1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
|
'use strict'
module.exports = lockVerify
const fs = require('fs')
const path = require('path')
const npa = require('npm-package-arg')
const semver = require('semver')
function lockVerify(check) {
if (!check) check = '.'
const pjson = readJson(`${check}/package.json`)
let plock = readJson(`${check}/npm-shrinkwrap.json`)
.catch(() => readJson(`${check}/package-lock.json`))
return Promise.all([pjson, plock]).then(result => {
const pjson = result[0]
const plock = result[1]
let warnings = []
let errors = []
for (let type of [['dependencies'], ['devDependencies'], ['optionalDependencies', true]]) {
const deps = pjson[type[0]]
if (!deps) continue
const isOptional = type[1]
Object.keys(deps).forEach(name => {
const spec = npa.resolve(name, deps[name])
const lock = plock.dependencies[name]
if (!lock) {
if (isOptional) {
warnings.push('Optional missing: ' + name + '@' + deps[name])
} else {
errors.push('Missing: ' + name + '@' + deps[name])
}
return
}
if (spec.registry) {
// Can't match tags to package-lock w/o network
if (spec.type === 'tag') return
if (spec.type === 'alias') {
const lockSpec = npa.resolve(name, lock.version)
if (!semver.satisfies(lockSpec.subSpec.fetchSpec, spec.subSpec.fetchSpec)) {
errors.push("Invalid: lock file's " + name + '@' + lock.version + ' does not satisfy ' + name + '@' + spec.rawSpec)
return
}
} else {
if (!semver.satisfies(lock.version, spec.fetchSpec)) {
errors.push("Invalid: lock file's " + name + '@' + lock.version + ' does not satisfy ' + name + '@' + spec.fetchSpec)
return
}
}
} else if (spec.type === 'git') {
// can't verify git w/o network
return
} else if (spec.type === 'remote') {
if (lock.version !== spec.fetchSpec) {
errors.push("Invalid: lock file's " + name + '@' + lock.version + ' does not satisfy ' + name + '@' + spec.fetchSpec)
return
}
} else if (spec.type === 'file' || spec.type === 'directory') {
const lockSpec = npa.resolve(name, lock.version)
if (spec.fetchSpec !== lockSpec.fetchSpec) {
errors.push("Invalid: lock file's " + name + '@' + lock.version + ' does not satisfy ' + name + '@' + deps[name])
return
}
} else {
console.log(spec)
}
})
}
return Promise.resolve({status: errors.length === 0, warnings: warnings, errors: errors})
})
}
function readJson (file) {
return new Promise((resolve, reject) => {
fs.readFile(file, (err, content) => {
if (err) return reject(err)
return resolve(JSON.parse(content))
})
})
}
|
