Handle duplicate aliases in yarn v1

Signed-off-by: Ayan Sinha Mahapatra <ayansmahapatra@gmail.com>

src/packagedcode/npm.py

@@ -881,7 +881,7 @@ def parse(cls, location, package_only=False):
         with io.open(location, encoding='utf-8') as yl:
             yl_dependencies = yl.read().split('\n\n')
 
-        dependencies = []
+        dependencies_by_purl = {}
         for yl_dependency in yl_dependencies:
             lines = yl_dependency.splitlines(False)
             if all(l.startswith('#') or not l.strip() for l in lines):
@@ -986,15 +986,15 @@ def parse(cls, location, package_only=False):
                 resolved_package_data.dependencies.append(subdep)
 
             # we create a purl with a version, since we are resolved
-            dep_purl = PackageURL(
+            dep_purl = str(PackageURL(
                 type=cls.default_package_type,
                 namespace=ns,
                 name=name,
                 version=version,
-            )
+            ))
 
             dep = models.DependentPackage(
-                purl=str(dep_purl),
+                purl=dep_purl,
                 extracted_requirement=extracted_requirement,
                 is_resolved=True,
                 # FIXME: these are NOT correct
@@ -1004,8 +1004,14 @@ def parse(cls, location, package_only=False):
                 is_direct=False,
                 resolved_package=resolved_package_data.to_dict(),
             )
-            dependencies.append(dep.to_dict())
 
+            if not dep_purl in dependencies_by_purl: 
+                dependencies_by_purl[dep_purl] = dep.to_dict()
+            else:
+                # We have duplicate dependencies because of aliases
+                pass
+
+        dependencies = list(dependencies_by_purl.values())
         update_dependencies_as_resolved(dependencies=dependencies)
         package_data = dict(
             datasource_id=cls.datasource_id,

tests/packagedcode/data/npm/yarn-lock/v1-complex3/yarn.lock

@@ -0,0 +1,48 @@
+# THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY.
+# yarn lockfile v1
+
+
+"wrap-ansi-cjs@npm:wrap-ansi@^7.0.0":
+  version "7.0.0"
+  resolved "https://registry.yarnpkg.com/wrap-ansi/-/wrap-ansi-7.0.0.tgz#67e145cff510a6a6984bdf1152911d69d2eb9e43"
+  integrity sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q==
+  dependencies:
+    ansi-styles "^4.0.0"
+    string-width "^4.1.0"
+    strip-ansi "^6.0.0"
+
+wrap-ansi@^5.1.0:
+  version "5.1.0"
+  resolved "https://registry.yarnpkg.com/wrap-ansi/-/wrap-ansi-5.1.0.tgz#1fd1f67235d5b6d0fee781056001bfb694c03b09"
+  integrity sha512-QC1/iN/2/RPVJ5jYK8BGttj5z83LmSKmvbvrXPNCLZSEb32KKVDJDl/MOt2N01qU2H/FkzEa9PKto1BqDjtd7Q==
+  dependencies:
+    ansi-styles "^3.2.0"
+    string-width "^3.0.0"
+    strip-ansi "^5.0.0"
+
+wrap-ansi@^6.2.0:
+  version "6.2.0"
+  resolved "https://registry.yarnpkg.com/wrap-ansi/-/wrap-ansi-6.2.0.tgz#e9393ba07102e6c91a3b221478f0257cd2856e53"
+  integrity sha512-r6lPcBGxZXlIcymEu7InxDMhdW0KDxpLgoFLcguasxCaJ/SOIZwINatK9KY/tf+ZrlywOKU0UDj3ATXUBfxJXA==
+  dependencies:
+    ansi-styles "^4.0.0"
+    string-width "^4.1.0"
+    strip-ansi "^6.0.0"
+
+wrap-ansi@^7.0.0:
+  version "7.0.0"
+  resolved "https://registry.yarnpkg.com/wrap-ansi/-/wrap-ansi-7.0.0.tgz#67e145cff510a6a6984bdf1152911d69d2eb9e43"
+  integrity sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q==
+  dependencies:
+    ansi-styles "^4.0.0"
+    string-width "^4.1.0"
+    strip-ansi "^6.0.0"
+
+wrap-ansi@^8.1.0:
+  version "8.1.0"
+  resolved "https://registry.yarnpkg.com/wrap-ansi/-/wrap-ansi-8.1.0.tgz#56dc22368ee570face1b49819975d9b9a5ead214"
+  integrity sha512-si7QWI6zUMq56bESFvagtmzMdGOtoxfR+Sez11Mobfc7tm+VkUckk9bW2UeffTGVUbOksxmSw0AA2gs8g71NCQ==
+  dependencies:
+    ansi-styles "^6.1.0"
+    string-width "^5.0.1"
+    strip-ansi "^7.0.1"