refactor(scanner)!: implement name and version in rootDependency (#563)

Author: fraxken

.changeset/tough-colts-taste.md

@@ -0,0 +1,5 @@
+---
+"@nodesecure/scanner": major
+---
+
+Refactor payload rootDependency to include name and version

workspaces/scanner/src/comparePayloads.ts

@@ -94,17 +94,17 @@ export function comparePayloads(
     );
   }
 
-  if (payload.rootDependencyName !== comparedPayload.rootDependencyName) {
+  if (payload.rootDependency.name !== comparedPayload.rootDependency.name) {
     throw new Error(
-      `You can't compare different package payloads '${payload.rootDependencyName}' and '${comparedPayload.rootDependencyName}'`
+      `You can't compare different package payloads '${payload.rootDependency.name}' and '${comparedPayload.rootDependency.name}'`
     );
   }
 
-  const givenVersion = Object.keys(payload.dependencies[payload.rootDependencyName].versions)[0];
-  const comparedVersion = Object.keys(comparedPayload.dependencies[comparedPayload.rootDependencyName].versions)[0];
+  const givenVersion = payload.rootDependency.version;
+  const comparedVersion = comparedPayload.rootDependency.version;
 
   return {
-    title: `'${payload.rootDependencyName}@${givenVersion}' -> '${comparedPayload.rootDependencyName}@${comparedVersion}'`,
+    title: `'${payload.rootDependency.name}@${givenVersion}' -> '${comparedPayload.rootDependency.name}@${comparedVersion}'`,
     warnings: arrayDiff(
       payload.warnings,
       comparedPayload.warnings

workspaces/scanner/src/depWalker.ts

@@ -113,7 +113,10 @@ export async function depWalker(
 
   const payload: Partial<Payload> = {
     id: tempDir.id,
-    rootDependencyName: manifest.name ?? "workspace",
+    rootDependency: {
+      name: manifest.name ?? "workspace",
+      version: manifest.version ?? "0.0.0"
+    },
     scannerVersion: packageVersion,
     vulnerabilityStrategy,
     warnings: []

workspaces/scanner/src/types.ts

@@ -188,7 +188,10 @@ export interface Payload {
   /** Payload unique id */
   id: string;
   /** Name of the analyzed package */
-  rootDependencyName: string;
+  rootDependency: {
+    name: string;
+    version: string;
+  };
   /** Global warnings list */
   warnings: GlobalWarning[];
   highlighted: {

workspaces/scanner/test/depWalker.spec.ts

@@ -168,13 +168,13 @@ test("fetch payload of pacote on the npm registry", async() => {
 
   assert.deepEqual(Object.keys(result), [
     "id",
-    "rootDependencyName",
+    "rootDependency",
     "scannerVersion",
     "vulnerabilityStrategy",
     "warnings",
+    "integrity",
     "highlighted",
-    "dependencies",
-    "integrity"
+    "dependencies"
   ]);
   assert.strictEqual(typeof result.integrity, "string");
 });
@@ -188,13 +188,13 @@ test("fetch payload of pacote on the gitlab registry", async() => {
 
   assert.deepEqual(Object.keys(result), [
     "id",
-    "rootDependencyName",
+    "rootDependency",
     "scannerVersion",
     "vulnerabilityStrategy",
     "warnings",
+    "integrity",
     "highlighted",
-    "dependencies",
-    "integrity"
+    "dependencies"
   ]);
   assert.strictEqual(typeof result.integrity, "string");
 });
@@ -262,7 +262,10 @@ describe("scanner.cwd()", () => {
       path.join(kFixturePath, "workspace-no-name-version")
     );
 
-    assert.strictEqual(result.rootDependencyName, "workspace");
+    assert.deepStrictEqual(result.rootDependency, {
+      name: "workspace",
+      version: "0.0.0"
+    });
     assert.strictEqual(result.integrity, null);
   });
 });

workspaces/scanner/test/fixtures/extractors/express.json

@@ -1,6 +1,9 @@
 {
   "id": "XcwpAJ",
-  "rootDependencyName": "express",
+  "rootDependency": {
+    "name": "express",
+    "version": "4.21.2"
+  },
   "scannerVersion": "6.1.0",
   "vulnerabilityStrategy": "none",
   "warnings": [

workspaces/scanner/test/fixtures/extractors/strnum.json

@@ -1,6 +1,9 @@
 {
   "id": "54mMPc",
-  "rootDependencyName": "strnum",
+  "rootDependency": {
+    "name": "strnum",
+    "version": "1.1.2"
+  },
   "scannerVersion": "6.4.0",
   "vulnerabilityStrategy": "none",
   "warnings": [],

workspaces/scanner/test/fixtures/scannerPayloads/deeplyUpdatedPayload.json

@@ -1,6 +1,9 @@
 {
   "id": "hjnfnJ",
-  "rootDependencyName": "foo",
+  "rootDependency": {
+    "name": "foo",
+    "version": "2.0.0"
+  },
   "warnings": [],
   "dependencies": {
     "foo": {

workspaces/scanner/test/fixtures/scannerPayloads/nullAuthor.json

@@ -1,6 +1,9 @@
 {
   "id": "YtK0Cx",
-  "rootDependencyName": "foo",
+  "rootDependency": {
+    "name": "foo",
+    "version": "2.0.0"
+  },
   "warnings": [],
   "highlighted": {},
   "vulnerabilityStrategy": "npm",

workspaces/scanner/test/fixtures/scannerPayloads/otherRootDependency.json

@@ -1,4 +1,7 @@
 {
   "id": "hjnfnJ",
-  "rootDependencyName": "bar"
+  "rootDependency": {
+    "name": "bar",
+    "version": "0.0.0"
+  }
 }