lockfile-lint-api - npm Package Compare versions

Comparing version 2.1.2 to 2.1.3

CHANGELOG.md

@@ -6,2 +6,13 @@ # Change Log
 
+## [2.1.3](https://github.com/lirantal/lockfile-lint/compare/lockfile-lint-api@2.1.2...lockfile-lint-api@2.1.3) (2019-10-13)
+
+
+### Bug Fixes
+
+* **errors:** verbose error message includes package name ([#13](https://github.com/lirantal/lockfile-lint/issues/13)) ([f4ec3a1](https://github.com/lirantal/lockfile-lint/commit/f4ec3a1))
+
+
+
+
+
 ## [2.1.2](https://github.com/lirantal/lockfile-lint/compare/lockfile-lint-api@2.1.1...lockfile-lint-api@2.1.2) (2019-10-13)
@@ -8,0 +19,0 @@

package.json

 {
   "name": "lockfile-lint-api",
-  "version": "2.1.2",
+  "version": "2.1.3",
   "description": "Lint an npm or yarn lockfile to analyze and detect issues",
@@ -176,3 +176,3 @@ "main": "index.js",
   },
-  "gitHead": "7a21fcafe334712c1a6b71bf099b40d0093c26a4"
+  "gitHead": "4d07dde25b70ba119f20c72a6308564e75e343e5"
 }

src/validators/ValidateHost.js

 'use strict'
 
 const {URL} = require('url')
+const PackageError = require('../common/PackageError')
 
@@ -31,3 +32,8 @@ const REGISTRY = {
     for (const [packageName, packageMetadata] of Object.entries(this.packages)) {
-      const packageResolvedURL = new URL(packageMetadata.resolved)
+      let packageResolvedURL = {}
+      try {
+        packageResolvedURL = new URL(packageMetadata.resolved)
+      } catch (error) {
+        throw new PackageError(packageName, error)
+      }
 
@@ -34,0 +40,0 @@ const allowedHosts = hosts.map(hostValue => {

src/validators/ValidateHttps.js

 'use strict'
 
 const {URL} = require('url')
+const PackageError = require('../common/PackageError')
 
@@ -23,3 +24,8 @@ const HTTPS_PROTOCOL = 'https:'
     for (const [packageName, packageMetadata] of Object.entries(this.packages)) {
-      const packageResolvedURL = new URL(packageMetadata.resolved)
+      let packageResolvedURL = {}
+      try {
+        packageResolvedURL = new URL(packageMetadata.resolved)
+      } catch (error) {
+        throw new PackageError(packageName, error)
+      }
 
@@ -26,0 +32,0 @@ if (packageResolvedURL.protocol !== HTTPS_PROTOCOL) {

src/validators/ValidateScheme.js

 'use strict'
 
 const {URL} = require('url')
+const PackageError = require('../common/PackageError')
 
@@ -25,3 +26,9 @@ module.exports = class ValidateProtocol {
     for (const [packageName, packageMetadata] of Object.entries(this.packages)) {
-      const packageResolvedURL = new URL(packageMetadata.resolved)
+      let packageResolvedURL = {}
+      try {
+        packageResolvedURL = new URL(packageMetadata.resolved)
+      } catch (error) {
+        throw new PackageError(packageName, error)
+      }
+
       if (schemes.indexOf(packageResolvedURL.protocol) === -1) {
@@ -28,0 +35,0 @@ // throw new Error(`detected invalid origin for package: ${packageName}`)

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Major refactor

Supply chain risk

Package has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

32446

increased by4.26%

Number of package files

10

increased by11.11%

Lines of code

241

increased by15.31%

Number of medium supply chain risk alerts

0

decreased by-100%

No dependency changes