stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
cf5b72974f923126944f4dcd47e85864ebb31a3b
git.stella-ops.org/docs/features/unchecked/scanner/yarn-pnp-cache-package-parsing.md

31 lines
2.1 KiB
Markdown
Raw Blame History

# Yarn PnP Cache Package Parsing
## Module
Scanner
## Status
IMPLEMENTED
## Description
Parses Yarn Plug'n'Play cache files (.pnp.cjs, .pnp.data.json) to discover installed packages in zero-install Yarn workspaces where traditional node_modules directories do not exist.
## Implementation Details
- **PnP Data Parser**:
- `src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node/Internal/YarnPnpData.cs` - `YarnPnpData` model parsing .pnp.data.json files containing the Yarn PnP package resolution map
- `src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node/Internal/NodePnpDataLoader.cs` - `NodePnpDataLoader` loading and parsing PnP data files (.pnp.cjs, .pnp.data.json)
- **Package Collection**:
- `src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node/Internal/NodePackageCollector.cs` - `NodePackageCollector` collecting packages from PnP resolution data
- `src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node/Internal/NodePackage.cs` - `NodePackage` model for collected packages
- `src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Node/Internal/NodeInputNormalizer.cs` - `NodeInputNormalizer` normalizing PnP package references
- **Tests**:
- `src/Scanner/__Tests/StellaOps.Scanner.Analyzers.Lang.Node.Tests/Internal/YarnPnpDataTests.cs` - PnP data parsing tests
- `src/Scanner/__Tests/StellaOps.Scanner.Analyzers.Lang.Node.Tests/Node/NodeLanguageAnalyzerTests.cs` - Language analyzer integration tests
- `src/Scanner/__Tests/StellaOps.Scanner.Analyzers.Lang.Node.Tests/Node/NodePackageCollectorTraversalTests.cs` - Package collector traversal tests
## E2E Test Plan
- [ ] Scan a container image with a Yarn Berry zero-install workspace and verify packages are discovered from .pnp.cjs/.pnp.data.json
- [ ] Verify all packages in the PnP resolution map are collected with correct names and versions
- [ ] Verify the parser handles nested workspaces with multiple .pnp.data.json files
- [ ] Verify the analyzer falls back to traditional node_modules scanning when PnP files are not present
- [ ] Verify PnP package references are correctly normalized to standard npm package identifiers
Reference in New Issue View Git Blame Copy Permalink