Skip to content

feat: allow NPM autodiscovery to ignore version constraint #6360

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
olblak merged 17 commits into from
Oct 16, 2025
Merged

feat: allow NPM autodiscovery to ignore version constraint #6360

olblak merged 17 commits into from
Oct 16, 2025

Conversation

@olblak
Copy link
Member

@olblak olblak commented Oct 15, 2025
edited
Loading

This pull request allows ignoring version constraint from packages.json

After using the NPM autodiscovery plugin for a while, I realize that It would be better to ignore version constraint by default and to suggest the latest version available regardless of the constraint defined in the package.json

More context from here to understand the initial design.

This new behavior can be enabled/disabled using the new parameter ignoreversionconstraints.
By default it's set to false (no breaking change)

Here is an example

name: testing npm pr
autodiscovery:
  crawlers:
    npm:
      ignoreversionconstraints: true
      only:
        - packages:
            "js-yaml": ""
      #    hasversionconstraint: true
      versionfilter:
        kind: semver
        pattern: majoronly

While working on this, I am also adding a new matchingrule named "hasversionconstraint" to be able to only/ignore npm modules with or without a version constraint.

If a version constraint is detected and the ignoreVersionConstraint flag is set to true, the code initially sets the version filter pattern to a wildcard (*), meaning any version is acceptable. However, if a custom version filter is also defined and the dependency version is not "latest", it attempts to convert the version constraint into a specific version.

If a version constraint exists but ignoreVersionConstraint is false and a version filter is defined, the code logs a warning. This is because the system does not currently support applying both the package's version constraint and an additional version filter at the same time, as there is no clear use case for this scenario.

Finally, if no version constraint is present, the code constructs a default filter pattern that matches versions greater than or equal to the specified dependency version. If a custom version filter is defined, it uses the filter's kind and attempts to generate a more specific pattern.

Test

To test this pull request, you can run the following commands:

cd pkg/plugins/autodiscovery/npm/
go test

Additional Information

Checklist

  • I have updated the documentation via pull request in website repository.

Tradeoff

Potential improvement

@olblak olblak added the enhancement New feature or request label Oct 15, 2025
@olblak olblak added autodiscovery All things related to the autodiscovery feature resource-npm labels Oct 15, 2025
@olblak olblak requested a review from Copilot October 15, 2025 17:47
Copilot AI reviewed Oct 15, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR introduces a new feature allowing NPM autodiscovery to optionally ignore version constraints defined in package.json, enabling updates to the latest available version regardless of specified constraints. By default, the new ignoreversionconstraints parameter is set to true.

Key changes:

  • Added IgnoreVersionConstraints field to the Spec struct with default behavior to ignore constraints
  • Introduced HasVersionConstraint matching rule to filter packages based on version constraint presence
  • Implemented convertSemverVersionConstraintToVersion utility to extract versions from constraints

Reviewed Changes

Copilot reviewed 7 out of 7 changed files in this pull request and generated 4 comments.

Show a summary per file
File Description
pkg/plugins/autodiscovery/npm/main.go Added IgnoreVersionConstraints configuration field and logic to set default behavior
pkg/plugins/autodiscovery/npm/dependency.go Implemented version constraint handling logic based on the new ignore flag
pkg/plugins/autodiscovery/npm/utils.go Added utility function to convert version constraints to semantic versions
pkg/plugins/autodiscovery/npm/utils_test.go Added comprehensive tests for version constraint conversion
pkg/plugins/autodiscovery/npm/matchingRule.go Added HasVersionConstraint field and matching logic
pkg/plugins/autodiscovery/npm/matchingRule_test.go Added tests for version constraint matching rules
pkg/plugins/autodiscovery/npm/main_test.go Added integration tests for ignore version constraint behavior

Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.

@olblak olblak requested a review from Copilot October 15, 2025 17:56
@olblak olblak enabled auto-merge (squash) October 15, 2025 17:56
Copilot AI reviewed Oct 15, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

Copilot reviewed 7 out of 7 changed files in this pull request and generated 1 comment.

Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.

@olblak olblak merged commit c44d89e into updatecli:main Oct 16, 2025
5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

autodiscovery All things related to the autodiscovery feature enhancement New feature or request resource-npm

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@olblak