Merge pull request #296 from snyk/feat/CSENG-94/add-npm-scope

feat: add npm scope [CSENG-94]

Author: snyk-abedonik

lib/dep-graph-builders/npm-lock-v2/index.ts

@@ -13,6 +13,7 @@ import {
   getTopLevelDeps,
   parsePkgJson,
   PkgNode,
+  createNodeInfo,
 } from '../util';
 import { OutOfSyncError } from '../../errors';
 import { LockfileType } from '../../parsers';
@@ -38,6 +39,7 @@ export const parseNpmLockV2Project = async (
     strictOutOfSync,
     includeOptionalDeps,
     pruneNpmStrictOutOfSync,
+    showNpmScope,
   } = options;
 
   const pkgJson: PackageJsonBase = parsePkgJson(
@@ -52,6 +54,7 @@ export const parseNpmLockV2Project = async (
     includeOptionalDeps,
     strictOutOfSync,
     pruneNpmStrictOutOfSync,
+    showNpmScope,
   });
 
   return depgraph;
@@ -67,10 +70,12 @@ export const buildDepGraphNpmLockV2 = async (
     strictOutOfSync,
     includeOptionalDeps,
     pruneNpmStrictOutOfSync,
+    showNpmScope,
   } = options;
   const depGraphBuilder = new DepGraphBuilder(
     { name: 'npm' },
     { name: pkgJson.name as string, version: pkgJson.version },
+    createNodeInfo(options),
   );
 
   const topLevelDeps = getTopLevelDeps(pkgJson, {
@@ -120,6 +125,7 @@ export const buildDepGraphNpmLockV2 = async (
     pkgKeysByName,
     pkgJson.overrides,
     pruneNpmStrictOutOfSync,
+    showNpmScope,
   );
   return depGraphBuilder.build();
 };
@@ -144,6 +150,7 @@ const dfsVisit = async (
   pkgKeysByName: Map<string, string[]>,
   overrides: Overrides | undefined,
   pruneNpmStrictOutOfSync?: boolean,
+  showNpmScope?: boolean,
 ): Promise<void> => {
   visitedMap.add(node.id);
 
@@ -175,7 +182,7 @@ const dfsVisit = async (
     );
 
     if (!visitedMap.has(childNode.id)) {
-      addPkgNodeToGraph(depGraphBuilder, childNode, {});
+      addPkgNodeToGraph(depGraphBuilder, childNode, { showNpmScope });
       await dfsVisit(
         depGraphBuilder,
         childNode,
@@ -196,6 +203,8 @@ const dfsVisit = async (
         ],
         pkgKeysByName,
         overrides,
+        undefined,
+        showNpmScope,
       );
     }
 

lib/dep-graph-builders/pnpm/build-dep-graph-pnpm.ts

@@ -1,5 +1,5 @@
 import { DepGraphBuilder } from '@snyk/dep-graph';
-import { getTopLevelDeps } from '../util';
+import { createNodeInfo, getTopLevelDeps } from '../util';
 import type { Overrides, PnpmProjectParseOptions } from '../types';
 import type { PackageJsonBase } from '../types';
 import { getPnpmChildNode } from './utils';
@@ -28,11 +28,13 @@ export const buildDepGraphPnpm = async (
     includeOptionalDeps,
     includeDevDeps,
     pruneWithinTopLevelDeps,
+    showNpmScope,
   } = options;
 
   const depGraphBuilder = new DepGraphBuilder(
     { name: 'pnpm' },
     { name: pkgJson.name, version: pkgJson.version || UNDEFINED_VERSION },
+    createNodeInfo(options),
   );
 
   lockFileParser.extractedPackages = lockFileParser.extractPackages();
@@ -84,6 +86,8 @@ export const buildDepGraphPnpm = async (
     pkgJson.pnpm?.overrides || {},
     pruneWithinTopLevelDeps,
     lockFileParser,
+    undefined,
+    showNpmScope,
   );
 
   return depGraphBuilder.build();
@@ -107,6 +111,7 @@ const dfsVisit = async (
   pruneWithinTopLevel: boolean,
   lockFileParser: PnpmLockfileParser,
   visited?: Set<string>,
+  showNpmScope?: boolean,
 ): Promise<void> => {
   for (const [name, depInfo] of Object.entries(node.dependencies || {})) {
     if (eventLoopSpinner.isStarving()) {
@@ -134,6 +139,9 @@ const dfsVisit = async (
           {
             labels: {
               scope: childNode.isDev ? 'dev' : 'prod',
+              ...(showNpmScope && {
+                'npm:scope': childNode.isDev ? 'dev' : 'prod',
+              }),
               pruned: 'true',
               ...(node.missingLockFileEntry && {
                 missingLockFileEntry: 'true',
@@ -154,6 +162,9 @@ const dfsVisit = async (
       {
         labels: {
           scope: childNode.isDev ? 'dev' : 'prod',
+          ...(showNpmScope && {
+            'npm:scope': childNode.isDev ? 'dev' : 'prod',
+          }),
           ...(node.missingLockFileEntry && {
             missingLockFileEntry: 'true',
           }),
@@ -174,6 +185,7 @@ const dfsVisit = async (
       pruneWithinTopLevel,
       lockFileParser,
       localVisited,
+      showNpmScope,
     );
   }
 };

lib/dep-graph-builders/pnpm/parse-project.ts

@@ -17,6 +17,7 @@ export const parsePnpmProject = async (
     includeOptionalDeps,
     strictOutOfSync,
     pruneWithinTopLevelDeps,
+    showNpmScope,
   } = options;
   let importer = '';
 
@@ -47,6 +48,7 @@ export const parsePnpmProject = async (
       includePeerDeps,
       includeOptionalDeps,
       pruneWithinTopLevelDeps,
+      showNpmScope,
     },
     importer,
   );

lib/dep-graph-builders/pnpm/parse-workspace-project.ts

@@ -20,6 +20,7 @@ export const parsePnpmWorkspaceProject = async (
     includeOptionalDeps,
     strictOutOfSync,
     pruneWithinTopLevelDeps,
+    showNpmScope,
   } = options;
 
   const lockFileParser: PnpmLockfileParser = getPnpmLockfileParser(
@@ -47,6 +48,7 @@ export const parsePnpmWorkspaceProject = async (
       strictOutOfSync,
       includeOptionalDeps,
       pruneWithinTopLevelDeps,
+      showNpmScope,
     },
     importer,
   );

lib/dep-graph-builders/pnpm/parse-workspace.ts

@@ -56,6 +56,7 @@ export const parsePnpmWorkspace = async (
     strictOutOfSync,
     pruneWithinTopLevelDeps,
     exclude,
+    showNpmScope,
   } = options;
 
   const pnpmLockfileContents = getFileContents(
@@ -110,6 +111,7 @@ export const parsePnpmWorkspace = async (
           strictOutOfSync,
           includeOptionalDeps,
           pruneWithinTopLevelDeps,
+          showNpmScope,
         },
         importer,
       );

lib/dep-graph-builders/types.ts

@@ -46,6 +46,7 @@ export type DepGraphBuildOptions = {
   includePeerDeps?: boolean;
   pruneNpmStrictOutOfSync?: boolean;
   honorAliases?: boolean;
+  showNpmScope?: boolean;
 };
 
 export type LockFileParseOptions = {
@@ -69,6 +70,7 @@ export type YarnLockV2ProjectParseOptions = {
   strictOutOfSync: boolean;
   pruneWithinTopLevelDeps: boolean;
   honorAliases?: boolean;
+  showNpmScope?: boolean;
 };
 
 /*
@@ -86,6 +88,7 @@ export type YarnLockV1ProjectParseOptions = {
   strictOutOfSync: boolean;
   pruneLevel: PruneLevel;
   honorAliases?: boolean;
+  showNpmScope?: boolean;
 };
 
 export type Yarn1DepGraphBuildOptions = {
@@ -94,6 +97,7 @@ export type Yarn1DepGraphBuildOptions = {
   includePeerDeps: boolean;
   strictOutOfSync: boolean;
   pruneWithinTopLevelDeps: boolean;
+  showNpmScope?: boolean;
 };
 
 export type PnpmWorkspaceArgs = {
@@ -113,6 +117,7 @@ export type PnpmProjectParseOptions = {
   strictOutOfSync: boolean;
   pruneWithinTopLevelDeps: boolean;
   exclude?: string;
+  showNpmScope?: boolean;
 };
 
 type NodePkgManagers = 'npm' | 'yarn' | 'pnpm';

lib/dep-graph-builders/util.ts

@@ -1,5 +1,6 @@
-import { PackageJsonBase } from './types';
+import { DepGraphBuildOptions, PackageJsonBase } from './types';
 import { DepGraphBuilder } from '@snyk/dep-graph';
+import type { NodeInfo } from '@snyk/dep-graph/dist/core/types';
 import { InvalidUserInputError } from '../errors';
 import { NormalisedPkgs } from './types';
 import { OutOfSyncError } from '../errors';
@@ -28,12 +29,27 @@ export interface PkgNode {
   };
 }
 
+export const createNodeInfo = (
+  options: DepGraphBuildOptions,
+  scope = 'unknown',
+): NodeInfo | undefined => {
+  if (options.showNpmScope) {
+    return {
+      labels: {
+        'npm:scope': scope,
+      },
+    };
+  }
+  return;
+};
+
 export const addPkgNodeToGraph = (
   depGraphBuilder: DepGraphBuilder,
   node: PkgNode,
   options: {
     isCyclic?: boolean;
     isWorkspacePkg?: boolean;
+    showNpmScope?: boolean;
   },
 ): DepGraphBuilder => {
   return depGraphBuilder.addPkgNode(
@@ -42,6 +58,9 @@ export const addPkgNodeToGraph = (
     {
       labels: {
         scope: node.isDev ? 'dev' : 'prod',
+        ...(options.showNpmScope && {
+          'npm:scope': node.isDev ? 'dev' : 'prod',
+        }),
         ...(options.isCyclic && { pruned: 'cyclic' }),
         ...(options.isWorkspacePkg && { pruned: 'true' }),
         ...(node.missingLockFileEntry && { missingLockFileEntry: 'true' }),

lib/dep-graph-builders/yarn-lock-v1/build-depgraph-simple-pruned.ts

@@ -4,6 +4,7 @@ import {
   getChildNode,
   getTopLevelDeps,
   PkgNode,
+  createNodeInfo,
 } from '../util';
 import type { NormalisedPkgs, PackageJsonBase } from '../types';
 import type { DepGraphBuildOptions } from '../types';
@@ -19,11 +20,13 @@ export const buildDepGraphYarnLockV1SimpleCyclesPruned = async (
   pkgJson: PackageJsonBase,
   options: DepGraphBuildOptions,
 ) => {
-  const { includeDevDeps, strictOutOfSync, includeOptionalDeps } = options;
+  const { includeDevDeps, strictOutOfSync, includeOptionalDeps, showNpmScope } =
+    options;
 
   const depGraphBuilder = new DepGraphBuilder(
     { name: 'yarn' },
     { name: pkgJson.name, version: pkgJson.version },
+    createNodeInfo(options),
   );
 
   const colorMap: Record<string, Color> = {};
@@ -45,6 +48,7 @@ export const buildDepGraphYarnLockV1SimpleCyclesPruned = async (
     extractedYarnLockV1Pkgs,
     strictOutOfSync,
     includeOptionalDeps,
+    showNpmScope,
   );
 
   return depGraphBuilder.build();
@@ -66,6 +70,7 @@ const dfsVisit = async (
   extractedYarnLockV1Pkgs: NormalisedPkgs,
   strictOutOfSync: boolean,
   includeOptionalDeps: boolean,
+  showNpmScope?: boolean,
 ): Promise<void> => {
   colorMap[node.id] = Color.GRAY;
 
@@ -84,19 +89,23 @@ const dfsVisit = async (
     );
 
     if (!colorMap.hasOwnProperty(childNode.id)) {
-      addPkgNodeToGraph(depGraphBuilder, childNode, {});
+      addPkgNodeToGraph(depGraphBuilder, childNode, { showNpmScope });
       await dfsVisit(
         depGraphBuilder,
         childNode,
         colorMap,
         extractedYarnLockV1Pkgs,
         strictOutOfSync,
         includeOptionalDeps,
+        showNpmScope,
       );
     } else if (colorMap[childNode.id] === Color.GRAY) {
       // cycle detected
       childNode.id = `${childNode.id}:pruned`;
-      addPkgNodeToGraph(depGraphBuilder, childNode, { isCyclic: true });
+      addPkgNodeToGraph(depGraphBuilder, childNode, {
+        isCyclic: true,
+        showNpmScope,
+      });
     }
 
     depGraphBuilder.connectDep(node.id, childNode.id);