use zero value for nils in ID generation

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2025-11-17 16:33:21 +01:00 · 2021-11-09 17:26:38 -05:00 · 2021-11-09 17:26:38 -05:00 · 2356539ebe
commit 2356539ebe
parent 1537e73083
2 changed files with 13 additions and 14 deletions
--- a/internal/formats/syftjson/test-fixtures/snapshot/TestDirectoryPresenter.golden
+++ b/internal/formats/syftjson/test-fixtures/snapshot/TestDirectoryPresenter.golden
@ -1,7 +1,7 @@
 {
 "artifacts": [
  {
-   "id": "810333194629225077",
+   "id": "14696638697550896878",
   "name": "package-1",
   "version": "1.0.1",
   "type": "python",
--- a/syft/pkg/package.go
+++ b/syft/pkg/package.go
@ -15,18 +15,17 @@ import (
 // Package represents an application or library that has been bundled into a distributable format.
 // TODO: if we ignore FoundBy for ID generation should we merge the field to show it was found in two places?
 type Package struct {
-	Name      string            // the package name
-	Version   string            // the version of the package
-	FoundBy   string            // the specific cataloger that discovered this package
-	Locations []source.Location // the locations that lead to the discovery of this package (note: this is not necessarily the locations that make up this package)
-	// TODO: should we move licenses into metadata?
-	Licenses     []string     // licenses discovered with the package metadata
-	Language     Language     // the language ecosystem this package belongs to (e.g. JavaScript, Python, etc)
-	Type         Type         // the package type (e.g. Npm, Yarn, Python, Rpm, Deb, etc)
-	CPEs         []CPE        // all possible Common Platform Enumerators
-	PURL         string       // the Package URL (see https://github.com/package-url/purl-spec)
-	MetadataType MetadataType // the shape of the additional data in the "metadata" field
-	Metadata     interface{}  // additional data found while parsing the package source
+	Name         string            // the package name
+	Version      string            // the version of the package
+	FoundBy      string            // the specific cataloger that discovered this package
+	Locations    []source.Location // the locations that lead to the discovery of this package (note: this is not necessarily the locations that make up this package)
+	Licenses     []string          // licenses discovered with the package metadata
+	Language     Language          // the language ecosystem this package belongs to (e.g. JavaScript, Python, etc)
+	Type         Type              // the package type (e.g. Npm, Yarn, Python, Rpm, Deb, etc)
+	CPEs         []CPE             // all possible Common Platform Enumerators
+	PURL         string            // the Package URL (see https://github.com/package-url/purl-spec)
+	MetadataType MetadataType      // the shape of the additional data in the "metadata" field
+	Metadata     interface{}       // additional data found while parsing the package source
 }

 func (p Package) ID() artifact.ID {
@ -47,7 +46,7 @@ func (p Package) String() string {

 func (p Package) Fingerprint() (string, error) {
 	f, err := hashstructure.Hash(p, hashstructure.FormatV2, &hashstructure.HashOptions{
-		//ZeroNil:      true,
+		ZeroNil:      true,
 		SlicesAsSets: true,
 	})
 	if err != nil {