diff options
author | Rebecca Turner <me@re-becca.org> | 2018-05-04 22:44:50 +0300 |
---|---|---|
committer | Rebecca Turner <me@re-becca.org> | 2018-05-04 22:46:04 +0300 |
commit | 3a940562a98f496df54f1f1bacff09ec3e1ec243 (patch) | |
tree | 337be436fbb6168a95d470f6f793ab22118b43e8 /node_modules/lock-verify | |
parent | 570217588eb7265c43853353133bf140615a9f1d (diff) |
lock-verify@2.0.2 (fix bundling)
Diffstat (limited to 'node_modules/lock-verify')
-rw-r--r-- | node_modules/lock-verify/LICENSE | 14 | ||||
-rw-r--r-- | node_modules/lock-verify/README.md | 22 | ||||
-rw-r--r-- | node_modules/lock-verify/index.js | 73 | ||||
-rw-r--r-- | node_modules/lock-verify/package.json | 63 |
4 files changed, 172 insertions, 0 deletions
diff --git a/node_modules/lock-verify/LICENSE b/node_modules/lock-verify/LICENSE new file mode 100644 index 000000000..83e7c4c62 --- /dev/null +++ b/node_modules/lock-verify/LICENSE @@ -0,0 +1,14 @@ +Copyright (c) 2017, Rebecca Turner <me@re-becca.org> + +Permission to use, copy, modify, and/or distribute this software for any +purpose with or without fee is hereby granted, provided that the above +copyright notice and this permission notice appear in all copies. + +THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + diff --git a/node_modules/lock-verify/README.md b/node_modules/lock-verify/README.md new file mode 100644 index 000000000..01f0633c0 --- /dev/null +++ b/node_modules/lock-verify/README.md @@ -0,0 +1,22 @@ +# lock-verify + +Report if your package.json is out of sync with your package-lock.json. + +## USAGE + +``` +const lockVerify = require('lock-verify') +lockVerify(moduleDir).then(result => { + result.warnings.forEach(w => console.error('Warning:', w)) + if (!result.status) { + result.errors.forEach(e => console.error(e)) + process.exit(1) + } +}) +``` + +As a library it's a function that takes the path to a module and returns a +promise that resolves to an object with `.status`, `.warnings` and `.errors` +properties. The first will be true if everything was ok (though warnings +may exist). If there's no `package.json` or no lockfile in `moduleDir` or they're +unreadable then the promise will be rejected. diff --git a/node_modules/lock-verify/index.js b/node_modules/lock-verify/index.js new file mode 100644 index 000000000..227213291 --- /dev/null +++ b/node_modules/lock-verify/index.js @@ -0,0 +1,73 @@ +'use strict' +module.exports = lockVerify + +const fs = require('fs') +const path = require('path') +const npa = require('npm-package-arg') +const semver = require('semver') + +function lockVerify(check) { + if (!check) check = '.' + + const pjson = readJson(`${check}/package.json`) + let plock = readJson(`${check}/npm-shrinkwrap.json`) + .catch(() => readJson(`${check}/package-lock.json`)) + + return Promise.all([pjson, plock]).then(result => { + const pjson = result[0] + const plock = result[1] + let warnings = [] + let errors = [] + for (let type of [['dependencies'], ['devDependencies'], ['optionalDependencies', true]]) { + const deps = pjson[type[0]] + if (!deps) continue + const isOptional = type[1] + Object.keys(deps).forEach(name => { + const spec = npa.resolve(name, deps[name]) + const lock = plock.dependencies[name] + if (!lock) { + if (isOptional) { + warnings.push('Optional missing: ' + name + '@' + deps[name]) + } else { + errors.push('Missing: ' + name + '@' + deps[name]) + } + return + } + if (spec.registry) { + // Can't match tags to package-lock w/o network + if (spec.type === 'tag') return + if (!semver.satisfies(lock.version, spec.fetchSpec)) { + errors.push("Invalid: lock file's " + name + '@' + lock.version + ' does not satisfy ' + name + '@' + spec.fetchSpec) + return + } + } else if (spec.type === 'git') { + // can't verify git w/o network + return + } else if (spec.type === 'remote') { + if (lock.version !== spec.fetchSpec) { + errors.push("Invalid: lock file's " + name + '@' + lock.version + ' does not satisfy ' + name + '@' + spec.fetchSpec) + return + } + } else if (spec.type === 'file' || spec.type === 'directory') { + const lockSpec = npa.resolve(name, lock.version) + if (spec.fetchSpec !== lockSpec.fetchSpec) { + errors.push("Invalid: lock file's " + name + '@' + lock.version + ' does not satisfy ' + name + '@' + deps[name]) + return + } + } else { + console.log(spec) + } + }) + } + return Promise.resolve({status: errors.length === 0, warnings: warnings, errors: errors}) + }) +} + +function readJson (file) { + return new Promise((resolve, reject) => { + fs.readFile(file, (err, content) => { + if (err) return reject(err) + return resolve(JSON.parse(content)) + }) + }) +} diff --git a/node_modules/lock-verify/package.json b/node_modules/lock-verify/package.json new file mode 100644 index 000000000..54954fec1 --- /dev/null +++ b/node_modules/lock-verify/package.json @@ -0,0 +1,63 @@ +{ + "_args": [ + [ + "lock-verify@2.0.2", + "/Users/rebecca/code/release/npm-6" + ] + ], + "_from": "lock-verify@2.0.2", + "_id": "lock-verify@2.0.2", + "_inBundle": false, + "_integrity": "sha512-QNVwK0EGZBS4R3YQ7F1Ox8p41Po9VGl2QG/2GsuvTbkJZYSsPeWHKMbbH6iZMCHWSMww5nrJroZYnGzI4cePuw==", + "_location": "/lock-verify", + "_phantomChildren": {}, + "_requested": { + "type": "version", + "registry": true, + "raw": "lock-verify@2.0.2", + "name": "lock-verify", + "escapedName": "lock-verify", + "rawSpec": "2.0.2", + "saveSpec": null, + "fetchSpec": "2.0.2" + }, + "_requiredBy": [ + "/", + "/libcipm" + ], + "_resolved": "https://registry.npmjs.org/lock-verify/-/lock-verify-2.0.2.tgz", + "_spec": "2.0.2", + "_where": "/Users/rebecca/code/release/npm-6", + "author": { + "name": "Rebecca Turner", + "email": "me@re-becca.org", + "url": "http://re-becca.org/" + }, + "bugs": { + "url": "https://github.com/iarna/lock-verify/issues" + }, + "dependencies": { + "npm-package-arg": "^5.1.2 || 6", + "semver": "^5.4.1" + }, + "description": "Report if your package.json is out of sync with your package-lock.json.", + "devDependencies": { + "@iarna/cli": "^1.2.0" + }, + "files": [ + "index.js" + ], + "homepage": "https://github.com/iarna/lock-verify#readme", + "keywords": [], + "license": "ISC", + "main": "index.js", + "name": "lock-verify", + "repository": { + "type": "git", + "url": "git+https://github.com/iarna/lock-verify.git" + }, + "scripts": { + "test": "echo \"Error: no test specified\" && exit 1" + }, + "version": "2.0.2" +} |