Support getting Node-related tooling versions from the `frontend-gradle-plugin`

Question

Support getting Node-related tooling versions from the `frontend-gradle-plugin`

sschuberth opened this issue 3 months ago · comments

Sebastian Schuberth commented 3 months ago

What is the feature you want to request?

For analyzing Gradle projects that use the frontend-gradle-plugin, it would be nice if any configured Node.js, npm, pnpm, Yarn version would be adhered to by the ORT analyzer automatically.

Describe the solution you would like

This should ideally work transparently for the user, i.e. respective tool version should be bootstrapped if not yet present.

Alternatives you have considered

The mentioned package manager analyzers could also learn to accept manually provided versions, configured as part of .ort.yml, but that requires to maintain the configured tool version in two places, and does not solve the problem of bootstrapping them.

Additional context

See the discussion at nordic-institute/X-Road#2172.

Sebastian Schuberth · Answer 1 · Sun Jun 09 2024 23:32:31 GMT+0800 (China Standard Time)

Maybe a way forward could be to leverage nvm-rust to install the correct Node version on-the-fly, and then use Corepack to install the right Node package manager version.