fix(node): Do not fail completely if parsing a single package fails

sschuberth · sschuberth · commit b1a51f0382b5 · 2025-11-11T11:34:35.000+01:00
Previously, when parsing failed for a single Yarn2 package in a chunk,
the whole analysis was aborted. Change this to instead create issues
with detailed information about the offending package, and continue
parsing the remaning packages.

Signed-off-by: Sebastian Schuberth &lt;sebastian@doubleopen.org&gt;
diff --git a/plugins/package-managers/node/src/main/kotlin/PackageJson.kt b/plugins/package-managers/node/src/main/kotlin/PackageJson.kt
@@ -20,6 +20,7 @@
 package org.ossreviewtoolkit.plugins.packagemanagers.node
 
 import java.io.File
+import java.io.IOException
 
 import kotlinx.serialization.SerialName
 import kotlinx.serialization.Serializable
@@ -49,9 +50,32 @@ internal fun parsePackageJson(file: File): PackageJson = parsePackageJson(file.r
 
 internal fun parsePackageJson(json: String): PackageJson = parsePackageJson(JSON.parseToJsonElement(json))
 
-internal fun parsePackageJsons(jsons: String): List<PackageJson> =
+internal fun parsePackageJsons(jsons: String): List<Result<PackageJson>> =
     jsons.byteInputStream().use { input ->
-        JSON.decodeToSequence<JsonElement>(input).mapTo(mutableListOf()) { parsePackageJson(it) }
+        JSON.decodeToSequence<JsonElement>(input).mapTo(mutableListOf()) { element ->
+            runCatching {
+                parsePackageJson(element)
+            }.recoverCatching {
+                if (element !is JsonObject) throw it
+
+                // Try to enrich the exception with more package details that are still available.
+                val name = (element["name"] as? JsonPrimitive)?.content
+                val version = (element["version"] as? JsonPrimitive)?.content
+                val homepage = (element["homepage"] as? JsonPrimitive)?.content
+                val gitHead = (element["gitHead"] as? JsonPrimitive)?.content
+
+                val message = buildString {
+                    append("Error parsing package JSON metadata for package")
+                    if (name != null) append(" named '$name'")
+                    if (version != null) append(" in version $version")
+                    if (homepage != null) append(" hosted at $homepage")
+                    if (homepage != null) append(" in revision $gitHead")
+                    append(".")
+                }
+
+                throw IOException(message, it)
+            }
+        }
     }
 
 internal fun parsePackageJson(element: JsonElement): PackageJson {
diff --git a/plugins/package-managers/node/src/main/kotlin/yarn2/Yarn2.kt b/plugins/package-managers/node/src/main/kotlin/yarn2/Yarn2.kt
@@ -26,9 +26,11 @@ import kotlinx.coroutines.async
 import kotlinx.coroutines.awaitAll
 
 import org.ossreviewtoolkit.analyzer.PackageManagerFactory
+import org.ossreviewtoolkit.model.Issue
 import org.ossreviewtoolkit.model.ProjectAnalyzerResult
 import org.ossreviewtoolkit.model.config.AnalyzerConfiguration
 import org.ossreviewtoolkit.model.config.Excludes
+import org.ossreviewtoolkit.model.createAndLogIssue
 import org.ossreviewtoolkit.model.utils.DependencyGraphBuilder
 import org.ossreviewtoolkit.plugins.api.OrtPlugin
 import org.ossreviewtoolkit.plugins.api.OrtPluginOption
@@ -42,6 +44,7 @@ import org.ossreviewtoolkit.plugins.packagemanagers.node.getInstalledModulesDirs
 import org.ossreviewtoolkit.plugins.packagemanagers.node.getNames
 import org.ossreviewtoolkit.plugins.packagemanagers.node.parsePackageJson
 import org.ossreviewtoolkit.plugins.packagemanagers.node.parsePackageJsons
+import org.ossreviewtoolkit.utils.common.collectMessages
 import org.ossreviewtoolkit.utils.common.div
 import org.ossreviewtoolkit.utils.common.realFile
 import org.ossreviewtoolkit.utils.common.withoutPrefix
@@ -82,9 +85,11 @@ class Yarn2(override val descriptor: PluginDescriptor = Yarn2Factory.descriptor,
     NodePackageManager(NodePackageManagerType.YARN2) {
     override val globsForDefinitionFiles = listOf(NodePackageManagerType.DEFINITION_FILE)
     internal val yarn2Command = Yarn2Command(config.corepackEnabled)
+
+    private val issues = mutableListOf<Issue>()
     private val moduleInfoResolver = ModuleInfoResolver { workingDir, moduleIds ->
         runBlocking(Dispatchers.IO.limitedParallelism(20)) {
-            moduleIds.chunked(YARN_NPM_INFO_CHUNK_SIZE).map { chunk ->
+            val resultChunks = moduleIds.chunked(YARN_NPM_INFO_CHUNK_SIZE).map { chunk ->
                 async {
                     val process = yarn2Command.run(
                         "npm",
@@ -99,7 +104,13 @@ class Yarn2(override val descriptor: PluginDescriptor = Yarn2Factory.descriptor,
 
                     parsePackageJsons(process.stdout)
                 }
-            }.awaitAll().flatten().toSet()
+            }.awaitAll()
+
+            resultChunks.flatten().mapNotNullTo(mutableSetOf()) { result ->
+                result.onFailure {
+                    issues += createAndLogIssue(it.collectMessages())
+                }.getOrNull()
+            }
         }
     }
 
@@ -155,7 +166,8 @@ class Yarn2(override val descriptor: PluginDescriptor = Yarn2Factory.descriptor,
 
             ProjectAnalyzerResult(
                 project = project.copy(scopeNames = scopes.getNames()),
-                packages = emptySet()
+                packages = emptySet(),
+                issues = issues
             )
         }
     }
