For analyzing Gradle projects that use the frontend-gradle-plugin, it would be nice if any configured Node.js, npm, pnpm, Yarn version would be adhered to by the ORT analyzer automatically.
Describe the solution you would like
This should ideally work transparently for the user, i.e. respective tool version should be bootstrapped if not yet present.
Alternatives you have considered
The mentioned package manager analyzers could also learn to accept manually provided versions, configured as part of .ort.yml, but that requires to maintain the configured tool version in two places, and does not solve the problem of bootstrapping them.
Maybe a way forward could be to leverage nvm-rust to install the correct Node version on-the-fly, and then use Corepack to install the right Node package manager version.
sschuberth
commented
1 month ago
What is the feature you want to request?
For analyzing Gradle projects that use the frontend-gradle-plugin, it would be nice if any configured Node.js, npm, pnpm, Yarn version would be adhered to by the ORT analyzer automatically.
Describe the solution you would like
This should ideally work transparently for the user, i.e. respective tool version should be bootstrapped if not yet present.
Alternatives you have considered
The mentioned package manager analyzers could also learn to accept manually provided versions, configured as part of
.ort.yml, but that requires to maintain the configured tool version in two places, and does not solve the problem of bootstrapping them.Additional context
See the discussion at https://github.com/nordic-institute/X-Road/pull/2172.