Support Kotlin JS npm dependencies
hfhbd opened this issue · 2 comments
Currently, we support Maven coordinates only. Kotlin JS also supports npm dependencies, which would be nice to support too to have one dependency (and spdx) report.
npm stores the license information in the package.json, so parsing these files is easy, it is json and we already uses kotlinx-serialization.
Open question: How to get these files: Could we use Gradle's downloader (somehow)? What about configuration cache? How does KGP fetch the dependencies. AFAIK it is done by yarn during execution (kotlinNodeJsSetup), but we should check it.
(Related, what about cocoapods?)
Assuming we can get access to the node_modules directory in a stable way, its format is standardized (I think?) and contains all of the package.json files for parsing.
Presumably also have to depend on whatever task is responsible for running the yarn install.