safedep/vet
1
0
Fork 0
mirror of https://github.com/safedep/vet.git synced 2025-12-10 00:22:08 -06:00
Code Issues Packages Projects Releases 68 Wiki Activity

Merge pull request #178 from safedep/fix/lfp_npm_unavailable_package

Browse Source 
fix: LFP npm handle missing package
This commit is contained in:
Abhisek Datta 2023-12-29 15:19:04 +05:30 committed by GitHub
commit 273d999561
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
pkg/analyzer/lfp_npm.go
View File

@ -96,10 +96,12 @@ func (npm *npmLockfilePoisoningAnalyzer) Analyze(manifest *models.PackageManifes
continue
}
// We don't strictly need this because the package name is extracted from `package-lock.json`
// The impact here is, pkg can be nil in the event and may cause a bug for reporters if they
// don't handle nil package
pkg, ok := pkgMap[packageName]
if !ok {
logger.Warnf("npmLockfilePoisoningAnalyzer: Package [%s] not found in manifest", packageName)
continue
logger.Debugf("npmLockfilePoisoningAnalyzer: Package [%s] not found in manifest", packageName)
}
trustedRegistryUrls := []string{npmRegistryTrustedUrlBase}