If the package-lock.json file has no dependencies and --validate-https is specified, lockfile-lint should not crash.
Current Behavior
npx lockfile-lint -p oas-kit/packages/oas-schema-walker/package-lock.json
npx: installed 56 in 5.789s
No issues detected
npx lockfile-lint --validate-https -p oas-kit/packages/oas-schema-walker/package-lock.json
npx: installed 56 in 5.635s
ABORTING lockfile lint process due to error exceptions
Unable to parse npm lockfile "oas-kit/packages/oas-schema-walker/package-lock.json"
TypeError: Cannot convert undefined or null to object
at Function.entries (<anonymous>)
at ParseLockfile._flattenNpmDepsTree (/home/mike/.npm/_npx/131674/lib/node_modules/lockfile-lint/node_modules/lockfile-lint-api/src/ParseLockfile.js:129:49)
at ParseLockfile.parseNpmLockfile (/home/mike/.npm/_npx/131674/lib/node_modules/lockfile-lint/node_modules/lockfile-lint-api/src/ParseLockfile.js:117:31)
at ParseLockfile.parseSync (/home/mike/.npm/_npx/131674/lib/node_modules/lockfile-lint/node_modules/lockfile-lint-api/src/ParseLockfile.js:64:27)
at ValidateHttpsManager (/home/mike/.npm/_npx/131674/lib/node_modules/lockfile-lint/src/validators/index.js:75:27)
at /home/mike/.npm/_npx/131674/lib/node_modules/lockfile-lint/src/main.js:37:28
at Array.forEach (<anonymous>)
at Object.runValidators (/home/mike/.npm/_npx/131674/lib/node_modules/lockfile-lint/src/main.js:27:14)
at Object.<anonymous> (/home/mike/.npm/_npx/131674/lib/node_modules/lockfile-lint/bin/lockfile-lint.js:54:17)
at Module._compile (internal/modules/cjs/loader.js:1063:30)
error: command failed with exit code 1
Possible Solution
Guard against the non-presence of the dependencies property.
Expected Behavior
If the
package-lock.json
file has nodependencies
and--validate-https
is specified,lockfile-lint
should not crash.Current Behavior
Possible Solution
Guard against the non-presence of the
dependencies
property.Steps to Reproduce (for bugs)
One of the packages in my mono-repo (https://github.com/mermade/oas-kit) has the following
package-lock.json
Context
I'd like to use
lockfile-lint
in my projects, but don't want it to crash during CI.Your Environment