Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add option to exclude packages from the --validate-integrity check #188

Merged
merged 1 commit into from
Feb 11, 2024
Merged

Add option to exclude packages from the --validate-integrity check #188

merged 1 commit into from
Feb 11, 2024

Conversation

ericcornelissen
Copy link
Contributor

Description

Add a new option available on the CLI as --integrity-exclude which allows user to disable the --validate-integrity check for specific packages.

Also, format the table in the lockfile-lint package's README. Some more formatting happened as a result of commit hooks.

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)

Related Issue

#187

Motivation and Context

I have a project where I use a dependency available only on the GitLab npm registry. This registry only provides SHA1 integrity values and so dependency installed from there are rejected when using the --validate-integrity option. As a result I can't use --validate-integrity to at least enforce strong integrity values for dependencies from other registries.

How Has This Been Tested?

Unit testing: updated the tests and ran npm run test. I was using Node.js v20.9.0 while working on this.

Screenshots (if appropriate):

n/a

Checklist:

  • I have updated the documentation (if required).
  • I have read the CONTRIBUTING document.
  • I have added tests to cover my changes.
  • All new and existing tests passed.
  • I added a picture of a cute animal cause it's fun

cute animal

Add a new option available on the CLI as --integrity-exclude which allows user to disable the
--validate-integrity check for specific packages.As an aside, this also formats the table in the
lockfile-lint package's README.

fix #187
@lirantal lirantal self-requested a review February 11, 2024 09:42
@lirantal lirantal added the enhancement New feature or request label Feb 11, 2024
@codecov-commenter
Copy link

Codecov Report

All modified and coverable lines are covered by tests ✅

Comparison is base (7958b39) 97.98% compared to head (afcefd9) 98.01%.

Additional details and impacted files
@@            Coverage Diff             @@
##             main     #188      +/-   ##
==========================================
+ Coverage   97.98%   98.01%   +0.02%     
==========================================
  Files          13       13              
  Lines         398      403       +5     
  Branches       93       96       +3     
==========================================
+ Hits          390      395       +5     
  Misses          8        8              

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@lirantal
Copy link
Owner

Superb. Thank you Eric!

@lirantal lirantal merged commit 73cc59d into lirantal:main Feb 11, 2024
4 checks passed
@ericcornelissen ericcornelissen deleted the 187-integrity-exclude branch February 11, 2024 10:28
@ericcornelissen
Copy link
Contributor Author

It seems the mocked data in validators.integrityHashType.test.js isn't quite representative of real-world data. In particular, packageName doesn't look like "typescript" but rather like "typescript@{version}-{hex-value}" - hence the implementation here doesn't work, apologies 😓 I'll submit a followup PR with a patch

@ericcornelissen ericcornelissen restored the 187-integrity-exclude branch February 11, 2024 11:20
@ericcornelissen ericcornelissen deleted the 187-integrity-exclude branch February 11, 2024 11:21
@lirantal
Copy link
Owner

Ahh, good catch and thanks for the quick follow-up!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants