From 7c4f6c8aa992be378569556ad2c7f1e355288a0e Mon Sep 17 00:00:00 2001
From: Kamil Bukum <kbukum1@github.com>
Date: Tue, 8 Oct 2024 12:16:06 -0700
Subject: [PATCH] update the default version as npm9

---
 npm_and_yarn/lib/dependabot/npm_and_yarn/helpers.rb | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/npm_and_yarn/lib/dependabot/npm_and_yarn/helpers.rb b/npm_and_yarn/lib/dependabot/npm_and_yarn/helpers.rb
index 4c8749d88d2..544182cc6d9 100644
--- a/npm_and_yarn/lib/dependabot/npm_and_yarn/helpers.rb
+++ b/npm_and_yarn/lib/dependabot/npm_and_yarn/helpers.rb
@@ -18,7 +18,7 @@ module Helpers
       NPM_V9 = 9
       NPM_V8 = 8
       NPM_DEFAULT_VERSION = NPM_V9
-      NPM_FALLBACK_VERSION = NPM_V8
+      NPM_FALLBACK_VERSION = NPM_V9
 
       # PNPM Version Constants
       PNPM_V9 = 9
@@ -35,12 +35,19 @@ module Helpers
       YARN_DEFAULT_VERSION = YARN_V3
       YARN_FALLBACK_VERSION = YARN_V1
 
+      # NPM 7 uses lockfileVersion 2
+      # NPN 8 uses lockfileVersion 2
+      # NPN 9 uses lockfileVersion 3
       sig { params(lockfile: DependencyFile).returns(Integer) }
       def self.npm_version_numeric(lockfile)
         lockfile_content = T.must(lockfile.content)
         lockfile_version = JSON.parse(lockfile_content)["lockfileVersion"].to_i
 
-        return NPM_DEFAULT_VERSION if lockfile_version >= 3 # Corresponds to npm 9
+        return NPM_V8 if lockfile_version == 2 # Corresponds to npm 7, 8
+        return NPM_V9 if lockfile_version == 3 # Corresponds to npm 9
+
+        # Default to npm 9 if lockfileVersion is not in the specific range
+        return NPM_DEFAULT_VERSION if lockfile_version < 2 || lockfile_version > 3
 
         NPM_FALLBACK_VERSION  # Default fallback to npm 8
       rescue JSON::ParserError