Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

lockfile-lint-api

Package Overview
Dependencies
Maintainers
1
Versions
55
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

lockfile-lint-api - npm Package Compare versions

Comparing version 2.3.0 to 5.0.0

60

CHANGELOG.md

@@ -6,2 +6,62 @@ # Change Log

# [5.0.0](https://github.com/lirantal/lockfile-lint/compare/lockfile-lint-api@2.3.0...lockfile-lint-api@5.0.0) (2019-11-22)
### Features
* **emptyhostname:** allow empty hostnames in api ([#27](https://github.com/lirantal/lockfile-lint/issues/27)) ([ef9f599](https://github.com/lirantal/lockfile-lint/commit/ef9f599)), closes [#23](https://github.com/lirantal/lockfile-lint/issues/23) [#25](https://github.com/lirantal/lockfile-lint/issues/25)
### BREAKING CHANGES
* **emptyhostname:** lockfile-lint-api internal method API has changed its function
signature to allow receiving a value, and then an options object in a second
argument.
Relevant issues:
# [4.0.0](https://github.com/lirantal/lockfile-lint/compare/lockfile-lint-api@2.3.0...lockfile-lint-api@4.0.0) (2019-11-22)
### Features
* **emptyhostname:** allow empty hostnames in api ([#27](https://github.com/lirantal/lockfile-lint/issues/27)) ([ef9f599](https://github.com/lirantal/lockfile-lint/commit/ef9f599)), closes [#23](https://github.com/lirantal/lockfile-lint/issues/23) [#25](https://github.com/lirantal/lockfile-lint/issues/25)
### BREAKING CHANGES
* **emptyhostname:** lockfile-lint-api internal method API has changed its function
signature to allow receiving a value, and then an options object in a second
argument.
Relevant issues:
# [3.0.0](https://github.com/lirantal/lockfile-lint/compare/lockfile-lint-api@2.3.0...lockfile-lint-api@3.0.0) (2019-11-22)
### Features
* **emptyhostname:** allow empty hostnames in api ([#27](https://github.com/lirantal/lockfile-lint/issues/27)) ([ef9f599](https://github.com/lirantal/lockfile-lint/commit/ef9f599)), closes [#23](https://github.com/lirantal/lockfile-lint/issues/23) [#25](https://github.com/lirantal/lockfile-lint/issues/25)
### BREAKING CHANGES
* **emptyhostname:** lockfile-lint-api internal method API has changed its function
signature to allow receiving a value, and then an options object in a second
argument.
Relevant issues:
# [2.3.0](https://github.com/lirantal/lockfile-lint/compare/lockfile-lint-api@2.2.0...lockfile-lint-api@2.3.0) (2019-11-07)

@@ -8,0 +68,0 @@

4

package.json
{
"name": "lockfile-lint-api",
"version": "2.3.0",
"version": "5.0.0",
"description": "Lint an npm or yarn lockfile to analyze and detect issues",

@@ -176,3 +176,3 @@ "main": "index.js",

},
"gitHead": "abc71fa09a39ef2975648ac540eb4c57534ee463"
"gitHead": "76a4b3fd4684a766d103a149ac9cfe989ed8ed5e"
}
'use strict'
const {URL} = require('url')
const debug = require('debug')('lockfile-lint-api')
const PackageError = require('../common/PackageError')

@@ -16,3 +17,3 @@ const {REGISTRY} = require('../common/constants')

validate (hosts) {
validate (hosts, options) {
if (!Array.isArray(hosts)) {

@@ -41,9 +42,12 @@ throw new Error('validate method requires an array')

if (allowedHosts.indexOf(packageResolvedURL.host) === -1) {
// throw new Error(`detected invalid origin for package: ${packageName}`)
validationResult.errors.push({
message: `detected invalid host(s) for package: ${packageName}\n expected: ${allowedHosts}\n actual: ${
packageResolvedURL.host
}\n`,
package: packageName
})
if (!packageResolvedURL.host && options && options.emptyHostname) {
debug(`detected empty hostname but allowing because emptyHostname is not false`)
} else {
validationResult.errors.push({
message: `detected invalid host(s) for package: ${packageName}\n expected: ${allowedHosts}\n actual: ${
packageResolvedURL.host
}\n`,
package: packageName
})
}
}

@@ -50,0 +54,0 @@ }

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc