CM-55551 CLI SCA Scan Fails to Detect Indirect Dependencies Due to PNPM Lock File Handling

Author: morsa4406

cycode/cli/files_collector/sca/base_restore_dependencies.py

@@ -85,15 +85,15 @@ def get_working_directory(self, document: Document) -> Optional[str]:
     def get_restored_lock_file_name(self, restore_file_path: str) -> str:
         return self.get_lock_file_name()
 
-    def get_any_restore_file_already_exist(self, document: Document, restore_file_paths: list[str]) -> Optional[str]:
+    def get_any_restore_file_already_exist(self, document: Document, restore_file_paths: list[str]) -> str:
         for restore_file_path in restore_file_paths:
             if os.path.isfile(restore_file_path):
                 return restore_file_path
 
         return build_dep_tree_path(document.absolute_path, self.get_lock_file_name())
 
     @staticmethod
-    def verify_restore_file_already_exist(restore_file_path: Optional[str]) -> bool:
+    def verify_restore_file_already_exist(restore_file_path: str) -> bool:
         return os.path.isfile(restore_file_path)
 
     @abstractmethod

cycode/cli/files_collector/sca/npm/restore_npm_dependencies.py

@@ -32,7 +32,7 @@ def get_commands(self, manifest_file_path: str) -> list[list[str]]:
         ]
 
     def get_restored_lock_file_name(self, restore_file_path: str) -> str:
-        return NPM_LOCK_FILE_NAME if restore_file_path is None else os.path.basename(restore_file_path)
+        return os.path.basename(restore_file_path)
 
     def get_lock_file_name(self) -> str:
         return NPM_LOCK_FILE_NAME