fix: skip validating package names outside of public registries

lirantal · Jul 28, 2023 · 3294cb1 · 3294cb1
1 parent c7817c6
commit 3294cb1
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 0 deletions.
diff --git a/packages/lockfile-lint-api/__tests__/validators.packageNames.test.js b/packages/lockfile-lint-api/__tests__/validators.packageNames.test.js
@@ -78,4 +78,20 @@ describe('Validator: PackageName', () => {
       errors: []
     })
   })
+
+  it('validator should skip if it doesnt recognize the official public registries', () => {
+    const mockedPackages = {
+      '@cxui/cypress-util@1.0.10': {
+        version: '1.0.10',
+        resolved:
+          'https://checkmarx.jfrog.io/artifactory/api/npm/team-npm/@cxui/cypress-util/-/@cxui/cypress-util-1.0.10.tgz#3134312351eb248c1c4561d393afc6d8c23b2943'
+      }
+    }
+
+    const validator = new ValidatePackageNames({packages: mockedPackages})
+    expect(validator.validate()).toEqual({
+      type: 'success',
+      errors: []
+    })
+  })
 })
diff --git a/packages/lockfile-lint-api/src/validators/ValidatePackageNames.js b/packages/lockfile-lint-api/src/validators/ValidatePackageNames.js
@@ -1,5 +1,7 @@
 'use strict'
 
+const {REGISTRY} = require('../common/constants')
+
 module.exports = class ValidatePackageNames {
   constructor ({packages} = {}) {
     if (typeof packages !== 'object') {
@@ -22,6 +24,13 @@ module.exports = class ValidatePackageNames {
 
       try {
         const packageResolvedURL = new URL(packageMetadata.resolved)
+
+        // Only handle package name validation matching per registry URL
+        // when the registry is one of the official public registries:
+        if (!Object.values(REGISTRY).includes(packageResolvedURL.host)) {
+          continue
+        }
+
         const path = packageResolvedURL.pathname
         const packageNameFromResolved = path.split('/-/')[0].slice(1)