From d5a31d926f45833ed1e2adcaa8891e4e090f453e Mon Sep 17 00:00:00 2001
From: fraxken <gentilhomme.thomas@gmail.com>
Date: Thu, 29 May 2025 20:43:56 +0200
Subject: [PATCH] feat: implement dependency module detection (cjs, esm, dual,
 dts ..)

---
 .changeset/silent-baboons-flow.md                          | 7 +++++++
 workspaces/scanner/src/types.ts                            | 2 ++
 .../scanner/test/fixtures/depWalker/slimio.is-result.json  | 1 +
 workspaces/tarball/src/tarball.ts                          | 7 ++++++-
 workspaces/tree-walker/src/Dependency.class.ts             | 3 +++
 workspaces/tree-walker/test/npm/TreeWalker.spec.ts         | 2 ++
 6 files changed, 21 insertions(+), 1 deletion(-)
 create mode 100644 .changeset/silent-baboons-flow.md

diff --git a/.changeset/silent-baboons-flow.md b/.changeset/silent-baboons-flow.md
new file mode 100644
index 00000000..54571d47
--- /dev/null
+++ b/.changeset/silent-baboons-flow.md
@@ -0,0 +1,7 @@
+---
+"@nodesecure/tree-walker": minor
+"@nodesecure/scanner": minor
+"@nodesecure/tarball": minor
+---
+
+Implement new DependencyVersion type to detect the kind of module (cjs/esm/dual..)
diff --git a/workspaces/scanner/src/types.ts b/workspaces/scanner/src/types.ts
index bb16ac3c..032238dc 100644
--- a/workspaces/scanner/src/types.ts
+++ b/workspaces/scanner/src/types.ts
@@ -1,6 +1,7 @@
 // Import Third-party Dependencies
 import type { Warning, WarningDefault } from "@nodesecure/js-x-ray";
 import * as Vulnera from "@nodesecure/vulnera";
+import type { PackageModuleType } from "@nodesecure/mama";
 
 import type { SpdxFileLicenseConformance } from "@nodesecure/conformance";
 import type { IlluminatedContact } from "@nodesecure/contact";
@@ -48,6 +49,7 @@ export interface Repository {
 export interface DependencyVersion {
   /** Id of the package (useful for usedBy relation) */
   id: number;
+  type: PackageModuleType;
   isDevDependency: boolean;
   /**
    * Tell if the given package exist on the configured remote registry (npm by default)
diff --git a/workspaces/scanner/test/fixtures/depWalker/slimio.is-result.json b/workspaces/scanner/test/fixtures/depWalker/slimio.is-result.json
index 736d354e..961eeb98 100644
--- a/workspaces/scanner/test/fixtures/depWalker/slimio.is-result.json
+++ b/workspaces/scanner/test/fixtures/depWalker/slimio.is-result.json
@@ -3,6 +3,7 @@
     "versions": {
       "1.5.1": {
         "id": 0,
+        "type": "cjs",
         "usedBy": {},
         "isDevDependency": false,
         "existOnRemoteRegistry": true,
diff --git a/workspaces/tarball/src/tarball.ts b/workspaces/tarball/src/tarball.ts
index cedfdc72..f47ed5e4 100644
--- a/workspaces/tarball/src/tarball.ts
+++ b/workspaces/tarball/src/tarball.ts
@@ -10,7 +10,10 @@ import {
 } from "@nodesecure/js-x-ray";
 import pacote from "pacote";
 import * as conformance from "@nodesecure/conformance";
-import { ManifestManager } from "@nodesecure/mama";
+import {
+  ManifestManager,
+  type PackageModuleType
+} from "@nodesecure/mama";
 
 // Import Internal Dependencies
 import {
@@ -24,6 +27,7 @@ import * as sast from "./sast/index.js";
 
 export interface DependencyRef {
   id: number;
+  type: PackageModuleType;
   usedBy: Record<string, string>;
   isDevDependency: boolean;
   existOnRemoteRegistry: boolean;
@@ -144,6 +148,7 @@ export async function scanDirOrArchive(
     { mama, tryDependencies }
   );
 
+  ref.type = mama.moduleType;
   ref.size = composition.size;
   ref.composition.extensions.push(...composition.ext);
   ref.composition.files.push(...composition.files);
diff --git a/workspaces/tree-walker/src/Dependency.class.ts b/workspaces/tree-walker/src/Dependency.class.ts
index ded689b6..5751e0d4 100644
--- a/workspaces/tree-walker/src/Dependency.class.ts
+++ b/workspaces/tree-walker/src/Dependency.class.ts
@@ -1,10 +1,12 @@
 // Import Third-party Dependencies
 import type { Warning, WarningDefault } from "@nodesecure/js-x-ray";
+import type { PackageModuleType } from "@nodesecure/mama";
 
 export type NpmSpec = `${string}@${string}`;
 
 export interface DependencyJSON {
   id: number;
+  type: PackageModuleType;
   name: string;
   version: string;
   usedBy: Record<string, string>;
@@ -99,6 +101,7 @@ export class Dependency {
 
     return {
       id: typeof customId === "number" ? customId : Dependency.currentId++,
+      type: "cjs",
       name: this.name,
       version: this.version,
       usedBy: this.parent,
diff --git a/workspaces/tree-walker/test/npm/TreeWalker.spec.ts b/workspaces/tree-walker/test/npm/TreeWalker.spec.ts
index a0cb4a7c..eeac1966 100644
--- a/workspaces/tree-walker/test/npm/TreeWalker.spec.ts
+++ b/workspaces/tree-walker/test/npm/TreeWalker.spec.ts
@@ -26,6 +26,7 @@ describe("npm.TreeWalker", () => {
         dependency,
         {
           id: 0,
+          type: "cjs",
           name: "@nodesecure/fs-walk",
           version: "2.0.0",
           usedBy: {},
@@ -62,6 +63,7 @@ describe("npm.TreeWalker", () => {
         dependency,
         {
           id: 0,
+          type: "cjs",
           name: "@nodesecure/fs-walk",
           version: "2.0.0",
           usedBy: {},