Socket
Socket
Sign inDemoInstall

lockfile-lint

Package Overview
Dependencies
Maintainers
2
Versions
74
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

lockfile-lint - npm Package Compare versions

Comparing version 4.11.0 to 4.12.0

119

bin/lockfile-lint.js

@@ -5,2 +5,3 @@ #!/usr/bin/env node

const debug = require('debug')('lockfile-lint')
const glob = require('fast-glob')
const main = require('../src/main')

@@ -40,5 +41,5 @@

const isPrettyFormat = config['format'] === 'pretty'
const isPrettyFormat = config.format === 'pretty'
let validators = []
const validators = []
const supportedValidators = new Map([

@@ -53,59 +54,67 @@ ['allowed-hosts', 'validateHosts'],

for (const [commandArgument, commandValue] of Object.entries(config)) {
/**
* If we have both --allowed-urls and --allowed-hosts flags active
* then we can skip doing the work for allowed urls as the validator
* for allowed hosts will check for both.
*
* We only need to run the check for allowed urls if the user does not
* specify allowed hosts.
*/
if (commandArgument === 'allowed-urls' && config['allowed-hosts']) {
continue
const lockfilesList = glob.sync(config.path)
for (const lockfilePath of lockfilesList) {
if (lockfilesList.length > 1) {
console.log(`\nlockfile-lint scanning: ${lockfilePath}\n`)
}
if (commandValue && supportedValidators.has(commandArgument)) {
const validatorItem = supportedValidators.get(commandArgument)
validators.push({
name: validatorItem,
values: commandValue,
options: {
emptyHostname: config['empty-hostname'],
allowedHosts: config['allowed-hosts'],
allowedUrls: config['allowed-urls'],
allowedPackageNameAliases: config['allowed-package-name-aliases']
}
for (const [commandArgument, commandValue] of Object.entries(config)) {
/**
* If we have both --allowed-urls and --allowed-hosts flags active
* then we can skip doing the work for allowed urls as the validator
* for allowed hosts will check for both.
*
* We only need to run the check for allowed urls if the user does not
* specify allowed hosts.
*/
if (commandArgument === 'allowed-urls' && config['allowed-hosts']) {
continue
}
if (commandValue && supportedValidators.has(commandArgument)) {
const validatorItem = supportedValidators.get(commandArgument)
validators.push({
name: validatorItem,
values: commandValue,
options: {
emptyHostname: config['empty-hostname'],
allowedHosts: config['allowed-hosts'],
allowedUrls: config['allowed-urls'],
allowedPackageNameAliases: config['allowed-package-name-aliases']
}
})
}
}
let result
try {
result = main.runValidators({
path: lockfilePath,
type: config.type,
validators
})
} catch (errorPayload) {
warn('ABORTING lockfile lint process due to error exceptions')
console.error(errorPayload.message, '\n')
console.error(errorPayload.stack, '\n')
error('Error: command failed with exit code 1')
process.exit(1)
}
}
let result
try {
result = main.runValidators({
path: config['path'],
type: config['type'],
validators
})
} catch (errorPayload) {
warn('ABORTING lockfile lint process due to error exceptions')
console.error(errorPayload.message, '\n')
console.error(errorPayload.stack, '\n')
error('Error: command failed with exit code 1')
process.exit(1)
}
const {validatorCount, validatorFailures, validatorSuccesses} = result
const {validatorCount, validatorFailures, validatorSuccesses} = result
debug(`total validators invoked: ${validatorCount}`)
debug(`total validator failures: ${validatorFailures}`)
debug(`total validator successes: ${validatorSuccesses}`)
debug(`total validators invoked: ${validatorCount}`)
debug(`total validator failures: ${validatorFailures}`)
debug(`total validator successes: ${validatorSuccesses}`)
if (validatorFailures !== 0) {
error('Error: security issues detected!')
process.exit(1)
} else {
success('No issues detected')
if (validatorFailures !== 0) {
error('Error: security issues detected!')
process.exit(1)
} else {
success('No issues detected')
}
}
function success (message) {
function success(message) {
const m = [

@@ -117,3 +126,3 @@ isPrettyFormat ? GREEN : '',

isPrettyFormat ? RESET : ''
].filter(e => !!e)
].filter((e) => !!e)

@@ -123,3 +132,3 @@ console.info(m.join(' '))

function warn (message) {
function warn(message) {
const m = [

@@ -131,3 +140,3 @@ isPrettyFormat ? YELLOW : '',

isPrettyFormat ? RESET : ''
].filter(e => !!e)
].filter((e) => !!e)

@@ -137,3 +146,3 @@ console.error(m.join(' '))

function error (message) {
function error(message) {
const m = [

@@ -145,5 +154,5 @@ isPrettyFormat ? RED : '',

isPrettyFormat ? RESET : ''
].filter(e => !!e)
].filter((e) => !!e)
console.error(m.join(' '))
}

35

package.json
{
"name": "lockfile-lint",
"version": "4.11.0",
"version": "4.12.0",
"description": "A CLI to lint a lockfile for security policies",

@@ -55,6 +55,7 @@ "bin": {

"dependencies": {
"cosmiconfig": "^8.0.0",
"debug": "^4.1.1",
"cosmiconfig": "^8.2.0",
"debug": "^4.3.4",
"fast-glob": "^3.3.1",
"lockfile-lint-api": "^5.8.0",
"yargs": "^16.0.0"
"yargs": "^17.7.2"
},

@@ -65,17 +66,17 @@ "devDependencies": {

"babel-plugin-transform-regenerator": "^6.26.0",
"babel-preset-env": "^1.6.1",
"babel-preset-env": "^1.7.0",
"babel-preset-es2015": "^6.24.1",
"docco": "^0.8.0",
"docco": "^0.9.1",
"doxdox": "3.0.0",
"eslint": "^5.10.0",
"eslint-config-standard": "^12.0.0",
"eslint-plugin-import": "^2.14.0",
"eslint-plugin-jest": "^22.1.2",
"eslint-plugin-node": "9.1.0",
"eslint-plugin-promise": "^4.0.1",
"eslint-plugin-security": "^1.4.0",
"eslint-plugin-standard": "^4.0.0",
"jest": "24.8.0",
"open-cli": "^5.0.0",
"prettier-standard": "9.1.1"
"eslint": "^8.46.0",
"eslint-config-standard": "^17.1.0",
"eslint-plugin-import": "^2.28.0",
"eslint-plugin-jest": "^27.2.3",
"eslint-plugin-node": "11.1.0",
"eslint-plugin-promise": "^6.1.1",
"eslint-plugin-security": "^1.7.1",
"eslint-plugin-standard": "^4.1.0",
"jest": "29.6.2",
"open-cli": "^7.2.0",
"prettier-standard": "16.4.1"
},

@@ -82,0 +83,0 @@ "jest": {

2

README.md

@@ -81,3 +81,3 @@ <p align="center"><h1 align="center">

|----------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------|
| `--path`, `-p` | path to the lockfile | ✅ |
| `--path`, `-p` | path to the lockfile but you can also provide a glob matching pattern, for example: `/path/to/dir/**/package-lock.json` to match multiple lockfiles | ✅ |
| `--type`, `-t` | lockfile type, options are `npm` or `yarn` | ✅ |

@@ -84,0 +84,0 @@ | `--format`, `-f` | sets what type of report output is desired, one of [ `pretty`, `plain` ] with `plain` removing colors & status symbols from output | ✅ |

8

src/main.js

@@ -22,3 +22,3 @@ 'use strict'

function runValidators ({type, path, validators} = {}) {
function runValidators({type, path, validators} = {}) {
let validatorCount = 0

@@ -32,3 +32,3 @@ let validatorFailures = 0

validators.forEach(validator => {
validators.forEach((validator) => {
const validatorFunction = validatorFunctions.get(validator.name)

@@ -43,3 +43,3 @@ if (!validatorFunction) {

// eslint-disable-next-line security/detect-object-injection
let validationResult = validatorFunction({
const validationResult = validatorFunction({
path,

@@ -52,3 +52,3 @@ type,

if (validationResult.type === 'error') {
validationResult.errors.forEach(validationError => {
validationResult.errors.forEach((validationError) => {
console.error(validationError.message)

@@ -55,0 +55,0 @@ validatorFailures++

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc