periapsis 1.0.5 → 1.0.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.codex +0 -0
- package/.github/workflows/periapsis-license-check.yml +1 -1
- package/README.md +4 -0
- package/lib/periapsis-core.mjs +4 -0
- package/package.json +2 -5
- package/sbom-licenses.json +1 -14
- package/test/commands.test.mjs +29 -0
package/.codex
ADDED
|
File without changes
|
|
@@ -63,7 +63,7 @@ jobs:
|
|
|
63
63
|
exit 1
|
|
64
64
|
fi
|
|
65
65
|
|
|
66
|
-
VIOLATION_COUNT
|
|
66
|
+
VIOLATION_COUNT="$(node -e 'const fs = require("fs"); const data = JSON.parse(fs.readFileSync("sbom-violations.json", "utf8")); const count = Array.isArray(data) ? data.length : Array.isArray(data?.violations) ? data.violations.length : 0; process.stdout.write(String(count));')"
|
|
67
67
|
echo "Detected violations: ${VIOLATION_COUNT}"
|
|
68
68
|
|
|
69
69
|
if [ "${VIOLATION_COUNT}" -gt 0 ]; then
|
package/README.md
CHANGED
|
@@ -9,6 +9,8 @@ npm install
|
|
|
9
9
|
npx periapsis --violations-out sbom-violations.json
|
|
10
10
|
```
|
|
11
11
|
|
|
12
|
+
When working on the `periapsis` repository itself, prefer `node ./bin/periapsis.mjs ...` or `npm run policy:check` so you are exercising the checked-out CLI rather than any previously published copy.
|
|
13
|
+
|
|
12
14
|
Initialize governed policy files:
|
|
13
15
|
|
|
14
16
|
```sh
|
|
@@ -312,6 +314,8 @@ Example:
|
|
|
312
314
|
- run: npx periapsis --violations-out sbom-violations.json
|
|
313
315
|
```
|
|
314
316
|
|
|
317
|
+
If you add an inline `node -e` follow-up check in GitHub Actions, wrap the JavaScript in single quotes. Backticks inside a double-quoted shell string are treated as command substitution by `bash`.
|
|
318
|
+
|
|
315
319
|
When violations exist, Periapsis exits non-zero and prints deterministic markdown summary suitable for Actions logs.
|
|
316
320
|
|
|
317
321
|
## Troubleshooting Large Violation Sets
|
package/lib/periapsis-core.mjs
CHANGED
|
@@ -166,6 +166,10 @@ export function parseArgs(argv) {
|
|
|
166
166
|
const args = { _: [] };
|
|
167
167
|
for (let i = 0; i < argv.length; i++) {
|
|
168
168
|
const arg = argv[i];
|
|
169
|
+
if (arg === '--') {
|
|
170
|
+
// Ignore npm/npx argument separators so forwarded flags still parse normally.
|
|
171
|
+
continue;
|
|
172
|
+
}
|
|
169
173
|
if (arg === '--help' || arg === '-h') {
|
|
170
174
|
args.help = true;
|
|
171
175
|
continue;
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "periapsis",
|
|
3
|
-
"version": "1.0.
|
|
3
|
+
"version": "1.0.6",
|
|
4
4
|
"private": false,
|
|
5
5
|
"type": "module",
|
|
6
6
|
"scripts": {
|
|
@@ -34,8 +34,5 @@
|
|
|
34
34
|
"spdx",
|
|
35
35
|
"cli"
|
|
36
36
|
],
|
|
37
|
-
"license": "MIT"
|
|
38
|
-
"devDependencies": {
|
|
39
|
-
"periapsis": "^1.0.1"
|
|
40
|
-
}
|
|
37
|
+
"license": "MIT"
|
|
41
38
|
}
|
package/sbom-licenses.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
[
|
|
2
2
|
{
|
|
3
3
|
"name": "ajv",
|
|
4
|
-
"version": "8.
|
|
4
|
+
"version": "8.18.0",
|
|
5
5
|
"license": "MIT",
|
|
6
6
|
"path": "node_modules/ajv",
|
|
7
7
|
"repository": "ajv-validator/ajv",
|
|
@@ -61,19 +61,6 @@
|
|
|
61
61
|
"dependencies"
|
|
62
62
|
]
|
|
63
63
|
},
|
|
64
|
-
{
|
|
65
|
-
"name": "periapsis",
|
|
66
|
-
"version": "1.0.1",
|
|
67
|
-
"license": "MIT",
|
|
68
|
-
"path": "node_modules/periapsis",
|
|
69
|
-
"repository": {
|
|
70
|
-
"type": "git",
|
|
71
|
-
"url": "https://github.com/scfast/periapsis"
|
|
72
|
-
},
|
|
73
|
-
"dependencyTypes": [
|
|
74
|
-
"devDependencies"
|
|
75
|
-
]
|
|
76
|
-
},
|
|
77
64
|
{
|
|
78
65
|
"name": "require-from-string",
|
|
79
66
|
"version": "2.0.2",
|
package/test/commands.test.mjs
CHANGED
|
@@ -96,3 +96,32 @@ test('checker honors policy dependencyTypes when no CLI override is provided', a
|
|
|
96
96
|
const sbom = JSON.parse(fs.readFileSync(path.join(cwd, 'sbom-licenses.json'), 'utf8'));
|
|
97
97
|
assert.deepEqual(sbom.map((entry) => entry.name), ['a']);
|
|
98
98
|
});
|
|
99
|
+
|
|
100
|
+
test('checker accepts npm forwarded args after a standalone double-dash', async () => {
|
|
101
|
+
const cwd = createTempDir('periapsis-npm-forwarded-args-');
|
|
102
|
+
writePolicyBundle(cwd);
|
|
103
|
+
writeJson(path.join(cwd, 'package.json'), {
|
|
104
|
+
name: 'forwarded-args-app',
|
|
105
|
+
version: '1.0.0',
|
|
106
|
+
dependencies: { a: '1.0.0' }
|
|
107
|
+
});
|
|
108
|
+
writeJson(path.join(cwd, 'package-lock.json'), {
|
|
109
|
+
name: 'forwarded-args-app',
|
|
110
|
+
version: '1.0.0',
|
|
111
|
+
lockfileVersion: 3,
|
|
112
|
+
packages: {
|
|
113
|
+
'': {
|
|
114
|
+
name: 'forwarded-args-app',
|
|
115
|
+
version: '1.0.0',
|
|
116
|
+
dependencies: { a: '1.0.0' }
|
|
117
|
+
},
|
|
118
|
+
'node_modules/a': { version: '1.0.0', license: 'MIT' }
|
|
119
|
+
}
|
|
120
|
+
});
|
|
121
|
+
fs.mkdirSync(path.join(cwd, 'node_modules', 'a'), { recursive: true });
|
|
122
|
+
|
|
123
|
+
await runCli(cwd, ['--', '--violations-out', 'violations.json', '--quiet']);
|
|
124
|
+
|
|
125
|
+
const violations = JSON.parse(fs.readFileSync(path.join(cwd, 'violations.json'), 'utf8'));
|
|
126
|
+
assert.deepEqual(violations, []);
|
|
127
|
+
});
|