Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Mark results as OK, how? #175

Closed
baruchiro opened this issue Jul 30, 2023 · 3 comments · Fixed by #176
Closed

Mark results as OK, how? #175

baruchiro opened this issue Jul 30, 2023 · 3 comments · Fixed by #176
Assignees
@lirantal
Labels
bug Something isn't working

Comments

@baruchiro
Copy link

So I'm running the lockfile-linter and I get for example these results:

detected resolved URL for package with a different name: string-width-cjs
expected: string-width-cjs
actual: string-width

detected resolved URL for package with a different name: strip-ansi-cjs
expected: strip-ansi-cjs
actual: strip-ansi

detected resolved URL for package with a different name: wrap-ansi-cjs
expected: wrap-ansi-cjs
actual: wrap-ansi

✖ Error: security issues detected!

I research this and I find it because of this package: https://github.com/isaacs/cliui/blob/aa397fedbd0550c9925af6b62f970de663285641/package.json#L52-L57

I don't like it but it seems to be OK.

What should I do to continue enabling the validate-package-names rule and not failed on those packages?
@lirantal
Copy link
Owner

I'm taking a look, Baruch

@lirantal lirantal self-assigned this Jul 30, 2023
@lirantal lirantal added the bug Something isn't working label Jul 30, 2023
@lirantal
Copy link
Owner

Hah,

  "dependencies": {
    "string-width": "^5.1.2",
    "string-width-cjs": "npm:string-width@^4.2.0",
    "strip-ansi": "^7.0.1",
    "strip-ansi-cjs": "npm:strip-ansi@^6.0.1",
    "wrap-ansi": "^8.1.0",
    "wrap-ansi-cjs": "npm:wrap-ansi@^7.0.0"
  },

and coming from Isaacs, no less 🙃

So, potential ideas here:

  1. We can update the package name validator to look at package.json and check for this case of aliasing
  2. We can add another flag to allow you to ignore (accept) such cases, on a case by case basis so it will adhere only to the package names that you specify.

Out of these, (1) sounds like a nice way to ease the burden for end users but it also means it couples the lockfile to the package manifest which I don't like. Can you share a simple lockfile that makes use of those package aliases so I can check if the alias is mentioned somewhere else in the lockfile? Also, which version is it?

@lirantal lirantal mentioned this issue Aug 1, 2023
Merged
3 tasks
@lirantal
Copy link
Owner

lirantal commented Aug 1, 2023

@baruchiro see usage: https://github.com/lirantal/lockfile-lint/pull/178/files

jerone added a commit to jerone/eslint-plugin-angular-template-consistent-this that referenced this issue Sep 10, 2023
@jerone
Fix lockfile linting
bc46827 
See lirantal/lockfile-lint#175
@jerone jerone mentioned this issue Sep 10, 2023
Merged
jerone added a commit to jerone/eslint-plugin-angular-template-consistent-this that referenced this issue Sep 17, 2023
@jerone
Support Angular 16 (#18)
38b9394 
* Add support for Angular 16.
* Rewritten CI testing for multiple NodeJS, ESLint and Angular version.
* Fix linting for lockfile. See lirantal/lockfile-lint#175 & isaacs/jackspeak#5
* Update all packages and run linting & Prettier.
* [Fix SonarCloud warning about duplicates in regex.](https://sonarcloud.io/project/issues?open=AYJ_Asgte7FPvNTvNf5F&id=jerone_eslint-plugin-angular-template-consistent-this)
* Connect SonarLint VSCode extension.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@lirantal lirantal

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat: allowed package name aliases lirantal/lockfile-lint
2 participants
@lirantal @baruchiro