diff --git a/src/api/json/catalog.json b/src/api/json/catalog.json index b7d71655c17..93bcb0a4e36 100644 --- a/src/api/json/catalog.json +++ b/src/api/json/catalog.json @@ -5381,6 +5381,12 @@ "fileMatch": ["resolutions.yml", "resolutions.yaml"], "url": "https://raw.githubusercontent.com/oss-review-toolkit/ort/main/integrations/schemas/resolutions-schema.json" }, + { + "name": "package-lock.json", + "description": "NPM package lockfile", + "fileMatch": ["package-lock.json", "npm-shrinkwrap.json"], + "url": "https://www.schemastore.org/package-lock.json" + }, { "name": "package.json", "description": "NPM configuration file", diff --git a/src/schema-validation.jsonc b/src/schema-validation.jsonc index e0fe26a39f1..aac691df805 100644 --- a/src/schema-validation.jsonc +++ b/src/schema-validation.jsonc @@ -1243,6 +1243,9 @@ "externalSchema": ["geojson.json"], "unknownKeywords": ["name"] }, + "package-lock.json": { + "externalSchema": ["package.json"] + }, "package.json": { "externalSchema": [ "eslintrc.json", diff --git a/src/schemas/json/package-lock.json b/src/schemas/json/package-lock.json new file mode 100644 index 00000000000..8b83ebfac29 --- /dev/null +++ b/src/schemas/json/package-lock.json @@ -0,0 +1,136 @@ +{ + "$id": "https://www.schemastore.org/package-lock.json", + "$schema": "http://json-schema.org/draft-07/schema#", + "additionalProperties": true, + "definitions": { + "integrity": { + "type": "string", + "description": "A Standard Subresource Integrity for this resource." + }, + "packageIntegrity": { + "$ref": "#/definitions/integrity", + "description": "DEPRECATED. This is a subresource integrity value created from the `package.json`. No preprocessing of the `package.json` should be done." + }, + "preserveSymlinks": { + "type": "string", + "description": "DEPRECATED. Indicates that the install was done with the environment variable `NODE_PRESERVE_SYMLINKS` set to this value. The installer should insist that the value of this property match that environment variable." + }, + "v1-dependencies": { + "type": "object", + "additionalProperties": true, + "description": "A mapping of package locations to an object containing information about that package." + }, + "packages": { + "type": "object", + "additionalProperties": true, + "description": "A mapping of package locations to an object containing information about that package." + } + }, + "description": "NPM package lockfile", + "properties": { + "name": { + "$ref": "https://json.schemastore.org/package.json#/properties/name", + "description": "The name of the package this is a lockfile for. This must match what's in `package.json`." + }, + "version": { + "$ref": "https://json.schemastore.org/package.json#/properties/version", + "description": "The version of the package this is a lockfile for. This must match what's in `package.json`." + }, + "lockfileVersion": { + "type": "integer", + "minimum": 1, + "default": 3, + "description": "The version number of this document whose semantics were used when generating this lockfile.", + "$comment": "Any value less than '3' is DEPRECATED." + }, + "requires": { + "type": "boolean", + "description": "UNDOCUMENTED." + } + }, + "type": "object", + "required": [ + "name", + "version", + "lockfileVersion" + ], + "allOf": [ + { + "if": { + "properties": { + "lockfileVersion": { + "const": 1 + } + } + }, + "then": { + "properties": { + "packageIntegrity": { + "$ref": "#/definitions/packageIntegrity" + }, + "preserveSymlinks": { + "$ref": "#/definitions/preserveSymlinks" + }, + "dependencies": { + "$ref": "#/definitions/v1-dependencies" + } + }, + "required": [ + "dependencies" + ] + } + }, + { + "if": { + "properties": { + "lockfileVersion": { + "const": 2 + } + } + }, + "then": { + "anyOf": [ + { + "properties": { + "dependencies": { + "$ref": "#/definitions/v1-dependencies" + } + }, + "required": [ + "dependencies" + ] + }, + { + "properties": { + "packages": { + "$ref": "#/definitions/packages" + } + }, + "required": [ + "packages" + ] + } + ] + } + }, + { + "if": { + "properties": { + "lockfileVersion": { + "const": 3 + } + } + }, + "then": { + "properties": { + "dependencies": { + "$ref": "#/definitions/packages" + } + }, + "required": [ + "packages" + ] + } + } + ] +} diff --git a/src/test/package-lock/dependencies-v2.json b/src/test/package-lock/dependencies-v2.json new file mode 100644 index 00000000000..e3b5aff5904 --- /dev/null +++ b/src/test/package-lock/dependencies-v2.json @@ -0,0 +1,6 @@ +{ + "dependencies": {}, + "lockfileVersion": 2, + "name": "test", + "version": "0.0.0" +} diff --git a/src/test/package-lock/min-v1.json b/src/test/package-lock/min-v1.json new file mode 100644 index 00000000000..bd1d4f7cfd3 --- /dev/null +++ b/src/test/package-lock/min-v1.json @@ -0,0 +1,6 @@ +{ + "dependencies": {}, + "lockfileVersion": 1, + "name": "a", + "version": "0.0.0" +} diff --git a/src/test/package-lock/min-v2.json b/src/test/package-lock/min-v2.json new file mode 100644 index 00000000000..cec10cc6a0c --- /dev/null +++ b/src/test/package-lock/min-v2.json @@ -0,0 +1,6 @@ +{ + "lockfileVersion": 2, + "name": "test", + "packages": {}, + "version": "0.0.0" +} diff --git a/src/test/package-lock/min-v3.json b/src/test/package-lock/min-v3.json new file mode 100644 index 00000000000..e73e8ee5b25 --- /dev/null +++ b/src/test/package-lock/min-v3.json @@ -0,0 +1,6 @@ +{ + "lockfileVersion": 3, + "name": "test", + "packages": {}, + "version": "0.0.0" +} diff --git a/src/test/package-lock/packageIntegrity-v1.json b/src/test/package-lock/packageIntegrity-v1.json new file mode 100644 index 00000000000..eae01d9fe7e --- /dev/null +++ b/src/test/package-lock/packageIntegrity-v1.json @@ -0,0 +1,7 @@ +{ + "dependencies": {}, + "lockfileVersion": 1, + "name": "test", + "packageIntegrity": "sha512-Q2bFTOhEALkN8hOms2FKTDLy7eugP2zFZ1T8LCvX42Fp3WoNr3bjZSAHeOsHrbV1Fu9/A0EzCinRE7Af1ofPrw==", + "version": "1.0.0" +} diff --git a/src/test/package-lock/packages-v2.json b/src/test/package-lock/packages-v2.json new file mode 100644 index 00000000000..f2526225583 --- /dev/null +++ b/src/test/package-lock/packages-v2.json @@ -0,0 +1,7 @@ +{ + "dependencies": {}, + "lockfileVersion": 2, + "name": "test", + "packages": {}, + "version": "0.0.0" +} diff --git a/src/test/package-lock/preserveSymlinks-v1.json b/src/test/package-lock/preserveSymlinks-v1.json new file mode 100644 index 00000000000..8b47b445f23 --- /dev/null +++ b/src/test/package-lock/preserveSymlinks-v1.json @@ -0,0 +1,7 @@ +{ + "dependencies": {}, + "lockfileVersion": 1, + "name": "test", + "preserveSymlinks": "abcd", + "version": "1.0.0" +} diff --git a/src/test/package-lock/requires-v1.json b/src/test/package-lock/requires-v1.json new file mode 100644 index 00000000000..e26ddfbe019 --- /dev/null +++ b/src/test/package-lock/requires-v1.json @@ -0,0 +1,7 @@ +{ + "dependencies": {}, + "lockfileVersion": 1, + "name": "a", + "requires": true, + "version": "0.0.0" +} diff --git a/src/test/package-lock/requires-v2.json b/src/test/package-lock/requires-v2.json new file mode 100644 index 00000000000..c2f7e9a92aa --- /dev/null +++ b/src/test/package-lock/requires-v2.json @@ -0,0 +1,7 @@ +{ + "lockfileVersion": 2, + "name": "test", + "packages": {}, + "requires": true, + "version": "0.0.0" +} diff --git a/src/test/package-lock/requires-v3.json b/src/test/package-lock/requires-v3.json new file mode 100644 index 00000000000..ee4512a7054 --- /dev/null +++ b/src/test/package-lock/requires-v3.json @@ -0,0 +1,7 @@ +{ + "lockfileVersion": 3, + "name": "test", + "packages": {}, + "requires": true, + "version": "0.0.0" +}