@snyk/dep-graph
Advanced tools
Comparing version 2.6.1 to 2.7.0
@@ -31,2 +31,3 @@ "use strict"; | ||
function validatePackageURL(pkg) { | ||
var _a; | ||
if (!pkg.purl) { | ||
@@ -43,2 +44,16 @@ return; | ||
break; | ||
// The PURL spec for Linux distros does not include the source in the name. | ||
// This is why we relax the assertion here and match only on the package name: | ||
// <source name>/<package name> - we omit the source name | ||
// For now, make this exception only for deb to cover a support case. | ||
case 'deb': { | ||
const pkgName = pkg.name.split('/').pop(); | ||
assert(pkgName === purlPkg.name, 'name and packageURL name do not match'); | ||
if (((_a = purlPkg.qualifiers) === null || _a === void 0 ? void 0 : _a['upstream']) && pkg.name.includes('/')) { | ||
const pkgSrc = pkg.name.split('/')[0]; | ||
const pkgUpstream = purlPkg.qualifiers['upstream'].split('@')[0]; | ||
assert(pkgSrc === pkgUpstream, 'source and packageURL source do not match'); | ||
} | ||
break; | ||
} | ||
default: | ||
@@ -45,0 +60,0 @@ assert(pkg.name === purlPkg.name, `name and packageURL name do not match`); |
@@ -71,3 +71,3 @@ { | ||
}, | ||
"version": "2.6.1" | ||
"version": "2.7.0" | ||
} |
Sorry, the diff of this file is not supported yet
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
129100
1923