Support for github: scheme

lirantal / lockfile-lint

Lint an npm or yarn lockfile to analyze and detect security issues

Apache License 2.0

781 stars 35 forks source link

Support for github: scheme #25

Closed wan54 closed 4 years ago

wan54 commented 4 years ago

Is there plan to support this type of package?

npx lockfile-lint -p package-lock.json -t npm -s -a npm gitlab.com '' -o "https:" "github:"

detected invalid protocol for package: lottie-api@github:bodymovin/lottie-api#793fcfc4d8f2da1b868977c1a2c36eaf696e28c0 expected: https: actual: github:

lirantal commented 4 years ago

We have an issue related to this so you should definitely follow-up on the conversation there:

https://github.com/lirantal/lockfile-lint/issues/23

wan54 commented 4 years ago

Thank you

lirantal commented 4 years ago

@wan54 in your case, the issue is that you expect HTTPS to be used (you specified -s in the arguments) but when you use a scheme then the HTTPS flag is redundant.

This should work for you:

npx lockfile-lint -p package-lock.json -t npm -a npm gitlab.com '' -o "https:" "github:"

wan54 commented 4 years ago

I tried that also. Is that right though to use '' in the allowed hosts?

lirantal commented 4 years ago

@wan54 wanted to let you know that this is now fixed in latest versions of lockfile-lint, try this:

npx lockfile-lint -p package-lock.json -t npm -a npm github.com -o "https:" "github:"

let me know if you have any questions or further issues but I'm confident this should solve the usage problem for you.