From bb25d268d066fa4aee3bac520cd086c1a726ccee Mon Sep 17 00:00:00 2001
From: Ashish Vishal <ashish.v.vishal@oracle.com>
Date: Wed, 19 Oct 2022 21:03:19 +0530
Subject: [PATCH] npm handler fix In npm/handler.go file at two places, we were
 getting string interface as well as map[string] interface but the code was
 written assuming for only map[string] interface. So, added IF conditions for
 type checking. Fixes
 https://github.com/opensbom-generator/spdx-sbom-generator/issues/252
 Signed-off-by: Ashish Vishal ashish.v.vishal@oracle.com

---
 pkg/modules/npm/handler.go | 18 +++++++++++++-----
 1 file changed, 13 insertions(+), 5 deletions(-)

diff --git a/pkg/modules/npm/handler.go b/pkg/modules/npm/handler.go
index dedc1a1..dbab4b5 100644
--- a/pkg/modules/npm/handler.go
+++ b/pkg/modules/npm/handler.go
@@ -211,16 +211,19 @@ func (m *npm) buildDependencies(path string, deps map[string]interface{}) ([]mod
 		depName := strings.TrimPrefix(key, "@")
 		for nkey := range dd {
 			var mod models.Module
-			d := dd[nkey].(map[string]interface{})
 			mod.Version = strings.TrimSpace(strings.TrimPrefix(strings.TrimPrefix(strings.TrimPrefix(strings.TrimPrefix(nkey, "^"), "~"), ">"), "="))
 			mod.Version = strings.Split(mod.Version, " ")[0]
 			mod.Name = depName
 
 			r := ""
-			if d["resolved"] != nil {
-				r = d["resolved"].(string)
-				mod.PackageDownloadLocation = r
+			if _, ok := dd[nkey].(map[string]interface{}); ok {
+				d := dd[nkey].(map[string]interface{})
+				if d["resolved"] != nil {
+					r = d["resolved"].(string)
+					mod.PackageDownloadLocation = r
+				}
 			}
+
 			if mod.PackageDownloadLocation == "" {
 				r := "https://www.npmjs.com/package/%s/v/%s"
 				mod.PackageDownloadLocation = fmt.Sprintf(r, mod.Name, mod.Version)
@@ -369,7 +372,12 @@ func appendDependencies(d interface{}, allDeps map[string]map[string]interface{}
 		if m == nil {
 			m = make(map[string]interface{})
 		}
-		m[dv.(map[string]interface{})["version"].(string)] = dv.(map[string]interface{})
+
+		if _, ok := dv.(string); ok {
+			m[dv.(string)] = dv.(string)
+		} else {
+			m[dv.(map[string]interface{})["version"].(string)] = dv.(map[string]interface{})
+		}
 		allDeps[dk] = m
 	}
 }