Scan npm package.json files directly from the source directory

JohT · JohT · commit 064d92b81ea6 · 2024-08-05T20:54:19.000+02:00
diff --git a/scripts/copyPackageJsonFiles.sh b/scripts/copyPackageJsonFiles.sh
diff --git a/scripts/resetAndScan.sh b/scripts/resetAndScan.sh
@@ -17,6 +17,7 @@ JQASSISTANT_CONFIG_TEMPLATE=${JQASSISTANT_CONFIG_TEMPLATE:-"template-neo4jv5-jqa
 NEO4J_INITIAL_PASSWORD=${NEO4J_INITIAL_PASSWORD:-""} # Neo4j login password that was set to replace the temporary initial password
 ARTIFACTS_DIRECTORY=${ARTIFACTS_DIRECTORY:-"artifacts"} # Directory with the Java artifacts to scan and analyze
 TOOLS_DIRECTORY=${TOOLS_DIRECTORY:-"tools"} # Get the tools directory (defaults to "tools")
+SOURCE_DIRECTORY=${SOURCE_DIRECTORY:-"source"} # Get the source repository directory (defaults to "source")
 
 ## Get this "scripts" directory if not already set
 # Even if $BASH_SOURCE is made for Bourne-like shells it is also supported by others and therefore here the preferred solution. 
@@ -68,16 +69,26 @@ if [ -d "${ARTIFACTS_DIRECTORY}" ] ; then
     directoriesAndFilesToScan="${directoriesAndFilesToScan},./${ARTIFACTS_DIRECTORY}"
 fi
 
-# Scan Typescript analysis json data files in the artifacts/typescript directory
-typescriptAnalysisFiles="$(find . -type f -path "*/.reports/jqa/ts-output.json" -exec echo typescript:project::{} \; | tr '\n' ',' | sed 's/,$/\n/')"
-if [ -n "${typescriptAnalysisFiles}" ]; then
-    directoriesAndFilesToScan="${directoriesAndFilesToScan},${typescriptAnalysisFiles}"
+if [ -d "${SOURCE_DIRECTORY}" ] ; then
+    # Scan Typescript analysis json data files in the source directory
+    typescriptAnalysisFiles="$(find "${SOURCE_DIRECTORY}" -type f -path "*/.reports/jqa/ts-output.json" -exec echo typescript:project::{} \; | tr '\n' ',' | sed 's/,$/\n/')"
+    if [ -n "${typescriptAnalysisFiles}" ]; then
+        directoriesAndFilesToScan="${directoriesAndFilesToScan},${typescriptAnalysisFiles}"
+    fi
+    # Scan package.json files for npm (nodes package manager) in the source directory
+    npmPackageJsonFiles="$(find "${SOURCE_DIRECTORY}" -type d -name node_modules -prune -o -name 'package.json' -print0 | xargs -0 -r -I {} | tr '\n' ',' | sed 's/,$/\n/')"
+    if [ -n "${npmPackageJsonFiles}" ]; then
+        directoriesAndFilesToScan="${directoriesAndFilesToScan},${npmPackageJsonFiles}"
+    fi
 fi
 
 # ------------------------------------------------------------------
 
 # Use jQAssistant to scan the downloaded artifacts and write the results into the separate, local Neo4j Graph Database
-echo "resetAndScan: Using jQAssistant CLI version ${JQASSISTANT_CLI_VERSION} to scan: ${directoriesAndFilesToScan}"
+echo "resetAndScan: Using jQAssistant CLI version ${JQASSISTANT_CLI_VERSION} to scan the following files and directories:"
+for directoryOrFileToScan in ${directoriesAndFilesToScan//,/ }; do
+    echo " - ${directoryOrFileToScan}"
+done
 
 "${JQASSISTANT_BIN}"/jqassistant.sh scan -f "${directoriesAndFilesToScan}"
 
diff --git a/scripts/resetAndScanChanged.sh b/scripts/resetAndScanChanged.sh
@@ -4,7 +4,7 @@
 
 # Note: "resetAndScan" expects jQAssistant to be installed in the "tools" directory.
 
-# Requires resetAndScan.sh, copyPackageJsonFiles.sh
+# Requires resetAndScan.sh
 
 # Fail on any error ("-e" = exit on first error, "-o pipefail" exist on errors within piped commands)
 set -o errexit -o pipefail
@@ -16,9 +16,6 @@ set -o errexit -o pipefail
 SCRIPTS_DIR=${SCRIPTS_DIR:-$( CDPATH=. cd -- "$(dirname -- "${BASH_SOURCE[0]}")" && pwd -P )} # Repository directory containing the shell scripts
 echo "resetAndScanChanged SCRIPTS_DIR=${SCRIPTS_DIR}"
 
-# Prepare scan
-source "${SCRIPTS_DIR}/copyPackageJsonFiles.sh"
-
 # Scan and analyze Artifacts when they were changed
 changeDetectionReturnCode=$( source "${SCRIPTS_DIR}/detectChangedArtifacts.sh" --readonly)
 if [[ "${changeDetectionReturnCode}" == "0" ]] ; then
