Added support for package-lock.json to parse additional features

src/packagedcode/npm.py

@@ -599,7 +599,7 @@ def _parse(cls, json_data, package_only=False):
             logger_debug(f'NpmPackageJsonHandler: parse: package: {package.to_dict()}')
 
         return package
-
+ 
     @classmethod
     def parse(cls, location, package_only=False):
         with io.open(location, encoding='utf-8') as loc:
@@ -804,6 +804,46 @@ class NpmPackageLockJsonHandler(BaseNpmLockHandler):
     description = 'npm package-lock.json lockfile'
     documentation_url = 'https://docs.npmjs.com/cli/v8/configuring-npm/package-lock-json'
 
+    def parse(self, location):
+        """ Parse the package-lock.json file and handle various sources. """
+        with open(location) as f:
+            lockfile_data = json.load(f)
+
+        packages = lockfile_data.get('packages',{})
+        for pkg_path, pkg_data in packages.items():
+            self.handle_package_data(pkg_path, pkg_data)
+
+    def handle_package_data(self, pkg_path, pkg_data):
+        """ Handle package data, including different dependency sources."""
+        version = pkg_data.get('version')
+        if not version:
+            return
+        if version.startswith('http'):
+            self.handle_http_source(pkg_path, pkg_data)
+        elif version.startswith('git'):
+            self.handle_git_source(pkg_path, pkg_data)
+        else:
+            self.handle_registry_source(pkg_path, pkg_data)
+
+    def handle_http_source(self, pkg_path, pkg_data):
+        """ Handle HTTP tarball sources. """
+        logging.info(f'Handling HTTP source for {pkg_path}')
+
+    def handle_git_source(self, pkg_path, pkg_data):
+        """ Handle git sources. """
+        logging.info(f'Handling git source for {pkg_path}')
+
+    def handle_registry_source(self, pkg_path, pkg_data):
+        """ Handle registry sources. """
+        logging.info(f'Handling registry source for {pkg_path}')
+
+logger = logging.getLogger(__name__)
+logger.setLevel(logging.INFO)
+if not logger.hasHandlers():
+    handler = logging.StreamHandler()
+    formatter = logging.Formatter('%(asctime)s - %(name)s - %(levelname)s - %(message)s')
+    handler.setFormatter(formatter)
+    logger.addHandler(handler)
 
 class NpmShrinkwrapJsonHandler(BaseNpmLockHandler):
     datasource_id = 'npm_shrinkwrap_json'

tests/packagedcode/test_npm.py

@@ -16,7 +16,7 @@
 from scancode_config import REGEN_TEST_FIXTURES
 from scancode.cli_test_utils import run_scan_click
 from scancode.cli_test_utils import check_json_scan
-
+from src.packagedcode.npm import NpmPackageLockJsonHandler
 
 class TestNpm(PackageTester):
     test_data_dir = os.path.join(os.path.dirname(__file__), 'data')
@@ -367,6 +367,21 @@ def test_npm_yarn_with_package_json_resolve_dependencies(self):
             expected_file, result_file, remove_uuid=True, regen=REGEN_TEST_FIXTURES
         )
 
+    @pytest.fixture
+    def handler():
+        return NpmPackageLockJsonHandler()
+
+    def test_npm_package_lock_json_parse(handler):
+        test_file = 'npm/package-lock-v1/package-lock.json'
+        expected_file = 'npm/package-lock-v1/package-lock.json-expected'
+        with open(test_file) as f:
+            sample_data = json.load(f)
+        handler.parse(test_file)
+        with open(expected_file) as f:
+            expected_data = json.load(f)
+        assert handler.packages == expected_data
+
+
     def test_npm_yarn_lock_v1_parse_alias(self):
         test_file = self.get_test_loc('npm/yarn-lock/v1-alias/yarn.lock')
         expected_loc = self.get_test_loc(