Implement npm lock file v2 support
What does this MR do?
Implement npm lockfile v2 support
When parsing lockfile v2, package information is extracted from the new packages
JSON field. The keys packages
(map) are the paths to the packages, like x/node_modules/y/node_modules/z
. The parser extracts the local path, like z
in this case. packages
contains all package versions, so there's no recursion in the case of lockfile v2.
fixtures/big-lockfile-v2
was created by converting fixtures/big
to lock file version v2, using npm 7. The packages returned by the parser are exactly the same.
What are the relevant issue numbers?
gitlab-org/gitlab#273651 (closed)
Does this MR meet the acceptance criteria?
-
Changelog entry added -
Documentation created/updated for GitLab EE, if necessary -
Documentation created/updated for this project, if necessary -
Documentation reviewed by technical writer or follow-up review issue created -
Tests added for this feature/bug -
Job definition updated, if necessary -
Conforms to the code review guidelines -
Conforms to the Go guidelines -
Security reports checked/validated by reviewer
Edited by Fabien Catteau