Merge pull request #25 from snyk/feat/record-pkg-id-provenance

feat: record pkg id provenance
snyk · Dec 18, 2024 · 5bbc02b · 5bbc02b
2 parents 3127cca + eedda99
commit 5bbc02b
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 7 deletions.
diff --git a/lib/poetry-dep-graph-builder.ts b/lib/poetry-dep-graph-builder.ts
@@ -12,6 +12,12 @@ const IGNORED_DEPENDENCIES: string[] = [
   'wheel',
 ];
 
+export interface Labels {
+  [key: string]: string | undefined;
+  scope?: 'dev' | 'prod';
+  pruned?: 'cyclic' | 'true';
+}
+
 export function build(
   pkgDetails: PkgInfo,
   dependencies: Dependency[],
@@ -53,9 +59,15 @@ function addDependenciesForPkg(
   }
 
   const pkgInfo: PkgInfo = { name: pkg.name, version: pkg.version };
+  const labels: Labels = {
+    scope: dependency.isDev ? 'dev' : 'prod',
+  };
+  if (pkg.name != pkgName) {
+    labels.pkgIdProvenance = pkgName;
+  }
   builder
     .addPkgNode(pkgInfo, pkg.name, {
-      labels: { scope: dependency.isDev ? 'dev' : 'prod' },
+      labels,
     })
     .connectDep(parentNodeId, pkg.name);
   addDependenciesToGraph(

diff --git a/test/fixtures/index.test.ts b/test/fixtures/index.test.ts
@@ -45,7 +45,7 @@ describe('buildDepGraph', () => {
       })
       .connectDep(depGraphBuilder.rootNodeId, 'jinja2')
       .addPkgNode({ name: 'markupsafe', version: '1.1.1' }, 'markupsafe', {
-        labels: { scope: 'prod' },
+        labels: { scope: 'prod', pkgIdProvenance: 'MarkupSafe' },
       })
       .connectDep('jinja2', 'markupsafe')
       .build();
@@ -68,7 +68,7 @@ describe('buildDepGraph', () => {
         })
         .connectDep(depGraphBuilder.rootNodeId, 'six')
         .addPkgNode({ name: 'isodd', version: '0.1.2' }, 'isodd', {
-          labels: { scope: 'dev' },
+          labels: { scope: 'dev', pkgIdProvenance: 'isOdd' },
         })
         .connectDep(depGraphBuilder.rootNodeId, 'isodd')
         .build();
@@ -108,7 +108,7 @@ describe('buildDepGraph', () => {
         })
         .connectDep(depGraphBuilder.rootNodeId, 'six')
         .addPkgNode({ name: 'isodd', version: '0.1.2' }, 'isodd', {
-          labels: { scope: 'dev' },
+          labels: { scope: 'dev', pkgIdProvenance: 'isOdd' },
         })
         .connectDep(depGraphBuilder.rootNodeId, 'isodd')
         .build();
@@ -148,7 +148,7 @@ describe('buildDepGraph', () => {
         })
         .connectDep(depGraphBuilder.rootNodeId, 'six')
         .addPkgNode({ name: 'isodd', version: '0.1.2' }, 'isodd', {
-          labels: { scope: 'dev' },
+          labels: { scope: 'dev', pkgIdProvenance: 'isOdd' },
         })
         .connectDep(depGraphBuilder.rootNodeId, 'isodd')
         .addPkgNode({ name: 'simple-enum', version: '0.0.6' }, 'simple-enum', {
@@ -192,15 +192,15 @@ describe('buildDepGraph', () => {
         })
         .connectDep(depGraphBuilder.rootNodeId, 'six')
         .addPkgNode({ name: 'isodd', version: '0.1.2' }, 'isodd', {
-          labels: { scope: 'dev' },
+          labels: { scope: 'dev', pkgIdProvenance: 'isOdd' },
         })
         .connectDep(depGraphBuilder.rootNodeId, 'isodd')
         .addPkgNode({ name: 'simple-enum', version: '0.0.6' }, 'simple-enum', {
           labels: { scope: 'dev' },
         })
         .connectDep(depGraphBuilder.rootNodeId, 'simple-enum')
         .addPkgNode({ name: 'whattype', version: '0.0.1' }, 'whattype', {
-          labels: { scope: 'dev' },
+          labels: { scope: 'dev', pkgIdProvenance: 'whatType' },
         })
         .connectDep(depGraphBuilder.rootNodeId, 'whattype')
         .build();