From be32579cabef683cc6f345685a90094fe13ac475 Mon Sep 17 00:00:00 2001
From: Asger F <asgerf@github.com>
Date: Wed, 27 Aug 2025 10:43:41 +0200
Subject: [PATCH] JS: Change pruning to not rely on Import

---
 .../frameworks/data/internal/ApiGraphModelsSpecific.qll     | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/javascript/ql/lib/semmle/javascript/frameworks/data/internal/ApiGraphModelsSpecific.qll b/javascript/ql/lib/semmle/javascript/frameworks/data/internal/ApiGraphModelsSpecific.qll
index 5e9846e9ad55..c61ecc138ef6 100644
--- a/javascript/ql/lib/semmle/javascript/frameworks/data/internal/ApiGraphModelsSpecific.qll
+++ b/javascript/ql/lib/semmle/javascript/frameworks/data/internal/ApiGraphModelsSpecific.qll
@@ -58,9 +58,11 @@ predicate parseTypeString(string rawType, string package, string qualifiedName)
 predicate isPackageUsed(string package) {
   package = "global"
   or
-  package = any(JS::Import imp).getImportedPathString()
+  // To simplify which dependencies are needed to construct DataFlow::Node, we don't want to rely on `Import` here.
+  // Just check all string literals.
+  package = any(JS::Expr imp).getStringValue()
   or
-  any(JS::TypeAnnotation t).hasUnderlyingType(package, _)
+  package = any(JS::StringLiteralTypeExpr t).getValue() // Can be used in `import("foo")`
   or
   exists(JS::PackageJson json | json.getPackageName() = package)
 }