Npm: Do not fail hard if enriching incomplete data from the NPM regis…

…try fails

This allows to handle packages that were never published to the NPM
registry but only ever referenced by (short) repository URL.

Fixes #5632.

Signed-off-by: Sebastian Schuberth <sschuberth@gmail.com>

analyzer/src/funTest/assets/projects/synthetic/npm-version-urls-expected-output.yml

@@ -20,6 +20,7 @@ project:
   scopes:
   - name: "dependencies"
     dependencies:
+    - id: "NPM::angular-tileview:0.6.1"
     - id: "NPM::is-win:1.0.8"
     - id: "NPM::is-windows:1.0.2"
   - name: "devDependencies"
@@ -636,6 +637,34 @@ project:
         dependencies:
         - id: "NPM::has-flag:3.0.0"
 packages:
+- id: "NPM::angular-tileview:0.6.1"
+  purl: "pkg:npm/angular-tileview@0.6.1"
+  declared_licenses:
+  - "MIT"
+  declared_licenses_processed:
+    spdx_expression: "MIT"
+  description: "A tileview for angular"
+  homepage_url: "https://github.com/tinydesk/angular-tileview#readme"
+  binary_artifact:
+    url: ""
+    hash:
+      value: ""
+      algorithm: ""
+  source_artifact:
+    url: ""
+    hash:
+      value: ""
+      algorithm: ""
+  vcs:
+    type: "Git"
+    url: "git+https://github.com/tinydesk/angular-tileview.git"
+    revision: ""
+    path: ""
+  vcs_processed:
+    type: "Git"
+    url: "https://github.com/tinydesk/angular-tileview.git"
+    revision: ""
+    path: ""
 - id: "NPM::ansi-green:0.1.1"
   purl: "pkg:npm/ansi-green@0.1.1"
   authors:

analyzer/src/funTest/assets/projects/synthetic/npm-version-urls/package.json

@@ -8,6 +8,7 @@
   },
   "license": "Apache-2.0",
   "dependencies": {
+    "angular-tileview": "github:tinydesk/angular-tileview",
     "is-win": "https://registry.npmjs.org/is-win/-/is-win-1.0.8.tgz",
     "is-windows": "https://github.com/jonschlinkert/is-windows/archive/1.0.2.tar.gz"
   },

analyzer/src/main/kotlin/managers/Npm.kt

@@ -74,6 +74,7 @@ import org.ossreviewtoolkit.model.utils.DependencyGraphBuilder
 import org.ossreviewtoolkit.utils.common.CommandLineTool
 import org.ossreviewtoolkit.utils.common.Os
 import org.ossreviewtoolkit.utils.common.ProcessCapture
+import org.ossreviewtoolkit.utils.common.collectMessages
 import org.ossreviewtoolkit.utils.common.fieldNamesOrEmpty
 import org.ossreviewtoolkit.utils.common.isSymbolicLink
 import org.ossreviewtoolkit.utils.common.realFile
@@ -308,19 +309,23 @@ open class Npm(
                     || hash == Hash.NONE || vcsFromPackage == VcsInfo.EMPTY
 
             if (hasIncompleteData) {
-                val details = getRemotePackageDetails(workingDir, "$rawName@$version")
-
-                if (description.isEmpty()) description = details["description"].textValueOrEmpty()
-                if (homepageUrl.isEmpty()) homepageUrl = details["homepage"].textValueOrEmpty()
-
-                details["dist"]?.let { dist ->
-                    if (downloadUrl.isEmpty() || hash == Hash.NONE) {
-                        downloadUrl = dist["tarball"].textValueOrEmpty()
-                        hash = Hash.create(dist["shasum"].textValueOrEmpty())
+                runCatching {
+                    getRemotePackageDetails(workingDir, "$rawName@$version")
+                }.onSuccess { details ->
+                    if (description.isEmpty()) description = details["description"].textValueOrEmpty()
+                    if (homepageUrl.isEmpty()) homepageUrl = details["homepage"].textValueOrEmpty()
+
+                    details["dist"]?.let { dist ->
+                        if (downloadUrl.isEmpty() || hash == Hash.NONE) {
+                            downloadUrl = dist["tarball"].textValueOrEmpty()
+                            hash = Hash.create(dist["shasum"].textValueOrEmpty())
+                        }
                     }
-                }
 
-                vcsFromPackage = parseNpmVcsInfo(details)
+                    vcsFromPackage = parseNpmVcsInfo(details)
+                }.onFailure { e ->
+                    logger.debug { "Unable to get package details from a remote registry: ${e.collectMessages()}" }
+                }
             }
         }