check-package-lock 1.11.0 → 1.13.0

package/.claude/settings.local.json

@@ -0,0 +1,9 @@
+{
+  "permissions": {
+    "allow": [
+      "Bash(npm show *)",
+      "Bash(./node_modules/.bin/eslint '*.js' 'test/*.js')",
+      "Bash(npm test *)"
+    ]
+  }
+}

package/.editorconfig

@@ -1,16 +1,16 @@
-; This file is for unifying the coding style for different editors and IDEs.
-; More information at https://editorconfig.org
-
-root = true
-
-[*]
-charset = utf-8
-end_of_line = lf
-indent_size = 4
-indent_style = space
-insert_final_newline = true
-trim_trailing_whitespace = true
-
-[*.yml]
-indent_style = space
-indent_size = 2
+; This file is for unifying the coding style for different editors and IDEs.
+; More information at https://editorconfig.org
+
+root = true
+
+[*]
+charset = utf-8
+end_of_line = lf
+indent_size = 4
+indent_style = space
+insert_final_newline = true
+trim_trailing_whitespace = true
+
+[*.yml]
+indent_style = space
+indent_size = 2

package/.gitattributes

@@ -0,0 +1,8 @@
+# all files must use unix line delimiters
+* text eol=lf
+
+# binary
+*.jpg binary
+*.webp binary
+*.heic binary
+*.png binary

package/.github/dependabot.yml

@@ -1,11 +1,16 @@
-# To get started with Dependabot version updates, you'll need to specify which
-# package ecosystems to update and where the package manifests are located.
-# Please see the documentation for all configuration options:
-# https://help.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
-
-version: 2
-updates:
-  - package-ecosystem: "npm"
-    directory: "/"
-    schedule:
-      interval: "daily"
+version: 2
+updates:
+  - package-ecosystem: github-actions
+    directory: /
+    schedule:
+      interval: daily
+    cooldown:
+      default-days: 7
+    open-pull-requests-limit: 10
+  - package-ecosystem: npm
+    directory: /
+    schedule:
+      interval: daily
+    cooldown:
+      default-days: 7
+    open-pull-requests-limit: 10

package/.github/workflows/ci.yml

@@ -0,0 +1,96 @@
+name: CI
+
+on:
+  push:
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+permissions: {}
+
+jobs:
+  build:
+    name: Build and Test
+    runs-on: ubuntu-latest
+    environment: Development
+    permissions:
+      contents: read
+      security-events: write # to report vulnerabilities
+
+    steps:
+      - name: Harden Runner
+        uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4
+        # https://github.com/step-security/harden-runner/releases
+        with:
+          egress-policy: audit
+
+      - name: Checkout repository
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        # https://github.com/actions/checkout/releases
+        with:
+          persist-credentials: false
+
+      - name: Run zizmor
+        uses: zizmorcore/zizmor-action@5f14fd08f7cf1cb1609c1e344975f152c7ee938d # v0.5.6
+        # https://github.com/zizmorcore/zizmor-action/releases
+        with:
+          persona: pedantic
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Run CVE Lite CLI
+        uses: OWASP/cve-lite-cli@b4a69139a2f62ec3a9a85782c146ff702055d7f2 # v1.23.1
+        # https://github.com/OWASP/cve-lite-cli/releases
+        with:
+          fail-on: critical
+
+      - name: Setup Node.js
+        uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
+        # https://github.com/actions/setup-node/releases
+        with:
+          node-version: "lts/*"
+          cache: npm
+
+      - name: Install safe-chain
+        run: curl --fail --silent --show-error --retry 3 --location https://github.com/AikidoSec/safe-chain/releases/latest/download/install-safe-chain.sh | sh -s -- --ci
+
+      # this must fail if safe-chain is working
+      - name: Test safe-chain
+        run: |
+          npm safe-chain-verify
+          ! npm install safe-chain-test
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Run Snyk to check for vulnerabilities
+        uses: snyk/actions/node@9adf32b1121593767fc3c057af55b55db032dc04 # v1.0.0
+        # https://github.com/snyk/actions/releases
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+
+      - name: Check line endings
+        uses: fernandrone/linelint@7907a5dca0c28ea7dd05c6d8d8cacded713aca11 # 0.0.6
+        # https://github.com/fernandrone/linelint/releases
+
+      - name: Check EOL
+        uses: AODocs/check-eol@88fd9052e8ea211254a4de371011026603a329dc # v1.1
+        # https://github.com/AODocs/check-eol/releases
+
+      - name: Lint
+        run: ./node_modules/.bin/eslint '*.js' 'test/*.js'
+
+      - name: Run tests with coverage
+        run: ./node_modules/.bin/nyc npm test
+
+      - name: Generate coverage report
+        run: ./node_modules/.bin/nyc report --reporter=text-lcov > coverage.lcov
+
+      - name: Upload coverage to Codecov
+        uses: codecov/codecov-action@fb8b3582c8e4def4969c97caa2f19720cb33a72f # v7.0.0
+        # https://github.com/codecov/codecov-action/releases
+        with:
+          fail_ci_if_error: true
+        env:
+          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}

package/.github/workflows/scorecard.yml

@@ -0,0 +1,55 @@
+name: Scorecard supply-chain security
+on:
+  # For Branch-Protection check. Only the default branch is supported. See
+  # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection
+  branch_protection_rule:
+  # To guarantee Maintained check is occasionally updated. See
+  # https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained
+  schedule:
+    - cron: '32 5 * * 0'
+  push:
+    branches: [ "main" ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+# Declare default permissions as read only.
+permissions: {}
+
+jobs:
+  analysis:
+    name: Scorecard analysis
+    runs-on: ubuntu-latest
+    # `publish_results: true` only works when run from the default branch. conditional can be removed if disabled.
+    if: github.event.repository.default_branch == github.ref_name || github.event_name == 'pull_request'
+    permissions:
+      security-events: write # Needed to upload the results to code-scanning dashboard.
+      id-token: write # Needed to publish results and get a badge (see publish_results below).
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        with:
+          persist-credentials: false
+
+      - name: Run analysis
+        uses: ossf/scorecard-action@4eaacf0543bb3f2c246792bd56e8cdeffafb205a # v2.4.3
+        with:
+          results_file: results.sarif
+          results_format: sarif
+          publish_results: true
+
+      - name: Upload artifacts
+        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
+        # https://github.com/actions/upload-artifact/releases
+        with:
+          name: SARIF file
+          path: results.sarif
+          retention-days: 5
+
+      - name: Upload to code-scanning
+        uses: github/codeql-action/upload-sarif@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2
+        # https://github.com/github/codeql-action/releases
+        with:
+          sarif_file: results.sarif

package/.linelint.yml

@@ -0,0 +1,10 @@
+# list of paths to ignore, uses gitignore syntaxes (executes before any rule)
+ignore:
+  - node_modules/
+rules:
+  # checks if file ends in a newline character
+  end-of-file:
+    # set to true to enable this rule
+    enable: true
+    # if true also checks if file ends in a single newline character
+    single-new-line: true

package/LICENSE

@@ -1,22 +1,21 @@
-MIT License
-
-Copyright (c) 2019 Henrik Gemal
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.
-
+MIT License
+
+Copyright (c) 2019 Henrik Gemal
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -1,46 +1,42 @@
-# check-package-lock
-Checks the package-lock.json file for http:// links
-
-## What does it do?
-check-package-lock can check if the package-lock.json file contain insecure http:// links
-
-## Usage
-To check the package-lock.json file in the current folder:
-```
-npm install -g check-package-lock
-check-package-lock
-```
-
-To check the package-lock.json file in another folder:
-```
-npm install -g check-package-lock
-check-package-lock --folder 'nodefolder'
-```
-
-## Exit codes
-```
-0 = No errors
-1 = Errors were founds in the package-lock.json files
-2 = package-lock.json was not found
-3 = Folder specified does not exists
-4 = Folder specified is not a folder
-```
-
-## CI - Continuous Integration
-check-package-lock can be used in CI environments to check your package-lock.json file before merging a pull request
-
-## Badges
-
-[![CircleCI](https://circleci.com/gh/gemal/node-check-package-lock.svg?style=svg)](https://circleci.com/gh/gemal/node-check-package-lock)
-
-[![codecov](https://codecov.io/gh/gemal/node-check-package-lock/branch/master/graph/badge.svg)](https://codecov.io/gh/gemal/node-check-package-lock)
-
-[![StyleCI](https://github.styleci.io/repos/183420925/shield)](https://github.styleci.io/repos/183420925)
-
-[![Known Vulnerabilities](https://snyk.io/test/github/gemal/node-check-package-lock/badge.svg)](https://snyk.io/test/github/gemal/node-check-package-lock)
-
-[![Total alerts](https://img.shields.io/lgtm/alerts/g/gemal/node-check-package-lock.svg?logo=lgtm&logoWidth=18)](https://lgtm.com/projects/g/gemal/node-check-package-lock/alerts/)
-
-[![CodeFactor](https://www.codefactor.io/repository/github/gemal/node-check-package-lock/badge)](https://www.codefactor.io/repository/github/gemal/node-check-package-lock)
-
-[![DeepScan grade](https://deepscan.io/api/teams/14204/projects/17307/branches/392368/badge/grade.svg)](https://deepscan.io/dashboard#view=project&tid=14204&pid=17307&bid=392368)
+# check-package-lock
+Checks the package-lock.json file for http:// links
+
+## What does it do?
+check-package-lock can check if the package-lock.json file contain insecure http:// links
+
+## Usage
+To check the package-lock.json file in the current folder:
+```
+npm install -g check-package-lock
+check-package-lock
+```
+
+To check the package-lock.json file in another folder:
+```
+npm install -g check-package-lock
+check-package-lock --folder 'nodefolder'
+```
+
+## Exit codes
+```
+0 = No errors
+1 = Errors were founds in the package-lock.json files
+2 = package-lock.json was not found
+3 = Folder specified does not exists
+4 = Folder specified is not a folder
+```
+
+## CI - Continuous Integration
+check-package-lock can be used in CI environments to check your package-lock.json file before merging a pull request
+
+## Badges
+
+[![codecov](https://codecov.io/gh/gemal/node-check-package-lock/branch/master/graph/badge.svg)](https://codecov.io/gh/gemal/node-check-package-lock)
+
+[![StyleCI](https://github.styleci.io/repos/183420925/shield)](https://github.styleci.io/repos/183420925)
+
+[![Known Vulnerabilities](https://snyk.io/test/github/gemal/node-check-package-lock/badge.svg)](https://snyk.io/test/github/gemal/node-check-package-lock)
+
+[![CodeFactor](https://www.codefactor.io/repository/github/gemal/node-check-package-lock/badge)](https://www.codefactor.io/repository/github/gemal/node-check-package-lock)
+
+[![DeepScan grade](https://deepscan.io/api/teams/14204/projects/17307/branches/392368/badge/grade.svg)](https://deepscan.io/dashboard#view=project&tid=14204&pid=17307&bid=392368)

package/index.js

@@ -1,68 +1,49 @@
-#!/usr/bin/env node
-
-'use strict';
-
-import fs from 'fs';
-import path from 'path';
-import { program } from 'commander';
-import { fileURLToPath } from 'url';
-
-// Define __filename and __dirname for ES modules
-const __filename = fileURLToPath(import.meta.url);
-const __dirname = path.dirname(__filename);
-
-/**
- * Check a folder.
- * @return {number}
- */
-function checkFolder() {
-    let fullpath = '';
-    if (options.folder) {
-        fullpath = options.folder + path.sep;
-    }
-    const pack = fullpath + 'package-lock.json';
-    if (fs.existsSync(pack)) {
-        const filecontent = fs.readFileSync(pack, { encoding: 'utf-8' });
-        if (filecontent.indexOf('http://registry.npmjs.org') > -1) { // lgtm [js/incomplete-url-substring-sanitization]
-            console.log(pack + ' is NOT OK. It contains references to http://registry.npmjs.org');
-            console.log('In order to fix this do:');
-            console.log('- Delete the package-lock.json file');
-            console.log('- Delete the node_modules folder');
-            console.log('- Run <npm cache clean --force>');
-            console.log('- Run <npm install>');
-            return 1;
-        } else {
-            console.log(pack + ' is OK');
-            return 0;
-        }
-    } else {
-        console.log(pack + ' does not exist');
-        return 2;
-    }
-}
-
-program
-    .version(JSON.parse(fs.readFileSync(path.join(__dirname, 'package.json'))).version)
-    .description('Checks the package-lock.json file for http:// links')
-    .option('-f, --folder <folder>', 'Folder with package-lock.json file')
-    .parse(process.argv);
-
-const options = program.opts();
-if (options.folder) {
-    if (fs.existsSync(options.folder)) {
-        const stats = fs.statSync(options.folder);
-        if (stats.isDirectory()) {
-            const err = checkFolder();
-            process.exitCode = err;
-        } else {
-            console.log('Oops! Folder is not a real folder: ' + options.folder);
-            process.exitCode = 4;
-        }
-    } else {
-        console.log('Oops! Folder does not exist: ' + options.folder);
-        process.exitCode = 3;
-    }
-} else {
-    const err = checkFolder();
-    process.exitCode = err;
-}
+#!/usr/bin/env node
+
+import fs from 'node:fs';
+import path from 'node:path';
+import { program } from 'commander';
+import { fileURLToPath } from 'node:url';
+
+const __dirname = path.dirname(fileURLToPath(import.meta.url));
+
+function checkFolder(folder) {
+    const packPath = folder ? path.join(folder, 'package-lock.json') : 'package-lock.json';
+    if (!fs.existsSync(packPath)) {
+        console.log(`${packPath} does not exist`);
+        return 2;
+    }
+    const filecontent = fs.readFileSync(packPath, { encoding: 'utf-8' });
+    if (/"http:\/\/registry\.npmjs\.org[/"']/.test(filecontent)) {
+        console.log(`${packPath} is NOT OK. It contains references to http://registry.npmjs.org`);
+        console.log('In order to fix this do:');
+        console.log('- Delete the package-lock.json file');
+        console.log('- Delete the node_modules folder');
+        console.log('- Run <npm cache clean --force>');
+        console.log('- Run <npm install>');
+        return 1;
+    }
+    console.log(`${packPath} is OK`);
+    return 0;
+}
+
+program
+    .version(JSON.parse(fs.readFileSync(path.join(__dirname, 'package.json'))).version)
+    .description('Checks the package-lock.json file for http:// links')
+    .option('-f, --folder <folder>', 'Folder with package-lock.json file')
+    .parse(process.argv);
+
+const options = program.opts();
+if (options.folder) {
+    if (!fs.existsSync(options.folder)) {
+        console.log(`Oops! Folder does not exist: ${options.folder}`);
+        process.exitCode = 3;
+    } else if (!fs.statSync(options.folder).isDirectory()) {
+        console.log(`Oops! Folder is not a real folder: ${options.folder}`);
+        process.exitCode = 4;
+    } else {
+        process.exitCode = checkFolder(options.folder);
+    }
+} else {
+    process.exitCode = checkFolder();
+}

package/package.json

@@ -1,49 +1,47 @@
-{
-    "name": "check-package-lock",
-    "version": "1.11.0",
-    "description": "Checks the package-lock.json file for insecure http:// links",
-    "main": "index.js",
-    "repository": {
-        "type": "git",
-        "url": "https://github.com/gemal/node-check-package-lock"
-    },
-    "scripts": {
-        "test": "mocha"
-    },
-    "type": "module",
-    "author": "Henrik Gemal <henrik@gemal.dk> (http://gemal.dk/)",
-    "license": "MIT",
-    "bin": {
-        "check-package-lock": "index.js"
-    },
-    "bugs": {
-        "url": "https://github.com/gemal/node-check-package-lock/issues"
-    },
-    "keywords": [
-        "package",
-        "package-lock",
-        "check",
-        "cli",
-        "lock",
-        "http",
-        "automate",
-        "ci"
-    ],
-    "homepage": "https://github.com/gemal/node-check-package-lock",
-    "dependencies": {
-        "commander": "^12.1.0"
-    },
-    "devDependencies": {
-        "@eslint/js": "^9.13.0",
-        "chai": "^5.1.2",
-        "child_process": "^1.0.2",
-        "codecov": "^3.8.2",
-        "eslint": "^9.13.0",
-        "expect": "^29.2.2",
-        "globals": "^15.11.0",
-        "lintspaces-cli": "^1.0.0",
-        "mocha": "^10.0.0",
-        "nyc": "^17.1.0",
-        "snyk": "^1.594.0"
-    }
-}
+{
+    "name": "check-package-lock",
+    "version": "1.13.0",
+    "description": "Checks the package-lock.json file for insecure http:// links",
+    "main": "index.js",
+    "repository": {
+        "type": "git",
+        "url": "https://github.com/gemal/node-check-package-lock.git"
+    },
+    "scripts": {
+        "test": "mocha",
+        "eslint": "eslint *.js test/*.js"
+    },
+    "type": "module",
+    "author": "Henrik Gemal <henrik@gemal.dk> (https://gemal.dk/)",
+    "license": "MIT",
+    "bin": {
+        "check-package-lock": "index.js"
+    },
+    "bugs": {
+        "url": "https://github.com/gemal/node-check-package-lock/issues"
+    },
+    "keywords": [
+        "package",
+        "package-lock",
+        "check",
+        "cli",
+        "lock",
+        "http",
+        "automate",
+        "ci"
+    ],
+    "homepage": "https://github.com/gemal/node-check-package-lock",
+    "dependencies": {
+        "commander": "^15.0.0"
+    },
+    "devDependencies": {
+        "@eslint/js": "^10.0.1",
+        "chai": "^6.2.2",
+        "child_process": "^1.0.2",
+        "eslint": "^10.5.0",
+        "expect": "^30.4.1",
+        "globals": "^17.6.0",
+        "mocha": "^11.7.6",
+        "nyc": "^18.0.0"
+    }
+}

package/renovate.json

@@ -0,0 +1,6 @@
+{
+    "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+    "extends": [
+        "config:recommended"
+    ]
+}

package/test/index.js

@@ -1,56 +1,52 @@
-import { expect } from 'chai';
-import path from 'path';
-import { exec } from "node:child_process";
-import { fileURLToPath } from 'url';
-
-// Define __filename and __dirname in ES modules
-const __filename = fileURLToPath(import.meta.url);
-const __dirname = path.dirname(__filename);
-
-describe('index.js', function() {
-    this.timeout(8000);
-
-    function runTest(args, expectedExitCode, expectedOutput, done) {
-        const command = `node ${path.join(__dirname, '../index.js')} ${args.join(' ')}`;
-        exec(command, { cwd: path.join(__dirname, '../') }, (error, stdout) => {
-            if (error) {
-                expect(error.code).to.equal(expectedExitCode);
-            } else {
-                expect(stdout).to.match(expectedOutput);
-            }
-            done();
-        });
-    }
-
-    it('should exit 1 having problems', function(done) {
-        runTest(['--folder', 'test/test1'], 1, /package-lock.json is NOT OK/, done);
-    });
-
-    it('should exit 0 having no problems', function(done) {
-        runTest(['--folder', 'test/test2'], 0, /package-lock.json is OK/, done);
-    });
-
-    it('should exit 0 having no problems with slash', function(done) {
-        runTest(['--folder', 'test/test2/'], 0, /package-lock.json is OK/, done);
-    });
-
-    it('should exit 0 having no problems without folder', function(done) {
-        runTest([], 0, /package-lock.json is OK/, done);
-    });
-
-    it('should exit 1 having problems', function(done) {
-        runTest(['--folder', 'test/test3'], 1, /package-lock.json is NOT OK/, done);
-    });
-
-    it('should exit 1 having problems with no file', function(done) {
-        runTest(['--folder', 'test'], 2, /package-lock.json does not exists/, done);
-    });
-
-    it('should exit 3 if folder does not exist', function(done) {
-        runTest(['--folder', '404'], 3, /Oops! Folder does not exists: 404\n/, done);
-    });
-
-    it('should exit 4 if folder is not a folder', function(done) {
-        runTest(['--folder', 'test/index.js'], 4, /Oops! Folder is not a real folder: test\/index.js\n/, done);
-    });
-});
+import { expect } from 'chai';
+import path from 'node:path';
+import { exec } from 'node:child_process';
+import { fileURLToPath } from 'node:url';
+
+const __dirname = path.dirname(fileURLToPath(import.meta.url));
+
+describe('index.js', function() {
+    this.timeout(8000);
+
+    function runTest(args, expectedExitCode, expectedOutput, done) {
+        const command = `node ${path.join(__dirname, '../index.js')} ${args.join(' ')}`;
+        exec(command, { cwd: path.join(__dirname, '../') }, (error, stdout) => {
+            const exitCode = error ? error.code : 0;
+            expect(exitCode).to.equal(expectedExitCode);
+            expect(stdout).to.match(expectedOutput);
+            done();
+        });
+    }
+
+    it('should exit 1 having problems in test1', function(done) {
+        runTest(['--folder', 'test/test1'], 1, /package-lock.json is NOT OK/, done);
+    });
+
+    it('should exit 0 having no problems', function(done) {
+        runTest(['--folder', 'test/test2'], 0, /package-lock.json is OK/, done);
+    });
+
+    it('should exit 0 having no problems with slash', function(done) {
+        runTest(['--folder', 'test/test2/'], 0, /package-lock.json is OK/, done);
+    });
+
+    it('should exit 0 having no problems without folder', function(done) {
+        runTest([], 0, /package-lock.json is OK/, done);
+    });
+
+    it('should exit 1 having problems in test3', function(done) {
+        runTest(['--folder', 'test/test3'], 1, /package-lock.json is NOT OK/, done);
+    });
+
+    it('should exit 2 having problems with no file', function(done) {
+        runTest(['--folder', 'test'], 2, /package-lock.json does not exist/, done);
+    });
+
+    it('should exit 3 if folder does not exist', function(done) {
+        runTest(['--folder', '404'], 3, /Oops! Folder does not exist: 404/, done);
+    });
+
+    it('should exit 4 if folder is not a folder', function(done) {
+        runTest(['--folder', 'test/index.js'], 4, /Oops! Folder is not a real folder: test\/index.js/, done);
+    });
+});

package/.circleci/config.yml

@@ -1,47 +0,0 @@
-version: 2
-jobs:
-  build:
-    docker:
-      # Use node image
-      - image: cimg/node:lts
-
-    # code folder
-    working_directory: ~/repo
-
-    steps:
-      # check out code
-      - checkout
-
-      # restore cache dependencies
-      - restore_cache:
-          keys:
-            - v1-dependencies-{{ checksum "package.json" }}
-            # fallback to using the latest cache if no exact match is found
-            - v1-dependencies-
-
-      # install and cache packages
-      - run: npm install
-      - save_cache:
-          paths:
-            - node_modules
-          key: v1-dependencies-{{ checksum "package.json" }}
-
-      # audit the packages
-      - run: npm audit
-      - run: npm ls
-
-      # security test
-      - run: ./node_modules/.bin/snyk test
-
-      # correct line endings
-      - run: find ./ -path ./node_modules -prune -o -name '*.css' -o -name '*.json' -o -name '*.md' -o -name '*.js' -o -name '*.yml' | xargs ./node_modules/.bin/lintspaces --endofline 'lf' --newline --trailingspaces --verbose
-
-      # lint
-      - run: ./node_modules/.bin/eslint '*.js' 'test/*.js'
-
-      # run tests
-      - run: ./node_modules/.bin/nyc npm test
-
-      # upload code coverage
-      - run: ./node_modules/.bin/nyc report --reporter=text-lcov > coverage.lcov
-      - run: ./node_modules/.bin/codecov

package/.eslintrc.json

@@ -1,20 +0,0 @@
-{
-    "env": {
-        "es6": true,
-        "node": true
-    },
-    "extends": ["eslint:recommended", "google"],
-    "globals": {
-        "Atomics": "readonly",
-        "SharedArrayBuffer": "readonly",
-        "it": true,
-        "describe": true
-    },
-    "parserOptions": {
-        "ecmaVersion": 2018
-    },
-    "rules": {
-      "max-len": ["error", {"code": 120}],
-      "indent": ["error", 4]
-    }
-}