Removed the check for lockfile version 3 since it's now supported by Veracode SCA

Author: dub-flow

main.go

@@ -18,7 +18,6 @@ import (
 
 var doesSCAFileExist bool = false
 var doesMapFileExist bool = false
-var usesLockfileVersion3 bool = false
 
 func main() {
 	// parse all the command line flags
@@ -123,12 +122,6 @@ func checkForPotentialSmells(source string) {
 				if strings.HasSuffix(path, ".map") {
 					doesMapFileExist = true
 				}
-
-				// currently (as of Feb 2023), Veracode SCA does not support the new lockfile format version 3 of NPM. Thus, we look for this here
-				// and notify if version 3 is found
-				if strings.HasSuffix(path, "package-lock.json") && !usesLockfileVersion3 {
-					usesLockfileVersion3 = UsesLockfileVersion3(path)
-				}
 			}
 		}
 
@@ -148,14 +141,6 @@ func checkForPotentialSmells(source string) {
 		log.Warn("\tThe 1st party code contains `.map` files outside of `/build`, `/dist` or `/public` (which indicates minified JavaScript)...")
 		log.Warn("\tPlease pass a directory to this tool that contains the unminified/unbundled/unconcatenated JavaScript (or TypeScript)")
 	}
-
-	if usesLockfileVersion3 {
-		log.Error("Veracode SCA does currently not support Lockfile Version 3. This means you will not get SCA results unless you" +
-			" downgrade your `package-lock.json` to version 2!")
-		log.Error("To achieve this, please run `npm install --lockfile 2`")
-	} else {
-		log.Info("The `package-lock.json` uses a supported lockfile version (version 3 is currently not supported)")
-	}
 }
 
 func zipSource(source string, target string, testsPath string) error {

main_test.go

@@ -6,7 +6,6 @@ import (
 	"reflect"
 	"regexp"
 	"sort"
-	"strconv"
 
 	"testing"
 
@@ -221,49 +220,6 @@ func TestZipSourceWithAngularSample(t *testing.T) {
 	log.Info("---------- Finished Test: TestZipSourceWithAngularSample ----------\n\n")
 }
 
-// Unit test for `UsesLockfileVersion3()` with a lock file that uses version 3 (`./sample-projects/lockfile-v3-test/package-lock.json`)
-func TestUsesLockfileVersion3(t *testing.T) {
-	expected := true
-	pathToLockFile := "." + string(os.PathSeparator) + "sample-projects" + string(os.PathSeparator) + "lockfile-v3-test" +
-		string(os.PathSeparator) + "package-lock.json"
-	usesLockFileV3 := UsesLockfileVersion3(pathToLockFile)
-
-	if !usesLockFileV3 {
-		t.Error("Test failed!")
-		t.Errorf("Got: %v", strconv.FormatBool(usesLockFileV3))
-		t.Errorf("Expected: %v", strconv.FormatBool(expected))
-	}
-}
-
-// Unit test for `UsesLockfileVersion3()` with a lock file that does not use version 3 (`./sample-projects/sample-node-project/package-lock.json`)
-func TestDoesNotUseLockfileVersion3(t *testing.T) {
-	expected := false
-	pathToLockFile := "." + string(os.PathSeparator) + "sample-projects" + string(os.PathSeparator) + "sample-node-project" +
-		string(os.PathSeparator) + "package-lock.json"
-	usesLockFileV3 := UsesLockfileVersion3(pathToLockFile)
-
-	if usesLockFileV3 {
-		t.Error("Test failed!")
-		t.Errorf("Got: %v", strconv.FormatBool(usesLockFileV3))
-		t.Errorf("Expected: %v", strconv.FormatBool(expected))
-	}
-}
-
-// Integration test for the logic to identify lockfile version 3 with `./sample-projects/lockfile-v3-test`
-func TestLockfileV3Integrationtest(t *testing.T) {
-	sourcePath := "." + string(os.PathSeparator) + "sample-projects" + string(os.PathSeparator) + "lockfile-v3-test"
-
-	// generate the zip file and return a list of all its file names
-	checkForPotentialSmells(sourcePath)
-
-	// check if the global `usesLockfileVersion3` is true
-	if !usesLockfileVersion3 {
-		t.Error("Test failed! It uses lockfile version 3 but this is not identified")
-		t.Errorf("Got: %v", strconv.FormatBool(usesLockfileVersion3))
-		t.Errorf("Expected: %v", strconv.FormatBool(true))
-	}
-}
-
 func generateZipAndReturnItsFiles(sourcePath string, targetPath string, testsPath string) []string {
 	// generate the zip file, and omit all non-required files
 	if err := zipSource(sourcePath, targetPath, testsPath); err != nil {

utils.go

@@ -1,7 +1,6 @@
 package main
 
 import (
-	"encoding/json"
 	"os"
 	"strings"
 
@@ -429,18 +428,3 @@ func IsMiscNotRequiredFile(path string) bool {
 
 	return false
 }
-
-func UsesLockfileVersion3(path string) bool {
-	log.Info("Looking at the `package-lock.json` file to identify the lockfile version")
-
-	packageLockFile, err := os.ReadFile(path)
-	if err != nil {
-		log.Error(err)
-	}
-
-	// parsing the lockfile to JSON and check if version 3 is used
-	var lockfile map[string]interface{}
-	json.Unmarshal([]byte(packageLockFile), &lockfile)
-
-	return lockfile["lockfileVersion"].(float64) == 3
-}