lirantal/lockfile-lint

Example 3 from Readme does not work

jennifer-shehane opened this issue · 2 comments

jennifer-shehane commented

Expected Behavior

Run examples given in Readme.

Current Behavior

Running example #3 from readme does not work, refers to CLI info. https://github.com/lirantal/lockfile-lint/tree/master/packages/lockfile-lint#example

 lockfile-lint --path yarn.lock --allowed-hosts yarn github.com --validate-https --allowed-schemes "https:" "git+https:"
Usage: lockfile-lint --path <path-to-lockfile> --allowed-hosts yarn npm

Options:
  --version              Show version number                           [boolean]
  --help, -h             Show help                                     [boolean]
  -p, --path             path to the lockfile                [string] [required]
  -t, --type             lockfile type, options are "npm" or "yarn"     [string]
  -s, --validate-https   validates the use of HTTPS as protocol schema for all
                         resources                                     [boolean]
  -e, --empty-hostname   allows empty hostnames, or set to false if you wish for
                         a stricter policy             [boolean] [default: true]
  -a, --allowed-hosts    validates a whitelist of allowed hosts to be used for
                         resources in the lockfile                       [array]
  -o, --allowed-schemes  validates a whitelist of allowed schemes to be used for
                         resources in the lockfile                       [array]
  -u, --allowed-urls     validates a whitelist of allowed URLs to be used for
                         resources in the lockfile                       [array]

Examples:
  lockfile-lint --path yarn.lock --validate-https
  lockfile-lint --path yarn.lock --validate-https --allowed-hosts npm yarn
  verdaccio
  lockfile-lint --path yarn.lock --allowed-schemes "https:" "git+ssh:"
  --allowed-hosts npm yarn verdaccio

curated by Liran Tal at https://github.com/lirantal/lockfile-lint

Arguments o and validate-https are mutually exclusive

Steps to Reproduce (for bugs)

  1. lockfile-lint --path yarn.lock --allowed-hosts yarn github.com --validate-https --allowed-schemes "https:" "git+https:"

Context

Was just playing around with the CLI to see if we can integrate.

Your Environment

  • Library Version used: "4.2.2"
  • Node.js version (e.g. Node.js 5.4): 12.8.1
  • Operating System and version (desktop or mobile): MacOS Catalina
juanpicado commented

@lirantal is the issue only in the README? like remove --validate-https?

As far I can read int he codes both arguments cannot be used together. In the case of + :) I'd love to PR.

lirantal commented

Thanks @jennifer-shehane, good catch!

@juanpicado yep, the issue is the README on the lockfile-lint/ package. validating https and using allowed-schemes is indeed mutually exclusive, so need to update that example.
I'd be honored for a PR ❤️🤗

  • 🚀1