lockfile-lint-api
Advanced tools
Comparing version 5.2.4 to 5.2.5
@@ -6,2 +6,13 @@ # Change Log | ||
## 5.2.5 (2022-06-11) | ||
### Bug Fixes | ||
* continues [#125](https://github.com/lirantal/lockfile-lint/issues/125) with lockfile update ([#130](https://github.com/lirantal/lockfile-lint/issues/130)) ([988347f](https://github.com/lirantal/lockfile-lint/commit/988347f)) | ||
## 5.2.4 (2022-03-13) | ||
@@ -8,0 +19,0 @@ |
{ | ||
"name": "lockfile-lint-api", | ||
"version": "5.2.4", | ||
"version": "5.2.5", | ||
"description": "Lint an npm or yarn lockfile to analyze and detect issues", | ||
"main": "index.js", | ||
"engines": { | ||
"node": ">=8.0.0" | ||
"node": ">=10.0.0" | ||
}, | ||
@@ -51,4 +51,3 @@ "scripts": { | ||
"dependencies": { | ||
"@yarnpkg/lockfile": "^1.1.0", | ||
"debug": "^4.1.1", | ||
"@yarnpkg/parsers": "^3.0.0-rc.6", | ||
"object-hash": "^2.0.1" | ||
@@ -178,3 +177,3 @@ }, | ||
}, | ||
"gitHead": "9b0b16715e4cfb77c7ec6ec180d9c1f1c8bcb8e6" | ||
"gitHead": "b0b1828cd9e758ca3c59a5efda9e3f49c89d05da" | ||
} |
@@ -6,3 +6,4 @@ 'use strict' | ||
const ERROR_MESSAGES = { | ||
NO_OPTIONS: () => 'Did not receive options for lockfile path or type', | ||
NO_OPTIONS: () => 'Did not receive options for lockfile or type', | ||
NO_LOCKFILE: () => 'Did not receive lockfile path or text', | ||
NO_PARSER_FOR_TYPE: type => | ||
@@ -9,0 +10,0 @@ `Unable to find relevant lockfile parser for type "${type}", the currently available options are ${LOCKFILE_TYPES}.`, |
@@ -0,7 +1,7 @@ | ||
// @ts-check | ||
/* eslint-disable security/detect-object-injection */ | ||
'use strict' | ||
const fs = require('fs') | ||
const path = require('path') | ||
const yarnLockfileParser = require('@yarnpkg/lockfile') | ||
const yarnParseSyml = require('@yarnpkg/parsers').parseSyml | ||
const hash = require('object-hash') | ||
@@ -11,2 +11,3 @@ const {ParsingError, ERROR_MESSAGES} = require('./common/ParsingError') | ||
NO_OPTIONS, | ||
NO_LOCKFILE, | ||
NO_PARSER_FOR_PATH, | ||
@@ -19,6 +20,35 @@ NO_PARSER_FOR_TYPE, | ||
/** | ||
* Checks if a sample object is a valid dependency structure | ||
* @return boolean | ||
*/ | ||
function checkSampleContent (lockfile) { | ||
const [sampleKey, sampleValue] = Object.entries(lockfile)[0] | ||
return ( | ||
sampleKey.match(/.*@.*/) && | ||
(sampleValue && | ||
typeof sampleValue === 'object' && | ||
sampleValue.hasOwnProperty('version') && | ||
sampleValue.hasOwnProperty('resolved')) | ||
) | ||
} | ||
/** | ||
* @param {string|Buffer} lockfileBuffer - the lockfile contents | ||
* @return {{ type: string, object: any }} | ||
*/ | ||
function yarnParseAndVerify (lockfileBuffer) { | ||
const lockfile = yarnParseSyml(lockfileBuffer.toString()) | ||
const hasSensibleContent = | ||
lockfile && typeof lockfile === 'object' && checkSampleContent(lockfile) | ||
if (!hasSensibleContent) { | ||
throw Error('Lockfile does not seem to contain a valid dependency list') | ||
} | ||
return {type: 'success', object: lockfile} | ||
} | ||
class ParseLockfile { | ||
/** | ||
* constructor | ||
* @param {string} options.lockfilePath - path to the lockfile | ||
* @param {object} options | ||
* @param {string} [options.lockfilePath] - path to the lockfile | ||
* @param {string} [options.lockfileText] - utf-8 string content of the lockfile | ||
* @param {string} options.lockfileType - the package manager type | ||
@@ -31,5 +61,9 @@ * for lockfile | ||
} | ||
if (!options.lockfilePath && !options.lockfileText) { | ||
throw new ParsingError(NO_LOCKFILE) | ||
} | ||
this.options = {} | ||
this.options.lockfilePath = options.lockfilePath | ||
this.options.lockfileText = options.lockfileText | ||
this.options.lockfileType = options.lockfileType | ||
@@ -60,7 +94,12 @@ } | ||
let file | ||
try { | ||
// eslint-disable-next-line security/detect-non-literal-fs-filename | ||
file = fs.readFileSync(this.options.lockfilePath, 'utf8') | ||
} catch (error) { | ||
throw new ParsingError(READ_FAILED, this.options.lockfilePath, error) | ||
if (this.options.lockfileText) { | ||
file = this.options.lockfileText | ||
} else { | ||
try { | ||
const fs = require('fs') | ||
// eslint-disable-next-line security/detect-non-literal-fs-filename | ||
file = fs.readFileSync(this.options.lockfilePath, 'utf-8') | ||
} catch (error) { | ||
throw new ParsingError(READ_FAILED, this.options.lockfilePath, error) | ||
} | ||
} | ||
@@ -106,6 +145,8 @@ | ||
try { | ||
parsedFile = yarnLockfileParser.parse(lockfileBuffer) | ||
parsedFile = yarnParseAndVerify(lockfileBuffer) | ||
} catch (error) { | ||
console.log(error) | ||
throw new ParsingError(PARSE_YARNLOCKFILE_FAILED, this.options.lockfilePath, error) | ||
} | ||
console.log(typeof parsedFile, parsedFile) | ||
return parsedFile | ||
@@ -112,0 +153,0 @@ } |
'use strict' | ||
const {URL} = require('url') | ||
const debug = require('debug')('lockfile-lint-api') | ||
const {REGISTRY} = require('../common/constants') | ||
const noop = () => {} | ||
module.exports = class ValidateHost { | ||
constructor ({packages} = {}) { | ||
constructor ({packages, debug = noop} = {}) { | ||
if (typeof packages !== 'object') { | ||
@@ -14,2 +13,3 @@ throw new Error('expecting an object passed to validator constructor') | ||
this.packages = packages | ||
this.debug = debug | ||
} | ||
@@ -45,3 +45,3 @@ | ||
} catch (error) { | ||
debug(`failed parsing a URL object from given host value so using as is: ${host}`) | ||
this.debug(`failed parsing a URL object from given host value so using as is: ${host}`) | ||
} | ||
@@ -55,3 +55,3 @@ | ||
if (!packageResolvedURL.host && options && options.emptyHostname) { | ||
debug(`detected empty hostname but allowing because emptyHostname is not false`) | ||
this.debug(`detected empty hostname but allowing because emptyHostname is not false`) | ||
} else { | ||
@@ -58,0 +58,0 @@ validationResult.errors.push({ |
'use strict' | ||
const {URL} = require('url') | ||
const HTTPS_PROTOCOL = 'https:' | ||
@@ -6,0 +4,0 @@ |
'use strict' | ||
const {URL} = require('url') | ||
module.exports = class ValidatePackageNames { | ||
@@ -6,0 +4,0 @@ constructor ({packages} = {}) { |
'use strict' | ||
const {URL} = require('url') | ||
module.exports = class ValidateProtocol { | ||
@@ -6,0 +4,0 @@ constructor ({packages} = {}) { |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
50174
2
471
+ Added@yarnpkg/parsers@^3.0.0-rc.6
+ Added@yarnpkg/parsers@3.0.2(transitive)
+ Addedargparse@1.0.10(transitive)
+ Addedesprima@4.0.1(transitive)
+ Addedjs-yaml@3.14.1(transitive)
+ Addedsprintf-js@1.0.3(transitive)
+ Addedtslib@2.7.0(transitive)
- Removed@yarnpkg/lockfile@^1.1.0
- Removeddebug@^4.1.1
- Removed@yarnpkg/lockfile@1.1.0(transitive)
- Removeddebug@4.3.7(transitive)
- Removedms@2.1.3(transitive)