npq 2.2.0 → 2.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.github/mergify.yml +17 -0
- package/.github/workflows/main.yml +8 -3
- package/README.md +11 -10
- package/__tests__/__fixtures__/test.marshall.js +6 -6
- package/__tests__/marshalls.base.test.js +1 -1
- package/__tests__/marshalls.expiredDomains.test.js +100 -0
- package/__tests__/marshalls.tasks.test.js +1 -1
- package/__tests__/packageManager.test.js +1 -1
- package/bin/npq-hero.js +1 -1
- package/lib/cliCommons.js +2 -2
- package/lib/helpers/packageRepoUtils.js +9 -9
- package/lib/marshall.js +7 -7
- package/lib/marshalls/age.marshall.js +3 -3
- package/lib/marshalls/author.marshall.js +3 -3
- package/lib/marshalls/baseMarshall.js +12 -19
- package/lib/marshalls/downloads.marshall.js +3 -3
- package/lib/marshalls/expiredDomains.marshall.js +46 -0
- package/lib/marshalls/index.js +9 -9
- package/lib/marshalls/license.marshall.js +3 -3
- package/lib/marshalls/readme.marshall.js +3 -3
- package/lib/marshalls/repo.marshall.js +3 -3
- package/lib/marshalls/scripts.marshall.js +3 -3
- package/lib/marshalls/signatures.marshall.js +62 -0
- package/lib/marshalls/snyk.marshall.js +7 -7
- package/lib/packageManager.js +11 -11
- package/package.json +14 -7
|
@@ -0,0 +1,17 @@
|
|
|
1
|
+
queue_rules:
|
|
2
|
+
- name: Snyk PRs Queue
|
|
3
|
+
conditions:
|
|
4
|
+
- "check-success ~= .*"
|
|
5
|
+
|
|
6
|
+
pull_request_rules:
|
|
7
|
+
- name: Automatic merge Snyk PRs on Status Checks passing
|
|
8
|
+
conditions:
|
|
9
|
+
- title~=^\[Snyk\]
|
|
10
|
+
- head~=^snyk-fix
|
|
11
|
+
- base=main
|
|
12
|
+
actions:
|
|
13
|
+
queue:
|
|
14
|
+
name: "Snyk PRs Queue"
|
|
15
|
+
label:
|
|
16
|
+
add:
|
|
17
|
+
- "auto-merge"
|
|
@@ -7,7 +7,7 @@ jobs:
|
|
|
7
7
|
strategy:
|
|
8
8
|
matrix:
|
|
9
9
|
platform: [ubuntu-latest]
|
|
10
|
-
node: ['12', '14']
|
|
10
|
+
node: ['12', '14', '16', '18']
|
|
11
11
|
name: Node ${{ matrix.node }} (${{ matrix.platform }})
|
|
12
12
|
runs-on: ${{ matrix.platform }}
|
|
13
13
|
steps:
|
|
@@ -37,13 +37,18 @@ jobs:
|
|
|
37
37
|
release:
|
|
38
38
|
name: do semantic release
|
|
39
39
|
runs-on: 'ubuntu-latest'
|
|
40
|
+
permissions:
|
|
41
|
+
contents: write # to be able to publish a GitHub release
|
|
42
|
+
issues: write # to be able to comment on released issues
|
|
43
|
+
pull-requests: write # to be able to comment on released pull requests
|
|
44
|
+
id-token: write # to enable use of OIDC for npm provenance
|
|
40
45
|
needs: build
|
|
41
|
-
if: github.event_name == 'push' && github.ref == 'refs/heads/
|
|
46
|
+
if: github.event_name == 'push' && github.ref == 'refs/heads/main'
|
|
42
47
|
steps:
|
|
43
48
|
- uses: actions/checkout@v2
|
|
44
49
|
- uses: actions/setup-node@v2
|
|
45
50
|
with:
|
|
46
|
-
node-version: '
|
|
51
|
+
node-version: '18'
|
|
47
52
|
- name: install dependencies
|
|
48
53
|
run: yarn install --frozen-lockfile --ignore-engines --ignore-scripts
|
|
49
54
|
- name: release
|
package/README.md
CHANGED
|
@@ -1,13 +1,13 @@
|
|
|
1
1
|
<p align="center">
|
|
2
2
|
<br>
|
|
3
|
-
<img width="200" src="https://github.com/lirantal/npq/raw/
|
|
3
|
+
<img width="200" src="https://github.com/lirantal/npq/raw/main/.github/Logo%20Horizontal.png">
|
|
4
4
|
<br>
|
|
5
5
|
safely* install packages with npm/yarn by auditing them as part of your install process
|
|
6
6
|
</p>
|
|
7
7
|
|
|
8
8
|
[](https://www.npmjs.com/package/npq)
|
|
9
9
|
[](https://www.npmjs.com/package/npq)
|
|
10
|
-
[](https://codecov.io/gh/lirantal/npq)
|
|
11
11
|
[](https://github.com/lirantal/npq/workflows/unit-tests)
|
|
12
12
|
[](https://snyk.io/test/github/lirantal/npq)
|
|
13
13
|
[](./SECURITY.md)
|
|
@@ -15,7 +15,7 @@
|
|
|
15
15
|
|
|
16
16
|
[](https://snyk.io/advisor/npm-package/npq)
|
|
17
17
|
|
|
18
|
-

|
|
19
19
|
|
|
20
20
|
|
|
21
21
|
Media coverage about npq:
|
|
@@ -96,14 +96,15 @@ Note: `npq` by default will offload all commands and their arguments to the `npm
|
|
|
96
96
|
| readme | Will show a warning if a package has no README or it has been detected as a security placeholder package by npm staff
|
|
97
97
|
| repo | Will show a warning if a package has been found without a valid and working repository URL | Checks the latest version for a repository URL
|
|
98
98
|
| scripts | Will show a warning if a package has a pre/post install script which could potentially be malicious
|
|
99
|
-
| snyk | Will show a warning if a package has been found with vulnerabilities in
|
|
99
|
+
| snyk | Will show a warning if a package has been found with vulnerabilities in Snyk's database | For Snyk to work you need to either have the `snyk` npm package installed with a valid api token, or make the token available in the SNYK_TOKEN environment variable, and npq will use it
|
|
100
100
|
| license | Will show a warning if a package has been found without a license field | Checks the latest version for a license
|
|
101
|
+
| expired domains | Will show a warning if a package has been found with one of its maintainers having an email address that includes an expired domain | Checks a dependency version for a maintainer with an expired domain
|
|
101
102
|
|
|
102
103
|
### Disabling Marshalls
|
|
103
104
|
|
|
104
105
|
To disable a marshall altogether, set an environment variable using with the marshall's shortname.
|
|
105
106
|
|
|
106
|
-
Example, to disable
|
|
107
|
+
Example, to disable the Snyk vulnerability marshall:
|
|
107
108
|
|
|
108
109
|
```
|
|
109
110
|
MARSHALL_DISABLE_SNYK=1 npq install express
|
|
@@ -134,14 +135,14 @@ script:
|
|
|
134
135
|
* NPQ will audit a package for possible security issues, but it isn't a replacement for npm or yarn. When you choose to continue installing the package, it will offload the installation process to your choice of either npm or yarn.
|
|
135
136
|
2. **How is NPQ different from npm audit?**
|
|
136
137
|
* `npm install` will install a module even if it has vulnerabilities; NPQ will display the issues detected, and prompt the user for confirmation on whether to proceed installing it.
|
|
137
|
-
* NPQ will run
|
|
138
|
-
* `npm audit` is closer in functionality to what
|
|
139
|
-
3. **Do I require a
|
|
140
|
-
* It's not required. If NPQ is unable to detect a
|
|
138
|
+
* NPQ will run synthetic checks, called [marshalls](https://github.com/lirantal/npq#marshalls), on the characteristics of a module, such as whether the module you are going to install has a `pre-install` script which can be potentially harmful for your system and prompt you whether to install it. Whereas `npm audit` will not perform any such checks, and only consults a vulnerability database for known security issues.
|
|
139
|
+
* `npm audit` is closer in functionality to what Snyk does, rather than what NPQ does.
|
|
140
|
+
3. **Do I require a Snyk API key in order to use NPQ?**
|
|
141
|
+
* It's not required. If NPQ is unable to detect a Snyk API key for the user running NPQ, then it will skip the database vulnerabilities check. We do, however, greatly encourage you to use Snyk, and connect it with NPQ for broader security.
|
|
141
142
|
|
|
142
143
|
## Contributing
|
|
143
144
|
|
|
144
|
-
Please consult the [CONTRIBUTING](https://github.com/lirantal/npq/blob/
|
|
145
|
+
Please consult the [CONTRIBUTING](https://github.com/lirantal/npq/blob/main/CONTRIBUTING.md) for guidelines on contributing to this project
|
|
145
146
|
|
|
146
147
|
## Author
|
|
147
148
|
Liran Tal <liran.tal@gmail.com>
|
|
@@ -5,16 +5,16 @@ const BaseMarshall = require('../../lib/marshalls/baseMarshall')
|
|
|
5
5
|
const MARSHALL_NAME = 'test.marshall'
|
|
6
6
|
|
|
7
7
|
class TestMarshall extends BaseMarshall {
|
|
8
|
-
constructor
|
|
8
|
+
constructor(options) {
|
|
9
9
|
super(options)
|
|
10
10
|
this.name = MARSHALL_NAME
|
|
11
11
|
}
|
|
12
12
|
|
|
13
|
-
title
|
|
13
|
+
title() {
|
|
14
14
|
return 'A test marshall'
|
|
15
15
|
}
|
|
16
16
|
|
|
17
|
-
run
|
|
17
|
+
run(ctx, task) {
|
|
18
18
|
const tasks = ctx.pkgs.reduce((prevPkg, currPkg) => {
|
|
19
19
|
return prevPkg.concat(this.mockCheck(currPkg, ctx, task))
|
|
20
20
|
}, [])
|
|
@@ -22,7 +22,7 @@ class TestMarshall extends BaseMarshall {
|
|
|
22
22
|
return Promise.all(tasks)
|
|
23
23
|
}
|
|
24
24
|
|
|
25
|
-
mockCheck
|
|
25
|
+
mockCheck(pkg, ctx, task) {
|
|
26
26
|
return this.validateSomething(pkg)
|
|
27
27
|
.then(() => {
|
|
28
28
|
const data = 'mock data check'
|
|
@@ -39,7 +39,7 @@ class TestMarshall extends BaseMarshall {
|
|
|
39
39
|
})
|
|
40
40
|
}
|
|
41
41
|
|
|
42
|
-
validateSomething
|
|
42
|
+
validateSomething(pkg) {
|
|
43
43
|
if (pkg === 'express' || pkg === 'semver') {
|
|
44
44
|
return Promise.resolve()
|
|
45
45
|
} else {
|
|
@@ -47,7 +47,7 @@ class TestMarshall extends BaseMarshall {
|
|
|
47
47
|
}
|
|
48
48
|
}
|
|
49
49
|
|
|
50
|
-
validate
|
|
50
|
+
validate(pkg) {
|
|
51
51
|
if (pkg === 'express' || pkg === 'semver') {
|
|
52
52
|
return Promise.resolve('validation-result')
|
|
53
53
|
} else {
|
|
@@ -27,7 +27,7 @@ test('checkPackage returns validation data if it was a success', async () => {
|
|
|
27
27
|
expect(result).toEqual('validation-result')
|
|
28
28
|
})
|
|
29
29
|
|
|
30
|
-
test('checkPackage sets the error property if the
|
|
30
|
+
test('checkPackage sets the error property if the validation failed', async () => {
|
|
31
31
|
const testMarshall = new TestMarshall({
|
|
32
32
|
packageRepoUtils: null
|
|
33
33
|
})
|
|
@@ -0,0 +1,100 @@
|
|
|
1
|
+
const ExpiredDomainsMarshall = require('../lib/marshalls/expiredDomains.marshall')
|
|
2
|
+
|
|
3
|
+
const testMarshall = new ExpiredDomainsMarshall({
|
|
4
|
+
packageRepoUtils: {
|
|
5
|
+
getPackageInfo: (pkgInfo) => {
|
|
6
|
+
return new Promise((resolve) => {
|
|
7
|
+
resolve(pkgInfo)
|
|
8
|
+
})
|
|
9
|
+
}
|
|
10
|
+
}
|
|
11
|
+
})
|
|
12
|
+
|
|
13
|
+
describe('Expired domains test suites', () => {
|
|
14
|
+
beforeEach(() => {
|
|
15
|
+
jest.clearAllMocks()
|
|
16
|
+
jest.resetAllMocks()
|
|
17
|
+
})
|
|
18
|
+
|
|
19
|
+
test('has the right title', async () => {
|
|
20
|
+
expect(testMarshall.title()).toEqual('Detecting expired domains for authors account...')
|
|
21
|
+
})
|
|
22
|
+
|
|
23
|
+
test('throws the right error when an email domain cant be verified', async () => {
|
|
24
|
+
const nonExistentEmailAddress =
|
|
25
|
+
'liran.tal+test1234@somenonexistentdomainongoogle109dubv98g39ujasdasda.com'
|
|
26
|
+
const pkgData = {
|
|
27
|
+
packageName: {
|
|
28
|
+
'dist-tags': {
|
|
29
|
+
latest: '1.0.0'
|
|
30
|
+
},
|
|
31
|
+
versions: {
|
|
32
|
+
'1.0.0': {
|
|
33
|
+
maintainers: [
|
|
34
|
+
{ name: 'lirantal', email: 'liran.tal@gmail.com' },
|
|
35
|
+
{
|
|
36
|
+
name: 'lirantal_test_user',
|
|
37
|
+
email: nonExistentEmailAddress
|
|
38
|
+
}
|
|
39
|
+
]
|
|
40
|
+
}
|
|
41
|
+
}
|
|
42
|
+
}
|
|
43
|
+
}
|
|
44
|
+
|
|
45
|
+
await expect(testMarshall.validate(pkgData)).rejects.toThrow(
|
|
46
|
+
/Unable to resolve domain for maintainer e-mail, could be an expired account/
|
|
47
|
+
)
|
|
48
|
+
})
|
|
49
|
+
|
|
50
|
+
test('if email hostname is empty then show an unknown message', async () => {
|
|
51
|
+
const nonExistentEmailAddress = ''
|
|
52
|
+
const pkgData = {
|
|
53
|
+
packageName: {
|
|
54
|
+
'dist-tags': {
|
|
55
|
+
latest: '1.0.0'
|
|
56
|
+
},
|
|
57
|
+
versions: {
|
|
58
|
+
'1.0.0': {
|
|
59
|
+
maintainers: [
|
|
60
|
+
{ name: 'lirantal', email: 'liran.tal@gmail.com' },
|
|
61
|
+
{
|
|
62
|
+
name: 'lirantal_test_user',
|
|
63
|
+
email: nonExistentEmailAddress
|
|
64
|
+
}
|
|
65
|
+
]
|
|
66
|
+
}
|
|
67
|
+
}
|
|
68
|
+
}
|
|
69
|
+
}
|
|
70
|
+
|
|
71
|
+
await expect(testMarshall.validate(pkgData)).rejects.toThrow(
|
|
72
|
+
/Unable to resolve domain for maintainer e-mail, could be an expired account: <unknown>/
|
|
73
|
+
)
|
|
74
|
+
})
|
|
75
|
+
|
|
76
|
+
test('does not throw any errors if the domain resolves well', async () => {
|
|
77
|
+
jest.setTimeout(15000)
|
|
78
|
+
|
|
79
|
+
const pkgData = {
|
|
80
|
+
packageName: {
|
|
81
|
+
'dist-tags': {
|
|
82
|
+
latest: '1.0.0'
|
|
83
|
+
},
|
|
84
|
+
versions: {
|
|
85
|
+
'1.0.0': {
|
|
86
|
+
maintainers: [
|
|
87
|
+
{ name: 'lirantal', email: 'liran.tal@gmail.com' },
|
|
88
|
+
{
|
|
89
|
+
name: 'lirantal_test_user',
|
|
90
|
+
email: 'liran.tal@gmail.com'
|
|
91
|
+
}
|
|
92
|
+
]
|
|
93
|
+
}
|
|
94
|
+
}
|
|
95
|
+
}
|
|
96
|
+
}
|
|
97
|
+
|
|
98
|
+
await expect(testMarshall.validate(pkgData)).resolves.toEqual(expect.anything())
|
|
99
|
+
})
|
|
100
|
+
})
|
|
@@ -59,7 +59,7 @@ test('package manager spawns successfully when provided array of packages to han
|
|
|
59
59
|
childProcess.spawn.mockReset()
|
|
60
60
|
})
|
|
61
61
|
|
|
62
|
-
test(
|
|
62
|
+
test("package manager spawns successfully and ignore npq's own internal commands when spawning package manager", async () => {
|
|
63
63
|
process.argv = [
|
|
64
64
|
'node',
|
|
65
65
|
'script name',
|
package/bin/npq-hero.js
CHANGED
package/lib/cliCommons.js
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
const npa = require('npm-package-arg')
|
|
2
2
|
class cliCommons {
|
|
3
|
-
static getInstallCommand
|
|
3
|
+
static getInstallCommand() {
|
|
4
4
|
return {
|
|
5
5
|
command: 'install [package...]',
|
|
6
6
|
aliases: [
|
|
@@ -31,7 +31,7 @@ class cliCommons {
|
|
|
31
31
|
}
|
|
32
32
|
}
|
|
33
33
|
|
|
34
|
-
static getOptions
|
|
34
|
+
static getOptions() {
|
|
35
35
|
return {
|
|
36
36
|
P: {
|
|
37
37
|
alias: ['save-prod', 'peer'],
|
|
@@ -6,17 +6,17 @@ const NPM_REGISTRY = 'http://registry.npmjs.org'
|
|
|
6
6
|
const NPM_REGISTRY_API = 'https://api.npmjs.org'
|
|
7
7
|
|
|
8
8
|
class PackageRepoUtils {
|
|
9
|
-
constructor
|
|
9
|
+
constructor(options = {}) {
|
|
10
10
|
this.registryUrl = options.registryUrl ? options.registryUrl : NPM_REGISTRY
|
|
11
11
|
this.registryApiUrl = options.registryApiUrl ? options.registryApiUrl : NPM_REGISTRY_API
|
|
12
12
|
this.pkgInfoCache = {}
|
|
13
13
|
}
|
|
14
14
|
|
|
15
|
-
formatPackageForUrl
|
|
16
|
-
return pkg.replace(
|
|
15
|
+
formatPackageForUrl(pkg) {
|
|
16
|
+
return pkg.replace(/\//g, '%2F')
|
|
17
17
|
}
|
|
18
18
|
|
|
19
|
-
getPackageInfo
|
|
19
|
+
getPackageInfo(pkg) {
|
|
20
20
|
if (this.pkgInfoCache[pkg]) {
|
|
21
21
|
return Promise.resolve(this.pkgInfoCache[pkg])
|
|
22
22
|
} else {
|
|
@@ -29,27 +29,27 @@ class PackageRepoUtils {
|
|
|
29
29
|
}
|
|
30
30
|
}
|
|
31
31
|
|
|
32
|
-
getLatestVersion
|
|
32
|
+
getLatestVersion(pkg) {
|
|
33
33
|
return this.getPackageInfo(pkg).then((data) => {
|
|
34
34
|
return data['dist-tags'] && data['dist-tags']['latest'] ? data['dist-tags']['latest'] : null
|
|
35
35
|
})
|
|
36
36
|
}
|
|
37
37
|
|
|
38
|
-
getDownloadInfo
|
|
38
|
+
getDownloadInfo(pkg) {
|
|
39
39
|
return fetch(`${this.registryApiUrl}/downloads/point/last-month/${pkg}`)
|
|
40
40
|
.then((response) => response.json())
|
|
41
41
|
.then(({ downloads }) => downloads)
|
|
42
42
|
}
|
|
43
43
|
|
|
44
|
-
getReadmeInfo
|
|
44
|
+
getReadmeInfo(pkg) {
|
|
45
45
|
return this.getPackageInfo(pkg).then(({ readme }) => readme)
|
|
46
46
|
}
|
|
47
47
|
|
|
48
|
-
getLicenseInfo
|
|
48
|
+
getLicenseInfo(pkg) {
|
|
49
49
|
return this.getPackageInfo(pkg).then(({ license }) => license)
|
|
50
50
|
}
|
|
51
51
|
|
|
52
|
-
parsePackageVersion
|
|
52
|
+
parsePackageVersion(version) {
|
|
53
53
|
return semver.coerce(version)
|
|
54
54
|
}
|
|
55
55
|
}
|
package/lib/marshall.js
CHANGED
|
@@ -12,12 +12,12 @@ const MESSAGE_TYPE = {
|
|
|
12
12
|
}
|
|
13
13
|
|
|
14
14
|
class Marshall {
|
|
15
|
-
constructor
|
|
15
|
+
constructor(options = {}) {
|
|
16
16
|
this.pkgs = options ? options.pkgs : null
|
|
17
17
|
this.packageRepoUtils = new PackageRepoUtils()
|
|
18
18
|
}
|
|
19
19
|
|
|
20
|
-
process
|
|
20
|
+
process() {
|
|
21
21
|
// nothing to do? move on
|
|
22
22
|
if (!this.pkgs) {
|
|
23
23
|
return Promise.resolve()
|
|
@@ -37,7 +37,7 @@ class Marshall {
|
|
|
37
37
|
})
|
|
38
38
|
}
|
|
39
39
|
|
|
40
|
-
createPackageVersionMaps
|
|
40
|
+
createPackageVersionMaps(packages) {
|
|
41
41
|
const packageVersionMapping = packages.reduce((prev, curr) => {
|
|
42
42
|
const versionSymbolPosition = curr.lastIndexOf('@')
|
|
43
43
|
const versionPosition =
|
|
@@ -57,7 +57,7 @@ class Marshall {
|
|
|
57
57
|
return packageVersionMapping
|
|
58
58
|
}
|
|
59
59
|
|
|
60
|
-
report
|
|
60
|
+
report(marshalls) {
|
|
61
61
|
const messages = this.collectPackageMessages(marshalls)
|
|
62
62
|
|
|
63
63
|
if (!messages) {
|
|
@@ -81,7 +81,7 @@ class Marshall {
|
|
|
81
81
|
return { error: true, data: messages }
|
|
82
82
|
}
|
|
83
83
|
|
|
84
|
-
collectPackageMessages
|
|
84
|
+
collectPackageMessages(marshalls) {
|
|
85
85
|
const allPackageMessages = {}
|
|
86
86
|
for (const key in marshalls) {
|
|
87
87
|
this.prepareMessages(allPackageMessages, marshalls[key].errors)
|
|
@@ -91,7 +91,7 @@ class Marshall {
|
|
|
91
91
|
return allPackageMessages
|
|
92
92
|
}
|
|
93
93
|
|
|
94
|
-
prepareMessages
|
|
94
|
+
prepareMessages(allPackageMessages, messages, isWarning) {
|
|
95
95
|
if (Array.isArray(messages) && messages.length > 0) {
|
|
96
96
|
messages.forEach((msg) => {
|
|
97
97
|
this.appendPackageMessage(allPackageMessages, msg.pkg, {
|
|
@@ -102,7 +102,7 @@ class Marshall {
|
|
|
102
102
|
}
|
|
103
103
|
}
|
|
104
104
|
|
|
105
|
-
appendPackageMessage
|
|
105
|
+
appendPackageMessage(packages, packageName, packageMessage) {
|
|
106
106
|
packages[packageName]
|
|
107
107
|
? packages[packageName].push(packageMessage)
|
|
108
108
|
: (packages[packageName] = [packageMessage])
|
|
@@ -6,16 +6,16 @@ const MARSHALL_NAME = 'age'
|
|
|
6
6
|
const PACKAGE_AGE_THRESHOLD = 22 // specified in days
|
|
7
7
|
|
|
8
8
|
class Marshall extends BaseMarshall {
|
|
9
|
-
constructor
|
|
9
|
+
constructor(options) {
|
|
10
10
|
super(options)
|
|
11
11
|
this.name = MARSHALL_NAME
|
|
12
12
|
}
|
|
13
13
|
|
|
14
|
-
title
|
|
14
|
+
title() {
|
|
15
15
|
return 'Checking package maturity'
|
|
16
16
|
}
|
|
17
17
|
|
|
18
|
-
validate
|
|
18
|
+
validate(pkg) {
|
|
19
19
|
return this.packageRepoUtils.getPackageInfo(pkg.packageName).then((data) => {
|
|
20
20
|
if (data && data.time && data.time.created) {
|
|
21
21
|
const pkgCreatedDate = data.time.created
|
|
@@ -7,16 +7,16 @@ const Warning = require('../helpers/warning')
|
|
|
7
7
|
const MARSHALL_NAME = 'author'
|
|
8
8
|
|
|
9
9
|
class Marshall extends BaseMarshall {
|
|
10
|
-
constructor
|
|
10
|
+
constructor(options) {
|
|
11
11
|
super(options)
|
|
12
12
|
this.name = MARSHALL_NAME
|
|
13
13
|
}
|
|
14
14
|
|
|
15
|
-
title
|
|
15
|
+
title() {
|
|
16
16
|
return 'Identifying package author...'
|
|
17
17
|
}
|
|
18
18
|
|
|
19
|
-
validate
|
|
19
|
+
validate(pkg) {
|
|
20
20
|
return this.packageRepoUtils.getPackageInfo(pkg.packageName).then((data) => {
|
|
21
21
|
const lastVersionData =
|
|
22
22
|
data.versions && data['dist-tags'] && data.versions[data['dist-tags']['latest']]
|
|
@@ -3,11 +3,11 @@
|
|
|
3
3
|
const Warning = require('../helpers/warning')
|
|
4
4
|
|
|
5
5
|
class BaseMarshall {
|
|
6
|
-
constructor
|
|
6
|
+
constructor(options) {
|
|
7
7
|
this.packageRepoUtils = options.packageRepoUtils
|
|
8
8
|
}
|
|
9
9
|
|
|
10
|
-
init
|
|
10
|
+
init(ctx, task) {
|
|
11
11
|
this.ctx = ctx
|
|
12
12
|
this.task = task
|
|
13
13
|
|
|
@@ -19,7 +19,7 @@ class BaseMarshall {
|
|
|
19
19
|
}
|
|
20
20
|
}
|
|
21
21
|
|
|
22
|
-
run
|
|
22
|
+
run(ctx, task) {
|
|
23
23
|
const tasks = ctx.pkgs.reduce((prevPkg, currPkg) => {
|
|
24
24
|
return prevPkg.concat(this.checkPackage(currPkg, ctx, task))
|
|
25
25
|
}, [])
|
|
@@ -27,7 +27,7 @@ class BaseMarshall {
|
|
|
27
27
|
return Promise.all(tasks)
|
|
28
28
|
}
|
|
29
29
|
|
|
30
|
-
checkPackage
|
|
30
|
+
checkPackage(pkg, ctx, task) {
|
|
31
31
|
return this.validate(pkg)
|
|
32
32
|
.then((data) => {
|
|
33
33
|
task.output = `querying ${pkg.packageString}...`
|
|
@@ -37,30 +37,23 @@ class BaseMarshall {
|
|
|
37
37
|
return data
|
|
38
38
|
})
|
|
39
39
|
.catch((err) => {
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
{
|
|
43
|
-
pkg: pkg.packageString,
|
|
44
|
-
message: err.message
|
|
45
|
-
},
|
|
46
|
-
true
|
|
47
|
-
)
|
|
48
|
-
} else {
|
|
49
|
-
this.setMessage({
|
|
40
|
+
this.setMessage(
|
|
41
|
+
{
|
|
50
42
|
pkg: pkg.packageString,
|
|
51
43
|
message: err.message
|
|
52
|
-
}
|
|
53
|
-
|
|
44
|
+
},
|
|
45
|
+
Boolean(err instanceof Warning)
|
|
46
|
+
)
|
|
54
47
|
})
|
|
55
48
|
}
|
|
56
49
|
|
|
57
|
-
isEnabled
|
|
50
|
+
isEnabled() {
|
|
58
51
|
const isMarshallSilent = process.env[`MARSHALL_DISABLE_${this.name.toUpperCase()}`] || false
|
|
59
52
|
|
|
60
53
|
return !isMarshallSilent
|
|
61
54
|
}
|
|
62
55
|
|
|
63
|
-
setMessage
|
|
56
|
+
setMessage(msg, isWarning) {
|
|
64
57
|
const messages = isWarning
|
|
65
58
|
? this.ctx.marshalls[this.name].warnings
|
|
66
59
|
: this.ctx.marshalls[this.name].errors
|
|
@@ -71,7 +64,7 @@ class BaseMarshall {
|
|
|
71
64
|
})
|
|
72
65
|
}
|
|
73
66
|
|
|
74
|
-
handleMessages
|
|
67
|
+
handleMessages() {
|
|
75
68
|
const errors = this.ctx.marshalls[this.name].errors
|
|
76
69
|
const warnings = this.ctx.marshalls[this.name].warnings
|
|
77
70
|
if ((errors && errors.length) || (warnings && warnings.length)) {
|
|
@@ -6,16 +6,16 @@ const MARSHALL_NAME = 'downloads'
|
|
|
6
6
|
const DOWNLOAD_COUNT_THRESHOLD = 20 // threshold per month
|
|
7
7
|
|
|
8
8
|
class Marshall extends BaseMarshall {
|
|
9
|
-
constructor
|
|
9
|
+
constructor(options) {
|
|
10
10
|
super(options)
|
|
11
11
|
this.name = MARSHALL_NAME
|
|
12
12
|
}
|
|
13
13
|
|
|
14
|
-
title
|
|
14
|
+
title() {
|
|
15
15
|
return 'Checking package download popularity'
|
|
16
16
|
}
|
|
17
17
|
|
|
18
|
-
validate
|
|
18
|
+
validate(pkg) {
|
|
19
19
|
return this.packageRepoUtils.getDownloadInfo(pkg.packageName).then((downloadCount) => {
|
|
20
20
|
if (downloadCount < DOWNLOAD_COUNT_THRESHOLD) {
|
|
21
21
|
throw new Error(
|
|
@@ -0,0 +1,46 @@
|
|
|
1
|
+
'use strict'
|
|
2
|
+
|
|
3
|
+
const BaseMarshall = require('./baseMarshall')
|
|
4
|
+
const dns = require('dns').promises
|
|
5
|
+
|
|
6
|
+
const MARSHALL_NAME = 'maintainers_expired_emails'
|
|
7
|
+
|
|
8
|
+
class Marshall extends BaseMarshall {
|
|
9
|
+
constructor(options) {
|
|
10
|
+
super(options)
|
|
11
|
+
this.name = MARSHALL_NAME
|
|
12
|
+
}
|
|
13
|
+
|
|
14
|
+
title() {
|
|
15
|
+
return 'Detecting expired domains for authors account...'
|
|
16
|
+
}
|
|
17
|
+
|
|
18
|
+
validate(pkg) {
|
|
19
|
+
return this.packageRepoUtils
|
|
20
|
+
.getPackageInfo(pkg.packageName)
|
|
21
|
+
.then((data) => {
|
|
22
|
+
const lastVersionData =
|
|
23
|
+
data.versions && data['dist-tags'] && data.versions[data['dist-tags']['latest']]
|
|
24
|
+
|
|
25
|
+
let maintainersAccounts = lastVersionData && lastVersionData.maintainers
|
|
26
|
+
|
|
27
|
+
let testEmails = []
|
|
28
|
+
for (const maintainerInfo of maintainersAccounts) {
|
|
29
|
+
const maintainerEmail = maintainerInfo.email
|
|
30
|
+
const emailDomain = maintainerEmail.split('@')[1]
|
|
31
|
+
testEmails.push(dns.resolve(emailDomain))
|
|
32
|
+
}
|
|
33
|
+
|
|
34
|
+
return Promise.all(testEmails)
|
|
35
|
+
})
|
|
36
|
+
.catch((error) => {
|
|
37
|
+
let emailHostname = error.hostname ? error.hostname : '<unknown>'
|
|
38
|
+
throw new Error(
|
|
39
|
+
'Unable to resolve domain for maintainer e-mail, could be an expired account: ' +
|
|
40
|
+
emailHostname
|
|
41
|
+
)
|
|
42
|
+
})
|
|
43
|
+
}
|
|
44
|
+
}
|
|
45
|
+
|
|
46
|
+
module.exports = Marshall
|
package/lib/marshalls/index.js
CHANGED
|
@@ -4,7 +4,7 @@ const Listr = require('listr')
|
|
|
4
4
|
const glob = require('glob')
|
|
5
5
|
|
|
6
6
|
class Marshalls {
|
|
7
|
-
static collectMarshalls
|
|
7
|
+
static collectMarshalls() {
|
|
8
8
|
return new Promise((resolve, reject) => {
|
|
9
9
|
glob(
|
|
10
10
|
this.GLOB_MARSHALLS,
|
|
@@ -23,7 +23,7 @@ class Marshalls {
|
|
|
23
23
|
})
|
|
24
24
|
}
|
|
25
25
|
|
|
26
|
-
static buildMarshallTasks
|
|
26
|
+
static buildMarshallTasks(marshalls, config) {
|
|
27
27
|
if (!marshalls || !Array.isArray(marshalls) || marshalls.length === 0) {
|
|
28
28
|
return Promise.reject(new Error('unable to collect marshalls, or no marshalls found'))
|
|
29
29
|
}
|
|
@@ -46,20 +46,20 @@ class Marshalls {
|
|
|
46
46
|
return new Listr(marshallTasks, { exitOnError: false, concurrent: true })
|
|
47
47
|
}
|
|
48
48
|
|
|
49
|
-
static tasks
|
|
50
|
-
return
|
|
51
|
-
.then(() =>
|
|
49
|
+
static tasks(options) {
|
|
50
|
+
return Marshalls.warmUpPackagesCache(options)
|
|
51
|
+
.then(() => Marshalls.collectMarshalls())
|
|
52
52
|
.then((marshalls) => {
|
|
53
|
-
return
|
|
53
|
+
return Marshalls.buildMarshallTasks(marshalls, {
|
|
54
54
|
packageRepoUtils: options.packageRepoUtils
|
|
55
55
|
})
|
|
56
56
|
})
|
|
57
57
|
.then((tasks) => {
|
|
58
|
-
return
|
|
58
|
+
return Marshalls.runTasks(tasks, options)
|
|
59
59
|
})
|
|
60
60
|
}
|
|
61
61
|
|
|
62
|
-
static warmUpPackagesCache
|
|
62
|
+
static warmUpPackagesCache(options) {
|
|
63
63
|
const fetchPackagesInfoPromises = []
|
|
64
64
|
options.pkgs.forEach((packageMeta) => {
|
|
65
65
|
fetchPackagesInfoPromises.push(
|
|
@@ -70,7 +70,7 @@ class Marshalls {
|
|
|
70
70
|
return Promise.all(fetchPackagesInfoPromises)
|
|
71
71
|
}
|
|
72
72
|
|
|
73
|
-
static runTasks
|
|
73
|
+
static runTasks(tasks, options) {
|
|
74
74
|
return tasks.run({
|
|
75
75
|
pkgs: options.pkgs,
|
|
76
76
|
marshalls: {}
|
|
@@ -5,16 +5,16 @@ const BaseMarshall = require('./baseMarshall')
|
|
|
5
5
|
const MARSHALL_NAME = 'license'
|
|
6
6
|
|
|
7
7
|
class Marshall extends BaseMarshall {
|
|
8
|
-
constructor
|
|
8
|
+
constructor(options) {
|
|
9
9
|
super(options)
|
|
10
10
|
this.name = MARSHALL_NAME
|
|
11
11
|
}
|
|
12
12
|
|
|
13
|
-
title
|
|
13
|
+
title() {
|
|
14
14
|
return 'Checking availability of a LICENSE'
|
|
15
15
|
}
|
|
16
16
|
|
|
17
|
-
validate
|
|
17
|
+
validate(pkg) {
|
|
18
18
|
return this.packageRepoUtils.getLicenseInfo(pkg.packageName).then((licenseContents) => {
|
|
19
19
|
if (!licenseContents || licenseContents === 'ERROR: No LICENSE data found!') {
|
|
20
20
|
throw new Error('package has no LICENSE file available')
|
|
@@ -5,16 +5,16 @@ const BaseMarshall = require('./baseMarshall')
|
|
|
5
5
|
const MARSHALL_NAME = 'readme'
|
|
6
6
|
|
|
7
7
|
class Marshall extends BaseMarshall {
|
|
8
|
-
constructor
|
|
8
|
+
constructor(options) {
|
|
9
9
|
super(options)
|
|
10
10
|
this.name = MARSHALL_NAME
|
|
11
11
|
}
|
|
12
12
|
|
|
13
|
-
title
|
|
13
|
+
title() {
|
|
14
14
|
return 'Checking availability of a README'
|
|
15
15
|
}
|
|
16
16
|
|
|
17
|
-
validate
|
|
17
|
+
validate(pkg) {
|
|
18
18
|
return this.packageRepoUtils.getReadmeInfo(pkg.packageName).then((readmeContents) => {
|
|
19
19
|
if (!readmeContents || readmeContents === 'ERROR: No README data found!') {
|
|
20
20
|
throw new Error('package has no README file available')
|
|
@@ -6,16 +6,16 @@ const URL = require('url').URL
|
|
|
6
6
|
const MARSHALL_NAME = 'repo'
|
|
7
7
|
|
|
8
8
|
class Marshall extends BaseMarshall {
|
|
9
|
-
constructor
|
|
9
|
+
constructor(options) {
|
|
10
10
|
super(options)
|
|
11
11
|
this.name = MARSHALL_NAME
|
|
12
12
|
}
|
|
13
13
|
|
|
14
|
-
title
|
|
14
|
+
title() {
|
|
15
15
|
return 'Identifying package repository...'
|
|
16
16
|
}
|
|
17
17
|
|
|
18
|
-
validate
|
|
18
|
+
validate(pkg) {
|
|
19
19
|
return this.packageRepoUtils.getPackageInfo(pkg.packageName).then((data) => {
|
|
20
20
|
const lastVersionData =
|
|
21
21
|
(data.versions &&
|
|
@@ -5,16 +5,16 @@ const BaseMarshall = require('./baseMarshall')
|
|
|
5
5
|
const MARSHALL_NAME = 'scripts'
|
|
6
6
|
|
|
7
7
|
class Marshall extends BaseMarshall {
|
|
8
|
-
constructor
|
|
8
|
+
constructor(options) {
|
|
9
9
|
super(options)
|
|
10
10
|
this.name = MARSHALL_NAME
|
|
11
11
|
}
|
|
12
12
|
|
|
13
|
-
title
|
|
13
|
+
title() {
|
|
14
14
|
return 'Checking package for pre/post install scripts'
|
|
15
15
|
}
|
|
16
16
|
|
|
17
|
-
validate
|
|
17
|
+
validate(pkg) {
|
|
18
18
|
return this.packageRepoUtils.getPackageInfo(pkg.packageName).then((data) => {
|
|
19
19
|
const packageVersion =
|
|
20
20
|
pkg.packageVersion === 'latest'
|
|
@@ -0,0 +1,62 @@
|
|
|
1
|
+
'use strict'
|
|
2
|
+
|
|
3
|
+
const BaseMarshall = require('./baseMarshall')
|
|
4
|
+
const pacote = require('pacote')
|
|
5
|
+
|
|
6
|
+
const MARSHALL_NAME = 'signatures'
|
|
7
|
+
|
|
8
|
+
class Marshall extends BaseMarshall {
|
|
9
|
+
constructor(options) {
|
|
10
|
+
super(options)
|
|
11
|
+
this.name = MARSHALL_NAME
|
|
12
|
+
}
|
|
13
|
+
|
|
14
|
+
title() {
|
|
15
|
+
return 'Verifying registry signatures for package'
|
|
16
|
+
}
|
|
17
|
+
|
|
18
|
+
validate(pkg) {
|
|
19
|
+
// @TODO currently we're hardcoding the official npm registry
|
|
20
|
+
// this should however allow for local proxies and other registries
|
|
21
|
+
return this.fetchRegistryKeys()
|
|
22
|
+
.then((keys) => {
|
|
23
|
+
return pacote.manifest(`${pkg.packageName}@${pkg.packageVersion}`, {
|
|
24
|
+
verifySignatures: true,
|
|
25
|
+
registry: 'https://registry.npmjs.org',
|
|
26
|
+
|
|
27
|
+
[`//registry.npmjs.org/:_keys`]: keys
|
|
28
|
+
})
|
|
29
|
+
})
|
|
30
|
+
.then((metadata) => {
|
|
31
|
+
return metadata
|
|
32
|
+
})
|
|
33
|
+
}
|
|
34
|
+
|
|
35
|
+
fetchRegistryKeys() {
|
|
36
|
+
const registryHost = 'https://registry.npmjs.org'
|
|
37
|
+
const registryKeysEndpoint = '/-/npm/v1/keys'
|
|
38
|
+
|
|
39
|
+
const registryKeysUrl = `${registryHost}${registryKeysEndpoint}`
|
|
40
|
+
// eslint-disable-next-line no-undef
|
|
41
|
+
return fetch(registryKeysUrl)
|
|
42
|
+
.then((response) => {
|
|
43
|
+
return response.json()
|
|
44
|
+
})
|
|
45
|
+
.then((response) => {
|
|
46
|
+
const registryKeys = response.keys
|
|
47
|
+
|
|
48
|
+
return registryKeys.map((key) => ({
|
|
49
|
+
...key,
|
|
50
|
+
pemkey: `-----BEGIN PUBLIC KEY-----\n${key.key}\n-----END PUBLIC KEY-----`
|
|
51
|
+
}))
|
|
52
|
+
})
|
|
53
|
+
.then((keys) => {
|
|
54
|
+
return keys
|
|
55
|
+
})
|
|
56
|
+
.catch((error) => {
|
|
57
|
+
throw new Error(`error fetching registry keys: ${error.message}`)
|
|
58
|
+
})
|
|
59
|
+
}
|
|
60
|
+
}
|
|
61
|
+
|
|
62
|
+
module.exports = Marshall
|
|
@@ -14,18 +14,18 @@ const SNYK_API_TOKEN = process.env.SNYK_TOKEN
|
|
|
14
14
|
const SNYK_CONFIG_FILE = '.config/configstore/snyk.json'
|
|
15
15
|
|
|
16
16
|
class Marshall extends BaseMarshall {
|
|
17
|
-
constructor
|
|
17
|
+
constructor(options) {
|
|
18
18
|
super(options)
|
|
19
19
|
this.name = MARSHALL_NAME
|
|
20
20
|
|
|
21
21
|
this.snykApiToken = this.getSnykToken()
|
|
22
22
|
}
|
|
23
23
|
|
|
24
|
-
title
|
|
24
|
+
title() {
|
|
25
25
|
return 'Checking for known vulnerabilities'
|
|
26
26
|
}
|
|
27
27
|
|
|
28
|
-
run
|
|
28
|
+
run(ctx, task) {
|
|
29
29
|
const tasks = ctx.pkgs.reduce((prevPkg, currPkg) => {
|
|
30
30
|
return prevPkg.concat(this.checkPackage(currPkg, ctx, task))
|
|
31
31
|
}, [])
|
|
@@ -33,7 +33,7 @@ class Marshall extends BaseMarshall {
|
|
|
33
33
|
return Promise.all(tasks)
|
|
34
34
|
}
|
|
35
35
|
|
|
36
|
-
validate
|
|
36
|
+
validate(pkg) {
|
|
37
37
|
return Promise.resolve()
|
|
38
38
|
.then(() => {
|
|
39
39
|
if (!pkg.packageVersion || pkg.packageVersion === 'latest') {
|
|
@@ -60,7 +60,7 @@ class Marshall extends BaseMarshall {
|
|
|
60
60
|
})
|
|
61
61
|
}
|
|
62
62
|
|
|
63
|
-
getSnykVulnInfoUnauthenticated
|
|
63
|
+
getSnykVulnInfoUnauthenticated({ packageName, packageVersion }) {
|
|
64
64
|
const url = encodeURI(`${SNYK_TEST_URL}/${packageName}/${packageVersion}?type=json`)
|
|
65
65
|
|
|
66
66
|
return fetch(url)
|
|
@@ -77,7 +77,7 @@ class Marshall extends BaseMarshall {
|
|
|
77
77
|
.catch(() => false)
|
|
78
78
|
}
|
|
79
79
|
|
|
80
|
-
getSnykVulnInfo
|
|
80
|
+
getSnykVulnInfo({ packageName, packageVersion } = {}) {
|
|
81
81
|
if (!this.snykApiToken) {
|
|
82
82
|
return this.getSnykVulnInfoUnauthenticated({ packageName, packageVersion })
|
|
83
83
|
}
|
|
@@ -102,7 +102,7 @@ class Marshall extends BaseMarshall {
|
|
|
102
102
|
.catch(() => false)
|
|
103
103
|
}
|
|
104
104
|
|
|
105
|
-
getSnykToken
|
|
105
|
+
getSnykToken() {
|
|
106
106
|
if (SNYK_API_TOKEN) {
|
|
107
107
|
return SNYK_API_TOKEN
|
|
108
108
|
}
|
package/lib/packageManager.js
CHANGED
|
@@ -5,12 +5,12 @@ const childProcess = require('child_process')
|
|
|
5
5
|
const DEFAULT_PKGMGR = 'npm'
|
|
6
6
|
|
|
7
7
|
class packageManager {
|
|
8
|
-
static process
|
|
9
|
-
|
|
10
|
-
return
|
|
8
|
+
static process(packageManagerOption) {
|
|
9
|
+
const detectedPackageManager = packageManager.validatePackageManager(packageManagerOption)
|
|
10
|
+
return packageManager.spawnPackageManager(detectedPackageManager)
|
|
11
11
|
}
|
|
12
12
|
|
|
13
|
-
static spawnPackageManager
|
|
13
|
+
static spawnPackageManager(packageManagerOption) {
|
|
14
14
|
let args = []
|
|
15
15
|
|
|
16
16
|
args = args.concat(process.argv.slice(2)).filter((item) => {
|
|
@@ -24,7 +24,7 @@ class packageManager {
|
|
|
24
24
|
}
|
|
25
25
|
})
|
|
26
26
|
|
|
27
|
-
const child = childProcess.spawn(
|
|
27
|
+
const child = childProcess.spawn(packageManagerOption, args, {
|
|
28
28
|
stdio: 'inherit',
|
|
29
29
|
shell: true
|
|
30
30
|
})
|
|
@@ -32,19 +32,19 @@ class packageManager {
|
|
|
32
32
|
return Promise.resolve(child)
|
|
33
33
|
}
|
|
34
34
|
|
|
35
|
-
static validatePackageManager
|
|
36
|
-
if (!
|
|
37
|
-
|
|
35
|
+
static validatePackageManager(packageManagerOption) {
|
|
36
|
+
if (!packageManagerOption) {
|
|
37
|
+
packageManagerOption = packageManager.getDefaultPackageManager()
|
|
38
38
|
}
|
|
39
39
|
|
|
40
|
-
if (typeof
|
|
40
|
+
if (typeof packageManagerOption !== 'string') {
|
|
41
41
|
throw new Error('a packageManager should be specified as a string')
|
|
42
42
|
}
|
|
43
43
|
|
|
44
|
-
return
|
|
44
|
+
return packageManagerOption
|
|
45
45
|
}
|
|
46
46
|
|
|
47
|
-
static getDefaultPackageManager
|
|
47
|
+
static getDefaultPackageManager() {
|
|
48
48
|
return DEFAULT_PKGMGR
|
|
49
49
|
}
|
|
50
50
|
}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "npq",
|
|
3
|
-
"version": "2.
|
|
3
|
+
"version": "2.4.0",
|
|
4
4
|
"description": "marshall your npm/yarn package installs with high quality and class 🎖",
|
|
5
5
|
"bin": {
|
|
6
6
|
"npq": "./bin/npq.js",
|
|
@@ -30,6 +30,10 @@
|
|
|
30
30
|
"type": "git",
|
|
31
31
|
"url": "git+https://github.com/lirantal/npq.git"
|
|
32
32
|
},
|
|
33
|
+
"publishConfig": {
|
|
34
|
+
"provenance": true,
|
|
35
|
+
"access": "public"
|
|
36
|
+
},
|
|
33
37
|
"devDependencies": {
|
|
34
38
|
"@babel/core": "^7.7.4",
|
|
35
39
|
"@babel/plugin-transform-runtime": "^7.7.4",
|
|
@@ -52,7 +56,7 @@
|
|
|
52
56
|
"lockfile-lint": "^2.0.1",
|
|
53
57
|
"opn-cli": "^4.0.0",
|
|
54
58
|
"prettier": "^2.8.3",
|
|
55
|
-
"semantic-release": "
|
|
59
|
+
"semantic-release": "21.0.2",
|
|
56
60
|
"standard": "^12.0.0"
|
|
57
61
|
},
|
|
58
62
|
"jest": {
|
|
@@ -152,14 +156,14 @@
|
|
|
152
156
|
"node/no-unsupported-features/node-builtins": [
|
|
153
157
|
"error",
|
|
154
158
|
{
|
|
155
|
-
"version": ">=10.
|
|
159
|
+
"version": ">=10.6.0",
|
|
156
160
|
"ignores": []
|
|
157
161
|
}
|
|
158
162
|
],
|
|
159
163
|
"node/no-unsupported-features/es-syntax": [
|
|
160
164
|
"error",
|
|
161
165
|
{
|
|
162
|
-
"version": ">=10.
|
|
166
|
+
"version": ">=10.6.0",
|
|
163
167
|
"ignores": []
|
|
164
168
|
}
|
|
165
169
|
]
|
|
@@ -183,17 +187,20 @@
|
|
|
183
187
|
"dependencies": {
|
|
184
188
|
"chalk": "^2.3.0",
|
|
185
189
|
"glob": "^8.0.3",
|
|
186
|
-
"inquirer": "^
|
|
190
|
+
"inquirer": "^8.0.0",
|
|
187
191
|
"listr": "^0.14.0",
|
|
188
192
|
"node-fetch": "^2.6.7",
|
|
189
193
|
"npm-package-arg": "^10.1.0",
|
|
194
|
+
"pacote": "^17.0.4",
|
|
190
195
|
"semver": "^7.3.8",
|
|
191
196
|
"update-notifier": "^5",
|
|
192
|
-
"validator": "
|
|
197
|
+
"validator": "13.7.0",
|
|
193
198
|
"yargs": "^17.6.2"
|
|
194
199
|
},
|
|
195
200
|
"release": {
|
|
196
|
-
"
|
|
201
|
+
"branches": [
|
|
202
|
+
"main"
|
|
203
|
+
],
|
|
197
204
|
"analyzeCommits": {
|
|
198
205
|
"preset": "angular",
|
|
199
206
|
"releaseRules": [
|