search

scanoss / sbom-workbench

The SCANOSS SBOM Workbench graphical user interface to scan and audit your source code.
https://scanoss.com/
Other
47 stars 9 forks source link

bug: inaccurate package version #573

Closed lucasgonze closed 1 year ago

lucasgonze commented 1 year ago
  1. Create an empty Node project
  2. npm add @types/tapable@1.0.0 and examine package.json to verify the version:
  "dependencies": {
    "@types/tapable": "^1.0.0"
  }

Or skip steps 1 and 2 and use the attached zip file: repro.zip

  1. In SCANOSS Audit Workbench create a project and add the directory of your Node project. Inspect the detected contents.

Expect: @types/tapable@1.0.0

Actual: @types/tapable version is 2.2.1

Untitled 2

lucasgonze commented 1 year ago

After upgrading my app from 1.3.5 to 1.5.0, the issue was fixed.

isasmendiagus commented 1 year ago

Hello @lucasgonze, thanks for your comments. As you explained, version 1.5.0 solves that problem.