Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

lockfile-lint

Package Overview
Dependencies
Maintainers
1
Versions
74
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

lockfile-lint - npm Package Compare versions

Comparing version 4.1.0 to 4.2.0

19

bin/lockfile-lint.js

@@ -21,6 +21,19 @@ #!/usr/bin/env node

['validate-https', 'validateHttps'],
['allowed-schemes', 'validateSchemes']
['allowed-schemes', 'validateSchemes'],
['allowed-urls', 'validateUrls']
])
for (const [commandArgument, commandValue] of Object.entries(config)) {
/**
* If we have both --allowed-urls and --allowed-hosts flags active
* then we can skip doing the work for allowed urls as the validator
* for allowed hosts will check for both.
*
* We only need to run the check for allowed urls if the user does not
* specify allowed hosts.
*/
if (commandArgument === 'allowed-urls' && config['allowed-hosts']) {
continue
}
if (supportedValidators.has(commandArgument)) {

@@ -32,3 +45,5 @@ const validatorItem = supportedValidators.get(commandArgument)

options: {
emptyHostname: config['empty-hostname']
emptyHostname: config['empty-hostname'],
allowedHosts: config['allowed-hosts'],
allowedUrls: config['allowed-urls']
}

@@ -35,0 +50,0 @@ })

@@ -6,2 +6,13 @@ # Change Log

# [4.2.0](https://github.com/lirantal/lockfile-lint/compare/lockfile-lint@4.1.0...lockfile-lint@4.2.0) (2020-03-23)
### Features
* **validators:** add URL validator ([#52](https://github.com/lirantal/lockfile-lint/issues/52)) ([e81ffe9](https://github.com/lirantal/lockfile-lint/commit/e81ffe9))
# [4.1.0](https://github.com/lirantal/lockfile-lint/compare/lockfile-lint@4.0.0...lockfile-lint@4.1.0) (2020-03-09)

@@ -8,0 +19,0 @@

6

package.json
{
"name": "lockfile-lint",
"version": "4.1.0",
"version": "4.2.0",
"description": "A CLI to lint a lockfile for security policies",

@@ -57,3 +57,3 @@ "bin": {

"debug": "^4.1.1",
"lockfile-lint-api": "^5.0.12",
"lockfile-lint-api": "^5.1.0",
"yargs": "^15.0.2"

@@ -183,3 +183,3 @@ },

},
"gitHead": "b481e8046cc5b8736263c3ce130c9783677460c5"
"gitHead": "d30ce73a3e5977dede29450df1c79b09f02779b2"
}

@@ -65,2 +65,7 @@ 'use strict'

conflicts: ['validate-https', 's']
},
u: {
alias: ['allowed-urls'],
type: 'array',
describe: 'validates a whitelist of allowed URLs to be used for resources in the lockfile'
}

@@ -67,0 +72,0 @@ })

@@ -7,3 +7,4 @@ 'use strict'

ValidateHttpsManager,
ValidateSchemeManager
ValidateSchemeManager,
ValidateUrlManager
} = require('../src/validators')

@@ -14,3 +15,4 @@

['validateHttps', ValidateHttpsManager],
['validateSchemes', ValidateSchemeManager]
['validateSchemes', ValidateSchemeManager],
['validateUrls', ValidateUrlManager]
])

@@ -17,0 +19,0 @@

'use strict'
const {ValidateHost, ParseLockfile, ValidateHttps, ValidateScheme} = require('lockfile-lint-api')
const {
ValidateHost,
ParseLockfile,
ValidateHttps,
ValidateScheme,
ValidateUrl
} = require('lockfile-lint-api')
const debug = require('debug')

@@ -9,3 +15,4 @@

ValidateHttpsManager,
ValidateSchemeManager
ValidateSchemeManager,
ValidateUrlManager
}

@@ -43,4 +50,19 @@

const validator = new ValidateHost({packages: lockfile.object})
const validationResult = validator.validate(validatorValues, validatorOptions)
return validator.validate(validatorValues, validatorOptions)
// Check if some of the errors are for allowed URLs and filter those out
if (validatorOptions && validatorOptions.allowedUrls) {
const urlValidator = new ValidateUrl({packages: lockfile.object})
validationResult.errors = validationResult.errors.filter(
result => !urlValidator.validateSingle(result.package, validatorOptions.allowedUrls)
)
// If we don't have any errors left at this point make sure it's a success type
if (!validationResult.errors.length) {
validationResult.type = 'success'
}
}
return validationResult
}

@@ -64,1 +86,18 @@

}
function ValidateUrlManager ({path, type, validatorValues, validatorOptions}) {
debug('validate-url-manager')(
`invoked with validator options: ${JSON.stringify(validatorValues)}`
)
const options = {
lockfilePath: path,
lockfileType: type
}
const parser = new ParseLockfile(options)
const lockfile = parser.parseSync()
const validator = new ValidateUrl({packages: lockfile.object})
return validator.validate(validatorValues, validatorOptions)
}
SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc