panki/npm-manifest-check
panki/npm-manifest-check
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

improvements, bash script to quickly check a list of packages

Browse Source
This commit is contained in:
Felix Pankratz 2023-06-29 15:10:19 +02:00
parent ab34e0295e
commit f5c5db71ef
3 changed files with 19 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
check_packages.sh Executable file
View File

@ -0,0 +1,8 @@
#!/bin/sh
#for pkg in $(cat packages.list); do
while IFS= read -r pkg; do
output="$(OPENSSL_CONF=openssl.conf python3 npm-manifest-check.py "$pkg")";
if [ $? -ne 0 ]; then
echo "$output";
fi
done < packages.list

21
npm-manifest-check.py
View File

@ -7,14 +7,10 @@ import json
# use hex to get *actual* manifest: # use hex to get *actual* manifest:
# https://www.npmjs.com/package/darcyclarke-manifest-pkg/file/a1c6250cb3f94bb3487c1bfb673d279642208b5db39a6c052a5c764f0d1abea5 # https://www.npmjs.com/package/darcyclarke-manifest-pkg/file/a1c6250cb3f94bb3487c1bfb673d279642208b5db39a6c052a5c764f0d1abea5
def get_registry_manifest(pkg): def parse_manifest(pkg):
# get and parse the manifest which contains the values reported on the frontend
url = 'https://registry.npmjs.com/' + pkg + '/' url = 'https://registry.npmjs.com/' + pkg + '/'
r = requests.get(url) parsed = json.loads(requests.get(url).text)
return(r.text)
def parse_manifest(manifest):
# parse the manifest which contains the values from the frontend
parsed = json.loads(manifest)
# extract the interesting bits # extract the interesting bits
latest_ver = parsed['dist-tags']['latest'] latest_ver = parsed['dist-tags']['latest']
@ -24,15 +20,16 @@ def parse_manifest(manifest):
scripts = parsed['versions'][latest_ver]['scripts'] scripts = parsed['versions'][latest_ver]['scripts']
name = parsed['versions'][latest_ver]['name'] name = parsed['versions'][latest_ver]['name']
#print('latest version: {}'.format(latest_ver))
return latest_ver, dependencies, scripts, name return latest_ver, dependencies, scripts, name
def get_actual_manifest(pkg, ver): def get_actual_manifest(pkg, ver):
# get and parse the manifest as it would be installed
index_url = 'https://www.npmjs.com/package/' + pkg + '/v/' + ver + '/index' index_url = 'https://www.npmjs.com/package/' + pkg + '/v/' + ver + '/index'
index = json.loads(requests.get(index_url).text) index = json.loads(requests.get(index_url).text)
hexsum = index['files']['/package.json']['hex'] hexsum = index['files']['/package.json']['hex']
#print('hex checksum: {}'.format(hexsum))
manifest_url = 'https://www.npmjs.com/package/{}/file/{}'.format(pkg, hexsum) manifest_url = 'https://www.npmjs.com/package/{}/file/{}'.format(pkg, hexsum)
manifest = json.loads(requests.get(manifest_url).text) manifest = json.loads(requests.get(manifest_url).text)
version = manifest['version'] version = manifest['version']
dependencies = manifest['dependencies'] dependencies = manifest['dependencies']
@ -46,8 +43,8 @@ def main():
import sys import sys
mismatch = False mismatch = False
pkg = sys.argv[1] pkg = sys.argv[1]
manifest = get_registry_manifest(pkg) #manifest = get_registry_manifest(pkg)
reported_ver, reported_dependencies, reported_scripts, reported_name = parse_manifest(manifest) reported_ver, reported_dependencies, reported_scripts, reported_name = parse_manifest(pkg)
actual_ver, actual_dependencies, actual_scripts, actual_name = get_actual_manifest(pkg, reported_ver) actual_ver, actual_dependencies, actual_scripts, actual_name = get_actual_manifest(pkg, reported_ver)
if actual_ver != reported_ver: if actual_ver != reported_ver:
@ -76,6 +73,8 @@ def main():
if not mismatch: if not mismatch:
print('No mismatch detected for {}.'.format(pkg)) print('No mismatch detected for {}.'.format(pkg))
else:
sys.exit(1)
if __name__ == '__main__': if __name__ == '__main__':

1
requirements.txt Normal file
View File

@ -0,0 +1 @@
requests