Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add some NPM methods to support checking if a version was unpublished, or if a package is a security holding pacakge. #349

Merged
merged 4 commits into from
Sep 6, 2022
Merged

Add some NPM methods to support checking if a version was unpublished, or if a package is a security holding pacakge. #349

merged 4 commits into from
Sep 6, 2022

Conversation

jpinz
Copy link
Member

@jpinz jpinz commented Sep 6, 2022

We ran into an issue where we had marked a package as existing and then ingested it, but upon checking it again we discovered that it had since been pulled from the NPM registry. So we needed a way to check if an NPM package (only doing NPM for now) existed but has since been unpublished.
Similarly, we wanted a way to check if a package was a security holding package. For example: https://www.npmjs.com/package/http

@jpinz
Add PackageVersionPulled to BaseProjectManager. It is only implemente…
7aa3c63 
…d for NPM as of now where it checks to see if the package version was at one point published but since has been pulled/unpublished.
@jpinz
Add PackageSecurityHolding to check if the NPM package has only one v…
6a7d51e 
…ersion, and if that version is a security holding package meaning NPM pulled it and marked it as a package being held on the registry for security purposes.
@jpinz
Added unit tests.
9fccce6
@jpinz jpinz added the enhancement New feature or request label Sep 6, 2022
@jpinz jpinz requested review from gfs and pmalmsten September 6, 2022 17:39
@jpinz jpinz self-assigned this Sep 6, 2022
gfs
gfs approved these changes Sep 6, 2022
View reviewed changes
Copy link
Contributor

@gfs gfs left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks fine. Minor recommendations to make the tests a bit simpler.

src/oss-tests/ProjectManagerTests/NPMProjectManagerTests.cs Outdated Show resolved Hide resolved
src/oss-tests/ProjectManagerTests/NPMProjectManagerTests.cs Outdated Show resolved Hide resolved
gfs
gfs approved these changes Sep 6, 2022
View reviewed changes
Copy link
Contributor

@gfs gfs left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM.

@jpinz jpinz merged commit 1a247cc into microsoft:main Sep 6, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gfs gfs gfs approved these changes

@pmalmsten pmalmsten Awaiting requested review from pmalmsten

Assignees

@jpinz jpinz

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@jpinz @gfs