npm - dependency-radar - Versions diffs - 0.5.0 → 0.5.1 - Mend

dependency-radar 0.5.0 → 0.5.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/runners/lockfileGraph.js +45 -4
package/dist/utils.js +36 -1
package/package.json +1 -1

package/dist/runners/lockfileGraph.js CHANGED Viewed

@@ -437,6 +437,7 @@ function parseNpmTree(projectPath, searchRoot) {
  * @returns A ResolvedTree mapping root dependency names to resolved nodes, or `undefined` if no valid root entry exists in `packages`
  */
 function parseNpmTreeFromPackages(packages, projectPath, lockDir) {
+    const installState = createNpmInstallState(projectPath, lockDir);
     const projectRel = toPosixRelative(lockDir, projectPath);
     const rootKey = projectRel === '' ? '' : projectRel;
     if (!(rootKey in packages) && rootKey !== '') {
@@ -454,7 +455,7 @@ function parseNpmTreeFromPackages(packages, projectPath, lockDir) {
         const childKey = resolveNpmPackagePath(packageKey, depName, packages);
         if (!childKey)
             continue;
-        const childNode = buildNpmNodeFromPackages(childKey, depName, packages, memo, stack);
+        const childNode = buildNpmNodeFromPackages(childKey, depName, packages, memo, stack, installState);
         if (childNode)
             dependencies[childNode.name] = childNode;
     }
@@ -470,18 +471,22 @@ function parseNpmTreeFromPackages(packages, projectPath, lockDir) {
  * @param stack - Recursion stack used to detect and avoid cycles while building the dependency graph.
  * @returns The constructed `ResolvedNode` for `packageKey`, or `undefined` if the entry is missing, invalid, cyclic, or cannot be resolved.
  */
-function buildNpmNodeFromPackages(packageKey, fallbackName, packages, memo, stack) {
+function buildNpmNodeFromPackages(packageKey, fallbackName, packages, memo, stack, installState) {
     if (memo.has(packageKey))
         return memo.get(packageKey);
     if (stack.has(packageKey))
         return undefined;
+    if (!isNpmPackageInstalled(packageKey, installState)) {
+        memo.set(packageKey, undefined);
+        return undefined;
+    }
     const entry = packages[packageKey];
     if (!entry || typeof entry !== 'object')
         return undefined;
     if (entry.link === true && typeof entry.resolved === 'string') {
         const linkedKey = normalizeLockPackageKey(entry.resolved);
         if (linkedKey && linkedKey in packages) {
-            const linkedNode = buildNpmNodeFromPackages(linkedKey, fallbackName, packages, memo, stack);
+            const linkedNode = buildNpmNodeFromPackages(linkedKey, fallbackName, packages, memo, stack, installState);
             memo.set(packageKey, linkedNode);
             return linkedNode;
         }
@@ -506,7 +511,7 @@ function buildNpmNodeFromPackages(packageKey, fallbackName, packages, memo, stac
         const childKey = resolveNpmPackagePath(packageKey, depName, packages);
         if (!childKey)
             continue;
-        const childNode = buildNpmNodeFromPackages(childKey, depName, packages, memo, stack);
+        const childNode = buildNpmNodeFromPackages(childKey, depName, packages, memo, stack, installState);
         if (!childNode)
             continue;
         out.dependencies[childNode.name] = childNode;
@@ -1037,6 +1042,21 @@ function createPnpmInstallState(projectPath) {
         installedCache: new Map()
     };
 }
+/**
+ * Create npm installation state used to filter lockfile package entries to actually installed paths.
+ *
+ * @param projectPath - Filesystem path inside the project to start discovery from
+ * @param lockDir - Directory containing the npm lockfile
+ * @returns Installation state with detected node_modules roots and per-package-key cache
+ */
+function createNpmInstallState(projectPath, lockDir) {
+    const nodeModulesRoots = findNodeModulesRoots(projectPath);
+    return {
+        enabled: nodeModulesRoots.length > 0,
+        lockDir,
+        installedByKeyCache: new Map()
+    };
+}
 /**
  * Discover node_modules directories by walking upward from a starting path.
  *
@@ -1058,6 +1078,27 @@ function findNodeModulesRoots(startPath) {
     }
     return roots;
 }
+/**
+ * Determine whether a package-lock `packages` entry key points to an installed package path.
+ *
+ * @param packageKey - Key from package-lock `packages` map
+ * @param installState - npm installation state with lockDir and cache
+ * @returns `true` when the key should be considered installed, `false` otherwise
+ */
+function isNpmPackageInstalled(packageKey, installState) {
+    if (!installState.enabled)
+        return true;
+    const normalizedKey = normalizeLockPackageKey(packageKey);
+    if (!normalizedKey)
+        return true;
+    const cached = installState.installedByKeyCache.get(normalizedKey);
+    if (cached !== undefined)
+        return cached;
+    const candidate = path_1.default.join(installState.lockDir, ...normalizedKey.split('/'));
+    const installed = safePathExists(candidate);
+    installState.installedByKeyCache.set(normalizedKey, installed);
+    return installed;
+}
 /**
  * Read the names of entries in a directory, returning an empty array if the directory cannot be read.
  *

package/dist/utils.js CHANGED Viewed

@@ -58,11 +58,46 @@ function getDependencyRadarVersion() {
 async function ensureDir(dir) {
     await promises_1.default.mkdir(dir, { recursive: true });
 }
+/**
+ * Write JSON data to a file, creating parent directories as needed.
+ *
+ * Attempts to write a pretty-printed JSON representation of `data` to `filePath`. If pretty-printing fails due to an "Invalid string length" RangeError, falls back to a compact JSON representation.
+ *
+ * @param filePath - The path of the file to write
+ * @param data - The value to serialize to JSON (typically JSON-serializable)
+ * @throws Rethrows errors from JSON serialization (except handled "Invalid string length" for pretty-printing) and filesystem write operations
+ */
 async function writeJsonFile(filePath, data) {
     await ensureDir(path_1.default.dirname(filePath));
-    const content = JSON.stringify(data, null, 2);
+    let content;
+    try {
+        content = JSON.stringify(data, null, 2);
+    }
+    catch (err) {
+        // Large lockfile-derived trees can overflow string length when pretty-printing.
+        if (!isInvalidStringLengthError(err))
+            throw err;
+        content = JSON.stringify(data);
+    }
     await promises_1.default.writeFile(filePath, content, 'utf8');
 }
+/**
+ * Determines whether a value is a RangeError whose message indicates an "Invalid string length".
+ *
+ * @param error - The value to inspect
+ * @returns `true` if `error` is a `RangeError` with a message matching "Invalid string length" (case-insensitive), `false` otherwise.
+ */
+function isInvalidStringLengthError(error) {
+    if (!(error instanceof RangeError))
+        return false;
+    return /Invalid string length/i.test(error.message || '');
+}
+/**
+ * Check whether a filesystem path exists and is accessible.
+ *
+ * @param target - The path to check
+ * @returns `true` if the path exists and is accessible, `false` otherwise
+ */
 async function pathExists(target) {
     try {
         await promises_1.default.access(target);

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "dependency-radar",
-  "version": "0.5.0",
+  "version": "0.5.1",
   "description": "Local-first dependency analysis tool that generates a single HTML report showing risk, size, usage, and structure of your project's dependencies.",
   "main": "dist/index.js",
   "bin": {