atlassian-connect-validator - npm Package Compare versions

Comparing version 0.0.7 to 0.0.8

package.json

 {
   "name": "atlassian-connect-validator",
-  "version": "0.0.7",
+  "version": "0.0.8",
   "description": "Utility to validate an Atlassian Connect add-on descriptor",
@@ -8,4 +8,4 @@ "main": "validate.js",
   "dependencies": {
-    "lodash": "~2.4.1",
-    "jsonschema": "~1.0.2"
+    "jsonschema": "~1.0.2",
+    "lodash": "^4.3.0"
   },
@@ -12,0 +12,0 @@ "devDependencies": {

validate.js

@@ -24,2 +24,21 @@ var util = require('util'),
 
+/**
+ * Rewrites a schema to not allow additional properties where they would usually be allowed.
+ * @param schema The original JSON schema
+ * @returns {Object} A copy of the schema with all 'additionalProperties' fields set to false
+ */
+function noAdditionalProperties(schema) {
+    return _.cloneDeepWith(schema, function(value, key) {
+        if (key === 'additionalProperties') {
+            return false;
+        }
+    });
+}
+
+function difference(strictErrors, errors) {
+    return _.differenceBy(strictErrors, errors, function(value) {
+        return value.module + value.description;
+    });
+}
+
 var parseValidationErrors = function(descriptor, errors) {
@@ -34,3 +53,2 @@ isDevMode && console.log(util.inspect(errors, {
     _.forEach(errors, function(e) {
-
         var validationError = {
@@ -51,3 +69,3 @@ module: getModuleName(e.property),
 
-        if ('format' === e.name && ('uri' === e.argument || 'uri-template' === e.argument) && baseUrl) {
+        if ('format' === e.name && ('uri' === e.argument || 'uri-template' === e.argument) && baseUrl && e.instance != null) {
             var absolute = baseUrl + normalizePath(e.instance);
@@ -68,7 +86,12 @@ if (!helpers.isFormat(absolute, 'uri')) {
         var result = new Validator().validate(descriptor, schema);
-        var parsedErrors = parseValidationErrors(descriptor, result.errors);
+        var validationErrors = parseValidationErrors(descriptor, result.errors);
+
+        var strictResult = new Validator().validate(descriptor, noAdditionalProperties(schema));
+        var strictValidationErrors = parseValidationErrors(descriptor, strictResult.errors);
+
+        var validationWarnings = difference(strictValidationErrors, validationErrors);
         if (callback) {
-            callback(parsedErrors.length > 0 ? parsedErrors: null);
+            callback(validationErrors.length > 0 ? validationErrors: null, validationWarnings.length > 0 ? validationWarnings : null);
         }
     }
 };

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

6592

increased by17.27%

Lines of code

154

increased by14.93%

Number of medium supply chain risk alerts

0

decreased by-100%

Dependency changes

• + Addedlodash@4.17.21(transitive)

• - Removedlodash@2.4.2(transitive)

• Updatedlodash@^4.3.0