|
|
|
@ -13,50 +13,70 @@ def get_registry_manifest(pkg):
|
|
|
|
return(r.text)
|
|
|
|
return(r.text)
|
|
|
|
|
|
|
|
|
|
|
|
def parse_manifest(manifest):
|
|
|
|
def parse_manifest(manifest):
|
|
|
|
# parse the manifest which represents the values from the frontend
|
|
|
|
# parse the manifest which contains the values from the frontend
|
|
|
|
parsed = json.loads(manifest)
|
|
|
|
parsed = json.loads(manifest)
|
|
|
|
|
|
|
|
|
|
|
|
# extract latest package version
|
|
|
|
# extract the interesting bits
|
|
|
|
latest_ver = parsed['dist-tags']['latest']
|
|
|
|
latest_ver = parsed['dist-tags']['latest']
|
|
|
|
latest_manifest = parsed['versions'][latest_ver]
|
|
|
|
latest_manifest = parsed['versions'][latest_ver]
|
|
|
|
|
|
|
|
|
|
|
|
dependencies = parsed['versions'][latest_ver]['dependencies']
|
|
|
|
dependencies = parsed['versions'][latest_ver]['dependencies']
|
|
|
|
scripts = parsed['versions'][latest_ver]['scripts']
|
|
|
|
scripts = parsed['versions'][latest_ver]['scripts']
|
|
|
|
|
|
|
|
name = parsed['versions'][latest_ver]['name']
|
|
|
|
|
|
|
|
|
|
|
|
# extract number of dependencies
|
|
|
|
#print('latest version: {}'.format(latest_ver))
|
|
|
|
print('latest version: {}'.format(latest_ver))
|
|
|
|
return latest_ver, dependencies, scripts, name
|
|
|
|
return latest_ver, dependencies, scripts
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def get_actual_manifest(pkg, ver):
|
|
|
|
def get_actual_manifest(pkg, ver):
|
|
|
|
index_url = 'https://www.npmjs.com/package/' + pkg + '/v/' + ver + '/index'
|
|
|
|
index_url = 'https://www.npmjs.com/package/' + pkg + '/v/' + ver + '/index'
|
|
|
|
index = json.loads(requests.get(index_url).text)
|
|
|
|
index = json.loads(requests.get(index_url).text)
|
|
|
|
hexsum = index['files']['/package.json']['hex']
|
|
|
|
hexsum = index['files']['/package.json']['hex']
|
|
|
|
print('hex checksum: {}'.format(hexsum))
|
|
|
|
#print('hex checksum: {}'.format(hexsum))
|
|
|
|
manifest_url = 'https://www.npmjs.com/package/{}/file/{}'.format(pkg, hexsum)
|
|
|
|
manifest_url = 'https://www.npmjs.com/package/{}/file/{}'.format(pkg, hexsum)
|
|
|
|
manifest = json.loads(requests.get(manifest_url).text)
|
|
|
|
manifest = json.loads(requests.get(manifest_url).text)
|
|
|
|
|
|
|
|
version = manifest['version']
|
|
|
|
dependencies = manifest['dependencies']
|
|
|
|
dependencies = manifest['dependencies']
|
|
|
|
scripts = manifest['scripts']
|
|
|
|
scripts = manifest['scripts']
|
|
|
|
return dependencies, scripts
|
|
|
|
name = manifest['name']
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
return version, dependencies, scripts, name
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def main():
|
|
|
|
def main():
|
|
|
|
import sys
|
|
|
|
import sys
|
|
|
|
|
|
|
|
mismatch = False
|
|
|
|
pkg = sys.argv[1]
|
|
|
|
pkg = sys.argv[1]
|
|
|
|
manifest = get_registry_manifest(pkg)
|
|
|
|
manifest = get_registry_manifest(pkg)
|
|
|
|
ver, reported_dependencies, reported_scripts = parse_manifest(manifest)
|
|
|
|
reported_ver, reported_dependencies, reported_scripts, reported_name = parse_manifest(manifest)
|
|
|
|
actual_dependencies, actual_scripts = get_actual_manifest(pkg, ver)
|
|
|
|
actual_ver, actual_dependencies, actual_scripts, actual_name = get_actual_manifest(pkg, reported_ver)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if actual_ver != reported_ver:
|
|
|
|
|
|
|
|
mismatch = True
|
|
|
|
|
|
|
|
print('Version mismatch for {}!'.format(pkg))
|
|
|
|
|
|
|
|
print('Reported version: {}'.format(reported_ver))
|
|
|
|
|
|
|
|
print('Actual version: {}'.format(actual_ver))
|
|
|
|
|
|
|
|
|
|
|
|
if actual_dependencies != reported_dependencies:
|
|
|
|
if actual_dependencies != reported_dependencies:
|
|
|
|
|
|
|
|
mismatch = True
|
|
|
|
print('Dependency mismatch detected for {}!'.format(pkg))
|
|
|
|
print('Dependency mismatch detected for {}!'.format(pkg))
|
|
|
|
print('Reported dependencies: {}'.format(reported_dependencies))
|
|
|
|
print('Reported dependencies: {}'.format(reported_dependencies))
|
|
|
|
print('Actual dependencies: {}'.format(actual_dependencies))
|
|
|
|
print('Actual dependencies: {}'.format(actual_dependencies))
|
|
|
|
else:
|
|
|
|
|
|
|
|
print('No mismatch detected for {}.'.format(pkg))
|
|
|
|
|
|
|
|
if actual_scripts != reported_scripts:
|
|
|
|
if actual_scripts != reported_scripts:
|
|
|
|
|
|
|
|
mismatch = True
|
|
|
|
print('Scripts mismatch detected for {}!'.format(pkg))
|
|
|
|
print('Scripts mismatch detected for {}!'.format(pkg))
|
|
|
|
print('Reported scripts: {}'.format(reported_scripts))
|
|
|
|
print('Reported scripts: {}'.format(reported_scripts))
|
|
|
|
print('Actual scripts: {}'.format(actual_scripts))
|
|
|
|
print('Actual scripts: {}'.format(actual_scripts))
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if actual_name != reported_name:
|
|
|
|
|
|
|
|
mismatch = True
|
|
|
|
|
|
|
|
print('Name mismatch detected for {}!'.format(pkg))
|
|
|
|
|
|
|
|
print('Reported name: {}'.format(reported_name))
|
|
|
|
|
|
|
|
print('Actual name: {}'.format(actual_name))
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if not mismatch:
|
|
|
|
|
|
|
|
print('No mismatch detected for {}.'.format(pkg))
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if __name__ == '__main__':
|
|
|
|
if __name__ == '__main__':
|
|
|
|
main()
|
|
|
|
main()
|
|
|
|
|
Felix Pankratz
1 year ago