diff --git a/core/src/main/java/org/owasp/dependencycheck/analyzer/NodePackageAnalyzer.java b/core/src/main/java/org/owasp/dependencycheck/analyzer/NodePackageAnalyzer.java index 70f6190f3b5..07d3bb4b006 100644 --- a/core/src/main/java/org/owasp/dependencycheck/analyzer/NodePackageAnalyzer.java +++ b/core/src/main/java/org/owasp/dependencycheck/analyzer/NodePackageAnalyzer.java @@ -92,6 +92,10 @@ public class NodePackageAnalyzer extends AbstractNpmAnalyzer { * The file name to scan. */ public static final String SHRINKWRAP_JSON = "npm-shrinkwrap.json"; + /** + * The name of the directory that contains node modules + */ + public static final String NODE_MODULES_DIRNAME = "node_modules"; /** * Filter that detects files named "package.json", "package-lock.json", or * "npm-shrinkwrap.json". @@ -303,6 +307,13 @@ public static boolean shouldSkipDependency(String name, String version, boolean name, version); return true; } + + // Don't include package with empty name + if ("".equals(name)) { + LOGGER.debug("Empty dependency of package-lock v2+ removed"); + return true; + } + return false; } @@ -334,16 +345,36 @@ public static boolean shouldSkipDependency(String name, String version) { */ private void processDependencies(JsonObject json, File baseDir, File rootFile, String parentPackage, Engine engine) throws AnalysisException { - if (json.containsKey("dependencies")) { - final JsonObject deps = json.getJsonObject("dependencies"); - final boolean skipDev = getSettings().getBoolean(Settings.KEYS.ANALYZER_NODE_PACKAGE_SKIPDEV, false); + final boolean skipDev = getSettings().getBoolean(Settings.KEYS.ANALYZER_NODE_PACKAGE_SKIPDEV, false); + final JsonObject deps; + + final int lockJsonVersion = json.containsKey("lockfileVersion") ? json.getInt("lockfileVersion") : 1; + if (lockJsonVersion >= 2) { + deps = json.getJsonObject("packages"); + } else if (json.containsKey("dependencies")) { + deps = json.getJsonObject("dependencies"); + } else { + deps = null; + } + + if (deps != null) { for (Map.Entry entry : deps.entrySet()) { - final String name = entry.getKey(); + String pathName = entry.getKey(); + String name = pathName; + final File base; + + final int indexOfNodeModule = name.lastIndexOf(NODE_MODULES_DIRNAME); + if (indexOfNodeModule >= 0) { + name = name.substring(indexOfNodeModule + NODE_MODULES_DIRNAME.length() + 1); + base = Paths.get(baseDir.getPath(), pathName).toFile(); + } else { + base = Paths.get(baseDir.getPath(), "node_modules", name).toFile(); + } + final String version; boolean optional = false; boolean isDev = false; - final File base = Paths.get(baseDir.getPath(), "node_modules", name).toFile(); final File f = new File(base, PACKAGE_JSON); JsonObject jo = null; diff --git a/core/src/main/java/org/owasp/dependencycheck/data/nodeaudit/NpmPayloadBuilder.java b/core/src/main/java/org/owasp/dependencycheck/data/nodeaudit/NpmPayloadBuilder.java index 09fc3cf0922..8eec580f58a 100644 --- a/core/src/main/java/org/owasp/dependencycheck/data/nodeaudit/NpmPayloadBuilder.java +++ b/core/src/main/java/org/owasp/dependencycheck/data/nodeaudit/NpmPayloadBuilder.java @@ -40,7 +40,6 @@ */ @ThreadSafe public final class NpmPayloadBuilder { - /** * Private constructor for utility class. */ @@ -102,9 +101,19 @@ public static JsonObject build(JsonObject lockJson, JsonObject packageJson, payloadBuilder.add("requires", requiresBuilder.build()); final JsonObjectBuilder dependenciesBuilder = Json.createObjectBuilder(); - final JsonObject dependencies = lockJson.getJsonObject("dependencies"); + final int lockJsonVersion = lockJson.containsKey("lockfileVersion") ? lockJson.getInt("lockfileVersion") : 1; + JsonObject dependencies = lockJson.getJsonObject("dependencies"); + if (lockJsonVersion >= 2 && dependencies == null) { + dependencies = lockJson.getJsonObject("packages"); + } + if (dependencies != null) { dependencies.forEach((key, value) -> { + final int indexOfNodeModule = key.lastIndexOf(NodePackageAnalyzer.NODE_MODULES_DIRNAME); + if (indexOfNodeModule >= 0) { + key = key.substring(indexOfNodeModule + NodePackageAnalyzer.NODE_MODULES_DIRNAME.length() + 1); + } + final JsonObject dep = ((JsonObject) value); final String version = dep.getString("version"); final boolean isDev = dep.getBoolean("dev", false); @@ -240,9 +249,22 @@ private static JsonObject buildDependencies(JsonObject dep, MultiValuedMap { - final String v = ((JsonObject) value).getString("version"); - dependencyMap.put(key, v); - dependeciesBuilder.add(key, buildDependencies((JsonObject) value, dependencyMap)); + if (value.getValueType() == JsonValue.ValueType.OBJECT) { + final JsonObject currentDep = (JsonObject) value; + final String v = currentDep.getString("version"); + dependencyMap.put(key, v); + dependeciesBuilder.add(key, buildDependencies(currentDep, dependencyMap)); + } else { + final String tmp = value.toString(); + final String v; + if (tmp.startsWith("\"")) { + v = tmp.substring(1, tmp.length() - 1); + } else { + v = tmp; + } + dependencyMap.put(key, v); + dependeciesBuilder.add(key, v); + } }); depBuilder.add("dependencies", dependeciesBuilder.build()); } diff --git a/core/src/test/java/org/owasp/dependencycheck/analyzer/NodePackageAnalyzerTest.java b/core/src/test/java/org/owasp/dependencycheck/analyzer/NodePackageAnalyzerTest.java index 0224ae18171..e4c5f20cac7 100644 --- a/core/src/test/java/org/owasp/dependencycheck/analyzer/NodePackageAnalyzerTest.java +++ b/core/src/test/java/org/owasp/dependencycheck/analyzer/NodePackageAnalyzerTest.java @@ -267,4 +267,46 @@ public void testWithoutLock() throws AnalysisException, InvalidSettingException //final boolean isMac = !System.getProperty("os.name").toLowerCase().contains("mac"); assertEquals("Expected 1 dependencies", 1, engine.getDependencies().length); } + + /** + * Test of inspect method for package-lock v2 + * + * @throws AnalysisException is thrown when an exception occurs. + */ + @Test + public void testPackageLockV2() throws AnalysisException, InvalidSettingException { + Assume.assumeThat(getSettings().getBoolean(Settings.KEYS.ANALYZER_NODE_PACKAGE_ENABLED), is(true)); + Assume.assumeThat(getSettings().getBoolean(Settings.KEYS.ANALYZER_NODE_AUDIT_ENABLED), is(true)); + final Dependency packageJson = new Dependency(BaseTest.getResourceAsFile(this, + "nodejs/test_lockv2/package.json")); + final Dependency packageLockJson = new Dependency(BaseTest.getResourceAsFile(this, + "nodejs/test_lockv2/package-lock.json")); + engine.addDependency(packageJson); + engine.addDependency(packageLockJson); + analyzer.analyze(packageJson, engine); + assertEquals("Expected 1 dependencies", 1, engine.getDependencies().length); + analyzer.analyze(packageLockJson, engine); + assertEquals("Expected 1 dependencies", 6, engine.getDependencies().length); + } + + /** + * Test of inspect method for package-lock v3 + * + * @throws AnalysisException is thrown when an exception occurs. + */ + @Test + public void testPackageLockV3() throws AnalysisException, InvalidSettingException { + Assume.assumeThat(getSettings().getBoolean(Settings.KEYS.ANALYZER_NODE_PACKAGE_ENABLED), is(true)); + Assume.assumeThat(getSettings().getBoolean(Settings.KEYS.ANALYZER_NODE_AUDIT_ENABLED), is(true)); + final Dependency packageJson = new Dependency(BaseTest.getResourceAsFile(this, + "nodejs/test_lockv3/package.json")); + final Dependency packageLockJson = new Dependency(BaseTest.getResourceAsFile(this, + "nodejs/test_lockv3/package-lock.json")); + engine.addDependency(packageJson); + engine.addDependency(packageLockJson); + analyzer.analyze(packageJson, engine); + assertEquals("Expected 1 dependencies", 1, engine.getDependencies().length); + analyzer.analyze(packageLockJson, engine); + assertEquals("Expected 1 dependencies", 6, engine.getDependencies().length); + } } diff --git a/core/src/test/resources/nodejs/test_lockv2/node_modules/is-buffer/LICENSE b/core/src/test/resources/nodejs/test_lockv2/node_modules/is-buffer/LICENSE new file mode 100644 index 00000000000..0c068ceecbd --- /dev/null +++ b/core/src/test/resources/nodejs/test_lockv2/node_modules/is-buffer/LICENSE @@ -0,0 +1,21 @@ +The MIT License (MIT) + +Copyright (c) Feross Aboukhadijeh + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in +all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +THE SOFTWARE. diff --git a/core/src/test/resources/nodejs/test_lockv2/node_modules/is-buffer/package.json b/core/src/test/resources/nodejs/test_lockv2/node_modules/is-buffer/package.json new file mode 100644 index 00000000000..ea12137a63c --- /dev/null +++ b/core/src/test/resources/nodejs/test_lockv2/node_modules/is-buffer/package.json @@ -0,0 +1,51 @@ +{ + "name": "is-buffer", + "description": "Determine if an object is a Buffer", + "version": "1.1.6", + "author": { + "name": "Feross Aboukhadijeh", + "email": "feross@feross.org", + "url": "http://feross.org/" + }, + "bugs": { + "url": "https://github.com/feross/is-buffer/issues" + }, + "dependencies": {}, + "devDependencies": { + "standard": "*", + "tape": "^4.0.0", + "zuul": "^3.0.0" + }, + "keywords": [ + "buffer", + "buffers", + "type", + "core buffer", + "browser buffer", + "browserify", + "typed array", + "uint32array", + "int16array", + "int32array", + "float32array", + "float64array", + "browser", + "arraybuffer", + "dataview" + ], + "license": "MIT", + "main": "index.js", + "repository": { + "type": "git", + "url": "git://github.com/feross/is-buffer.git" + }, + "scripts": { + "test": "standard && npm run test-node && npm run test-browser", + "test-browser": "zuul -- test/*.js", + "test-browser-local": "zuul --local -- test/*.js", + "test-node": "tape test/*.js" + }, + "testling": { + "files": "test/*.js" + } +} diff --git a/core/src/test/resources/nodejs/test_lockv2/node_modules/is-number/LICENSE b/core/src/test/resources/nodejs/test_lockv2/node_modules/is-number/LICENSE new file mode 100644 index 00000000000..fa30c4cb3e4 --- /dev/null +++ b/core/src/test/resources/nodejs/test_lockv2/node_modules/is-number/LICENSE @@ -0,0 +1,21 @@ +The MIT License (MIT) + +Copyright (c) 2014-2015, Jon Schlinkert. + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in +all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +THE SOFTWARE. diff --git a/core/src/test/resources/nodejs/test_lockv2/node_modules/is-number/package.json b/core/src/test/resources/nodejs/test_lockv2/node_modules/is-number/package.json new file mode 100644 index 00000000000..8e30b13014e --- /dev/null +++ b/core/src/test/resources/nodejs/test_lockv2/node_modules/is-number/package.json @@ -0,0 +1,59 @@ +{ + "name": "is-number", + "description": "Returns true if the value is a number. comprehensive tests.", + "version": "2.1.0", + "homepage": "https://github.com/jonschlinkert/is-number", + "author": "Jon Schlinkert (https://github.com/jonschlinkert)", + "repository": "jonschlinkert/is-number", + "bugs": { + "url": "https://github.com/jonschlinkert/is-number/issues" + }, + "license": "MIT", + "files": [ + "index.js" + ], + "main": "index.js", + "engines": { + "node": ">=0.10.0" + }, + "scripts": { + "test": "mocha" + }, + "dependencies": { + "kind-of": "^3.0.2" + }, + "devDependencies": { + "benchmarked": "^0.1.3", + "chalk": "^0.5.1", + "mocha": "*" + }, + "keywords": [ + "check", + "coerce", + "coercion", + "integer", + "is", + "is number", + "is-number", + "istype", + "kind of", + "math", + "number", + "test", + "type", + "typeof", + "value" + ], + "verb": { + "related": { + "list": [ + "kind-of", + "is-primitive", + "even", + "odd", + "is-even", + "is-odd" + ] + } + } +} diff --git a/core/src/test/resources/nodejs/test_lockv2/node_modules/isarray/package.json b/core/src/test/resources/nodejs/test_lockv2/node_modules/isarray/package.json new file mode 100644 index 00000000000..1a4317a9c41 --- /dev/null +++ b/core/src/test/resources/nodejs/test_lockv2/node_modules/isarray/package.json @@ -0,0 +1,45 @@ +{ + "name": "isarray", + "description": "Array#isArray for older browsers", + "version": "1.0.0", + "repository": { + "type": "git", + "url": "git://github.com/juliangruber/isarray.git" + }, + "homepage": "https://github.com/juliangruber/isarray", + "main": "index.js", + "dependencies": {}, + "devDependencies": { + "tape": "~2.13.4" + }, + "keywords": [ + "browser", + "isarray", + "array" + ], + "author": { + "name": "Julian Gruber", + "email": "mail@juliangruber.com", + "url": "http://juliangruber.com" + }, + "license": "MIT", + "testling": { + "files": "test.js", + "browsers": [ + "ie/8..latest", + "firefox/17..latest", + "firefox/nightly", + "chrome/22..latest", + "chrome/canary", + "opera/12..latest", + "opera/next", + "safari/5.1..latest", + "ipad/6.0..latest", + "iphone/6.0..latest", + "android-browser/4.2..latest" + ] + }, + "scripts": { + "test": "tape test.js" + } +} diff --git a/core/src/test/resources/nodejs/test_lockv2/node_modules/isobject/LICENSE b/core/src/test/resources/nodejs/test_lockv2/node_modules/isobject/LICENSE new file mode 100644 index 00000000000..39245ac1c60 --- /dev/null +++ b/core/src/test/resources/nodejs/test_lockv2/node_modules/isobject/LICENSE @@ -0,0 +1,21 @@ +The MIT License (MIT) + +Copyright (c) 2014-2016, Jon Schlinkert. + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in +all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +THE SOFTWARE. diff --git a/core/src/test/resources/nodejs/test_lockv2/node_modules/isobject/package.json b/core/src/test/resources/nodejs/test_lockv2/node_modules/isobject/package.json new file mode 100644 index 00000000000..954f4113ff4 --- /dev/null +++ b/core/src/test/resources/nodejs/test_lockv2/node_modules/isobject/package.json @@ -0,0 +1,67 @@ +{ + "name": "isobject", + "description": "Returns true if the value is an object and not an array or null.", + "version": "2.1.0", + "homepage": "https://github.com/jonschlinkert/isobject", + "author": "Jon Schlinkert (https://github.com/jonschlinkert)", + "repository": "jonschlinkert/isobject", + "bugs": { + "url": "https://github.com/jonschlinkert/isobject/issues" + }, + "license": "MIT", + "files": [ + "index.js" + ], + "main": "index.js", + "engines": { + "node": ">=0.10.0" + }, + "scripts": { + "test": "mocha" + }, + "dependencies": { + "isarray": "1.0.0" + }, + "devDependencies": { + "gulp-format-md": "^0.1.9", + "mocha": "^2.4.5" + }, + "keywords": [ + "check", + "is", + "is-object", + "isobject", + "kind", + "kind-of", + "kindof", + "native", + "object", + "type", + "typeof", + "value" + ], + "verb": { + "related": { + "list": [ + "merge-deep", + "extend-shallow", + "is-plain-object", + "kind-of" + ] + }, + "toc": false, + "layout": "default", + "tasks": [ + "readme" + ], + "plugins": [ + "gulp-format-md" + ], + "lint": { + "reflinks": true + }, + "reflinks": [ + "verb" + ] + } +} diff --git a/core/src/test/resources/nodejs/test_lockv2/node_modules/kind-of/LICENSE b/core/src/test/resources/nodejs/test_lockv2/node_modules/kind-of/LICENSE new file mode 100644 index 00000000000..d734237bded --- /dev/null +++ b/core/src/test/resources/nodejs/test_lockv2/node_modules/kind-of/LICENSE @@ -0,0 +1,21 @@ +The MIT License (MIT) + +Copyright (c) 2014-2017, Jon Schlinkert + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in +all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +THE SOFTWARE. diff --git a/core/src/test/resources/nodejs/test_lockv2/node_modules/kind-of/package.json b/core/src/test/resources/nodejs/test_lockv2/node_modules/kind-of/package.json new file mode 100644 index 00000000000..5de879e1162 --- /dev/null +++ b/core/src/test/resources/nodejs/test_lockv2/node_modules/kind-of/package.json @@ -0,0 +1,90 @@ +{ + "name": "kind-of", + "description": "Get the native type of a value.", + "version": "3.2.2", + "homepage": "https://github.com/jonschlinkert/kind-of", + "author": "Jon Schlinkert (https://github.com/jonschlinkert)", + "contributors": [ + "David Fox-Powell (https://dtothefp.github.io/me)", + "Jon Schlinkert (http://twitter.com/jonschlinkert)", + "Ken Sheedlo (kensheedlo.com)", + "laggingreflex (https://github.com/laggingreflex)", + "Miguel Mota (https://miguelmota.com)", + "Peter deHaan (http://about.me/peterdehaan)" + ], + "repository": "jonschlinkert/kind-of", + "bugs": { + "url": "https://github.com/jonschlinkert/kind-of/issues" + }, + "license": "MIT", + "files": [ + "index.js" + ], + "main": "index.js", + "engines": { + "node": ">=0.10.0" + }, + "scripts": { + "test": "mocha", + "prepublish": "browserify -o browser.js -e index.js -s index --bare" + }, + "dependencies": { + "is-buffer": "^1.1.5" + }, + "devDependencies": { + "ansi-bold": "^0.1.1", + "benchmarked": "^1.0.0", + "browserify": "^14.3.0", + "glob": "^7.1.1", + "gulp-format-md": "^0.1.12", + "mocha": "^3.3.0", + "type-of": "^2.0.1", + "typeof": "^1.0.0" + }, + "keywords": [ + "arguments", + "array", + "boolean", + "check", + "date", + "function", + "is", + "is-type", + "is-type-of", + "kind", + "kind-of", + "number", + "object", + "of", + "regexp", + "string", + "test", + "type", + "type-of", + "typeof", + "types" + ], + "verb": { + "related": { + "list": [ + "is-glob", + "is-number", + "is-primitive" + ] + }, + "toc": false, + "layout": "default", + "tasks": [ + "readme" + ], + "plugins": [ + "gulp-format-md" + ], + "lint": { + "reflinks": true + }, + "reflinks": [ + "verb" + ] + } +} diff --git a/core/src/test/resources/nodejs/test_lockv2/package-lock.json b/core/src/test/resources/nodejs/test_lockv2/package-lock.json new file mode 100644 index 00000000000..e1b1f6eb1ed --- /dev/null +++ b/core/src/test/resources/nodejs/test_lockv2/package-lock.json @@ -0,0 +1,95 @@ +{ + "name": "test", + "version": "0.0.1", + "lockfileVersion": 2, + "requires": true, + "packages": { + "": { + "name": "test", + "version": "0.0.1", + "dependencies": { + "is-number": "2.1.0", + "isobject": "2.1.0" + } + }, + "node_modules/is-buffer": { + "version": "1.1.6", + "resolved": "https://registry.npmjs.org/is-buffer/-/is-buffer-1.1.6.tgz", + "integrity": "sha512-NcdALwpXkTm5Zvvbk7owOUSvVvBKDgKP5/ewfXEznmQFfs4ZRmanOeKBTjRVjka3QFoN6XJ+9F3USqfHqTaU5w==" + }, + "node_modules/is-number": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/is-number/-/is-number-2.1.0.tgz", + "integrity": "sha512-QUzH43Gfb9+5yckcrSA0VBDwEtDUchrk4F6tfJZQuNzDJbEDB9cZNzSfXGQ1jqmdDY/kl41lUOWM9syA8z8jlg==", + "dependencies": { + "kind-of": "^3.0.2" + }, + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/isarray": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/isarray/-/isarray-1.0.0.tgz", + "integrity": "sha512-VLghIWNM6ELQzo7zwmcg0NmTVyWKYjvIeM83yjp0wRDTmUnrM678fQbcKBo6n2CJEF0szoG//ytg+TKla89ALQ==" + }, + "node_modules/isobject": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/isobject/-/isobject-2.1.0.tgz", + "integrity": "sha512-+OUdGJlgjOBZDfxnDjYYG6zp487z0JGNQq3cYQYg5f5hKR+syHMsaztzGeml/4kGG55CSpKSpWTY+jYGgsHLgA==", + "dependencies": { + "isarray": "1.0.0" + }, + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/kind-of": { + "version": "3.2.2", + "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-3.2.2.tgz", + "integrity": "sha512-NOW9QQXMoZGg/oqnVNoNTTIFEIid1627WCffUBJEdMxYApq7mNE7CpzucIPc+ZQg25Phej7IJSmX3hO+oblOtQ==", + "dependencies": { + "is-buffer": "^1.1.5" + }, + "engines": { + "node": ">=0.10.0" + } + } + }, + "dependencies": { + "is-buffer": { + "version": "1.1.6", + "resolved": "https://registry.npmjs.org/is-buffer/-/is-buffer-1.1.6.tgz", + "integrity": "sha512-NcdALwpXkTm5Zvvbk7owOUSvVvBKDgKP5/ewfXEznmQFfs4ZRmanOeKBTjRVjka3QFoN6XJ+9F3USqfHqTaU5w==" + }, + "is-number": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/is-number/-/is-number-2.1.0.tgz", + "integrity": "sha512-QUzH43Gfb9+5yckcrSA0VBDwEtDUchrk4F6tfJZQuNzDJbEDB9cZNzSfXGQ1jqmdDY/kl41lUOWM9syA8z8jlg==", + "requires": { + "kind-of": "^3.0.2" + } + }, + "isarray": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/isarray/-/isarray-1.0.0.tgz", + "integrity": "sha512-VLghIWNM6ELQzo7zwmcg0NmTVyWKYjvIeM83yjp0wRDTmUnrM678fQbcKBo6n2CJEF0szoG//ytg+TKla89ALQ==" + }, + "isobject": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/isobject/-/isobject-2.1.0.tgz", + "integrity": "sha512-+OUdGJlgjOBZDfxnDjYYG6zp487z0JGNQq3cYQYg5f5hKR+syHMsaztzGeml/4kGG55CSpKSpWTY+jYGgsHLgA==", + "requires": { + "isarray": "1.0.0" + } + }, + "kind-of": { + "version": "3.2.2", + "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-3.2.2.tgz", + "integrity": "sha512-NOW9QQXMoZGg/oqnVNoNTTIFEIid1627WCffUBJEdMxYApq7mNE7CpzucIPc+ZQg25Phej7IJSmX3hO+oblOtQ==", + "requires": { + "is-buffer": "^1.1.5" + } + } + } +} diff --git a/core/src/test/resources/nodejs/test_lockv2/package.json b/core/src/test/resources/nodejs/test_lockv2/package.json new file mode 100644 index 00000000000..0411f6e56b8 --- /dev/null +++ b/core/src/test/resources/nodejs/test_lockv2/package.json @@ -0,0 +1,12 @@ +{ + "name": "test", + "version": "0.0.1", + "requires": true, + "dependencies": { + "is-number": "2.1.0", + "isobject": "2.1.0" + }, + "comments": { + "//": "fsevents will be installed only on macOS" + } +} diff --git a/core/src/test/resources/nodejs/test_lockv3/node_modules/is-buffer/LICENSE b/core/src/test/resources/nodejs/test_lockv3/node_modules/is-buffer/LICENSE new file mode 100644 index 00000000000..0c068ceecbd --- /dev/null +++ b/core/src/test/resources/nodejs/test_lockv3/node_modules/is-buffer/LICENSE @@ -0,0 +1,21 @@ +The MIT License (MIT) + +Copyright (c) Feross Aboukhadijeh + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in +all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +THE SOFTWARE. diff --git a/core/src/test/resources/nodejs/test_lockv3/node_modules/is-buffer/package.json b/core/src/test/resources/nodejs/test_lockv3/node_modules/is-buffer/package.json new file mode 100644 index 00000000000..ea12137a63c --- /dev/null +++ b/core/src/test/resources/nodejs/test_lockv3/node_modules/is-buffer/package.json @@ -0,0 +1,51 @@ +{ + "name": "is-buffer", + "description": "Determine if an object is a Buffer", + "version": "1.1.6", + "author": { + "name": "Feross Aboukhadijeh", + "email": "feross@feross.org", + "url": "http://feross.org/" + }, + "bugs": { + "url": "https://github.com/feross/is-buffer/issues" + }, + "dependencies": {}, + "devDependencies": { + "standard": "*", + "tape": "^4.0.0", + "zuul": "^3.0.0" + }, + "keywords": [ + "buffer", + "buffers", + "type", + "core buffer", + "browser buffer", + "browserify", + "typed array", + "uint32array", + "int16array", + "int32array", + "float32array", + "float64array", + "browser", + "arraybuffer", + "dataview" + ], + "license": "MIT", + "main": "index.js", + "repository": { + "type": "git", + "url": "git://github.com/feross/is-buffer.git" + }, + "scripts": { + "test": "standard && npm run test-node && npm run test-browser", + "test-browser": "zuul -- test/*.js", + "test-browser-local": "zuul --local -- test/*.js", + "test-node": "tape test/*.js" + }, + "testling": { + "files": "test/*.js" + } +} diff --git a/core/src/test/resources/nodejs/test_lockv3/node_modules/is-number/LICENSE b/core/src/test/resources/nodejs/test_lockv3/node_modules/is-number/LICENSE new file mode 100644 index 00000000000..fa30c4cb3e4 --- /dev/null +++ b/core/src/test/resources/nodejs/test_lockv3/node_modules/is-number/LICENSE @@ -0,0 +1,21 @@ +The MIT License (MIT) + +Copyright (c) 2014-2015, Jon Schlinkert. + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in +all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +THE SOFTWARE. diff --git a/core/src/test/resources/nodejs/test_lockv3/node_modules/is-number/package.json b/core/src/test/resources/nodejs/test_lockv3/node_modules/is-number/package.json new file mode 100644 index 00000000000..8e30b13014e --- /dev/null +++ b/core/src/test/resources/nodejs/test_lockv3/node_modules/is-number/package.json @@ -0,0 +1,59 @@ +{ + "name": "is-number", + "description": "Returns true if the value is a number. comprehensive tests.", + "version": "2.1.0", + "homepage": "https://github.com/jonschlinkert/is-number", + "author": "Jon Schlinkert (https://github.com/jonschlinkert)", + "repository": "jonschlinkert/is-number", + "bugs": { + "url": "https://github.com/jonschlinkert/is-number/issues" + }, + "license": "MIT", + "files": [ + "index.js" + ], + "main": "index.js", + "engines": { + "node": ">=0.10.0" + }, + "scripts": { + "test": "mocha" + }, + "dependencies": { + "kind-of": "^3.0.2" + }, + "devDependencies": { + "benchmarked": "^0.1.3", + "chalk": "^0.5.1", + "mocha": "*" + }, + "keywords": [ + "check", + "coerce", + "coercion", + "integer", + "is", + "is number", + "is-number", + "istype", + "kind of", + "math", + "number", + "test", + "type", + "typeof", + "value" + ], + "verb": { + "related": { + "list": [ + "kind-of", + "is-primitive", + "even", + "odd", + "is-even", + "is-odd" + ] + } + } +} diff --git a/core/src/test/resources/nodejs/test_lockv3/node_modules/isarray/package.json b/core/src/test/resources/nodejs/test_lockv3/node_modules/isarray/package.json new file mode 100644 index 00000000000..1a4317a9c41 --- /dev/null +++ b/core/src/test/resources/nodejs/test_lockv3/node_modules/isarray/package.json @@ -0,0 +1,45 @@ +{ + "name": "isarray", + "description": "Array#isArray for older browsers", + "version": "1.0.0", + "repository": { + "type": "git", + "url": "git://github.com/juliangruber/isarray.git" + }, + "homepage": "https://github.com/juliangruber/isarray", + "main": "index.js", + "dependencies": {}, + "devDependencies": { + "tape": "~2.13.4" + }, + "keywords": [ + "browser", + "isarray", + "array" + ], + "author": { + "name": "Julian Gruber", + "email": "mail@juliangruber.com", + "url": "http://juliangruber.com" + }, + "license": "MIT", + "testling": { + "files": "test.js", + "browsers": [ + "ie/8..latest", + "firefox/17..latest", + "firefox/nightly", + "chrome/22..latest", + "chrome/canary", + "opera/12..latest", + "opera/next", + "safari/5.1..latest", + "ipad/6.0..latest", + "iphone/6.0..latest", + "android-browser/4.2..latest" + ] + }, + "scripts": { + "test": "tape test.js" + } +} diff --git a/core/src/test/resources/nodejs/test_lockv3/node_modules/isobject/LICENSE b/core/src/test/resources/nodejs/test_lockv3/node_modules/isobject/LICENSE new file mode 100644 index 00000000000..39245ac1c60 --- /dev/null +++ b/core/src/test/resources/nodejs/test_lockv3/node_modules/isobject/LICENSE @@ -0,0 +1,21 @@ +The MIT License (MIT) + +Copyright (c) 2014-2016, Jon Schlinkert. + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in +all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +THE SOFTWARE. diff --git a/core/src/test/resources/nodejs/test_lockv3/node_modules/isobject/package.json b/core/src/test/resources/nodejs/test_lockv3/node_modules/isobject/package.json new file mode 100644 index 00000000000..954f4113ff4 --- /dev/null +++ b/core/src/test/resources/nodejs/test_lockv3/node_modules/isobject/package.json @@ -0,0 +1,67 @@ +{ + "name": "isobject", + "description": "Returns true if the value is an object and not an array or null.", + "version": "2.1.0", + "homepage": "https://github.com/jonschlinkert/isobject", + "author": "Jon Schlinkert (https://github.com/jonschlinkert)", + "repository": "jonschlinkert/isobject", + "bugs": { + "url": "https://github.com/jonschlinkert/isobject/issues" + }, + "license": "MIT", + "files": [ + "index.js" + ], + "main": "index.js", + "engines": { + "node": ">=0.10.0" + }, + "scripts": { + "test": "mocha" + }, + "dependencies": { + "isarray": "1.0.0" + }, + "devDependencies": { + "gulp-format-md": "^0.1.9", + "mocha": "^2.4.5" + }, + "keywords": [ + "check", + "is", + "is-object", + "isobject", + "kind", + "kind-of", + "kindof", + "native", + "object", + "type", + "typeof", + "value" + ], + "verb": { + "related": { + "list": [ + "merge-deep", + "extend-shallow", + "is-plain-object", + "kind-of" + ] + }, + "toc": false, + "layout": "default", + "tasks": [ + "readme" + ], + "plugins": [ + "gulp-format-md" + ], + "lint": { + "reflinks": true + }, + "reflinks": [ + "verb" + ] + } +} diff --git a/core/src/test/resources/nodejs/test_lockv3/node_modules/kind-of/LICENSE b/core/src/test/resources/nodejs/test_lockv3/node_modules/kind-of/LICENSE new file mode 100644 index 00000000000..d734237bded --- /dev/null +++ b/core/src/test/resources/nodejs/test_lockv3/node_modules/kind-of/LICENSE @@ -0,0 +1,21 @@ +The MIT License (MIT) + +Copyright (c) 2014-2017, Jon Schlinkert + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in +all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +THE SOFTWARE. diff --git a/core/src/test/resources/nodejs/test_lockv3/node_modules/kind-of/package.json b/core/src/test/resources/nodejs/test_lockv3/node_modules/kind-of/package.json new file mode 100644 index 00000000000..5de879e1162 --- /dev/null +++ b/core/src/test/resources/nodejs/test_lockv3/node_modules/kind-of/package.json @@ -0,0 +1,90 @@ +{ + "name": "kind-of", + "description": "Get the native type of a value.", + "version": "3.2.2", + "homepage": "https://github.com/jonschlinkert/kind-of", + "author": "Jon Schlinkert (https://github.com/jonschlinkert)", + "contributors": [ + "David Fox-Powell (https://dtothefp.github.io/me)", + "Jon Schlinkert (http://twitter.com/jonschlinkert)", + "Ken Sheedlo (kensheedlo.com)", + "laggingreflex (https://github.com/laggingreflex)", + "Miguel Mota (https://miguelmota.com)", + "Peter deHaan (http://about.me/peterdehaan)" + ], + "repository": "jonschlinkert/kind-of", + "bugs": { + "url": "https://github.com/jonschlinkert/kind-of/issues" + }, + "license": "MIT", + "files": [ + "index.js" + ], + "main": "index.js", + "engines": { + "node": ">=0.10.0" + }, + "scripts": { + "test": "mocha", + "prepublish": "browserify -o browser.js -e index.js -s index --bare" + }, + "dependencies": { + "is-buffer": "^1.1.5" + }, + "devDependencies": { + "ansi-bold": "^0.1.1", + "benchmarked": "^1.0.0", + "browserify": "^14.3.0", + "glob": "^7.1.1", + "gulp-format-md": "^0.1.12", + "mocha": "^3.3.0", + "type-of": "^2.0.1", + "typeof": "^1.0.0" + }, + "keywords": [ + "arguments", + "array", + "boolean", + "check", + "date", + "function", + "is", + "is-type", + "is-type-of", + "kind", + "kind-of", + "number", + "object", + "of", + "regexp", + "string", + "test", + "type", + "type-of", + "typeof", + "types" + ], + "verb": { + "related": { + "list": [ + "is-glob", + "is-number", + "is-primitive" + ] + }, + "toc": false, + "layout": "default", + "tasks": [ + "readme" + ], + "plugins": [ + "gulp-format-md" + ], + "lint": { + "reflinks": true + }, + "reflinks": [ + "verb" + ] + } +} diff --git a/core/src/test/resources/nodejs/test_lockv3/package-lock.json b/core/src/test/resources/nodejs/test_lockv3/package-lock.json new file mode 100644 index 00000000000..7e4c387263b --- /dev/null +++ b/core/src/test/resources/nodejs/test_lockv3/package-lock.json @@ -0,0 +1,59 @@ +{ + "name": "test", + "version": "0.0.1", + "lockfileVersion": 3, + "requires": true, + "packages": { + "": { + "name": "test", + "version": "0.0.1", + "dependencies": { + "is-number": "2.1.0", + "isobject": "2.1.0" + } + }, + "node_modules/is-buffer": { + "version": "1.1.6", + "resolved": "https://registry.npmjs.org/is-buffer/-/is-buffer-1.1.6.tgz", + "integrity": "sha512-NcdALwpXkTm5Zvvbk7owOUSvVvBKDgKP5/ewfXEznmQFfs4ZRmanOeKBTjRVjka3QFoN6XJ+9F3USqfHqTaU5w==" + }, + "node_modules/is-number": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/is-number/-/is-number-2.1.0.tgz", + "integrity": "sha512-QUzH43Gfb9+5yckcrSA0VBDwEtDUchrk4F6tfJZQuNzDJbEDB9cZNzSfXGQ1jqmdDY/kl41lUOWM9syA8z8jlg==", + "dependencies": { + "kind-of": "^3.0.2" + }, + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/isarray": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/isarray/-/isarray-1.0.0.tgz", + "integrity": "sha512-VLghIWNM6ELQzo7zwmcg0NmTVyWKYjvIeM83yjp0wRDTmUnrM678fQbcKBo6n2CJEF0szoG//ytg+TKla89ALQ==" + }, + "node_modules/isobject": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/isobject/-/isobject-2.1.0.tgz", + "integrity": "sha512-+OUdGJlgjOBZDfxnDjYYG6zp487z0JGNQq3cYQYg5f5hKR+syHMsaztzGeml/4kGG55CSpKSpWTY+jYGgsHLgA==", + "dependencies": { + "isarray": "1.0.0" + }, + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/kind-of": { + "version": "3.2.2", + "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-3.2.2.tgz", + "integrity": "sha512-NOW9QQXMoZGg/oqnVNoNTTIFEIid1627WCffUBJEdMxYApq7mNE7CpzucIPc+ZQg25Phej7IJSmX3hO+oblOtQ==", + "dependencies": { + "is-buffer": "^1.1.5" + }, + "engines": { + "node": ">=0.10.0" + } + } + } +} diff --git a/core/src/test/resources/nodejs/test_lockv3/package.json b/core/src/test/resources/nodejs/test_lockv3/package.json new file mode 100644 index 00000000000..0411f6e56b8 --- /dev/null +++ b/core/src/test/resources/nodejs/test_lockv3/package.json @@ -0,0 +1,12 @@ +{ + "name": "test", + "version": "0.0.1", + "requires": true, + "dependencies": { + "is-number": "2.1.0", + "isobject": "2.1.0" + }, + "comments": { + "//": "fsevents will be installed only on macOS" + } +}