feat(lockfile-lint): command-line hook

package.json

@@ -22,7 +22,8 @@
     "start:watch": "nodemon --signal SIGTERM --watch src --ext js,jsx --exec babel-node src/server/index.js",
     "prestart:prod-sample": "npm run build:prod-sample",
     "start:prod-sample": "docker-compose -f ./prod-sample/docker-compose.yml up --abort-on-container-exit",
-    "test:lint": "eslint --ext js,jsx,md,snap .",
+    "test:lockfile": "lockfile-lint -p package-lock.json -t npm -a npm -o https: -c -i",
+    "test:lint": "eslint --ext js,jsx,md,snap . && npm run test:lockfile",
     "start": "node lib/server/index.js",
     "test:unit": "jest --testPathIgnorePatterns integration --config jest.config.js",
     "pretest:integration": "concurrently \"npm run build:prod-sample\" \"docker-compose -f ./prod-sample/docker-compose.yml pull nginx selenium-chrome\" --kill-others-on-fail -n build-prod-sample,build-dependency-images",
@@ -142,7 +143,7 @@
     "jest": "^24.9.0",
     "jest-circus": "^24.9.0",
     "js-yaml": "^3.13.1",
-    "lockfile-lint-api": "^5.0.4",
+    "lockfile-lint": "^3.0.5",
     "lodash.set": "^4.3.2",
     "markdown-table": "^1.1.3",
     "mkdirp": "^0.5.1",

scripts/dangers/keep-package-and-lock-in-sync.js

@@ -14,117 +14,6 @@
  * permissions and limitations under the License.
  */
 
-import {
-  ValidateHost,
-  ValidateHttps,
-  ValidateScheme,
-  ParseLockfile,
-} from 'lockfile-lint-api';
-
-const defaultLockfilePath = `${process.cwd()}/package-lock.json`;
-const defaultSchemes = ['npm'];
-
-export function lockFileLint(
-  pathToLockFile = defaultLockfilePath,
-  {
-    schemes = defaultSchemes,
-    scheme = false,
-    host = true,
-    protocol = true,
-    basePath = pathToLockFile,
-  } = {}
-) {
-  const options = {
-    lockfilePath: pathToLockFile,
-  };
-
-  const parser = new ParseLockfile(options);
-  const lockfile = parser.parseSync();
-  const validators = [];
-
-  if (host) {
-    validators.push(
-      [new ValidateHost({
-        packages: lockfile.object,
-      }), {
-        onSuccess() {
-          message(`[lock-files] ${basePath} has passed host validation`);
-        },
-      }]
-    );
-  }
-
-  if (protocol) {
-    validators.push(
-      [new ValidateHttps({
-        packages: lockfile.object,
-      }), {
-        onSuccess() {
-          message(`[lock-files] ${basePath} has passed protocol validation`);
-        },
-      }]
-    );
-  }
-
-  if (scheme) {
-    validators.push(
-      [new ValidateScheme({
-        packages: lockfile.object,
-      }), {
-        onSuccess() {
-          message(`[lock-files] ${basePath} has passed scheme validation`);
-        },
-      }]
-    );
-  }
-
-  validators.forEach(([validator, {
-    validate = (opts) => validator.validate(opts),
-    onWarn = (...args) => warn(...args),
-    onError = (...args) => fail(...args),
-    onSuccess = (...args) => message(...args),
-  }]) => {
-    let result;
-    try {
-      result = validate(schemes);
-    } catch (error) {
-      onWarn(error);
-    }
-
-    if (result && result.type === 'success') {
-      onSuccess();
-    } else if (result && result.type === 'error') {
-      result.errors.forEach((error) => onError(
-        `\n${error.message}\n\nat ${basePath}\n`,
-        basePath,
-        1
-      ));
-    }
-  });
-}
-
-export function runLockFilesValidation({ linting = true } = {}) {
-  const cwd = process.cwd();
-  const lockfiles = danger.git.fileMatch('**/package-lock.json');
-
-  if (linting) {
-    const {
-      modified,
-      created,
-      // TODO: pair each package-lock.with package.json, make sure they are not deleted
-      // deleted,
-      edited,
-      validate = new Set([].concat(modified, created, edited)),
-    } = lockfiles.getKeyedPaths();
-
-    validate.forEach((basePath) => {
-      lockFileLint(`${cwd}/${basePath}`, {
-        basePath,
-      });
-    });
-  }
-}
-
 export default function keepPackageAndLockInSync() {
   const changedFiles = [
     ...danger.git.modified_files,
@@ -150,6 +39,4 @@ export default function keepPackageAndLockInSync() {
     const worry = 'Are you reverting package-lock to the npm v5 format?';
     warn(`${message} - _${worry}_`, 'package-lock.json');
   }
-
-  runLockFilesValidation();
 }