normalize-package-data
Advanced tools
Comparing version 0.0.10 to 0.1.1
@@ -12,3 +12,3 @@ module.exports = extractDescription | ||
for (var e = s + 1; e < l && d[e].trim(); e ++); | ||
data.description = d.slice(s, e).join(' ').trim() | ||
return d.slice(s, e).join(' ').trim() | ||
} |
@@ -5,4 +5,5 @@ var semver = require("semver") | ||
var extractDescription = require("./extract_description") | ||
var url = require("url") | ||
module.exports = fixer = { | ||
var fixer = module.exports = { | ||
fixRepositoryField: function(data) { | ||
@@ -22,7 +23,9 @@ if (data.repostories) { | ||
var r = data.repository.url || "" | ||
// use the non-private urls | ||
r = r.replace(/^(https?|git):\/\/[^\@]+\@github.com/, | ||
'$1://github.com') | ||
r = r.replace(/^https?:\/\/github.com/, | ||
'git://github.com') | ||
if (r) { | ||
var ghurl = parseGitHubURL(r) | ||
if (ghurl) { | ||
r = ghurl.replace(/^https?:\/\//, 'git://') | ||
} | ||
} | ||
if (r.match(/github.com\/[^\/]+\/[^\/]+\.git\.git$/)) { | ||
@@ -118,29 +121,35 @@ this.warn("Probably broken git url: " + r) | ||
, fixBugsField: function(data) { | ||
var url | ||
if (!data.bugs && data.repository && data.repository.url) { | ||
url = data.repository.url | ||
// inference below was taken from code for "npm bugs" command | ||
if (url.match(/^(https?:\/\/|git(:\/\/|@))github.com/)) { | ||
url = parseGitHubURL(url) + "/issues" | ||
data.bugs = {url: url} | ||
var gh = parseGitHubURL(data.repository.url) | ||
if(gh) { | ||
if(gh.match(/^https:\/\/github.com\//)) | ||
data.bugs = {url: gh + "/issues"} | ||
else // gist url | ||
data.bugs = {url: gh} | ||
} | ||
} | ||
else if(data.bugs) { | ||
var emailRe = /^.+@.*\..+$/ | ||
if(typeof data.bugs == "string") { | ||
data.bugs = {url: data.bugs} | ||
if(emailRe.test(data.bugs)) | ||
data.bugs = {email:data.bugs} | ||
else if(url.parse(data.bugs).protocol) | ||
data.bugs = {url: data.bugs} | ||
else | ||
this.warn("Bug string field must be url, email, or {email,url}") | ||
} | ||
else { | ||
oldBugs = data.bugs | ||
var oldBugs = data.bugs | ||
data.bugs = {} | ||
if(oldBugs.url) { | ||
if(typeof(oldBugs.url) == "string") | ||
if(typeof(oldBugs.url) == "string" && url.parse(oldBugs.url).protocol) | ||
data.bugs.url = oldBugs.url | ||
else | ||
this.warn("bugs.url field must be a string. Deleted.") | ||
this.warn("bugs.url field must be a string url. Deleted.") | ||
} | ||
if(oldBugs.email) { | ||
if(typeof(oldBugs.email) == "string") | ||
if(typeof(oldBugs.email) == "string" && emailRe.test(oldBugs.email)) | ||
data.bugs.email = oldBugs.email | ||
else | ||
this.warn("bugs.email field must be a string. Deleted.") | ||
this.warn("bugs.email field must be a string email. Deleted.") | ||
} | ||
@@ -156,4 +165,5 @@ } | ||
, fixHomepageField: function(data) { | ||
if(typeof data.homepage !== "string") { | ||
this.warn("homepage field must be a string. Deleted.") | ||
if(!data.homepage) return true; | ||
if(typeof data.homepage !== "string" || !url.parse(data.homepage).protocol) { | ||
this.warn("homepage field must be a string url. Deleted.") | ||
delete data.homepage | ||
@@ -222,3 +232,5 @@ } | ||
var o = {} | ||
deps.forEach(function (d) { | ||
deps.filter(function (d) { | ||
return typeof d === "string" | ||
}).forEach(function(d) { | ||
d = d.trim().split(/(:?[@\s><=])/) | ||
@@ -225,0 +237,0 @@ var dn = d.shift() |
@@ -5,3 +5,3 @@ // a warning for deprecated or likely-incorrect fields | ||
typos = require("./typos") | ||
var typos = require("./typos") | ||
@@ -59,2 +59,2 @@ function isValid (data, warnFunc) { | ||
return providedName + " should probably be " + probableName | ||
} | ||
} |
@@ -7,3 +7,3 @@ module.exports = normalize | ||
var fieldsToFix = ['name','version','description','repository' | ||
,'files','bin','man','bugs','keywords','readme'] | ||
,'files','bin','man','bugs','keywords','readme','homepage'] | ||
var otherThingsToFix = ['dependencies','people'] | ||
@@ -37,2 +37,2 @@ | ||
return string.charAt(0).toUpperCase() + string.slice(1); | ||
} | ||
} |
{ | ||
"name": "normalize-package-data", | ||
"version": "0.0.10", | ||
"version": "0.1.1", | ||
"author": "Meryn Stol <merynstol@gmail.com>", | ||
@@ -8,3 +8,3 @@ "description": "Normalizes data that can be found in package.json files.", | ||
"type": "git", | ||
"url": "git://github.com/meryn/read-package-data.git" | ||
"url": "git://github.com/meryn/normalize-package-data.git" | ||
}, | ||
@@ -17,3 +17,3 @@ "main": "lib/normalize.js", | ||
"semver": "1.x", | ||
"github-url-from-git": "~1.0.0" | ||
"github-url-from-git": "git://github.com/isaacs/node-github-url-from-git" | ||
}, | ||
@@ -20,0 +20,0 @@ "devDependencies": { |
@@ -1,2 +0,2 @@ | ||
# normalize-package-data [![Build Status](https://travis-ci.org/meryn/read-package-data.png?branch=master)](https://travis-ci.org/meryn/read-package-data) | ||
# normalize-package-data [![Build Status](https://travis-ci.org/meryn/normalize-package-data.png?branch=master)](https://travis-ci.org/meryn/normalize-package-data) | ||
@@ -16,3 +16,3 @@ normalize-package data exports a function that normalizes package metadata. This data is typically found in a package.json file, but in principle could come from any source - for example the npm registry. | ||
```javascript | ||
normalizeData = require('read-package-data') | ||
normalizeData = require('normalize-package-data') | ||
packageData = fs.readfileSync("package.json") | ||
@@ -26,3 +26,3 @@ normalizeData(packageData) | ||
```javascript | ||
normalizeData = require('read-package-data') | ||
normalizeData = require('normalize-package-data') | ||
packageData = fs.readfileSync("package.json") | ||
@@ -29,0 +29,0 @@ warnFn = function(msg) { console.error(msg) } |
@@ -12,3 +12,8 @@ var tap = require("tap") | ||
tap.test("consistent normalization", function(t) { | ||
entries = ['read-package-json.json','http-server.json',"movefile.json"] // uncomment to limit to a specific file | ||
entries = [ | ||
'read-package-json.json', | ||
'http-server.json', | ||
"movefile.json", | ||
"node-module_exist.json" | ||
] | ||
verifyConsistency = function(entryName, next) { | ||
@@ -23,2 +28,5 @@ warn = function(msg) { | ||
normalize(data, warn) | ||
if(data.name == "node-module_exist") { | ||
t.same(data.bugs.url, "https://gist.github.com/3135914") | ||
} | ||
if(data.name == "read-package-json") { | ||
@@ -25,0 +33,0 @@ t.same(data.bugs.url, "https://github.com/isaacs/read-package-json/issues") |
var tap = require("tap") | ||
var fs = require("fs") | ||
var path = require("path") | ||
var globals = Object.keys(global) | ||
var normalize = require("../lib/normalize") | ||
rpjPath = path.resolve(__dirname,"./fixtures/read-package-json.json") | ||
var rpjPath = path.resolve(__dirname,"./fixtures/read-package-json.json") | ||
tap.test("normalize some package data", function(t) { | ||
@@ -50,1 +53,49 @@ var packageData = require(rpjPath) | ||
}) | ||
tap.test("urls required", function(t) { | ||
var warnings = [] | ||
function warn(w) { | ||
warnings.push(w) | ||
} | ||
normalize({ | ||
bugs: { | ||
url: "/1", | ||
email: "not an email address" | ||
} | ||
}, warn) | ||
var a | ||
normalize(a={ | ||
readme: "read yourself how about", | ||
homepage: "stragle planarf", | ||
bugs: "what is this i don't even", | ||
repository: "Hello." | ||
}, warn) | ||
console.error(a) | ||
var expect = | ||
[ 'No readme data!', | ||
'bugs.url field must be a string url. Deleted.', | ||
'bugs.email field must be a string email. Deleted.', | ||
'Normalized value of bugs field is an empty object. Deleted.', | ||
'Bug string field must be url, email, or {email,url}', | ||
'Normalized value of bugs field is an empty object. Deleted.', | ||
'homepage field must be a string url. Deleted.' ] | ||
t.same(warnings, expect) | ||
t.end() | ||
}) | ||
tap.test("gist bugs url", function(t) { | ||
var d = { | ||
repository: "git@gist.github.com:123456.git" | ||
} | ||
normalize(d) | ||
t.same(d.repository, { type: 'git', url: 'git@gist.github.com:123456.git' }) | ||
t.same(d.bugs, { url: 'https://gist.github.com/123456' }) | ||
t.end(); | ||
}); | ||
tap.test('no new globals', function(t) { | ||
t.same(Object.keys(global), globals) | ||
t.end() | ||
}) |
Git dependency
Supply chain riskContains a dependency which resolves to a remote git URL. Dependencies fetched from git URLs are not immutable can be used to inject untrusted code or reduce the likelihood of a reproducible install.
Found 1 instance in 1 package
33575
24
973
1
- Removedbetter-assert@1.0.2(transitive)
- Removedcallsite@1.0.0(transitive)
- Removedcommander@0.6.1(transitive)
- Removeddebug@4.3.5(transitive)
- Removeddiff@1.0.2(transitive)
- Removedgithub-url-from-git@1.0.0(transitive)
- Removedgrowl@1.7.0(transitive)
- Removedjade@0.26.3(transitive)
- Removedmkdirp@0.3.00.3.3(transitive)
- Removedmocha@1.9.0(transitive)
- Removedms@0.3.02.1.2(transitive)
- Removedshould@1.2.2(transitive)
Updatedgithub-url-from-git@git://github.com/isaacs/node-github-url-from-git