Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More →
lockfile-lint-api
Advanced tools
lockfile-lint-api - npm Package Compare versions
Comparing version 5.0.12 to 5.1.0
@@ -6,2 +6,13 @@ # Change Log | ||
| # [5.1.0](https://github.com/lirantal/lockfile-lint/compare/lockfile-lint-api@5.0.12...lockfile-lint-api@5.1.0) (2020-03-23) | ||
| ### Features | ||
| * **validators:** add URL validator ([#52](https://github.com/lirantal/lockfile-lint/issues/52)) ([e81ffe9](https://github.com/lirantal/lockfile-lint/commit/e81ffe9)) | ||
| ## [5.0.12](https://github.com/lirantal/lockfile-lint/compare/lockfile-lint-api@5.0.11...lockfile-lint-api@5.0.12) (2020-02-10) | ||
@@ -8,0 +19,0 @@ |
@@ -6,2 +6,3 @@ 'use strict' | ||
| const ValidateScheme = require('./src/validators/ValidateScheme') | ||
| const ValidateUrl = require('./src/validators/ValidateUrl') | ||
| const ParseLockfile = require('./src/ParseLockfile') | ||
@@ -13,3 +14,4 @@ | ||
| ValidateHttps, | ||
| ValidateScheme | ||
| ValidateScheme, | ||
| ValidateUrl | ||
| } |
| { | ||
| "name": "lockfile-lint-api", | ||
| "version": "5.0.12", | ||
| "version": "5.1.0", | ||
| "description": "Lint an npm or yarn lockfile to analyze and detect issues", | ||
@@ -177,3 +177,3 @@ "main": "index.js", | ||
| }, | ||
| "gitHead": "03b557f0662d711e10a9f268ccaa5aab0abdc0cb" | ||
| "gitHead": "d30ce73a3e5977dede29450df1c79b09f02779b2" | ||
| } |
@@ -31,7 +31,4 @@ 'use strict' | ||
| let packageResolvedURL = {} | ||
| try { | ||
| packageResolvedURL = new URL(packageMetadata.resolved) | ||
| const packageResolvedURL = new URL(packageMetadata.resolved) | ||
| const allowedHosts = hosts.map(hostValue => { | ||
@@ -41,4 +38,4 @@ // eslint-disable-next-line security/detect-object-injection | ||
| }) | ||
| if (!allowedHosts.includes(packageResolvedURL.host)) { | ||
| const isPassing = allowedHosts.includes(packageResolvedURL.host) | ||
| if (!isPassing) { | ||
| if (!packageResolvedURL.host && options && options.emptyHostname) { | ||
@@ -66,2 +63,19 @@ debug(`detected empty hostname but allowing because emptyHostname is not false`) | ||
| } | ||
| validateSingle (packageName, hosts) { | ||
| // eslint-disable-next-line security/detect-object-injection | ||
| const packageMetadata = this.packages[packageName] | ||
| if (!('resolved' in packageMetadata)) { | ||
| return true | ||
| } | ||
| const packageResolvedURL = new URL(packageMetadata.resolved) | ||
| const allowedHosts = hosts.map(hostValue => { | ||
| // eslint-disable-next-line security/detect-object-injection | ||
| return REGISTRY[hostValue] ? REGISTRY[hostValue] : hostValue | ||
| }) | ||
| return allowedHosts.includes(packageResolvedURL.host) | ||
| } | ||
| } |
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by6.05%
44005
- Number of package files
- increased by8.33%
13
- Lines of code
- increased by19.69%
389
No dependency changes