Package Name Normalization Service

Module

Scanner

Status

VERIFIED

Description

Cross-ecosystem package name normalization service handling aliases between package managers (apt/dpkg, pip eggs/wheels/PyPI, npm scoped/unscoped, Go module/package paths). Uses a JSON alias map with 326 lines of known aliases and provides file-hash fingerprint fallback for unresolvable packages.

Implementation Details

Normalization Service:
- src/Scanner/__Libraries/StellaOps.Scanner.Core/Normalization/IPackageNameNormalizer.cs - IPackageNameNormalizer interface for cross-ecosystem package name normalization
- src/Scanner/__Libraries/StellaOps.Scanner.Core/Normalization/PackageNameNormalizer.cs - PackageNameNormalizer handles aliases between package managers (apt/dpkg, pip eggs/wheels/PyPI, npm scoped/unscoped, Go module/package paths), using a JSON alias map and file-hash fingerprint fallback
DI Registration: src/Scanner/__Libraries/StellaOps.Scanner.Core/Normalization/NormalizationServiceCollectionExtensions.cs

E2E Test Plan

Normalize an apt package name and verify it maps to the correct dpkg equivalent
Normalize a pip egg/wheel package name and verify it maps to the canonical PyPI name
Normalize an npm scoped package and verify correct normalization (e.g., @scope/package)
Normalize a Go module path and verify package path aliasing works correctly
Verify the JSON alias map resolves known cross-ecosystem aliases (e.g., libssl-dev to openssl)
Verify the file-hash fingerprint fallback produces a consistent identifier for unresolvable packages

Verification

Check	Result
Tier 0 - Source files exist	PASS
Tier 1 - Build + code review	PASS
Tier 2 - Integration tests	PASS
Verified	2026-02-13T18:10:00Z

1.8 KiB Raw Blame History