Support Aliased Dependencies in NPM

trailofbits / it-depends

A tool to automatically build a dependency graph and Software Bill of Materials (SBOM) for packages and arbitrary source code repositories.

https://blog.trailofbits.com/2021/12/16/it-depends/

GNU Lesser General Public License v3.0

330 stars 20 forks source link

Support Aliased Dependencies in NPM #83

Open DarkaMaul opened 8 months ago

DarkaMaul commented 8 months ago

At the moment, the support for NPM dependencies fails at aliased dependencies.

Example for angular package.json

    "@types/node": "^16.11.7",
    "@types/selenium-webdriver": "3.0.7",
    "@types/selenium-webdriver4": "npm:@types/selenium-webdriver@4.1.21",
    "@types/semver": "^7.3.4",
    "@types/shelljs": "^0.8.6",

This PR tries to handle this case by :

Adding an AliasedDependency class that inherits from Dependencies.
Installing dependencies from the real source instead of the alias name