From 2af454950a3447ccc0a0efda578efa729ac4e5da Mon Sep 17 00:00:00 2001 From: Dan Abramov Date: Thu, 19 Dec 2024 03:53:10 +0000 Subject: [PATCH] Add lockfile lint --- .../workflows/bundle-deploy-eas-update.yml | 3 ++ .github/workflows/lint.yml | 2 + package.json | 24 +++++++++ yarn.lock | 52 ++++++++++++++++++- 4 files changed, 79 insertions(+), 2 deletions(-) diff --git a/.github/workflows/bundle-deploy-eas-update.yml b/.github/workflows/bundle-deploy-eas-update.yml index 3040741566..da73ae976b 100644 --- a/.github/workflows/bundle-deploy-eas-update.yml +++ b/.github/workflows/bundle-deploy-eas-update.yml @@ -69,6 +69,9 @@ jobs: - name: Lint check run: yarn lint + - name: Lint lockfile + run: yarn lockfile-lint + - name: Prettier check run: yarn prettier --check . diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 7eab1f490c..2268ce359c 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -28,6 +28,8 @@ jobs: attempt_delay: 2000 - name: Lint check run: yarn lint + - name: Lint lockfile + run: yarn lockfile-lint - name: Prettier check run: yarn prettier --check . - name: Check & compile i18n diff --git a/package.json b/package.json index b7fdf1177e..8d84b6284a 100644 --- a/package.json +++ b/package.json @@ -250,6 +250,7 @@ "jest-expo": "^52.0.2", "jest-junit": "^16.0.0", "lint-staged": "^13.2.3", + "lockfile-lint": "^4.14.0", "metro-react-native-babel-preset": "^0.76.9", "prettier": "^2.8.3", "react-native-dotenv": "^3.4.11", @@ -329,5 +330,28 @@ "assets/icons/*.svg": [ "svgo" ] + }, + "lockfile-lint": { + "path": "yarn.lock", + "allowedHosts": [ + "npm", + "yarn" + ], + "allowedSchemes": [ + "https:" + ], + "allowedPackageNameAliases": [ + "@babel/traverse--for-generate-function-map:@babel/traverse", + "string-width-cjs:string-width", + "strip-ansi-cjs:strip-ansi", + "wrap-ansi-cjs:wrap-ansi" + ], + "allowedUrls": [ + "https://codeload.github.com/bluesky-social/react-native-bottom-sheet/tar.gz/28a87d1bb55e10fc355fa1455545a30734995908", + "https://codeload.github.com/bluesky-social/react-native-progress/tar.gz/5a372f4f2ce5feb26f4f47b6a4d187ab9b923ab4" + ], + "emptyHostname": false, + "validatePackageNames": true, + "validateIntegrity": true } } diff --git a/yarn.lock b/yarn.lock index a394657315..d022a15e74 100644 --- a/yarn.lock +++ b/yarn.lock @@ -7417,6 +7417,14 @@ resolved "https://registry.yarnpkg.com/@yarnpkg/lockfile/-/lockfile-1.1.0.tgz#e77a97fbd345b76d83245edcd17d393b1b41fb31" integrity sha512-GpSwvyXOcOOlV70vbnzjj4fW5xW/FdUF6nQEt1ENy7m4ZCczi1+/buVUPAqmGfqznsORNFzUMjctTIp8a9tuCQ== +"@yarnpkg/parsers@^3.0.0-rc.48.1": + version "3.0.2" + resolved "https://registry.yarnpkg.com/@yarnpkg/parsers/-/parsers-3.0.2.tgz#48a1517a0f49124827f4c37c284a689c607b2f32" + integrity sha512-/HcYgtUSiJiot/XWGLOlGxPYUG65+/31V8oqk17vZLW1xlCoR4PampyePljOxY2n8/3jz9+tIFzICsyGujJZoA== + dependencies: + js-yaml "^3.10.0" + tslib "^2.4.0" + "@zxing/text-encoding@^0.9.0": version "0.9.0" resolved "https://registry.yarnpkg.com/@zxing/text-encoding/-/text-encoding-0.9.0.tgz#fb50ffabc6c7c66a0c96b4c03e3d9be74864b70b" @@ -9047,6 +9055,16 @@ cosmiconfig@^8.0.0: parse-json "^5.2.0" path-type "^4.0.0" +cosmiconfig@^9.0.0: + version "9.0.0" + resolved "https://registry.yarnpkg.com/cosmiconfig/-/cosmiconfig-9.0.0.tgz#34c3fc58287b915f3ae905ab6dc3de258b55ad9d" + integrity sha512-itvL5h8RETACmOTFc4UfIyB2RfEHi71Ax6E/PivVxq9NseKbOWpeyHEOIbmAw1rs8Ak0VursQNww7lf7YtUwzg== + dependencies: + env-paths "^2.2.1" + import-fresh "^3.3.0" + js-yaml "^4.1.0" + parse-json "^5.2.0" + create-jest@^29.7.0: version "29.7.0" resolved "https://registry.yarnpkg.com/create-jest/-/create-jest-29.7.0.tgz#a355c5b3cb1e1af02ba177fe7afd7feee49a5320" @@ -9809,6 +9827,11 @@ env-editor@^0.4.1: resolved "https://registry.yarnpkg.com/env-editor/-/env-editor-0.4.2.tgz#4e76568d0bd8f5c2b6d314a9412c8fe9aa3ae861" integrity sha512-ObFo8v4rQJAE59M69QzwloxPZtd33TpYEIjtKD1rrFDcM1Gd7IkDxEBU+HriziN6HSHQnBJi8Dmy+JWkav5HKA== +env-paths@^2.2.1: + version "2.2.1" + resolved "https://registry.yarnpkg.com/env-paths/-/env-paths-2.2.1.tgz#420399d416ce1fbe9bc0a07c62fa68d67fd0f8f2" + integrity sha512-+h1lkLKhZMTYjog1VEpJNG7NZJWcuc2DDk/qsqSTRRCOXiLjeQ1d1/udrUGhqMxUgAlwKNZ0cf2uqan5GLuS2A== + eol@^0.9.1: version "0.9.1" resolved "https://registry.yarnpkg.com/eol/-/eol-0.9.1.tgz#f701912f504074be35c6117a5c4ade49cd547acd" @@ -13029,7 +13052,7 @@ js-sha256@^0.9.0: resolved "https://registry.yarnpkg.com/js-tokens/-/js-tokens-4.0.0.tgz#19203fb59991df98e3a287050d4647cdeaf32499" integrity sha512-RdJUflcE3cUzKiMqQgsCu06FPu9UdIJO0beYbPhHN4k6apgJtifcoCtT9bcxOpYBtpD2kCM6Sbzg4CausW/PKQ== -js-yaml@^3.13.1: +js-yaml@^3.10.0, js-yaml@^3.13.1: version "3.14.1" resolved "https://registry.yarnpkg.com/js-yaml/-/js-yaml-3.14.1.tgz#dae812fdb3825fa306609a8717383c50c36a0537" integrity sha512-okMH7OXXJ7YrN9Ok3/SXrnu4iX9yOk+25nqX4imS2npuvTYDmo/QEZoqwZkYaIDk3jVvBOTOIEgEhaLOynBS9g== @@ -13430,6 +13453,26 @@ locate-path@^6.0.0: dependencies: p-locate "^5.0.0" +lockfile-lint-api@^5.9.1: + version "5.9.1" + resolved "https://registry.yarnpkg.com/lockfile-lint-api/-/lockfile-lint-api-5.9.1.tgz#12b10434792fa8b8dd0e332ddfbac55ea70a9e08" + integrity sha512-us5IT1bGA6KXbq1WrhrSzk9mtPgHKz5nhvv3S4hwcYnhcVOKW2uK0W8+PN9oIgv4pI49WsD5wBdTQFTpNChF/Q== + dependencies: + "@yarnpkg/parsers" "^3.0.0-rc.48.1" + debug "^4.3.4" + object-hash "^3.0.0" + +lockfile-lint@^4.14.0: + version "4.14.0" + resolved "https://registry.yarnpkg.com/lockfile-lint/-/lockfile-lint-4.14.0.tgz#5e240442a19aaa218691661f58879f113294a414" + integrity sha512-uyXZ8X4J6EsicG87p0y4SHorJBwABLcaXOpI/j3h8SO/OX4fKTJ6Cqqi+U3zjgU0fo+u/4KbB7fl8ZzTewd0Ow== + dependencies: + cosmiconfig "^9.0.0" + debug "^4.3.4" + fast-glob "^3.3.2" + lockfile-lint-api "^5.9.1" + yargs "^17.7.2" + lodash.chunk@^4.2.0: version "4.2.0" resolved "https://registry.yarnpkg.com/lodash.chunk/-/lodash.chunk-4.2.0.tgz#66e5ce1f76ed27b4303d8c6512e8d1216e8106bc" @@ -14414,6 +14457,11 @@ object-assign@^4, object-assign@^4.0.1, object-assign@^4.1.0, object-assign@^4.1 resolved "https://registry.yarnpkg.com/object-assign/-/object-assign-4.1.1.tgz#2109adc7965887cfc05cbbd442cac8bfbb360863" integrity sha512-rJgTQnkUnH1sFw8yT6VSU3zD3sWmu6sZhIseY8VX+GRu3P6F7Fu+JNDoXfklElbLJSnc3FUQHVe4cU5hj+BcUg== +object-hash@^3.0.0: + version "3.0.0" + resolved "https://registry.yarnpkg.com/object-hash/-/object-hash-3.0.0.tgz#73f97f753e7baffc0e2cc9d6e079079744ac82e9" + integrity sha512-RSn9F68PjH9HqtltsSnqYC1XXoWe9Bju5+213R98cNGttag9q9yAOTzdbsqvIa7aNm5WffBZFpWYr2aWrklWAw== + object-inspect@^1.12.3, object-inspect@^1.9.0: version "1.12.3" resolved "https://registry.yarnpkg.com/object-inspect/-/object-inspect-1.12.3.tgz#ba62dffd67ee256c8c086dfae69e016cd1f198b9" @@ -19060,7 +19108,7 @@ yargs@^15.3.1: y18n "^4.0.0" yargs-parser "^18.1.2" -yargs@^17.3.1, yargs@^17.6.2: +yargs@^17.3.1, yargs@^17.6.2, yargs@^17.7.2: version "17.7.2" resolved "https://registry.yarnpkg.com/yargs/-/yargs-17.7.2.tgz#991df39aca675a192b816e1e0363f9d75d2aa269" integrity sha512-7dSzzRQ++CKnNI/krKnYRV7JKKPUXMEh61soaHKg9mrWEhzFWhFnxPxGl+69cD1Ou63C13NUPCnmIcrvqCuM6w==