jiangcuo/node
1
0
Fork 0
mirror of https://github.com/nodejs/node.git synced 2025-05-21 12:25:12 +00:00
Code Issues Actions 12 Packages Projects Releases Wiki Activity
ddf7e2a752
node/deps/npm/node_modules/lock-verify/index.js
Kat Marchán 033f6b566e
deps: upgrade npm to 6.9.0 
Co-authored-by: Myles Borins <mylesborins@google.com>

PR-URL: https://github.com/nodejs/node/pull/26244
Reviewed-By: Myles Borins <myles.borins@gmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
2019-04-06 20:56:17 -04:00

82 lines
2.9 KiB
JavaScript
Raw Blame History

'use strict'
module.exports = lockVerify
const fs = require('fs')
const path = require('path')
const npa = require('npm-package-arg')
const semver = require('semver')
function lockVerify(check) {
if (!check) check = '.'
const pjson = readJson(`${check}/package.json`)
let plock = readJson(`${check}/npm-shrinkwrap.json`)
.catch(() => readJson(`${check}/package-lock.json`))
return Promise.all([pjson, plock]).then(result => {
const pjson = result[0]
const plock = result[1]
let warnings = []
let errors = []
for (let type of [['dependencies'], ['devDependencies'], ['optionalDependencies', true]]) {
const deps = pjson[type[0]]
if (!deps) continue
const isOptional = type[1]
Object.keys(deps).forEach(name => {
const spec = npa.resolve(name, deps[name])
const lock = plock.dependencies[name]
if (!lock) {
if (isOptional) {
warnings.push('Optional missing: ' + name + '@' + deps[name])
} else {
errors.push('Missing: ' + name + '@' + deps[name])
}
return
}
if (spec.registry) {
// Can't match tags to package-lock w/o network
if (spec.type === 'tag') return
if (spec.type === 'alias') {
const lockSpec = npa.resolve(name, lock.version)
if (!semver.satisfies(lockSpec.subSpec.fetchSpec, spec.subSpec.fetchSpec)) {
errors.push("Invalid: lock file's " + name + '@' + lock.version + ' does not satisfy ' + name + '@' + spec.rawSpec)
return
}
} else {
if (!semver.satisfies(lock.version, spec.fetchSpec)) {
errors.push("Invalid: lock file's " + name + '@' + lock.version + ' does not satisfy ' + name + '@' + spec.fetchSpec)
return
}
}
} else if (spec.type === 'git') {
// can't verify git w/o network
return
} else if (spec.type === 'remote') {
if (lock.version !== spec.fetchSpec) {
errors.push("Invalid: lock file's " + name + '@' + lock.version + ' does not satisfy ' + name + '@' + spec.fetchSpec)
return
}
} else if (spec.type === 'file' || spec.type === 'directory') {
const lockSpec = npa.resolve(name, lock.version)
if (spec.fetchSpec !== lockSpec.fetchSpec) {
errors.push("Invalid: lock file's " + name + '@' + lock.version + ' does not satisfy ' + name + '@' + deps[name])
return
}
} else {
console.log(spec)
}
})
}
return Promise.resolve({status: errors.length === 0, warnings: warnings, errors: errors})
})
}
function readJson (file) {
return new Promise((resolve, reject) => {
fs.readFile(file, (err, content) => {
if (err) return reject(err)
return resolve(JSON.parse(content))
})
})
}
Reference in New Issue View Git Blame Copy Permalink