Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Analyzing DOS fails the DependencyGraphBuilder with "The following references do not actually refer to packages" #9699

Open
sschuberth opened this issue Jan 7, 2025 · 1 comment
Open

Analyzing DOS fails the DependencyGraphBuilder with "The following references do not actually refer to packages" #9699

sschuberth opened this issue Jan 7, 2025 · 1 comment
Assignees
@sschuberth
Labels
analyzer About the analyzer tool bug Issues that are considered to be bugs

Comments

@sschuberth
Copy link
Member

sschuberth commented Jan 7, 2025
edited
Loading

Running NPM analysis on https://github.com/doubleopen-project/dos fails with

Exception in thread "main" java.lang.IllegalArgumentException: The following references do not actually refer to packages: [Identifier(type=NPM, namespace=, name=database, version=), Identifier(type=NPM, namespace=, name=s3-helpers, version=), Identifier(type=NPM, namespace=, name=spdx-validation, version=), Identifier(type=NPM, namespace=, name=validation-helpers, version=)].
	at org.ossreviewtoolkit.model.utils.DependencyGraphBuilder.checkReferences(DependencyGraphBuilder.kt:204)
	at org.ossreviewtoolkit.model.utils.DependencyGraphBuilder.build(DependencyGraphBuilder.kt:177)
	at org.ossreviewtoolkit.model.utils.DependencyGraphBuilder.build$default(DependencyGraphBuilder.kt:176)
	at org.ossreviewtoolkit.plugins.packagemanagers.node.npm.Npm.createPackageManagerResult(Npm.kt:146)
	at org.ossreviewtoolkit.analyzer.PackageManager.resolveDependencies(PackageManager.kt:326)
	at org.ossreviewtoolkit.analyzer.PackageManagerRunner$run$3.invokeSuspend(Analyzer.kt:321)
	at kotlin.coroutines.jvm.internal.BaseContinuationImpl.resumeWith(ContinuationImpl.kt:33)
	at kotlinx.coroutines.DispatchedTask.run(DispatchedTask.kt:100)
	at kotlinx.coroutines.internal.LimitedDispatcher$Worker.run(LimitedDispatcher.kt:113)
	at kotlinx.coroutines.scheduling.TaskImpl.run(Tasks.kt:89)
	at kotlinx.coroutines.scheduling.CoroutineScheduler.runSafely(CoroutineScheduler.kt:586)
	at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.executeTask(CoroutineScheduler.kt:820)
	at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.runWorker(CoroutineScheduler.kt:717)
	at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.run(CoroutineScheduler.kt:704)

This used to work before and was probably broken by the NPM packager manager rewrite.
@sschuberth sschuberth added analyzer About the analyzer tool bug Issues that are considered to be bugs labels Jan 7, 2025
@sschuberth sschuberth self-assigned this Jan 7, 2025
@mnonnenmacher mnonnenmacher changed the title Analyzer DOS fails the DependencyGraphBuilder with "The following references do not actually refer to packages" Analyzing DOS fails the DependencyGraphBuilder with "The following references do not actually refer to packages" Jan 7, 2025
@sschuberth
Copy link
Member Author

sschuberth commented Jan 7, 2025
edited
Loading

For the record, it seems this regression did not surface before #9616, although it was introduced before that.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sschuberth sschuberth

Labels
analyzer About the analyzer tool bug Issues that are considered to be bugs
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@sschuberth