check-package-lock 1.10.0 → 1.12.0

package/.editorconfig

@@ -1,16 +1,16 @@
-; This file is for unifying the coding style for different editors and IDEs.
-; More information at https://editorconfig.org
-
-root = true
-
-[*]
-charset = utf-8
-end_of_line = lf
-indent_size = 4
-indent_style = space
-insert_final_newline = true
-trim_trailing_whitespace = true
-
-[*.yml]
-indent_style = space
-indent_size = 2
+; This file is for unifying the coding style for different editors and IDEs.
+; More information at https://editorconfig.org
+
+root = true
+
+[*]
+charset = utf-8
+end_of_line = lf
+indent_size = 4
+indent_style = space
+insert_final_newline = true
+trim_trailing_whitespace = true
+
+[*.yml]
+indent_style = space
+indent_size = 2

package/.gitattributes

@@ -0,0 +1,8 @@
+# all files must use unix line delimiters
+* text eol=lf
+
+# binary
+*.jpg binary
+*.webp binary
+*.heic binary
+*.png binary

package/.github/dependabot.yml

@@ -1,11 +1,16 @@
-# To get started with Dependabot version updates, you'll need to specify which
-# package ecosystems to update and where the package manifests are located.
-# Please see the documentation for all configuration options:
-# https://help.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
-
-version: 2
-updates:
-  - package-ecosystem: "npm"
-    directory: "/"
-    schedule:
-      interval: "daily"
+version: 2
+updates:
+  - package-ecosystem: github-actions
+    directory: /
+    schedule:
+      interval: daily
+    cooldown:
+      default-days: 7
+    open-pull-requests-limit: 10
+  - package-ecosystem: npm
+    directory: /
+    schedule:
+      interval: daily
+    cooldown:
+      default-days: 7
+    open-pull-requests-limit: 10

package/.github/workflows/ci.yml

@@ -0,0 +1,95 @@
+name: CI
+
+on:
+  push:
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+permissions:
+  contents: read
+  security-events: write
+
+jobs:
+  build:
+    name: Build and Test
+    runs-on: ubuntu-latest
+    environment: Development
+
+    steps:
+      - name: Harden Runner
+        uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4
+        # https://github.com/step-security/harden-runner/releases
+        with:
+          egress-policy: audit
+
+      - name: Checkout repository
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        # https://github.com/actions/checkout/releases
+        with:
+          persist-credentials: false
+
+      - name: Run zizmor
+        uses: zizmorcore/zizmor-action@5f14fd08f7cf1cb1609c1e344975f152c7ee938d # v0.5.6
+        # https://github.com/zizmorcore/zizmor-action/releases
+        with:
+          persona: pedantic
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Run CVE Lite CLI
+        uses: OWASP/cve-lite-cli@b4a69139a2f62ec3a9a85782c146ff702055d7f2 # v1.23.1
+        # https://github.com/OWASP/cve-lite-cli/releases
+        with:
+          fail-on: critical
+
+      - name: Setup Node.js
+        uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
+        # https://github.com/actions/setup-node/releases
+        with:
+          node-version: "lts/*"
+          cache: npm
+
+      - name: Install safe-chain
+        run: curl --fail --silent --show-error --retry 3 --location https://github.com/AikidoSec/safe-chain/releases/latest/download/install-safe-chain.sh | sh -s -- --ci
+
+      # this must fail if safe-chain is working
+      - name: Test safe-chain
+        run: |
+          npm safe-chain-verify
+          ! npm install safe-chain-test
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Run Snyk to check for vulnerabilities
+        uses: snyk/actions/node@9adf32b1121593767fc3c057af55b55db032dc04 # v1.0.0
+        # https://github.com/snyk/actions/releases
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+
+      - name: Check line endings
+        uses: fernandrone/linelint@7907a5dca0c28ea7dd05c6d8d8cacded713aca11 # 0.0.6
+        # https://github.com/fernandrone/linelint/releases
+
+      - name: Check EOL
+        uses: AODocs/check-eol@88fd9052e8ea211254a4de371011026603a329dc # v1.1
+        # https://github.com/AODocs/check-eol/releases
+
+      - name: Lint
+        run: ./node_modules/.bin/eslint '*.js' 'test/*.js'
+
+      - name: Run tests with coverage
+        run: ./node_modules/.bin/nyc npm test
+
+      - name: Generate coverage report
+        run: ./node_modules/.bin/nyc report --reporter=text-lcov > coverage.lcov
+
+      - name: Upload coverage to Codecov
+        uses: codecov/codecov-action@fb8b3582c8e4def4969c97caa2f19720cb33a72f # v7.0.0
+        # https://github.com/codecov/codecov-action/releases
+        with:
+          fail_ci_if_error: true
+        env:
+          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}

package/.github/workflows/scorecard.yml

@@ -0,0 +1,51 @@
+name: Scorecard supply-chain security
+on:
+  # For Branch-Protection check. Only the default branch is supported. See
+  # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection
+  branch_protection_rule:
+  # To guarantee Maintained check is occasionally updated. See
+  # https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained
+  schedule:
+    - cron: '32 5 * * 0'
+  push:
+    branches: [ "main" ]
+
+# Declare default permissions as read only.
+permissions: read-all
+
+jobs:
+  analysis:
+    name: Scorecard analysis
+    runs-on: ubuntu-latest
+    # `publish_results: true` only works when run from the default branch. conditional can be removed if disabled.
+    if: github.event.repository.default_branch == github.ref_name || github.event_name == 'pull_request'
+    permissions:
+      security-events: write # Needed to upload the results to code-scanning dashboard.
+      id-token: write # Needed to publish results and get a badge (see publish_results below).
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        with:
+          persist-credentials: false
+
+      - name: Run analysis
+        uses: ossf/scorecard-action@4eaacf0543bb3f2c246792bd56e8cdeffafb205a # v2.4.3
+        with:
+          results_file: results.sarif
+          results_format: sarif
+          publish_results: true
+
+      - name: Upload artifacts
+        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
+        # https://github.com/actions/upload-artifact/releases
+        with:
+          name: SARIF file
+          path: results.sarif
+          retention-days: 5
+
+      - name: Upload to code-scanning
+        uses: github/codeql-action/upload-sarif@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2
+        # https://github.com/github/codeql-action/releases
+        with:
+          sarif_file: results.sarif

package/.linelint.yml

@@ -0,0 +1,10 @@
+# list of paths to ignore, uses gitignore syntaxes (executes before any rule)
+ignore:
+  - node_modules/
+rules:
+  # checks if file ends in a newline character
+  end-of-file:
+    # set to true to enable this rule
+    enable: true
+    # if true also checks if file ends in a single newline character
+    single-new-line: true

package/LICENSE

@@ -1,21 +1,21 @@
-MIT License
-
-Copyright (c) 2019 Henrik Gemal
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.
+MIT License
+
+Copyright (c) 2019 Henrik Gemal
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -1,46 +1,46 @@
-# check-package-lock
-Checks the package-lock.json file for http:// links
-
-## What does it do?
-check-package-lock can check if the package-lock.json file contain insecure http:// links
-
-## Usage
-To check the package-lock.json file in the current folder:
-```
-npm install -g check-package-lock
-check-package-lock
-```
-
-To check the package-lock.json file in another folder:
-```
-npm install -g check-package-lock
-check-package-lock --folder 'nodefolder'
-```
-
-## Exit codes
-```
-0 = No errors
-1 = Errors were founds in the package-lock.json files
-2 = package-lock.json was not found
-3 = Folder specified does not exists
-4 = Folder specified is not a folder
-```
-
-## Continuous Integration
-check-package-lock can be used in CI environments to check your package-lock.json file before merging a pull request
-
-## Badges
-
-[![CircleCI](https://circleci.com/gh/gemal/node-check-package-lock.svg?style=svg)](https://circleci.com/gh/gemal/node-check-package-lock)
-
-[![codecov](https://codecov.io/gh/gemal/node-check-package-lock/branch/master/graph/badge.svg)](https://codecov.io/gh/gemal/node-check-package-lock)
-
-[![StyleCI](https://github.styleci.io/repos/183420925/shield)](https://github.styleci.io/repos/183420925)
-
-[![Known Vulnerabilities](https://snyk.io/test/github/gemal/node-check-package-lock/badge.svg)](https://snyk.io/test/github/gemal/node-check-package-lock)
-
-[![Total alerts](https://img.shields.io/lgtm/alerts/g/gemal/node-check-package-lock.svg?logo=lgtm&logoWidth=18)](https://lgtm.com/projects/g/gemal/node-check-package-lock/alerts/)
-
-[![CodeFactor](https://www.codefactor.io/repository/github/gemal/node-check-package-lock/badge)](https://www.codefactor.io/repository/github/gemal/node-check-package-lock)
-
-[![DeepScan grade](https://deepscan.io/api/teams/14204/projects/17307/branches/392368/badge/grade.svg)](https://deepscan.io/dashboard#view=project&tid=14204&pid=17307&bid=392368)
+# check-package-lock
+Checks the package-lock.json file for http:// links
+
+## What does it do?
+check-package-lock can check if the package-lock.json file contain insecure http:// links
+
+## Usage
+To check the package-lock.json file in the current folder:
+```
+npm install -g check-package-lock
+check-package-lock
+```
+
+To check the package-lock.json file in another folder:
+```
+npm install -g check-package-lock
+check-package-lock --folder 'nodefolder'
+```
+
+## Exit codes
+```
+0 = No errors
+1 = Errors were founds in the package-lock.json files
+2 = package-lock.json was not found
+3 = Folder specified does not exists
+4 = Folder specified is not a folder
+```
+
+## CI - Continuous Integration
+check-package-lock can be used in CI environments to check your package-lock.json file before merging a pull request
+
+## Badges
+
+[![CircleCI](https://circleci.com/gh/gemal/node-check-package-lock.svg?style=svg)](https://circleci.com/gh/gemal/node-check-package-lock)
+
+[![codecov](https://codecov.io/gh/gemal/node-check-package-lock/branch/master/graph/badge.svg)](https://codecov.io/gh/gemal/node-check-package-lock)
+
+[![StyleCI](https://github.styleci.io/repos/183420925/shield)](https://github.styleci.io/repos/183420925)
+
+[![Known Vulnerabilities](https://snyk.io/test/github/gemal/node-check-package-lock/badge.svg)](https://snyk.io/test/github/gemal/node-check-package-lock)
+
+[![Total alerts](https://img.shields.io/lgtm/alerts/g/gemal/node-check-package-lock.svg?logo=lgtm&logoWidth=18)](https://lgtm.com/projects/g/gemal/node-check-package-lock/alerts/)
+
+[![CodeFactor](https://www.codefactor.io/repository/github/gemal/node-check-package-lock/badge)](https://www.codefactor.io/repository/github/gemal/node-check-package-lock)
+
+[![DeepScan grade](https://deepscan.io/api/teams/14204/projects/17307/branches/392368/badge/grade.svg)](https://deepscan.io/dashboard#view=project&tid=14204&pid=17307&bid=392368)

package/eslint.config.js

@@ -0,0 +1,17 @@
+import globals from "globals";
+import js from "@eslint/js";
+
+
+export default [
+  {
+    languageOptions: {
+      globals: {
+        process: "readonly",
+        describe: "readonly",
+        it: "readonly",
+        ...globals.browser
+      }
+    }
+  },
+  js.configs.recommended,
+];

package/index.js

@@ -2,9 +2,14 @@
 
 'use strict';
 
-const fs = require('fs');
-const path = require('path');
-const {program} = require('commander');
+import fs from 'fs';
+import path from 'path';
+import { program } from 'commander';
+import { fileURLToPath } from 'url';
+
+// Define __filename and __dirname for ES modules
+const __filename = fileURLToPath(import.meta.url);
+const __dirname = path.dirname(__filename);
 
 /**
  * Check a folder.
@@ -17,7 +22,7 @@ function checkFolder() {
     }
     const pack = fullpath + 'package-lock.json';
     if (fs.existsSync(pack)) {
-        const filecontent = fs.readFileSync(pack, {encoding: 'utf-8'});
+        const filecontent = fs.readFileSync(pack, { encoding: 'utf-8' });
         if (filecontent.indexOf('http://registry.npmjs.org') > -1) { // lgtm [js/incomplete-url-substring-sanitization]
             console.log(pack + ' is NOT OK. It contains references to http://registry.npmjs.org');
             console.log('In order to fix this do:');
@@ -31,13 +36,13 @@ function checkFolder() {
             return 0;
         }
     } else {
-        console.log(pack + ' does not exists');
+        console.log(pack + ' does not exist');
         return 2;
     }
 }
 
 program
-    .version(require('./package.json').version)
+    .version(JSON.parse(fs.readFileSync(path.join(__dirname, 'package.json'))).version)
     .description('Checks the package-lock.json file for http:// links')
     .option('-f, --folder <folder>', 'Folder with package-lock.json file')
     .parse(process.argv);
@@ -54,7 +59,7 @@ if (options.folder) {
             process.exitCode = 4;
         }
     } else {
-        console.log('Oops! Folder does not exists: ' + options.folder);
+        console.log('Oops! Folder does not exist: ' + options.folder);
         process.exitCode = 3;
     }
 } else {

package/package.json

@@ -1,16 +1,17 @@
 {
     "name": "check-package-lock",
-    "version": "1.10.0",
-    "description": "Checks the package-lock.json file for http:// links",
+    "version": "1.12.0",
+    "description": "Checks the package-lock.json file for insecure http:// links",
     "main": "index.js",
     "repository": {
         "type": "git",
-        "url": "https://github.com/gemal/node-check-package-lock"
+        "url": "https://github.com/gemal/node-check-package-lock.git"
     },
     "scripts": {
         "test": "mocha"
     },
-    "author": "Henrik Gemal <henrik@gemal.dk> (http://gemal.dk/)",
+    "type": "module",
+    "author": "Henrik Gemal <henrik@gemal.dk> (https://gemal.dk/)",
     "license": "MIT",
     "bin": {
         "check-package-lock": "index.js"
@@ -30,18 +31,16 @@
     ],
     "homepage": "https://github.com/gemal/node-check-package-lock",
     "dependencies": {
-        "commander": "^9.0.0"
+        "commander": "^12.1.0"
     },
     "devDependencies": {
-        "chai": "^4.3.4",
+        "@eslint/js": "^9.13.0",
+        "chai": "^5.1.2",
         "child_process": "^1.0.2",
-        "codecov": "^3.8.2",
-        "eslint": "^8.8.0",
-        "eslint-config-google": "^0.14.0",
+        "eslint": "^9.13.0",
         "expect": "^29.2.2",
-        "lintspaces-cli": "^0.7.1",
+        "globals": "^15.11.0",
         "mocha": "^10.0.0",
-        "nyc": "^15.1.0",
-        "snyk": "^1.594.0"
+        "nyc": "^17.1.0"
     }
 }

package/renovate.json

@@ -0,0 +1,6 @@
+{
+    "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+    "extends": [
+        "config:recommended"
+    ]
+}

package/test/index.js

@@ -1,115 +1,56 @@
-#!/usr/bin/env node
+import { expect } from 'chai';
+import path from 'path';
+import { exec } from "node:child_process";
+import { fileURLToPath } from 'url';
 
-'use strict';
-
-const assert = require('assert');
-const path = require('path');
-const spawn = require('child_process').spawn;
-const expect = require('chai').expect;
+// Define __filename and __dirname in ES modules
+const __filename = fileURLToPath(import.meta.url);
+const __dirname = path.dirname(__filename);
 
 describe('index.js', function() {
-    // eslint-disable-next-line no-invalid-this
     this.timeout(8000);
 
-    it('should exit 1 having problems', function(done) {
-        let out = '';
-        spawn('node', [path.join(__dirname, '../index.js'), '--folder', 'test/test1'], {
-            cwd: path.join(__dirname, '../'),
-        }).on('exit', function(code) {
-            assert.strictEqual(code, 1);
-            expect(out).to.match(/package-lock.json is NOT OK/);
-            expect(out).to.match(/Delete the node_modules folder/);
+    function runTest(args, expectedExitCode, expectedOutput, done) {
+        const command = `node ${path.join(__dirname, '../index.js')} ${args.join(' ')}`;
+        exec(command, { cwd: path.join(__dirname, '../') }, (error, stdout) => {
+            if (error) {
+                expect(error.code).to.equal(expectedExitCode);
+            } else {
+                expect(stdout).to.match(expectedOutput);
+            }
             done();
-        }).stdout.on('data', function(data) {
-            out += data;
         });
+    }
+
+    it('should exit 1 having problems', function(done) {
+        runTest(['--folder', 'test/test1'], 1, /package-lock.json is NOT OK/, done);
     });
 
     it('should exit 0 having no problems', function(done) {
-        let out = '';
-        spawn('node', [path.join(__dirname, '../index.js'), '--folder', 'test/test2'], {
-            cwd: path.join(__dirname, '../'),
-        }).on('exit', function(code) {
-            assert.strictEqual(code, 0);
-            expect(out).to.match(/package-lock.json is OK/);
-            done();
-        }).stdout.on('data', function(data) {
-            out += data;
-        });
+        runTest(['--folder', 'test/test2'], 0, /package-lock.json is OK/, done);
     });
 
     it('should exit 0 having no problems with slash', function(done) {
-        let out = '';
-        spawn('node', [path.join(__dirname, '../index.js'), '--folder', 'test/test2/'], {
-            cwd: path.join(__dirname, '../'),
-        }).on('exit', function(code) {
-            assert.strictEqual(code, 0);
-            expect(out).to.match(/package-lock.json is OK/);
-            done();
-        }).stdout.on('data', function(data) {
-            out += data;
-        });
+        runTest(['--folder', 'test/test2/'], 0, /package-lock.json is OK/, done);
     });
 
     it('should exit 0 having no problems without folder', function(done) {
-        let out = '';
-        spawn('node', [path.join(__dirname, '../index.js')], {
-            cwd: path.join(__dirname, '../'),
-        }).on('exit', function(code) {
-            assert.strictEqual(code, 0);
-            expect(out).to.match(/package-lock.json is OK/);
-            done();
-        }).stdout.on('data', function(data) {
-            out += data;
-        });
+        runTest([], 0, /package-lock.json is OK/, done);
     });
 
     it('should exit 1 having problems', function(done) {
-        let out = '';
-        spawn('node', [path.join(__dirname, '../index.js'), '--folder', 'test/test3'], {
-            cwd: path.join(__dirname, '../'),
-        }).on('exit', function(code) {
-            assert.strictEqual(code, 1);
-            expect(out).to.match(/package-lock.json is NOT OK/);
-            expect(out).to.match(/Delete the node_modules folder/);
-            done();
-        }).stdout.on('data', function(data) {
-            out += data;
-        });
+        runTest(['--folder', 'test/test3'], 1, /package-lock.json is NOT OK/, done);
     });
 
     it('should exit 1 having problems with no file', function(done) {
-        let out = '';
-        spawn('node', [path.join(__dirname, '../index.js'), '--folder', 'test'], {
-            cwd: path.join(__dirname, '../'),
-        }).on('exit', function(code) {
-            assert.strictEqual(code, 2);
-            expect(out).to.match(/package-lock.json does not exists/);
-            done();
-        }).stdout.on('data', function(data) {
-            out += data;
-        });
+        runTest(['--folder', 'test'], 2, /package-lock.json does not exists/, done);
     });
 
     it('should exit 3 if folder does not exist', function(done) {
-        spawn('node', [path.join(__dirname, '../index.js'), '--folder', '404'], {
-            cwd: path.join(__dirname, '../'),
-        }).on('exit', function(code) {
-            assert.strictEqual(code, 3);
-        }).stdout.on('data', function(data) {
-            assert.strictEqual(data.toString(), 'Oops! Folder does not exists: 404\n');
-            done();
-        });
+        runTest(['--folder', '404'], 3, /Oops! Folder does not exists: 404\n/, done);
     });
 
     it('should exit 4 if folder is not a folder', function(done) {
-        spawn('node', [path.join(__dirname, '../index.js'), '--folder', 'test/index.js'], {
-            cwd: path.join(__dirname, '../'),
-        }).on('exit', function(code) {
-            assert.strictEqual(code, 4);
-        }).stdout.on('data', function(data) {
-            assert.strictEqual(data.toString(), 'Oops! Folder is not a real folder: test/index.js\n');
-            done();
-        });
+        runTest(['--folder', 'test/index.js'], 4, /Oops! Folder is not a real folder: test\/index.js\n/, done);
     });
 });

package/.circleci/config.yml

@@ -1,47 +0,0 @@
-version: 2
-jobs:
-  build:
-    docker:
-      # Use node image
-      - image: circleci/node
-
-    # code folder
-    working_directory: ~/repo
-
-    steps:
-      # check out code
-      - checkout
-
-      # restore cache dependencies
-      - restore_cache:
-          keys:
-            - v1-dependencies-{{ checksum "package.json" }}
-            # fallback to using the latest cache if no exact match is found
-            - v1-dependencies-
-
-      # install and cache packages
-      - run: npm install
-      - save_cache:
-          paths:
-            - node_modules
-          key: v1-dependencies-{{ checksum "package.json" }}
-
-      # audit the packages
-      - run: npm audit
-      - run: npm ls
-
-      # security test
-      - run: ./node_modules/.bin/snyk test
-
-      # correct line endings
-      - run: find ./ -path ./node_modules -prune -o -name '*.css' -o -name '*.json' -o -name '*.md' -o -name '*.js' -o -name '*.yml' | xargs ./node_modules/.bin/lintspaces --endofline 'lf' --newline --trailingspaces --verbose
-
-      # lint
-      - run: ./node_modules/.bin/eslint '*.js' 'test/*.js'
-
-      # run tests
-      - run: ./node_modules/.bin/nyc npm test
-
-      # upload code coverage
-      - run: ./node_modules/.bin/nyc report --reporter=text-lcov > coverage.lcov
-      - run: ./node_modules/.bin/codecov

package/.eslintrc.json

@@ -1,20 +0,0 @@
-{
-    "env": {
-        "es6": true,
-        "node": true
-    },
-    "extends": ["eslint:recommended", "google"],
-    "globals": {
-        "Atomics": "readonly",
-        "SharedArrayBuffer": "readonly",
-        "it": true,
-        "describe": true
-    },
-    "parserOptions": {
-        "ecmaVersion": 2018
-    },
-    "rules": {
-      "max-len": ["error", {"code": 120}],
-      "indent": ["error", 4]
-    }
-}