lockfile-lint-api - npm Package Compare versions

Comparing version 5.0.7 to 5.0.8

CHANGELOG.md

		@@ -6,2 +6,13 @@ # Change Log

		## [5.0.8](https://github.com/lirantal/lockfile-lint/compare/lockfile-lint-api@5.0.7...lockfile-lint-api@5.0.8) (2020-02-03)


		### Bug Fixes

		* api: lint all dependencies in package-lock ([#53](https://github.com/lirantal/lockfile-lint/issues/53)) ([f5bb8ca](https://github.com/lirantal/lockfile-lint/commit/f5bb8ca))





		## [5.0.7](https://github.com/lirantal/lockfile-lint/compare/lockfile-lint-api@5.0.6...lockfile-lint-api@5.0.7) (2020-01-17)
		@@ -8,0 +19,0 @@

package.json

		{
		"name": "lockfile-lint-api",
		"version": "5.0.7",
		"version": "5.0.8",
		"description": "Lint an npm or yarn lockfile to analyze and detect issues",
		@@ -52,3 +52,4 @@ "main": "index.js",
		"@yarnpkg/lockfile": "^1.1.0",
		"debug": "^4.1.1"
		"debug": "^4.1.1",
		"object-hash": "^2.0.1"
		},
		@@ -177,3 +178,3 @@ "devDependencies": {
		},
		"gitHead": "c7671ac87b659a29024b809727d4133011d90ce4"
		"gitHead": "8b00015c273507f966327be1fab9a9e935d56607"
		}

src/ParseLockfile.js

		@@ -7,2 +7,3 @@ /* eslint-disable security/detect-object-injection */
		const yarnLockfileParser = require('@yarnpkg/lockfile')
		const hash = require('object-hash')
		const {ParsingError, ERROR_MESSAGES} = require('./common/ParsingError')
		@@ -128,5 +129,3 @@ const {

		_flattenNpmDepsTree (npmDepsTree) {
		let flattenedDepTree = {}
		let flattenedNestedDepsTree = {}
		_flattenNpmDepsTree (npmDepsTree, npmDepMap = {}) {
		for (const [depName, depMetadata] of Object.entries(npmDepsTree)) {
		@@ -139,12 +138,14 @@ const depMetadataShortend = {
		}
		const hashedDepValues = hash(depMetadataShortend)

		flattenedDepTree[`${depName}@${depMetadata.version}`] = depMetadataShortend
		npmDepMap[`${depName}@${depMetadata.version}-${hashedDepValues}`] = depMetadataShortend

		const nestedDepsTree = depMetadata.dependencies

		if (nestedDepsTree && Object.keys(nestedDepsTree).length !== 0) {
		flattenedNestedDepsTree = this._flattenNpmDepsTree(nestedDepsTree)
		this._flattenNpmDepsTree(nestedDepsTree, npmDepMap)
		}
		}

		return Object.assign({}, flattenedDepTree, flattenedNestedDepsTree)
		return npmDepMap
		}
		@@ -151,0 +152,0 @@ }

src/validators/ValidateHost.js

		@@ -5,3 +5,2 @@ 'use strict'
		const debug = require('debug')('lockfile-lint-api')
		const PackageError = require('../common/PackageError')
		const {REGISTRY} = require('../common/constants')
		@@ -34,6 +33,7 @@
		let packageResolvedURL = {}

		try {
		packageResolvedURL = new URL(packageMetadata.resolved)
		} catch (error) {
		throw new PackageError(packageName, error)
		// swallow error (assume that the version is correct)
		}
		@@ -40,0 +40,0 @@

src/validators/ValidateHttps.js

		'use strict'

		const {URL} = require('url')
		const PackageError = require('../common/PackageError')

		@@ -29,6 +28,7 @@ const HTTPS_PROTOCOL = 'https:'
		let packageResolvedURL = {}

		try {
		packageResolvedURL = new URL(packageMetadata.resolved)
		} catch (error) {
		throw new PackageError(packageName, error)
		// swallow error (assume that the version is correct)
		}
		@@ -35,0 +35,0 @@

src/validators/ValidateScheme.js

		'use strict'

		const {URL} = require('url')
		const PackageError = require('../common/PackageError')

		@@ -31,8 +30,10 @@ module.exports = class ValidateProtocol {
		let packageResolvedURL = {}

		try {
		packageResolvedURL = new URL(packageMetadata.resolved)
		} catch (error) {
		throw new PackageError(packageName, error)
		// swallow error (assume that the version is correct)
		}
		if (schemes.indexOf(packageResolvedURL.protocol) === -1) {

		if (packageResolvedURL.protocol && schemes.indexOf(packageResolvedURL.protocol) === -1) {
		// throw new Error(`detected invalid origin for package: ${packageName}`)
		@@ -39,0 +40,0 @@ validationResult.errors.push({

New alerts