fix(scanner): support string format for 'repository' field in comparePayloads (#624)

7amed3li · web-flow · commit e33841050a13 · 2026-02-01T22:46:51.000+01:00
diff --git a/.changeset/extra-files-count.md b/.changeset/extra-files-count.md
@@ -0,0 +1,5 @@
+---
+"@nodesecure/scanner": patch
+---
+
+fix: support string format for 'repository' field in comparePayloads
diff --git a/workspaces/scanner/src/comparePayloads.ts b/workspaces/scanner/src/comparePayloads.ts
@@ -51,7 +51,7 @@ export interface DependencyVersionComparison {
   description: ValueComparison<string>;
   author: ValueComparison<Maintainer>;
   engines: DictionaryComparison<string>;
-  repository: ValueComparison<Repository>;
+  repository: ValueComparison<Repository | string | undefined>;
   scripts: DictionaryComparison<string>;
   warnings: ArrayDiff<Warning>;
   composition: CompositionComparison;
@@ -166,9 +166,7 @@ function compareVersions(
       author: version.author && comparedVersion.author ? compareObjects("name", version.author, comparedVersion.author) : void 0,
       // @ts-ignore
       engines: compareDictionnaries(version.engines, comparedVersion.engines),
-      // FIXME: repository can be a string: https://github.com/pillarjs/encodeurl/blob/master/package.json#L14
-      repository: compareObjects("type", version.repository, comparedVersion.repository)
-        ?? compareObjects("url", version.repository, comparedVersion.repository),
+      repository: compareRepositories(version.repository, comparedVersion.repository),
       scripts: compareDictionnaries(version.scripts, comparedVersion.scripts),
       warnings: arrayDiff(version.warnings, comparedVersion.warnings),
       composition: compareComposition(version.composition, comparedVersion.composition),
@@ -312,3 +310,15 @@ export function arrayOfObjectsDiffByKey<T extends Record<string, any>>(
 
   return { added, removed };
 }
+
+function compareRepositories(
+  original: DependencyVersion["repository"],
+  toCompare: DependencyVersion["repository"]
+): ValueComparison<Repository | string | undefined> {
+  if (typeof original === "string" || typeof toCompare === "string") {
+    return compareValues(original, toCompare);
+  }
+
+  return compareObjects("type", original, toCompare)
+    ?? compareObjects("url", original, toCompare);
+}
diff --git a/workspaces/scanner/src/types.ts b/workspaces/scanner/src/types.ts
@@ -67,7 +67,7 @@ export interface DependencyVersion {
   /** Author of the package. This information is not trustable and can be empty. */
   author: Maintainer | null;
   engines: Engines;
-  repository?: Repository;
+  repository?: Repository | string;
   scripts: Record<string, string>;
   /**
    * JS-X-Ray warnings

-Original file line number
+Diff line change
@@ @@ -0,0 +1,5 @@ @@
 +---
 +"@nodesecure/scanner": patch
 +---
++
 +fix: support string format for 'repository' field in comparePayloads