From 65b623e1f88e59d6bd30a14b8d407db7fba09646 Mon Sep 17 00:00:00 2001 From: Vessel9817 <151808241+Vessel9817@users.noreply.github.com> Date: Thu, 28 May 2026 16:06:39 -0400 Subject: [PATCH 1/9] Begun implementing package-lock.json schema Signed-off-by: Vessel9817 <151808241+Vessel9817@users.noreply.github.com> --- src/api/json/catalog.json | 6 ++ src/schemas/json/package-lock.json | 114 +++++++++++++++++++++++++ src/test/package-lock/lockfile-v1.json | 3 + src/test/package-lock/lockfile-v2.json | 3 + src/test/package-lock/lockfile-v3.json | 3 + 5 files changed, 129 insertions(+) create mode 100644 src/schemas/json/package-lock.json create mode 100644 src/test/package-lock/lockfile-v1.json create mode 100644 src/test/package-lock/lockfile-v2.json create mode 100644 src/test/package-lock/lockfile-v3.json diff --git a/src/api/json/catalog.json b/src/api/json/catalog.json index b7d71655c17..93bcb0a4e36 100644 --- a/src/api/json/catalog.json +++ b/src/api/json/catalog.json @@ -5381,6 +5381,12 @@ "fileMatch": ["resolutions.yml", "resolutions.yaml"], "url": "https://raw.githubusercontent.com/oss-review-toolkit/ort/main/integrations/schemas/resolutions-schema.json" }, + { + "name": "package-lock.json", + "description": "NPM package lockfile", + "fileMatch": ["package-lock.json", "npm-shrinkwrap.json"], + "url": "https://www.schemastore.org/package-lock.json" + }, { "name": "package.json", "description": "NPM configuration file", diff --git a/src/schemas/json/package-lock.json b/src/schemas/json/package-lock.json new file mode 100644 index 00000000000..30e920585e9 --- /dev/null +++ b/src/schemas/json/package-lock.json @@ -0,0 +1,114 @@ +{ + "$id": "https://www.schemastore.org/package-lock.json", + "$schema": "http://json-schema.org/draft-07/schema#", + "additionalProperties": true, + "definitions": { + "lockfileVersion": { + "type": "integer", + "minimum": 1, + "description": "", // todo + "$comment": "Omitting this property and the values of '1' and '2' are DEPRECATED." + }, + "integrity": { + "type": "string", + "description": "" // todo + } + }, + "properties": { + "name": { + "$ref": "package.json#/properties/name" + }, + "version": { + "$ref": "package.json#/properties/version" + }, + "lockfileVersion": { + "$ref": "#/definitions/lockfileVersion" + }, + "packageIntegrity": { + "$ref": "#/definitions/integrity", + "description": "DEPRECATED." // todo + }, + "preserveSymlinks": { + "type": "boolean", + "description": "" // todo + }, + "dependencies": { + "$ref": "package.json#/properties/dependencies" + } + }, + "type": "object", + "allOf": [ + { + "if": { + "properties": { + "lockfileVersion": { + "const": 1 + } + }, + "required": ["lockfileVersion"] + }, + "then": { + "properties": { + // TODO v1 + }, + "required": [ + "name", + "version", + "lockfileVersion", + "packageIntegrity", + "preserveSymlinks", + "dependencies" + ] + } + }, + { + "if": { + "properties": { + "lockfileVersion": { + "const": 2 + } + }, + "required": ["lockfileVersion"] + }, + "then": { + "properties": { + // TODO v2 + }, + "required": [ + "name", + "version", + "lockfileVersion" + ], + "anyOf": [ + { + "required": ["dependencies"] + }, + { + "required": ["packages"] + } + ] + } + }, + { + "if": { + "properties": { + "lockfileVersion": { + "const": 3 + } + }, + "required": ["lockfileVersion"] + }, + "then": { + "properties": { + // TODO v3 + }, + "required": [ + "name", + "version", + "lockfileVersion", + "packages" + ] + } + } + ] +} diff --git a/src/test/package-lock/lockfile-v1.json b/src/test/package-lock/lockfile-v1.json new file mode 100644 index 00000000000..0664ad2fcdc --- /dev/null +++ b/src/test/package-lock/lockfile-v1.json @@ -0,0 +1,3 @@ +{ + "lockfileVersion": 1 +} diff --git a/src/test/package-lock/lockfile-v2.json b/src/test/package-lock/lockfile-v2.json new file mode 100644 index 00000000000..cb9296af128 --- /dev/null +++ b/src/test/package-lock/lockfile-v2.json @@ -0,0 +1,3 @@ +{ + "lockfileVersion": 2 +} diff --git a/src/test/package-lock/lockfile-v3.json b/src/test/package-lock/lockfile-v3.json new file mode 100644 index 00000000000..14dc5755181 --- /dev/null +++ b/src/test/package-lock/lockfile-v3.json @@ -0,0 +1,3 @@ +{ + "lockfileVersion": 3 +} From a052c3fe9c1437e94765f98023eb11ecc591b7b8 Mon Sep 17 00:00:00 2001 From: "pre-commit-ci[bot]" <66853113+pre-commit-ci[bot]@users.noreply.github.com> Date: Thu, 28 May 2026 20:09:18 +0000 Subject: [PATCH 2/9] [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci --- src/test/package-lock/lockfile-v1.json | 2 +- src/test/package-lock/lockfile-v2.json | 2 +- src/test/package-lock/lockfile-v3.json | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/test/package-lock/lockfile-v1.json b/src/test/package-lock/lockfile-v1.json index 0664ad2fcdc..48e341a0954 100644 --- a/src/test/package-lock/lockfile-v1.json +++ b/src/test/package-lock/lockfile-v1.json @@ -1,3 +1,3 @@ { - "lockfileVersion": 1 + "lockfileVersion": 1 } diff --git a/src/test/package-lock/lockfile-v2.json b/src/test/package-lock/lockfile-v2.json index cb9296af128..af26eab78f2 100644 --- a/src/test/package-lock/lockfile-v2.json +++ b/src/test/package-lock/lockfile-v2.json @@ -1,3 +1,3 @@ { - "lockfileVersion": 2 + "lockfileVersion": 2 } diff --git a/src/test/package-lock/lockfile-v3.json b/src/test/package-lock/lockfile-v3.json index 14dc5755181..ea4d7907814 100644 --- a/src/test/package-lock/lockfile-v3.json +++ b/src/test/package-lock/lockfile-v3.json @@ -1,3 +1,3 @@ { - "lockfileVersion": 3 + "lockfileVersion": 3 } From f04b5bf69643c7003c3602f7d35d50bf06d9915b Mon Sep 17 00:00:00 2001 From: Vessel9817 <151808241+Vessel9817@users.noreply.github.com> Date: Thu, 28 May 2026 21:32:58 -0400 Subject: [PATCH 3/9] Added tests, descriptions and fixed properties Signed-off-by: Vessel9817 <151808241+Vessel9817@users.noreply.github.com> --- src/schemas/json/package-lock.json | 54 +++++++------------ src/test/package-lock/dependencies-v2.json | 6 +++ src/test/package-lock/lockfile-v1.json | 3 -- src/test/package-lock/lockfile-v2.json | 3 -- src/test/package-lock/lockfile-v3.json | 3 -- src/test/package-lock/min-v1.json | 6 +++ src/test/package-lock/min-v2.json | 6 +++ src/test/package-lock/min-v3.json | 6 +++ .../package-lock/packageIntegrity-v1.json | 6 +++ src/test/package-lock/packages-v2.json | 7 +++ .../package-lock/preserveSymlinks-v1.json | 6 +++ 11 files changed, 63 insertions(+), 43 deletions(-) create mode 100644 src/test/package-lock/dependencies-v2.json delete mode 100644 src/test/package-lock/lockfile-v1.json delete mode 100644 src/test/package-lock/lockfile-v2.json delete mode 100644 src/test/package-lock/lockfile-v3.json create mode 100644 src/test/package-lock/min-v1.json create mode 100644 src/test/package-lock/min-v2.json create mode 100644 src/test/package-lock/min-v3.json create mode 100644 src/test/package-lock/packageIntegrity-v1.json create mode 100644 src/test/package-lock/packages-v2.json create mode 100644 src/test/package-lock/preserveSymlinks-v1.json diff --git a/src/schemas/json/package-lock.json b/src/schemas/json/package-lock.json index 30e920585e9..aa03601405b 100644 --- a/src/schemas/json/package-lock.json +++ b/src/schemas/json/package-lock.json @@ -6,37 +6,45 @@ "lockfileVersion": { "type": "integer", "minimum": 1, - "description": "", // todo - "$comment": "Omitting this property and the values of '1' and '2' are DEPRECATED." + "description": "The version number of this document whose semantics were used when generating this lockfile.", + "$comment": "Any value less than '3' is DEPRECATED." }, "integrity": { "type": "string", - "description": "" // todo + "description": "A Standard Subresource Integrity for this resource." } }, "properties": { "name": { - "$ref": "package.json#/properties/name" + "$ref": "package.json#/properties/name", + "description": "The name of the package this is a lockfile for. This must match what's in `package.json`." }, "version": { - "$ref": "package.json#/properties/version" + "$ref": "package.json#/properties/version", + "description": "The version of the package this is a lockfile for. This must match what's in `package.json`." }, "lockfileVersion": { "$ref": "#/definitions/lockfileVersion" }, "packageIntegrity": { "$ref": "#/definitions/integrity", - "description": "DEPRECATED." // todo + "description": "DEPRECATED. This is a subresource integrity value created from the `package.json`. No preprocessing of the `package.json` should be done." }, "preserveSymlinks": { - "type": "boolean", - "description": "" // todo + "type": "string", + "description": "DEPRECATED. Indicates that the install was done with the environment variable `NODE_PRESERVE_SYMLINKS` enabled. The installer should insist that the value of this property match that environment variable." }, "dependencies": { - "$ref": "package.json#/properties/dependencies" + "$ref": "package.json#/properties/dependencies", + "description": "A mapping of package name to dependency object." } }, "type": "object", + "required": [ + "name", + "version", + "lockfileVersion" + ], "allOf": [ { "if": { @@ -48,13 +56,7 @@ "required": ["lockfileVersion"] }, "then": { - "properties": { - // TODO v1 - }, "required": [ - "name", - "version", - "lockfileVersion", "packageIntegrity", "preserveSymlinks", "dependencies" @@ -71,14 +73,6 @@ "required": ["lockfileVersion"] }, "then": { - "properties": { - // TODO v2 - }, - "required": [ - "name", - "version", - "lockfileVersion" - ], "anyOf": [ { "required": ["dependencies"] @@ -91,23 +85,15 @@ }, { "if": { + "default": 3, "properties": { "lockfileVersion": { "const": 3 } - }, - "required": ["lockfileVersion"] + } }, "then": { - "properties": { - // TODO v3 - }, - "required": [ - "name", - "version", - "lockfileVersion", - "packages" - ] + "required": ["packages"] } } ] diff --git a/src/test/package-lock/dependencies-v2.json b/src/test/package-lock/dependencies-v2.json new file mode 100644 index 00000000000..f6e2c312ee2 --- /dev/null +++ b/src/test/package-lock/dependencies-v2.json @@ -0,0 +1,6 @@ +{ + "name": "test", + "version": "0.0.0", + "lockfileVersion": 2, + "dependencies": {} +} diff --git a/src/test/package-lock/lockfile-v1.json b/src/test/package-lock/lockfile-v1.json deleted file mode 100644 index 48e341a0954..00000000000 --- a/src/test/package-lock/lockfile-v1.json +++ /dev/null @@ -1,3 +0,0 @@ -{ - "lockfileVersion": 1 -} diff --git a/src/test/package-lock/lockfile-v2.json b/src/test/package-lock/lockfile-v2.json deleted file mode 100644 index af26eab78f2..00000000000 --- a/src/test/package-lock/lockfile-v2.json +++ /dev/null @@ -1,3 +0,0 @@ -{ - "lockfileVersion": 2 -} diff --git a/src/test/package-lock/lockfile-v3.json b/src/test/package-lock/lockfile-v3.json deleted file mode 100644 index ea4d7907814..00000000000 --- a/src/test/package-lock/lockfile-v3.json +++ /dev/null @@ -1,3 +0,0 @@ -{ - "lockfileVersion": 3 -} diff --git a/src/test/package-lock/min-v1.json b/src/test/package-lock/min-v1.json new file mode 100644 index 00000000000..756927e50b6 --- /dev/null +++ b/src/test/package-lock/min-v1.json @@ -0,0 +1,6 @@ +{ + "name": "a", + "version": "0.0.0", + "lockfileVersion": 1, + "dependencies": {} +} diff --git a/src/test/package-lock/min-v2.json b/src/test/package-lock/min-v2.json new file mode 100644 index 00000000000..82073d4179a --- /dev/null +++ b/src/test/package-lock/min-v2.json @@ -0,0 +1,6 @@ +{ + "name": "test", + "version": "0.0.0", + "lockfileVersion": 2, + "packages": {} +} diff --git a/src/test/package-lock/min-v3.json b/src/test/package-lock/min-v3.json new file mode 100644 index 00000000000..a3a993cba39 --- /dev/null +++ b/src/test/package-lock/min-v3.json @@ -0,0 +1,6 @@ +{ + "name": "test", + "version": "0.0.0", + "lockfileVersion": 3, + "packages": {} +} diff --git a/src/test/package-lock/packageIntegrity-v1.json b/src/test/package-lock/packageIntegrity-v1.json new file mode 100644 index 00000000000..17ed34aa70a --- /dev/null +++ b/src/test/package-lock/packageIntegrity-v1.json @@ -0,0 +1,6 @@ +{ + "name": "test", + "version": "1.0.0", + "lockfileVersion": 1, + "packageIntegrity": "sha512-Q2bFTOhEALkN8hOms2FKTDLy7eugP2zFZ1T8LCvX42Fp3WoNr3bjZSAHeOsHrbV1Fu9/A0EzCinRE7Af1ofPrw==" +} diff --git a/src/test/package-lock/packages-v2.json b/src/test/package-lock/packages-v2.json new file mode 100644 index 00000000000..ab88239dd7b --- /dev/null +++ b/src/test/package-lock/packages-v2.json @@ -0,0 +1,7 @@ +{ + "name": "test", + "version": "0.0.0", + "lockfileVersion": 2, + "packages": {}, + "dependencies": {} +} diff --git a/src/test/package-lock/preserveSymlinks-v1.json b/src/test/package-lock/preserveSymlinks-v1.json new file mode 100644 index 00000000000..54aa7216d69 --- /dev/null +++ b/src/test/package-lock/preserveSymlinks-v1.json @@ -0,0 +1,6 @@ +{ + "name": "test", + "version": "1.0.0", + "lockfileVersion": 1, + "preserveSymlinks": "abcd" +} From 019c498a98949a9fbac55a2e91e707df38f7814c Mon Sep 17 00:00:00 2001 From: "pre-commit-ci[bot]" <66853113+pre-commit-ci[bot]@users.noreply.github.com> Date: Fri, 29 May 2026 01:34:02 +0000 Subject: [PATCH 4/9] [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci --- src/schemas/json/package-lock.json | 20 ++++++++++++++----- src/test/package-lock/dependencies-v2.json | 6 +++--- src/test/package-lock/min-v1.json | 6 +++--- src/test/package-lock/min-v2.json | 6 +++--- src/test/package-lock/min-v3.json | 6 +++--- .../package-lock/packageIntegrity-v1.json | 6 +++--- src/test/package-lock/packages-v2.json | 6 +++--- .../package-lock/preserveSymlinks-v1.json | 6 +++--- 8 files changed, 36 insertions(+), 26 deletions(-) diff --git a/src/schemas/json/package-lock.json b/src/schemas/json/package-lock.json index aa03601405b..6d423824f78 100644 --- a/src/schemas/json/package-lock.json +++ b/src/schemas/json/package-lock.json @@ -53,7 +53,9 @@ "const": 1 } }, - "required": ["lockfileVersion"] + "required": [ + "lockfileVersion" + ] }, "then": { "required": [ @@ -70,15 +72,21 @@ "const": 2 } }, - "required": ["lockfileVersion"] + "required": [ + "lockfileVersion" + ] }, "then": { "anyOf": [ { - "required": ["dependencies"] + "required": [ + "dependencies" + ] }, { - "required": ["packages"] + "required": [ + "packages" + ] } ] } @@ -93,7 +101,9 @@ } }, "then": { - "required": ["packages"] + "required": [ + "packages" + ] } } ] diff --git a/src/test/package-lock/dependencies-v2.json b/src/test/package-lock/dependencies-v2.json index f6e2c312ee2..e3b5aff5904 100644 --- a/src/test/package-lock/dependencies-v2.json +++ b/src/test/package-lock/dependencies-v2.json @@ -1,6 +1,6 @@ { - "name": "test", - "version": "0.0.0", + "dependencies": {}, "lockfileVersion": 2, - "dependencies": {} + "name": "test", + "version": "0.0.0" } diff --git a/src/test/package-lock/min-v1.json b/src/test/package-lock/min-v1.json index 756927e50b6..bd1d4f7cfd3 100644 --- a/src/test/package-lock/min-v1.json +++ b/src/test/package-lock/min-v1.json @@ -1,6 +1,6 @@ { - "name": "a", - "version": "0.0.0", + "dependencies": {}, "lockfileVersion": 1, - "dependencies": {} + "name": "a", + "version": "0.0.0" } diff --git a/src/test/package-lock/min-v2.json b/src/test/package-lock/min-v2.json index 82073d4179a..cec10cc6a0c 100644 --- a/src/test/package-lock/min-v2.json +++ b/src/test/package-lock/min-v2.json @@ -1,6 +1,6 @@ { - "name": "test", - "version": "0.0.0", "lockfileVersion": 2, - "packages": {} + "name": "test", + "packages": {}, + "version": "0.0.0" } diff --git a/src/test/package-lock/min-v3.json b/src/test/package-lock/min-v3.json index a3a993cba39..e73e8ee5b25 100644 --- a/src/test/package-lock/min-v3.json +++ b/src/test/package-lock/min-v3.json @@ -1,6 +1,6 @@ { - "name": "test", - "version": "0.0.0", "lockfileVersion": 3, - "packages": {} + "name": "test", + "packages": {}, + "version": "0.0.0" } diff --git a/src/test/package-lock/packageIntegrity-v1.json b/src/test/package-lock/packageIntegrity-v1.json index 17ed34aa70a..ba794eb58e4 100644 --- a/src/test/package-lock/packageIntegrity-v1.json +++ b/src/test/package-lock/packageIntegrity-v1.json @@ -1,6 +1,6 @@ { - "name": "test", - "version": "1.0.0", "lockfileVersion": 1, - "packageIntegrity": "sha512-Q2bFTOhEALkN8hOms2FKTDLy7eugP2zFZ1T8LCvX42Fp3WoNr3bjZSAHeOsHrbV1Fu9/A0EzCinRE7Af1ofPrw==" + "name": "test", + "packageIntegrity": "sha512-Q2bFTOhEALkN8hOms2FKTDLy7eugP2zFZ1T8LCvX42Fp3WoNr3bjZSAHeOsHrbV1Fu9/A0EzCinRE7Af1ofPrw==", + "version": "1.0.0" } diff --git a/src/test/package-lock/packages-v2.json b/src/test/package-lock/packages-v2.json index ab88239dd7b..f2526225583 100644 --- a/src/test/package-lock/packages-v2.json +++ b/src/test/package-lock/packages-v2.json @@ -1,7 +1,7 @@ { - "name": "test", - "version": "0.0.0", + "dependencies": {}, "lockfileVersion": 2, + "name": "test", "packages": {}, - "dependencies": {} + "version": "0.0.0" } diff --git a/src/test/package-lock/preserveSymlinks-v1.json b/src/test/package-lock/preserveSymlinks-v1.json index 54aa7216d69..c5dcf3792c5 100644 --- a/src/test/package-lock/preserveSymlinks-v1.json +++ b/src/test/package-lock/preserveSymlinks-v1.json @@ -1,6 +1,6 @@ { - "name": "test", - "version": "1.0.0", "lockfileVersion": 1, - "preserveSymlinks": "abcd" + "name": "test", + "preserveSymlinks": "abcd", + "version": "1.0.0" } From 60ee8e0a4f0549d5bee400e8772e5f09b82d580a Mon Sep 17 00:00:00 2001 From: Vessel9817 <151808241+Vessel9817@users.noreply.github.com> Date: Thu, 28 May 2026 21:45:02 -0400 Subject: [PATCH 5/9] Added undocumented `requires` property Signed-off-by: Vessel9817 <151808241+Vessel9817@users.noreply.github.com> --- src/schemas/json/package-lock.json | 4 ++++ src/test/package-lock/requires-v1.json | 7 +++++++ src/test/package-lock/requires-v2.json | 7 +++++++ src/test/package-lock/requires-v3.json | 7 +++++++ 4 files changed, 25 insertions(+) create mode 100644 src/test/package-lock/requires-v1.json create mode 100644 src/test/package-lock/requires-v2.json create mode 100644 src/test/package-lock/requires-v3.json diff --git a/src/schemas/json/package-lock.json b/src/schemas/json/package-lock.json index 6d423824f78..75242b5d0f1 100644 --- a/src/schemas/json/package-lock.json +++ b/src/schemas/json/package-lock.json @@ -26,6 +26,10 @@ "lockfileVersion": { "$ref": "#/definitions/lockfileVersion" }, + "requires": { + "type": "boolean", + "description": "UNDOCUMENTED." + }, "packageIntegrity": { "$ref": "#/definitions/integrity", "description": "DEPRECATED. This is a subresource integrity value created from the `package.json`. No preprocessing of the `package.json` should be done." diff --git a/src/test/package-lock/requires-v1.json b/src/test/package-lock/requires-v1.json new file mode 100644 index 00000000000..c11502a672c --- /dev/null +++ b/src/test/package-lock/requires-v1.json @@ -0,0 +1,7 @@ +{ + "name": "a", + "version": "0.0.0", + "lockfileVersion": 1, + "requires": true, + "dependencies": {} +} diff --git a/src/test/package-lock/requires-v2.json b/src/test/package-lock/requires-v2.json new file mode 100644 index 00000000000..2f1f047e8ed --- /dev/null +++ b/src/test/package-lock/requires-v2.json @@ -0,0 +1,7 @@ +{ + "name": "test", + "version": "0.0.0", + "lockfileVersion": 2, + "requires": true, + "packages": {} +} diff --git a/src/test/package-lock/requires-v3.json b/src/test/package-lock/requires-v3.json new file mode 100644 index 00000000000..dfa41926fe6 --- /dev/null +++ b/src/test/package-lock/requires-v3.json @@ -0,0 +1,7 @@ +{ + "name": "test", + "version": "0.0.0", + "lockfileVersion": 3, + "requires": true, + "packages": {} +} From 329375bc012db6bbf663c12fc8e709bcef9134be Mon Sep 17 00:00:00 2001 From: "pre-commit-ci[bot]" <66853113+pre-commit-ci[bot]@users.noreply.github.com> Date: Fri, 29 May 2026 01:48:54 +0000 Subject: [PATCH 6/9] [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci --- src/test/package-lock/requires-v1.json | 6 +++--- src/test/package-lock/requires-v2.json | 6 +++--- src/test/package-lock/requires-v3.json | 6 +++--- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/src/test/package-lock/requires-v1.json b/src/test/package-lock/requires-v1.json index c11502a672c..e26ddfbe019 100644 --- a/src/test/package-lock/requires-v1.json +++ b/src/test/package-lock/requires-v1.json @@ -1,7 +1,7 @@ { - "name": "a", - "version": "0.0.0", + "dependencies": {}, "lockfileVersion": 1, + "name": "a", "requires": true, - "dependencies": {} + "version": "0.0.0" } diff --git a/src/test/package-lock/requires-v2.json b/src/test/package-lock/requires-v2.json index 2f1f047e8ed..c2f7e9a92aa 100644 --- a/src/test/package-lock/requires-v2.json +++ b/src/test/package-lock/requires-v2.json @@ -1,7 +1,7 @@ { - "name": "test", - "version": "0.0.0", "lockfileVersion": 2, + "name": "test", + "packages": {}, "requires": true, - "packages": {} + "version": "0.0.0" } diff --git a/src/test/package-lock/requires-v3.json b/src/test/package-lock/requires-v3.json index dfa41926fe6..ee4512a7054 100644 --- a/src/test/package-lock/requires-v3.json +++ b/src/test/package-lock/requires-v3.json @@ -1,7 +1,7 @@ { - "name": "test", - "version": "0.0.0", "lockfileVersion": 3, + "name": "test", + "packages": {}, "requires": true, - "packages": {} + "version": "0.0.0" } From b51a645a5cfb06710f786c95c21be5b4c2181106 Mon Sep 17 00:00:00 2001 From: Vessel9817 <151808241+Vessel9817@users.noreply.github.com> Date: Sat, 30 May 2026 00:02:35 -0400 Subject: [PATCH 7/9] Attempted to fix tests Signed-off-by: Vessel9817 <151808241+Vessel9817@users.noreply.github.com> --- src/schemas/json/package-lock.json | 80 ++++++++++++------- .../package-lock/packageIntegrity-v1.json | 1 + .../package-lock/preserveSymlinks-v1.json | 1 + 3 files changed, 53 insertions(+), 29 deletions(-) diff --git a/src/schemas/json/package-lock.json b/src/schemas/json/package-lock.json index 75242b5d0f1..3eb75d869d5 100644 --- a/src/schemas/json/package-lock.json +++ b/src/schemas/json/package-lock.json @@ -3,17 +3,30 @@ "$schema": "http://json-schema.org/draft-07/schema#", "additionalProperties": true, "definitions": { - "lockfileVersion": { - "type": "integer", - "minimum": 1, - "description": "The version number of this document whose semantics were used when generating this lockfile.", - "$comment": "Any value less than '3' is DEPRECATED." - }, "integrity": { "type": "string", "description": "A Standard Subresource Integrity for this resource." + }, + "packageIntegrity": { + "$ref": "#/definitions/integrity", + "description": "DEPRECATED. This is a subresource integrity value created from the `package.json`. No preprocessing of the `package.json` should be done." + }, + "preserveSymlinks": { + "type": "string", + "description": "DEPRECATED. Indicates that the install was done with the environment variable `NODE_PRESERVE_SYMLINKS` enabled. The installer should insist that the value of this property match that environment variable." + }, + "v1-dependencies": { + "type": "object", + "additionalProperties": true, + "description": "A mapping of package locations to an object containing information about that package." + }, + "packages": { + "type": "object", + "additionalProperties": true, + "description": "A mapping of package locations to an object containing information about that package." } }, + "description": "NPM package lockfile", "properties": { "name": { "$ref": "package.json#/properties/name", @@ -24,23 +37,14 @@ "description": "The version of the package this is a lockfile for. This must match what's in `package.json`." }, "lockfileVersion": { - "$ref": "#/definitions/lockfileVersion" + "type": "integer", + "minimum": 1, + "description": "The version number of this document whose semantics were used when generating this lockfile.", + "$comment": "Any value less than '3' is DEPRECATED." }, "requires": { "type": "boolean", "description": "UNDOCUMENTED." - }, - "packageIntegrity": { - "$ref": "#/definitions/integrity", - "description": "DEPRECATED. This is a subresource integrity value created from the `package.json`. No preprocessing of the `package.json` should be done." - }, - "preserveSymlinks": { - "type": "string", - "description": "DEPRECATED. Indicates that the install was done with the environment variable `NODE_PRESERVE_SYMLINKS` enabled. The installer should insist that the value of this property match that environment variable." - }, - "dependencies": { - "$ref": "package.json#/properties/dependencies", - "description": "A mapping of package name to dependency object." } }, "type": "object", @@ -56,15 +60,21 @@ "lockfileVersion": { "const": 1 } - }, - "required": [ - "lockfileVersion" - ] + } }, "then": { + "properties": { + "packageIntegrity": { + "$ref": "#/definitions/packageIntegrity" + }, + "preserveSymlinks": { + "$ref": "#/definitions/preserveSymlinks" + }, + "dependencies": { + "$ref": "#/definitions/v1-dependencies" + } + }, "required": [ - "packageIntegrity", - "preserveSymlinks", "dependencies" ] } @@ -75,19 +85,26 @@ "lockfileVersion": { "const": 2 } - }, - "required": [ - "lockfileVersion" - ] + } }, "then": { "anyOf": [ { + "properties": { + "dependencies": { + "$ref": "#/definitions/v1-dependencies" + } + }, "required": [ "dependencies" ] }, { + "properties": { + "packages": { + "$ref": "#/definitions/packages" + } + }, "required": [ "packages" ] @@ -105,6 +122,11 @@ } }, "then": { + "properties": { + "dependencies": { + "$ref": "#/definitions/packages" + } + }, "required": [ "packages" ] diff --git a/src/test/package-lock/packageIntegrity-v1.json b/src/test/package-lock/packageIntegrity-v1.json index ba794eb58e4..eae01d9fe7e 100644 --- a/src/test/package-lock/packageIntegrity-v1.json +++ b/src/test/package-lock/packageIntegrity-v1.json @@ -1,4 +1,5 @@ { + "dependencies": {}, "lockfileVersion": 1, "name": "test", "packageIntegrity": "sha512-Q2bFTOhEALkN8hOms2FKTDLy7eugP2zFZ1T8LCvX42Fp3WoNr3bjZSAHeOsHrbV1Fu9/A0EzCinRE7Af1ofPrw==", diff --git a/src/test/package-lock/preserveSymlinks-v1.json b/src/test/package-lock/preserveSymlinks-v1.json index c5dcf3792c5..8b47b445f23 100644 --- a/src/test/package-lock/preserveSymlinks-v1.json +++ b/src/test/package-lock/preserveSymlinks-v1.json @@ -1,4 +1,5 @@ { + "dependencies": {}, "lockfileVersion": 1, "name": "test", "preserveSymlinks": "abcd", From e132bb91ecb4dfeac011272665bf09cc788d4937 Mon Sep 17 00:00:00 2001 From: Vessel9817 <151808241+Vessel9817@users.noreply.github.com> Date: Sat, 30 May 2026 02:38:37 -0400 Subject: [PATCH 8/9] Fixed refs Signed-off-by: Vessel9817 <151808241+Vessel9817@users.noreply.github.com> --- src/schema-validation.jsonc | 5 +++++ src/schemas/json/package-lock.json | 8 ++++---- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/src/schema-validation.jsonc b/src/schema-validation.jsonc index e0fe26a39f1..cece3f0ed99 100644 --- a/src/schema-validation.jsonc +++ b/src/schema-validation.jsonc @@ -1243,6 +1243,11 @@ "externalSchema": ["geojson.json"], "unknownKeywords": ["name"] }, + "package-lock.json": { + "externalSchema": [ + "package.json" + ] + }, "package.json": { "externalSchema": [ "eslintrc.json", diff --git a/src/schemas/json/package-lock.json b/src/schemas/json/package-lock.json index 3eb75d869d5..8b83ebfac29 100644 --- a/src/schemas/json/package-lock.json +++ b/src/schemas/json/package-lock.json @@ -13,7 +13,7 @@ }, "preserveSymlinks": { "type": "string", - "description": "DEPRECATED. Indicates that the install was done with the environment variable `NODE_PRESERVE_SYMLINKS` enabled. The installer should insist that the value of this property match that environment variable." + "description": "DEPRECATED. Indicates that the install was done with the environment variable `NODE_PRESERVE_SYMLINKS` set to this value. The installer should insist that the value of this property match that environment variable." }, "v1-dependencies": { "type": "object", @@ -29,16 +29,17 @@ "description": "NPM package lockfile", "properties": { "name": { - "$ref": "package.json#/properties/name", + "$ref": "https://json.schemastore.org/package.json#/properties/name", "description": "The name of the package this is a lockfile for. This must match what's in `package.json`." }, "version": { - "$ref": "package.json#/properties/version", + "$ref": "https://json.schemastore.org/package.json#/properties/version", "description": "The version of the package this is a lockfile for. This must match what's in `package.json`." }, "lockfileVersion": { "type": "integer", "minimum": 1, + "default": 3, "description": "The version number of this document whose semantics were used when generating this lockfile.", "$comment": "Any value less than '3' is DEPRECATED." }, @@ -114,7 +115,6 @@ }, { "if": { - "default": 3, "properties": { "lockfileVersion": { "const": 3 From 09c8c8fa1097a379d12518e1d461e08369765280 Mon Sep 17 00:00:00 2001 From: "pre-commit-ci[bot]" <66853113+pre-commit-ci[bot]@users.noreply.github.com> Date: Sat, 30 May 2026 18:40:38 +0000 Subject: [PATCH 9/9] [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci --- src/schema-validation.jsonc | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/src/schema-validation.jsonc b/src/schema-validation.jsonc index cece3f0ed99..aac691df805 100644 --- a/src/schema-validation.jsonc +++ b/src/schema-validation.jsonc @@ -1244,9 +1244,7 @@ "unknownKeywords": ["name"] }, "package-lock.json": { - "externalSchema": [ - "package.json" - ] + "externalSchema": ["package.json"] }, "package.json": { "externalSchema": [