Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

NPM scan repository pushes node_modules into PR fix #551

Merged
Merged
24 changes: 22 additions & 2 deletions packagehandlers/npmpackagehandler.go
Original file line number Diff line number Diff line change
@@ -1,6 +1,15 @@
package packagehandlers

import "github.com/jfrog/frogbot/utils"
import (
"fmt"
"github.com/jfrog/frogbot/utils"
"github.com/jfrog/jfrog-client-go/utils/io/fileutils"
)

const (
npmInstallPackageLockOnlyFlag = "--package-lock-only"
npmInstallIgnoreScriptsFlag = "--ignore-scripts"
)

type NpmPackageHandler struct {
CommonPackageHandler
Expand All @@ -19,5 +28,16 @@ func (npm *NpmPackageHandler) UpdateDependency(vulnDetails *utils.VulnerabilityD
}

func (npm *NpmPackageHandler) updateDirectDependency(vulnDetails *utils.VulnerabilityDetails) (err error) {
return npm.CommonPackageHandler.UpdateDependency(vulnDetails, vulnDetails.Technology.GetPackageInstallationCommand())
isNodeModulesExists, err := fileutils.IsDirExists("node_modules", false)
if err != nil {
err = fmt.Errorf("failed while serching for node_modules in project: %s", err.Error())
return
}

commandFlags := []string{npmInstallIgnoreScriptsFlag}
if !isNodeModulesExists {
// In case node_modules don't exist in current dir the fix will update only package.json and package-lock.json
commandFlags = append(commandFlags, npmInstallPackageLockOnlyFlag)
}
return npm.CommonPackageHandler.UpdateDependency(vulnDetails, vulnDetails.Technology.GetPackageInstallationCommand(), commandFlags...)
}
Loading