From 04695bc99065ca7bd6e118bb7f990765a73d78de Mon Sep 17 00:00:00 2001 From: silverwind Date: Fri, 26 Apr 2024 14:38:47 +0200 Subject: [PATCH 1/2] Add linter for package-lock.json `resolved` --- Makefile | 8 ++++++-- tools/lint-lockfiles.js | 25 +++++++++++++++++++++++++ tools/lint-templates-svg.js | 2 +- 3 files changed, 32 insertions(+), 3 deletions(-) create mode 100755 tools/lint-lockfiles.js diff --git a/Makefile b/Makefile index 2a78c907c0842..b83fb9c0a4cbf 100644 --- a/Makefile +++ b/Makefile @@ -360,10 +360,10 @@ lint: lint-frontend lint-backend lint-spell lint-fix: lint-frontend-fix lint-backend-fix lint-spell-fix .PHONY: lint-frontend -lint-frontend: lint-js lint-css +lint-frontend: lint-js lint-css lint-js-misc .PHONY: lint-frontend-fix -lint-frontend-fix: lint-js-fix lint-css-fix +lint-frontend-fix: lint-js-fix lint-css-fix lint-js-misc .PHONY: lint-backend lint-backend: lint-go lint-go-vet lint-editorconfig @@ -379,6 +379,10 @@ lint-js: node_modules lint-js-fix: node_modules npx eslint --color --max-warnings=0 --ext js,vue $(ESLINT_FILES) --fix +.PHONY: lint-js-misc +lint-js-misc: node_modules + node tools/lint-lockfiles.js + .PHONY: lint-css lint-css: node_modules npx stylelint --color --max-warnings=0 $(STYLELINT_FILES) diff --git a/tools/lint-lockfiles.js b/tools/lint-lockfiles.js new file mode 100755 index 0000000000000..b13d48783f611 --- /dev/null +++ b/tools/lint-lockfiles.js @@ -0,0 +1,25 @@ +#!/usr/bin/env node +import {readFileSync} from 'node:fs'; +import {exit} from 'node:process'; +import {relative} from 'node:path'; +import {fileURLToPath} from 'node:url'; + +const files = [ + '../package-lock.json', + '../web_src/fomantic/package-lock.json', +]; + +const rootPath = fileURLToPath(new URL('..', import.meta.url)); +let hadErrors = false; + +for (const file of files.map((file) => fileURLToPath(new URL(file, import.meta.url)))) { + const data = JSON.parse(readFileSync(file)); + for (const [pkg, {resolved}] of Object.entries(data.packages)) { + if (resolved && !resolved.startsWith('https://registry.npmjs.org/')) { + console.info(`${relative(rootPath, file)}: Expected "resolved" on package ${pkg} to start with "https://registry.npmjs.org/"`); + hadErrors = true; + } + } +} + +exit(hadErrors ? 1 : 0); diff --git a/tools/lint-templates-svg.js b/tools/lint-templates-svg.js index 72f756400de2f..56283e9590221 100755 --- a/tools/lint-templates-svg.js +++ b/tools/lint-templates-svg.js @@ -17,7 +17,7 @@ for (const file of fastGlob.sync(fileURLToPath(new URL('../templates/**/*.tmpl', const content = readFileSync(file, 'utf8'); for (const [_, name] of content.matchAll(/svg ["'`]([^"'`]+)["'`]/g)) { if (!knownSvgs.has(name)) { - console.info(`SVG "${name}" not found, used in ${relative(rootPath, file)}`); + console.info(`${relative(rootPath, file)}: SVG "${name}" not found`); hadErrors = true; } } From 265bb8621cd83f2a1498d48815f37c2efa523128 Mon Sep 17 00:00:00 2001 From: silverwind Date: Fri, 26 Apr 2024 14:47:04 +0200 Subject: [PATCH 2/2] add comment --- tools/lint-lockfiles.js | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tools/lint-lockfiles.js b/tools/lint-lockfiles.js index b13d48783f611..a74d44551571d 100755 --- a/tools/lint-lockfiles.js +++ b/tools/lint-lockfiles.js @@ -12,6 +12,9 @@ const files = [ const rootPath = fileURLToPath(new URL('..', import.meta.url)); let hadErrors = false; +// This checks that all "resolved" URLs in package-lock.json point to the official npm registry. +// If a user is using a npm proxy (private or public), they would write that proxy's URL into +// the file which we do not want because it could cause issues during installation. for (const file of files.map((file) => fileURLToPath(new URL(file, import.meta.url)))) { const data = JSON.parse(readFileSync(file)); for (const [pkg, {resolved}] of Object.entries(data.packages)) {