/
opt
/
alt
/
alt-nodejs14
/
root
/
lib
/
node_modules
/
npm
/
node_modules.bundled
/
lock-verify
/
Upload Filee
HOME
'use strict' module.exports = lockVerify const fs = require('fs') const path = require('path') const npa = require('npm-package-arg') const semver = require('semver') function lockVerify(check) { if (!check) check = '.' const pjson = readJson(`${check}/package.json`) let plock = readJson(`${check}/npm-shrinkwrap.json`) .catch(() => readJson(`${check}/package-lock.json`)) return Promise.all([pjson, plock]).then(result => { const pjson = result[0] const plock = result[1] let warnings = [] let errors = [] for (let type of [['dependencies'], ['devDependencies'], ['optionalDependencies', true]]) { const deps = pjson[type[0]] if (!deps) continue const isOptional = type[1] Object.keys(deps).forEach(name => { const spec = npa.resolve(name, deps[name]) const lock = plock.dependencies[name] if (!lock) { if (isOptional) { warnings.push('Optional missing: ' + name + '@' + deps[name]) } else { errors.push('Missing: ' + name + '@' + deps[name]) } return } if (spec.registry) { // Can't match tags to package-lock w/o network if (spec.type === 'tag') return if (spec.type === 'alias') { const lockSpec = npa.resolve(name, lock.version) if (!semver.satisfies(lockSpec.subSpec.fetchSpec, spec.subSpec.fetchSpec)) { errors.push("Invalid: lock file's " + name + '@' + lock.version + ' does not satisfy ' + name + '@' + spec.rawSpec) return } } else { if (!semver.satisfies(lock.version, spec.fetchSpec)) { errors.push("Invalid: lock file's " + name + '@' + lock.version + ' does not satisfy ' + name + '@' + spec.fetchSpec) return } } } else if (spec.type === 'git') { // can't verify git w/o network return } else if (spec.type === 'remote') { if (lock.version !== spec.fetchSpec) { errors.push("Invalid: lock file's " + name + '@' + lock.version + ' does not satisfy ' + name + '@' + spec.fetchSpec) return } } else if (spec.type === 'file' || spec.type === 'directory') { const lockSpec = npa.resolve(name, lock.version) if (spec.fetchSpec !== lockSpec.fetchSpec) { errors.push("Invalid: lock file's " + name + '@' + lock.version + ' does not satisfy ' + name + '@' + deps[name]) return } } else { console.log(spec) } }) } return Promise.resolve({status: errors.length === 0, warnings: warnings, errors: errors}) }) } function readJson (file) { return new Promise((resolve, reject) => { fs.readFile(file, (err, content) => { if (err) return reject(err) return resolve(JSON.parse(content)) }) }) }