From e9c0ebbb59b1c46de18094afa011bbef5c7d3018 Mon Sep 17 00:00:00 2001 From: Derek Ray Date: Mon, 20 Oct 2025 15:46:09 +0800 Subject: [PATCH 1/4] fix(npm-panic): fix npm parser panic issue --- pkg/dependency/parser/nodejs/npm/parse.go | 4 +++ .../parser/nodejs/npm/parse_test.go | 36 +++++++++++++++++++ 2 files changed, 40 insertions(+) diff --git a/pkg/dependency/parser/nodejs/npm/parse.go b/pkg/dependency/parser/nodejs/npm/parse.go index 72337b173bf2..3c950637cc27 100644 --- a/pkg/dependency/parser/nodejs/npm/parse.go +++ b/pkg/dependency/parser/nodejs/npm/parse.go @@ -345,6 +345,10 @@ func (p *Parser) pkgNameFromPath(pkgPath string) string { // node_modules/function1 // node_modules/nested_func/node_modules/debug if index := strings.LastIndex(pkgPath, nodeModulesDir); index != -1 { + if index+len(nodeModulesDir) == len(pkgPath) { + return "" + } + return pkgPath[index+len(nodeModulesDir)+1:] } p.logger.Warn("Package path doesn't have `node_modules` prefix", log.String("pkg_path", pkgPath)) diff --git a/pkg/dependency/parser/nodejs/npm/parse_test.go b/pkg/dependency/parser/nodejs/npm/parse_test.go index 9a1c08f70660..8510736f7266 100644 --- a/pkg/dependency/parser/nodejs/npm/parse_test.go +++ b/pkg/dependency/parser/nodejs/npm/parse_test.go @@ -88,3 +88,39 @@ func TestParse(t *testing.T) { }) } } + +func TestPkgNameFromPath(t *testing.T) { + tests := []struct { + path string + expected string + }{ + { + path: "node_modules/package-name", + expected: "package-name", + }, + { + path: "node_modules/package-name/sub-package", + expected: "package-name/sub-package", + }, + { + path: "node_modules/package-name/node_modules/sub-sub-package", + expected: "sub-sub-package", + }, + { + path: "node_modules", + expected: "", + }, + { + path: "node_modules/", + expected: "", + }, + } + + parser := &Parser{} + for _, test := range tests { + t.Run(test.path, func(t *testing.T) { + path := parser.pkgNameFromPath(test.path) + assert.Equal(t, path, test.expected) + }) + } +} From 6e0ae741f8cf3748144eda46f01ffc64600b2d2e Mon Sep 17 00:00:00 2001 From: "Derek H.J Ray" Date: Thu, 23 Oct 2025 09:24:09 +0800 Subject: [PATCH 2/4] Update pkg/dependency/parser/nodejs/npm/parse_test.go Co-authored-by: DmitriyLewen <91113035+DmitriyLewen@users.noreply.github.com> --- pkg/dependency/parser/nodejs/npm/parse_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/dependency/parser/nodejs/npm/parse_test.go b/pkg/dependency/parser/nodejs/npm/parse_test.go index 8510736f7266..e91756559c13 100644 --- a/pkg/dependency/parser/nodejs/npm/parse_test.go +++ b/pkg/dependency/parser/nodejs/npm/parse_test.go @@ -99,7 +99,7 @@ func TestPkgNameFromPath(t *testing.T) { expected: "package-name", }, { - path: "node_modules/package-name/sub-package", + path: "node_modules/package-namespace/package-name", expected: "package-name/sub-package", }, { From 62fe48a1cf45e65db8e63ed0b5427729b3d4c5ad Mon Sep 17 00:00:00 2001 From: DmitriyLewen Date: Thu, 23 Oct 2025 13:35:25 +0600 Subject: [PATCH 3/4] refactor: use strings.TrimPrefix for `/` --- pkg/dependency/parser/nodejs/npm/parse.go | 8 ++++++-- pkg/dependency/parser/nodejs/npm/parse_test.go | 10 +++++++--- 2 files changed, 13 insertions(+), 5 deletions(-) diff --git a/pkg/dependency/parser/nodejs/npm/parse.go b/pkg/dependency/parser/nodejs/npm/parse.go index 3c950637cc27..8e3c6ad0470e 100644 --- a/pkg/dependency/parser/nodejs/npm/parse.go +++ b/pkg/dependency/parser/nodejs/npm/parse.go @@ -345,11 +345,15 @@ func (p *Parser) pkgNameFromPath(pkgPath string) string { // node_modules/function1 // node_modules/nested_func/node_modules/debug if index := strings.LastIndex(pkgPath, nodeModulesDir); index != -1 { - if index+len(nodeModulesDir) == len(pkgPath) { + pkgName := pkgPath[index+len(nodeModulesDir):] + pkgName = strings.TrimPrefix(pkgName, "/") + + if pkgName == "" { + p.logger.Warn("Invalid package-lock.json file. Package path doesn't have package name suffix", log.String("pkg_path", pkgPath)) return "" } - return pkgPath[index+len(nodeModulesDir)+1:] + return pkgName } p.logger.Warn("Package path doesn't have `node_modules` prefix", log.String("pkg_path", pkgPath)) return pkgPath diff --git a/pkg/dependency/parser/nodejs/npm/parse_test.go b/pkg/dependency/parser/nodejs/npm/parse_test.go index e91756559c13..53f2707e677f 100644 --- a/pkg/dependency/parser/nodejs/npm/parse_test.go +++ b/pkg/dependency/parser/nodejs/npm/parse_test.go @@ -99,13 +99,17 @@ func TestPkgNameFromPath(t *testing.T) { expected: "package-name", }, { - path: "node_modules/package-namespace/package-name", - expected: "package-name/sub-package", + path: "node_modules/@package-namespace/package-name", + expected: "@package-namespace/package-name", }, { path: "node_modules/package-name/node_modules/sub-sub-package", expected: "sub-sub-package", }, + { + path: "no/node/modules/dir", + expected: "no/node/modules/dir", + }, { path: "node_modules", expected: "", @@ -116,7 +120,7 @@ func TestPkgNameFromPath(t *testing.T) { }, } - parser := &Parser{} + parser := NewParser() for _, test := range tests { t.Run(test.path, func(t *testing.T) { path := parser.pkgNameFromPath(test.path) From 79c855971499b2241fd3126dafbb02beb82f45d6 Mon Sep 17 00:00:00 2001 From: DmitriyLewen Date: Thu, 23 Oct 2025 14:08:51 +0600 Subject: [PATCH 4/4] fix: linter error --- pkg/dependency/parser/nodejs/npm/parse_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/dependency/parser/nodejs/npm/parse_test.go b/pkg/dependency/parser/nodejs/npm/parse_test.go index 53f2707e677f..f9984b21128f 100644 --- a/pkg/dependency/parser/nodejs/npm/parse_test.go +++ b/pkg/dependency/parser/nodejs/npm/parse_test.go @@ -124,7 +124,7 @@ func TestPkgNameFromPath(t *testing.T) { for _, test := range tests { t.Run(test.path, func(t *testing.T) { path := parser.pkgNameFromPath(test.path) - assert.Equal(t, path, test.expected) + assert.Equal(t, test.expected, path) }) } }