Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Avoid the creation of duplicate project / packages IDs #9417

Open
sschuberth opened this issue Nov 12, 2024 · 0 comments
Open

Avoid the creation of duplicate project / packages IDs #9417

sschuberth opened this issue Nov 12, 2024 · 0 comments
Labels
analyzer About the analyzer tool enhancement Issues that are considered to be enhancements

Comments

@sschuberth
Copy link
Member

ORT uses the same Identifier class for both projects and packages. Under certain conditions, the analyzer's logic might infer the same ID for project / packages, causing a clash which makes the AnalyzerResultBuilder class create an error.

There are different root causes for duplicate IDs, which each probably require a dedicated solution to avoid duplicates.

Possible causes for project vs package duplicates:

  • The same "thing" could be seen as both a dependency and a project in a (mono-)repo that has project A with dependency package B, but the source code of B is hosted in the same repo.

Possible causes for package vs package duplicates:

  • E.g. NPM and Yarn projects could depend on the same (?) package, but it gets pulled from different (private) registries.

Possible causes for project vs project duplicates:

  • A repository contains multiple template projects that use the same properties (e.g. here and here).
  • ORT's logic to come up with project names for projects without (enough) metadata (like Python's requirements.txt files) could create name / id clashes.
@sschuberth sschuberth added analyzer About the analyzer tool enhancement Issues that are considered to be enhancements labels Nov 12, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
analyzer About the analyzer tool enhancement Issues that are considered to be enhancements
Projects
None yet
Development

No branches or pull requests

1 participant