From 42421d7b96bfff1888f8dc80fcc3ee3fdee1e42d Mon Sep 17 00:00:00 2001 From: Craig Andrews <candrews@integralblue.com> Date: Mon, 22 May 2023 14:39:56 -0400 Subject: [PATCH 1/7] test: should fail with an empty npm lock file Ensure that empty npm lock files are currently and continue to be handled properly --- .../__tests__/fixtures/empty.json | 0 packages/lockfile-lint/__tests__/main.test.js | 21 +++++++++++++++++++ 2 files changed, 21 insertions(+) create mode 100644 packages/lockfile-lint/__tests__/fixtures/empty.json diff --git a/packages/lockfile-lint/__tests__/fixtures/empty.json b/packages/lockfile-lint/__tests__/fixtures/empty.json new file mode 100644 index 0000000..e69de29 diff --git a/packages/lockfile-lint/__tests__/main.test.js b/packages/lockfile-lint/__tests__/main.test.js index f2851b7..1b8726e 100644 --- a/packages/lockfile-lint/__tests__/main.test.js +++ b/packages/lockfile-lint/__tests__/main.test.js @@ -164,6 +164,27 @@ describe('Main CLI logic', () => { expect(result.validatorCount).toEqual(1) expect(result.validatorSuccesses).toEqual(1) }) + + test('should fail with an empty npm lock file', () => { + const lockfilePath = path.join(__dirname, '/fixtures/empty.json') + const lockfileType = 'npm' + const validators = [ + { + name: 'validateHosts', + values: ['npm'] + } + ] + + expect(() => + main + .runValidators({ + path: lockfilePath, + type: lockfileType, + validators + }) + .toThrow('Lockfile does not seem to contain a valid dependency list') + ) + }) }) describe('validateSchemes', () => { From 0709f42271af61fecfe007a0045267d78cc3d42e Mon Sep 17 00:00:00 2001 From: Craig Andrews <candrews@integralblue.com> Date: Mon, 15 May 2023 14:22:48 -0400 Subject: [PATCH 2/7] fix: error handling for empty yarn lock files (#158) --- .../lockfile-lint-api/src/ParseLockfile.js | 3 +++ packages/lockfile-lint/__tests__/main.test.js | 21 +++++++++++++++++++ 2 files changed, 24 insertions(+) diff --git a/packages/lockfile-lint-api/src/ParseLockfile.js b/packages/lockfile-lint-api/src/ParseLockfile.js index b9f6d50..7b82d7f 100644 --- a/packages/lockfile-lint-api/src/ParseLockfile.js +++ b/packages/lockfile-lint-api/src/ParseLockfile.js @@ -21,6 +21,9 @@ const { * @return boolean */ function checkSampleContent (lockfile, isYarnBerry) { + if (Object.entries(lockfile).length < (isYarnBerry ? 2 : 1)) { + return false + } const [sampleKey, sampleValue] = Object.entries(lockfile)[isYarnBerry ? 1 : 0] return ( sampleKey.match(/.*@.*/) && diff --git a/packages/lockfile-lint/__tests__/main.test.js b/packages/lockfile-lint/__tests__/main.test.js index 1b8726e..caeb390 100644 --- a/packages/lockfile-lint/__tests__/main.test.js +++ b/packages/lockfile-lint/__tests__/main.test.js @@ -185,6 +185,27 @@ describe('Main CLI logic', () => { .toThrow('Lockfile does not seem to contain a valid dependency list') ) }) + + test('should fail with an empty yarn lock file', () => { + const lockfilePath = path.join(__dirname, '/fixtures/empty.json') + const lockfileType = 'yarn' + const validators = [ + { + name: 'validateHosts', + values: ['npm'] + } + ] + + expect(() => + main + .runValidators({ + path: lockfilePath, + type: lockfileType, + validators + }) + .toThrow('Lockfile does not seem to contain a valid dependency list') + ) + }) }) describe('validateSchemes', () => { From 5a5cf57469af58b2b07e4255ccc457dfd9a5ffaf Mon Sep 17 00:00:00 2001 From: Liran Tal <liran.tal@gmail.com> Date: Wed, 24 May 2023 02:18:45 +0300 Subject: [PATCH 3/7] Update packages/lockfile-lint/__tests__/main.test.js --- packages/lockfile-lint/__tests__/main.test.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/lockfile-lint/__tests__/main.test.js b/packages/lockfile-lint/__tests__/main.test.js index caeb390..a7f6308 100644 --- a/packages/lockfile-lint/__tests__/main.test.js +++ b/packages/lockfile-lint/__tests__/main.test.js @@ -188,7 +188,7 @@ describe('Main CLI logic', () => { test('should fail with an empty yarn lock file', () => { const lockfilePath = path.join(__dirname, '/fixtures/empty.json') - const lockfileType = 'yarn' + const lockfileType = 'npm' const validators = [ { name: 'validateHosts', From a18f193a18bbf495c64c8872b7664c2aec9d56d0 Mon Sep 17 00:00:00 2001 From: Liran Tal <liran.tal@gmail.com> Date: Wed, 24 May 2023 02:19:16 +0300 Subject: [PATCH 4/7] Update packages/lockfile-lint/__tests__/main.test.js --- packages/lockfile-lint/__tests__/main.test.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/lockfile-lint/__tests__/main.test.js b/packages/lockfile-lint/__tests__/main.test.js index a7f6308..3cd4227 100644 --- a/packages/lockfile-lint/__tests__/main.test.js +++ b/packages/lockfile-lint/__tests__/main.test.js @@ -171,7 +171,7 @@ describe('Main CLI logic', () => { const validators = [ { name: 'validateHosts', - values: ['npm'] + values: ['yarn'] } ] From 4f4f1d106bfebfa4a9c798fef57e0611f50ad977 Mon Sep 17 00:00:00 2001 From: Liran Tal <liran.tal@gmail.com> Date: Wed, 24 May 2023 02:21:21 +0300 Subject: [PATCH 5/7] Update packages/lockfile-lint/__tests__/main.test.js --- packages/lockfile-lint/__tests__/main.test.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/lockfile-lint/__tests__/main.test.js b/packages/lockfile-lint/__tests__/main.test.js index 3cd4227..4e84ac5 100644 --- a/packages/lockfile-lint/__tests__/main.test.js +++ b/packages/lockfile-lint/__tests__/main.test.js @@ -192,7 +192,7 @@ describe('Main CLI logic', () => { const validators = [ { name: 'validateHosts', - values: ['npm'] + values: ['yarn'] } ] From 579883e62846f647484a789eeac9f00c5732485e Mon Sep 17 00:00:00 2001 From: Liran Tal <liran.tal@gmail.com> Date: Wed, 24 May 2023 02:21:26 +0300 Subject: [PATCH 6/7] Update packages/lockfile-lint/__tests__/main.test.js --- packages/lockfile-lint/__tests__/main.test.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/lockfile-lint/__tests__/main.test.js b/packages/lockfile-lint/__tests__/main.test.js index 4e84ac5..a52d008 100644 --- a/packages/lockfile-lint/__tests__/main.test.js +++ b/packages/lockfile-lint/__tests__/main.test.js @@ -188,7 +188,7 @@ describe('Main CLI logic', () => { test('should fail with an empty yarn lock file', () => { const lockfilePath = path.join(__dirname, '/fixtures/empty.json') - const lockfileType = 'npm' + const lockfileType = 'yarn' const validators = [ { name: 'validateHosts', From d386047d680a2ce9943dd50ddcff477531f628a9 Mon Sep 17 00:00:00 2001 From: Liran Tal <liran.tal@gmail.com> Date: Wed, 24 May 2023 02:21:32 +0300 Subject: [PATCH 7/7] Update packages/lockfile-lint/__tests__/main.test.js --- packages/lockfile-lint/__tests__/main.test.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/lockfile-lint/__tests__/main.test.js b/packages/lockfile-lint/__tests__/main.test.js index a52d008..3b1d325 100644 --- a/packages/lockfile-lint/__tests__/main.test.js +++ b/packages/lockfile-lint/__tests__/main.test.js @@ -171,7 +171,7 @@ describe('Main CLI logic', () => { const validators = [ { name: 'validateHosts', - values: ['yarn'] + values: ['npm'] } ]