lockfile-lint-api
Advanced tools
Comparing version 5.0.9 to 5.0.10
@@ -6,2 +6,13 @@ # Change Log | ||
## [5.0.10](https://github.com/lirantal/lockfile-lint/compare/lockfile-lint-api@5.0.9...lockfile-lint-api@5.0.10) (2020-02-04) | ||
### Bug Fixes | ||
* **validators:** host validator enforced with URLs only ([#61](https://github.com/lirantal/lockfile-lint/issues/61)) ([036edbf](https://github.com/lirantal/lockfile-lint/commit/036edbf)) | ||
## [5.0.9](https://github.com/lirantal/lockfile-lint/compare/lockfile-lint-api@5.0.8...lockfile-lint-api@5.0.9) (2020-02-04) | ||
@@ -8,0 +19,0 @@ |
{ | ||
"name": "lockfile-lint-api", | ||
"version": "5.0.9", | ||
"version": "5.0.10", | ||
"description": "Lint an npm or yarn lockfile to analyze and detect issues", | ||
@@ -177,3 +177,3 @@ "main": "index.js", | ||
}, | ||
"gitHead": "e741421f79066beda8021a50af8bbecdcc8c3090" | ||
"gitHead": "1e76c886e861efde22baa4c938240038abb2e7ea" | ||
} |
@@ -35,22 +35,22 @@ 'use strict' | ||
packageResolvedURL = new URL(packageMetadata.resolved) | ||
} catch (error) { | ||
// swallow error (assume that the version is correct) | ||
} | ||
const allowedHosts = hosts.map(hostValue => { | ||
// eslint-disable-next-line security/detect-object-injection | ||
return REGISTRY[hostValue] ? REGISTRY[hostValue] : hostValue | ||
}) | ||
const allowedHosts = hosts.map(hostValue => { | ||
// eslint-disable-next-line security/detect-object-injection | ||
return REGISTRY[hostValue] ? REGISTRY[hostValue] : hostValue | ||
}) | ||
if (allowedHosts.indexOf(packageResolvedURL.host) === -1) { | ||
if (!packageResolvedURL.host && options && options.emptyHostname) { | ||
debug(`detected empty hostname but allowing because emptyHostname is not false`) | ||
} else { | ||
validationResult.errors.push({ | ||
message: `detected invalid host(s) for package: ${packageName}\n expected: ${allowedHosts}\n actual: ${ | ||
packageResolvedURL.host | ||
}\n`, | ||
package: packageName | ||
}) | ||
if (allowedHosts.indexOf(packageResolvedURL.host) === -1) { | ||
if (!packageResolvedURL.host && options && options.emptyHostname) { | ||
debug(`detected empty hostname but allowing because emptyHostname is not false`) | ||
} else { | ||
validationResult.errors.push({ | ||
message: `detected invalid host(s) for package: ${packageName}\n expected: ${allowedHosts}\n actual: ${ | ||
packageResolvedURL.host | ||
}\n`, | ||
package: packageName | ||
}) | ||
} | ||
} | ||
} catch (error) { | ||
// swallow error (assume that the version is correct) | ||
} | ||
@@ -57,0 +57,0 @@ } |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
41117