You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@skywalking.apache.org by GitBox <gi...@apache.org> on 2021/08/02 03:00:40 UTC
[GitHub] [skywalking-eyes] kezhenxu94 commented on a change in pull request #51: Enhance NPM dependency resolver to resolve all the dependent packages
kezhenxu94 commented on a change in pull request #51:
URL: https://github.com/apache/skywalking-eyes/pull/51#discussion_r680621153
##########
File path: pkg/deps/npm.go
##########
@@ -141,79 +119,132 @@ func (resolver *NpmResolver) NeedSkipInstallPkgs() bool {
}
// InstallPkgs runs command 'npm install' to install node packages
-func (resolver *NpmResolver) InstallPkgs(root string) error {
+func (resolver *NpmResolver) InstallPkgs() {
cmd := exec.Command("npm", "install")
- cmd.Dir = root
logger.Log.Println(fmt.Sprintf("Run command: %v, please wait", cmd.String()))
cmd.Stdout = os.Stdout
cmd.Stderr = os.Stderr
+ // Error occurs all the time in npm commands, so no return statement here
Review comment:
Did you figure out why error occurs all the time? Is it because, for example, vulnerabilities are found in the dependencies?
##########
File path: pkg/deps/npm.go
##########
@@ -141,79 +119,132 @@ func (resolver *NpmResolver) NeedSkipInstallPkgs() bool {
}
// InstallPkgs runs command 'npm install' to install node packages
-func (resolver *NpmResolver) InstallPkgs(root string) error {
+func (resolver *NpmResolver) InstallPkgs() {
cmd := exec.Command("npm", "install")
- cmd.Dir = root
logger.Log.Println(fmt.Sprintf("Run command: %v, please wait", cmd.String()))
cmd.Stdout = os.Stdout
cmd.Stderr = os.Stderr
+ // Error occurs all the time in npm commands, so no return statement here
if err := cmd.Run(); err != nil {
- return err
+ logger.Log.Errorln(err)
}
- return nil
}
-// ResolvePackageLicense resolves the licenses of the given packages.
-func (resolver *NpmResolver) ResolvePackageLicense(depName string, report *Report) error {
- depFiles, err := ioutil.ReadDir(depName)
+// ListPkgPaths runs command 'npm ls --all --parseable' to list all the installed packages' paths, one path per line
+// Note that although the flag `--long` can show more information line like a package's name,
+// its realization and printing format is not uniform in different npm-cli versions
+func (resolver *NpmResolver) ListPkgPaths() (io.Reader, error) {
+ buffer := &bytes.Buffer{}
+ cmd := exec.Command("npm", "ls", "--all", "--parseable")
Review comment:
This seems to list all dependencies, including `devDependencies` and their transitive dependencies as well, which is not what necessarily needed, is there any way to only list runtime dependencies, or exclude `devDependencies`?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@skywalking.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org