Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More →
lockfile-lint
Advanced tools
lockfile-lint - npm Package Compare versions
Comparing version 4.1.0 to 4.2.0
@@ -21,6 +21,19 @@ #!/usr/bin/env node | ||
| ['validate-https', 'validateHttps'], | ||
| ['allowed-schemes', 'validateSchemes'] | ||
| ['allowed-schemes', 'validateSchemes'], | ||
| ['allowed-urls', 'validateUrls'] | ||
| ]) | ||
| for (const [commandArgument, commandValue] of Object.entries(config)) { | ||
| /** | ||
| * If we have both --allowed-urls and --allowed-hosts flags active | ||
| * then we can skip doing the work for allowed urls as the validator | ||
| * for allowed hosts will check for both. | ||
| * | ||
| * We only need to run the check for allowed urls if the user does not | ||
| * specify allowed hosts. | ||
| */ | ||
| if (commandArgument === 'allowed-urls' && config['allowed-hosts']) { | ||
| continue | ||
| } | ||
| if (supportedValidators.has(commandArgument)) { | ||
@@ -32,3 +45,5 @@ const validatorItem = supportedValidators.get(commandArgument) | ||
| options: { | ||
| emptyHostname: config['empty-hostname'] | ||
| emptyHostname: config['empty-hostname'], | ||
| allowedHosts: config['allowed-hosts'], | ||
| allowedUrls: config['allowed-urls'] | ||
| } | ||
@@ -35,0 +50,0 @@ }) |
@@ -6,2 +6,13 @@ # Change Log | ||
| # [4.2.0](https://github.com/lirantal/lockfile-lint/compare/lockfile-lint@4.1.0...lockfile-lint@4.2.0) (2020-03-23) | ||
| ### Features | ||
| * **validators:** add URL validator ([#52](https://github.com/lirantal/lockfile-lint/issues/52)) ([e81ffe9](https://github.com/lirantal/lockfile-lint/commit/e81ffe9)) | ||
| # [4.1.0](https://github.com/lirantal/lockfile-lint/compare/lockfile-lint@4.0.0...lockfile-lint@4.1.0) (2020-03-09) | ||
@@ -8,0 +19,0 @@ |
| { | ||
| "name": "lockfile-lint", | ||
| "version": "4.1.0", | ||
| "version": "4.2.0", | ||
| "description": "A CLI to lint a lockfile for security policies", | ||
@@ -57,3 +57,3 @@ "bin": { | ||
| "debug": "^4.1.1", | ||
| "lockfile-lint-api": "^5.0.12", | ||
| "lockfile-lint-api": "^5.1.0", | ||
| "yargs": "^15.0.2" | ||
@@ -183,3 +183,3 @@ }, | ||
| }, | ||
| "gitHead": "b481e8046cc5b8736263c3ce130c9783677460c5" | ||
| "gitHead": "d30ce73a3e5977dede29450df1c79b09f02779b2" | ||
| } |
@@ -65,2 +65,7 @@ 'use strict' | ||
| conflicts: ['validate-https', 's'] | ||
| }, | ||
| u: { | ||
| alias: ['allowed-urls'], | ||
| type: 'array', | ||
| describe: 'validates a whitelist of allowed URLs to be used for resources in the lockfile' | ||
| } | ||
@@ -67,0 +72,0 @@ }) |
@@ -7,3 +7,4 @@ 'use strict' | ||
| ValidateHttpsManager, | ||
| ValidateSchemeManager | ||
| ValidateSchemeManager, | ||
| ValidateUrlManager | ||
| } = require('../src/validators') | ||
@@ -14,3 +15,4 @@ | ||
| ['validateHttps', ValidateHttpsManager], | ||
| ['validateSchemes', ValidateSchemeManager] | ||
| ['validateSchemes', ValidateSchemeManager], | ||
| ['validateUrls', ValidateUrlManager] | ||
| ]) | ||
@@ -17,0 +19,0 @@ |
| 'use strict' | ||
| const {ValidateHost, ParseLockfile, ValidateHttps, ValidateScheme} = require('lockfile-lint-api') | ||
| const { | ||
| ValidateHost, | ||
| ParseLockfile, | ||
| ValidateHttps, | ||
| ValidateScheme, | ||
| ValidateUrl | ||
| } = require('lockfile-lint-api') | ||
| const debug = require('debug') | ||
@@ -9,3 +15,4 @@ | ||
| ValidateHttpsManager, | ||
| ValidateSchemeManager | ||
| ValidateSchemeManager, | ||
| ValidateUrlManager | ||
| } | ||
@@ -43,4 +50,19 @@ | ||
| const validator = new ValidateHost({packages: lockfile.object}) | ||
| const validationResult = validator.validate(validatorValues, validatorOptions) | ||
| return validator.validate(validatorValues, validatorOptions) | ||
| // Check if some of the errors are for allowed URLs and filter those out | ||
| if (validatorOptions && validatorOptions.allowedUrls) { | ||
| const urlValidator = new ValidateUrl({packages: lockfile.object}) | ||
| validationResult.errors = validationResult.errors.filter( | ||
| result => !urlValidator.validateSingle(result.package, validatorOptions.allowedUrls) | ||
| ) | ||
| // If we don't have any errors left at this point make sure it's a success type | ||
| if (!validationResult.errors.length) { | ||
| validationResult.type = 'success' | ||
| } | ||
| } | ||
| return validationResult | ||
| } | ||
@@ -64,1 +86,18 @@ | ||
| } | ||
| function ValidateUrlManager ({path, type, validatorValues, validatorOptions}) { | ||
| debug('validate-url-manager')( | ||
| `invoked with validator options: ${JSON.stringify(validatorValues)}` | ||
| ) | ||
| const options = { | ||
| lockfilePath: path, | ||
| lockfileType: type | ||
| } | ||
| const parser = new ParseLockfile(options) | ||
| const lockfile = parser.parseSync() | ||
| const validator = new ValidateUrl({packages: lockfile.object}) | ||
| return validator.validate(validatorValues, validatorOptions) | ||
| } |
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by5.38%
42478
- Lines of code
- increased by23.87%
275
Dependency changes
Updatedlockfile-lint-api@^5.1.0