From 8f932da26ad6445491e8576692c1b131fc37b51c Mon Sep 17 00:00:00 2001
From: Ayan Sinha Mahapatra <ayansmahapatra@gmail.com>
Date: Wed, 19 Jun 2024 19:16:01 +0530
Subject: [PATCH] Address feedback and update CHNAGELOG and docs

Signed-off-by: Ayan Sinha Mahapatra <ayansmahapatra@gmail.com>
---
 CHANGELOG.rst                                 | 32 ++++++++++++++-----
 .../reference/available_package_parsers.rst   | 20 +++++++++++-
 src/packagedcode/npm.py                       |  4 +--
 src/packagedcode/utils.py                     |  2 +-
 4 files changed, 46 insertions(+), 12 deletions(-)

diff --git a/CHANGELOG.rst b/CHANGELOG.rst
index 154b722238a..22dee1462a9 100644
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -34,6 +34,26 @@ v33.0.0 (next next, roadmap)
   of these in other summary plugins.
   See https://github.com/nexB/scancode-toolkit/issues/1745
 
+v32.2.0 - (next, roadmap)
+-------------------------
+
+- New and improved package/dependency data:
+  - Added new attribute in DependentPackage `is_direct` to aid
+    package resolution and dependency graph creation.
+  - Added new attributes in PackageData: `is_private` and
+    `is_virtual`. #3102 #3811
+  https://github.com/nexB/scancode-toolkit/pull/3779
+
+- Improved javascript package detection:
+  - Add support for pnpm manifests and lockfiles #3766
+  - Add support for npm, pnpm and yarn workspaces #3746
+  - Improve resolved package and dependencies support in lockfiles for
+    yarn.lock, package-lock.json, and pnpm. #3780
+  - Add support for private packages. #3120
+  - Add support for new dependency scopes across javascript
+  - Lots of misc bugfixes in yarn and npm parsers.
+  https://github.com/nexB/scancode-toolkit/pull/3779
+
 - Improve cargo package detection support with various improvements
   and bugfixes:
   - Fix for parser crashing on cargo workspaces
@@ -43,14 +63,10 @@ v33.0.0 (next next, roadmap)
   - Better handle workspace data thorugh extra_data attribute
   See https://github.com/nexB/scancode-toolkit/pull/3783
 
-- We now support parsing the Swift manifest JSON dump and the ``Package.resolved`` file https://github.com/nexB/scancode-toolkit/issues/2657.
-  - Run the commands below on your local Swift project before running the scan.
-    - ::
-
-        swift package dump-package > Package.swift.json
-    - ::
-
-        swift package resolve
+- We now support parsing the Swift manifest JSON dump and the
+  ``Package.resolved`` file https://github.com/nexB/scancode-toolkit/issues/2657.
+  Run the command below on your local Swift project before running the scan:
+    `swift package dump-package > Package.swift.json && swift package resolve``
 
 - New and updated licenses, including support for newly released
   SPDX license list versions:
diff --git a/docs/source/reference/available_package_parsers.rst b/docs/source/reference/available_package_parsers.rst
index 45a3a4c15ee..3bd0f0ce685 100644
--- a/docs/source/reference/available_package_parsers.rst
+++ b/docs/source/reference/available_package_parsers.rst
@@ -539,6 +539,24 @@ parsers in scancode-toolkit during documentation builds.
      - ``npm_shrinkwrap_json``
      - JavaScript
      - https://docs.npmjs.com/cli/v8/configuring-npm/npm-shrinkwrap-json
+   * - pnpm pnpm-lock.yaml lockfile
+     - ``*/pnpm-lock.yaml``
+     - ``npm``
+     - ``pnpm_lock_yaml``
+     - JavaScript
+     - https://github.com/pnpm/spec/blob/master/lockfile/6.0.md
+   * - pnpm shrinkwrap.yaml lockfile
+     - ``*/shrinkwrap.yaml``
+     - ``npm``
+     - ``pnpm_shrinkwrap_yaml``
+     - JavaScript
+     - https://github.com/pnpm/spec/blob/master/lockfile/4.md
+   * - pnpm workspace yaml file
+     - ``*/pnpm-workspace.yaml``
+     - ``npm``
+     - ``pnpm_workspace_yaml``
+     - JavaScript
+     - https://pnpm.io/pnpm-workspace_yaml
    * - yarn.lock lockfile v1 format
      - ``*/yarn.lock``
      - ``npm``
@@ -748,7 +766,7 @@ parsers in scancode-toolkit during documentation builds.
      - ``squashfs_disk_image``
      - None
      - https://en.wikipedia.org/wiki/SquashFS
-   * - JSON dump of Package.swift created with ``swift package dump-package > Package.swift.json``
+   * - JSON dump of Package.swift created with ``swift package dump-package &gt; Package.swift.json``
      - ``*/Package.swift.json``
      - ``swift``
      - ``swift_package_manifest_json``
diff --git a/src/packagedcode/npm.py b/src/packagedcode/npm.py
index cedd3737d80..60b37ac789b 100644
--- a/src/packagedcode/npm.py
+++ b/src/packagedcode/npm.py
@@ -25,7 +25,7 @@
 from packagedcode.utils import yield_dependencies_from_package_data
 from packagedcode.utils import yield_dependencies_from_package_resource
 from packagedcode.utils import update_dependencies_as_resolved
-from packagedcode.utils import is_path_pattern
+from packagedcode.utils import is_simple_path
 from packagedcode.utils import is_simple_path_pattern
 import saneyaml
 
@@ -301,7 +301,7 @@ def get_workspace_members(cls, workspaces, codebase, workspace_root_path):
         for workspace_path in workspaces:
 
             # Case 1: A definite path, instead of a pattern (only one package.json)
-            if is_path_pattern(workspace_path):
+            if is_simple_path(workspace_path):
                 workspace_dir_path = os.path.join(workspace_root_path, workspace_path)
                 workspace_member_path = os.path.join(workspace_dir_path, 'package.json')
                 workspace_member = codebase.get_resource(path=workspace_member_path)
diff --git a/src/packagedcode/utils.py b/src/packagedcode/utils.py
index f851e35a96f..ba1506aee6a 100644
--- a/src/packagedcode/utils.py
+++ b/src/packagedcode/utils.py
@@ -278,7 +278,7 @@ def get_base_purl(purl):
     return PackageURL(**base_purl_mapping).to_string()
 
 
-def is_path_pattern(path):
+def is_simple_path(path):
    return '*' not in path