packagedcode: add DotNetDepsJsonHandler to parse .deps.json files#4803
Open
kumarasantosh wants to merge 1 commit intoaboutcode-org:developfrom
Open
packagedcode: add DotNetDepsJsonHandler to parse .deps.json files#4803kumarasantosh wants to merge 1 commit intoaboutcode-org:developfrom
kumarasantosh wants to merge 1 commit intoaboutcode-org:developfrom
Conversation
Add support for parsing NuGet .deps.json lockfiles which are present alongside .dll and .pdb files in .NET projects and NuGet packages. Extracts package names, versions, types and dependencies from the libraries section of .deps.json files. Fixes aboutcode-org#4496 Signed-off-by: kumarasantosh <santosh.pulikond02@gmail.com>
kumarasantosh
force-pushed
the
feature/deps-json-handler
branch
from
09f8534 to
98766fe
Compare
This was referenced Mar 9, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixes #4496
NuGet .deps.json files appear alongside .dll and .pdb files in .NET
projects but were not being parsed by ScanCode. This PR adds a new
DotNetDepsJsonHandler in nuget.py to handle these files.
The handler detects *.deps.json files, reads the libraries section
and extracts package names, versions, types and their dependencies.
Target framework is stored in extra_data.
Tested against a real world fixture from snoopwpf v5.1.0 release
and a minimal hand-crafted fixture for edge cases.
Tasks