pnpm-shield 1.0.0 → 1.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/checks.js +9 -2
- package/lib/fixes.js +7 -0
- package/package.json +2 -2
package/lib/checks.js
CHANGED
|
@@ -159,9 +159,16 @@ function runChecks(cwd) {
|
|
|
159
159
|
}
|
|
160
160
|
|
|
161
161
|
// C11 — packageManager
|
|
162
|
+
const hasDevEngine = pkg.devEngines && pkg.devEngines.packageManager;
|
|
163
|
+
|
|
162
164
|
if (pkg.packageManager && pkg.packageManager.startsWith('pnpm@')) {
|
|
163
|
-
|
|
164
|
-
'
|
|
165
|
+
if (hasDevEngine) {
|
|
166
|
+
results.push(makeResult('warn', 'HIGH', 'Legacy devEngines.packageManager conflicts with packageManager', '',
|
|
167
|
+
'pnpm warns and ignores packageManager. Run auto-fix to clean it.', 'packageManager', 'package_manager_field'));
|
|
168
|
+
} else {
|
|
169
|
+
results.push(makeResult('pass', 'HIGH', `packageManager = "${pkg.packageManager}"`,
|
|
170
|
+
'Corepack can enforce this and block npm/yarn', '', null, 'package_manager_field'));
|
|
171
|
+
}
|
|
165
172
|
} else {
|
|
166
173
|
results.push(makeResult('fail', 'HIGH',
|
|
167
174
|
`packageManager field is ${pkg.packageManager ? `"${pkg.packageManager}"` : 'absent'}`, '',
|
package/lib/fixes.js
CHANGED
|
@@ -70,6 +70,13 @@ const FIXERS = {
|
|
|
70
70
|
catch { return '9.0.0'; }
|
|
71
71
|
})();
|
|
72
72
|
pkg.packageManager = `pnpm@${version}`;
|
|
73
|
+
|
|
74
|
+
// Clean up deprecated pnpm devEngines field to prevent warnings
|
|
75
|
+
if (pkg.devEngines && pkg.devEngines.packageManager) {
|
|
76
|
+
delete pkg.devEngines.packageManager;
|
|
77
|
+
if (Object.keys(pkg.devEngines).length === 0) delete pkg.devEngines;
|
|
78
|
+
}
|
|
79
|
+
|
|
73
80
|
fs.writeFileSync(pkgPath, JSON.stringify(pkg, null, 2) + '\n');
|
|
74
81
|
console.log(` ${c.green}✔ Set packageManager=pnpm@${version} in package.json${c.reset}`);
|
|
75
82
|
},
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "pnpm-shield",
|
|
3
|
-
"version": "1.0.
|
|
3
|
+
"version": "1.0.1",
|
|
4
4
|
"description": "Supply chain attack protection audit tool for pnpm projects",
|
|
5
5
|
"keywords": [
|
|
6
6
|
"pnpm",
|
|
@@ -16,7 +16,7 @@
|
|
|
16
16
|
},
|
|
17
17
|
"repository": {
|
|
18
18
|
"type": "git",
|
|
19
|
-
"url": "https://github.com/manuxstack/pnpm-shield.git"
|
|
19
|
+
"url": "git+https://github.com/manuxstack/pnpm-shield.git"
|
|
20
20
|
},
|
|
21
21
|
"license": "MIT",
|
|
22
22
|
"author": "manuxstack",
|