dep-validate - npm Package Compare versions

Comparing version 1.1.5 to 1.2.0

lib/dep-validate.js

@@ -249,3 +249,4 @@ var PluginError = require('gulp-util').PluginError;
 function _processDeps(deps, enforce, opts) {
-  var allowHardcoded = opts.allowHardcoded !== false;
+  var allowHardcoded = opts.hardcoded === 'allow' || opts.allowHardcoded;
+  var forceHardcoded = opts.hardcoded === 'force';
   var excludedDeps = opts.excluded || [];
@@ -277,3 +278,3 @@
     if (!rangeMatch.test(firstCharacter)) {
-      if (/^[a-zA-Z/.~]/.test(firstCharacter) || allowHardcoded) {
+      if (/^[a-zA-Z/.~]/.test(firstCharacter) || allowHardcoded || forceHardcoded) {
         return;
@@ -284,2 +285,6 @@ }
 
+    if (forceHardcoded) {
+      return emitError(dependencyName, dependencyVersion, '');
+    }
+
     if (dependencyVersion.slice(0, enforce.length) !== enforce) {
@@ -286,0 +291,0 @@ emitError(dependencyName, dependencyVersion, enforce);

package.json

 {
   "name": "dep-validate",
-  "version": "1.1.5",
+  "version": "1.2.0",
   "description": "Dependency verification for npm packages with Gulp support",
@@ -5,0 +5,0 @@ "author": {

README.md

@@ -18,3 +18,3 @@ # dep-validate
 ```bash
-$ dep-validate --dependencies '~' --devDependencies '^' --exclude pkg1 --exclude pkg2 --hardcoded=allow --only production --only development --packageFile ./package.json 
+$ dep-validate --dependencies '~' --devDependencies '^' --exclude pkg1 --exclude pkg2 --hardcoded=allow --only production --only development --packageFile ./package.json
 ```
@@ -37,6 +37,6 @@
 var opts = {
-  allowHardcoded: true,                   // allow hardcoded versions without verification
   dependencies: '~',                      // the range to enforce on all "dependencies"
   devDependencies: '^',                   // the range to enforce on all "devDependencies"
   exluded: [ 'my-package' ],              // packages to exclude from validation
+  hardcoded: 'allow|force',               // allow or force hardcoded versions
   packageFile: './package.json',          // the package.json file to read and validate
@@ -43,0 +43,0 @@ only: [ 'production', 'development' ]   // only check prod/dev dependencies

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

13073

increased by1.75%

Lines of code

232

increased by1.75%

Number of medium supply chain risk alerts

0

decreased by-100%

No dependency changes