To help you get started, we've collected the most common ways that lockfile-lint-api is being used within popular public projects.

lirantal / lockfile-lint / packages / lockfile-lint / src / validators / index.js View on Github

function ValidateSchemeManager ({path, type, validatorValues, validatorOptions}) {
  debug('validate-scheme-manager')(
    `invoked with validator options: ${JSON.stringify(validatorValues)}`
  )

  const options = {
    lockfilePath: path,
    lockfileType: type
  }

  const parser = new ParseLockfile(options)
  const lockfile = parser.parseSync()
  const validator = new ValidateScheme({packages: lockfile.object})

  return validator.validate(validatorValues)
}

View more ways to use lockfile-lint-api

lockfile-lint-api

Lint an npm or yarn lockfile to analyze and detect issues

About

Lints an npm or yarn lockfile to analyze and detect issues

Install

npm install --save lockfile-lint-api

Usage

lockfile-lint-api exposes a set of validator APIs that can be used for programmatic use-cases, such as being employed by other tools and programs if needed.

Validators

The following lockfile validators are supported

NOTE: package entries without a resolved field (for example, those installed from the local filesystem) will automatically pass all url-based validators.

Success and failures

When validators encounter errors they will throw an exception, and on either success or failure in validating data they will always return a descriptive object for the validation task.

Successful validation

When validation is successful the following object will be returned from the validating function:

{
  "type": "success",
  "errors": []
}

Failed validation

When validation has failed the following object will be returned from the validating function:

{
  "type": "error",
  "errors": [
    {
      "package": "@babel/cli",
      "message": "detected invalid origin for package: @babel/cli"
    }
  ]
}

Notes about the returned object:

• An errors object will always return an array of errors metadata, even if there's only one error associated with the validation being performed
• All errors should always have a message
• The availability of the package property and other metadata depends on the specific validators being used

Example

const validator = new ValidateHost({packages: lockfile.object})
let result
try {
  result = validator.validate(['npm'])
} catch (error) {
  // something bad happened during validation and the validation
  // process couldn't take place
}

console.log(result)
/* prints
{
  "type": "error",
  "errors": [
    {
      "message": "detected invalid origin for package: meow",
      "package": "meow"
    }
  ]
}
*/

Example

const {ValidateHost, ParseLockfile} = require('lockfile-lint-api')

// path to the lockfile
const yarnLockfilePath = '/path/to/my/yarn.lock'
const options = {
  lockfilePath: yarnLockfilePath
}

// instantiate a new parser with options object
const parser = new ParseLockfile(options)

// read the file synchronously and parses it
// providing back an object that is compatible
// with the @yarn/lockfile library which has
// all the packages listed in `lockfile.object`
const lockfile = parser.parseSync()

// now instantiate a validator object with those
// list of packages
const validator = new ValidateHost({packages: lockfile.object})
let result
try {
  // validation is synchronous and is being called
  // with 'npm' as a shortcut for the npm registry
  // host to validate all lockfile resources are
  // whitelisted to the npm host
  result = validator.validate(['npm'])
} catch (error) {
  // couldn't process the validation
}

if (result.type === 'success') {
  // validation succeeded
}

Contributing

Please consult CONTRIBUTING for guidelines on contributing to this project.

Author

lockfile-lint-api © Liran Tal, Released under the Apache-2.0 License.