From 586c37a97ab7289f66c69dcefe9383f8bbc996a4 Mon Sep 17 00:00:00 2001
From: fraxken <gentilhomme.thomas@gmail.com>
Date: Fri, 19 Dec 2025 23:56:02 +0100
Subject: [PATCH] refactor(tarball): never throw error in SourceCodeScanner

---
 .changeset/tall-drinks-push.md                |  5 ++++
 workspaces/scanner/test/depWalker.spec.ts     |  4 ---
 .../tarball/src/class/NpmTarball.class.ts     |  4 ++-
 .../src/class/SourceCodeScanner.class.ts      | 15 ++++++-----
 .../tarball/test/SourceCodeScanner.spec.ts    | 26 ++++++++-----------
 5 files changed, 27 insertions(+), 27 deletions(-)
 create mode 100644 .changeset/tall-drinks-push.md

diff --git a/.changeset/tall-drinks-push.md b/.changeset/tall-drinks-push.md
new file mode 100644
index 00000000..fc84442e
--- /dev/null
+++ b/.changeset/tall-drinks-push.md
@@ -0,0 +1,5 @@
+---
+"@nodesecure/tarball": patch
+---
+
+Never throw in SourceCodeScanner because it break the scanner pipeline
diff --git a/workspaces/scanner/test/depWalker.spec.ts b/workspaces/scanner/test/depWalker.spec.ts
index 28648d40..a056306b 100644
--- a/workspaces/scanner/test/depWalker.spec.ts
+++ b/workspaces/scanner/test/depWalker.spec.ts
@@ -162,10 +162,6 @@ test("execute depWalker on pkg.gitdeps", async(test) => {
   const walkErrors = errors();
 
   assert.deepStrictEqual(walkErrors, [
-    {
-      error: "You must provide at least one file either in manifest or javascript",
-      phase: "tarball-scan"
-    },
     {
       error: "404 Not Found - GET https://registry.npmjs.org/pkg.gitdeps - Not found",
       phase: "tarball-scan"
diff --git a/workspaces/tarball/src/class/NpmTarball.class.ts b/workspaces/tarball/src/class/NpmTarball.class.ts
index 47d352de..22e6e2df 100644
--- a/workspaces/tarball/src/class/NpmTarball.class.ts
+++ b/workspaces/tarball/src/class/NpmTarball.class.ts
@@ -29,7 +29,9 @@ export interface ScannedFilesResult {
 }
 
 export class NpmTarball {
-  static JS_EXTENSIONS = new Set([".js", ".mjs", ".cjs"]);
+  static JS_EXTENSIONS = new Set([
+    ".js", ".mjs", ".cjs"
+  ]);
 
   manifest: LocatedManifestManager;
 
diff --git a/workspaces/tarball/src/class/SourceCodeScanner.class.ts b/workspaces/tarball/src/class/SourceCodeScanner.class.ts
index 98a8877d..6679ee20 100644
--- a/workspaces/tarball/src/class/SourceCodeScanner.class.ts
+++ b/workspaces/tarball/src/class/SourceCodeScanner.class.ts
@@ -153,22 +153,23 @@ export class SourceCodeScanner<
   async iterate(
     entries: SourceCodeEntries
   ): Promise<T> {
+    const report = this.#initNewReport();
     if (
       entries.manifest.length === 0 &&
       entries.javascript.length === 0
     ) {
-      throw new Error("You must provide at least one file either in manifest or javascript");
+      return report;
     }
 
     return entries.manifest.length > 0 ?
-      this.#iterateWithEntries(entries) :
-      this.#iterateAll(entries.javascript);
+      this.#iterateWithEntries(report, entries) :
+      this.#iterateAll(report, entries.javascript);
   }
 
   async #iterateWithEntries(
+    report: T,
     entries: SourceCodeEntries
   ): Promise<T> {
-    const report = this.#initNewReport();
     const { location } = this.manifest;
 
     const efa = new EntryFilesAnalyser({
@@ -187,21 +188,21 @@ export class SourceCodeScanner<
 
     return report.consumed ?
       report :
-      this.#iterateAll(entries.javascript);
+      this.#iterateAll(report, entries.javascript);
   }
 
   async #iterateAll(
+    report: T,
     sourceFiles: string[]
   ): Promise<T> {
     if (sourceFiles.length === 0) {
-      throw new Error("You must provide at least one javascript source file");
+      return report;
     }
 
     const {
       location,
       document: { name: packageName, type }
     } = this.manifest;
-    const report = this.#initNewReport();
 
     await Promise.allSettled(
       sourceFiles.map(async(relativeFile) => {
diff --git a/workspaces/tarball/test/SourceCodeScanner.spec.ts b/workspaces/tarball/test/SourceCodeScanner.spec.ts
index aa1c025d..65a6bb9e 100644
--- a/workspaces/tarball/test/SourceCodeScanner.spec.ts
+++ b/workspaces/tarball/test/SourceCodeScanner.spec.ts
@@ -21,29 +21,25 @@ const __dirname = path.dirname(fileURLToPath(import.meta.url));
 const kFixturePath = path.join(__dirname, "fixtures", "scanPackage");
 
 describe("SourceCodeScanner", () => {
-  test("iterate() should throw if we provide no files", async() => {
+  test("iterate() should return empty report if we provide no files", async() => {
     const mama = loadFixtureManifest("entryfiles");
     const scanner = new SourceCodeScanner(mama);
 
-    await assert.rejects(
-      () => scanner.iterate({ manifest: [], javascript: [] }),
-      { message: "You must provide at least one file either in manifest or javascript" }
-    );
+    const report = await scanner.iterate({ manifest: [], javascript: [] });
+    assert.strictEqual(report.consumed, false);
   });
 
-  test("iterate() should throw if we provide a manifest that doesn't exist and zero JavaScript files", async() => {
+  test("iterate() should return empty report if we provide a manifest that doesn't exist and zero JavaScript files", async() => {
     const mama = loadFixtureManifest("entryfiles");
     const scanner = new SourceCodeScanner(mama);
 
-    await assert.rejects(
-      () => scanner.iterate({
-        manifest: [
-          "src/bar.js"
-        ],
-        javascript: []
-      }),
-      { message: "You must provide at least one javascript source file" }
-    );
+    const report = await scanner.iterate({
+      manifest: [
+        "src/bar.js"
+      ],
+      javascript: []
+    });
+    assert.strictEqual(report.consumed, false);
   });
 
   test("iterate() should properly trace and report required files using one manifest entry file", async() => {