From 890fb3f0e8595c1bd4a746d50fa32ac44a0607d9 Mon Sep 17 00:00:00 2001
From: Keith Zantow <kzantow@gmail.com>
Date: Fri, 10 Feb 2023 15:52:13 -0500
Subject: [PATCH] fix: missing APK node vulnerabilities (#1565)

Signed-off-by: Keith Zantow <kzantow@gmail.com>
---
 .../cataloger/common/cpe/candidate_by_package_type.go | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/syft/pkg/cataloger/common/cpe/candidate_by_package_type.go b/syft/pkg/cataloger/common/cpe/candidate_by_package_type.go
index cd134a50e..154f00a21 100644
--- a/syft/pkg/cataloger/common/cpe/candidate_by_package_type.go
+++ b/syft/pkg/cataloger/common/cpe/candidate_by_package_type.go
@@ -138,6 +138,17 @@ var defaultCandidateAdditions = buildCandidateLookup(
 			candidateKey{PkgName: "python"},
 			candidateAddition{AdditionalVendors: []string{"python_software_foundation"}},
 		},
+		{
+			pkg.ApkPkg,
+			candidateKey{PkgName: "nodejs"},
+			candidateAddition{AdditionalProducts: []string{"node.js"}},
+		},
+		// Binary packages
+		{
+			pkg.BinaryPkg,
+			candidateKey{PkgName: "node"},
+			candidateAddition{AdditionalProducts: []string{"nodejs", "node.js"}},
+		},
 	})
 
 var defaultCandidateRemovals = buildCandidateRemovalLookup(