Don't make self refential referrer as indirect

Author: ljones140

componentDetection.test.ts

@@ -122,14 +122,16 @@ describe("ComponentDetection.addPackagesToManifests", () => {
     expect(manifests[0].countDependencies()).toBe(1);
   });
 
+  // Component detection reports some packages as top level referrers of themselves
+  // We need to mark as direct as causes Dependency Graph to mark the package as transitive without any Direct
   test("adds package as indirect dependency when top level referrer is itself", () => {
     const manifests: any[] = [];
 
     const testPackage = {
       id: "test-package",
       packageUrl: "pkg:npm/test-package@1.0.0",
       isDevelopmentDependency: false,
-      topLevelReferrers: [{ packageUrl: "pkg:npm/test-package@1.0.0" }], // Self-reference case
+      topLevelReferrers: [{ packageUrl: "pkg:npm/test-package@1.0.0" }],
       locationsFoundAt: ["package.json"],
       containerDetailIds: [],
       containerLayerIds: [],
@@ -142,9 +144,8 @@ describe("ComponentDetection.addPackagesToManifests", () => {
     expect(manifests).toHaveLength(1);
     expect(manifests[0].name).toBe("package.json");
 
-    // Self-referencing packages are currently treated as indirect - this might be a bug to investigate
-    expect(manifests[0].directDependencies()).toHaveLength(0);
-    expect(manifests[0].indirectDependencies()).toHaveLength(1);
+    expect(manifests[0].directDependencies()).toHaveLength(1);
+    expect(manifests[0].indirectDependencies()).toHaveLength(0);
     expect(manifests[0].countDependencies()).toBe(1);
   });
 

componentDetection.ts

@@ -147,7 +147,15 @@ export default class ComponentDetection {
           const manifest = new Manifest(location, location);
           manifests.push(manifest);
         }
-        if (pkg.topLevelReferrers.length == 0) {
+
+        // Filter out self-references from topLevelReferrers
+        const nonSelfReferrers = pkg.topLevelReferrers.filter((referrer: any) => {
+          if (!referrer.packageUrl) return false;
+          const referrerUrl = ComponentDetection.makePackageUrl(referrer.packageUrl);
+          return referrerUrl !== pkg.packageUrl;
+        });
+
+        if (nonSelfReferrers.length == 0) {
           manifests.find((manifest: Manifest) => manifest.name == location)?.addDirectDependency(pkg, ComponentDetection.getDependencyScope(pkg));
         } else {
           manifests.find((manifest: Manifest) => manifest.name == location)?.addIndirectDependency(pkg, ComponentDetection.getDependencyScope(pkg));