common.nodes.DescriptorFileTreeNode;
+import com.jfrog.ide.common.nodes.FileTreeNode;
 import com.jfrog.ide.common.scan.ComponentPrefix;
 import com.jfrog.ide.common.scan.ScanLogic;
 import com.jfrog.ide.common.yarn.YarnTreeBuilder;
@@ -15,9 +18,13 @@
 import com.jfrog.ide.idea.scan.data.PackageManagerType;
 import com.jfrog.ide.idea.ui.ComponentsTree;
 import com.jfrog.ide.idea.ui.menus.filtermanager.ConsistentFilterManager;
+import org.apache.commons.collections4.CollectionUtils;
+import org.apache.commons.lang3.StringUtils;
 
 import java.io.IOException;
 import java.nio.file.Paths;
+import java.util.*;
+import java.util.concurrent.CopyOnWriteArrayList;
 import java.util.concurrent.ExecutorService;
 
 /**
@@ -63,5 +70,32 @@ protected AbstractInspection getInspectionTool() {
     protected PackageManagerType getPackageManagerType() {
         return PackageManagerType.YARN;
     }
+
+    private Map<String, Set<String>> getPackageNameToVersionsMap(Set<String> packages) {
+        Map<String, Set<String>> packageNameToVersions = new HashMap<>();
+        for (String fullNamePackage : CollectionUtils.emptyIfNull(packages)) {
+            String[] packageSplit = StringUtils.split(fullNamePackage, ":");
+            String packageName = packageSplit[0];
+            String packageVersion = packageSplit[1];
+            packageNameToVersions.putIfAbsent(packageName, new HashSet<>());
+            packageNameToVersions.get(packageName).add(packageVersion);
+        }
+        return packageNameToVersions;
+    }
+
+    @Override
+    protected List<FileTreeNode> walkDepTree(Map<String, DependencyNode> vulnerableDependencies, DepTree depTree) throws IOException {
+        Map<String, DescriptorFileTreeNode> descriptorNodes = new HashMap<>();
+
+        Map<String, Set<String>> packageNameToVersions = getPackageNameToVersionsMap(vulnerableDependencies.keySet());
+
+        for (Map.Entry<String, Set<String>> entry : packageNameToVersions.entrySet()) {
+            String packageName = entry.getKey();
+            Set<String> packageVersions = entry.getValue();
+            DepTree depTree1 = yarnTreeBuilder.findDependencyPath(getLog(), packageName, packageVersions);
+        }
+
+        return new CopyOnWriteArrayList<>(descriptorNodes.values());
+    }
 }