npm-manifest-check/npm-manifest-check.py

#!/usr/bin/env python3
import requests
import json

# https://www.npmjs.com/package/darcyclarke-manifest-pkg/v/2.1.15/index
# hex checksum = file name
# use hex to get *actual* manifest:
# https://www.npmjs.com/package/darcyclarke-manifest-pkg/file/a1c6250cb3f94bb3487c1bfb673d279642208b5db39a6c052a5c764f0d1abea5

def parse_manifest(pkg):
    # get and parse the manifest which contains the values reported on the frontend
    url = 'https://registry.npmjs.com/{}/'.format(pkg)
    parsed = json.loads(requests.get(url).text)

    # extract the interesting bits
    latest_ver = parsed['dist-tags']['latest']
    latest_manifest = parsed['versions'][latest_ver]

    try:
        dependencies = latest_manifest['dependencies']
    except KeyError:
        dependencies = None
    try:
        scripts = latest_manifest['scripts']
    except KeyError:
        scripts = None
    name = latest_manifest['name']

    return latest_ver, dependencies, scripts, name


def get_actual_manifest(pkg, ver):
    # get and parse the manifest as it would be installed
    # first, we need to find the package.json delivered with the package:
    index_url = 'https://www.npmjs.com/package/{}/v/{}/index'.format(pkg, ver)
    index = json.loads(requests.get(index_url).text)
    hexsum = index['files']['/package.json']['hex']
    manifest_url = 'https://www.npmjs.com/package/{}/file/{}'.format(pkg, hexsum)

    # now we can parse it
    manifest = json.loads(requests.get(manifest_url).text)
    version = manifest['version']
    try:
        dependencies = manifest['dependencies']
    except KeyError:
        dependencies = None
    try:
        scripts = manifest['scripts']
    except KeyError:
        scripts = None
    name = manifest['name']

    return version, dependencies, scripts, name


def main():
    import sys
    mismatch = False
    pkg = sys.argv[1]
    reported_ver, reported_dependencies, reported_scripts, reported_name = parse_manifest(pkg)
    actual_ver, actual_dependencies, actual_scripts, actual_name = get_actual_manifest(pkg, reported_ver)

    if actual_ver != reported_ver:
        mismatch = True
        print('Version mismatch for {}!'.format(pkg))
        print('Reported version: {}'.format(reported_ver))
        print('Actual version: {}'.format(actual_ver))

    if actual_dependencies != reported_dependencies:
        mismatch = True
        print('Dependency mismatch detected for {}!'.format(pkg))
        print('Reported dependencies: {}'.format(reported_dependencies))
        print('Actual dependencies: {}'.format(actual_dependencies))

    if actual_scripts != reported_scripts:
        mismatch = True
        print('Scripts mismatch detected for {}!'.format(pkg))
        print('Reported scripts: {}'.format(reported_scripts))
        print('Actual scripts: {}'.format(actual_scripts))

    if actual_name != reported_name:
        mismatch = True
        print('Name mismatch detected for {}!'.format(pkg))
        print('Reported name: {}'.format(reported_name))
        print('Actual name: {}'.format(actual_name))

    if not mismatch:
        print('No mismatch detected for {}.'.format(pkg))
    else:
        sys.exit(1)


if __name__ == '__main__':
    main()
initial commit 1 year ago			`#!/usr/bin/env python3`
			`import requests`
			`import json`

			`# https://www.npmjs.com/package/darcyclarke-manifest-pkg/v/2.1.15/index`
README 1 year ago			`# hex checksum = file name`
initial commit 1 year ago			`# use hex to get actual manifest:`
			`# https://www.npmjs.com/package/darcyclarke-manifest-pkg/file/a1c6250cb3f94bb3487c1bfb673d279642208b5db39a6c052a5c764f0d1abea5`

improvements, bash script to quickly check a list of packages 1 year ago			`def parse_manifest(pkg):`
			`# get and parse the manifest which contains the values reported on the frontend`
code cleanup 1 year ago			`url = 'https://registry.npmjs.com/{}/'.format(pkg)`
improvements, bash script to quickly check a list of packages 1 year ago			`parsed = json.loads(requests.get(url).text)`
initial commit 1 year ago
compare more things 1 year ago			`# extract the interesting bits`
initial commit 1 year ago			`latest_ver = parsed['dist-tags']['latest']`
			`latest_manifest = parsed['versions'][latest_ver]`

README 1 year ago			`try:`
code cleanup 1 year ago			`dependencies = latest_manifest['dependencies']`
README 1 year ago			`except KeyError:`
			`dependencies = None`
			`try:`
code cleanup 1 year ago			`scripts = latest_manifest['scripts']`
README 1 year ago			`except KeyError:`
			`scripts = None`
code cleanup 1 year ago			`name = latest_manifest['name']`
initial commit 1 year ago
compare more things 1 year ago			`return latest_ver, dependencies, scripts, name`
initial commit 1 year ago
improvements, bash script to quickly check a list of packages 1 year ago
initial commit 1 year ago			`def get_actual_manifest(pkg, ver):`
improvements, bash script to quickly check a list of packages 1 year ago			`# get and parse the manifest as it would be installed`
code cleanup 1 year ago			`# first, we need to find the package.json delivered with the package:`
			`index_url = 'https://www.npmjs.com/package/{}/v/{}/index'.format(pkg, ver)`
initial commit 1 year ago			`index = json.loads(requests.get(index_url).text)`
			`hexsum = index['files']['/package.json']['hex']`
			`manifest_url = 'https://www.npmjs.com/package/{}/file/{}'.format(pkg, hexsum)`
improvements, bash script to quickly check a list of packages 1 year ago
code cleanup 1 year ago			`# now we can parse it`
initial commit 1 year ago			`manifest = json.loads(requests.get(manifest_url).text)`
compare more things 1 year ago			`version = manifest['version']`
README 1 year ago			`try:`
			`dependencies = manifest['dependencies']`
			`except KeyError:`
			`dependencies = None`
			`try:`
			`scripts = manifest['scripts']`
			`except KeyError:`
			`scripts = None`
compare more things 1 year ago			`name = manifest['name']`

			`return version, dependencies, scripts, name`
initial commit 1 year ago

			`def main():`
			`import sys`
compare more things 1 year ago			`mismatch = False`
initial commit 1 year ago			`pkg = sys.argv[1]`
improvements, bash script to quickly check a list of packages 1 year ago			`reported_ver, reported_dependencies, reported_scripts, reported_name = parse_manifest(pkg)`
compare more things 1 year ago			`actual_ver, actual_dependencies, actual_scripts, actual_name = get_actual_manifest(pkg, reported_ver)`

			`if actual_ver != reported_ver:`
			`mismatch = True`
			`print('Version mismatch for {}!'.format(pkg))`
			`print('Reported version: {}'.format(reported_ver))`
			`print('Actual version: {}'.format(actual_ver))`

initial commit 1 year ago			`if actual_dependencies != reported_dependencies:`
compare more things 1 year ago			`mismatch = True`
initial commit 1 year ago			`print('Dependency mismatch detected for {}!'.format(pkg))`
			`print('Reported dependencies: {}'.format(reported_dependencies))`
			`print('Actual dependencies: {}'.format(actual_dependencies))`
compare more things 1 year ago
add check for scripts 1 year ago			`if actual_scripts != reported_scripts:`
compare more things 1 year ago			`mismatch = True`
add check for scripts 1 year ago			`print('Scripts mismatch detected for {}!'.format(pkg))`
			`print('Reported scripts: {}'.format(reported_scripts))`
			`print('Actual scripts: {}'.format(actual_scripts))`
initial commit 1 year ago
compare more things 1 year ago			`if actual_name != reported_name:`
			`mismatch = True`
			`print('Name mismatch detected for {}!'.format(pkg))`
			`print('Reported name: {}'.format(reported_name))`
			`print('Actual name: {}'.format(actual_name))`

			`if not mismatch:`
			`print('No mismatch detected for {}.'.format(pkg))`
improvements, bash script to quickly check a list of packages 1 year ago			`else:`
			`sys.exit(1)`
compare more things 1 year ago
initial commit 1 year ago
			`if __name__ == '__main__':`
			`main()`