Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

NPM scan repository pushes node_modules into PR fix #551

Merged
merged 13 commits into from
Oct 29, 2023
Merged

NPM scan repository pushes node_modules into PR fix #551

Changes from 10 commits
Commits
Show all changes
13 commits
Select commit Hold shift + click to select a range
ca1aeba
fix bug: node_modules are pushed into the fixed PR
eranturgeman Oct 24, 2023
a9a67e4
changed flag to const
eranturgeman Oct 24, 2023
248e5d0
fixed all logic into single flag
eranturgeman Oct 24, 2023
ce5dab8
Merge branch 'dev' of https://github.com/jfrog/frogbot into npm-scan-…
eranturgeman Oct 24, 2023
99d836b
Merge branch 'dev' into npm-scan-repo-pushs-node-modules-fix
eranturgeman Oct 25, 2023
01b669a
Merge branch 'dev' of https://github.com/jfrog/frogbot into npm-scan-…
eranturgeman Oct 25, 2023
25beb03
improved fix command for npm
eranturgeman Oct 26, 2023
a0f15e7
Merge remote-tracking branch 'eran-fork/npm-scan-repo-pushs-node-modu…
eranturgeman Oct 26, 2023
61d0128
Merge branch 'dev' into npm-scan-repo-pushs-node-modules-fix
eranturgeman Oct 26, 2023
b951ad5
fixed issues
eranturgeman Oct 26, 2023
636a11f
Update packagehandlers/npmpackagehandler.go
eranturgeman Oct 26, 2023
f4e9db0
fixed issues
eranturgeman Oct 26, 2023
f461b17
refactor for cleaner code
eranturgeman Oct 29, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
23 changes: 21 additions & 2 deletions packagehandlers/npmpackagehandler.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,16 @@
package packagehandlers

import "github.com/jfrog/frogbot/utils"
import (
"fmt"
"github.com/jfrog/frogbot/utils"
"github.com/jfrog/jfrog-client-go/utils/io/fileutils"
"path/filepath"
)

const (
npmInstallPackageLockOnlyFlag = "--package-lock-only"
npmInstallIgnoreScriptsFlag = "--ignore-scripts"
)

type NpmPackageHandler struct {
CommonPackageHandler
Expand All @@ -19,5 +29,14 @@ func (npm *NpmPackageHandler) UpdateDependency(vulnDetails *utils.VulnerabilityD
}

func (npm *NpmPackageHandler) updateDirectDependency(vulnDetails *utils.VulnerabilityDetails) (err error) {
return npm.CommonPackageHandler.UpdateDependency(vulnDetails, vulnDetails.Technology.GetPackageInstallationCommand())
isNodeModulesExists, err := fileutils.IsDirExists(filepath.Join(".", "node_modules"), false)
eranturgeman marked this conversation as resolved.
Show resolved Hide resolved
if err != nil {
err = fmt.Errorf("failed while serching for node_modules in project: %s", err.Error())
return
}
if !isNodeModulesExists {
// In case node_modules don't exist in current dir the fix will update only package.json and package-lock.json
return npm.CommonPackageHandler.UpdateDependency(vulnDetails, vulnDetails.Technology.GetPackageInstallationCommand(), npmInstallPackageLockOnlyFlag, npmInstallIgnoreScriptsFlag)
}
return npm.CommonPackageHandler.UpdateDependency(vulnDetails, vulnDetails.Technology.GetPackageInstallationCommand(), npmInstallIgnoreScriptsFlag)
}
Loading