fix(api): lint all dependencies in package-lock

packages/lockfile-lint-api/__tests__/parseNpmLockfile.test.js

@@ -17,8 +17,8 @@ describe('ParseLockfile Npm', () => {
     expect(lockfile.type).toEqual('success')
     expect(lockfile.object).toEqual(
       expect.objectContaining({
-        'debug@4.1.1': expect.any(Object),
-        'ms@2.1.2': expect.any(Object)
+        'debug@4.1.1-031b0fadad70d901aa76ca1028682c7fc8ed370c': expect.any(Object),
+        'ms@2.1.2-d6934ce87f6e568c4f5d6d9f6e5c5697992e7b91': expect.any(Object)
       })
     )
   })
@@ -35,10 +35,10 @@ describe('ParseLockfile Npm', () => {
     expect(lockfile.type).toEqual('success')
     expect(lockfile.object).toEqual(
       expect.objectContaining({
-        'debug@4.1.1': expect.any(Object),
-        'ms@2.1.2': expect.any(Object),
-        'ms@2.0.0': expect.any(Object),
-        'escape-html@1.0.3': expect.any(Object)
+        'debug@4.1.1-031b0fadad70d901aa76ca1028682c7fc8ed370c': expect.any(Object),
+        'ms@2.1.2-d6934ce87f6e568c4f5d6d9f6e5c5697992e7b91': expect.any(Object),
+        'ms@2.0.0-e3988f0b9b049286d39bee2b87cda1737adf1ba7': expect.any(Object),
+        'escape-html@1.0.3-541618a9ecf9b6e94c9131aec4590d01a5b0e720': expect.any(Object)
       })
     )
   })

packages/lockfile-lint-api/package.json

@@ -49,7 +49,8 @@
   },
   "dependencies": {
     "@yarnpkg/lockfile": "^1.1.0",
-    "debug": "^4.1.1"
+    "debug": "^4.1.1",
+    "object-hash": "^2.0.1"
   },
   "devDependencies": {
     "babel-eslint": "^10.0.1",

packages/lockfile-lint-api/src/ParseLockfile.js

@@ -4,6 +4,7 @@
 const fs = require('fs')
 const path = require('path')
 const yarnLockfileParser = require('@yarnpkg/lockfile')
+const hash = require('object-hash')
 const {ParsingError, ERROR_MESSAGES} = require('./common/ParsingError')
 const {
   NO_OPTIONS,
@@ -124,26 +125,26 @@ class ParseLockfile {
     }
   }
 
-  _flattenNpmDepsTree (npmDepsTree) {
-    let flattenedDepTree = {}
-    let flattenedNestedDepsTree = {}
+  _flattenNpmDepsTree (npmDepsTree, npmDepMap = {}) {
     for (const [depName, depMetadata] of Object.entries(npmDepsTree)) {
       const depMetadataShortend = {
         version: depMetadata.version,
-        resolved: depMetadata.resolved ? depMetadata.resolved : depMetadata.version,
+        resolved: depMetadata.resolved,
         integrity: depMetadata.integrity,
         requires: depMetadata.requires
       }
+      const hashedDepValues = hash(depMetadataShortend)
 
-      flattenedDepTree[`${depName}@${depMetadata.version}`] = depMetadataShortend
+      npmDepMap[`${depName}@${depMetadata.version}-${hashedDepValues}`] = depMetadataShortend
 
       const nestedDepsTree = depMetadata.dependencies
+
       if (nestedDepsTree && Object.keys(nestedDepsTree).length !== 0) {
-        flattenedNestedDepsTree = this._flattenNpmDepsTree(nestedDepsTree)
+        this._flattenNpmDepsTree(nestedDepsTree, npmDepMap)
       }
     }
 
-    return Object.assign({}, flattenedDepTree, flattenedNestedDepsTree)
+    return npmDepMap
   }
 }
 

packages/lockfile-lint-api/src/validators/ValidateHost.js

@@ -30,10 +30,13 @@ module.exports = class ValidateHost {
       }
 
       let packageResolvedURL = {}
-      try {
-        packageResolvedURL = new URL(packageMetadata.resolved)
-      } catch (error) {
-        throw new PackageError(packageName, error)
+
+      if (packageMetadata.resolved) {
+        try {
+          packageResolvedURL = new URL(packageMetadata.resolved)
+        } catch (error) {
+          throw new PackageError(packageName, error)
+        }
       }
 
       const allowedHosts = hosts.map(hostValue => {

packages/lockfile-lint-api/src/validators/ValidateHttps.js

@@ -26,10 +26,13 @@ module.exports = class ValidateHttps {
       }
 
       let packageResolvedURL = {}
-      try {
-        packageResolvedURL = new URL(packageMetadata.resolved)
-      } catch (error) {
-        throw new PackageError(packageName, error)
+
+      if (packageMetadata.resolved) {
+        try {
+          packageResolvedURL = new URL(packageMetadata.resolved)
+        } catch (error) {
+          throw new PackageError(packageName, error)
+        }
       }
 
       if (packageResolvedURL.protocol !== HTTPS_PROTOCOL) {

packages/lockfile-lint-api/src/validators/ValidateScheme.js

@@ -28,12 +28,16 @@ module.exports = class ValidateProtocol {
       }
 
       let packageResolvedURL = {}
-      try {
-        packageResolvedURL = new URL(packageMetadata.resolved)
-      } catch (error) {
-        throw new PackageError(packageName, error)
+
+      if (packageMetadata.resolved) {
+        try {
+          packageResolvedURL = new URL(packageMetadata.resolved)
+        } catch (error) {
+          throw new PackageError(packageName, error)
+        }
       }
-      if (schemes.indexOf(packageResolvedURL.protocol) === -1) {
+
+      if (packageResolvedURL.protocol && schemes.indexOf(packageResolvedURL.protocol) === -1) {
         // throw new Error(`detected invalid origin for package: ${packageName}`)
         validationResult.errors.push({
           message: `detected invalid scheme(s) for package: ${packageName}\n    expected: ${schemes}\n    actual: ${

packages/lockfile-lint/__tests__/main.test.js

@@ -161,7 +161,7 @@ describe('Main CLI logic', () => {
         validators
       })
 
-      expect(result.validatorFailures).toEqual(2)
+      expect(result.validatorFailures).toEqual(1)
       expect(result.validatorCount).toEqual(1)
       expect(result.validatorSuccesses).toEqual(0)
     })

yarn.lock

@@ -7229,6 +7229,11 @@ object-copy@^0.1.0:
     define-property "^0.2.5"
     kind-of "^3.0.3"
 
+object-hash@^2.0.1:
+  version "2.0.1"
+  resolved "https://registry.yarnpkg.com/object-hash/-/object-hash-2.0.1.tgz#cef18a0c940cc60aa27965ecf49b782cbf101d96"
+  integrity sha512-HgcGMooY4JC2PBt9sdUdJ6PMzpin+YtY3r/7wg0uTifP+HJWW8rammseSEHuyt0UeShI183UGssCJqm1bJR7QA==
+
 object-keys@^1.0.12:
   version "1.1.1"
   resolved "https://registry.yarnpkg.com/object-keys/-/object-keys-1.1.1.tgz#1c47f272df277f3b1daf061677d9c82e2322c60e"