safedep/vet
1
0
Fork 0
mirror of https://github.com/safedep/vet.git synced 2025-12-11 01:01:10 -06:00
Code Issues Packages Projects Releases 68 Wiki Activity

fix: LFP npm handle missing package

Browse Source
This commit is contained in:
abhisek 2023-12-29 14:15:27 +05:30
parent ffd73b1e7d
commit 79377e36fc
No known key found for this signature in database
GPG Key ID: CB92A4990C02A88F
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
pkg/analyzer/lfp_npm.go
View File

@ -96,10 +96,12 @@ func (npm *npmLockfilePoisoningAnalyzer) Analyze(manifest *models.PackageManifes
continue continue
} }
// We don't strictly need this because the package name is extracted from `package-lock.json`
// The impact here is, pkg can be nil in the event and may cause a bug for reporters if they
// don't handle nil package
pkg, ok := pkgMap[packageName] pkg, ok := pkgMap[packageName]
if !ok { if !ok {
logger.Warnf("npmLockfilePoisoningAnalyzer: Package [%s] not found in manifest", packageName) logger.Debugf("npmLockfilePoisoningAnalyzer: Package [%s] not found in manifest", packageName)
continue
} }
trustedRegistryUrls := []string{npmRegistryTrustedUrlBase} trustedRegistryUrls := []string{npmRegistryTrustedUrlBase}