Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

errors+failures parsing package.json files #230

Closed
alfredodeza opened this issue Oct 20, 2020 · 2 comments · Fixed by #233
Closed

errors+failures parsing package.json files #230

alfredodeza opened this issue Oct 20, 2020 · 2 comments · Fixed by #233
Assignees
@Toure
Labels
bug Something isn't working

Comments

@alfredodeza
Copy link
Contributor

alfredodeza commented Oct 20, 2020
edited
Loading

What happened: syft failed to parse a container with NPM modules installed.

What you expected to happen: Correct marshaling of the Go struct is done

How to reproduce it (as minimally and precisely as possible):

$ syft -o json anchore/test_images:npm

Anything else we need to know?: Here is a subset of the errors:

[0003] ERROR cataloger 'javascript-package-cataloger' failed to parse entries (reference={id:3194 Path:/usr/lib/node_modules/npm/node_modules/execa/package.json}): failed to parse package.json file: json: cannot unmarshal object into Go struct field PackageJSON.author of type string
[0003] ERROR cataloger 'javascript-package-cataloger' failed to parse entries (reference={id:4863 Path:/usr/lib/node_modules/npm/node_modules/pacote/node_modules/minipass/package.json}): failed to parse package.json file: json: cannot unmarshal object into Go struct field PackageJSON.author of type string
[0003] ERROR cataloger 'javascript-package-cataloger' failed to parse entries (reference={id:3948 Path:/usr/lib/node_modules/npm/node_modules/json-schema/package.json}): failed to parse package.json file: json: cannot unmarshal object into Go struct field PackageJSON.author of type string
[0003] ERROR cataloger 'javascript-package-cataloger' failed to parse entries (reference={id:2527 Path:/usr/lib/node_modules/npm/node_modules/byte-size/package.json}): failed to parse package.json file: json: cannot unmarshal object into Go struct field PackageJSON.author of type string
[0003] ERROR cataloger 'javascript-package-cataloger' failed to parse entries (reference={id:5963 Path:/usr/lib/node_modules/npm/node_modules/validate-npm-package-license/package.json}): failed to parse package.json file: json: cannot unmarshal object into Go struct field PackageJSON.author of type string
[0003] ERROR cataloger 'javascript-package-cataloger' failed to parse entries (reference={id:2789 Path:/usr/lib/node_modules/npm/node_modules/config-chain/package.json}): failed to parse package.json file: json: cannot unmarshal object into Go struct field PackageJSON.author of type string
[0003] ERROR cataloger 'javascript-package-cataloger' failed to parse entries (reference={id:4936 Path:/usr/lib/node_modules/npm/node_modules/path-parse/package.json}): failed to parse package.json file: json: cannot unmarshal object into Go struct field PackageJSON.author of type string

Relevant NPM spec doc: https://docs.npmjs.com/files/package.json#people-fields-author-contributors

Environment:

  • Output of syft version: the current tip of main at bb14f3b
  • OS (e.g: cat /etc/os-release or similar): OSX but it shouldn't matter
@alfredodeza alfredodeza added the bug Something isn't working label Oct 20, 2020
@alfredodeza
Copy link
Contributor Author

I believe part of the problem is that "author" can be found in two places.... For example, this entry was correctly parsed by syft:

$  docker run anchore/test_images:npm cat /usr/lib/node_modules/npm/node_modules/function-bind/package.json
{
  "name": "function-bind",
  "version": "1.1.1",
  "description": "Implementation of Function.prototype.bind",
  "keywords": [
    "function",
    "bind",
    "shim",
    "es5"
  ],
  "author": "Raynos <raynos2@gmail.com>",
  "repository": "git://github.com/Raynos/function-bind.git",
  "main": "index",
  "homepage": "https://github.com/Raynos/function-bind",
  "contributors": [
    {
      "name": "Raynos"
    },
    {
      "name": "Jordan Harband",
      "url": "https://github.com/ljharb"
    }
  ],
  "bugs": {
    "url": "https://github.com/Raynos/function-bind/issues",
    "email": "raynos2@gmail.com"
  },
  "dependencies": {},
  "devDependencies": {
    "@ljharb/eslint-config": "^12.2.1",
    "covert": "^1.1.0",
    "eslint": "^4.5.0",
    "jscs": "^3.0.7",
    "tape": "^4.8.0"
  },
  "license": "MIT",
  "scripts": {
    "pretest": "npm run lint",
    "test": "npm run tests-only",
    "posttest": "npm run coverage -- --quiet",
    "tests-only": "node test",
    "coverage": "covert test/*.js",
    "lint": "npm run jscs && npm run eslint",
    "jscs": "jscs *.js */*.js",
    "eslint": "eslint *.js */*.js"
  },
  "testling": {
    "files": "test/index.js",
    "browsers": [
      "ie/8..latest",
      "firefox/16..latest",
      "firefox/nightly",
      "chrome/22..latest",
      "chrome/canary",
      "opera/12..latest",
      "opera/next",
      "safari/5.1..latest",
      "ipad/6.0..latest",
      "iphone/6.0..latest",
      "android-browser/4.2..latest"
    ]
  }

,"_resolved": "https://registry.npmjs.org/function-bind/-/function-bind-1.1.1.tgz"
,"_integrity": "sha512-yIovAzMX49sF8Yl58fSCWJ5svSLuaibPxXQJFLmBObTuCr0Mf1KiPopGM9NiFjiYBCbfaa2Fh6breQ6ANVTI0A=="
,"_from": "function-bind@1.1.1"
}%

But not this one:

 docker run anchore/test_images:npm cat /usr/lib/node_modules/npm/node_modules/execa/package.json
{
  "_from": "execa@^0.7.0",
  "_id": "execa@0.7.0",
  "_inBundle": false,
  "_integrity": "sha1-lEvs00zEHuMqY6n68nrVpl/Fl3c=",
  "_location": "/execa",
  "_phantomChildren": {},
  "_requested": {
    "type": "range",
    "registry": true,
    "raw": "execa@^0.7.0",
    "name": "execa",
    "escapedName": "execa",
    "rawSpec": "^0.7.0",
    "saveSpec": null,
    "fetchSpec": "^0.7.0"
  },
  "_requiredBy": [
    "/os-locale",
    "/term-size"
  ],
  "_resolved": "https://registry.npmjs.org/execa/-/execa-0.7.0.tgz",
  "_shasum": "944becd34cc41ee32a63a9faf27ad5a65fc59777",
  "_spec": "execa@^0.7.0",
  "_where": "/Users/rebecca/code/npm/node_modules/term-size",
  "author": {
    "name": "Sindre Sorhus",
    "email": "sindresorhus@gmail.com",
    "url": "sindresorhus.com"
  },
  "bugs": {
    "url": "https://github.com/sindresorhus/execa/issues"
  },
  "bundleDependencies": false,
  "dependencies": {
    "cross-spawn": "^5.0.1",
    "get-stream": "^3.0.0",
    "is-stream": "^1.1.0",
    "npm-run-path": "^2.0.0",
    "p-finally": "^1.0.0",
    "signal-exit": "^3.0.0",
    "strip-eof": "^1.0.0"
  },
  "deprecated": false,
  "description": "A better `child_process`",
  "devDependencies": {
    "ava": "*",
    "cat-names": "^1.0.2",
    "coveralls": "^2.11.9",
    "delay": "^2.0.0",
    "is-running": "^2.0.0",
    "nyc": "^11.0.2",
    "tempfile": "^2.0.0",
    "xo": "*"
  },
  "engines": {
    "node": ">=4"
  },
  "files": [
    "index.js",
    "lib"
  ],
  "homepage": "https://github.com/sindresorhus/execa#readme",
  "keywords": [
    "exec",
    "child",
    "process",
    "execute",
    "fork",
    "execfile",
    "spawn",
    "file",
    "shell",
    "bin",
    "binary",
    "binaries",
    "npm",
    "path",
    "local"
  ],
  "license": "MIT",
  "maintainers": [
    {
      "name": "James Talmage",
      "email": "james@talmage.io",
      "url": "github.com/jamestalmage"
    }
  ],
  "name": "execa",
  "nyc": {
    "reporter": [
      "text",
      "lcov"
    ],
    "exclude": [
      "**/fixtures/**",
      "**/test.js",
      "**/test/**"
    ]
  },
  "repository": {
    "type": "git",
    "url": "git+https://github.com/sindresorhus/execa.git"
  },
  "scripts": {
    "test": "xo && nyc ava"
  },
  "version": "0.7.0"
}

@wagoodman
Copy link
Contributor

Good find @alfredodeza

@Toure Toure self-assigned this Oct 20, 2020
@alfredodeza alfredodeza mentioned this issue Oct 20, 2020
Closed
Toure pushed a commit that referenced this issue Oct 21, 2020
Fix for errors+failures parsing package.json
d1507ad 
closes: #230

Signed-off-by: Toure Dunnon <toure.dunnon@anchore.com>
Toure pushed a commit that referenced this issue Oct 21, 2020
Fix for errors+failures parsing package.json
5b08616 
closes: #230

Signed-off-by: Toure Dunnon <toure.dunnon@anchore.com>
@Toure Toure mentioned this issue Oct 21, 2020
Merged
Toure pushed a commit that referenced this issue Oct 22, 2020
@Toure
Fix for errors+failures parsing package.json
15379d1 
closes: #230

Signed-off-by: Toure Dunnon <toure.dunnon@anchore.com>
GijsCalis pushed a commit to GijsCalis/syft that referenced this issue Feb 19, 2024
Fix for errors+failures parsing package.json
d3b8ee7 
closes: anchore#230

Signed-off-by: Toure Dunnon <toure.dunnon@anchore.com>
GijsCalis pushed a commit to GijsCalis/syft that referenced this issue Feb 19, 2024
@Toure
Fix for errors+failures parsing package.json
64ee6a0 
closes: anchore#230

Signed-off-by: Toure Dunnon <toure.dunnon@anchore.com>
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees

@Toure Toure

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Javascript parser fix author anchore/syft
3 participants
@Toure @alfredodeza @wagoodman