feat: remove npa package name parser and revert to old method

snyk / nodejs-lockfile-parser

Generate a Snyk dependency tree from package-lock.json or yarn.lock file

Other

57 stars 28 forks source link

feat: remove npa package name parser and revert to old method #146

Closed xzhou-snyk closed 2 years ago

xzhou-snyk commented 2 years ago

This PR removes the npm-package-arg package and reverts to the old method when parsing package name. The reason is, npm-package-arg is excellent in parsing package names in package-lock.json, but it couldn't parse certain complicated package names in yarn2.lock, e.g. resolve@patch:resolve@^1.10.0#builtin<compat/resolve> which is using the compat plugin.

snyksec commented 2 years ago

:tada: This PR is included in version 1.40.0 :tada:

The release is available on:

npm package (@latest dist-tag)
GitHub release

Your semantic-release bot :package::rocket: