[GitHub] [skywalking-eyes] kezhenxu94 commented on a change in pull request #51: Enhance NPM dependency resolver to resolve all the dependent packages

Sun, 01 Aug 2021 20:00:44 -0700 


kezhenxu94 commented on a change in pull request #51:
URL: https://github.com/apache/skywalking-eyes/pull/51#discussion_r680621153



##########
File path: pkg/deps/npm.go
##########
@@ -141,79 +119,132 @@ func (resolver *NpmResolver) NeedSkipInstallPkgs() bool {
 }
 
 // InstallPkgs runs command 'npm install' to install node packages
-func (resolver *NpmResolver) InstallPkgs(root string) error {
+func (resolver *NpmResolver) InstallPkgs() {
        cmd := exec.Command("npm", "install")
-       cmd.Dir = root
        logger.Log.Println(fmt.Sprintf("Run command: %v, please wait", 
cmd.String()))
        cmd.Stdout = os.Stdout
        cmd.Stderr = os.Stderr
+       // Error occurs all the time in npm commands, so no return statement 
here

Review comment:
       Did you figure out why error occurs all the time? Is it because, for 
example, vulnerabilities are found in the dependencies?

##########
File path: pkg/deps/npm.go
##########
@@ -141,79 +119,132 @@ func (resolver *NpmResolver) NeedSkipInstallPkgs() bool {
 }
 
 // InstallPkgs runs command 'npm install' to install node packages
-func (resolver *NpmResolver) InstallPkgs(root string) error {
+func (resolver *NpmResolver) InstallPkgs() {
        cmd := exec.Command("npm", "install")
-       cmd.Dir = root
        logger.Log.Println(fmt.Sprintf("Run command: %v, please wait", 
cmd.String()))
        cmd.Stdout = os.Stdout
        cmd.Stderr = os.Stderr
+       // Error occurs all the time in npm commands, so no return statement 
here
        if err := cmd.Run(); err != nil {
-               return err
+               logger.Log.Errorln(err)
        }
-       return nil
 }
 
-// ResolvePackageLicense resolves the licenses of the given packages.
-func (resolver *NpmResolver) ResolvePackageLicense(depName string, report 
*Report) error {
-       depFiles, err := ioutil.ReadDir(depName)
+// ListPkgPaths runs command 'npm ls --all --parseable' to list all the 
installed packages' paths, one path per line
+// Note that although the flag `--long` can show more information line like a 
package's name,
+// its realization and printing format is not uniform in different npm-cli 
versions
+func (resolver *NpmResolver) ListPkgPaths() (io.Reader, error) {
+       buffer := &bytes.Buffer{}
+       cmd := exec.Command("npm", "ls", "--all", "--parseable")

Review comment:
       This seems to list all dependencies, including `devDependencies` and 
their transitive dependencies as well, which is not what necessarily needed, is 
there any way to only list runtime dependencies, or exclude `devDependencies`?




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to