Skip to content

Commit

Permalink
fix: plugin no longer crashes in rollup only scenarios
Browse files Browse the repository at this point in the history
  • Loading branch information
xenobytezero authored and janbiasi committed May 3, 2024
1 parent 8af3b74 commit 85d8daf
Show file tree
Hide file tree
Showing 5 changed files with 40 additions and 28 deletions.
1 change: 1 addition & 0 deletions package.json
Original file line number Diff line number Diff line change
Expand Up @@ -67,6 +67,7 @@
"@commitlint/cli": "19.2.2",
"@commitlint/config-conventional": "19.2.2",
"@types/node": "20.12.7",
"@types/normalize-package-data": "^2.4.4",
"@typescript-eslint/eslint-plugin": "7.7.0",
"@typescript-eslint/parser": "7.7.0",
"@vitest/coverage-v8": "1.5.0",
Expand Down
5 changes: 4 additions & 1 deletion pnpm-lock.yaml

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

33 changes: 15 additions & 18 deletions src/builder.ts
Original file line number Diff line number Diff line change
@@ -1,8 +1,7 @@
import { dirname } from "node:path";
import { createRequire } from "node:module";

import { type Builders, type Models, type Factories } from "@cyclonedx/cyclonedx-library";
import { getPackageJson } from "./helpers";
import { getCorrespondingPackageFromModuleId } from "./helpers";

const require = createRequire(import.meta.url);

Expand All @@ -17,24 +16,22 @@ export function registerPackageUrlOnComponent(
}

export async function registerTools(bom: Models.Bom, builder: Builders.FromNodePackageJson.ToolBuilder) {
// register rollup-plugin-sbom (for vite and rollup)
const pkg = await getPackageJson(dirname(require.resolve("rollup-plugin-sbom")));
if (pkg) {
const tool = builder.makeTool(pkg);
tool && bom.metadata.tools.add(tool);
async function registerTool(packageName: string) {
try {
const modulePath = require.resolve(packageName);
const pkgJson = await getCorrespondingPackageFromModuleId(modulePath);
if (pkgJson) {
const tool = builder.makeTool(pkgJson);
tool && bom.metadata.tools.add(tool);
}
} catch {
// do nothing
}
}

// register vite if available
const vitePkg = await getPackageJson(dirname(require.resolve("vite")));
if (vitePkg) {
const tool = builder.makeTool(vitePkg);
tool && bom.metadata.tools.add(tool);
}
const knownTools = ["rollup-plugin-sbom", "vite", "rollup"];

// register rollup if available
const rollupPkg = await getPackageJson(dirname(require.resolve("rollup")));
if (rollupPkg) {
const tool = builder.makeTool(rollupPkg);
tool && bom.metadata.tools.add(tool);
for (const pkgName of knownTools) {
await registerTool(pkgName);
}
}
22 changes: 14 additions & 8 deletions src/helpers.ts
Original file line number Diff line number Diff line change
Expand Up @@ -34,22 +34,28 @@ export async function getPackageJson(dir: string): Promise<Package> {
* getPackageRootFromModuleId(moduleId); // "/User/home/.pnpm/react-dom@18.2.0_react@18.2.0/node_modules/react-dom"
* ```
*/
export function getCorrespondingPackageFromModuleId(moduleId: string, traversalLimit = 10) {
if (!moduleId.includes("node_modules")) {
return Promise.resolve(null);
}

export async function getCorrespondingPackageFromModuleId(
modulePath: string,
traversalLimit = 10,
): Promise<Package | null> {
if (traversalLimit === 0) {
return Promise.resolve(null);
}

const folder = dirname(moduleId);
const folder = dirname(modulePath);
const potentialPackagePath = join(folder, "./package.json");

let pkgJson: Package | null = null;

if (existsSync(potentialPackagePath)) {
return getPackageJson(folder);
pkgJson = await getPackageJson(folder);
}

if (pkgJson !== null) {
return pkgJson;
}

return getCorrespondingPackageFromModuleId(join(folder, ".."), traversalLimit - 1);
return await getCorrespondingPackageFromModuleId(folder, traversalLimit - 1);
}

/**
Expand Down
7 changes: 6 additions & 1 deletion src/index.ts
Original file line number Diff line number Diff line change
Expand Up @@ -97,7 +97,12 @@ export default function rollupPluginSbom(userOptions?: RollupPluginSbomOptions):
async moduleParsed(moduleInfo) {
const nodeModuleImportedIds = moduleInfo.importedIds.filter((entry) => entry.includes("node_modules"));
const potentialComponents = await Promise.all(
nodeModuleImportedIds.map(getCorrespondingPackageFromModuleId),
nodeModuleImportedIds.map((moduleId) => {
if (!moduleId.includes("node_modules")) {
return Promise.resolve(null);
}
return getCorrespondingPackageFromModuleId(moduleId);
}),
);

// iterate over all imported unique modules and add them to the BOM
Expand Down

0 comments on commit 85d8daf

Please sign in to comment.