From c8b4cac9c382cfb0b5b06afcd6f5a0995abaca9c Mon Sep 17 00:00:00 2001
From: Hamed Mohamed <hamedmohamed22w@gmail.com>
Date: Sun, 1 Feb 2026 21:55:25 +0300
Subject: [PATCH] fix(scanner): support string format for 'repository' field in
 comparePayloads

---
 .changeset/extra-files-count.md           |  5 +++++
 workspaces/scanner/src/comparePayloads.ts | 18 ++++++++++++++----
 workspaces/scanner/src/types.ts           |  2 +-
 3 files changed, 20 insertions(+), 5 deletions(-)
 create mode 100644 .changeset/extra-files-count.md

diff --git a/.changeset/extra-files-count.md b/.changeset/extra-files-count.md
new file mode 100644
index 00000000..17a8b788
--- /dev/null
+++ b/.changeset/extra-files-count.md
@@ -0,0 +1,5 @@
+---
+"@nodesecure/scanner": patch
+---
+
+fix: support string format for 'repository' field in comparePayloads
diff --git a/workspaces/scanner/src/comparePayloads.ts b/workspaces/scanner/src/comparePayloads.ts
index 053579ce..6438e133 100644
--- a/workspaces/scanner/src/comparePayloads.ts
+++ b/workspaces/scanner/src/comparePayloads.ts
@@ -51,7 +51,7 @@ export interface DependencyVersionComparison {
   description: ValueComparison<string>;
   author: ValueComparison<Maintainer>;
   engines: DictionaryComparison<string>;
-  repository: ValueComparison<Repository>;
+  repository: ValueComparison<Repository | string | undefined>;
   scripts: DictionaryComparison<string>;
   warnings: ArrayDiff<Warning>;
   composition: CompositionComparison;
@@ -166,9 +166,7 @@ function compareVersions(
       author: version.author && comparedVersion.author ? compareObjects("name", version.author, comparedVersion.author) : void 0,
       // @ts-ignore
       engines: compareDictionnaries(version.engines, comparedVersion.engines),
-      // FIXME: repository can be a string: https://github.com/pillarjs/encodeurl/blob/master/package.json#L14
-      repository: compareObjects("type", version.repository, comparedVersion.repository)
-        ?? compareObjects("url", version.repository, comparedVersion.repository),
+      repository: compareRepositories(version.repository, comparedVersion.repository),
       scripts: compareDictionnaries(version.scripts, comparedVersion.scripts),
       warnings: arrayDiff(version.warnings, comparedVersion.warnings),
       composition: compareComposition(version.composition, comparedVersion.composition),
@@ -312,3 +310,15 @@ export function arrayOfObjectsDiffByKey<T extends Record<string, any>>(
 
   return { added, removed };
 }
+
+function compareRepositories(
+  original: DependencyVersion["repository"],
+  toCompare: DependencyVersion["repository"]
+): ValueComparison<Repository | string | undefined> {
+  if (typeof original === "string" || typeof toCompare === "string") {
+    return compareValues(original, toCompare);
+  }
+
+  return compareObjects("type", original, toCompare)
+    ?? compareObjects("url", original, toCompare);
+}
diff --git a/workspaces/scanner/src/types.ts b/workspaces/scanner/src/types.ts
index 178fcff0..ee7af954 100644
--- a/workspaces/scanner/src/types.ts
+++ b/workspaces/scanner/src/types.ts
@@ -67,7 +67,7 @@ export interface DependencyVersion {
   /** Author of the package. This information is not trustable and can be empty. */
   author: Maintainer | null;
   engines: Engines;
-  repository?: Repository;
+  repository?: Repository | string;
   scripts: Record<string, string>;
   /**
    * JS-X-Ray warnings