From aa96d27e07829f0b4d0ce9cff4e33b2408d217f2 Mon Sep 17 00:00:00 2001
From: Thomas Graf <tngraf@gmx.de>
Date: Tue, 10 Feb 2026 21:56:54 +0100
Subject: [PATCH 1/2] fix: isort issue

---
 tests/test_get_dependencies_rust.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/test_get_dependencies_rust.py b/tests/test_get_dependencies_rust.py
index 44c59d6..65289cd 100644
--- a/tests/test_get_dependencies_rust.py
+++ b/tests/test_get_dependencies_rust.py
@@ -7,8 +7,8 @@
 # -------------------------------------------------------------------------------
 
 import os
-import pytest
 
+import pytest
 import responses
 
 # from capycli.common import json_support

From a002eafcde8d59df3c07af4553a405186362550e Mon Sep 17 00:00:00 2001
From: Thomas Graf <tngraf@gmx.de>
Date: Tue, 10 Feb 2026 22:12:46 +0100
Subject: [PATCH 2/2] fix: improve dependency detection in `getdependencies
 javascript`

---
 ChangeLog.md                       |  1 +
 capycli/dependencies/javascript.py | 12 ++++++++----
 2 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/ChangeLog.md b/ChangeLog.md
index 35a91c0..89648e5 100644
--- a/ChangeLog.md
+++ b/ChangeLog.md
@@ -8,6 +8,7 @@
 ## NEXT
 
 * `bom show` now also shows the group, if it exists.
+* Improve dependency detection in `getdependencies javascript`.
 
 ## 2.10.0
 
diff --git a/capycli/dependencies/javascript.py b/capycli/dependencies/javascript.py
index 2e8bfc1..849189f 100644
--- a/capycli/dependencies/javascript.py
+++ b/capycli/dependencies/javascript.py
@@ -105,8 +105,9 @@ def get_dependency_lockversion3(self, data: Dict[str, Any], sbom: Bom) -> Bom:
                 if "dev" in dep:
                     isdev = dep["dev"]
 
+                version = dep.get("version", "")
                 if isdev:
-                    # LOG.debug("Ignoring dev dependency: " + key + "," + dep["version"])
+                    print_yellow("Ignoring dev dependency: " + key + "," + dep["version"])
                     continue
 
                 modified_key = ""
@@ -115,11 +116,14 @@ def get_dependency_lockversion3(self, data: Dict[str, Any], sbom: Bom) -> Bom:
                 else:
                     modified_key = key
 
-                LOG.debug("Checking dependency: " + modified_key + "," + dep["version"])
-                purl = PackageURL("npm", "", modified_key, dep["version"], "", "")
+                if dep.get("link", ""):
+                    print_yellow("Ignoring linked dependency: " + modified_key + "," + version)
+                    continue
+                LOG.debug("Checking dependency: " + modified_key + "," + version)
+                purl = PackageURL("npm", "", modified_key, version, "", "")
                 cxcomp = Component(
                     name=modified_key.strip(),
-                    version=dep["version"].strip(),
+                    version=version.strip(),
                     purl=purl,
                     bom_ref=purl.to_string())