search

lirantal / lockfile-lint

Lint an npm or yarn lockfile to analyze and detect security issues
Apache License 2.0
781 stars 35 forks source link

Add missing unit test coverage for PR #59 #60

Closed lirantal closed 3 years ago

lirantal commented 4 years ago

Is your feature request related to a problem? Please describe.

PR #59 rushed to get a quick fix out due to a regression introduced in #53 but it missed on adding proper tests coverage for the underlying issue.

Describe the solution you'd like

Add unit tests

XhmikosR commented 4 years ago

Hey, @lirantal. It seems there's a regression somewhere in today's releases https://github.com/twbs/bootstrap/runs/424924937#step:9:26

lirantal commented 4 years ago

@XhmikosR correct but I just fixed it quickly! :-) https://github.com/lirantal/lockfile-lint/pull/59

Can you re-run the CI to get the newly published version? (got published a few minutes ago)

lirantal commented 4 years ago

@XhmikosR by the way, I'm curios how are you getting this error since that regression was published in the last 24 hours and it doesn't seem like you have updated your dependencies on the bootstrap project and you also don't use npx so I'm curious why you were receiving this error at all

XhmikosR commented 4 years ago

That's a branch I just created; I haven't yet updated to the latest version because I noticed the errors.

But it seems I'm still getting the error with the latest versions:

Log ``` C:\Users\xmr\Desktop\bootstrap>npm ls lockfile-lint bootstrap@4.3.1 C:\Users\xmr\Desktop\bootstrap `-- lockfile-lint@3.0.11 C:\Users\xmr\Desktop\bootstrap>npm ls lockfile-lint-api bootstrap@4.3.1 C:\Users\xmr\Desktop\bootstrap `-- lockfile-lint@3.0.11 `-- lockfile-lint-api@5.0.9 C:\Users\xmr\Desktop\bootstrap>npm run lockfile-lint > bootstrap@4.3.1 lockfile-lint C:\Users\xmr\Desktop\bootstrap > lockfile-lint --allowed-hosts npm --allowed-schemes https: --empty-hostname false --type npm --path package-lock.json detected invalid host(s) for package: abbrev@1.1.1-8f0b92d6fc7847f731964a4f3ab3b7c1e53edee5 expected: registry.npmjs.org actual: undefined detected invalid host(s) for package: ansi-regex@2.1.1-a4411ee753b3c268fe0fa691b7b6d76e658495d5 expected: registry.npmjs.org actual: undefined detected invalid host(s) for package: aproba@1.2.0-67a3a82a3afd43c6b38cd199d9e10d8ce11e40a7 expected: registry.npmjs.org actual: undefined detected invalid host(s) for package: are-we-there-yet@1.1.5-db421a9d7eb536f4ab9fd4f5fe55ea168545d6e1 expected: registry.npmjs.org actual: undefined detected invalid host(s) for package: balanced-match@1.0.0-a1e556e38a86742663d082571c0d992e4378e7df expected: registry.npmjs.org actual: undefined detected invalid host(s) for package: brace-expansion@1.1.11-07558216cbc6c1d132b7a4c5dbf5aff345fd6bec expected: registry.npmjs.org actual: undefined detected invalid host(s) for package: chownr@1.1.3-bd70c1291e746b724660677abde62b6761e53668 expected: registry.npmjs.org actual: undefined detected invalid host(s) for package: code-point-at@1.1.0-7ac382cbe078dea67285d8fae268577149f0fc41 expected: registry.npmjs.org actual: undefined detected invalid host(s) for package: concat-map@0.0.1-5bcc394f696b061e3e8af83c7c45b81ee3c75989 expected: registry.npmjs.org actual: undefined detected invalid host(s) for package: console-control-strings@1.1.0-7ac382cbe078dea67285d8fae268577149f0fc41 expected: registry.npmjs.org actual: undefined detected invalid host(s) for package: core-util-is@1.0.2-453b05fece7eb79a44950dceb2550b3599bd3d1e expected: registry.npmjs.org actual: undefined detected invalid host(s) for package: debug@3.2.6-c999c127fe2c95a7fc2fd56f2758dab8bac1219a expected: registry.npmjs.org actual: undefined detected invalid host(s) for package: deep-extend@0.6.0-8c4c6bdebb700ac0537acf4a3b7e84de962c2698 expected: registry.npmjs.org actual: undefined detected invalid host(s) for package: delegates@1.0.0-a1e556e38a86742663d082571c0d992e4378e7df expected: registry.npmjs.org actual: undefined detected invalid host(s) for package: detect-libc@1.0.3-666df9b44592e7d3c6a29a54566bcde52965d1ac expected: registry.npmjs.org actual: undefined detected invalid host(s) for package: fs-minipass@1.2.7-53f8794a5a41eb48058f3ee9521a363d382e9788 expected: registry.npmjs.org actual: undefined detected invalid host(s) for package: fs.realpath@1.0.0-a1e556e38a86742663d082571c0d992e4378e7df expected: registry.npmjs.org actual: undefined detected invalid host(s) for package: gauge@2.7.4-3d6eaee84bbe81a75be00e8c9a7c0d7ab3feaad9 expected: registry.npmjs.org actual: undefined detected invalid host(s) for package: glob@7.1.6-570f246f62cd2948cacc50289ce3ec2624d55fa4 expected: registry.npmjs.org actual: undefined detected invalid host(s) for package: has-unicode@2.0.1-18c70d8eda05c2958a9d90d5efee825d97f8562f expected: registry.npmjs.org actual: undefined detected invalid host(s) for package: iconv-lite@0.4.24-728b995be366ec7d8205b6225b3abe32bd56ba77 expected: registry.npmjs.org actual: undefined detected invalid host(s) for package: ignore-walk@3.0.3-8c1205a060a8a8501ecb628135e70d2fbb527817 expected: registry.npmjs.org actual: undefined detected invalid host(s) for package: inflight@1.0.6-581bdf70bd117ac559073cf5ba7e21d57565e8e7 expected: registry.npmjs.org actual: undefined detected invalid host(s) for package: inherits@2.0.4-c756932e51fd5cd8f3b2ecb5056d64c652ee6ba1 expected: registry.npmjs.org actual: undefined detected invalid host(s) for package: ini@1.3.5-0fb9e554e1e0e77194ce4aecd933bf313f0e82ec expected: registry.npmjs.org actual: undefined detected invalid host(s) for package: is-fullwidth-code-point@1.0.0-c85c2ad8747eaaecf81e65ea0fbca97ef2f4cdcf expected: registry.npmjs.org actual: undefined detected invalid host(s) for package: isarray@1.0.0-a1e556e38a86742663d082571c0d992e4378e7df expected: registry.npmjs.org actual: undefined detected invalid host(s) for package: minimatch@3.0.4-84d0376309d597cc35a6cda078e50d446fee2b76 expected: registry.npmjs.org actual: undefined detected invalid host(s) for package: minimist@0.0.8-3b7854205ae2d0eaee5c26c1c52e2e7e1a6b267f expected: registry.npmjs.org actual: undefined detected invalid host(s) for package: minipass@2.9.0-e63752b47c4603f3873d32b5e1557a6db4c31f91 expected: registry.npmjs.org actual: undefined detected invalid host(s) for package: minizlib@1.3.3-2e70174b5381787705bc71d6719221edb5b5e0ba expected: registry.npmjs.org actual: undefined detected invalid host(s) for package: mkdirp@0.5.1-4235e500aa2c76af9c2e24d5cfb23c482dca3cf4 expected: registry.npmjs.org actual: undefined detected invalid host(s) for package: ms@2.1.2-4dbe546c214f7b9757e12c4344c222e6590ea1c4 expected: registry.npmjs.org actual: undefined detected invalid host(s) for package: needle@2.4.0-a9e1ce1402cc0d7d01dafef8c17a6633dd94779e expected: registry.npmjs.org actual: undefined detected invalid host(s) for package: node-pre-gyp@0.14.0-1955b095a98919138e9f8d8f0eb834e1b7247041 expected: registry.npmjs.org actual: undefined detected invalid host(s) for package: nopt@4.0.1-3d529f3c10a6db8172779daea575167c4a46e6e0 expected: registry.npmjs.org actual: undefined detected invalid host(s) for package: npm-bundled@1.1.1-42d6eacbaaf5f6ff2766cb78d1c68ec445fd75b6 expected: registry.npmjs.org actual: undefined detected invalid host(s) for package: npm-normalize-package-bin@1.0.1-8b614c24dba3ea097764a4ecf9e7e5eaaff6ffb2 expected: registry.npmjs.org actual: undefined detected invalid host(s) for package: npm-packlist@1.4.7-d0ee9290842b1c66edbea481d977e61495370bb8 expected: registry.npmjs.org actual: undefined detected invalid host(s) for package: npmlog@4.1.2-38ce54fc6628d77beab830433c733824c7c36578 expected: registry.npmjs.org actual: undefined detected invalid host(s) for package: number-is-nan@1.0.1-8b614c24dba3ea097764a4ecf9e7e5eaaff6ffb2 expected: registry.npmjs.org actual: undefined detected invalid host(s) for package: object-assign@4.1.1-59c33eafd017927c1ff94cb4cb9d6523e0d25a2d expected: registry.npmjs.org actual: undefined detected invalid host(s) for package: once@1.4.0-8f17daf0eabdbc3bc286715667f881ea6c48fa76 expected: registry.npmjs.org actual: undefined detected invalid host(s) for package: os-homedir@1.0.2-453b05fece7eb79a44950dceb2550b3599bd3d1e expected: registry.npmjs.org actual: undefined detected invalid host(s) for package: os-tmpdir@1.0.2-453b05fece7eb79a44950dceb2550b3599bd3d1e expected: registry.npmjs.org actual: undefined detected invalid host(s) for package: osenv@0.1.5-1ed77f7c78dfcece32b5ff2d9707e287b40727c1 expected: registry.npmjs.org actual: undefined detected invalid host(s) for package: path-is-absolute@1.0.1-8b614c24dba3ea097764a4ecf9e7e5eaaff6ffb2 expected: registry.npmjs.org actual: undefined detected invalid host(s) for package: process-nextick-args@2.0.1-18c70d8eda05c2958a9d90d5efee825d97f8562f expected: registry.npmjs.org actual: undefined detected invalid host(s) for package: rc@1.2.8-98e6acf3890dd875ca4c614d08bf546aee2f6d6d expected: registry.npmjs.org actual: undefined detected invalid host(s) for package: minimist@1.2.0-67a3a82a3afd43c6b38cd199d9e10d8ce11e40a7 expected: registry.npmjs.org actual: undefined detected invalid host(s) for package: readable-stream@2.3.6-c996bb9e7e8a14cddd449ee98314a9beef21411b expected: registry.npmjs.org actual: undefined detected invalid host(s) for package: rimraf@2.7.1-24090d754ede50bf4a5f4274c10d13040a128667 expected: registry.npmjs.org actual: undefined detected invalid host(s) for package: safe-buffer@5.1.2-03f3eff8128ccf41305f469232019213979ba0d7 expected: registry.npmjs.org actual: undefined detected invalid host(s) for package: safer-buffer@2.1.2-4dbe546c214f7b9757e12c4344c222e6590ea1c4 expected: registry.npmjs.org actual: undefined detected invalid host(s) for package: sax@1.2.4-f8689e23778bf8f64eee3a61b206c1ef32fc9adb expected: registry.npmjs.org actual: undefined detected invalid host(s) for package: semver@5.7.1-897ca18c174fe82450ff7bc266df742d9376c7be expected: registry.npmjs.org actual: undefined detected invalid host(s) for package: set-blocking@2.0.0-1e1fed9027bc9efce9c16ffc71dd10b3f3dbb062 expected: registry.npmjs.org actual: undefined detected invalid host(s) for package: signal-exit@3.0.2-ec2514bcc180277b59403a4a1cc6c1986fbbc18e expected: registry.npmjs.org actual: undefined detected invalid host(s) for package: string-width@1.0.2-7789b68efc6f318e5159eb7a59122cafe5e7de9b expected: registry.npmjs.org actual: undefined detected invalid host(s) for package: string_decoder@1.1.1-3fbd6d347df9ab7361cbdcc0c81b85d419f33f9a expected: registry.npmjs.org actual: undefined detected invalid host(s) for package: strip-ansi@3.0.1-20b59a2421bdcc546626cc0e2227dc767a910dcc expected: registry.npmjs.org actual: undefined detected invalid host(s) for package: strip-json-comments@2.0.1-18c70d8eda05c2958a9d90d5efee825d97f8562f expected: registry.npmjs.org actual: undefined detected invalid host(s) for package: tar@4.4.13-c5cc062575df6f8fd8d7b587222d52a87b20e1b1 expected: registry.npmjs.org actual: undefined detected invalid host(s) for package: util-deprecate@1.0.2-453b05fece7eb79a44950dceb2550b3599bd3d1e expected: registry.npmjs.org actual: undefined detected invalid host(s) for package: wide-align@1.1.3-0b1029b1c24dc67941aac9f7bb5c2b4aa5ddb6ad expected: registry.npmjs.org actual: undefined detected invalid host(s) for package: wrappy@1.0.2-453b05fece7eb79a44950dceb2550b3599bd3d1e expected: registry.npmjs.org actual: undefined detected invalid host(s) for package: yallist@3.1.1-0532082075b0313f0b9e958917d9f46bc2ba62ea expected: registry.npmjs.org actual: undefined error: command failed with exit code 1 npm ERR! code ELIFECYCLE npm ERR! errno 1 npm ERR! bootstrap@4.3.1 lockfile-lint: `lockfile-lint --allowed-hosts npm --allowed-schemes https: --empty-hostname false --type npm --path package-lock.json` npm ERR! Exit status 1 npm ERR! npm ERR! Failed at the bootstrap@4.3.1 lockfile-lint script. npm ERR! This is probably not a problem with npm. There is likely additional logging output above. npm ERR! A complete log of this run can be found in: npm ERR! C:\Users\xmr\AppData\Roaming\npm-cache\_logs\2020-02-04T09_13_16_691Z-debug.log ```
lirantal commented 4 years ago
  1. Oh looking into this now too 👀
  2. Which version did you get the previous errors with ?
XhmikosR commented 4 years ago

It's the same version.

lirantal commented 4 years ago

I meant that 3.0.10 and 3.0.11 are the least versions released within the last 24 hours but you said that in the branch you opened you didn't update lockfile-lint but those errors seem to be related with those versions I listed

XhmikosR commented 4 years ago

Oh, no, the branch I made does use the latest versions and the error happens. v3.0.9 seems to work fine, v3.0.11 throws the aforementioned error.

lirantal commented 4 years ago

Gotcha. I see the issue, give me a second to push a fix.

lirantal commented 4 years ago

PR in https://github.com/lirantal/lockfile-lint/pull/61 fixes it

XhmikosR commented 4 years ago

Thanks, I will try it as soon as a new patch is out! Oh, and sorry for not opening a new issue about this, I thought it was the same regression :)

lirantal commented 4 years ago

@XhmikosR no worries, it is the same regression indeed :-) I just merged it so a new release is going to be available in some 5-10 minutes. Let me know if you still find issues.

XhmikosR commented 4 years ago

All good now!

obartra commented 4 years ago

Is lockfile-lint-api@5.0.10 the version with the fix? I'm reproing the same issue there (but not on 5.0.7)

"message": "detected invalid registry for package: abbrev@1.1.1-8f0b92d6fc7847f731964a4f3ab3b7c1e53edee5\n    expected one of: https://private.npm.registry.com:\n    actual: 1.1.1\n"

I wasn't sure if to file a separate issue since it seems related

lirantal commented 4 years ago

@obartra regression was indeed fixed and released to both packages: CLI and API.

obartra commented 4 years ago

I'm reproing on 5.0.10 though (for the api package)

lirantal commented 4 years ago

@obartra I'm confused, can you please open a new thread to discuss this as we're hijacking something unrelated here?