Merge pull request #298 from luotianqi777/fix_js

cyberchen1995 · web-flow · commit 8131d43274ca · 2024-07-04T16:12:39.000+08:00
fix: check out invalid npm components
diff --git a/opensca/sca/javascript/npm.go b/opensca/sca/javascript/npm.go
@@ -143,7 +143,11 @@ func ParsePackageJsonWithNode(pkgjson *PackageJson, nodeMap map[string]*PackageJ
 			subjs = npmOrigin(name, version)
 		}
 		if subjs == nil {
-			return nil
+			// 部分投毒组件会从官方库下架 这种构造一个虚拟的PacakgeJson保证检出
+			subjs = &PackageJson{
+				Name:    name,
+				Version: version,
+			}
 		}
 		var dep *model.DepGraph
 		if dev {

Original file line number	Diff line number	Diff line change
`@@ -143,7 +143,11 @@ func ParsePackageJsonWithNode(pkgjson PackageJson, nodeMap map[string]PackageJ`
`143`	`143`	`subjs = npmOrigin(name, version)`
`144`	`144`	`}`
`145`	`145`	`if subjs == nil {`
`146`		`- return nil`
	`146`	`+ // 部分投毒组件会从官方库下架这种构造一个虚拟的PacakgeJson保证检出`
	`147`	`+ subjs = &PackageJson{`
	`148`	`+ Name: name,`
	`149`	`+ Version: version,`
	`150`	`+ }`
`147`	`151`	`}`
`148`	`152`	`var dep *model.DepGraph`
`149`	`153`	`if dev {`