refactor(@angular/cli): add validation and logging to npm manifest parsing

Introduce a reusable `isValidManifest` type guard to ensure that parsed manifests contain both `name` and `version` strings. This applies to both single object responses and elements within an array response from the package manager.

Author: clydin

packages/angular/cli/src/package-managers/parsers.ts

@@ -217,6 +217,15 @@ export function parseYarnClassicDependencies(
   return dependencies;
 }
 
+function isValidManifest(obj: unknown): obj is PackageManifest {
+  return (
+    typeof obj === 'object' &&
+    obj !== null &&
+    typeof (obj as Record<string, unknown>).name === 'string' &&
+    typeof (obj as Record<string, unknown>).version === 'string'
+  );
+}
+
 /**
  * Parses the output of `npm view` or a compatible command to get a package manifest.
  * @param stdout The standard output of the command.
@@ -242,7 +251,8 @@ export function parseNpmLikeManifest(stdout: string, logger?: Logger): PackageMa
     let maxManifest: PackageManifest | null = null;
 
     for (const manifest of result) {
-      if (!manifest || typeof manifest.version !== 'string') {
+      if (!isValidManifest(manifest)) {
+        logger?.debug('  Skipping invalid manifest in array (missing name or version).');
         continue;
       }
 
@@ -251,9 +261,19 @@ export function parseNpmLikeManifest(stdout: string, logger?: Logger): PackageMa
       }
     }
 
+    if (!maxManifest) {
+      logger?.debug('  No valid manifests found in the array.');
+    }
+
     return maxManifest;
   }
 
+  if (!isValidManifest(result)) {
+    logger?.debug('  Parsed JSON is not a valid manifest (missing name or version).');
+
+    return null;
+  }
+
   return result;
 }
 

packages/angular/cli/src/package-managers/parsers_spec.ts

@@ -144,6 +144,30 @@ describe('parsers', () => {
       expect(parseNpmLikeManifest(stdout)).toEqual({ name: 'foo', version: '1.1.0' });
     });
 
+    it('should skip invalid manifests in an array', () => {
+      const stdout = JSON.stringify([
+        { name: 'foo', version: '1.0.0' },
+        { name: 'foo' }, // Missing version
+        { version: '1.2.0' }, // Missing name
+        null,
+        "invalid",
+      ]);
+      expect(parseNpmLikeManifest(stdout)).toEqual({ name: 'foo', version: '1.0.0' });
+    });
+
+    it('should return null if no valid manifests found in the array', () => {
+      const stdout = JSON.stringify([
+        { name: 'foo' },
+        { version: '1.2.0' },
+      ]);
+      expect(parseNpmLikeManifest(stdout)).toBeNull();
+    });
+
+    it('should return null for invalid single object', () => {
+      const stdout = JSON.stringify({ name: 'foo' }); // Missing version
+      expect(parseNpmLikeManifest(stdout)).toBeNull();
+    });
+
     it('should return null for empty stdout', () => {
       expect(parseNpmLikeManifest('')).toBeNull();
     });