Skip to content

Commit

Permalink
Track git packages
Browse files Browse the repository at this point in the history 
Signed-off-by: Prabhu Subramanian <[email protected]>
  • Loading branch information
@prabhu
prabhu committed Jan 19, 2025
1 parent 551fbf2 commit 95dd4a4
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 4 deletions.
8 changes: 5 additions & 3 deletions lib/helpers/utils.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2060,6 +2060,8 @@ export async function parsePnpmLock(
const workspacePackageNames = {};
// Track references to packages that are directly installed from github.com
const gitPkgRefs = {};
// pnpm could refer to packages from git sources
const githubServerHost = process.env.CDXGEN_GIT_HOST || "github.com";
// Convert workspace package names to an object to help with the lookup
for (const w of workspacePackages || []) {
workspacePackageNames[w] = true;
Expand Down Expand Up @@ -2234,12 +2236,12 @@ export async function parsePnpmLock(
let group = "";
let version;
const versionObj = componentDeps[cdk];
if (versionObj?.version?.startsWith("github.com")) {
if (versionObj?.version?.startsWith(githubServerHost)) {

Check failure

Code scanning / CodeQL

Incomplete URL substring sanitization High

'
github.com
Loading
' may be followed by an arbitrary host name.
const parts = versionObj.version.split("/");
version = parts.pop();
name = parts.pop();
group = parts.pop();
if (group === "github.com") {
if (group === githubServerHost) {
group = "";
} else {
group = `@${group}`;
Expand Down Expand Up @@ -2439,7 +2441,7 @@ export async function parsePnpmLock(
name = gitPkgRefs[fullName].name;
group = gitPkgRefs[fullName].group;
version = gitPkgRefs[fullName].version;
} else if (parts?.length >= 3 && parts[0] === "github.com") {
} else if (parts?.length >= 3 && parts[0] === githubServerHost) {
version = parts[parts.length - 1];
name = parts[parts.length - 2];
group = parts.length === 4 ? `@${parts[parts.length - 3]}` : "";
Expand Down
2 changes: 1 addition & 1 deletion types/lib/helpers/utils.d.ts.map
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

0 comments on commit 95dd4a4

Please sign in to comment.