lockfile-lint-api
Advanced tools
lockfile-lint-api - npm Package Compare versions
Comparing version 5.0.9 to 5.0.10
@@ -6,2 +6,13 @@ # Change Log | ||
| ## [5.0.10](https://github.com/lirantal/lockfile-lint/compare/lockfile-lint-api@5.0.9...lockfile-lint-api@5.0.10) (2020-02-04) | ||
| ### Bug Fixes | ||
| * **validators:** host validator enforced with URLs only ([#61](https://github.com/lirantal/lockfile-lint/issues/61)) ([036edbf](https://github.com/lirantal/lockfile-lint/commit/036edbf)) | ||
| ## [5.0.9](https://github.com/lirantal/lockfile-lint/compare/lockfile-lint-api@5.0.8...lockfile-lint-api@5.0.9) (2020-02-04) | ||
@@ -8,0 +19,0 @@ |
| { | ||
| "name": "lockfile-lint-api", | ||
| "version": "5.0.9", | ||
| "version": "5.0.10", | ||
| "description": "Lint an npm or yarn lockfile to analyze and detect issues", | ||
@@ -177,3 +177,3 @@ "main": "index.js", | ||
| }, | ||
| "gitHead": "e741421f79066beda8021a50af8bbecdcc8c3090" | ||
| "gitHead": "1e76c886e861efde22baa4c938240038abb2e7ea" | ||
| } |
@@ -35,22 +35,22 @@ 'use strict' | ||
| packageResolvedURL = new URL(packageMetadata.resolved) | ||
| } catch (error) { | ||
| // swallow error (assume that the version is correct) | ||
| } | ||
| const allowedHosts = hosts.map(hostValue => { | ||
| // eslint-disable-next-line security/detect-object-injection | ||
| return REGISTRY[hostValue] ? REGISTRY[hostValue] : hostValue | ||
| }) | ||
| const allowedHosts = hosts.map(hostValue => { | ||
| // eslint-disable-next-line security/detect-object-injection | ||
| return REGISTRY[hostValue] ? REGISTRY[hostValue] : hostValue | ||
| }) | ||
| if (allowedHosts.indexOf(packageResolvedURL.host) === -1) { | ||
| if (!packageResolvedURL.host && options && options.emptyHostname) { | ||
| debug(`detected empty hostname but allowing because emptyHostname is not false`) | ||
| } else { | ||
| validationResult.errors.push({ | ||
| message: `detected invalid host(s) for package: ${packageName}\n expected: ${allowedHosts}\n actual: ${ | ||
| packageResolvedURL.host | ||
| }\n`, | ||
| package: packageName | ||
| }) | ||
| if (allowedHosts.indexOf(packageResolvedURL.host) === -1) { | ||
| if (!packageResolvedURL.host && options && options.emptyHostname) { | ||
| debug(`detected empty hostname but allowing because emptyHostname is not false`) | ||
| } else { | ||
| validationResult.errors.push({ | ||
| message: `detected invalid host(s) for package: ${packageName}\n expected: ${allowedHosts}\n actual: ${ | ||
| packageResolvedURL.host | ||
| }\n`, | ||
| package: packageName | ||
| }) | ||
| } | ||
| } | ||
| } catch (error) { | ||
| // swallow error (assume that the version is correct) | ||
| } | ||
@@ -57,0 +57,0 @@ } |
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by0.91%
41117
No dependency changes