ayo/lion
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

chore: only scan for allowed registries in yarn.lock

Browse source
This commit is contained in:
Thijs Louisse 2022-05-12 17:06:37 +02:00 committed by Thijs Louisse
parent d382887e67
commit 1dd1da1638
1 changed files with 13 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
scripts/yarn-lock-scan.js
View file

@ -1,10 +1,16 @@
const fs = require('fs');
const path = require('path');
const yarnLockPath = './yarn.lock';
const data = fs.readFileSync(path.resolve(yarnLockPath), 'utf8');
if (data.match(/artifactory/g)) {
throw new Error(
'Artifactory references in your yarn.lock! Please make sure you are using a public npm registry when downloading your dependencies!',
);
}
const lockFileContent = fs.readFileSync(path.resolve('./yarn.lock'), 'utf8');
const allowedRegistries = ['registry.yarnpkg.com', 'registry.npmjs.org'];
const resolvedUrls = lockFileContent.match(/"https:.*"/g);
resolvedUrls.forEach(url => {
const [, registry] = url.match(/^"https:\/\/(.*?)\/.*"$/) || [];
if (!allowedRegistries.includes(registry)) {
throw new Error(
`Disallowed registries ("${registry}") in your yarn.lock!
Please make sure you are using a public npm registry when downloading your dependencies!`,
);
}
});