From 75eda005b04db044c98582e77218643f408d4bb7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=EC=84=9D=EC=A7=80=EC=98=81/=EC=B1=85=EC=9E=84=EC=97=B0?= =?UTF-8?q?=EA=B5=AC=EC=9B=90/SW=EA=B3=B5=ED=95=99=28=EC=97=B0=29Open=20So?= =?UTF-8?q?urce=20TP?= Date: Fri, 11 Jul 2025 16:19:25 +0900 Subject: [PATCH] Replace npm package with registry.npmjs.org API MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 석지영/책임연구원/SW공학(연)Open Source TP --- requirements.txt | 1 - src/fosslight_util/_get_downloadable_url.py | 19 +++++++++++-------- 2 files changed, 11 insertions(+), 9 deletions(-) diff --git a/requirements.txt b/requirements.txt index 6721049..36a0e0b 100644 --- a/requirements.txt +++ b/requirements.txt @@ -12,7 +12,6 @@ spdx-tools==0.8.*;sys_platform=="linux" setuptools>=65.5.1 # not directly required, pinned by Snyk to avoid a vulnerability numpy; python_version < '3.8' numpy>=1.22.2; python_version >= '3.8' -npm requests GitPython cyclonedx-python-lib==8.5.*;sys_platform=="linux" diff --git a/src/fosslight_util/_get_downloadable_url.py b/src/fosslight_util/_get_downloadable_url.py index d23007c..a212a39 100755 --- a/src/fosslight_util/_get_downloadable_url.py +++ b/src/fosslight_util/_get_downloadable_url.py @@ -5,7 +5,6 @@ import logging import re import requests -from npm.bindings import npm_run from lastversion import latest from bs4 import BeautifulSoup from urllib.request import urlopen @@ -66,10 +65,11 @@ def get_latest_package_version(link, pkg_type, oss_name): try: if pkg_type in ['npm', 'npm2']: - stderr, stdout = npm_run('view', oss_name, 'version') - if stdout: - find_version = stdout.strip() - link_with_version = f'https://www.npmjs.com/package/{oss_name}/v/{find_version}' + npm_response = requests.get(f"https://registry.npmjs.org/{oss_name}") + if npm_response.status_code == 200: + find_version = npm_response.json().get("dist-tags", {}).get("latest") + if find_version: + link_with_version = f'https://www.npmjs.com/package/{oss_name}/v/{find_version}' elif pkg_type == 'pypi': find_version = str(latest(oss_name, at='pip', output_format='version', pre_ok=True)) link_with_version = f'https://pypi.org/project/{oss_name}/{find_version}' @@ -78,17 +78,20 @@ def get_latest_package_version(link, pkg_type, oss_name): if maven_response.status_code == 200: find_version = maven_response.json().get('versions')[-1].get('versionKey').get('version') oss_name = oss_name.replace(':', '/') - link_with_version = f'https://mvnrepository.com/artifact/{oss_name}/{find_version}' + if find_version: + link_with_version = f'https://mvnrepository.com/artifact/{oss_name}/{find_version}' elif pkg_type == 'pub': pub_response = requests.get(f'https://pub.dev/api/packages/{oss_name}') if pub_response.status_code == 200: find_version = pub_response.json().get('latest').get('version') - link_with_version = f'https://pub.dev/packages/{oss_name}/versions/{find_version}' + if find_version: + link_with_version = f'https://pub.dev/packages/{oss_name}/versions/{find_version}' elif pkg_type == 'go': go_response = requests.get(f'https://proxy.golang.org/{oss_name}/@latest') if go_response.status_code == 200: find_version = go_response.json().get('Version') - link_with_version = f'https://pkg.go.dev/{oss_name}@{find_version}' + if find_version: + link_with_version = f'https://pkg.go.dev/{oss_name}@{find_version}' except Exception as e: logger.info(f'Fail to get latest package version({link}:{e})') return find_version, link_with_version