lockfile-lint-api
Advanced tools
lockfile-lint-api - npm Package Compare versions
Comparing version 5.2.4 to 5.2.5
@@ -6,2 +6,13 @@ # Change Log | ||
| ## 5.2.5 (2022-06-11) | ||
| ### Bug Fixes | ||
| * continues [#125](https://github.com/lirantal/lockfile-lint/issues/125) with lockfile update ([#130](https://github.com/lirantal/lockfile-lint/issues/130)) ([988347f](https://github.com/lirantal/lockfile-lint/commit/988347f)) | ||
| ## 5.2.4 (2022-03-13) | ||
@@ -8,0 +19,0 @@ |
| { | ||
| "name": "lockfile-lint-api", | ||
| "version": "5.2.4", | ||
| "version": "5.2.5", | ||
| "description": "Lint an npm or yarn lockfile to analyze and detect issues", | ||
| "main": "index.js", | ||
| "engines": { | ||
| "node": ">=8.0.0" | ||
| "node": ">=10.0.0" | ||
| }, | ||
@@ -51,4 +51,3 @@ "scripts": { | ||
| "dependencies": { | ||
| "@yarnpkg/lockfile": "^1.1.0", | ||
| "debug": "^4.1.1", | ||
| "@yarnpkg/parsers": "^3.0.0-rc.6", | ||
| "object-hash": "^2.0.1" | ||
@@ -178,3 +177,3 @@ }, | ||
| }, | ||
| "gitHead": "9b0b16715e4cfb77c7ec6ec180d9c1f1c8bcb8e6" | ||
| "gitHead": "b0b1828cd9e758ca3c59a5efda9e3f49c89d05da" | ||
| } |
@@ -6,3 +6,4 @@ 'use strict' | ||
| const ERROR_MESSAGES = { | ||
| NO_OPTIONS: () => 'Did not receive options for lockfile path or type', | ||
| NO_OPTIONS: () => 'Did not receive options for lockfile or type', | ||
| NO_LOCKFILE: () => 'Did not receive lockfile path or text', | ||
| NO_PARSER_FOR_TYPE: type => | ||
@@ -9,0 +10,0 @@ `Unable to find relevant lockfile parser for type "${type}", the currently available options are ${LOCKFILE_TYPES}.`, |
@@ -0,7 +1,7 @@ | ||
| // @ts-check | ||
| /* eslint-disable security/detect-object-injection */ | ||
| 'use strict' | ||
| const fs = require('fs') | ||
| const path = require('path') | ||
| const yarnLockfileParser = require('@yarnpkg/lockfile') | ||
| const yarnParseSyml = require('@yarnpkg/parsers').parseSyml | ||
| const hash = require('object-hash') | ||
@@ -11,2 +11,3 @@ const {ParsingError, ERROR_MESSAGES} = require('./common/ParsingError') | ||
| NO_OPTIONS, | ||
| NO_LOCKFILE, | ||
| NO_PARSER_FOR_PATH, | ||
@@ -19,6 +20,35 @@ NO_PARSER_FOR_TYPE, | ||
| /** | ||
| * Checks if a sample object is a valid dependency structure | ||
| * @return boolean | ||
| */ | ||
| function checkSampleContent (lockfile) { | ||
| const [sampleKey, sampleValue] = Object.entries(lockfile)[0] | ||
| return ( | ||
| sampleKey.match(/.*@.*/) && | ||
| (sampleValue && | ||
| typeof sampleValue === 'object' && | ||
| sampleValue.hasOwnProperty('version') && | ||
| sampleValue.hasOwnProperty('resolved')) | ||
| ) | ||
| } | ||
| /** | ||
| * @param {string|Buffer} lockfileBuffer - the lockfile contents | ||
| * @return {{ type: string, object: any }} | ||
| */ | ||
| function yarnParseAndVerify (lockfileBuffer) { | ||
| const lockfile = yarnParseSyml(lockfileBuffer.toString()) | ||
| const hasSensibleContent = | ||
| lockfile && typeof lockfile === 'object' && checkSampleContent(lockfile) | ||
| if (!hasSensibleContent) { | ||
| throw Error('Lockfile does not seem to contain a valid dependency list') | ||
| } | ||
| return {type: 'success', object: lockfile} | ||
| } | ||
| class ParseLockfile { | ||
| /** | ||
| * constructor | ||
| * @param {string} options.lockfilePath - path to the lockfile | ||
| * @param {object} options | ||
| * @param {string} [options.lockfilePath] - path to the lockfile | ||
| * @param {string} [options.lockfileText] - utf-8 string content of the lockfile | ||
| * @param {string} options.lockfileType - the package manager type | ||
@@ -31,5 +61,9 @@ * for lockfile | ||
| } | ||
| if (!options.lockfilePath && !options.lockfileText) { | ||
| throw new ParsingError(NO_LOCKFILE) | ||
| } | ||
| this.options = {} | ||
| this.options.lockfilePath = options.lockfilePath | ||
| this.options.lockfileText = options.lockfileText | ||
| this.options.lockfileType = options.lockfileType | ||
@@ -60,7 +94,12 @@ } | ||
| let file | ||
| try { | ||
| // eslint-disable-next-line security/detect-non-literal-fs-filename | ||
| file = fs.readFileSync(this.options.lockfilePath, 'utf8') | ||
| } catch (error) { | ||
| throw new ParsingError(READ_FAILED, this.options.lockfilePath, error) | ||
| if (this.options.lockfileText) { | ||
| file = this.options.lockfileText | ||
| } else { | ||
| try { | ||
| const fs = require('fs') | ||
| // eslint-disable-next-line security/detect-non-literal-fs-filename | ||
| file = fs.readFileSync(this.options.lockfilePath, 'utf-8') | ||
| } catch (error) { | ||
| throw new ParsingError(READ_FAILED, this.options.lockfilePath, error) | ||
| } | ||
| } | ||
@@ -106,6 +145,8 @@ | ||
| try { | ||
| parsedFile = yarnLockfileParser.parse(lockfileBuffer) | ||
| parsedFile = yarnParseAndVerify(lockfileBuffer) | ||
| } catch (error) { | ||
| console.log(error) | ||
| throw new ParsingError(PARSE_YARNLOCKFILE_FAILED, this.options.lockfilePath, error) | ||
| } | ||
| console.log(typeof parsedFile, parsedFile) | ||
| return parsedFile | ||
@@ -112,0 +153,0 @@ } |
| 'use strict' | ||
| const {URL} = require('url') | ||
| const debug = require('debug')('lockfile-lint-api') | ||
| const {REGISTRY} = require('../common/constants') | ||
| const noop = () => {} | ||
| module.exports = class ValidateHost { | ||
| constructor ({packages} = {}) { | ||
| constructor ({packages, debug = noop} = {}) { | ||
| if (typeof packages !== 'object') { | ||
@@ -14,2 +13,3 @@ throw new Error('expecting an object passed to validator constructor') | ||
| this.packages = packages | ||
| this.debug = debug | ||
| } | ||
@@ -45,3 +45,3 @@ | ||
| } catch (error) { | ||
| debug(`failed parsing a URL object from given host value so using as is: ${host}`) | ||
| this.debug(`failed parsing a URL object from given host value so using as is: ${host}`) | ||
| } | ||
@@ -55,3 +55,3 @@ | ||
| if (!packageResolvedURL.host && options && options.emptyHostname) { | ||
| debug(`detected empty hostname but allowing because emptyHostname is not false`) | ||
| this.debug(`detected empty hostname but allowing because emptyHostname is not false`) | ||
| } else { | ||
@@ -58,0 +58,0 @@ validationResult.errors.push({ |
| 'use strict' | ||
| const {URL} = require('url') | ||
| const HTTPS_PROTOCOL = 'https:' | ||
@@ -6,0 +4,0 @@ |
| 'use strict' | ||
| const {URL} = require('url') | ||
| module.exports = class ValidatePackageNames { | ||
@@ -6,0 +4,0 @@ constructor ({packages} = {}) { |
| 'use strict' | ||
| const {URL} = require('url') | ||
| module.exports = class ValidateProtocol { | ||
@@ -6,0 +4,0 @@ constructor ({packages} = {}) { |
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by3.24%
50174
- Dependency count
- decreased by-33.33%
2
- Lines of code
- increased by9.03%
471
Dependency changes
+ Added@yarnpkg/parsers@^3.0.0-rc.6
+ Added@yarnpkg/parsers@3.0.2(transitive)
+ Addedargparse@1.0.10(transitive)
+ Addedesprima@4.0.1(transitive)
+ Addedjs-yaml@3.14.1(transitive)
+ Addedsprintf-js@1.0.3(transitive)
+ Addedtslib@2.7.0(transitive)
- Removed@yarnpkg/lockfile@^1.1.0
- Removeddebug@^4.1.1
- Removed@yarnpkg/lockfile@1.1.0(transitive)
- Removeddebug@4.3.7(transitive)
- Removedms@2.1.3(transitive)