fix: traversal limit ignoring default value

[xenobytezero]

Tasks

• I've read the CONTRIBUTING guide
• Necessary tests have been added

The moduleParsed hook calls out to getCorrespondingPackageFromModuleId for each imported module, which tries to find a package.json to extract information from. If it can't find a package.json it should traverse up the directory tree a max of 10 times before failing.

The current implementation passes getCorrespondingPackageFromModuleId directly to the nodeModuleImportedIds.map() call. This means that the traverseLimit param will not be undefined and use the default of 10, and instead will be the current index in the array (the second param of .map()). We found this meant a number of packages were getting missed in our output SBOM.

This pull request uses an arrow function to call getCorrespondingPackageFromModuleId, which will correctly use the default value of 10.

[janbiasi]

@xenobytezero you've also fixed this in your other PR #68 – Am I allowed to close this PR in favor of your newer one?

[xenobytezero]

@xenobytezero you've also fixed this in your other PR #68 – Am I allowed to close this PR in favor of your newer one?

If #68 is going ahead, absolutely.