Class: Danger::DangerPackageJsonLockdown
- Inherits:
-
Plugin
- Object
- Plugin
- Danger::DangerPackageJsonLockdown
- Defined in:
- lib/package_json_lockdown/plugin.rb
Overview
Force locking down of version numbers in package.json
Shrinkwrap isn’t the solution you want it to be, and none of the other tools quite do what you want. So you’ll get fed up and force manual management of your dependencies (after all, ‘npm outdated` is fairly easy to deal with.)
This plugin will warn you if you’re commiting anything that looks like:
- "^1.0.0"
- "~1.0.0"
- "<=1.0.0"
- "<1.0.0"
- ">=1.0.0"
- ">1.0.0"
- "1.0.x"
- "*"
- ""
So you can still specify a git hash, a tag, or a URL (and so on), and, most importantly, you can specify a version number.
Instance Attribute Summary collapse
-
#dependency_keys ⇒ Array<String>
Allows you to specify dependency nodes to check.
Instance Method Summary collapse
-
#inspect(package_json) ⇒ Array<{Symbol => String}>
Inspects the supplied ‘package.json` file and returns problems.
-
#verify(package_json) ⇒ void
Verifies the supplied ‘package.json` file.
Instance Attribute Details
#dependency_keys ⇒ Array<String>
Allows you to specify dependency nodes to check. By default it will check all nodes known to contain dependencies.
47 48 49 |
# File 'lib/package_json_lockdown/plugin.rb', line 47 def dependency_keys @dependency_keys end |
Instance Method Details
#inspect(package_json) ⇒ Array<{Symbol => String}>
Inspects the supplied ‘package.json` file and returns problems
81 82 83 84 85 86 87 88 89 90 91 92 93 94 |
# File 'lib/package_json_lockdown/plugin.rb', line 81 def inspect(package_json) json = JSON.parse(File.read(package_json)) suspicious_packages = [] dependency_keys.each do |dependency_key| next unless json.key?(dependency_key) results = find_something_suspicious(json[dependency_key], package_json) suspicious_packages.push(*results) end suspicious_packages end |
#verify(package_json) ⇒ void
This method returns an undefined value.
Verifies the supplied ‘package.json` file
64 65 66 67 68 69 70 71 72 |
# File 'lib/package_json_lockdown/plugin.rb', line 64 def verify(package_json) inspect(package_json).each do |suspicious| warn( "`#{suspicious[:package]}` doesn't specify fixed version number", file: package_json, line: suspicious[:line] ) end end |