Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(api): lint all dependencies in package-lock #53

Merged
merged 2 commits into from Feb 3, 2020
Merged

fix(api): lint all dependencies in package-lock #53

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
dfced24
fix(api): lint all dependencies in package-lock
Jan 28, 2020
989d9a2
chore(try-catch): revert try catch changes
JamesSingleton Feb 3, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
12 changes: 6 additions & 6 deletions packages/lockfile-lint-api/__tests__/parseNpmLockfile.test.js
View file
Open in desktop
Expand Up @@ -17,8 +17,8 @@ describe('ParseLockfile Npm', () => {
expect(lockfile.type).toEqual('success')
expect(lockfile.object).toEqual(
expect.objectContaining({
'debug@4.1.1': expect.any(Object),
'ms@2.1.2': expect.any(Object)
'debug@4.1.1-031b0fadad70d901aa76ca1028682c7fc8ed370c': expect.any(Object),
'ms@2.1.2-d6934ce87f6e568c4f5d6d9f6e5c5697992e7b91': expect.any(Object)
})
)
})
Expand All @@ -35,10 +35,10 @@ describe('ParseLockfile Npm', () => {
expect(lockfile.type).toEqual('success')
expect(lockfile.object).toEqual(
expect.objectContaining({
'debug@4.1.1': expect.any(Object),
'ms@2.1.2': expect.any(Object),
'ms@2.0.0': expect.any(Object),
'escape-html@1.0.3': expect.any(Object)
'debug@4.1.1-031b0fadad70d901aa76ca1028682c7fc8ed370c': expect.any(Object),
'ms@2.1.2-d6934ce87f6e568c4f5d6d9f6e5c5697992e7b91': expect.any(Object),
'ms@2.0.0-e3988f0b9b049286d39bee2b87cda1737adf1ba7': expect.any(Object),
'escape-html@1.0.3-541618a9ecf9b6e94c9131aec4590d01a5b0e720': expect.any(Object)
})
)
})
Expand Down
12 changes: 0 additions & 12 deletions packages/lockfile-lint-api/__tests__/validators.host.test.js
View file
Open in desktop
@@ -1,5 +1,4 @@
const ValidatorHost = require('../src/validators/ValidateHost')
const PackageError = require('../src/common/PackageError')

describe('Validator: Host', () => {
it('validator should throw an error when provided a string', () => {
Expand Down Expand Up @@ -144,17 +143,6 @@ describe('Validator: Host', () => {
})
})

it('validator should throw a descriptive error when one is encounterd in a package', () => {
const mockedPackages = {
'@babel/code-frame': {
resolved: 'debug-4.1.1.tgz#3b72260255109c6b589cee050f1d516139664791'
}
}
const validator = new ValidatorHost({packages: mockedPackages})

expect(() => validator.validate(['npm'])).toThrow(PackageError)
})

it('validator should not throw if emptyHostnames are allowed', () => {
const mockedPackages = {
'@babel/code-frame': {
Expand Down
12 changes: 0 additions & 12 deletions packages/lockfile-lint-api/__tests__/validators.https.test.js
View file
Open in desktop
@@ -1,5 +1,4 @@
const ValidatorHTTPS = require('../src/validators/ValidateHttps')
const PackageError = require('../src/common/PackageError')

describe('Validator: HTTPS', () => {
it('validator should throw an error when provided a string', () => {
Expand Down Expand Up @@ -60,17 +59,6 @@ describe('Validator: HTTPS', () => {
})
})

it('validator should throw a descriptive error when one is encounterd in a package', () => {
const mockedPackages = {
'@babel/code-frame': {
resolved: 'debug-4.1.1.tgz#3b72260255109c6b589cee050f1d516139664791'
}
}
const validator = new ValidatorHTTPS({packages: mockedPackages})

expect(() => validator.validate(['npm'])).toThrow(PackageError)
})

it('validator should succeed if package has no `resolved` field', () => {
const mockedPackages = {
'@babel/code-frame': {
Expand Down
12 changes: 0 additions & 12 deletions packages/lockfile-lint-api/__tests__/validators.scheme.test.js
View file
Open in desktop
@@ -1,5 +1,4 @@
const ValidatorScheme = require('../src/validators/ValidateScheme')
const PackageError = require('../src/common/PackageError')

describe('Validator: Protocol', () => {
it('validator should throw an error when provided a string', () => {
Expand Down Expand Up @@ -70,17 +69,6 @@ describe('Validator: Protocol', () => {
})
})

it('validator should throw a descriptive error when one is encounterd in a package', () => {
const mockedPackages = {
'@babel/code-frame': {
resolved: 'debug-4.1.1.tgz#3b72260255109c6b589cee050f1d516139664791'
}
}
const validator = new ValidatorScheme({packages: mockedPackages})

expect(() => validator.validate(['npm'])).toThrow(PackageError)
})

it('validator should succeed if package has no `resolved` field', () => {
const mockedPackages = {
'@babel/code-frame': {
Expand Down
3 changes: 2 additions & 1 deletion packages/lockfile-lint-api/package.json
View file
Open in desktop
Expand Up @@ -49,7 +49,8 @@
},
"dependencies": {
"@yarnpkg/lockfile": "^1.1.0",
"debug": "^4.1.1"
"debug": "^4.1.1",
"object-hash": "^2.0.1"
},
"devDependencies": {
"babel-eslint": "^10.0.1",
Expand Down
13 changes: 7 additions & 6 deletions packages/lockfile-lint-api/src/ParseLockfile.js
View file
Open in desktop
Expand Up @@ -4,6 +4,7 @@
const fs = require('fs')
const path = require('path')
const yarnLockfileParser = require('@yarnpkg/lockfile')
const hash = require('object-hash')
const {ParsingError, ERROR_MESSAGES} = require('./common/ParsingError')
const {
NO_OPTIONS,
Expand Down Expand Up @@ -124,26 +125,26 @@ class ParseLockfile {
}
}

_flattenNpmDepsTree (npmDepsTree) {
let flattenedDepTree = {}
let flattenedNestedDepsTree = {}
_flattenNpmDepsTree (npmDepsTree, npmDepMap = {}) {
for (const [depName, depMetadata] of Object.entries(npmDepsTree)) {
const depMetadataShortend = {
version: depMetadata.version,
resolved: depMetadata.resolved ? depMetadata.resolved : depMetadata.version,
integrity: depMetadata.integrity,
requires: depMetadata.requires
}
const hashedDepValues = hash(depMetadataShortend)

flattenedDepTree[`${depName}@${depMetadata.version}`] = depMetadataShortend
npmDepMap[`${depName}@${depMetadata.version}-${hashedDepValues}`] = depMetadataShortend

const nestedDepsTree = depMetadata.dependencies

if (nestedDepsTree && Object.keys(nestedDepsTree).length !== 0) {
flattenedNestedDepsTree = this._flattenNpmDepsTree(nestedDepsTree)
this._flattenNpmDepsTree(nestedDepsTree, npmDepMap)
}
}

return Object.assign({}, flattenedDepTree, flattenedNestedDepsTree)
return npmDepMap
}
}

Expand Down
4 changes: 2 additions & 2 deletions packages/lockfile-lint-api/src/validators/ValidateHost.js
View file
Open in desktop
Expand Up @@ -2,7 +2,6 @@

const {URL} = require('url')
const debug = require('debug')('lockfile-lint-api')
const PackageError = require('../common/PackageError')
const {REGISTRY} = require('../common/constants')

module.exports = class ValidateHost {
Expand Down Expand Up @@ -30,10 +29,11 @@ module.exports = class ValidateHost {
}

let packageResolvedURL = {}

try {
packageResolvedURL = new URL(packageMetadata.resolved)
} catch (error) {
throw new PackageError(packageName, error)
// swallow error (assume that the version is correct)
}

const allowedHosts = hosts.map(hostValue => {
Expand Down
4 changes: 2 additions & 2 deletions packages/lockfile-lint-api/src/validators/ValidateHttps.js
View file
Open in desktop
@@ -1,7 +1,6 @@
'use strict'

const {URL} = require('url')
const PackageError = require('../common/PackageError')

const HTTPS_PROTOCOL = 'https:'

Expand All @@ -26,10 +25,11 @@ module.exports = class ValidateHttps {
}

let packageResolvedURL = {}

try {
packageResolvedURL = new URL(packageMetadata.resolved)
} catch (error) {
throw new PackageError(packageName, error)
// swallow error (assume that the version is correct)
}

if (packageResolvedURL.protocol !== HTTPS_PROTOCOL) {
Expand Down
7 changes: 4 additions & 3 deletions packages/lockfile-lint-api/src/validators/ValidateScheme.js
View file
Open in desktop
@@ -1,7 +1,6 @@
'use strict'

const {URL} = require('url')
const PackageError = require('../common/PackageError')

module.exports = class ValidateProtocol {
constructor ({packages} = {}) {
Expand All @@ -28,12 +27,14 @@ module.exports = class ValidateProtocol {
}

let packageResolvedURL = {}

try {
packageResolvedURL = new URL(packageMetadata.resolved)
} catch (error) {
throw new PackageError(packageName, error)
// swallow error (assume that the version is correct)
}
if (schemes.indexOf(packageResolvedURL.protocol) === -1) {

if (packageResolvedURL.protocol && schemes.indexOf(packageResolvedURL.protocol) === -1) {
// throw new Error(`detected invalid origin for package: ${packageName}`)
validationResult.errors.push({
message: `detected invalid scheme(s) for package: ${packageName}\n expected: ${schemes}\n actual: ${
Expand Down
5 changes: 5 additions & 0 deletions yarn.lock
View file
Open in desktop
Expand Up @@ -7229,6 +7229,11 @@ object-copy@^0.1.0:
define-property "^0.2.5"
kind-of "^3.0.3"

object-hash@^2.0.1:
version "2.0.1"
resolved "https://registry.yarnpkg.com/object-hash/-/object-hash-2.0.1.tgz#cef18a0c940cc60aa27965ecf49b782cbf101d96"
integrity sha512-HgcGMooY4JC2PBt9sdUdJ6PMzpin+YtY3r/7wg0uTifP+HJWW8rammseSEHuyt0UeShI183UGssCJqm1bJR7QA==

object-keys@^1.0.12:
version "1.1.1"
resolved "https://registry.yarnpkg.com/object-keys/-/object-keys-1.1.1.tgz#1c47f272df277f3b1daf061677d9c82e2322c60e"
Expand Down