search

lirantal / lockfile-lint

Lint an npm or yarn lockfile to analyze and detect security issues
Apache License 2.0
780 stars 35 forks source link

feat(lockfile-lint-api): replace yarnpkg/lockfile with yarnpkg/parser… #126

Closed naugtur closed 2 years ago

naugtur commented 2 years ago

…s for better yarn3 and fearless cooperation support

Description

fix #122 progress on #123

To reduce reliance on fs I'm extending the API to allow passing the source text of the lockfile instead of a path. Caller of parseSync no longer needs to trust the package with file system access powers.

Remaining todos to make this PR ready to merge:

Types of changes

How Has This Been Tested?

Tests still pass. The only change in tests is a message that's not saying "path" directly in case lockfile text was passed.

Checklist:

codecov-commenter commented 2 years ago

Codecov Report

Merging #126 (e8cf91d) into master (5ce8330) will increase coverage by 0.16%. The diff coverage is 100.00%.

@@            Coverage Diff             @@
##           master     #126      +/-   ##
==========================================
+ Coverage   97.62%   97.79%   +0.16%     
==========================================
  Files          12       12              
  Lines         295      317      +22     
  Branches       58       67       +9     
==========================================
+ Hits          288      310      +22     
  Misses          7        7
Impacted Files Coverage Δ
packages/lockfile-lint-api/src/ParseLockfile.js 100.00% <100.00%> (ø)
...kages/lockfile-lint-api/src/common/ParsingError.js 100.00% <100.00%> (ø)

Continue to review full report at Codecov.

Legend - Click here to learn more Δ = absolute <relative> (impact), ø = not affected, ? = missing data Powered by Codecov. Last update 9b0b167...e8cf91d. Read the comment docs.