🚀 Big News: Socket Acquires Coana to Bring Reachability Analysis to Every Appsec Team.Learn more
Socket
Book a DemoInstallSign in
Socket
Book a DemoInstallSign in

check-yarn-lock

Package Overview
Dependencies
Maintainers
1
Versions
4
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

check-yarn-lock - npm Package Compare versions

Comparing version

0.1.1
to
0.2.0

13

index.js
#!/usr/bin/env node
"use strict"
const {existsSync, readFileSync} = require('fs')
const {existsSync} = require('fs')
const execSync = require('child_process').execSync

@@ -9,4 +9,3 @@ const {compose, converge, contains} = require('ramda')

const exec = require('./lib/getOutput')(execSync)
const {listChangedFiles, getFileAtHEAD} = require('./lib/gitUtil')(exec)
const getCurrentFile = filename => readFileSync(filename, 'utf8')
const {listChangedFiles, getFileAtSource} = require('./lib/gitUtil')(exec)
const LOCKFILE = 'yarn.lock'

@@ -16,5 +15,5 @@ const PACKAGE_JSON = 'package.json'

const readJson = compose(JSON.parse, getCurrentFile)
const getJsonAtHEAD = compose(JSON.parse, getFileAtHEAD)
const depsUnchanged = converge(keysEqual(deps), [readJson, getJsonAtHEAD])
const getStagedJSON = compose(JSON.parse, getFileAtSource(''))
const getJsonAtHEAD = compose(JSON.parse, getFileAtSource('HEAD'))
const depsUnchanged = converge(keysEqual(deps), [getStagedJSON, getJsonAtHEAD])

@@ -26,4 +25,4 @@ const files = listChangedFiles()

!depsUnchanged(PACKAGE_JSON)) {
console.error(`${red('Error!')} Do not commit package.json changed without yarn.lock changes`)
console.error(`${red('Error!')} Do not commit package.json changes without yarn.lock changes`)
process.exitCode = 1
}

19

lib/gitUtil.js
'use strict'
const {curry, partial} = require('ramda')
const listChangedFiles = exec => exec('git diff --cached --name-only')
.split('\n')
.slice(0, -1)
const getFileAtSource = curry((exec, source, filename) => exec(`git show ${source}:${filename}`))
module.exports = exec => ({
listChangedFiles() {
return exec('git diff --cached --name-only')
.split('\n')
.slice(0, -1)
},
getFileAtHEAD(filename) {
return exec(`git show HEAD:${filename}`)
}
listChangedFiles: partial(listChangedFiles, [exec]),
getFileAtSource: getFileAtSource(exec),
getFileAtHEAD: getFileAtSource(exec, 'HEAD')
})

4

package.json
{
"name": "check-yarn-lock",
"version": "0.1.1",
"description": "",
"version": "0.2.0",
"description": "A check that any commit that stages package.json dependency changes also changes yarn.lock",
"main": "index.js",

@@ -6,0 +6,0 @@ "scripts": {

1

README.md

@@ -13,4 +13,3 @@ # Enforce committing yarn.lock when changing dependencies

The current implementation of this module is meant to cover all common cases, but it is not 100% fool-proof as it does not check internal `yarn.lock` structure:
- If there are _both staged **and** unstaged_ changes to `package.json`, the check might pass when it should fail.
- If `package.json` was changed and __did not trigger changes to `yarn.lock`__ (e.g. removing a caret from the latest available version of a dependency), this check might fail when it should pass.
- In this case, you can run `git commit --no-verify` to commit anyway.

5

test/gitUtil.spec.js

@@ -15,9 +15,10 @@ 'use strict'

})
describe('getFileAtHEAD', () => {
describe('getFileAtSource', () => {
it('should execute the correct command', () => {
const filename = 'some-file-name'
const ref = 'HEAD'
const exec = cmd => cmd
assert.equal(gitUtil(exec).getFileAtHEAD(filename), 'git show HEAD:some-file-name')
assert.equal(gitUtil(exec).getFileAtSource(ref, filename), 'git show HEAD:some-file-name')
})
})
})