search

janbiasi / rollup-plugin-sbom

Create SBOMs in CycloneDX format for your Vite or Rollup projects with ease
MIT License
6 stars 2 forks source link

fix: traversal limit ignoring default value #66

Closed xenobytezero closed 5 months ago

xenobytezero commented 5 months ago

Tasks

The moduleParsed hook calls out to getCorrespondingPackageFromModuleId for each imported module, which tries to find a package.json to extract information from. If it can't find a package.json it should traverse up the directory tree a max of 10 times before failing.

The current implementation passes getCorrespondingPackageFromModuleId directly to the nodeModuleImportedIds.map() call. This means that the traverseLimit param will not be undefined and use the default of 10, and instead will be the current index in the array (the second param of .map()). We found this meant a number of packages were getting missed in our output SBOM.

This pull request uses an arrow function to call getCorrespondingPackageFromModuleId, which will correctly use the default value of 10.

janbiasi commented 5 months ago

@xenobytezero you've also fixed this in your other PR #68 – Am I allowed to close this PR in favor of your newer one?

xenobytezero commented 5 months ago

@xenobytezero you've also fixed this in your other PR #68 – Am I allowed to close this PR in favor of your newer one?

If #68 is going ahead, absolutely.