Skip to content

feat: support regex matching for package name overrides#2658

Open
majiayu000 wants to merge 2 commits intogoogle:mainfrom
majiayu000:feat/issue-151-package-name-regex-override
Open

feat: support regex matching for package name overrides#2658
majiayu000 wants to merge 2 commits intogoogle:mainfrom
majiayu000:feat/issue-151-package-name-regex-override

Conversation

@majiayu000
Copy link

@majiayu000 majiayu000 commented Mar 19, 2026

Fixes #151

Changes

Adds a NameIsRegex boolean field (nameIsRegex in TOML) to PackageOverrideEntry. When set to true, the Name field is treated as a regex pattern instead of an exact string match.

  • Uses existing cachedregexp.Compile() for efficient cached compilation
  • Anchors the regex with ^...$ to prevent partial matches
  • Invalid regex patterns log a warning and do not match (no panic)
  • Default behavior (nameIsRegex = false) is unchanged

Example config:

[[PackageOverrides]]
name = "internal-.*"
nameIsRegex = true
ignore = true
reason = "internal packages should not be sent to OSV API"

Test Plan

Added TestConfig_ShouldIgnorePackage_NameIsRegex with 8 test cases:

  • Regex match / no match
  • Invalid regex handling
  • Exact match preserved when nameIsRegex = false
  • Empty name with regex flag
  • Anchored matching (no partial match)
  • Combined with ecosystem filter
  • Regex match with ecosystem mismatch
go test ./internal/config/ -run TestConfig_ShouldIgnorePackage_NameIsRegex -v

@gemini-code-assist
Copy link
Contributor

gemini-code-assist bot commented Mar 19, 2026

Warning

You have reached your daily quota limit. Please wait up to 24 hours and I will start processing your requests again!

@majiayu000 majiayu000 marked this pull request as ready for review March 19, 2026 06:22
@gemini-code-assist
Copy link
Contributor

gemini-code-assist bot commented Mar 19, 2026

Warning

You have reached your daily quota limit. Please wait up to 24 hours and I will start processing your requests again!

G-Rath
G-Rath requested changes Mar 19, 2026
View reviewed changes
Copy link
Collaborator

@G-Rath G-Rath left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looks pretty good, though we should update the documentation to reflect the new property and add a CLI test for an invalid regex to showcase the output

@majiayu000
Copy link
Author

majiayu000 commented Mar 20, 2026

Thanks for the review! I've addressed the feedback:

  1. Moved regex validation to config load time (tryLoadConfig) — invalid regex patterns are now caught once when the config is loaded, instead of warning per package in matches(). This means an invalid regex in a config file will produce a clean config loading error (same behavior as unknown keys).

  2. Updated documentation — added nameIsRegex property with an example to docs/configuration.md.

  3. Added CLI testconfig_file_with_invalid_regex test case verifies the error output when a config has an invalid regex pattern.

@majiayu000
feat: support regex matching for package name overrides
0a6cc86 
Add a `nameIsRegex` boolean field to PackageOverrideEntry. When true,
the `name` field is compiled as a regex (anchored with ^...$) and
matched against the normalized package name. Invalid regex patterns
are handled gracefully with a warning and treated as non-matching.

Uses the existing cachedregexp.Compile() utility for performance.

Signed-off-by: majiayu000 <[email protected]>
@majiayu000
fix: validate regex at config load time and update docs
04e14ad 
- Move regex validation from matches() to tryLoadConfig() so invalid
  regex patterns are caught once at load time instead of warning per
  package
- Add documentation for nameIsRegex property in docs/configuration.md
- Add CLI test for invalid regex config with snapshot

Signed-off-by: majiayu000 <[email protected]>
@majiayu000 majiayu000 force-pushed the feat/issue-151-package-name-regex-override branch from 06e9395 to 04e14ad Compare March 25, 2026 10:19
@majiayu000
Copy link
Author

majiayu000 commented Mar 25, 2026

Hi @G-Rath, I've rebased onto the latest main and addressed the feedback:

  1. Regex validation moved to config load time — invalid regex patterns are caught once in tryLoadConfig() instead of per-package warnings
  2. Documentation updated — added nameIsRegex property with example to docs/configuration.md
  3. CLI test addedconfig_file_with_invalid_regex test case verifies the error output
  4. Fixed errorlint%v%w in the regex validation error

Could you please re-review when you get a chance? Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@G-Rath G-Rath G-Rath requested changes

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Exclude Packages by Regex Value from Scan

2 participants

@majiayu000 @G-Rath