Merge pull request #208 from snyk/fix/correct-version-selection-for-n…

…pm-lock-v2 fix: correctly pick npm-lock-v2 pkg version parsing lockfile
snyk · Nov 8, 2023 · 9e10c88 · 9e10c88
2 parents 7ffc479 + 891789a
commit 9e10c88
Show file tree

Hide file tree

Showing 8 changed files with 2,036 additions and 758 deletions.
diff --git a/lib/dep-graph-builders/npm-lock-v2/index.ts b/lib/dep-graph-builders/npm-lock-v2/index.ts
@@ -331,16 +331,14 @@ export const getChildNodeKey = (
     return filteredCandidates[0];
   }
 
-  const ancestry_names = ancestry.map((el) => el.name).concat(name);
-  while (ancestry_names.length > 0) {
-    const possible_key = `node_modules/${ancestry_names.join(
-      '/node_modules/',
-    )}`;
-
-    if (pkgs[possible_key]) {
-      return possible_key;
+  const ancestryNames = ancestry.map((el) => el.name).concat(name);
+  while (ancestryNames.length > 0) {
+    const possibleKey = `node_modules/${ancestryNames.join('/node_modules/')}`;
+
+    if (filteredCandidates.includes(possibleKey)) {
+      return possibleKey;
     }
-    ancestry_names.shift();
+    ancestryNames.shift();
   }
 
   // Here we go through th eancestry backwards to find the nearest

diff --git a/test/jest/dep-graph-builders/fixtures/npm-lock-v2/bundled-deps/expected.json b/test/jest/dep-graph-builders/fixtures/npm-lock-v2/bundled-deps/expected.json
@@ -102,10 +102,10 @@
       }
     },
     {
-      "id": "tslib@2.6.0",
+      "id": "tslib@1.14.1",
       "info": {
         "name": "tslib",
-        "version": "2.6.0"
+        "version": "1.14.1"
       }
     },
     {
@@ -150,13 +150,6 @@
         "version": "0.3.3"
       }
     },
-    {
-      "id": "[email protected]",
-      "info": {
-        "name": "tslib",
-        "version": "1.14.1"
-      }
-    },
     {
       "id": "@types/[email protected]",
       "info": {
@@ -3867,6 +3860,13 @@
         "version": "2.0.2"
       }
     },
+    {
+      "id": "[email protected]",
+      "info": {
+        "name": "tslib",
+        "version": "2.6.0"
+      }
+    },
     {
       "id": "[email protected]",
       "info": {
@@ -4319,7 +4319,7 @@
             "nodeId": "@sentry/[email protected]"
           },
           {
-            "nodeId": "tslib@2.6.0"
+            "nodeId": "tslib@1.14.1"
           }
         ],
         "info": {
@@ -4346,7 +4346,7 @@
             "nodeId": "@sentry/[email protected]"
           },
           {
-            "nodeId": "tslib@2.6.0"
+            "nodeId": "tslib@1.14.1"
           }
         ],
         "info": {
@@ -4356,8 +4356,8 @@
         }
       },
       {
-        "nodeId": "tslib@2.6.0",
-        "pkgId": "tslib@2.6.0",
+        "nodeId": "tslib@1.14.1",
+        "pkgId": "tslib@1.14.1",
         "deps": [],
         "info": {
           "labels": {
@@ -4440,16 +4440,6 @@
           }
         }
       },
-      {
-        "nodeId": "[email protected]",
-        "pkgId": "[email protected]",
-        "deps": [],
-        "info": {
-          "labels": {
-            "scope": "prod"
-          }
-        }
-      },
       {
         "nodeId": "@types/[email protected]",
         "pkgId": "@types/[email protected]",
@@ -9918,7 +9908,7 @@
         "pkgId": "[email protected]",
         "deps": [
           {
-            "nodeId": "string-width@4.2.3"
+            "nodeId": "string-width@5.1.2"
           }
         ],
         "info": {
@@ -12836,6 +12826,16 @@
           }
         }
       },
+      {
+        "nodeId": "[email protected]",
+        "pkgId": "[email protected]",
+        "deps": [],
+        "info": {
+          "labels": {
+            "scope": "prod"
+          }
+        }
+      },
       {
         "nodeId": "[email protected]",
         "pkgId": "[email protected]",