Big News: Socket Selected for OpenAI's Cybersecurity Grant Program.Details
Socket
Book a DemoSign in
Socket
Book a DemoSign in

lockfile-lint-api

Package Overview
Dependencies
Maintainers
1
Versions
56
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

lockfile-lint-api - npm Package Compare versions

Comparing version
5.0.12
 to
5.1.0
+60
src/validators/ValidateUrl.js
'use strict'
module.exports = class ValidateUrl {
constructor ({packages} = {}) {
if (typeof packages !== 'object') {
throw new Error('expecting an object passed to validator constructor')
}
this.packages = packages
}
validate (allowedUrls, options) {
if (!Array.isArray(allowedUrls)) {
throw new Error('validate method requires an array')
}
let validationResult = {
type: 'success',
errors: []
}
for (const [packageName, packageMetadata] of Object.entries(this.packages)) {
if (!('resolved' in packageMetadata)) {
continue
}
try {
const isPassing = allowedUrls.indexOf(packageMetadata.resolved) > -1
if (!isPassing) {
validationResult.errors.push({
message: `detected invalid url(s) for package: ${packageName}\n expected: ${allowedUrls}\n actual: ${
packageMetadata.resolved
}\n`,
package: packageName
})
}
} catch (error) {
// swallow error (assume that the version is correct)
}
}
if (validationResult.errors.length !== 0) {
validationResult.type = 'error'
}
return validationResult
}
validateSingle (packageName, allowedUrls) {
// eslint-disable-next-line security/detect-object-injection
const packageMetadata = this.packages[packageName]
if (!('resolved' in packageMetadata)) {
return true
}
const resolvedUrl = packageMetadata.resolved
return allowedUrls.indexOf(resolvedUrl) > -1
}
}
+11
-0
CHANGELOG.md

@@ -6,2 +6,13 @@ # Change Log

# [5.1.0](https://github.com/lirantal/lockfile-lint/compare/lockfile-lint-api@5.0.12...lockfile-lint-api@5.1.0) (2020-03-23)
### Features
* **validators:** add URL validator ([#52](https://github.com/lirantal/lockfile-lint/issues/52)) ([e81ffe9](https://github.com/lirantal/lockfile-lint/commit/e81ffe9))
## [5.0.12](https://github.com/lirantal/lockfile-lint/compare/lockfile-lint-api@5.0.11...lockfile-lint-api@5.0.12) (2020-02-10)

@@ -8,0 +19,0 @@ 

+3
-1
index.js

@@ -6,2 +6,3 @@ 'use strict'

const ValidateScheme = require('./src/validators/ValidateScheme')
const ValidateUrl = require('./src/validators/ValidateUrl')
const ParseLockfile = require('./src/ParseLockfile')

@@ -13,3 +14,4 @@

ValidateHttps,
ValidateScheme
ValidateScheme,
ValidateUrl
}
+2
-2
package.json
{
"name": "lockfile-lint-api",
"version": "5.0.12",
"version": "5.1.0",
"description": "Lint an npm or yarn lockfile to analyze and detect issues",

@@ -177,3 +177,3 @@ "main": "index.js",

},
"gitHead": "03b557f0662d711e10a9f268ccaa5aab0abdc0cb"
"gitHead": "d30ce73a3e5977dede29450df1c79b09f02779b2"
}
+20
-6
src/validators/ValidateHost.js

@@ -31,7 +31,4 @@ 'use strict'

let packageResolvedURL = {}
try {
packageResolvedURL = new URL(packageMetadata.resolved)
const packageResolvedURL = new URL(packageMetadata.resolved)
const allowedHosts = hosts.map(hostValue => {

@@ -41,4 +38,4 @@ // eslint-disable-next-line security/detect-object-injection

})
if (!allowedHosts.includes(packageResolvedURL.host)) {
const isPassing = allowedHosts.includes(packageResolvedURL.host)
if (!isPassing) {
if (!packageResolvedURL.host && options && options.emptyHostname) {

@@ -66,2 +63,19 @@ debug(`detected empty hostname but allowing because emptyHostname is not false`)

}
validateSingle (packageName, hosts) {
// eslint-disable-next-line security/detect-object-injection
const packageMetadata = this.packages[packageName]
if (!('resolved' in packageMetadata)) {
return true
}
const packageResolvedURL = new URL(packageMetadata.resolved)
const allowedHosts = hosts.map(hostValue => {
// eslint-disable-next-line security/detect-object-injection
return REGISTRY[hostValue] ? REGISTRY[hostValue] : hostValue
})
return allowedHosts.includes(packageResolvedURL.host)
}
}