From 3f510304346a66a23f6083f773f9914269d739b1 Mon Sep 17 00:00:00 2001 From: "Martin M." Date: Sun, 19 Jan 2025 17:13:55 +0100 Subject: [PATCH] Report malformed semver specifications has been fixed --- README.md | 196 ++++++++++++++++++++-------------------- lib/M000_PackageJson.js | 49 ++++++---- lib/M800_Github.js | 2 +- lib/common.js | 42 ++++++++- package.json | 8 +- 5 files changed, 179 insertions(+), 118 deletions(-) diff --git a/README.md b/README.md index 70cc498..372754c 100644 --- a/README.md +++ b/README.md @@ -32,7 +32,11 @@ npx @iobroker/repochecker https://github.com/ioBroker/ioBroker.javascript --loca ### **WORK IN PROGRESS** --> -## Changelog +## Changelog +### **WORK IN PROGRESS** + +- (mcm1957) Report malformed semver specifications has been fixed. + ### 3.3.0 (2025-01-19) - (mcm1957) "common.singleton" causes a warning now for non-onlyWWW Adapters. @@ -42,77 +46,77 @@ npx @iobroker/repochecker https://github.com/ioBroker/ioBroker.javascript --loca - (mcm1957) Report malformed semver specifications. - (mcm1957) Check of copyright-year complains about future dates now. - (mcm1957) Checking for responsive design issues has been added. -- (mcm1957) Releaseinfo has been added to "checks" log. - +- (mcm1957) Releaseinfo has been added to "checks" log. + ### 3.2.4 (2025-01-16) -- (mcm1957) Suggested release of testing and adapter-core increased. - +- (mcm1957) Suggested release of testing and adapter-core increased. + ### 3.2.3 (2025-01-11) - (mcm1957) An error is issued if js-controller dependency is missing. - (mcm1957) Required js-controller has been increased to 5.0.19. -- (mcm1957) Recommended js-controller version is omitted if identical to required one. - +- (mcm1957) Recommended js-controller version is omitted if identical to required one. + ### 3.2.2 (2024-11-01) - (mcm1957) Link to open issues has been corrected. -- (mcm1957) Component name added to responsive check issues. - +- (mcm1957) Component name added to responsive check issues. + ### 3.2.1 (2024-11-01) -- (mcm1957) Size checking for "divider" and "staticImage" suspended. - +- (mcm1957) Size checking for "divider" and "staticImage" suspended. + ### 3.2.0 (2024-11-01) - (oweitman) Script has been extended to use optionally local data for checking. - (mcm1957) Warning if i18n is not used has been fixed [#324]. - (mcm1957) Check for importent issues has been added. -- (mcm1957) Checking of jsonConfig (initially) added. - +- (mcm1957) Checking of jsonConfig (initially) added. + ### 3.1.4 (2024-10-26) - (mcm1957) linter has been activated and issues reported have been fixed. - (mcm1957) Blacklist for package/dependencies has been extended. - (mcm1957) Recommend adapter-core 3.2.2 now. - (mcm1957) Clearify test for "[E952] .npmignore not found". [#320] -- (mcm1957) Abort processing if iobroker.live not reachable. [#321] - +- (mcm1957) Abort processing if iobroker.live not reachable. [#321] + ### 3.1.3 (2024-10-11) -- (mcm1957) Checker no longer crash id no npm package exists. - +- (mcm1957) Checker no longer crash id no npm package exists. + ### 3.1.2 (2024-10-04) -- (mcm1957) Require node 18 minimum as engines clause. - +- (mcm1957) Require node 18 minimum as engines clause. + ### 3.1.1 (2024-10-04) - (mcm1957) "[E166] 'common.mode: extension' is unknown" has been fixed [#308] - (mcm1957) "[E904] file iob_npm.done found in repository, but not found in .gitignore" removed as covered by [E503]. [#309] - (mcm1957) "[E500] node_modules found" has been retricted to adapetr root. [#297] - (mcm1957) Do not check main entry if common.mode none or extension. -- (mcm1957) Change "[W113] Adapter should support compact mode" text and honor common.compact set to false. [#300] - +- (mcm1957) Change "[W113] Adapter should support compact mode" text and honor common.compact set to false. [#300] + ### 3.1.0 (2024-09-29) - (mcm1957) "@iobroker/plugin-sentry" blacklisted as dependency [#301] - (mcm1957) Accept .ts files as main file too. [#303] -- (mcm1957) [E405] and [E426] incorrect path has been corrected. [#299] - +- (mcm1957) [E405] and [E426] incorrect path has been corrected. [#299] + ### 3.0.7 (2024-09-19) -- (mcm1957) "[W523] 'package-lock.json"'not found in repo!" reduced to suggestion. [#298] - +- (mcm1957) "[W523] 'package-lock.json"'not found in repo!" reduced to suggestion. [#298] + ### 3.0.6 (2024-09-13) - (mcm1957) "[E124] Main file not found" no longer raised if `common.nogit` is set - (mcm1957) 'Text of "common.main" is deprecated' has been adapted. [#266] -- (mcm1957) Ignore errors caused by complex .gitignor/.npmignore. [#288] - +- (mcm1957) Ignore errors caused by complex .gitignor/.npmignore. [#288] + ### 3.0.5 (2024-09-13) -- (mcm1957) '@iobroker/dev-server' is valid as dev-dependency. [#260] - +- (mcm1957) '@iobroker/dev-server' is valid as dev-dependency. [#260] + ### 3.0.4 (2024-09-12) - (mcm1957) Abort with incorrect dependency definition fixed [#287] @@ -121,48 +125,48 @@ npx @iobroker/repochecker https://github.com/ioBroker/ioBroker.javascript --loca - (mcm1957) Missing mandatory translations are considered an error now. [#277, #278] - (mcm1957) '.npmignore found but "files" is used' is a warning now. [#274] - (mcm1957) '@iobroker/dev-server' has been blacklisted as any dependency. [#260] -- (mcm1957) Do no longer require a js-controller dependency for wwwOnly adapters. [#250] - +- (mcm1957) Do no longer require a js-controller dependency for wwwOnly adapters. [#250] + ### 3.0.3 (2024-09-12) -- (mcm1957) Check for iob_npm.done at `.npmignore` has been removed [#294] - +- (mcm1957) Check for iob_npm.done at `.npmignore` has been removed [#294] + ### 3.0.2 (2024-09-11) - (mcm1957) Handling of a missing LICENSE file corrected. [#282] - (mcm1957) [W126] Missing mandatory translation is an error now. [#293] - (mcm1957) Record repochcker version used for tests. -- (mcm1957) Record GitHub commit-sha of last commit used for tests. - +- (mcm1957) Record GitHub commit-sha of last commit used for tests. + ### 3.0.0 (2024-09-10) - (mcm1957) Error and warning numbering has been reviewed and duplicates removed. -- (mcm1957) index.js has been split into seperated modules. - +- (mcm1957) index.js has been split into seperated modules. + ### 2.10.0 (2024-08-19) -- (mcm1957) Suggestions ([Sxxx] have been added). - +- (mcm1957) Suggestions ([Sxxx] have been added). + ### 2.9.1 (2024-08-12) - (mcm1957) E162 - correct dependency check for js-controller. [#267]. - (mcm1957) E605 - copyright year range including whitespaces is now accepted. [#269]. - (mcm1957) E016 - missing vaiable expansion has been added. [#263]. -- (mcm1957) E114 - typo at error message has been fixed [#261]. - +- (mcm1957) E114 - typo at error message has been fixed [#261]. + ### 2.9.0 (2024-07-29) - (mcm1957) Adapt text if sources-dist(-stable).json need a correction [#97]. - (mcm1957) Missing "common.mode" error text corrected [#249]. - (mcm1957) Files "iob" and "iobroker" are disallowed now [#248]. - (mcm1957) Checks related to @alcalzone/releasescript modified [#71]. -- (mcm1957) Text of E114 (missing adminUI) adapted. - +- (mcm1957) Text of E114 (missing adminUI) adapted. + ### 2.8.1 (2024-07-28) - (mcm1957) Check of js-controller version has been corrected [#247]. -- (mcm1957) Honor '>' at dependency checks too [#246]. - +- (mcm1957) Honor '>' at dependency checks too [#246]. + ### 2.8.0 (2024-07-28) - (mcm1957) Copyright year check has been fixed for single year entries. @@ -171,16 +175,16 @@ npx @iobroker/repochecker https://github.com/ioBroker/ioBroker.javascript --loca - (mcm1957) Missing language files reduced to warning [#203]. - (mcm1957) Missing .gitignore is considered an error now. - (mcm1957) "common.noConfig" no longer reported as error if "common.adminUI" is present [#245]. -- (mcm1957) "common.noConfig" must match "common.adminUI" setting [#170]. - +- (mcm1957) "common.noConfig" must match "common.adminUI" setting [#170]. + ### 2.7.2 (2024-07-26) -- (mcm1957) package-lock.json check fixed. - +- (mcm1957) package-lock.json check fixed. + ### 2.7.1 (2024-07-26) -- (mcm1957) Reduce setTimeout/setInterval error to warning temporary. - +- (mcm1957) Reduce setTimeout/setInterval error to warning temporary. + ### 2.7.0 (2024-07-26) - (mcm1957) Some non trivial keywords related to adapter are enforced now [#234]. @@ -193,37 +197,37 @@ npx @iobroker/repochecker https://github.com/ioBroker/ioBroker.javascript --loca - (mcm1957) Versions listed at common.news are checked to exist at npm now [#226]. - (mcm1957) 'package-lock.json' is checked to exist at GitHub now [#188]. - (mcm1957) travis checks have been removed [#237]. -- (mcm1957) Copyright year now honors commit year and npm publish year too [#237]. - +- (mcm1957) Copyright year now honors commit year and npm publish year too [#237]. + ### 2.6.1 (2024-06-24) -- (mcm1957) Check "[W156] Adapter should support admin 5 UI (jsonConfig)" checks for reactUi now. - +- (mcm1957) Check "[W156] Adapter should support admin 5 UI (jsonConfig)" checks for reactUi now. + ### 2.6.0 (2024-06-24) - (mcm1957) Check has been aded to ensure keywords and common.keywords are present. [#200] -- (mcm1957) Detection of react has been added, gulpfile.js is accepted for react based UIs now. [#223] - +- (mcm1957) Detection of react has been added, gulpfile.js is accepted for react based UIs now. [#223] + ### 2.5.1 (2024-06-24) - (mcm1957) Suggestion to update dependencies to recommended version added. -- (mcm1957) Adapter-core recommended set to 3.1.6 [#220] - +- (mcm1957) Adapter-core recommended set to 3.1.6 [#220] + ### 2.5.0 (2024-05-30) -- (mcm1957) Check to ensure that dependency revisions are available at repository added. [#180] - +- (mcm1957) Check to ensure that dependency revisions are available at repository added. [#180] + ### 2.4.0 (2024-05-30) - (mcm1957) Add check to protect sensitive data. [#195] -- (mcm1957) Add check to verify that dependencies and globalDepencies are of type array. [#90] - +- (mcm1957) Add check to verify that dependencies and globalDepencies are of type array. [#90] + ### 2.3.1 (2024-05-07) - (mcm1957) Reduce number of missing translation warnings. - (mcm1957) Seperate between required and recommended translations. -- (mcm1957) Log missing translations in detail. - +- (mcm1957) Log missing translations in detail. + ### 2.3.0 (2024-05-07) - (mcm1957) Elements marked as deprectaed added to blacklist. @@ -231,17 +235,17 @@ npx @iobroker/repochecker https://github.com/ioBroker/ioBroker.javascript --loca - (mcm1957) Error [E000] will be raised now if repository cannot be accessed at all [#194]. - (mcm1957) Reading of package.json and io-package.json has been moved to head of tests. - (mcm1957) Check minimum and recommended node version at package.json (#160) -- (mcm1957) Raise an error if version at package.json is lower than latest release at npmjs [#192] - +- (mcm1957) Raise an error if version at package.json is lower than latest release at npmjs [#192] + ### 2.2.3 (2024-03-29) -- (mcm1957) Checking of license has been improved - +- (mcm1957) Checking of license has been improved + ### 2.2.2 (2024-03-29) - (mcm1957) Checking of adapter-core has been fixed -- (mcm1957) Load all potential interesting files, fixes [#149] - +- (mcm1957) Load all potential interesting files, fixes [#149] + ### 2.2.1 (2024-03-26) - (mcm1957) Added check that own adapter is not listed at common.restartAdapters @@ -249,56 +253,56 @@ npx @iobroker/repochecker https://github.com/ioBroker/ioBroker.javascript --loca - (mcm1957) Added check for recommended node version (node 18 for now) - (mcm1957) Disallow common.mode == subscribe - (mcm1957) Deprecate common.wakeup -- (mcm1957) Added check for adapter-core version (>= 3.0.6) - +- (mcm1957) Added check for adapter-core version (>= 3.0.6) + ### 2.2.0 (2024-03-24) - (klein0r) Added check for licenseInformation - (klein0r) Added check for deprecated license - (klein0r) Added check for required attribute common.tier -- (klein0r) Added check for disallowed attribute common.automaticUpgrade - +- (klein0r) Added check for disallowed attribute common.automaticUpgrade + ### 2.1.13 (2024-01-02) -- (bluefox) Corrected rule W156: adminUI.config === 'none' is allowed - +- (bluefox) Corrected rule W156: adminUI.config === 'none' is allowed + ### 2.1.12 (2023-09-21) -- (bluefox) Added check of using '\_' in adapter name - +- (bluefox) Added check of using '\_' in adapter name + ### 2.1.11 (2023-09-05) -- (bluefox) Added check of iobroker.js-controller in dependencies - +- (bluefox) Added check of iobroker.js-controller in dependencies + ### 2.1.7 (2023-08-14) - (mcm57) Update index.js - fix typo in error message (packet.json) -- (mcm57) Update index.js - renumber E504/1 to 519 - fixes #112 - +- (mcm57) Update index.js - renumber E504/1 to 519 - fixes #112 + ### 2.1.6 (2022-12-08) -- (bluefox) added better error logging - +- (bluefox) added better error logging + ### 2.1.5 (2022-12-07) -- (bluefox) added check of `.releaseconfig.json` file - +- (bluefox) added check of `.releaseconfig.json` file + ### 2.1.4 (2022-08-19) -- (bluefox) Added check for adapter name: it may not start with '\_' - +- (bluefox) Added check for adapter name: it may not start with '\_' + ### 2.1.2 (2022-07-14) -- (bluefox) Fixed some errors - +- (bluefox) Fixed some errors + ### 2.1.0 (2022-05-26) -- (bluefox) Added support for jsonConfig.json5 and jsonCustom.json5 - +- (bluefox) Added support for jsonConfig.json5 and jsonCustom.json5 + ### 2.0.5 (2022-05-22) -- (bluefox) Made it possible to run with npx - +- (bluefox) Made it possible to run with npx + ## License The MIT License (MIT) @@ -321,4 +325,4 @@ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN -THE SOFTWARE. +THE SOFTWARE. diff --git a/lib/M000_PackageJson.js b/lib/M000_PackageJson.js index 7c40700..7f91259 100644 --- a/lib/M000_PackageJson.js +++ b/lib/M000_PackageJson.js @@ -453,20 +453,26 @@ async function checkPackageJson(context) { '@iobroker/testing', ]; for (const dependency in context.packageJson.dependencies) { - if (!context.packageJson.dependencies[dependency].match(/^(\^|~|>|>=|<|<=)?\d+\.\d+\.\d+$/gm)) { + const dependencyVersion = context.packageJson.dependencies[dependency]; + if (dependencyVersion.toLowerCase().includes('github.com')) { + context.warnings.push( + `[W043] dependency should not require a github version. Please change "${dependency}:${dependencyVersion}"`, + ); + } else if (dependencyVersion === '*') { + context.warnings.push( + `[W056] Wildcard dependencies should be avoided "${dependency}":"${dependencyVersion}". Use "~1.2.3" or "^1.2.3" syntax at package.json.`, + ); + } else if (!common.validateSemver(dependencyVersion)) { context.errors.push( - `[E054] malformed dependency detected "${dependency}":${context.packageJson.dependencies[dependency]}". Please fix at package.json.`, + `[E054] malformed dependency detected "${dependency}":"${dependencyVersion}". Please fix at package.json.`, ); } else if ( !context.packageJson.dependencies[dependency].startsWith('^') && !context.packageJson.dependencies[dependency].startsWith('~') && - !context.packageJson.dependencies[dependency].startsWith('>') + !context.packageJson.dependencies[dependency].startsWith('>') && + !context.packageJson.dependencies[dependency].startsWith('<') ) { - if (context.packageJson.dependencies[dependency].toLowerCase().includes('github.com')) { - context.warnings.push( - `[W043] dependency should not require a github version. Please change "${dependency}:${context.packageJson.dependencies[dependency]}"`, - ); - } else if (enforcedDependencies.includes(dependency)) { + if (enforcedDependencies.includes(dependency)) { context.errors.push( `[E044] dependency must not require a specific version. Use "~1.2.3" or "^1.2.3" syntax. Please update "${dependency}:${context.packageJson.dependencies[dependency]}"`, ); @@ -479,22 +485,28 @@ async function checkPackageJson(context) { } for (const dependency in context.packageJson.devDependencies) { - if (!context.packageJson.devDependencies[dependency].match(/^(\^|~|>|>=|<|<=)?\d+\.\d+\.\d+$/gm)) { + const dependencyVersion = context.packageJson.devDependencies[dependency]; + if (dependencyVersion.toLowerCase().includes('github.com')) { + context.warnings.push( + `[W045] devDependency should not require github versions. Please change "${dependency}":"${dependencyVersion}"`, + ); + } else if (dependencyVersion === '*') { + context.warnings.push( + `[W057] Wildcard devDependencies should be avoided "${dependency}":"${dependencyVersion}". Use "~1.2.3" or "^1.2.3" syntax at package.json.`, + ); + } else if (!common.validateSemver(dependencyVersion)) { context.errors.push( - `[E055] malformed dependency detected "${dependency}":${context.packageJson.devDependencies[dependency]}". Please fix at package.json.`, + `[E055] malformed dependency detected "${dependency}":"${dependencyVersion}". Please fix at package.json.`, ); } else if ( !context.packageJson.devDependencies[dependency].startsWith('^') && !context.packageJson.devDependencies[dependency].startsWith('~') && - !context.packageJson.devDependencies[dependency].startsWith('>') + !context.packageJson.devDependencies[dependency].startsWith('>') && + !context.packageJson.devDependencies[dependency].startsWith('<') ) { - if (context.packageJson.devDependencies[dependency].toLowerCase().includes('github.com')) { - context.warnings.push( - `[W045] devDependency should not require github versions. Please change "${dependency}:${context.packageJson.devDependencies[dependency]}"`, - ); - } else if (enforcedDependencies.includes(dependency)) { + if (enforcedDependencies.includes(dependency)) { context.errors.push( - `[E046] devDependency must not require a specific version. Use "~1.2.3" or "^1.2.3" syntax. Please update "${dependency}:${context.packageJson.devDependencies[dependency]}"`, + `[E046] devDependency must not require a specific version. Use "~1.2.3" or "^1.2.3" syntax. Please update "${dependency}:${dependencyVersion}"`, ); } else { context.warnings.push( @@ -645,3 +657,6 @@ exports.checkPackageJson = checkPackageJson; // [053] ${blacklistedDevDependenciesPackageJson[blacklist].msg} // [054] malformed dependency detected "${dependency}":${context.packageJson.dependencies[dependency]}". Please fix at package.json.` // [055] malformed dependency detected "${dependency}":${context.packageJson.devDependencies[dependency]}". Please fix at package.json.` +// [056] Wildcard dependencies should be avoided "${dependency}":"${dependencyVersion}". Use "~1.2.3" or "^1.2.3" syntax at package.json.`, +// [057] Wildcard devDependencies should be avoided "${dependency}":"${dependencyVersion}". Use "~1.2.3" or "^1.2.3" syntax at package.json.`, + diff --git a/lib/M800_Github.js b/lib/M800_Github.js index e8a5e8d..592ed3b 100644 --- a/lib/M800_Github.js +++ b/lib/M800_Github.js @@ -16,7 +16,7 @@ const issuesToWatch = [ ]; // disable axios caching -axios.defaults.headers = { +axios.defaults.headers.common = { 'Cache-Control': 'no-cache', Pragma: 'no-cache', Expires: '0', diff --git a/lib/common.js b/lib/common.js index 0652456..527a192 100644 --- a/lib/common.js +++ b/lib/common.js @@ -6,9 +6,10 @@ const axios = require('axios'); const fs = require('node:fs/promises'); const compareVersions = require('compare-versions'); +const semverValid = require('semver/functions/valid'); // disable axios caching -axios.defaults.headers = { +axios.defaults.headers.common = { 'Cache-Control': 'no-cache', Pragma: 'no-cache', Expires: '0', @@ -61,6 +62,7 @@ async function downloadFile(githubUrl, path, binary, noError) { return file; } } + function getDependencyArray(deps) { return deps .map(dep => (typeof dep === 'object' ? Object.keys(dep) : [dep])) @@ -116,6 +118,42 @@ function maxVersion(v1, v2) { return v2; } +/* + analyzes a semver string +*/ +function parseSemver(p_semver) { + // console.log(`parseSemver(${p_semver})`); + const ret = { + valid: false, + rangeOp: '', + trimmed: false, + version: '', + }; + + const semver = p_semver.trim(); + ret.trimmed = semver !== p_semver; + ret.version = semver; + ret.uncompressed = false; + + const m = semver.match(/^(\^|~|>|>=|<|<=)?(\s*)(.*)$/); + if (m) { + // console.log(m); + ret.rangeOp = m[1]; + ret.uncompressed = m[2] !== ''; + ret.version = m[3]; + } + ret.version = semverValid(ret.version) || ''; + ret.valid = semverValid(ret.version) !== undefined; + // console.log(JSON.stringify(ret)); + return ret; +} + +function validateSemver(p_semver) { + //console.log(`validateSemver(${p_semver})`); + const ret = parseSemver(p_semver); + return ret.valid && !ret.uncompressed; +} + exports.setDebug = setDebug; exports.debug = debug; exports.setLocal = setLocal; @@ -126,3 +164,5 @@ exports.downloadFile = downloadFile; exports.getDependencyArray = getDependencyArray; exports.getDependencies = getDependencies; exports.maxVersion = maxVersion; +exports.parseSemver = parseSemver; +exports.validateSemver = validateSemver; diff --git a/package.json b/package.json index 03a445d..ccfab85 100644 --- a/package.json +++ b/package.json @@ -4,15 +4,17 @@ "devDependencies": { "@alcalzone/release-script": "^3.8.0", "@iobroker/eslint-config": "^1.0.0", + "@tsconfig/node20": "^20.1.4", "@types/node": "^20.16.5", - "@tsconfig/node20": "^20.1.4" + "@types/semver": "^7.5.8" }, "dependencies": { "axios": "^1.7.9", "compare-versions": "^6.1.1", "image-size": "^1.2.0", - "unzipper": "^0.12.3", - "json5": "^2.2.3" + "json5": "^2.2.3", + "semver": "^7.6.3", + "unzipper": "^0.12.3" }, "publishConfig": { "access": "public"