Closed xenobytezero closed 5 months ago
@xenobytezero you've also fixed this in your other PR #68 – Am I allowed to close this PR in favor of your newer one?
@xenobytezero you've also fixed this in your other PR #68 – Am I allowed to close this PR in favor of your newer one?
If #68 is going ahead, absolutely.
Tasks
The
moduleParsed
hook calls out togetCorrespondingPackageFromModuleId
for each imported module, which tries to find apackage.json
to extract information from. If it can't find apackage.json
it should traverse up the directory tree a max of 10 times before failing.The current implementation passes
getCorrespondingPackageFromModuleId
directly to thenodeModuleImportedIds.map()
call. This means that thetraverseLimit
param will not beundefined
and use the default of 10, and instead will be the current index in the array (the second param of.map()
). We found this meant a number of packages were getting missed in our output SBOM.This pull request uses an arrow function to call
getCorrespondingPackageFromModuleId
, which will correctly use the default value of 10.