bun /
test /
package-json-lint.test.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48import { describe, expect, test } from "bun:test";
import { existsSync, readdirSync } from "fs";
import { join } from "path";
const base = join(import.meta.dir, "../");
const packageJSONDirs = [
join(base, "test"),
...readdirSync(join(import.meta.dir, "js", "third_party"))
.map(a => join(import.meta.dir, "js", "third_party", a))
.filter(a => existsSync(join(a, "./package.json"))),
];
// For test reliability and security reasons
// We must use exact versions for third-party dependencies in our tests.
describe("package.json dependencies must be exact versions", async () => {
for (const dir of packageJSONDirs) {
test(join(dir.replace(base, ""), "package.json"), async () => {
const {
dependencies = {},
devDependencies = {},
peerDependencies = {},
optionalDependencies = {},
} = await Bun.file(join(dir, "./package.json")).json();
// Hyphen is necessary to accept prerelease versions like "1.1.3-alpha.7"
// This regex still forbids semver ranges like "1.0.0 - 1.2.0", as those must have spaces
// around the hyphen.
const okRegex = /^(([a-zA-Z0-9\.\-]|)+$|file:)/;
for (const [name, dep] of Object.entries(dependencies)) {
expect(dep, `dependency ${name} specifies non-exact version "${dep}"`).toMatch(okRegex);
}
for (const [name, dep] of Object.entries(devDependencies)) {
expect(dep, `dev dependency ${name} specifies non-exact version "${dep}"`).toMatch(okRegex);
}
for (const [name, dep] of Object.entries(peerDependencies)) {
expect(dep, `peer dependency ${name} specifies non-exact version "${dep}"`).toMatch(okRegex);
}
for (const [name, dep] of Object.entries(optionalDependencies)) {
expect(dep, `optional dependency ${name} specifies non-exact version "${dep}"`).toMatch(okRegex);
}
});
}
});