lockfile-lint - npm Package Compare versions

5

bin/lockfile-lint.js

		@@ -21,3 +21,6 @@ #!/usr/bin/env node
		name: validatorItem,
		options: commandValue
		values: commandValue,
		options: {
		emptyHostname: cli['empty-hostname']
		}
		})
		@@ -24,0 +27,0 @@ }

21

CHANGELOG.md

		@@ -6,2 +6,23 @@ # Change Log

		# [3.0.0](https://github.com/lirantal/lockfile-lint/compare/lockfile-lint@2.2.0...lockfile-lint@3.0.0) (2019-11-22)


		### Features

		* emptyhostname: allow empty hostnames in lockfiles ([#26](https://github.com/lirantal/lockfile-lint/issues/26)) ([7d859e1](https://github.com/lirantal/lockfile-lint/commit/7d859e1))


		### BREAKING CHANGES

		* emptyhostname: lockfile-lint-api internal method API has changed its function signature
		to allow receiving a value, and then an options object in a second argument.

		Relevant issues:
		- https://github.com/lirantal/lockfile-lint/issues/23
		- https://github.com/lirantal/lockfile-lint/issues/25





		# [2.2.0](https://github.com/lirantal/lockfile-lint/compare/lockfile-lint@2.1.6...lockfile-lint@2.2.0) (2019-11-07)
		@@ -8,0 +29,0 @@

4

package.json

		{
		"name": "lockfile-lint",
		"version": "2.2.0",
		"version": "3.0.0",
		"description": "A CLI to lint a lockfile for security policies",
		@@ -181,3 +181,3 @@ "bin": {
		},
		"gitHead": "abc71fa09a39ef2975648ac540eb4c57534ee463"
		"gitHead": "aa0474c97a9b9ef08fbf65804596042dc8e6816c"
		}

4

README.md

		@@ -64,3 +64,2 @@ <p align="center"><h1 align="center">


		# CLI command options
		@@ -74,3 +73,4 @@
		\| `--allowed-hosts`, `-a` \| validates a whitelist of allowed hosts to be used for all resources in the lockfile. Supported short-hands aliases are `npm`, `yarn`, and `verdaccio` which will match URLs `https://registry.npmjs.org`, `https://registry.yarnpkg.com` and `https://registry.verdaccio.org` respectively \| ✅ \|
		\| `--allowed-schemes`, `-o` \| allowed [URI schemes](https://tools.ietf.org/html/rfc2396#section-3.1) such as "https:", "http", "git+ssh:", or "git+https:" \| ✅ \|
		\| `--allowed-schemes`, `-o` \| allowed [URI schemes](https://tools.ietf.org/html/rfc2396#section-3.1) such as "https:", "http", "git+ssh:", or "git+https:" \| ✅ \|
		\| `--empty-hostname`, `-e` \| allow empty hostnames, or set to false if you wish for a stricter policy \| ✅ \|
		\| `--validate-checksum`, `-c` \| check that all resources include a checksum \| ❌ PRs welcome \|
		@@ -77,0 +77,0 @@ \| `--validate-integrity`, `-i` \| check that all resources include an integrity field \| ❌ PRs welcome \|

6

src/cli.js

		@@ -27,2 +27,8 @@ 'use strict'
		},
		e: {
		alias: 'empty-hostname',
		type: 'boolean',
		default: true,
		describe: 'allows empty hostnames, or set to false if you wish for a stricter policy'
		},
		a: {
		@@ -29,0 +35,0 @@ alias: ['allowed-hosts'],

1

src/main.js

		@@ -38,2 +38,3 @@ 'use strict'
		type,
		validatorValues: validator.values,
		validatorOptions: validator.options
		@@ -40,0 +41,0 @@ })

16

src/validators/index.js

		@@ -12,5 +12,5 @@ 'use strict'

		function ValidateSchemeManager ({path, type, validatorOptions}) {
		function ValidateSchemeManager ({path, type, validatorValues, validatorOptions}) {
		debug('validate-scheme-manager')(
		`invoked with validator options: ${JSON.stringify(validatorOptions)}`
		`invoked with validator options: ${JSON.stringify(validatorValues)}`
		)
		@@ -27,8 +27,8 @@

		return validator.validate(validatorOptions)
		return validator.validate(validatorValues)
		}

		function ValidateHostManager ({path, type, validatorOptions}) {
		function ValidateHostManager ({path, type, validatorValues, validatorOptions}) {
		debug('validate-host-manager')(
		`invoked with validator options: ${JSON.stringify(validatorOptions)}`
		`invoked with validator options: ${JSON.stringify(validatorValues)}`
		)
		@@ -45,8 +45,8 @@

		return validator.validate(validatorOptions)
		return validator.validate(validatorValues, validatorOptions)
		}

		function ValidateHttpsManager ({path, type, validatorOptions}) {
		function ValidateHttpsManager ({path, type, validatorValues, validatorOptions}) {
		debug('validate-host-manager')(
		`invoked with validator options: ${JSON.stringify(validatorOptions)}`
		`invoked with validator options: ${JSON.stringify(validatorValues)}`
		)
		@@ -53,0 +53,0 @@

		@@ -64,3 +64,2 @@ <p align="center"><h1 align="center">


		# CLI command options
		@@ -74,3 +73,4 @@
		\| `--allowed-hosts`, `-a` \| validates a whitelist of allowed hosts to be used for all resources in the lockfile. Supported short-hands aliases are `npm`, `yarn`, and `verdaccio` which will match URLs `https://registry.npmjs.org`, `https://registry.yarnpkg.com` and `https://registry.verdaccio.org` respectively \| ✅ \|
		\| `--allowed-schemes`, `-o` \| allowed [URI schemes](https://tools.ietf.org/html/rfc2396#section-3.1) such as "https:", "http", "git+ssh:", or "git+https:" \| ✅ \|
		\| `--allowed-schemes`, `-o` \| allowed [URI schemes](https://tools.ietf.org/html/rfc2396#section-3.1) such as "https:", "http", "git+ssh:", or "git+https:" \| ✅ \|
		\| `--empty-hostname`, `-e` \| allow empty hostnames, or set to false if you wish for a stricter policy \| ✅ \|
		\| `--validate-checksum`, `-c` \| check that all resources include a checksum \| ❌ PRs welcome \|
		@@ -77,0 +77,0 @@ \| `--validate-integrity`, `-i` \| check that all resources include an integrity field \| ❌ PRs welcome \|

New alerts