2.1 KiB
2.1 KiB
Yarn PnP Cache Package Parsing
Module
Scanner
Status
IMPLEMENTED
Description
Parses Yarn Plug'n'Play cache files (.pnp.cjs, .pnp.data.json) to discover installed packages in zero-install Yarn workspaces where traditional node_modules directories do not exist.
Implementation Details
- PnP Data Parser:
src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node/Internal/YarnPnpData.cs-YarnPnpDatamodel parsing .pnp.data.json files containing the Yarn PnP package resolution mapsrc/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node/Internal/NodePnpDataLoader.cs-NodePnpDataLoaderloading and parsing PnP data files (.pnp.cjs, .pnp.data.json)
- Package Collection:
src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node/Internal/NodePackageCollector.cs-NodePackageCollectorcollecting packages from PnP resolution datasrc/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node/Internal/NodePackage.cs-NodePackagemodel for collected packagessrc/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node/Internal/NodeInputNormalizer.cs-NodeInputNormalizernormalizing PnP package references
- Tests:
src/Scanner/__Tests/StellaOps.Scanner.Analyzers.Lang.Node.Tests/Internal/YarnPnpDataTests.cs- PnP data parsing testssrc/Scanner/__Tests/StellaOps.Scanner.Analyzers.Lang.Node.Tests/Node/NodeLanguageAnalyzerTests.cs- Language analyzer integration testssrc/Scanner/__Tests/StellaOps.Scanner.Analyzers.Lang.Node.Tests/Node/NodePackageCollectorTraversalTests.cs- Package collector traversal tests
E2E Test Plan
- Scan a container image with a Yarn Berry zero-install workspace and verify packages are discovered from .pnp.cjs/.pnp.data.json
- Verify all packages in the PnP resolution map are collected with correct names and versions
- Verify the parser handles nested workspaces with multiple .pnp.data.json files
- Verify the analyzer falls back to traditional node_modules scanning when PnP files are not present
- Verify PnP package references are correctly normalized to standard npm package identifiers