Skip to content

Fix misc package scanning bugs#4073

Merged
AyanSinhaMahapatra merged 2 commits intodevelopfrom
fix-package-scan-bugs
Jan 6, 2025
Merged

Fix misc package scanning bugs#4073
AyanSinhaMahapatra merged 2 commits intodevelopfrom
fix-package-scan-bugs

Conversation

@AyanSinhaMahapatra
Copy link
Member

@AyanSinhaMahapatra AyanSinhaMahapatra commented Jan 6, 2025
edited
Loading

  • Improve conda packages and dependencies parsing
  • Skip failing npm package assembly on invalid package.json

Tasks

  • Reviewed contribution guidelines
  • PR is descriptively titled 📑 and links the original issue above 🔗
  • Tests pass -- look for a green checkbox ✔️ a few minutes after opening your PR
    Run tests locally to check for errors.
  • Commits are in uniquely-named feature branch and has no merge conflicts 📁
  • Updated documentation pages (if applicable)
  • Updated CHANGELOG.rst (if applicable)

@AyanSinhaMahapatra AyanSinhaMahapatra force-pushed the fix-package-scan-bugs branch 3 times, most recently from 5fce14d to 5f62b34 Compare January 6, 2025 11:08
@AyanSinhaMahapatra AyanSinhaMahapatra changed the title Improve conda packages and dependencies parsing Fix misc package scanning bugs Jan 6, 2025
pombredanne
pombredanne reviewed Jan 6, 2025
View reviewed changes
src/packagedcode/conda.py

from packagedcode import models
from packagedcode.pypi import BaseDependencyFileHandler
from dparse2.parser import parse_requirement_line
Copy link
Member

@pombredanne pombredanne Jan 6, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do you really want to use this and not our own pip-requirements-parser?

Copy link
Member Author

@AyanSinhaMahapatra AyanSinhaMahapatra Jan 6, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is what we were using previously with dparse, I added some improvements on the function, and this was using parse_requirement_line internally, but pip-requirements-parser would make more sense possibly, I will open a follow up issue on conda to include this. This would be helpful also to parse requirement lines with source repos.

pombredanne
pombredanne reviewed Jan 6, 2025
View reviewed changes
pombredanne
pombredanne reviewed Jan 6, 2025
View reviewed changes
src/packagedcode/conda.py
name, _, requirement = req.partition(" ")
purl = PackageURL(type=cls.default_package_type, name=name)
version = None
if requirement.startswith("=="):
Copy link
Member

@pombredanne pombredanne Jan 6, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I guess this is OK as a quick fix, but we should steal the code from https://github.com/conda/conda/blob/5eed0193f2acd45b26599af4b71f241fd8666ccd/conda/models/version.py#L52 in the future

pombredanne
pombredanne approved these changes Jan 6, 2025
View reviewed changes
Copy link
Member

@pombredanne pombredanne left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good to merge! And we can refine later

@AyanSinhaMahapatra AyanSinhaMahapatra merged commit 2e69428 into develop Jan 6, 2025
39 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@pombredanne pombredanne pombredanne approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@AyanSinhaMahapatra @pombredanne