Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: skip validating package names outside of public registries #171

Merged
merged 1 commit into from
Jul 28, 2023
Merged

fix: skip validating package names outside of public registries #171

merged 1 commit into from
Jul 28, 2023

Conversation

lirantal
Copy link
Owner

Description

Fix #112 - when packages are used from registries outside of the public ones (like artifactory and such) then they may include a different URL convention to locate the package name.

This PR fixes lockfile-lint showing an error because it is actually unable to match the package name to the URL. The fix is to skip these cases.

In the future we may treat this different, such as by allowing to specify a flag like package-name-url-prefixes where you can write https://checkmarx.jfrog.io/artifactory/api/npm/team-npm/ so that we parse everything after that to compare the package name for a match

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)

Related Issue

#112

@codecov-commenter
Copy link

codecov-commenter commented Jul 28, 2023
edited

Codecov Report

Patch coverage: 100.00% and project coverage change: +0.01% 🎉

Comparison is base (c7817c6) 97.83% compared to head (3294cb1) 97.85%.
Report is 1 commits behind head on main.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main     #171      +/-   ##
==========================================
+ Coverage   97.83%   97.85%   +0.01%     
==========================================
  Files          13       13              
  Lines         370      373       +3     
  Branches       84       85       +1     
==========================================
+ Hits          362      365       +3     
  Misses          8        8
Files Changed Coverage Δ
...le-lint-api/src/validators/ValidatePackageNames.js 100.00% <100.00%> (ø)

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@lirantal lirantal self-assigned this Jul 28, 2023
@lirantal lirantal added the bug Something isn't working label Jul 28, 2023
@lirantal lirantal merged commit 4c18091 into main Jul 28, 2023
5 checks passed
@baruchiro
Copy link

I can't see a new version for lockfile-lint, only for lockfile-lint-api...

@lirantal
Copy link
Owner Author

Correct, because the change was only on the API level and the lockfile-lint package will resolve to the latest minor version when you install it (if you already have it installed with a lockfile when require a lockfile-lint-api update).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@lirantal lirantal

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Use allowed url patterns in a single hostname
3 participants
@lirantal @codecov-commenter @baruchiro