nodejs-lockfile-parser
nodejs-lockfile-parser copied to clipboard
Published
20 hours ago •
snyk
snyk
bug: no OutOfSyncError on github revision mismatch
reproduce
cd $(mktemp -d)
npm init -y
npm i snyk-nodejs-lockfile-parser
npm i "github:milahu/postcss-nodegui-autoprefixer#e180d6a5f2f313d634f73637a285c129de90d530"
sed -i 's/e180d6a5f2f313d634f73637a285c129de90d530/f4311b3ce656395d469e9a7df0b940bdc184a757/' package.json
# now package.json and package-lock.json are out of sync
src="const read = path => require('fs').readFileSync(path, 'utf8');"
src+="async function main() { console.dir(await require('snyk-nodejs-lockfile-parser')."
# call buildDepTree
# last argument: strictOutOfSync = true
src+="buildDepTree(read('package.json'), read('package-lock.json'), true, 'npm', true)"
src+="); }; main()"
node -e "$src"
expected result: should throw OutOfSyncError
actual result
{
dependencies: {
'postcss-nodegui-autoprefixer': {
labels: [Object],
name: 'postcss-nodegui-autoprefixer',
version: 'git+ssh://[email protected]/milahu/postcss-nodegui-autoprefixer.git#e180d6a5f2f313d634f73637a285c129de90d530',
dependencies: [Object]
},
'snyk-nodejs-lockfile-parser': {
labels: [Object],
name: 'snyk-nodejs-lockfile-parser',
version: '1.37.0',
dependencies: [Object]
}
},
hasDevDependencies: false,
name: 'tmp.ibogyemwlr',
size: 300,
version: '1.0.0',
meta: { lockfileVersion: 2, packageManager: 'npm' }
}
