lockfile-lint-api
Advanced tools
lockfile-lint-api - npm Package Compare versions
Comparing version 5.8.0 to 5.9.0
| { | ||
| "name": "lockfile-lint-api", | ||
| "version": "5.8.0", | ||
| "version": "5.9.0", | ||
| "description": "Lint an npm or yarn lockfile to analyze and detect issues", | ||
@@ -51,3 +51,3 @@ "main": "index.js", | ||
| "dependencies": { | ||
| "@yarnpkg/parsers": "^3.0.0-rc.32", | ||
| "@yarnpkg/parsers": "^3.0.0-rc.48.1", | ||
| "debug": "^4.3.4", | ||
@@ -60,17 +60,17 @@ "object-hash": "^3.0.0" | ||
| "babel-plugin-transform-regenerator": "^6.26.0", | ||
| "babel-preset-env": "^1.6.1", | ||
| "babel-preset-env": "^1.7.0", | ||
| "babel-preset-es2015": "^6.24.1", | ||
| "docco": "^0.8.0", | ||
| "docco": "^0.9.1", | ||
| "doxdox": "3.0.0", | ||
| "eslint": "^5.10.0", | ||
| "eslint-config-standard": "^12.0.0", | ||
| "eslint-plugin-import": "^2.14.0", | ||
| "eslint-plugin-jest": "^22.1.2", | ||
| "eslint-plugin-node": "9.1.0", | ||
| "eslint-plugin-promise": "^4.0.1", | ||
| "eslint-plugin-security": "^1.4.0", | ||
| "eslint-plugin-standard": "^4.0.0", | ||
| "jest": "24.8.0", | ||
| "open-cli": "^5.0.0", | ||
| "prettier-standard": "9.1.1" | ||
| "eslint": "^8.46.0", | ||
| "eslint-config-standard": "^17.1.0", | ||
| "eslint-plugin-import": "^2.28.0", | ||
| "eslint-plugin-jest": "^27.2.3", | ||
| "eslint-plugin-node": "11.1.0", | ||
| "eslint-plugin-promise": "^6.1.1", | ||
| "eslint-plugin-security": "^1.7.1", | ||
| "eslint-plugin-standard": "^4.1.0", | ||
| "jest": "29.6.2", | ||
| "open-cli": "^7.2.0", | ||
| "prettier-standard": "16.4.1" | ||
| }, | ||
@@ -77,0 +77,0 @@ "jest": { |
@@ -25,3 +25,3 @@ // @ts-check | ||
| */ | ||
| function checkSampleContent (lockfile, isYarnBerry) { | ||
| function checkSampleContent(lockfile, isYarnBerry) { | ||
| if (Object.entries(lockfile).length < (isYarnBerry ? 2 : 1)) { | ||
@@ -35,4 +35,4 @@ return false | ||
| typeof sampleValue === 'object' && | ||
| sampleValue.hasOwnProperty('version') && | ||
| (sampleValue.hasOwnProperty('resolved') || sampleValue.hasOwnProperty('resolution')) | ||
| Object.hasOwn(sampleValue, 'version') && | ||
| (Object.hasOwn(sampleValue, 'resolved') || Object.hasOwn(sampleValue, 'resolution')) | ||
| ) | ||
@@ -44,3 +44,3 @@ } | ||
| */ | ||
| function yarnParseAndVerify (lockfileBuffer) { | ||
| function yarnParseAndVerify(lockfileBuffer) { | ||
| const lockfile = yarnParseSyml(lockfileBuffer.toString()) | ||
@@ -82,3 +82,3 @@ const isYarnBerry = typeof lockfile.__metadata === 'object' | ||
| */ | ||
| constructor (options) { | ||
| constructor(options) { | ||
| if (!options || typeof options !== 'object') { | ||
@@ -101,3 +101,3 @@ throw new ParsingError(NO_OPTIONS) | ||
| */ | ||
| isLockfileTypeGiven () { | ||
| isLockfileTypeGiven() { | ||
| return typeof this.options.lockfileType === 'string' && this.options.lockfileType | ||
@@ -110,3 +110,3 @@ } | ||
| */ | ||
| parseSync () { | ||
| parseSync() { | ||
| const lockfileParser = this.resolvePkgMgrForLockfile() | ||
@@ -136,3 +136,3 @@ if (!lockfileParser) { | ||
| resolvePkgMgrForLockfile () { | ||
| resolvePkgMgrForLockfile() { | ||
| const lockfileResolversByPackageManager = { | ||
@@ -157,3 +157,3 @@ npm: this.parseNpmLockfile, | ||
| resolvePkgMgrByFilename () { | ||
| resolvePkgMgrByFilename() { | ||
| const lockfileResolverByFilename = { | ||
@@ -170,3 +170,3 @@ 'package-lock.json': this.parseNpmLockfile, | ||
| parseYarnLockfile (lockfileBuffer) { | ||
| parseYarnLockfile(lockfileBuffer) { | ||
| let parsedFile | ||
@@ -181,3 +181,3 @@ try { | ||
| parseNpmLockfile (lockfileBuffer) { | ||
| parseNpmLockfile(lockfileBuffer) { | ||
| let flattenedDepTree | ||
@@ -214,3 +214,3 @@ try { | ||
| _flattenNpmDepsTree (npmDepsTree, npmDepMap = {}) { | ||
| _flattenNpmDepsTree(npmDepsTree, npmDepMap = {}) { | ||
| for (const [depName, depMetadata] of Object.entries(npmDepsTree)) { | ||
@@ -262,3 +262,3 @@ // only evaluate dependency metadata if it's an object with actual metadata | ||
| extractedPackageName (packageName) { | ||
| extractedPackageName(packageName) { | ||
| const parts = packageName.split('/') | ||
@@ -265,0 +265,0 @@ const lastIndex = parts.lastIndexOf('node_modules') |
@@ -21,3 +21,3 @@ 'use strict' | ||
| let validationResult = { | ||
| const validationResult = { | ||
| type: 'success', | ||
@@ -55,3 +55,3 @@ errors: [] | ||
| if (!packageResolvedURL.host && options && options.emptyHostname) { | ||
| this.debug(`detected empty hostname but allowing because emptyHostname is not false`) | ||
| this.debug('detected empty hostname but allowing because emptyHostname is not false') | ||
| } else { | ||
@@ -58,0 +58,0 @@ validationResult.errors.push({ |
@@ -15,3 +15,3 @@ 'use strict' | ||
| validate () { | ||
| let validationResult = { | ||
| const validationResult = { | ||
| type: 'success', | ||
@@ -18,0 +18,0 @@ errors: [] |
@@ -16,4 +16,9 @@ 'use strict' | ||
| validate () { | ||
| let validationResult = { | ||
| validate (options) { | ||
| const excludedPackages = options && options.integrityExclude ? options.integrityExclude : [] | ||
| if (!Array.isArray(excludedPackages)) { | ||
| throw new Error('excluded packages must be an array') | ||
| } | ||
| const validationResult = { | ||
| type: 'success', | ||
@@ -28,8 +33,10 @@ errors: [] | ||
| if (excludedPackages.includes(packageName)) { | ||
| continue | ||
| } | ||
| try { | ||
| if (!isSha512(packageMetadata)) { | ||
| validationResult.errors.push({ | ||
| message: `detected invalid integrity hash type for package: ${packageName}\n expected: sha512\n actual: ${ | ||
| packageMetadata.integrity | ||
| }\n`, | ||
| message: `detected invalid integrity hash type for package: ${packageName}\n expected: sha512\n actual: ${packageMetadata.integrity}\n`, | ||
| package: packageName | ||
@@ -36,0 +43,0 @@ }) |
@@ -16,3 +16,3 @@ 'use strict' | ||
| validate (packageNameAliases) { | ||
| let validationResult = { | ||
| const validationResult = { | ||
| type: 'success', | ||
@@ -19,0 +19,0 @@ errors: [] |
@@ -17,3 +17,3 @@ 'use strict' | ||
| let validationResult = { | ||
| const validationResult = { | ||
| type: 'success', | ||
@@ -20,0 +20,0 @@ errors: [] |
@@ -17,3 +17,3 @@ 'use strict' | ||
| let validationResult = { | ||
| const validationResult = { | ||
| type: 'success', | ||
@@ -20,0 +20,0 @@ errors: [] |
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by0.64%
42655
- Lines of code
- increased by0.81%
626