danger-package_json_lockdown 0.9.9

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 894abee3dcc4df1aceba34f5157d8ddad837fa61
+  data.tar.gz: 6f0d383ce604afe65df176189d8e0ed23051b3f1
+SHA512:
+  metadata.gz: 56ed239a7d12794d780dc64c860f47a12c070f6c6e215c73added89935eee5f06b7fed23f8ee1d27401da151f8b7353fd18ba378a32991a73f0fbd58dd90fd33
+  data.tar.gz: 8bfcd36e851f2dba8e49725fa340331cac2020bb651eda41b83f14c5488c6aac84b1ecf0f528df7ec1112c675bd2a7997e1035327b7a25ebd10d486219a4bcf0

data/.gitignore

@@ -0,0 +1,4 @@
+.DS_Store
+.yardoc
+pkg
+.idea/

data/.travis.yml

@@ -0,0 +1,12 @@
+language: ruby
+cache:
+  directories:
+    - bundle
+
+rvm:
+  - 2.0
+  - 2.1.3
+  - 2.3.1
+
+script:
+    - bundle exec rake spec

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in danger-package_json_lockdown.gemspec
+gemspec

data/Gemfile.lock

@@ -0,0 +1,139 @@
+PATH
+  remote: .
+  specs:
+    danger-package_json_lockdown (0.0.1)
+      danger-plugin-api (~> 1.0)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    addressable (2.4.0)
+    ast (2.3.0)
+    claide (1.0.1)
+    claide-plugins (0.9.2)
+      cork
+      nap
+      open4 (~> 1.3)
+    coderay (1.1.1)
+    colored (1.2)
+    cork (0.2.0)
+      colored (~> 1.2)
+    danger (3.5.3)
+      claide (~> 1.0)
+      claide-plugins (>= 0.9.2)
+      colored (~> 1.2)
+      cork (~> 0.1)
+      faraday (~> 0.9)
+      faraday-http-cache (~> 1.0)
+      git (~> 1)
+      gitlab (~> 3.7.0)
+      kramdown (~> 1.5)
+      octokit (~> 4.2)
+      terminal-table (~> 1)
+    danger-plugin-api (1.0.0)
+      danger (> 2.0)
+    diff-lcs (1.2.5)
+    faraday (0.9.2)
+      multipart-post (>= 1.2, < 3)
+    faraday-http-cache (1.3.1)
+      faraday (~> 0.8)
+    ffi (1.9.14)
+    formatador (0.2.5)
+    git (1.3.0)
+    gitlab (3.7.0)
+      httparty (~> 0.13.0)
+      terminal-table
+    guard (2.14.0)
+      formatador (>= 0.2.4)
+      listen (>= 2.7, < 4.0)
+      lumberjack (~> 1.0)
+      nenv (~> 0.1)
+      notiffany (~> 0.0)
+      pry (>= 0.9.12)
+      shellany (~> 0.0)
+      thor (>= 0.18.1)
+    guard-compat (1.2.1)
+    guard-rspec (4.7.3)
+      guard (~> 2.1)
+      guard-compat (~> 1.1)
+      rspec (>= 2.99.0, < 4.0)
+    httparty (0.13.7)
+      json (~> 1.8)
+      multi_xml (>= 0.5.2)
+    json (1.8.3)
+    kramdown (1.12.0)
+    listen (3.0.7)
+      rb-fsevent (>= 0.9.3)
+      rb-inotify (>= 0.9.7)
+    lumberjack (1.0.10)
+    method_source (0.8.2)
+    multi_xml (0.5.5)
+    multipart-post (2.0.0)
+    nap (1.1.0)
+    nenv (0.3.0)
+    notiffany (0.1.1)
+      nenv (~> 0.1)
+      shellany (~> 0.0)
+    octokit (4.3.0)
+      sawyer (~> 0.7.0, >= 0.5.3)
+    open4 (1.3.4)
+    parser (2.3.1.4)
+      ast (~> 2.2)
+    powerpack (0.1.1)
+    pry (0.10.4)
+      coderay (~> 1.1.0)
+      method_source (~> 0.8.1)
+      slop (~> 3.4)
+    rainbow (2.1.0)
+    rake (10.5.0)
+    rb-fsevent (0.9.7)
+    rb-inotify (0.9.7)
+      ffi (>= 0.5.0)
+    rspec (3.5.0)
+      rspec-core (~> 3.5.0)
+      rspec-expectations (~> 3.5.0)
+      rspec-mocks (~> 3.5.0)
+    rspec-core (3.5.4)
+      rspec-support (~> 3.5.0)
+    rspec-expectations (3.5.0)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.5.0)
+    rspec-mocks (3.5.0)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.5.0)
+    rspec-support (3.5.0)
+    rubocop (0.43.0)
+      parser (>= 2.3.1.1, < 3.0)
+      powerpack (~> 0.1)
+      rainbow (>= 1.99.1, < 3.0)
+      ruby-progressbar (~> 1.7)
+      unicode-display_width (~> 1.0, >= 1.0.1)
+    ruby-progressbar (1.8.1)
+    sawyer (0.7.0)
+      addressable (>= 2.3.5, < 2.5)
+      faraday (~> 0.8, < 0.10)
+    shellany (0.0.1)
+    slop (3.6.0)
+    terminal-table (1.7.3)
+      unicode-display_width (~> 1.1.1)
+    thor (0.19.1)
+    unicode-display_width (1.1.1)
+    yard (0.9.5)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  bundler (~> 1.3)
+  danger-package_json_lockdown!
+  guard (~> 2.14)
+  guard-rspec (~> 4.7)
+  listen (= 3.0.7)
+  pry
+  rake (~> 10.0)
+  rspec (~> 3.4)
+  rubocop (~> 0.41)
+  yard (~> 0.8)
+
+BUNDLED WITH
+   1.13.1

data/Guardfile

@@ -0,0 +1,19 @@
+# A guardfile for making Danger Plugins
+# For more info see https://github.com/guard/guard#readme
+
+# To run, use `bundle exec guard`.
+
+guard :rspec, cmd: 'bundle exec rspec' do
+  require 'guard/rspec/dsl'
+  dsl = Guard::RSpec::Dsl.new(self)
+
+  # RSpec files
+  rspec = dsl.rspec
+  watch(rspec.spec_helper) { rspec.spec_dir }
+  watch(rspec.spec_support) { rspec.spec_dir }
+  watch(rspec.spec_files)
+
+  # Ruby files
+  ruby = dsl.ruby
+  dsl.watch_spec_files_for(ruby.lib_files)
+end

data/LICENSE.txt

@@ -0,0 +1,22 @@
+Copyright (c) 2016 Joshua May <josh@notjosh.com>
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,64 @@
+
+
+### package_json_lockdown
+
+Force locking down of version numbers in package.json
+
+Shrinkwrap isn't the solution you want it to be, and none of the other tools
+quite do what you want. So you'll get fed up and force manual management of
+your dependencies (after all, `npm outdated` is fairly easy to deal with.)
+
+This plugin will warn you if you're commiting anything that looks like:
+
+ - "^1.0.0"
+ - "~1.0.0"
+ - "<=1.0.0"
+ - "<1.0.0"
+ - ">=1.0.0"
+ - ">1.0.0"
+ - "1.0.x"
+ - "*"
+ - ""
+
+So you can still specify a git hash, a tag, or a URL (and so on), and, most
+importantly, you can specify a version number.
+
+<blockquote>Basic operation, throwing warnings in specified package.json(s)
+  <pre>
+package_json_lockdown.verify('package.json')
+package_json_lockdown.verify('path/to/sub/package.json')</pre>
+</blockquote>
+
+<blockquote>Blacklisting specific dependencies nodes
+  <pre>
+# Will only check the `dependencies` node, but allow
+#  `devDependencies` to contain non-specific versions
+package_json_lockdown.dependency_keys = ['dependencies']
+package_json_lockdown.verify('package.json')</pre>
+</blockquote>
+
+<blockquote>Returning values to handle manually
+  <pre>
+problems = package_json_lockdown.inspect('package.json')
+puts(problems)</pre>
+</blockquote>
+
+
+
+#### Attributes
+
+`dependency_keys` - Allows you to specify dependency nodes to check. By default it will check
+all nodes known to contain dependencies.
+
+
+
+
+#### Methods
+
+`verify` - Verifies the supplied `package.json` file
+
+`inspect` - Inspects the supplied `package.json` file and returns problems
+
+
+
+

data/Rakefile

@@ -0,0 +1,23 @@
+require 'bundler/gem_tasks'
+require 'rspec/core/rake_task'
+require 'rubocop/rake_task'
+
+RSpec::Core::RakeTask.new(:specs)
+
+task default: :specs
+
+task :spec do
+  Rake::Task['specs'].invoke
+  Rake::Task['rubocop'].invoke
+  Rake::Task['spec_docs'].invoke
+end
+
+desc 'Run RuboCop on the lib/specs directory'
+RuboCop::RakeTask.new(:rubocop) do |task|
+  task.patterns = ['lib/**/*.rb', 'spec/**/*.rb']
+end
+
+desc 'Ensure that the plugin passes `danger plugins lint`'
+task :spec_docs do
+  sh 'bundle exec danger plugins lint'
+end

data/danger-package_json_lockdown.gemspec

@@ -0,0 +1,49 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'package_json_lockdown/gem_version.rb'
+
+Gem::Specification.new do |spec|
+  spec.name          = 'danger-package_json_lockdown'
+  spec.version       = PackageJsonLockdown::VERSION
+  spec.authors       = ['Joshua May']
+  spec.email         = ['josh@notjosh.com']
+  spec.description   = %q{Force locking down of version numbers in package.json.}
+  spec.summary       = %q{A plugin for Danger that allows locking down of version numbers found in package.json}
+  spec.homepage      = 'https://github.com/notjosh/danger-package_json_lockdown'
+  spec.license       = 'MIT'
+
+  spec.files         = `git ls-files`.split($/)
+  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
+  spec.require_paths = ['lib']
+
+  spec.add_runtime_dependency 'danger-plugin-api', '~> 1.0'
+
+  # General ruby development
+  spec.add_development_dependency 'bundler', '~> 1.3'
+  spec.add_development_dependency 'rake', '~> 10.0'
+
+  # Testing support
+  spec.add_development_dependency 'rspec', '~> 3.4'
+
+  # Linting code and docs
+  spec.add_development_dependency "rubocop", "~> 0.41"
+  spec.add_development_dependency "yard", "~> 0.8"
+
+  # Makes testing easy via `bundle exec guard`
+  spec.add_development_dependency 'guard', '~> 2.14'
+  spec.add_development_dependency 'guard-rspec', '~> 4.7'
+
+  # If you want to work on older builds of ruby
+  spec.add_development_dependency 'listen', '3.0.7'
+
+  # This gives you the chance to run a REPL inside your tests
+  # via:
+  #
+  #    require 'pry'
+  #    binding.pry
+  #
+  # This will stop test execution and let you inspect the results
+  spec.add_development_dependency 'pry'
+end

data/lib/danger_package_json_lockdown.rb

@@ -0,0 +1 @@
+require 'package_json_lockdown/gem_version'

data/lib/danger_plugin.rb

@@ -0,0 +1 @@
+require 'package_json_lockdown/plugin'

data/lib/package_json_lockdown/gem_version.rb

@@ -0,0 +1,3 @@
+module PackageJsonLockdown
+  VERSION = '0.9.9'.freeze
+end

data/lib/package_json_lockdown/plugin.rb

@@ -0,0 +1,123 @@
+module Danger
+  # Force locking down of version numbers in package.json
+  #
+  # Shrinkwrap isn't the solution you want it to be, and none of the other tools
+  # quite do what you want. So you'll get fed up and force manual management of
+  # your dependencies (after all, `npm outdated` is fairly easy to deal with.)
+  #
+  # This plugin will warn you if you're commiting anything that looks like:
+  #
+  #  - "^1.0.0"
+  #  - "~1.0.0"
+  #  - "<=1.0.0"
+  #  - "<1.0.0"
+  #  - ">=1.0.0"
+  #  - ">1.0.0"
+  #  - "1.0.x"
+  #  - "*"
+  #  - ""
+  #
+  # So you can still specify a git hash, a tag, or a URL (and so on), and, most
+  # importantly, you can specify a version number.
+  #
+  # @example Basic operation, throwing warnings in specified package.json(s)
+  #
+  #          package_json_lockdown.verify('package.json')
+  #          package_json_lockdown.verify('path/to/sub/package.json')
+  #
+  # @example Blacklisting specific dependencies nodes
+  #
+  #          # Will only check the `dependencies` node, but allow
+  #          #  `devDependencies` to contain non-specific versions
+  #          package_json_lockdown.dependency_keys = ['dependencies']
+  #          package_json_lockdown.verify('package.json')
+  #
+  # @example Returning values to handle manually
+  #
+  #          problems = package_json_lockdown.inspect('package.json')
+  #          puts(problems)
+  #
+  # @tags npm, package.json, node, nodejs
+  #
+  class DangerPackageJsonLockdown < Plugin
+    # Allows you to specify dependency nodes to check. By default it will check
+    # all nodes known to contain dependencies.
+    #
+    # @return   [Array<String>]
+    attr_accessor :dependency_keys
+
+    def dependency_keys
+      @dependency_keys || %w(
+        dependencies
+        devDependencies
+        peerDependencies
+        bundleDependencies
+        bundledDependencies
+        optionalDependencies
+      )
+    end
+
+    # Verifies the supplied `package.json` file
+    # @param    [string] package_json
+    #           Path to `package.json`, relative to current directory
+    # @return   [void]
+    def verify(package_json)
+      inspect(package_json).each do |suspicious|
+        warn(
+          "`#{suspicious[:package]}` doesn't specify fixed version number",
+          file: package_json,
+          line: suspicious[:line]
+        )
+      end
+    end
+
+    # Inspects the supplied `package.json` file and returns problems
+    # @param    [string] package_json
+    #           Path to `package.json`, relative to current directory
+    # @return   [Array<{Symbol => String}>]
+    #            - `:package`: the offending package name
+    #            - `:version`: the version as written in `package.json`
+    #            - `:line`: (probably) the line number.
+    def inspect(package_json)
+      json = JSON.parse(File.read(package_json))
+
+      suspicious_packages = []
+
+      dependency_keys.each do |dependency_key|
+        next unless json.key?(dependency_key)
+
+        results = find_something_suspicious(json[dependency_key], package_json)
+        suspicious_packages.push(*results)
+      end
+
+      suspicious_packages
+    end
+
+    private
+
+    def find_something_suspicious(dependency_node, package_json)
+      suspicious_packages = []
+
+      dependency_node.each do |package, version|
+        obj = {
+          package: package,
+          version: version,
+          line: line_number_of_package(package, package_json)
+        }
+        suspicious_packages.push(obj) if suspicious?(version)
+      end
+
+      suspicious_packages
+    end
+
+    def suspicious?(version)
+      version =~ /^[\^<>\*~]/ ||
+        version =~ /\.x/ ||
+        version == ''
+    end
+
+    def line_number_of_package(package, package_json)
+      `grep -n '\"#{package}\":' #{package_json} | cut -f1 -d:`.strip
+    end
+  end
+end

data/spec/fixtures/invalid.json

@@ -0,0 +1,19 @@
+{
+  "name": "danger-package_json_lockdown",
+  "version": "0.0.1",
+  "dependencies": {
+    "@shoutem/ui": "0.9.1",
+    "react": "15.3.2",
+    "react-intl": "2.1.5"
+  },
+  "devDependencies": {
+    "@kadira/react-native-storybook": "^2.1.3",
+    "babel-jest": ">=15.0.0",
+    "babel-plugin-flow-react-proptypes": "<0.12.2",
+    "babel-preset-react-native": "~1.9.0",
+    "eslint-config-airbnb-flow": "1.0.x",
+    "eslint-plugin-import": "",
+    "eslint-plugin-jsx-a11y": "*",
+    "eslint-plugin-react": "6.3.0"
+  }
+}

data/spec/fixtures/valid.json

@@ -0,0 +1,20 @@
+{
+  "name": "danger-package_json_lockdown",
+  "version": "0.0.1",
+  "dependencies": {
+    "@shoutem/ui": "0.9.1",
+    "react": "15.3.2",
+    "react-intl": "2.1.5",
+    "react-native": "0.35.0-rc.0"
+  },
+  "devDependencies": {
+    "@kadira/react-native-storybook": "2.1.3",
+    "babel-jest": "15.0.0",
+    "babel-plugin-flow-react-proptypes": "0.12.2",
+    "babel-preset-react-native": "1.9.0",
+    "eslint-config-airbnb-flow": "1.0.2",
+    "eslint-plugin-import": "1.16.0",
+    "eslint-plugin-jsx-a11y": "2.2.2",
+    "eslint-plugin-react": "6.3.0"
+  }
+}

data/spec/package_json_lockdown_spec.rb

@@ -0,0 +1,90 @@
+require File.expand_path('../spec_helper', __FILE__)
+
+module Danger
+  describe Danger::DangerPackageJsonLockdown, use: :ci_helper do
+    it 'should be a plugin' do
+      expect(Danger::DangerPackageJsonLockdown.new(nil)).to be_a Danger::Plugin
+    end
+
+    describe 'with Dangerfile' do
+      before do
+        @dangerfile = testing_dangerfile
+        @package_json_lockdown = @dangerfile.package_json_lockdown
+      end
+
+      it 'Accepts valid package.json' do
+        @package_json_lockdown.verify('spec/fixtures/valid.json')
+        expect(@dangerfile.status_report[:warnings]).to eq([])
+      end
+
+      it 'Warns on package.json with non-specific versions' do
+        @package_json_lockdown.verify('spec/fixtures/invalid.json')
+
+        warnings = [
+          '`@kadira/react-native-storybook` doesn\'t specify fixed version ' \
+            'number',
+          '`babel-jest` doesn\'t specify fixed version number',
+          '`babel-plugin-flow-react-proptypes` doesn\'t specify fixed ' \
+            'version number',
+          '`babel-preset-react-native` doesn\'t specify fixed version number',
+          '`eslint-config-airbnb-flow` doesn\'t specify fixed version number',
+          '`eslint-plugin-import` doesn\'t specify fixed version number',
+          '`eslint-plugin-jsx-a11y` doesn\'t specify fixed version number'
+        ]
+        expect(@dangerfile.status_report[:warnings]).to eq(warnings)
+      end
+
+      it 'Allows specifying dependency JSON keys' do
+        @package_json_lockdown.dependency_keys = ['dependencies']
+        @package_json_lockdown.verify('spec/fixtures/invalid.json')
+
+        expect(@dangerfile.status_report[:warnings]).to eq([])
+      end
+
+      it 'Returns suspicious packages without warning if inspecting' do
+        suspicious = @package_json_lockdown.inspect(
+          'spec/fixtures/invalid.json'
+        )
+
+        expected = [
+          {
+            package: '@kadira/react-native-storybook',
+            version: '^2.1.3',
+            line: '10'
+          },
+          {
+            package: 'babel-jest',
+            version: '>=15.0.0',
+            line: '11'
+          },
+          {
+            package: 'babel-plugin-flow-react-proptypes',
+            version: '<0.12.2',
+            line: '12'
+          },
+          {
+            package: 'babel-preset-react-native',
+            version: '~1.9.0',
+            line: '13'
+          },
+          {
+            package: 'eslint-config-airbnb-flow',
+            version: '1.0.x',
+            line: '14'
+          },
+          {
+            package: 'eslint-plugin-import',
+            version: '',
+            line: '15'
+          },
+          {
+            package: 'eslint-plugin-jsx-a11y',
+            version: '*',
+            line: '16'
+          }
+        ]
+        expect(suspicious).to eq(expected)
+      end
+    end
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,59 @@
+require 'pathname'
+ROOT = Pathname.new(File.expand_path('../../', __FILE__))
+$LOAD_PATH.unshift((ROOT + 'lib').to_s)
+$LOAD_PATH.unshift((ROOT + 'spec').to_s)
+
+require 'bundler/setup'
+require 'pry'
+
+require 'rspec'
+require 'danger'
+
+# Use coloured output, it's the best.
+RSpec.configure do |config|
+  config.filter_gems_from_backtrace 'bundler'
+  config.color = true
+  config.tty = true
+end
+
+require 'danger_plugin'
+
+# These functions are a subset of https://github.com/danger/danger/blob/master/spec/spec_helper.rb
+# If you are expanding these files, see if it's already been done ^.
+
+# A silent version of the user interface,
+# it comes with an extra function `.string` which will
+# strip all ANSI colours from the string.
+
+# rubocop:disable Lint/NestedMethodDefinition
+def testing_ui
+  @output = StringIO.new
+  def @output.winsize
+    [20, 9999]
+  end
+
+  cork = Cork::Board.new(out: @output)
+  def cork.string
+    out.string.gsub(/\e\[([;\d]+)?m/, '')
+  end
+  cork
+end
+# rubocop:enable Lint/NestedMethodDefinition
+
+# Example environment (ENV) that would come from
+# running a PR on TravisCI
+def testing_env
+  {
+    'HAS_JOSH_K_SEAL_OF_APPROVAL' => 'true',
+    'TRAVIS_PULL_REQUEST' => '800',
+    'TRAVIS_REPO_SLUG' => 'artsy/eigen',
+    'TRAVIS_COMMIT_RANGE' => '759adcbd0d8f...13c4dc8bb61d',
+    'DANGER_GITHUB_API_TOKEN' => '123sbdq54erfsd3422gdfio'
+  }
+end
+
+# A stubbed out Dangerfile for use in tests
+def testing_dangerfile
+  env = Danger::EnvironmentManager.new(testing_env)
+  Danger::Dangerfile.new(env, testing_ui)
+end

metadata

@@ -0,0 +1,206 @@
+--- !ruby/object:Gem::Specification
+name: danger-package_json_lockdown
+version: !ruby/object:Gem::Version
+  version: 0.9.9
+platform: ruby
+authors:
+- Joshua May
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2016-10-10 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: danger-plugin-api
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.3'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.3'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.4'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.4'
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.41'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.41'
+- !ruby/object:Gem::Dependency
+  name: yard
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.8'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.8'
+- !ruby/object:Gem::Dependency
+  name: guard
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.14'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.14'
+- !ruby/object:Gem::Dependency
+  name: guard-rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4.7'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4.7'
+- !ruby/object:Gem::Dependency
+  name: listen
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 3.0.7
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 3.0.7
+- !ruby/object:Gem::Dependency
+  name: pry
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Force locking down of version numbers in package.json.
+email:
+- josh@notjosh.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".travis.yml"
+- Gemfile
+- Gemfile.lock
+- Guardfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- danger-package_json_lockdown.gemspec
+- lib/danger_package_json_lockdown.rb
+- lib/danger_plugin.rb
+- lib/package_json_lockdown/gem_version.rb
+- lib/package_json_lockdown/plugin.rb
+- spec/fixtures/invalid.json
+- spec/fixtures/valid.json
+- spec/package_json_lockdown_spec.rb
+- spec/spec_helper.rb
+homepage: https://github.com/notjosh/danger-package_json_lockdown
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.4.5
+signing_key: 
+specification_version: 4
+summary: A plugin for Danger that allows locking down of version numbers found in
+  package.json
+test_files:
+- spec/fixtures/invalid.json
+- spec/fixtures/valid.json
+- spec/package_json_lockdown_spec.rb
+- spec/spec_helper.rb