From f512c74b964cc28421fac94dff2dc3472da8f24f Mon Sep 17 00:00:00 2001 From: Liran Tal Date: Sun, 11 Jul 2021 09:30:01 +0300 Subject: [PATCH] feat: support private packages list (#13) --- .../small-project-existing-package-name.zip | Bin 0 -> 20570 bytes __tests__/__snapshots__/app.test.js.snap | 10 ++++++++++ __tests__/app.test.js | 18 +++++++++++++++++- src/index.js | 10 +++++++++- 4 files changed, 36 insertions(+), 2 deletions(-) create mode 100644 __tests__/__fixtures__/small-project-existing-package-name.zip diff --git a/__tests__/__fixtures__/small-project-existing-package-name.zip b/__tests__/__fixtures__/small-project-existing-package-name.zip new file mode 100644 index 0000000000000000000000000000000000000000..21e2d9ce00f83f703d9aa7d45d554e84c6388085 GIT binary patch literal 20570 zcmd6PWmpwj6D}!8NvCvovuUKeySrOjLQ;^HZfO*xyBnliT0l@j36ajb(Q}UC@$-Q9 z{`7~yA#4Of?c^K1Bu^ob$P){*8u(_m<09~RH`vMo1;U!f^ zZ5vt_YzyBN7Vwk8m~JJEt-+OlI($>ym2dpQKmIos>mOlp{N?#Kg5y;^W6A>B=xS;H zDIAB9z5xKhV8mj~!pLNxZ(w3*%wWP~WXQ&5#BRXAqR(c?V8q1!)udOXio^cpJg%Ur zVUh@K1gOHe<-q`e^-)C(wxO1{AYiA%RM>|NHL1qk9(Hh$r)Qwl0h-P)#v>jD$!zx7 zmhFoGBCenj3UmC|VP4RN*;sY%d1zPzB`d2bi|>#{YBB?}F7=Z~p67WFRy!k*BWfIE zJ@dP-KZLgWY6iQ1uRC^HBOBcR9*w!zvjI63jJ&$JCy9Fer(I9IRkjUm&~?c$k_!<} z!E&p`626=1=YRzGBfVXPkN*r&-!`r5Pd@l(e!&R%2Db+cQ&;O3`}aHCy_EceD4X=i0mc9T6Eh>DJ`a_WSTaO(`L*%)qF}z{0@5%qUMGCN(G{B|FhaH8^C5cQs zhVcV;C92S2nn8L<{**I)4YHOSxINPBbGE3J_?5t^FjGM6)|2jrM3^k3sVOr<%1m=L zG8oHrS=+G(VF;h-tj(ReEVtMi3hV$)m`s%XsAv$=ul?)tGr%%TS6@q7Nq*@9g>hH} z?1Od7e*#;!=Rr$NpVk=cig=y!$r~f~;59cvl(&=mlnx^`5)7}w^Rt5z8FtLD0F*Kf zP-5YeFYUFjyAN77YM*RxL4CKv&pYULRY?t zKQ8w_&hfAyegt0zM3AAAU>*xNqnFSzn9JbYCqCBo?<_Q-QIQ|hU$k%xz`c9yZL;}# zoV6~hPXLSQUf+@2ph~PIT%3}+W4=#vDC&|7-rz-^8`0xUu%|=T_;hkg8`(I@)bLQ; zL^f}5NLpnwNeG*5TX|2PX+q;;c3pI`wQ`GpdJ`3Z-2UJ|8W&tv$DsEPp9^xi@rO-} z|E+13+biJfcKRnO+$wS6{6n;FoAP0*R7M|YVARzp=@{(^zhPKw$=8m-14yJSt`d4-D?;^8jl&QNQx ztlgjr2|uDK*l4vwq4gCqz|+c(L94*ec^)oBxcO*gpOJ+p4=)CJy78J{BPbYGg?Ei$ z#>4DMS7-~qsB8)x2>WzDMMOu@>z*pg!}+Swj1e@AG8LtYm7eNM^A{~kTYbs-spL^0+6hi%ZH-1xoYtV+)W!(u177-K8$}q@2S=Tf zN|KzCx%`aNm*sN1qU_kM7Rytj#Vg>WXDdOGMyErVo{7b00O~09 zsV}B1Fa<@rO>G}8-9y_>wS}8AzZR_DccT9%HTeZ75D+4iKl3=dhsLxIjSci2jBns^ zscM$Cvm)r{G#9~|!i71n@Tz!GXKTWjrudULZNQAe&_g;(MOWkuq#xEWw^LYrx_s+k z`h^@ruA?b?WuXj_wzS1F0gdnAtpR`X}ptZK_xLPc5lxX--$A79E`zUY%0 z;W(#(k*5-MuZIrgetR!@g z-Fdx6sCdlX&P)>MGYUyb^ie}))HCjhe7%>Xu4bi#$CTwBwSzSMxeBq-eAy~Avu{l5 zDvKB?(B0@zM7LIQsfH$!NRs&zGOBxqlI(bFWe)O zPSk(PKvO}njOJld`*zmei){7lU zuPl}`^Jx&c8G4HRNqq=H?!O_!38Ki>5ny#ikT~waV~MM!pv$Sm1@A5apjYZ&AV&2I zbZJbufe|UL#+8LH@xv?c6AkslJkl#se#9J>x%0`tQiSF$HShYp@DusCsMr>v$2-}w zqWJ=;9(D;qxHS z5zdd40FtDnQY^2CdKNoXjM|_omLrQLBop&ZD{5ZGy|@>KE$i!_)+sh{@kP(JKT@GK z3_rN9C`tSdy3{?)-zP3QO6(cn0qJJ~mwP^7Y|6Xt3Y2JV4=!TXV)@zD2Ix~HWrI!? z-`HnpZ5bmzOJuH57H zASl2m7@hf;Sd)2(;}DvzfnIE!!TYczSJPGiST9;ZIXB!nvz)Yuq!y!u5pa(?_RFlLW8(W|Ql3{l?J(nUGXY zcFm&Ro;D-D`9ez^V>vDeb{?&V$#oLH_z9u}(#%!`XVb)p)JX%azCViitRh2A-)e_qS$)!V!MEq7Rb5;8p)p?&me(w!CxlPHiy9C2#_7PN z`u3iC22nca)+z7%#1euPS=o}o?}CbsuKE#!!7t#UGCSD?c*ON=YF=|zdTw#4FRl9 z((CF9$-7Y0r?v$t(OG7ol)K;+LnI9eWJ1g^uIJj0ePPt;GwSsP^`b$g%+kbE#Nd|W zsd+Ap#FGOsrg0&MDkkWH{RB1EJxi^MK37cS=ku))`R2T=6 zq^zvA9dDPkakdGE_zq%Ufx2q@8%z~=r*zp!H0tP=mT_~GlI!x#FPLMTxV|vGwIWa} zN9(5#7-Zh6Yl*6fy@NxPFd0D;EH69UVoBKDxk(}8ogAKsG8i9b&(N7O=5()Lynq?Q zU!iLhGXqf632_hRO+N-QJZ@J@hbATUfe;|%USg=vQu_hUNg58iwyt)(P$W1ew@U-^ z`zX+?2FX{Y{3BC=v72-PW;_Nw{2<{^omA{a9n;%3X!tmS!hQHsJE-nb3uLi%yy|Gf zvA<&!x#6Bagpv7~5v3OYWi>bdvuLJ)xJq=`bbR`(R@q{@VtSp%)MG$NtY;70!O|L_ z*+5VM{9`F>zykSX8*PcBW$IRBPS_~FK)Jdx1;_F(Z-&HErY@lKI(9kV3p=$ z4}ZJ&rdHazwDXmp)JW@KGa**2BpH6iemd_b73 zybC|Dv^dDP**z0eBuHgmRi}Q5DJ(=E3D-HX%3QWdkotfV)Jg(H&Jk6qWEPOQbY>~< z1Uf&TR#mwKp}Q*{;8cpz!=HUL;oo$t2arnI^rS;q^ep1gS<4)4gS zCd$mW$ao7T8P=$Nt<6tD4Z~ovUrtR+I=pc+V5+xFre54~b38B#C-C(XZAOaK4PU3)%?huQ0<1N||CNQt6k;iHeJG+A`> z*_~moaP_IZq|1n+#9(}AyImK4Q}?GPTtf%Lj%mAqCl#CVI^4M_PEDJu=frJv^KFT) z7v4<618X0NOzAc*B|&B%usQGs4|du4P@m1Ej^VK(E%Xj)HR=JfSx)`Q@Fk)igG0wI z1Ez+f?+?LtN1NmnsHHtRfK|qDP0kp|^|$Hw`b>Kn`A(waaKj{ulV??i%Ef#B?Q6OA zvi?G~El2HU!RJtJv-lu(Vk=)R6SrNBl3lKp}zG;}qvJaRO=Y zD*@q$dIfrrL3>AoTRnwTfs~SqF8KVQG0VsW^h6pp!ezVB-Nn?lX!4DAcO5(RpxJtm zuH!7LROO*&uyKiY=8AcDs|wW2Bi|66(=XZbx7~0N1sUV(rYISMd z=oo((`l#KAdL3KmV*$S=cb!Zn;VlO2Q}c>;#`~EP{L07E-X#u*=ruV9$Fw}x6 zqd)w~yF>NK_uUiAh9;CL#KJP*pHrWtef05w;TZ}!gSK^~DZ~wlf2-^aey~3L*W&`P7Nv8Y|8oo69k{sh2hcJ0CDvtOK2{~YFC7SNgXI&uogJ-nyjwu43JT!MZq`k z<=RJV?mroV8~)G<(fagGh>;+*@N!dl#CNoD*-azIBgYFNcSpuH zw%?D98IWejX7tHsU!3nAe~4-tYa&tBc^V2>c8rzVIzJt{_xMbO+kdegm$o!;M&B^w za(JuKTr5&A?s?}HsYu~?CMR5=S2YsO%0&Ms&nbkk&8a?xy>M=cz-ZMhl0Hql;roov zYLO|JTk>Pt6;&0}&cx9U5b34B9}LNPDz{F9t&(W>dlgq$cirW6)>Jn=5`L7% zpZ4gnMUg`1S={p*l-LR}xj?|U`XN2=#aDa&} zqC(6@D;5*8gQAPHX-s}`toSL1HmH8N!b(%8d)c;2XRZ*yTiEk5K%>PSjC)EA%(u@C zYFt$plU;DTWC4`RpSODrO8}3M=ov23)D}bQ2MP#H33l|pM!$>?&?-S>8u%t(Hc
cq;wfL0mxkzg&vjyFRW|t%+-vi>Qj`0oT)rVuw zkds2P@JIr0m#ft6sY3vP10Ah_wXYJQ=3gsLxpB&;r3a&4#+X=Bcs9Nj!rqs7i58j$ z&ms6)QGOLJv2kNdhs^hwrBg+KA(z8=Iu+T>^MGyGPbIWN4v_cPJ2Ahx;57jgZG}1)kPFmnq z7Oq0*vrm~H@XIp6J=>t;^@yApG*QecmzXJ=FG_`2E$lr{cwFp1Au*(V^vM3gisg~A z__@)X4WIvWme=$K>aob^U0S|0}f+xjHjhm9tMN0 zYaI*oNXPc5Jfr>C4s#EbGP_$@0bNd2PK@3mLQF0qjvBGfJBM;yiqJDxVtw>LFuPG( zh^CjHG(|Aqo7y~;3HyVoER(mvW0Y$)<7fl4&Z?zQ6QR<|f) z^64|o2Z7vtcjIKIc6n3UBKR6F_7_q#wjFKaBty{xz_a)YSHB>h!?Z6g4a~0cHG9E} zuR>twRIfD*-?enFiaaKDr&+mUl9xkb#gtWO!exi4AQAD=xj+s%%4KFk*_eidRjraa zp_0{LUW6ae=}u@}4RT4^tVbmmn(IrT_hCgqQ9Q@IcZbdTp)`~>Aj3|EJuZ(SehG(z zJfN)cf_+DQeG_{BVbT7LuC1Q40BF2BFcc`)q`C|XWMBm67pKaIXn>bj==nwa| zZ8GBEBmD+SSB{T2qgGe_v5V=23%_(`-(?bX+()%Zi8c|ikP~)b)0d4B3ehT_8$2K& z57Ft~}p3xI3sr5)0uJ=(e=AVBG^uJ5^ z{4-`WM`rynDDEm$*$(NUFNiM%UGz@dg$Wv?B@0;C0{ylCEcl4Z@*iP_^2tBvD*_Vm%W~4@L3|OWK(1r z25VeE1@t~4Wvf2nLz<`gN;a*_`iP+8;eiOjq#lC4pC^!45r_op%@iLHt(P#xbLtv) z)2?7tsmHN*gVNHY%JPIUKIGOxz8_+|gls@P5ryuZPBM;+`^7bw?c>AL(VEHbbZ0L? z*viHCAtqPfYLZifE_k>ws?)zdP)DOX7)W=6iwSXfi(D`Y2w@tHrZ^ngULMBUz0BoFhMca^p_g(5*kV0&` z(OlnsK6=47LJ`tPhtocm8$QJ5;&NQ5J-jwEy|0{w{ib+oA~HgHS!U!_7cqgD5?ID_ z{Ur;Oa^6PWFN;kzPGIlNm@W=zC6;^BlNy~X#_Wb9EyJX{H{CDkUtiSJ3|<7j^_Zn9 zNqq}y#$3U%JE{@7Oeus-2kue!G+B5qesIy>UCLpX+3Etctbr%8lTMETtH zS0$!;tuTULy0_;lUFVM*Pt35&ZH_1ItStU`J zaK_Q`Iplq|Xo@!y=WD68?%n!amb-IQd%V{IOj(&l*8EL(M32eoo8 z9>F#Y(9xBJgr4-?F?yQlHGl^#%N4^FmpL{<5kUoTA2$<3>iT%Sxk10r{~E@KUn=L5~&XH;TA;CrJgM2&>XHg(UW zQMiKVp#;vjoO`pN?WZRmnRYSHa^e)l;A!+|yb9og=L{;Nf*wtPw^AwSZN-W)5S-HR z?UA=G^naPcG=soR9lIx8-dn9IM+UDRlz9~JB)YAYQ=aQnY_u8FqJ&X$_GW;;PF5~P z@7%qKf={I8LnJ%PQO_*|rWY-F%)qkmWOw%B*pJc+1WD4r6h1zVDkx!IRF*zZVp8CG z2i~QGAo?bwxOF*Dye@@44KKdjjWba?{;<50<$b^AFpWYFTF61!$Xz%*>Ts{6i&bIE z_RJvXOprrk$(}FxFEBnQNFBj`sR6a8z%|o_+Hg7_4_%ZVuvBC-<#;-J@2M?fGb?hT z&hDVSyBBW4a%pilI9@D5uRf|*3DFm6Qv19tJ0JOK92!f5S_Ay+Y1AeP8^apVfa8#V zmPP@MXr~XnLBG|zO@Pvf!Yl)#hfUKvJ0}0g*L0hjiH=VcB$yQ?0<&$gd<~u(qG>)P z#e!+?J|y8VPfuivh7vv4+T666o0p6eAj@5IzdP?Fa`!|3-OT!^|32QPS0XR0lWq!>|YtJp!FlgcJzu`3m^ z$=Di8G_s&f>Ck6Hp9#*wKgu!*gwP6h1BW4hgt7~yoaoa7Q>QFTV?=-ZWIYi@=Zr=w z0U5Ab0KsY|i#`;Bg7`s@hEM4nn~BgcEmu$~eQZ@i=i5H4uqcmpj2!oH8wl)1_zRMR zbOMV;W1k>p6SPj;?vgH_Nb~7PP>AuMkD*eZs`~@j&|`!QipOz_;KS;63Wa1svMOFw zR~8wDEJMT4d@Q_wt_9)uGHUuj52m=($uRYpcS&l6gW&_ZK`W9TCs9LWMJ%{g+1W^B z8|jC9>&R{>sqs%<9ROU*DNMv#OzFn04$q zQxAljoX(x)?xUbd2#)OteaUS)UaBC5-_5+#ltmdYWcZ3gQeg#Fh*0o#U{g{XHGYs? z4yt+_VcwApJv|*6@cwzv?HA_Xa=XTdM8Vv`&I1~_Gv54h7`k*4myum?>BrJNb zWvzz@tCKeT&K97>#wSLIZ!S+(4tu~Df^p6YjpRLL&aSGW4fHXL5JEPa&$;K?G10w1 z2E6u<+V7T*rlh&<`@^zuJDp0=^M$%Y*(~Bt+Q|fgq@-%olHm_E4K6<2kOCvwlYYp< z7j$o72;*f&uA$}jol@f%)Ki5Hi|R{ ziCCZWH0^Q0Y$I$R@b%B{#?&163c^l~FWH$kXg|Vn^a8)W)so;2TY`bl#f`xANAc3u z!I9R<&PdlPfq7TpV2h~1G$3KkO0llsTA-*p< zmp~1q15XaoKRh+8jUNL0o^O1$<{2R?>(7ALxqXf*%ixY&!P86E=G>u{1Hr48K-HK}N4eA*;0bu9Hw`in|aNatYgPUN6l z+N)RC02t$e_Y;A4*;;aA413?gnBOT+6`Oql)%QR>huE3EK;B(4E`cC?%QL)d-})gA zf2(tyS_;A}4iDi+a}K(!g-fE~n3r{*CsOGx3@z4rgS9(JESUsoUa+A?Y_A@C**qKh z1WmG7taP>U4UU7+q?{NZiJ)v5jcM&kxGvvQ>7)oq6G zWqGh9Xa0jol`|CqU!D@5{_!y(DKhy_>);)4KktFQJDlO|K6qy{-(^40O4AQ!OT4zG zhy_i!de2VP5J{{n&Ek_RI|O|Y+`@jk2yUYxR}nM4i@m6osnmV|3cvNim^i!DH-( zSZ`HkCNxqvF}2p#DnhkSw|vBMHuowK34+{$o;@R?iIemMak^~(@bP$rt@vQps{h{g zeQ@s{%yA>|;MD;hynKJS5A2*A%x++T0Hp=XIR-c{-b*x%t*Odkt;Y?86#?>?)S*mW zy?9-0DMC*hIh{?oq`3~dWy>5IXE8r5v8%`NdY+J&9>1#@Jz%FGjN6$3w#4S;;jmI;N+-vd(F zc9Q0sDX=qDAB310YRK*zj7V*jDjIn}No8Fhqd+)=MH5?VPMOT!zp^9W4H6v=L!xHd z_k3+0PGU8b+1&7;CYTh|%P4Z3?0hoO-B;hHkhx1bg;R{)JsZ8vO+qtOK)sFjxTW&c zGZH&`)M;>4AXJmkkY$hv_!zx0ALw!!kz=+IZOe52LT!g}=jlxL#(;zNdob}2^`)Z8 z*{>VlMaU=3ZG@4kyJJHW1OjebVq20#AVr=l#SI)2?y8}tRj zz1ve+-AZ#c2#?_Sou8&f`0R`dg~$T7Vc8Q>noV>4TvGE|+QSfQFN{k$X*<^7u}lLH z8wBGE{OD{8skHZTKZ=dPmJ)i0EZ@No-xL$L^j*_GKhE|b?K|khenb9IkWfsa9k=(6 z!s^0{>FG?F)gIDSt0+|#85)*C)F;rL8yt1slAKIgz-S>$jUGbUKzjUA$nS}BH2123 z4_Qg2-<1BPPbnl}jAlyu?&zBhibjtl#$m~+;68rG*-~CE-j!5Iq_+9t*9~WTh=MEU z$2h|Z&mMzpOr&%Mte*5!7cJ%{1I>G0!nTsm6%|NRDTa$MS&b7_YEzS-2+F%eW_R~_UP=|k&40E9=F=<4GmOC zX$}saDOBWK`-yeRV+C`4C3RAvW)+rYEKRhoG}Q_fCMHB_=hA-HR`|dz(a0Ki=K_>GCBCyoMesUxbvV6PeopAgQ5|G7ylfs`=C=J# zz9_p}0i&MU9G2UfW6WAc|~uyB5K%J_;Sjm>^wm1l6!HQJK4b)C`Kfa*ZD z%<$Nlmr>aQNUl{GmJodk=L3p{)#)l(>4q{RJ$xf^bY9PU>^2r6kJdPT(% zl&kav5TD2p3R%#FiV&Z)hg32i$wx77;y}1KHA{xPJ$7qhl?1HVZK*Z0I=74_c~xac zd=`)DxWLJ}D?;&5Rk|%q0bj|=Cro@NEIvP+?9*y#5~rR0s{uIN6|kZO*%g@i_gsll znM2*5hiC?ygivus1$FT>H*^iGS*wCu@aOB`+{QrZSr&L+jP*!;B0@^;O3f$;*G1aX!FOPJiw$;N++K(| z)Ml`y$&+lo(wp1q*;&N9Lv8NdcP0JHmr%7w;@0z2Mc?X8X~E+qEJMR^uD8JS^ds~i=t%JI|Z~2+yU?>;8Gts zO96gq?bVZQA9c0nU6Yad$g75m+ra{Z&1JV(JvPlepN$bm9Hzb^0FSLwT&~Qa^+jgR zYP<|-oVAbvZl&aA)3wJg3WYhzve`_#&5>4$0x?y>fhaD9)v4}|ICiP6hx}q04h{D6 z0n3YD-=%)t)Oow+?(f~kzv=1x2J~|m`R#gLf0z>ZUAym9X7nA-ANy_>C9p!cT3ok^ z@jt-*caJfL@y$lLelyr`yGHM?>>Ty~?yLVFeZSwc#4FVU+;|THfO>caT(`5axs8#r z>px2W#SEjvXSjzZdU|?b23`KD)?1@}mR@aUB6sef=LRd2!NG+|dXMV*SO|H$HXr5H zH;9a;-hDZQP8Rp?hWwCBVgp1eE_MtH+fwddKUjwxSP7c6nTHs&i&cMo=;IBzn z0%Hd&a~nrmJ1Zwsa~oP`Cu5)=fP&$H|9bzCf?xtUUwsfkHusTyJ*HeiUmr#N8~VyH_J0a})4|mLCir{9BmkQ+ zZm*larv3igFu&h1cYy-{w+H_^9twoM!DhWa9QvbST>ljMrlX?&P4LPv*XKRI5&U*U zh(O;)H{V9_{@WfuI|Kc-$k}--%o{kt_e0|Pz~_&G(%rp{pkG1%8UOrmfq!jFyx z&y$-w;9t{~zq9N&fv-TX&sP2@aK-IG|1s|keE#o4@#;6rHS<=&-dftfYL4HD{Oco` z^BOWS+@B%;J?;2A{9mj5!C&~_HdFln75?8<$$zuB+FsXZ41Y9y4*YGjaBboc2z^y~ z{3i4Jd1o_RGk_xS=I!Q={`dIc?@+&Q?d!vX-v!?EY5W7!Upz_QjK=kevL9*CBi&y3 zU(A=?jK=l$^B-wE#riWEKfRdUjK=l$*B@y_;@+Od_ot(4&9FD4a=qvCM=E6ax2N)( z4$zy?x!wTtBb^syx2N-~c9@&-xZcC@BM)neKjQJfIy!Df=lVPMk94M}|A5XfUcGO| z|dHj*e2l_vwa_t@R zW+bjZDjGxcA>&YAi`)w$E&usqVVEs9RWW9E^?Wkz_5}XANd29uzvpw;uTj5=ewEc` z`@jM38gDN8Uze)?E$)@6uis|=sPB_of&P5A`M=O1fd%;0tvMw~8c_0FuB*TP4@Lta A3;+NC literal 0 HcmV?d00001 diff --git a/__tests__/__snapshots__/app.test.js.snap b/__tests__/__snapshots__/app.test.js.snap index c14437d..1fd392e 100644 --- a/__tests__/__snapshots__/app.test.js.snap +++ b/__tests__/__snapshots__/app.test.js.snap @@ -91,3 +91,13 @@ Checking dependency: webpack-cli -> introduced via commit sha: 61c5d8034927693cc72064c44b8a7f3f63b3ea50 " `; + +exports[`Test case of private package that exists already on npm 1`] = ` +" +Reviewing your dependencies... + +Checking dependency: eslint-plugin-vue + -> ❌ suspicious + -> introduced via commit sha: 9e9dab770d4e412babfce0f2dc66d8b04a6c0d28 +" +`; diff --git a/__tests__/app.test.js b/__tests__/app.test.js index c86d457..fcebc4a 100644 --- a/__tests__/app.test.js +++ b/__tests__/app.test.js @@ -9,7 +9,8 @@ jest.setTimeout(30000) const projectFixtures = [ 'simple-project.zip', 'small-project.zip', - 'commit-with-broken-package-json.zip' + 'commit-with-broken-package-json.zip', + 'small-project-existing-package-name.zip' ] const destinationFixtures = path.resolve(path.join(__dirname, '__fixtures__', 'tmp')) @@ -81,3 +82,18 @@ test('Commit with broken manifest should be ignored', async () => { }) expect(out).toMatchSnapshot() }) + +test('Test case of private package that exists already on npm', async () => { + const projectPath = path.resolve( + path.join(destinationFixtures, 'simple-project-existing-package-name') + ) + + let out = '' + await testProject({ + projectPath, + log: (...args) => (out += `${args.join(' ')}\n`), + debugMode: true, + privatePackagesList: ['eslint-plugin-vue'] + }) + expect(out).toMatchSnapshot() +}) diff --git a/src/index.js b/src/index.js index 889cafc..affed00 100644 --- a/src/index.js +++ b/src/index.js @@ -4,7 +4,7 @@ const RepoManager = require('../src/RepoManager') const Parser = require('../src/Parser') const RegistryClient = require('../src/RegistryClient') -async function testProject({ projectPath, log, debugMode }) { +async function testProject({ projectPath, log, debugMode, privatePackagesList = [] }) { const registryClient = new RegistryClient() const repoManager = new RepoManager({ directoryPath: projectPath }) @@ -48,11 +48,14 @@ async function testProject({ projectPath, log, debugMode }) { timestampOfPackageInRegistry = new Date(packageMetadataFromRegistry.time.created).getTime() } + const isPrivatePackage = privatePackagesList.includes(dependency) + // @TODO add debug for: // console.log('package in source UTC: ', timestampInSource) // console.log('package in registry: ', timestampOfPackageInRegistry) const status = resolveDependencyConfusionStatus({ + isPrivatePackage, timestampOfPackageInSource, timestampOfPackageInRegistry }) @@ -68,6 +71,7 @@ async function testProject({ projectPath, log, debugMode }) { } function resolveDependencyConfusionStatus({ + isPrivatePackage, timestampOfPackageInSource, timestampOfPackageInRegistry }) { @@ -81,6 +85,10 @@ function resolveDependencyConfusionStatus({ // this means that the package was first introduced to source code // and now there's also a package of this name in a public registry status = '❌ suspicious' + } else { + if (isPrivatePackage) { + status = '❌ suspicious' + } } } else { status = '⚠️ vulnerable'