From f764e8c51a8311d7daeef169e337cb39ae3ac805 Mon Sep 17 00:00:00 2001 From: Vessel9817 <151808241+Vessel9817@users.noreply.github.com> Date: Thu, 28 May 2026 16:06:39 -0400 Subject: [PATCH 01/30] Begun implementing package-lock.json schema Signed-off-by: Vessel9817 <151808241+Vessel9817@users.noreply.github.com> --- src/api/json/catalog.json | 6 ++ src/schemas/json/package-lock.json | 114 +++++++++++++++++++++++++ src/test/package-lock/lockfile-v1.json | 3 + src/test/package-lock/lockfile-v2.json | 3 + src/test/package-lock/lockfile-v3.json | 3 + 5 files changed, 129 insertions(+) create mode 100644 src/schemas/json/package-lock.json create mode 100644 src/test/package-lock/lockfile-v1.json create mode 100644 src/test/package-lock/lockfile-v2.json create mode 100644 src/test/package-lock/lockfile-v3.json diff --git a/src/api/json/catalog.json b/src/api/json/catalog.json index 5bdcab8cb4f..492a79fcbde 100644 --- a/src/api/json/catalog.json +++ b/src/api/json/catalog.json @@ -5555,6 +5555,12 @@ "fileMatch": ["resolutions.yml", "resolutions.yaml"], "url": "https://raw.githubusercontent.com/oss-review-toolkit/ort/main/integrations/schemas/resolutions-schema.json" }, + { + "name": "package-lock.json", + "description": "NPM package lockfile", + "fileMatch": ["package-lock.json", "npm-shrinkwrap.json"], + "url": "https://www.schemastore.org/package-lock.json" + }, { "name": "package.json", "description": "NPM configuration file", diff --git a/src/schemas/json/package-lock.json b/src/schemas/json/package-lock.json new file mode 100644 index 00000000000..30e920585e9 --- /dev/null +++ b/src/schemas/json/package-lock.json @@ -0,0 +1,114 @@ +{ + "$id": "https://www.schemastore.org/package-lock.json", + "$schema": "http://json-schema.org/draft-07/schema#", + "additionalProperties": true, + "definitions": { + "lockfileVersion": { + "type": "integer", + "minimum": 1, + "description": "", // todo + "$comment": "Omitting this property and the values of '1' and '2' are DEPRECATED." + }, + "integrity": { + "type": "string", + "description": "" // todo + } + }, + "properties": { + "name": { + "$ref": "package.json#/properties/name" + }, + "version": { + "$ref": "package.json#/properties/version" + }, + "lockfileVersion": { + "$ref": "#/definitions/lockfileVersion" + }, + "packageIntegrity": { + "$ref": "#/definitions/integrity", + "description": "DEPRECATED." // todo + }, + "preserveSymlinks": { + "type": "boolean", + "description": "" // todo + }, + "dependencies": { + "$ref": "package.json#/properties/dependencies" + } + }, + "type": "object", + "allOf": [ + { + "if": { + "properties": { + "lockfileVersion": { + "const": 1 + } + }, + "required": ["lockfileVersion"] + }, + "then": { + "properties": { + // TODO v1 + }, + "required": [ + "name", + "version", + "lockfileVersion", + "packageIntegrity", + "preserveSymlinks", + "dependencies" + ] + } + }, + { + "if": { + "properties": { + "lockfileVersion": { + "const": 2 + } + }, + "required": ["lockfileVersion"] + }, + "then": { + "properties": { + // TODO v2 + }, + "required": [ + "name", + "version", + "lockfileVersion" + ], + "anyOf": [ + { + "required": ["dependencies"] + }, + { + "required": ["packages"] + } + ] + } + }, + { + "if": { + "properties": { + "lockfileVersion": { + "const": 3 + } + }, + "required": ["lockfileVersion"] + }, + "then": { + "properties": { + // TODO v3 + }, + "required": [ + "name", + "version", + "lockfileVersion", + "packages" + ] + } + } + ] +} diff --git a/src/test/package-lock/lockfile-v1.json b/src/test/package-lock/lockfile-v1.json new file mode 100644 index 00000000000..0664ad2fcdc --- /dev/null +++ b/src/test/package-lock/lockfile-v1.json @@ -0,0 +1,3 @@ +{ + "lockfileVersion": 1 +} diff --git a/src/test/package-lock/lockfile-v2.json b/src/test/package-lock/lockfile-v2.json new file mode 100644 index 00000000000..cb9296af128 --- /dev/null +++ b/src/test/package-lock/lockfile-v2.json @@ -0,0 +1,3 @@ +{ + "lockfileVersion": 2 +} diff --git a/src/test/package-lock/lockfile-v3.json b/src/test/package-lock/lockfile-v3.json new file mode 100644 index 00000000000..14dc5755181 --- /dev/null +++ b/src/test/package-lock/lockfile-v3.json @@ -0,0 +1,3 @@ +{ + "lockfileVersion": 3 +} From 8516488a5579c11899c84863b373d65b198ccab5 Mon Sep 17 00:00:00 2001 From: "pre-commit-ci[bot]" <66853113+pre-commit-ci[bot]@users.noreply.github.com> Date: Thu, 28 May 2026 20:09:18 +0000 Subject: [PATCH 02/30] [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci --- src/test/package-lock/lockfile-v1.json | 2 +- src/test/package-lock/lockfile-v2.json | 2 +- src/test/package-lock/lockfile-v3.json | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/test/package-lock/lockfile-v1.json b/src/test/package-lock/lockfile-v1.json index 0664ad2fcdc..48e341a0954 100644 --- a/src/test/package-lock/lockfile-v1.json +++ b/src/test/package-lock/lockfile-v1.json @@ -1,3 +1,3 @@ { - "lockfileVersion": 1 + "lockfileVersion": 1 } diff --git a/src/test/package-lock/lockfile-v2.json b/src/test/package-lock/lockfile-v2.json index cb9296af128..af26eab78f2 100644 --- a/src/test/package-lock/lockfile-v2.json +++ b/src/test/package-lock/lockfile-v2.json @@ -1,3 +1,3 @@ { - "lockfileVersion": 2 + "lockfileVersion": 2 } diff --git a/src/test/package-lock/lockfile-v3.json b/src/test/package-lock/lockfile-v3.json index 14dc5755181..ea4d7907814 100644 --- a/src/test/package-lock/lockfile-v3.json +++ b/src/test/package-lock/lockfile-v3.json @@ -1,3 +1,3 @@ { - "lockfileVersion": 3 + "lockfileVersion": 3 } From dae8a19a9b12f4717f597f9ba1aa3226443ad207 Mon Sep 17 00:00:00 2001 From: Vessel9817 <151808241+Vessel9817@users.noreply.github.com> Date: Thu, 28 May 2026 21:32:58 -0400 Subject: [PATCH 03/30] Added tests, descriptions and fixed properties Signed-off-by: Vessel9817 <151808241+Vessel9817@users.noreply.github.com> --- src/schemas/json/package-lock.json | 54 +++++++------------ src/test/package-lock/dependencies-v2.json | 6 +++ src/test/package-lock/lockfile-v1.json | 3 -- src/test/package-lock/lockfile-v2.json | 3 -- src/test/package-lock/lockfile-v3.json | 3 -- src/test/package-lock/min-v1.json | 6 +++ src/test/package-lock/min-v2.json | 6 +++ src/test/package-lock/min-v3.json | 6 +++ .../package-lock/packageIntegrity-v1.json | 6 +++ src/test/package-lock/packages-v2.json | 7 +++ .../package-lock/preserveSymlinks-v1.json | 6 +++ 11 files changed, 63 insertions(+), 43 deletions(-) create mode 100644 src/test/package-lock/dependencies-v2.json delete mode 100644 src/test/package-lock/lockfile-v1.json delete mode 100644 src/test/package-lock/lockfile-v2.json delete mode 100644 src/test/package-lock/lockfile-v3.json create mode 100644 src/test/package-lock/min-v1.json create mode 100644 src/test/package-lock/min-v2.json create mode 100644 src/test/package-lock/min-v3.json create mode 100644 src/test/package-lock/packageIntegrity-v1.json create mode 100644 src/test/package-lock/packages-v2.json create mode 100644 src/test/package-lock/preserveSymlinks-v1.json diff --git a/src/schemas/json/package-lock.json b/src/schemas/json/package-lock.json index 30e920585e9..aa03601405b 100644 --- a/src/schemas/json/package-lock.json +++ b/src/schemas/json/package-lock.json @@ -6,37 +6,45 @@ "lockfileVersion": { "type": "integer", "minimum": 1, - "description": "", // todo - "$comment": "Omitting this property and the values of '1' and '2' are DEPRECATED." + "description": "The version number of this document whose semantics were used when generating this lockfile.", + "$comment": "Any value less than '3' is DEPRECATED." }, "integrity": { "type": "string", - "description": "" // todo + "description": "A Standard Subresource Integrity for this resource." } }, "properties": { "name": { - "$ref": "package.json#/properties/name" + "$ref": "package.json#/properties/name", + "description": "The name of the package this is a lockfile for. This must match what's in `package.json`." }, "version": { - "$ref": "package.json#/properties/version" + "$ref": "package.json#/properties/version", + "description": "The version of the package this is a lockfile for. This must match what's in `package.json`." }, "lockfileVersion": { "$ref": "#/definitions/lockfileVersion" }, "packageIntegrity": { "$ref": "#/definitions/integrity", - "description": "DEPRECATED." // todo + "description": "DEPRECATED. This is a subresource integrity value created from the `package.json`. No preprocessing of the `package.json` should be done." }, "preserveSymlinks": { - "type": "boolean", - "description": "" // todo + "type": "string", + "description": "DEPRECATED. Indicates that the install was done with the environment variable `NODE_PRESERVE_SYMLINKS` enabled. The installer should insist that the value of this property match that environment variable." }, "dependencies": { - "$ref": "package.json#/properties/dependencies" + "$ref": "package.json#/properties/dependencies", + "description": "A mapping of package name to dependency object." } }, "type": "object", + "required": [ + "name", + "version", + "lockfileVersion" + ], "allOf": [ { "if": { @@ -48,13 +56,7 @@ "required": ["lockfileVersion"] }, "then": { - "properties": { - // TODO v1 - }, "required": [ - "name", - "version", - "lockfileVersion", "packageIntegrity", "preserveSymlinks", "dependencies" @@ -71,14 +73,6 @@ "required": ["lockfileVersion"] }, "then": { - "properties": { - // TODO v2 - }, - "required": [ - "name", - "version", - "lockfileVersion" - ], "anyOf": [ { "required": ["dependencies"] @@ -91,23 +85,15 @@ }, { "if": { + "default": 3, "properties": { "lockfileVersion": { "const": 3 } - }, - "required": ["lockfileVersion"] + } }, "then": { - "properties": { - // TODO v3 - }, - "required": [ - "name", - "version", - "lockfileVersion", - "packages" - ] + "required": ["packages"] } } ] diff --git a/src/test/package-lock/dependencies-v2.json b/src/test/package-lock/dependencies-v2.json new file mode 100644 index 00000000000..f6e2c312ee2 --- /dev/null +++ b/src/test/package-lock/dependencies-v2.json @@ -0,0 +1,6 @@ +{ + "name": "test", + "version": "0.0.0", + "lockfileVersion": 2, + "dependencies": {} +} diff --git a/src/test/package-lock/lockfile-v1.json b/src/test/package-lock/lockfile-v1.json deleted file mode 100644 index 48e341a0954..00000000000 --- a/src/test/package-lock/lockfile-v1.json +++ /dev/null @@ -1,3 +0,0 @@ -{ - "lockfileVersion": 1 -} diff --git a/src/test/package-lock/lockfile-v2.json b/src/test/package-lock/lockfile-v2.json deleted file mode 100644 index af26eab78f2..00000000000 --- a/src/test/package-lock/lockfile-v2.json +++ /dev/null @@ -1,3 +0,0 @@ -{ - "lockfileVersion": 2 -} diff --git a/src/test/package-lock/lockfile-v3.json b/src/test/package-lock/lockfile-v3.json deleted file mode 100644 index ea4d7907814..00000000000 --- a/src/test/package-lock/lockfile-v3.json +++ /dev/null @@ -1,3 +0,0 @@ -{ - "lockfileVersion": 3 -} diff --git a/src/test/package-lock/min-v1.json b/src/test/package-lock/min-v1.json new file mode 100644 index 00000000000..756927e50b6 --- /dev/null +++ b/src/test/package-lock/min-v1.json @@ -0,0 +1,6 @@ +{ + "name": "a", + "version": "0.0.0", + "lockfileVersion": 1, + "dependencies": {} +} diff --git a/src/test/package-lock/min-v2.json b/src/test/package-lock/min-v2.json new file mode 100644 index 00000000000..82073d4179a --- /dev/null +++ b/src/test/package-lock/min-v2.json @@ -0,0 +1,6 @@ +{ + "name": "test", + "version": "0.0.0", + "lockfileVersion": 2, + "packages": {} +} diff --git a/src/test/package-lock/min-v3.json b/src/test/package-lock/min-v3.json new file mode 100644 index 00000000000..a3a993cba39 --- /dev/null +++ b/src/test/package-lock/min-v3.json @@ -0,0 +1,6 @@ +{ + "name": "test", + "version": "0.0.0", + "lockfileVersion": 3, + "packages": {} +} diff --git a/src/test/package-lock/packageIntegrity-v1.json b/src/test/package-lock/packageIntegrity-v1.json new file mode 100644 index 00000000000..17ed34aa70a --- /dev/null +++ b/src/test/package-lock/packageIntegrity-v1.json @@ -0,0 +1,6 @@ +{ + "name": "test", + "version": "1.0.0", + "lockfileVersion": 1, + "packageIntegrity": "sha512-Q2bFTOhEALkN8hOms2FKTDLy7eugP2zFZ1T8LCvX42Fp3WoNr3bjZSAHeOsHrbV1Fu9/A0EzCinRE7Af1ofPrw==" +} diff --git a/src/test/package-lock/packages-v2.json b/src/test/package-lock/packages-v2.json new file mode 100644 index 00000000000..ab88239dd7b --- /dev/null +++ b/src/test/package-lock/packages-v2.json @@ -0,0 +1,7 @@ +{ + "name": "test", + "version": "0.0.0", + "lockfileVersion": 2, + "packages": {}, + "dependencies": {} +} diff --git a/src/test/package-lock/preserveSymlinks-v1.json b/src/test/package-lock/preserveSymlinks-v1.json new file mode 100644 index 00000000000..54aa7216d69 --- /dev/null +++ b/src/test/package-lock/preserveSymlinks-v1.json @@ -0,0 +1,6 @@ +{ + "name": "test", + "version": "1.0.0", + "lockfileVersion": 1, + "preserveSymlinks": "abcd" +} From 557795802742d01a0c9a3f021a8415743d42a374 Mon Sep 17 00:00:00 2001 From: "pre-commit-ci[bot]" <66853113+pre-commit-ci[bot]@users.noreply.github.com> Date: Fri, 29 May 2026 01:34:02 +0000 Subject: [PATCH 04/30] [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci --- src/schemas/json/package-lock.json | 20 ++++++++++++++----- src/test/package-lock/dependencies-v2.json | 6 +++--- src/test/package-lock/min-v1.json | 6 +++--- src/test/package-lock/min-v2.json | 6 +++--- src/test/package-lock/min-v3.json | 6 +++--- .../package-lock/packageIntegrity-v1.json | 6 +++--- src/test/package-lock/packages-v2.json | 6 +++--- .../package-lock/preserveSymlinks-v1.json | 6 +++--- 8 files changed, 36 insertions(+), 26 deletions(-) diff --git a/src/schemas/json/package-lock.json b/src/schemas/json/package-lock.json index aa03601405b..6d423824f78 100644 --- a/src/schemas/json/package-lock.json +++ b/src/schemas/json/package-lock.json @@ -53,7 +53,9 @@ "const": 1 } }, - "required": ["lockfileVersion"] + "required": [ + "lockfileVersion" + ] }, "then": { "required": [ @@ -70,15 +72,21 @@ "const": 2 } }, - "required": ["lockfileVersion"] + "required": [ + "lockfileVersion" + ] }, "then": { "anyOf": [ { - "required": ["dependencies"] + "required": [ + "dependencies" + ] }, { - "required": ["packages"] + "required": [ + "packages" + ] } ] } @@ -93,7 +101,9 @@ } }, "then": { - "required": ["packages"] + "required": [ + "packages" + ] } } ] diff --git a/src/test/package-lock/dependencies-v2.json b/src/test/package-lock/dependencies-v2.json index f6e2c312ee2..e3b5aff5904 100644 --- a/src/test/package-lock/dependencies-v2.json +++ b/src/test/package-lock/dependencies-v2.json @@ -1,6 +1,6 @@ { - "name": "test", - "version": "0.0.0", + "dependencies": {}, "lockfileVersion": 2, - "dependencies": {} + "name": "test", + "version": "0.0.0" } diff --git a/src/test/package-lock/min-v1.json b/src/test/package-lock/min-v1.json index 756927e50b6..bd1d4f7cfd3 100644 --- a/src/test/package-lock/min-v1.json +++ b/src/test/package-lock/min-v1.json @@ -1,6 +1,6 @@ { - "name": "a", - "version": "0.0.0", + "dependencies": {}, "lockfileVersion": 1, - "dependencies": {} + "name": "a", + "version": "0.0.0" } diff --git a/src/test/package-lock/min-v2.json b/src/test/package-lock/min-v2.json index 82073d4179a..cec10cc6a0c 100644 --- a/src/test/package-lock/min-v2.json +++ b/src/test/package-lock/min-v2.json @@ -1,6 +1,6 @@ { - "name": "test", - "version": "0.0.0", "lockfileVersion": 2, - "packages": {} + "name": "test", + "packages": {}, + "version": "0.0.0" } diff --git a/src/test/package-lock/min-v3.json b/src/test/package-lock/min-v3.json index a3a993cba39..e73e8ee5b25 100644 --- a/src/test/package-lock/min-v3.json +++ b/src/test/package-lock/min-v3.json @@ -1,6 +1,6 @@ { - "name": "test", - "version": "0.0.0", "lockfileVersion": 3, - "packages": {} + "name": "test", + "packages": {}, + "version": "0.0.0" } diff --git a/src/test/package-lock/packageIntegrity-v1.json b/src/test/package-lock/packageIntegrity-v1.json index 17ed34aa70a..ba794eb58e4 100644 --- a/src/test/package-lock/packageIntegrity-v1.json +++ b/src/test/package-lock/packageIntegrity-v1.json @@ -1,6 +1,6 @@ { - "name": "test", - "version": "1.0.0", "lockfileVersion": 1, - "packageIntegrity": "sha512-Q2bFTOhEALkN8hOms2FKTDLy7eugP2zFZ1T8LCvX42Fp3WoNr3bjZSAHeOsHrbV1Fu9/A0EzCinRE7Af1ofPrw==" + "name": "test", + "packageIntegrity": "sha512-Q2bFTOhEALkN8hOms2FKTDLy7eugP2zFZ1T8LCvX42Fp3WoNr3bjZSAHeOsHrbV1Fu9/A0EzCinRE7Af1ofPrw==", + "version": "1.0.0" } diff --git a/src/test/package-lock/packages-v2.json b/src/test/package-lock/packages-v2.json index ab88239dd7b..f2526225583 100644 --- a/src/test/package-lock/packages-v2.json +++ b/src/test/package-lock/packages-v2.json @@ -1,7 +1,7 @@ { - "name": "test", - "version": "0.0.0", + "dependencies": {}, "lockfileVersion": 2, + "name": "test", "packages": {}, - "dependencies": {} + "version": "0.0.0" } diff --git a/src/test/package-lock/preserveSymlinks-v1.json b/src/test/package-lock/preserveSymlinks-v1.json index 54aa7216d69..c5dcf3792c5 100644 --- a/src/test/package-lock/preserveSymlinks-v1.json +++ b/src/test/package-lock/preserveSymlinks-v1.json @@ -1,6 +1,6 @@ { - "name": "test", - "version": "1.0.0", "lockfileVersion": 1, - "preserveSymlinks": "abcd" + "name": "test", + "preserveSymlinks": "abcd", + "version": "1.0.0" } From 610f04de0e42d7b0787f8596ee58a2b57241f727 Mon Sep 17 00:00:00 2001 From: Vessel9817 <151808241+Vessel9817@users.noreply.github.com> Date: Thu, 28 May 2026 21:45:02 -0400 Subject: [PATCH 05/30] Added undocumented `requires` property Signed-off-by: Vessel9817 <151808241+Vessel9817@users.noreply.github.com> --- src/schemas/json/package-lock.json | 4 ++++ src/test/package-lock/requires-v1.json | 7 +++++++ src/test/package-lock/requires-v2.json | 7 +++++++ src/test/package-lock/requires-v3.json | 7 +++++++ 4 files changed, 25 insertions(+) create mode 100644 src/test/package-lock/requires-v1.json create mode 100644 src/test/package-lock/requires-v2.json create mode 100644 src/test/package-lock/requires-v3.json diff --git a/src/schemas/json/package-lock.json b/src/schemas/json/package-lock.json index 6d423824f78..75242b5d0f1 100644 --- a/src/schemas/json/package-lock.json +++ b/src/schemas/json/package-lock.json @@ -26,6 +26,10 @@ "lockfileVersion": { "$ref": "#/definitions/lockfileVersion" }, + "requires": { + "type": "boolean", + "description": "UNDOCUMENTED." + }, "packageIntegrity": { "$ref": "#/definitions/integrity", "description": "DEPRECATED. This is a subresource integrity value created from the `package.json`. No preprocessing of the `package.json` should be done." diff --git a/src/test/package-lock/requires-v1.json b/src/test/package-lock/requires-v1.json new file mode 100644 index 00000000000..c11502a672c --- /dev/null +++ b/src/test/package-lock/requires-v1.json @@ -0,0 +1,7 @@ +{ + "name": "a", + "version": "0.0.0", + "lockfileVersion": 1, + "requires": true, + "dependencies": {} +} diff --git a/src/test/package-lock/requires-v2.json b/src/test/package-lock/requires-v2.json new file mode 100644 index 00000000000..2f1f047e8ed --- /dev/null +++ b/src/test/package-lock/requires-v2.json @@ -0,0 +1,7 @@ +{ + "name": "test", + "version": "0.0.0", + "lockfileVersion": 2, + "requires": true, + "packages": {} +} diff --git a/src/test/package-lock/requires-v3.json b/src/test/package-lock/requires-v3.json new file mode 100644 index 00000000000..dfa41926fe6 --- /dev/null +++ b/src/test/package-lock/requires-v3.json @@ -0,0 +1,7 @@ +{ + "name": "test", + "version": "0.0.0", + "lockfileVersion": 3, + "requires": true, + "packages": {} +} From 679dc82f4ce57739031e977d0206edd0ab1570d3 Mon Sep 17 00:00:00 2001 From: "pre-commit-ci[bot]" <66853113+pre-commit-ci[bot]@users.noreply.github.com> Date: Fri, 29 May 2026 01:48:54 +0000 Subject: [PATCH 06/30] [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci --- src/test/package-lock/requires-v1.json | 6 +++--- src/test/package-lock/requires-v2.json | 6 +++--- src/test/package-lock/requires-v3.json | 6 +++--- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/src/test/package-lock/requires-v1.json b/src/test/package-lock/requires-v1.json index c11502a672c..e26ddfbe019 100644 --- a/src/test/package-lock/requires-v1.json +++ b/src/test/package-lock/requires-v1.json @@ -1,7 +1,7 @@ { - "name": "a", - "version": "0.0.0", + "dependencies": {}, "lockfileVersion": 1, + "name": "a", "requires": true, - "dependencies": {} + "version": "0.0.0" } diff --git a/src/test/package-lock/requires-v2.json b/src/test/package-lock/requires-v2.json index 2f1f047e8ed..c2f7e9a92aa 100644 --- a/src/test/package-lock/requires-v2.json +++ b/src/test/package-lock/requires-v2.json @@ -1,7 +1,7 @@ { - "name": "test", - "version": "0.0.0", "lockfileVersion": 2, + "name": "test", + "packages": {}, "requires": true, - "packages": {} + "version": "0.0.0" } diff --git a/src/test/package-lock/requires-v3.json b/src/test/package-lock/requires-v3.json index dfa41926fe6..ee4512a7054 100644 --- a/src/test/package-lock/requires-v3.json +++ b/src/test/package-lock/requires-v3.json @@ -1,7 +1,7 @@ { - "name": "test", - "version": "0.0.0", "lockfileVersion": 3, + "name": "test", + "packages": {}, "requires": true, - "packages": {} + "version": "0.0.0" } From 29cc74161c02f46bf143f3d10c1857f4b8600cea Mon Sep 17 00:00:00 2001 From: Vessel9817 <151808241+Vessel9817@users.noreply.github.com> Date: Sat, 30 May 2026 00:02:35 -0400 Subject: [PATCH 07/30] Attempted to fix tests Signed-off-by: Vessel9817 <151808241+Vessel9817@users.noreply.github.com> --- src/schemas/json/package-lock.json | 80 ++++++++++++------- .../package-lock/packageIntegrity-v1.json | 1 + .../package-lock/preserveSymlinks-v1.json | 1 + 3 files changed, 53 insertions(+), 29 deletions(-) diff --git a/src/schemas/json/package-lock.json b/src/schemas/json/package-lock.json index 75242b5d0f1..3eb75d869d5 100644 --- a/src/schemas/json/package-lock.json +++ b/src/schemas/json/package-lock.json @@ -3,17 +3,30 @@ "$schema": "http://json-schema.org/draft-07/schema#", "additionalProperties": true, "definitions": { - "lockfileVersion": { - "type": "integer", - "minimum": 1, - "description": "The version number of this document whose semantics were used when generating this lockfile.", - "$comment": "Any value less than '3' is DEPRECATED." - }, "integrity": { "type": "string", "description": "A Standard Subresource Integrity for this resource." + }, + "packageIntegrity": { + "$ref": "#/definitions/integrity", + "description": "DEPRECATED. This is a subresource integrity value created from the `package.json`. No preprocessing of the `package.json` should be done." + }, + "preserveSymlinks": { + "type": "string", + "description": "DEPRECATED. Indicates that the install was done with the environment variable `NODE_PRESERVE_SYMLINKS` enabled. The installer should insist that the value of this property match that environment variable." + }, + "v1-dependencies": { + "type": "object", + "additionalProperties": true, + "description": "A mapping of package locations to an object containing information about that package." + }, + "packages": { + "type": "object", + "additionalProperties": true, + "description": "A mapping of package locations to an object containing information about that package." } }, + "description": "NPM package lockfile", "properties": { "name": { "$ref": "package.json#/properties/name", @@ -24,23 +37,14 @@ "description": "The version of the package this is a lockfile for. This must match what's in `package.json`." }, "lockfileVersion": { - "$ref": "#/definitions/lockfileVersion" + "type": "integer", + "minimum": 1, + "description": "The version number of this document whose semantics were used when generating this lockfile.", + "$comment": "Any value less than '3' is DEPRECATED." }, "requires": { "type": "boolean", "description": "UNDOCUMENTED." - }, - "packageIntegrity": { - "$ref": "#/definitions/integrity", - "description": "DEPRECATED. This is a subresource integrity value created from the `package.json`. No preprocessing of the `package.json` should be done." - }, - "preserveSymlinks": { - "type": "string", - "description": "DEPRECATED. Indicates that the install was done with the environment variable `NODE_PRESERVE_SYMLINKS` enabled. The installer should insist that the value of this property match that environment variable." - }, - "dependencies": { - "$ref": "package.json#/properties/dependencies", - "description": "A mapping of package name to dependency object." } }, "type": "object", @@ -56,15 +60,21 @@ "lockfileVersion": { "const": 1 } - }, - "required": [ - "lockfileVersion" - ] + } }, "then": { + "properties": { + "packageIntegrity": { + "$ref": "#/definitions/packageIntegrity" + }, + "preserveSymlinks": { + "$ref": "#/definitions/preserveSymlinks" + }, + "dependencies": { + "$ref": "#/definitions/v1-dependencies" + } + }, "required": [ - "packageIntegrity", - "preserveSymlinks", "dependencies" ] } @@ -75,19 +85,26 @@ "lockfileVersion": { "const": 2 } - }, - "required": [ - "lockfileVersion" - ] + } }, "then": { "anyOf": [ { + "properties": { + "dependencies": { + "$ref": "#/definitions/v1-dependencies" + } + }, "required": [ "dependencies" ] }, { + "properties": { + "packages": { + "$ref": "#/definitions/packages" + } + }, "required": [ "packages" ] @@ -105,6 +122,11 @@ } }, "then": { + "properties": { + "dependencies": { + "$ref": "#/definitions/packages" + } + }, "required": [ "packages" ] diff --git a/src/test/package-lock/packageIntegrity-v1.json b/src/test/package-lock/packageIntegrity-v1.json index ba794eb58e4..eae01d9fe7e 100644 --- a/src/test/package-lock/packageIntegrity-v1.json +++ b/src/test/package-lock/packageIntegrity-v1.json @@ -1,4 +1,5 @@ { + "dependencies": {}, "lockfileVersion": 1, "name": "test", "packageIntegrity": "sha512-Q2bFTOhEALkN8hOms2FKTDLy7eugP2zFZ1T8LCvX42Fp3WoNr3bjZSAHeOsHrbV1Fu9/A0EzCinRE7Af1ofPrw==", diff --git a/src/test/package-lock/preserveSymlinks-v1.json b/src/test/package-lock/preserveSymlinks-v1.json index c5dcf3792c5..8b47b445f23 100644 --- a/src/test/package-lock/preserveSymlinks-v1.json +++ b/src/test/package-lock/preserveSymlinks-v1.json @@ -1,4 +1,5 @@ { + "dependencies": {}, "lockfileVersion": 1, "name": "test", "preserveSymlinks": "abcd", From 4bed6ae116c8c649617f6f710d6b36e441e2010d Mon Sep 17 00:00:00 2001 From: Vessel9817 <151808241+Vessel9817@users.noreply.github.com> Date: Sat, 30 May 2026 02:38:37 -0400 Subject: [PATCH 08/30] Fixed refs Signed-off-by: Vessel9817 <151808241+Vessel9817@users.noreply.github.com> --- src/schema-validation.jsonc | 5 +++++ src/schemas/json/package-lock.json | 8 ++++---- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/src/schema-validation.jsonc b/src/schema-validation.jsonc index d6ad3debf4d..bc960985306 100644 --- a/src/schema-validation.jsonc +++ b/src/schema-validation.jsonc @@ -1343,6 +1343,11 @@ "externalSchema": ["geojson.json"], "unknownKeywords": ["name"] }, + "package-lock.json": { + "externalSchema": [ + "package.json" + ] + }, "package.json": { "externalSchema": [ "eslintrc.json", diff --git a/src/schemas/json/package-lock.json b/src/schemas/json/package-lock.json index 3eb75d869d5..8b83ebfac29 100644 --- a/src/schemas/json/package-lock.json +++ b/src/schemas/json/package-lock.json @@ -13,7 +13,7 @@ }, "preserveSymlinks": { "type": "string", - "description": "DEPRECATED. Indicates that the install was done with the environment variable `NODE_PRESERVE_SYMLINKS` enabled. The installer should insist that the value of this property match that environment variable." + "description": "DEPRECATED. Indicates that the install was done with the environment variable `NODE_PRESERVE_SYMLINKS` set to this value. The installer should insist that the value of this property match that environment variable." }, "v1-dependencies": { "type": "object", @@ -29,16 +29,17 @@ "description": "NPM package lockfile", "properties": { "name": { - "$ref": "package.json#/properties/name", + "$ref": "https://json.schemastore.org/package.json#/properties/name", "description": "The name of the package this is a lockfile for. This must match what's in `package.json`." }, "version": { - "$ref": "package.json#/properties/version", + "$ref": "https://json.schemastore.org/package.json#/properties/version", "description": "The version of the package this is a lockfile for. This must match what's in `package.json`." }, "lockfileVersion": { "type": "integer", "minimum": 1, + "default": 3, "description": "The version number of this document whose semantics were used when generating this lockfile.", "$comment": "Any value less than '3' is DEPRECATED." }, @@ -114,7 +115,6 @@ }, { "if": { - "default": 3, "properties": { "lockfileVersion": { "const": 3 From fe8f4dafc26a14ebd4dcb1f04f86cc7f058f2124 Mon Sep 17 00:00:00 2001 From: "pre-commit-ci[bot]" <66853113+pre-commit-ci[bot]@users.noreply.github.com> Date: Sat, 30 May 2026 18:40:38 +0000 Subject: [PATCH 09/30] [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci --- src/schema-validation.jsonc | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/src/schema-validation.jsonc b/src/schema-validation.jsonc index bc960985306..a04aeed83ed 100644 --- a/src/schema-validation.jsonc +++ b/src/schema-validation.jsonc @@ -1344,9 +1344,7 @@ "unknownKeywords": ["name"] }, "package-lock.json": { - "externalSchema": [ - "package.json" - ] + "externalSchema": ["package.json"] }, "package.json": { "externalSchema": [ From 2b58052927c0d765b9e5b98424c7b47a0d280c2f Mon Sep 17 00:00:00 2001 From: Vessel9817 <151808241+Vessel9817@users.noreply.github.com> Date: Sun, 14 Jun 2026 23:21:32 -0400 Subject: [PATCH 10/30] Added negative test Signed-off-by: Vessel9817 <151808241+Vessel9817@users.noreply.github.com> --- src/negative_test/package/bundle-and-bundled.json | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 src/negative_test/package/bundle-and-bundled.json diff --git a/src/negative_test/package/bundle-and-bundled.json b/src/negative_test/package/bundle-and-bundled.json new file mode 100644 index 00000000000..afb25328a03 --- /dev/null +++ b/src/negative_test/package/bundle-and-bundled.json @@ -0,0 +1,4 @@ +{ + "bundledDependencies": true, + "bundleDependencies": true +} From 16165ffc6b79d7bf6abb38d285d4a8b333d874cd Mon Sep 17 00:00:00 2001 From: "pre-commit-ci[bot]" <66853113+pre-commit-ci[bot]@users.noreply.github.com> Date: Mon, 15 Jun 2026 03:23:17 +0000 Subject: [PATCH 11/30] [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci --- src/negative_test/package/bundle-and-bundled.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/negative_test/package/bundle-and-bundled.json b/src/negative_test/package/bundle-and-bundled.json index afb25328a03..7e1ea42a5fd 100644 --- a/src/negative_test/package/bundle-and-bundled.json +++ b/src/negative_test/package/bundle-and-bundled.json @@ -1,4 +1,4 @@ { - "bundledDependencies": true, - "bundleDependencies": true + "bundleDependencies": true, + "bundledDependencies": true } From 857c21c656d630630ec3771d288889a87ead5825 Mon Sep 17 00:00:00 2001 From: Vessel9817 <151808241+Vessel9817@users.noreply.github.com> Date: Mon, 22 Jun 2026 16:44:43 -0400 Subject: [PATCH 12/30] Added support for special lockfiles Signed-off-by: Vessel9817 <151808241+Vessel9817@users.noreply.github.com> --- src/api/json/catalog.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/api/json/catalog.json b/src/api/json/catalog.json index 492a79fcbde..4728f4e38d4 100644 --- a/src/api/json/catalog.json +++ b/src/api/json/catalog.json @@ -5558,7 +5558,7 @@ { "name": "package-lock.json", "description": "NPM package lockfile", - "fileMatch": ["package-lock.json", "npm-shrinkwrap.json"], + "fileMatch": ["package-lock.json", "npm-shrinkwrap.json", ".package-lock.json"], "url": "https://www.schemastore.org/package-lock.json" }, { From 2dd2f29c2edb9e86c5e4984861e1d8c0f153f0bc Mon Sep 17 00:00:00 2001 From: "pre-commit-ci[bot]" <66853113+pre-commit-ci[bot]@users.noreply.github.com> Date: Mon, 22 Jun 2026 20:45:47 +0000 Subject: [PATCH 13/30] [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci --- src/api/json/catalog.json | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/api/json/catalog.json b/src/api/json/catalog.json index 4728f4e38d4..4469b5b40a2 100644 --- a/src/api/json/catalog.json +++ b/src/api/json/catalog.json @@ -5558,7 +5558,11 @@ { "name": "package-lock.json", "description": "NPM package lockfile", - "fileMatch": ["package-lock.json", "npm-shrinkwrap.json", ".package-lock.json"], + "fileMatch": [ + "package-lock.json", + "npm-shrinkwrap.json", + ".package-lock.json" + ], "url": "https://www.schemastore.org/package-lock.json" }, { From 6915a2197f6a2f30a48d90df57ebb6bf93d42fb1 Mon Sep 17 00:00:00 2001 From: Vessel9817 <151808241+Vessel9817@users.noreply.github.com> Date: Wed, 24 Jun 2026 16:10:04 -0400 Subject: [PATCH 14/30] Revert "Added negative test" This reverts commit 2b58052927c0d765b9e5b98424c7b47a0d280c2f. Signed-off-by: Vessel9817 <151808241+Vessel9817@users.noreply.github.com> --- src/negative_test/package/bundle-and-bundled.json | 4 ---- 1 file changed, 4 deletions(-) delete mode 100644 src/negative_test/package/bundle-and-bundled.json diff --git a/src/negative_test/package/bundle-and-bundled.json b/src/negative_test/package/bundle-and-bundled.json deleted file mode 100644 index 7e1ea42a5fd..00000000000 --- a/src/negative_test/package/bundle-and-bundled.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "bundleDependencies": true, - "bundledDependencies": true -} From ce1cb09114ab02e6bf105c58a24b74e3c06cd5a5 Mon Sep 17 00:00:00 2001 From: Vessel9817 <151808241+Vessel9817@users.noreply.github.com> Date: Wed, 24 Jun 2026 17:24:43 -0400 Subject: [PATCH 15/30] Migrated from union types to stricter configuration Signed-off-by: Vessel9817 <151808241+Vessel9817@users.noreply.github.com> --- src/schemas/json/package.json | 198 ++++++++++++++++++++-------------- 1 file changed, 117 insertions(+), 81 deletions(-) diff --git a/src/schemas/json/package.json b/src/schemas/json/package.json index e3e176c3984..b4806c2afb3 100644 --- a/src/schemas/json/package.json +++ b/src/schemas/json/package.json @@ -4,26 +4,30 @@ "definitions": { "person": { "description": "A person who has been involved in creating or maintaining this package.", - "type": [ - "object", - "string" - ], - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string" - }, - "url": { - "type": "string", - "format": "uri" + "oneOf": [ + { + "type": "object", + "required": [ + "name" + ], + "properties": { + "name": { + "type": "string" + }, + "url": { + "type": "string", + "format": "uri" + }, + "email": { + "type": "string", + "format": "email" + } + } }, - "email": { - "type": "string", - "format": "email" + { + "type": "string" } - } + ] }, "dependency": { "description": "Dependencies are specified with a simple hash of package name to version range. The version range is a string which has one or more space-separated descriptors. Dependencies can also be identified with a tarball or git URL.", @@ -141,12 +145,16 @@ "x-intellij-language-injection": "Shell Script" }, "packageExportsEntryPath": { - "type": [ - "string", - "null" + "oneOf": [ + { + "type": "string", + "pattern": "^\\./" + }, + { + "type": "null" + } ], - "description": "The module path that is resolved when this specifier is imported. Set to `null` to disallow importing this module.", - "pattern": "^\\./" + "description": "The module path that is resolved when this specifier is imported. Set to `null` to disallow importing this module." }, "packageExportsEntryObject": { "type": "object", @@ -218,9 +226,13 @@ ] }, "packageImportsEntryPath": { - "type": [ - "string", - "null" + "oneOf": [ + { + "type": "string" + }, + { + "type": "null" + } ], "description": "The module path that is resolved when this specifier is imported. Set to `null` to disallow importing this module." }, @@ -400,22 +412,26 @@ }, "bugs": { "description": "The url to your project's issue tracker and / or the email address to which issues should be reported. These are helpful for people who encounter issues with your package.", - "type": [ - "object", - "string" - ], - "properties": { - "url": { - "type": "string", - "description": "The url to your project's issue tracker.", - "format": "uri" + "oneOf": [ + { + "type": "object", + "properties": { + "url": { + "type": "string", + "description": "The url to your project's issue tracker.", + "format": "uri" + }, + "email": { + "type": "string", + "description": "The email address to which issues should be reported.", + "format": "email" + } + } }, - "email": { - "type": "string", - "description": "The email address to which issues should be reported.", - "format": "email" + { + "type": "string" } - } + ] }, "license": { "$ref": "#/definitions/license", @@ -510,13 +526,17 @@ "additionalProperties": false }, "bin": { - "type": [ - "string", - "object" - ], - "additionalProperties": { - "type": "string" - } + "oneOf": [ + { + "type": "string" + }, + { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + ] }, "type": { "description": "When set to \"module\", the type field allows a package to specify all .js files within are ES modules. If the \"type\" field is omitted or set to \"commonjs\", all .js files are treated as CommonJS.", @@ -572,14 +592,18 @@ } }, "man": { - "type": [ - "array", - "string" + "oneOf": [ + { + "type": "array", + "items": { + "type": "string" + } + }, + { + "type": "string" + } ], - "description": "Specify either a single file or an array of filenames to put in place for the man program to find.", - "items": { - "type": "string" - } + "description": "Specify either a single file or an array of filenames to put in place for the man program to find." }, "directories": { "type": "object", @@ -611,21 +635,25 @@ }, "repository": { "description": "Specify the place where your code lives. This is helpful for people who want to contribute.", - "type": [ - "object", - "string" - ], - "properties": { - "type": { - "type": "string" - }, - "url": { - "type": "string" + "oneOf": [ + { + "type": "object", + "properties": { + "type": { + "type": "string" + }, + "url": { + "type": "string" + }, + "directory": { + "type": "string" + } + } }, - "directory": { + { "type": "string" } - } + ] }, "funding": { "oneOf": [ @@ -1026,21 +1054,25 @@ }, "esnext": { "description": "A module ID with untranspiled code that is the primary entry point to your program.", - "type": [ - "string", - "object" - ], - "properties": { - "main": { + "oneOf": [ + { "type": "string" }, - "browser": { - "type": "string" + { + "type": "object", + "properties": { + "main": { + "type": "string" + }, + "browser": { + "type": "string" + } + }, + "additionalProperties": { + "type": "string" + } } - }, - "additionalProperties": { - "type": "string" - } + ] }, "workspaces": { "description": "Allows packages within a directory to depend on one another using direct linking of local files. Additionally, dependencies within a workspace are hoisted to the workspace root when possible to reduce duplication. Note: It's also a good idea to set \"private\" to true when using this feature.", @@ -1299,9 +1331,13 @@ }, "startCommand": { "description": "A terminal command to be executed when opening the project, after installing npm dependencies.", - "type": [ - "string", - "boolean" + "oneOf": [ + { + "type": "string" + }, + { + "type": "boolean" + } ] }, "compileTrigger": { From b83669621c07cf5ca9c0d8564d871463df7000db Mon Sep 17 00:00:00 2001 From: Vessel9817 <151808241+Vessel9817@users.noreply.github.com> Date: Wed, 24 Jun 2026 18:11:14 -0400 Subject: [PATCH 16/30] Restricted patternProperties to exclude overlap with properties Signed-off-by: Vessel9817 <151808241+Vessel9817@users.noreply.github.com> --- src/schemas/json/package.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/schemas/json/package.json b/src/schemas/json/package.json index b4806c2afb3..acc169ca345 100644 --- a/src/schemas/json/package.json +++ b/src/schemas/json/package.json @@ -187,7 +187,7 @@ } }, "patternProperties": { - "^[^.0-9]+$": { + "^(?!(?:require|import|module-sync|node|default|types)$)[^.0-9]+$": { "$ref": "#/definitions/packageExportsEntryOrFallback", "description": "The module path that is resolved when this environment matches the property name." }, @@ -262,7 +262,7 @@ } }, "patternProperties": { - "^[^.0-9]+$": { + "^(?!(?:require|import|node|default|types)$)[^.0-9]+$": { "$ref": "#/definitions/packageImportsEntryOrFallback", "description": "The module path that is resolved when this environment matches the property name." }, @@ -579,7 +579,7 @@ "type": "string" } }, - "^[^*]*\\*[^*]*$": { + "^(?!\\*$)[^*]*\\*[^*]*$": { "description": "Maps file paths matching the pattern specified in property key to file paths specified in the array.", "type": "array", "items": { From 15f437f092087cf2938b800bf93bd04ae384d45d Mon Sep 17 00:00:00 2001 From: Vessel9817 <151808241+Vessel9817@users.noreply.github.com> Date: Wed, 24 Jun 2026 18:21:23 -0400 Subject: [PATCH 17/30] Removed `tsType` properties Signed-off-by: Vessel9817 <151808241+Vessel9817@users.noreply.github.com> --- src/schemas/json/package.json | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/src/schemas/json/package.json b/src/schemas/json/package.json index acc169ca345..832de9ce6ce 100644 --- a/src/schemas/json/package.json +++ b/src/schemas/json/package.json @@ -380,8 +380,7 @@ "type": "object", "patternProperties": { "^_": { - "description": "Any property starting with _ is valid.", - "tsType": "any" + "description": "Any property starting with _ is valid." } }, "properties": { @@ -788,7 +787,6 @@ }, "additionalProperties": { "type": "string", - "tsType": "string | undefined", "x-intellij-language-injection": "Shell Script" } }, From 78c22d7030cd9229fe683479219ae788197a4e51 Mon Sep 17 00:00:00 2001 From: Vessel9817 <151808241+Vessel9817@users.noreply.github.com> Date: Wed, 24 Jun 2026 23:34:12 -0400 Subject: [PATCH 18/30] Split schema into versioned schemas and added tests Signed-off-by: Vessel9817 <151808241+Vessel9817@users.noreply.github.com> --- src/api/json/catalog.json | 7 +- src/schemas/json/package-lock-1.json | 53 +++++++++++ src/schemas/json/package-lock-2.json | 57 ++++++++++++ src/schemas/json/package-lock-3.json | 26 ++++++ src/schemas/json/package-lock.json | 90 +++---------------- src/test/package-lock-1/min.json | 6 ++ .../packageIntegrity.json} | 0 .../preserveSymlinks.json} | 0 .../requires.json} | 0 .../dependencies.json} | 0 src/test/package-lock-2/min.json | 6 ++ src/test/package-lock-2/packageIntegrity.json | 7 ++ .../packages.json} | 0 src/test/package-lock-2/preserveSymlinks.json | 7 ++ .../requires.json} | 0 src/test/package-lock-3/min.json | 6 ++ src/test/package-lock-3/packages.json | 6 ++ .../requires.json} | 0 18 files changed, 190 insertions(+), 81 deletions(-) create mode 100644 src/schemas/json/package-lock-1.json create mode 100644 src/schemas/json/package-lock-2.json create mode 100644 src/schemas/json/package-lock-3.json create mode 100644 src/test/package-lock-1/min.json rename src/test/{package-lock/packageIntegrity-v1.json => package-lock-1/packageIntegrity.json} (100%) rename src/test/{package-lock/preserveSymlinks-v1.json => package-lock-1/preserveSymlinks.json} (100%) rename src/test/{package-lock/requires-v1.json => package-lock-1/requires.json} (100%) rename src/test/{package-lock/dependencies-v2.json => package-lock-2/dependencies.json} (100%) create mode 100644 src/test/package-lock-2/min.json create mode 100644 src/test/package-lock-2/packageIntegrity.json rename src/test/{package-lock/packages-v2.json => package-lock-2/packages.json} (100%) create mode 100644 src/test/package-lock-2/preserveSymlinks.json rename src/test/{package-lock/requires-v2.json => package-lock-2/requires.json} (100%) create mode 100644 src/test/package-lock-3/min.json create mode 100644 src/test/package-lock-3/packages.json rename src/test/{package-lock/requires-v3.json => package-lock-3/requires.json} (100%) diff --git a/src/api/json/catalog.json b/src/api/json/catalog.json index 4469b5b40a2..129dc97d63c 100644 --- a/src/api/json/catalog.json +++ b/src/api/json/catalog.json @@ -5563,7 +5563,12 @@ "npm-shrinkwrap.json", ".package-lock.json" ], - "url": "https://www.schemastore.org/package-lock.json" + "url": "https://www.schemastore.org/package-lock.json", + "versions": { + "1": "https://www.schemastore.org/package-lock-1.json", + "2": "https://www.schemastore.org/package-lock-2.json", + "3": "https://www.schemastore.org/package-lock-3.json" + } }, { "name": "package.json", diff --git a/src/schemas/json/package-lock-1.json b/src/schemas/json/package-lock-1.json new file mode 100644 index 00000000000..d47ec8a500b --- /dev/null +++ b/src/schemas/json/package-lock-1.json @@ -0,0 +1,53 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "https://www.schemastore.org/package-lock-1.json", + "additionalProperties": true, + "description": "DEPRECATED. NPM package lockfile, version 1", + "type": "object", + "definitions": { + "dependencies": { + "type": "object", + "additionalProperties": true, + "description": "A mapping of package locations to an object containing information about that package." + }, + "integrity": { + "type": "string", + "description": "A Standard Subresource Integrity for this resource." + }, + "packageIntegrity": { + "$ref": "#/definitions/integrity", + "description": "DEPRECATED. This is a subresource integrity value created from the `package.json`. No preprocessing of the `package.json` should be done." + }, + "preserveSymlinks": { + "type": "string", + "description": "DEPRECATED. Indicates that the install was done with the environment variable `NODE_PRESERVE_SYMLINKS` set to this value. The installer should insist that the value of this property match that environment variable." + } + }, + "properties": { + "dependencies": { + "$ref": "#/definitions/dependencies" + }, + "name": { + "$ref": "https://www.schemastore.org/package-lock.json#/properties/name" + }, + "lockfileVersion": { + "$ref": "https://www.schemastore.org/package-lock.json#/properties/lockfileVersion", + "const": 1 + }, + "packageIntegrity": { + "$ref": "#/definitions/packageIntegrity" + }, + "preserveSymlinks": { + "$ref": "#/definitions/preserveSymlinks" + }, + "requires": { + "type": "boolean", + "default": true, + "description": "UNDOCUMENTED." + }, + "version": { + "$ref": "https://www.schemastore.org/package-lock.json#/properties/version" + } + }, + "required": ["name", "version", "lockfileVersion", "dependencies"] +} diff --git a/src/schemas/json/package-lock-2.json b/src/schemas/json/package-lock-2.json new file mode 100644 index 00000000000..efa272868b7 --- /dev/null +++ b/src/schemas/json/package-lock-2.json @@ -0,0 +1,57 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "https://www.schemastore.org/package-lock-2.json", + "additionalProperties": true, + "description": "DEPRECATED. NPM package lockfile, version 2", + "type": "object", + "definitions": { + "packages": { + "type": "object", + "additionalProperties": true, + "description": "A mapping of package locations to an object containing information about that package." + } + }, + "properties": { + "dependencies": { + "$ref": "https://www.schemastore.org/package-lock-1.json#/properties/dependencies" + }, + "name": { + "$ref": "https://www.schemastore.org/package-lock-1.json#/properties/name" + }, + "lockfileVersion": { + "$ref": "https://www.schemastore.org/package-lock-1.json#/properties/lockfileVersion", + "const": 2 + }, + "packageIntegrity": { + "$ref": "https://www.schemastore.org/package-lock-1.json#/properties/packageIntegrity" + }, + "preserveSymlinks": { + "$ref": "https://www.schemastore.org/package-lock-1.json#/properties/preserveSymlinks" + }, + "requires": { + "$ref": "https://www.schemastore.org/package-lock-1.json#/properties/requires" + }, + "version": { + "$ref": "https://www.schemastore.org/package-lock-1.json#/properties/version" + } + }, + "required": ["name", "version", "lockfileVersion"], + "anyOf": [ + { + "properties": { + "dependencies": { + "$ref": "#/definitions/dependencies" + } + }, + "required": ["dependencies"] + }, + { + "properties": { + "packages": { + "$ref": "#/definitions/packages" + } + }, + "required": ["packages"] + } + ] +} diff --git a/src/schemas/json/package-lock-3.json b/src/schemas/json/package-lock-3.json new file mode 100644 index 00000000000..02095ce3b15 --- /dev/null +++ b/src/schemas/json/package-lock-3.json @@ -0,0 +1,26 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "https://www.schemastore.org/package-lock-3.json", + "additionalProperties": true, + "description": "NPM package lockfile, version 3", + "type": "object", + "properties": { + "name": { + "$ref": "https://www.schemastore.org/package-lock-2.json#/properties/name" + }, + "lockfileVersion": { + "$ref": "https://www.schemastore.org/package-lock-2.json#/properties/lockfileVersion", + "const": 3 + }, + "packages": { + "$ref": "https://www.schemastore.org/package-lock-2.json#/definitions/packages" + }, + "requires": { + "$ref": "https://www.schemastore.org/package-lock-2.json#/properties/requires" + }, + "version": { + "$ref": "https://www.schemastore.org/package-lock-2.json#/properties/version" + } + }, + "required": ["name", "version", "lockfileVersion", "packages"] +} diff --git a/src/schemas/json/package-lock.json b/src/schemas/json/package-lock.json index 8b83ebfac29..d7f54f86f02 100644 --- a/src/schemas/json/package-lock.json +++ b/src/schemas/json/package-lock.json @@ -2,32 +2,15 @@ "$id": "https://www.schemastore.org/package-lock.json", "$schema": "http://json-schema.org/draft-07/schema#", "additionalProperties": true, - "definitions": { - "integrity": { - "type": "string", - "description": "A Standard Subresource Integrity for this resource." - }, - "packageIntegrity": { - "$ref": "#/definitions/integrity", - "description": "DEPRECATED. This is a subresource integrity value created from the `package.json`. No preprocessing of the `package.json` should be done." - }, - "preserveSymlinks": { - "type": "string", - "description": "DEPRECATED. Indicates that the install was done with the environment variable `NODE_PRESERVE_SYMLINKS` set to this value. The installer should insist that the value of this property match that environment variable." - }, - "v1-dependencies": { - "type": "object", - "additionalProperties": true, - "description": "A mapping of package locations to an object containing information about that package." - }, - "packages": { - "type": "object", - "additionalProperties": true, - "description": "A mapping of package locations to an object containing information about that package." - } - }, "description": "NPM package lockfile", + "type": "object", "properties": { + "lockfileVersion": { + "type": "integer", + "description": "The version number of this document whose semantics were used when generating this lockfile.", + "minimum": 1, + "default": 3 + }, "name": { "$ref": "https://json.schemastore.org/package.json#/properties/name", "description": "The name of the package this is a lockfile for. This must match what's in `package.json`." @@ -35,20 +18,8 @@ "version": { "$ref": "https://json.schemastore.org/package.json#/properties/version", "description": "The version of the package this is a lockfile for. This must match what's in `package.json`." - }, - "lockfileVersion": { - "type": "integer", - "minimum": 1, - "default": 3, - "description": "The version number of this document whose semantics were used when generating this lockfile.", - "$comment": "Any value less than '3' is DEPRECATED." - }, - "requires": { - "type": "boolean", - "description": "UNDOCUMENTED." } }, - "type": "object", "required": [ "name", "version", @@ -64,20 +35,7 @@ } }, "then": { - "properties": { - "packageIntegrity": { - "$ref": "#/definitions/packageIntegrity" - }, - "preserveSymlinks": { - "$ref": "#/definitions/preserveSymlinks" - }, - "dependencies": { - "$ref": "#/definitions/v1-dependencies" - } - }, - "required": [ - "dependencies" - ] + "$ref": "https://www.schemastore.org/package-lock-1.json#/properties" } }, { @@ -89,28 +47,7 @@ } }, "then": { - "anyOf": [ - { - "properties": { - "dependencies": { - "$ref": "#/definitions/v1-dependencies" - } - }, - "required": [ - "dependencies" - ] - }, - { - "properties": { - "packages": { - "$ref": "#/definitions/packages" - } - }, - "required": [ - "packages" - ] - } - ] + "$ref": "https://www.schemastore.org/package-lock-2.json#/properties" } }, { @@ -122,14 +59,7 @@ } }, "then": { - "properties": { - "dependencies": { - "$ref": "#/definitions/packages" - } - }, - "required": [ - "packages" - ] + "$ref": "https://www.schemastore.org/package-lock-3.json#" } } ] diff --git a/src/test/package-lock-1/min.json b/src/test/package-lock-1/min.json new file mode 100644 index 00000000000..bd1d4f7cfd3 --- /dev/null +++ b/src/test/package-lock-1/min.json @@ -0,0 +1,6 @@ +{ + "dependencies": {}, + "lockfileVersion": 1, + "name": "a", + "version": "0.0.0" +} diff --git a/src/test/package-lock/packageIntegrity-v1.json b/src/test/package-lock-1/packageIntegrity.json similarity index 100% rename from src/test/package-lock/packageIntegrity-v1.json rename to src/test/package-lock-1/packageIntegrity.json diff --git a/src/test/package-lock/preserveSymlinks-v1.json b/src/test/package-lock-1/preserveSymlinks.json similarity index 100% rename from src/test/package-lock/preserveSymlinks-v1.json rename to src/test/package-lock-1/preserveSymlinks.json diff --git a/src/test/package-lock/requires-v1.json b/src/test/package-lock-1/requires.json similarity index 100% rename from src/test/package-lock/requires-v1.json rename to src/test/package-lock-1/requires.json diff --git a/src/test/package-lock/dependencies-v2.json b/src/test/package-lock-2/dependencies.json similarity index 100% rename from src/test/package-lock/dependencies-v2.json rename to src/test/package-lock-2/dependencies.json diff --git a/src/test/package-lock-2/min.json b/src/test/package-lock-2/min.json new file mode 100644 index 00000000000..cec10cc6a0c --- /dev/null +++ b/src/test/package-lock-2/min.json @@ -0,0 +1,6 @@ +{ + "lockfileVersion": 2, + "name": "test", + "packages": {}, + "version": "0.0.0" +} diff --git a/src/test/package-lock-2/packageIntegrity.json b/src/test/package-lock-2/packageIntegrity.json new file mode 100644 index 00000000000..a66a4847e2a --- /dev/null +++ b/src/test/package-lock-2/packageIntegrity.json @@ -0,0 +1,7 @@ +{ + "dependencies": {}, + "lockfileVersion": 2, + "name": "test", + "packageIntegrity": "sha512-Q2bFTOhEALkN8hOms2FKTDLy7eugP2zFZ1T8LCvX42Fp3WoNr3bjZSAHeOsHrbV1Fu9/A0EzCinRE7Af1ofPrw==", + "version": "1.0.0" +} diff --git a/src/test/package-lock/packages-v2.json b/src/test/package-lock-2/packages.json similarity index 100% rename from src/test/package-lock/packages-v2.json rename to src/test/package-lock-2/packages.json diff --git a/src/test/package-lock-2/preserveSymlinks.json b/src/test/package-lock-2/preserveSymlinks.json new file mode 100644 index 00000000000..f5cf0e51cb0 --- /dev/null +++ b/src/test/package-lock-2/preserveSymlinks.json @@ -0,0 +1,7 @@ +{ + "dependencies": {}, + "lockfileVersion": 2, + "name": "test", + "preserveSymlinks": "abcd", + "version": "1.0.0" +} diff --git a/src/test/package-lock/requires-v2.json b/src/test/package-lock-2/requires.json similarity index 100% rename from src/test/package-lock/requires-v2.json rename to src/test/package-lock-2/requires.json diff --git a/src/test/package-lock-3/min.json b/src/test/package-lock-3/min.json new file mode 100644 index 00000000000..e73e8ee5b25 --- /dev/null +++ b/src/test/package-lock-3/min.json @@ -0,0 +1,6 @@ +{ + "lockfileVersion": 3, + "name": "test", + "packages": {}, + "version": "0.0.0" +} diff --git a/src/test/package-lock-3/packages.json b/src/test/package-lock-3/packages.json new file mode 100644 index 00000000000..e73e8ee5b25 --- /dev/null +++ b/src/test/package-lock-3/packages.json @@ -0,0 +1,6 @@ +{ + "lockfileVersion": 3, + "name": "test", + "packages": {}, + "version": "0.0.0" +} diff --git a/src/test/package-lock/requires-v3.json b/src/test/package-lock-3/requires.json similarity index 100% rename from src/test/package-lock/requires-v3.json rename to src/test/package-lock-3/requires.json From 255bcb4ab9517678b494727818018fb50e52e689 Mon Sep 17 00:00:00 2001 From: Vessel9817 <151808241+Vessel9817@users.noreply.github.com> Date: Wed, 24 Jun 2026 23:34:42 -0400 Subject: [PATCH 19/30] Added realistic tests Signed-off-by: Vessel9817 <151808241+Vessel9817@users.noreply.github.com> --- src/test/package-lock-1/general.json | 60 ++++++++++++++++ src/test/package-lock-2/general.json | 98 +++++++++++++++++++++++++++ src/test/package-lock-3/general.json | 29 ++++++++ src/test/package-lock/general-v1.json | 60 ++++++++++++++++ src/test/package-lock/general-v2.json | 98 +++++++++++++++++++++++++++ src/test/package-lock/general-v3.json | 29 ++++++++ 6 files changed, 374 insertions(+) create mode 100644 src/test/package-lock-1/general.json create mode 100644 src/test/package-lock-2/general.json create mode 100644 src/test/package-lock-3/general.json create mode 100644 src/test/package-lock/general-v1.json create mode 100644 src/test/package-lock/general-v2.json create mode 100644 src/test/package-lock/general-v3.json diff --git a/src/test/package-lock-1/general.json b/src/test/package-lock-1/general.json new file mode 100644 index 00000000000..8fe86a8c20e --- /dev/null +++ b/src/test/package-lock-1/general.json @@ -0,0 +1,60 @@ +{ + "dependencies": { + "body-parser": { + "dependencies": { + "iconv-lite": { + "dev": true, + "integrity": "sha1-H4irpKsLFQjoMSrMOTRfNumS4vI=", + "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.4.13.tgz", + "version": "0.4.13" + }, + "qs": { + "dev": true, + "integrity": "sha1-qfMRQq9GjLcrJbMBNrokVoNJFr4=", + "resolved": "https://registry.npmjs.org/qs/-/qs-5.2.0.tgz", + "version": "5.2.0" + } + }, + "dev": true, + "integrity": "sha1-EBXLH+LEQ4WCWVgdtTMy+NDPUPk=", + "requires": { + "bytes": "2.2.0", + "content-type": "~1.0.1", + "debug": "~2.2.0", + "depd": "~1.1.0", + "http-errors": "~1.3.1", + "iconv-lite": "0.4.13", + "on-finished": "~2.3.0", + "qs": "5.2.0", + "raw-body": "~2.1.5", + "type-is": "~1.6.10" + }, + "resolved": "https://registry.npmjs.org/body-parser/-/body-parser-1.14.2.tgz", + "version": "1.14.2" + }, + "boom": { + "dependencies": { + "hoek": { + "dev": true, + "integrity": "sha512-v0XCLxICi9nPfYrS9RL8HbYnXi9obYAeLbSP00BmnZwCK9+Ih9WOjoZ8YoHCoav2csqn4FOz4Orldsy2dmDwmQ==", + "optional": true, + "resolved": "https://registry.npmjs.org/hoek/-/hoek-4.2.0.tgz", + "version": "4.2.0" + } + }, + "dev": true, + "integrity": "sha1-DwzF0ErcUAO4x9cfQsynJx/vDng=", + "optional": true, + "requires": { + "hoek": "4.x.x" + }, + "resolved": "https://registry.npmjs.org/boom/-/boom-3.2.2.tgz", + "version": "3.2.2" + } + }, + "lockfileVersion": 1, + "name": "project", + "preserveSymlinks": "abcdef", + "requires": true, + "version": "1.0.0" +} diff --git a/src/test/package-lock-2/general.json b/src/test/package-lock-2/general.json new file mode 100644 index 00000000000..8def5976781 --- /dev/null +++ b/src/test/package-lock-2/general.json @@ -0,0 +1,98 @@ +{ + "dependencies": { + "body-parser": { + "dependencies": { + "iconv-lite": { + "dev": true, + "integrity": "sha1-H4irpKsLFQjoMSrMOTRfNumS4vI=", + "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.4.13.tgz", + "version": "0.4.13" + }, + "qs": { + "dev": true, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/Vessel9817" + }, + "integrity": "sha1-qfMRQq9GjLcrJbMBNrokVoNJFr4=", + "resolved": "https://registry.npmjs.org/qs/-/qs-5.2.0.tgz", + "version": "5.2.0" + } + }, + "dev": true, + "integrity": "sha1-EBXLH+LEQ4WCWVgdtTMy+NDPUPk=", + "requires": { + "bytes": "2.2.0", + "content-type": "~1.0.1", + "debug": "~2.2.0", + "depd": "~1.1.0", + "http-errors": "~1.3.1", + "iconv-lite": "0.4.13", + "on-finished": "~2.3.0", + "qs": "5.2.0", + "raw-body": "~2.1.5", + "type-is": "~1.6.10" + }, + "resolved": "https://registry.npmjs.org/body-parser/-/body-parser-1.14.2.tgz", + "version": "1.14.2" + }, + "boom": { + "dependencies": { + "hoek": { + "dev": true, + "integrity": "sha512-v0XCLxICi9nPfYrS9RL8HbYnXi9obYAeLbSP00BmnZwCK9+Ih9WOjoZ8YoHCoav2csqn4FOz4Orldsy2dmDwmQ==", + "optional": true, + "resolved": "https://registry.npmjs.org/hoek/-/hoek-4.2.0.tgz", + "version": "4.2.0" + } + }, + "dev": true, + "integrity": "sha1-DwzF0ErcUAO4x9cfQsynJx/vDng=", + "optional": true, + "requires": { + "hoek": "4.x.x" + }, + "resolved": "https://registry.npmjs.org/boom/-/boom-3.2.2.tgz", + "version": "3.2.2" + } + }, + "lockfileVersion": 2, + "name": "project", + "packages": { + "node_modules/@babel/helper-validator-identifier": { + "dev": true, + "engines": { + "node": ">=6.9.0" + }, + "integrity": "sha512-K4JvCtQqad9OY2+yTU8w+E82ywk/fe+ELNlt1G8z3bVGlZfn/hOcQQsUhGhW/N+tb3fxK800wLtKOE/aM0m72w==", + "resolved": "https://registry.npmjs.org/@babel/helper-validator-identifier/-/helper-validator-identifier-7.15.7.tgz", + "version": "7.15.7" + }, + "node_modules/ajv-draft-04": { + "dev": true, + "integrity": "sha512-svCd36YT75yU7ofob2z7ItEWo7kq4XicQYU9T7yiVaetWzaA4xz9kKsgq3py8v1ri0UQvoJ63YEqpDQ1W/DUww==", + "peerDependencies": { + "ajv": "^8.0.0" + }, + "peerDependenciesMeta": { + "ajv": { + "optional": true + } + }, + "resolved": "https://registry.npmjs.org/ajv-draft-04/-/ajv-draft-04-0.1.0.tgz", + "version": "0.1.0" + }, + "": { + "devDependencies": { + "ajv": "^8.7.1", + "ajv-draft-04": "^0.1.0" + }, + "license": "Apache 2.0", + "name": "@npm/apple", + "version": "1.0.0" + } + }, + "preserveSymlinks": "abcdef", + "requires": true, + "version": "1.0.0" +} diff --git a/src/test/package-lock-3/general.json b/src/test/package-lock-3/general.json new file mode 100644 index 00000000000..f628bcdc7af --- /dev/null +++ b/src/test/package-lock-3/general.json @@ -0,0 +1,29 @@ +{ + "lockfileVersion": 3, + "name": "test", + "packages": { + "node_modules/@discoveryjs/json-ext": { + "dev": true, + "engines": { + "node": ">=14.17.0" + }, + "integrity": "sha512-Xc3VhU02wqZ1HvHRJUwL09HkZSTvidqY5Ya0NXBSYOxAp+Ln9dcJr9fySI+CkONzP3PekQo9WdzCv0PGER/mOA==", + "license": "MIT", + "resolved": "https://registry.npmjs.org/@discoveryjs/json-ext/-/json-ext-1.1.0.tgz", + "version": "1.1.0" + }, + "": { + "devDependencies": { + "@dotenvx/dotenvx": "^1.69.1" + }, + "license": "MIT", + "name": "test", + "version": "0.0.0", + "workspaces": { + "packages": ["./src/package1"] + } + } + }, + "requires": true, + "version": "0.0.0" +} diff --git a/src/test/package-lock/general-v1.json b/src/test/package-lock/general-v1.json new file mode 100644 index 00000000000..8fe86a8c20e --- /dev/null +++ b/src/test/package-lock/general-v1.json @@ -0,0 +1,60 @@ +{ + "dependencies": { + "body-parser": { + "dependencies": { + "iconv-lite": { + "dev": true, + "integrity": "sha1-H4irpKsLFQjoMSrMOTRfNumS4vI=", + "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.4.13.tgz", + "version": "0.4.13" + }, + "qs": { + "dev": true, + "integrity": "sha1-qfMRQq9GjLcrJbMBNrokVoNJFr4=", + "resolved": "https://registry.npmjs.org/qs/-/qs-5.2.0.tgz", + "version": "5.2.0" + } + }, + "dev": true, + "integrity": "sha1-EBXLH+LEQ4WCWVgdtTMy+NDPUPk=", + "requires": { + "bytes": "2.2.0", + "content-type": "~1.0.1", + "debug": "~2.2.0", + "depd": "~1.1.0", + "http-errors": "~1.3.1", + "iconv-lite": "0.4.13", + "on-finished": "~2.3.0", + "qs": "5.2.0", + "raw-body": "~2.1.5", + "type-is": "~1.6.10" + }, + "resolved": "https://registry.npmjs.org/body-parser/-/body-parser-1.14.2.tgz", + "version": "1.14.2" + }, + "boom": { + "dependencies": { + "hoek": { + "dev": true, + "integrity": "sha512-v0XCLxICi9nPfYrS9RL8HbYnXi9obYAeLbSP00BmnZwCK9+Ih9WOjoZ8YoHCoav2csqn4FOz4Orldsy2dmDwmQ==", + "optional": true, + "resolved": "https://registry.npmjs.org/hoek/-/hoek-4.2.0.tgz", + "version": "4.2.0" + } + }, + "dev": true, + "integrity": "sha1-DwzF0ErcUAO4x9cfQsynJx/vDng=", + "optional": true, + "requires": { + "hoek": "4.x.x" + }, + "resolved": "https://registry.npmjs.org/boom/-/boom-3.2.2.tgz", + "version": "3.2.2" + } + }, + "lockfileVersion": 1, + "name": "project", + "preserveSymlinks": "abcdef", + "requires": true, + "version": "1.0.0" +} diff --git a/src/test/package-lock/general-v2.json b/src/test/package-lock/general-v2.json new file mode 100644 index 00000000000..8def5976781 --- /dev/null +++ b/src/test/package-lock/general-v2.json @@ -0,0 +1,98 @@ +{ + "dependencies": { + "body-parser": { + "dependencies": { + "iconv-lite": { + "dev": true, + "integrity": "sha1-H4irpKsLFQjoMSrMOTRfNumS4vI=", + "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.4.13.tgz", + "version": "0.4.13" + }, + "qs": { + "dev": true, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/Vessel9817" + }, + "integrity": "sha1-qfMRQq9GjLcrJbMBNrokVoNJFr4=", + "resolved": "https://registry.npmjs.org/qs/-/qs-5.2.0.tgz", + "version": "5.2.0" + } + }, + "dev": true, + "integrity": "sha1-EBXLH+LEQ4WCWVgdtTMy+NDPUPk=", + "requires": { + "bytes": "2.2.0", + "content-type": "~1.0.1", + "debug": "~2.2.0", + "depd": "~1.1.0", + "http-errors": "~1.3.1", + "iconv-lite": "0.4.13", + "on-finished": "~2.3.0", + "qs": "5.2.0", + "raw-body": "~2.1.5", + "type-is": "~1.6.10" + }, + "resolved": "https://registry.npmjs.org/body-parser/-/body-parser-1.14.2.tgz", + "version": "1.14.2" + }, + "boom": { + "dependencies": { + "hoek": { + "dev": true, + "integrity": "sha512-v0XCLxICi9nPfYrS9RL8HbYnXi9obYAeLbSP00BmnZwCK9+Ih9WOjoZ8YoHCoav2csqn4FOz4Orldsy2dmDwmQ==", + "optional": true, + "resolved": "https://registry.npmjs.org/hoek/-/hoek-4.2.0.tgz", + "version": "4.2.0" + } + }, + "dev": true, + "integrity": "sha1-DwzF0ErcUAO4x9cfQsynJx/vDng=", + "optional": true, + "requires": { + "hoek": "4.x.x" + }, + "resolved": "https://registry.npmjs.org/boom/-/boom-3.2.2.tgz", + "version": "3.2.2" + } + }, + "lockfileVersion": 2, + "name": "project", + "packages": { + "node_modules/@babel/helper-validator-identifier": { + "dev": true, + "engines": { + "node": ">=6.9.0" + }, + "integrity": "sha512-K4JvCtQqad9OY2+yTU8w+E82ywk/fe+ELNlt1G8z3bVGlZfn/hOcQQsUhGhW/N+tb3fxK800wLtKOE/aM0m72w==", + "resolved": "https://registry.npmjs.org/@babel/helper-validator-identifier/-/helper-validator-identifier-7.15.7.tgz", + "version": "7.15.7" + }, + "node_modules/ajv-draft-04": { + "dev": true, + "integrity": "sha512-svCd36YT75yU7ofob2z7ItEWo7kq4XicQYU9T7yiVaetWzaA4xz9kKsgq3py8v1ri0UQvoJ63YEqpDQ1W/DUww==", + "peerDependencies": { + "ajv": "^8.0.0" + }, + "peerDependenciesMeta": { + "ajv": { + "optional": true + } + }, + "resolved": "https://registry.npmjs.org/ajv-draft-04/-/ajv-draft-04-0.1.0.tgz", + "version": "0.1.0" + }, + "": { + "devDependencies": { + "ajv": "^8.7.1", + "ajv-draft-04": "^0.1.0" + }, + "license": "Apache 2.0", + "name": "@npm/apple", + "version": "1.0.0" + } + }, + "preserveSymlinks": "abcdef", + "requires": true, + "version": "1.0.0" +} diff --git a/src/test/package-lock/general-v3.json b/src/test/package-lock/general-v3.json new file mode 100644 index 00000000000..f628bcdc7af --- /dev/null +++ b/src/test/package-lock/general-v3.json @@ -0,0 +1,29 @@ +{ + "lockfileVersion": 3, + "name": "test", + "packages": { + "node_modules/@discoveryjs/json-ext": { + "dev": true, + "engines": { + "node": ">=14.17.0" + }, + "integrity": "sha512-Xc3VhU02wqZ1HvHRJUwL09HkZSTvidqY5Ya0NXBSYOxAp+Ln9dcJr9fySI+CkONzP3PekQo9WdzCv0PGER/mOA==", + "license": "MIT", + "resolved": "https://registry.npmjs.org/@discoveryjs/json-ext/-/json-ext-1.1.0.tgz", + "version": "1.1.0" + }, + "": { + "devDependencies": { + "@dotenvx/dotenvx": "^1.69.1" + }, + "license": "MIT", + "name": "test", + "version": "0.0.0", + "workspaces": { + "packages": ["./src/package1"] + } + } + }, + "requires": true, + "version": "0.0.0" +} From 89cc6c826057dfdf62b72d924a9a1c5b0b79fbd3 Mon Sep 17 00:00:00 2001 From: Vessel9817 <151808241+Vessel9817@users.noreply.github.com> Date: Wed, 24 Jun 2026 23:37:58 -0400 Subject: [PATCH 20/30] Fixed incorrect assumption Signed-off-by: Vessel9817 <151808241+Vessel9817@users.noreply.github.com> --- src/schemas/json/package-lock-1.json | 2 +- src/schemas/json/package-lock-2.json | 20 +------------------- src/schemas/json/package-lock-3.json | 2 +- src/test/package-lock-1/min.json | 1 - src/test/package-lock-2/min.json | 1 - src/test/package-lock-3/min.json | 1 - src/test/package-lock/min-v1.json | 1 - src/test/package-lock/min-v2.json | 1 - src/test/package-lock/min-v3.json | 1 - 9 files changed, 3 insertions(+), 27 deletions(-) diff --git a/src/schemas/json/package-lock-1.json b/src/schemas/json/package-lock-1.json index d47ec8a500b..13f0907279e 100644 --- a/src/schemas/json/package-lock-1.json +++ b/src/schemas/json/package-lock-1.json @@ -49,5 +49,5 @@ "$ref": "https://www.schemastore.org/package-lock.json#/properties/version" } }, - "required": ["name", "version", "lockfileVersion", "dependencies"] + "required": ["name", "version", "lockfileVersion"] } diff --git a/src/schemas/json/package-lock-2.json b/src/schemas/json/package-lock-2.json index efa272868b7..9f5dbd20d35 100644 --- a/src/schemas/json/package-lock-2.json +++ b/src/schemas/json/package-lock-2.json @@ -35,23 +35,5 @@ "$ref": "https://www.schemastore.org/package-lock-1.json#/properties/version" } }, - "required": ["name", "version", "lockfileVersion"], - "anyOf": [ - { - "properties": { - "dependencies": { - "$ref": "#/definitions/dependencies" - } - }, - "required": ["dependencies"] - }, - { - "properties": { - "packages": { - "$ref": "#/definitions/packages" - } - }, - "required": ["packages"] - } - ] + "required": ["name", "version", "lockfileVersion"] } diff --git a/src/schemas/json/package-lock-3.json b/src/schemas/json/package-lock-3.json index 02095ce3b15..9fb7f3856c4 100644 --- a/src/schemas/json/package-lock-3.json +++ b/src/schemas/json/package-lock-3.json @@ -22,5 +22,5 @@ "$ref": "https://www.schemastore.org/package-lock-2.json#/properties/version" } }, - "required": ["name", "version", "lockfileVersion", "packages"] + "required": ["name", "version", "lockfileVersion"] } diff --git a/src/test/package-lock-1/min.json b/src/test/package-lock-1/min.json index bd1d4f7cfd3..72461e16ab2 100644 --- a/src/test/package-lock-1/min.json +++ b/src/test/package-lock-1/min.json @@ -1,5 +1,4 @@ { - "dependencies": {}, "lockfileVersion": 1, "name": "a", "version": "0.0.0" diff --git a/src/test/package-lock-2/min.json b/src/test/package-lock-2/min.json index cec10cc6a0c..2708f4b4450 100644 --- a/src/test/package-lock-2/min.json +++ b/src/test/package-lock-2/min.json @@ -1,6 +1,5 @@ { "lockfileVersion": 2, "name": "test", - "packages": {}, "version": "0.0.0" } diff --git a/src/test/package-lock-3/min.json b/src/test/package-lock-3/min.json index e73e8ee5b25..d1f07baba15 100644 --- a/src/test/package-lock-3/min.json +++ b/src/test/package-lock-3/min.json @@ -1,6 +1,5 @@ { "lockfileVersion": 3, "name": "test", - "packages": {}, "version": "0.0.0" } diff --git a/src/test/package-lock/min-v1.json b/src/test/package-lock/min-v1.json index bd1d4f7cfd3..72461e16ab2 100644 --- a/src/test/package-lock/min-v1.json +++ b/src/test/package-lock/min-v1.json @@ -1,5 +1,4 @@ { - "dependencies": {}, "lockfileVersion": 1, "name": "a", "version": "0.0.0" diff --git a/src/test/package-lock/min-v2.json b/src/test/package-lock/min-v2.json index cec10cc6a0c..2708f4b4450 100644 --- a/src/test/package-lock/min-v2.json +++ b/src/test/package-lock/min-v2.json @@ -1,6 +1,5 @@ { "lockfileVersion": 2, "name": "test", - "packages": {}, "version": "0.0.0" } diff --git a/src/test/package-lock/min-v3.json b/src/test/package-lock/min-v3.json index e73e8ee5b25..d1f07baba15 100644 --- a/src/test/package-lock/min-v3.json +++ b/src/test/package-lock/min-v3.json @@ -1,6 +1,5 @@ { "lockfileVersion": 3, "name": "test", - "packages": {}, "version": "0.0.0" } From 0cef17e990c4baafca4cf5a5da0822b0ad794511 Mon Sep 17 00:00:00 2001 From: Vessel9817 <151808241+Vessel9817@users.noreply.github.com> Date: Thu, 25 Jun 2026 00:15:44 -0400 Subject: [PATCH 21/30] Fixed local `$ref`s Wasn't able to figure out how to `$ref` `package.json`, so the appropriate values have been copied over. Signed-off-by: Vessel9817 <151808241+Vessel9817@users.noreply.github.com> --- src/schema-validation.jsonc | 71 +++++++++++++++++++++++++- src/schemas/json/package-lock-2.json | 2 +- src/schemas/json/package-lock-3.json | 2 +- src/schemas/json/package-lock.json | 76 +++++++++++++++++++++++++--- 4 files changed, 141 insertions(+), 10 deletions(-) diff --git a/src/schema-validation.jsonc b/src/schema-validation.jsonc index a04aeed83ed..e05766d2228 100644 --- a/src/schema-validation.jsonc +++ b/src/schema-validation.jsonc @@ -1344,7 +1344,76 @@ "unknownKeywords": ["name"] }, "package-lock.json": { - "externalSchema": ["package.json"] + "externalSchema": [ + "package-lock-1.json", + "package-lock-2.json", + "package-lock-3.json", + "eslintrc.json", + "partial-eslint-plugins.json", + "prettierrc.json", + "ava.json", + "npm-badges.json", + "stylelintrc.json", + "semantic-release.json", + "jscpd.json", + "nodemon.json", + "base.json", + "quikrun.json" + ] + }, + "package-lock-1.json": { + "externalSchema": [ + "package-lock.json", + "package-lock-2.json", + "package-lock-3.json", + "eslintrc.json", + "partial-eslint-plugins.json", + "prettierrc.json", + "ava.json", + "npm-badges.json", + "stylelintrc.json", + "semantic-release.json", + "jscpd.json", + "nodemon.json", + "base.json", + "quikrun.json" + ] + }, + "package-lock-2.json": { + "externalSchema": [ + "package-lock.json", + "package-lock-1.json", + "package-lock-3.json", + "eslintrc.json", + "partial-eslint-plugins.json", + "prettierrc.json", + "ava.json", + "npm-badges.json", + "stylelintrc.json", + "semantic-release.json", + "jscpd.json", + "nodemon.json", + "base.json", + "quikrun.json" + ] + }, + "package-lock-3.json": { + "externalSchema": [ + "package-lock.json", + "package-lock-1.json", + "package-lock-2.json", + "eslintrc.json", + "partial-eslint-plugins.json", + "prettierrc.json", + "ava.json", + "npm-badges.json", + "stylelintrc.json", + "semantic-release.json", + "jscpd.json", + "nodemon.json", + "base.json", + "quikrun.json" + ] }, "package.json": { "externalSchema": [ diff --git a/src/schemas/json/package-lock-2.json b/src/schemas/json/package-lock-2.json index 9f5dbd20d35..91fc2f646ad 100644 --- a/src/schemas/json/package-lock-2.json +++ b/src/schemas/json/package-lock-2.json @@ -19,7 +19,7 @@ "$ref": "https://www.schemastore.org/package-lock-1.json#/properties/name" }, "lockfileVersion": { - "$ref": "https://www.schemastore.org/package-lock-1.json#/properties/lockfileVersion", + "$ref": "https://www.schemastore.org/package-lock.json#/properties/lockfileVersion", "const": 2 }, "packageIntegrity": { diff --git a/src/schemas/json/package-lock-3.json b/src/schemas/json/package-lock-3.json index 9fb7f3856c4..6853410ed8c 100644 --- a/src/schemas/json/package-lock-3.json +++ b/src/schemas/json/package-lock-3.json @@ -9,7 +9,7 @@ "$ref": "https://www.schemastore.org/package-lock-2.json#/properties/name" }, "lockfileVersion": { - "$ref": "https://www.schemastore.org/package-lock-2.json#/properties/lockfileVersion", + "$ref": "https://www.schemastore.org/package-lock.json#/properties/lockfileVersion", "const": 3 }, "packages": { diff --git a/src/schemas/json/package-lock.json b/src/schemas/json/package-lock.json index d7f54f86f02..88853747ff4 100644 --- a/src/schemas/json/package-lock.json +++ b/src/schemas/json/package-lock.json @@ -12,12 +12,14 @@ "default": 3 }, "name": { - "$ref": "https://json.schemastore.org/package.json#/properties/name", - "description": "The name of the package this is a lockfile for. This must match what's in `package.json`." + "description": "The name of the package this is a lockfile for. This must match what's in `package.json`.", + "type": "string", + "maxLength": 214, + "minLength": 1 }, "version": { - "$ref": "https://json.schemastore.org/package.json#/properties/version", - "description": "The version of the package this is a lockfile for. This must match what's in `package.json`." + "description": "The version of the package this is a lockfile for. This must match what's in `package.json`.", + "type": "string" } }, "required": [ @@ -35,7 +37,29 @@ } }, "then": { - "$ref": "https://www.schemastore.org/package-lock-1.json#/properties" + "properties": { + "dependencies": { + "$ref": "https://www.schemastore.org/package-lock-1.json#/properties/dependencies" + }, + "name": { + "$ref": "https://www.schemastore.org/package-lock-1.json#/properties/name" + }, + "lockfileVersion": { + "$ref": "https://www.schemastore.org/package-lock-1.json#/properties/lockfileVersion" + }, + "packageIntegrity": { + "$ref": "https://www.schemastore.org/package-lock-1.json#/properties/packageIntegrity" + }, + "preserveSymlinks": { + "$ref": "https://www.schemastore.org/package-lock-1.json#/properties/preserveSymlinks" + }, + "requires": { + "$ref": "https://www.schemastore.org/package-lock-1.json#/properties/requires" + }, + "version": { + "$ref": "https://www.schemastore.org/package-lock-1.json#/properties/version" + } + } } }, { @@ -47,7 +71,29 @@ } }, "then": { - "$ref": "https://www.schemastore.org/package-lock-2.json#/properties" + "properties": { + "dependencies": { + "$ref": "https://www.schemastore.org/package-lock-2.json#/properties/dependencies" + }, + "name": { + "$ref": "https://www.schemastore.org/package-lock-2.json#/properties/name" + }, + "lockfileVersion": { + "$ref": "https://www.schemastore.org/package-lock-2.json#/properties/lockfileVersion" + }, + "packageIntegrity": { + "$ref": "https://www.schemastore.org/package-lock-2.json#/properties/packageIntegrity" + }, + "preserveSymlinks": { + "$ref": "https://www.schemastore.org/package-lock-2.json#/properties/preserveSymlinks" + }, + "requires": { + "$ref": "https://www.schemastore.org/package-lock-2.json#/properties/requires" + }, + "version": { + "$ref": "https://www.schemastore.org/package-lock-2.json#/properties/version" + } + } } }, { @@ -59,7 +105,23 @@ } }, "then": { - "$ref": "https://www.schemastore.org/package-lock-3.json#" + "properties": { + "name": { + "$ref": "https://www.schemastore.org/package-lock-3.json#/properties/name" + }, + "lockfileVersion": { + "$ref": "https://www.schemastore.org/package-lock-3.json#/properties/lockfileVersion" + }, + "packages": { + "$ref": "https://www.schemastore.org/package-lock-3.json#/properties/packages" + }, + "requires": { + "$ref": "https://www.schemastore.org/package-lock-3.json#/properties/requires" + }, + "version": { + "$ref": "https://www.schemastore.org/package-lock-3.json#/properties/version" + } + } } } ] From 2e5b0ab2439c3a86221cb0e929411d69a4026fbe Mon Sep 17 00:00:00 2001 From: Vessel9817 <151808241+Vessel9817@users.noreply.github.com> Date: Fri, 26 Jun 2026 15:43:25 -0400 Subject: [PATCH 22/30] Fixed `$ref`s Signed-off-by: Vessel9817 <151808241+Vessel9817@users.noreply.github.com> --- src/schema-validation.jsonc | 59 +++------------------------- src/schemas/json/package-lock-1.json | 8 ++-- src/schemas/json/package-lock-2.json | 16 ++++---- src/schemas/json/package-lock-3.json | 12 +++--- src/schemas/json/package-lock.json | 50 +++++++++++------------ 5 files changed, 47 insertions(+), 98 deletions(-) diff --git a/src/schema-validation.jsonc b/src/schema-validation.jsonc index e05766d2228..6aaf46b61ec 100644 --- a/src/schema-validation.jsonc +++ b/src/schema-validation.jsonc @@ -211,6 +211,7 @@ "opensrm.json", "opspec-io-0.1.7.json", "package.json", + "package-lock.json", "package.manifest-8.0.0.json", "package.manifest.json", "paper-plugin.json", @@ -487,6 +488,9 @@ "sarif-2.0.0-csd.2.beta.2019-01-24.json", "sarif-2.1.0-rtm.0.json", "sarif-2.1.0-rtm.1.json", + "package-lock-1.json", + "package-lock-2.json", + "package-lock-3.json", "sarif-external-property-file-2.1.0-rtm.0.json", "sarif-external-property-file-2.1.0-rtm.1.json", "sarif-external-property-file.json", @@ -1345,6 +1349,7 @@ }, "package-lock.json": { "externalSchema": [ + "package.json", "package-lock-1.json", "package-lock-2.json", "package-lock-3.json", @@ -1361,60 +1366,6 @@ "quikrun.json" ] }, - "package-lock-1.json": { - "externalSchema": [ - "package-lock.json", - "package-lock-2.json", - "package-lock-3.json", - "eslintrc.json", - "partial-eslint-plugins.json", - "prettierrc.json", - "ava.json", - "npm-badges.json", - "stylelintrc.json", - "semantic-release.json", - "jscpd.json", - "nodemon.json", - "base.json", - "quikrun.json" - ] - }, - "package-lock-2.json": { - "externalSchema": [ - "package-lock.json", - "package-lock-1.json", - "package-lock-3.json", - "eslintrc.json", - "partial-eslint-plugins.json", - "prettierrc.json", - "ava.json", - "npm-badges.json", - "stylelintrc.json", - "semantic-release.json", - "jscpd.json", - "nodemon.json", - "base.json", - "quikrun.json" - ] - }, - "package-lock-3.json": { - "externalSchema": [ - "package-lock.json", - "package-lock-1.json", - "package-lock-2.json", - "eslintrc.json", - "partial-eslint-plugins.json", - "prettierrc.json", - "ava.json", - "npm-badges.json", - "stylelintrc.json", - "semantic-release.json", - "jscpd.json", - "nodemon.json", - "base.json", - "quikrun.json" - ] - }, "package.json": { "externalSchema": [ "eslintrc.json", diff --git a/src/schemas/json/package-lock-1.json b/src/schemas/json/package-lock-1.json index 13f0907279e..ec57c273646 100644 --- a/src/schemas/json/package-lock-1.json +++ b/src/schemas/json/package-lock-1.json @@ -1,6 +1,6 @@ { "$schema": "http://json-schema.org/draft-07/schema#", - "$id": "https://www.schemastore.org/package-lock-1.json", + "$id": "https://json.schemastore.org/package-lock-1.json", "additionalProperties": true, "description": "DEPRECATED. NPM package lockfile, version 1", "type": "object", @@ -28,10 +28,10 @@ "$ref": "#/definitions/dependencies" }, "name": { - "$ref": "https://www.schemastore.org/package-lock.json#/properties/name" + "$ref": "package-lock.json#/properties/name" }, "lockfileVersion": { - "$ref": "https://www.schemastore.org/package-lock.json#/properties/lockfileVersion", + "$ref": "package-lock.json#/properties/lockfileVersion", "const": 1 }, "packageIntegrity": { @@ -46,7 +46,7 @@ "description": "UNDOCUMENTED." }, "version": { - "$ref": "https://www.schemastore.org/package-lock.json#/properties/version" + "$ref": "package-lock.json#/properties/version" } }, "required": ["name", "version", "lockfileVersion"] diff --git a/src/schemas/json/package-lock-2.json b/src/schemas/json/package-lock-2.json index 91fc2f646ad..4a6a91d09d6 100644 --- a/src/schemas/json/package-lock-2.json +++ b/src/schemas/json/package-lock-2.json @@ -1,6 +1,6 @@ { "$schema": "http://json-schema.org/draft-07/schema#", - "$id": "https://www.schemastore.org/package-lock-2.json", + "$id": "https://json.schemastore.org/package-lock-2.json", "additionalProperties": true, "description": "DEPRECATED. NPM package lockfile, version 2", "type": "object", @@ -13,26 +13,26 @@ }, "properties": { "dependencies": { - "$ref": "https://www.schemastore.org/package-lock-1.json#/properties/dependencies" + "$ref": "package-lock-1.json#/properties/dependencies" }, "name": { - "$ref": "https://www.schemastore.org/package-lock-1.json#/properties/name" + "$ref": "package-lock-1.json#/properties/name" }, "lockfileVersion": { - "$ref": "https://www.schemastore.org/package-lock.json#/properties/lockfileVersion", + "$ref": "package-lock.json#/properties/lockfileVersion", "const": 2 }, "packageIntegrity": { - "$ref": "https://www.schemastore.org/package-lock-1.json#/properties/packageIntegrity" + "$ref": "package-lock-1.json#/properties/packageIntegrity" }, "preserveSymlinks": { - "$ref": "https://www.schemastore.org/package-lock-1.json#/properties/preserveSymlinks" + "$ref": "package-lock-1.json#/properties/preserveSymlinks" }, "requires": { - "$ref": "https://www.schemastore.org/package-lock-1.json#/properties/requires" + "$ref": "package-lock-1.json#/properties/requires" }, "version": { - "$ref": "https://www.schemastore.org/package-lock-1.json#/properties/version" + "$ref": "package-lock-1.json#/properties/version" } }, "required": ["name", "version", "lockfileVersion"] diff --git a/src/schemas/json/package-lock-3.json b/src/schemas/json/package-lock-3.json index 6853410ed8c..1794e13853c 100644 --- a/src/schemas/json/package-lock-3.json +++ b/src/schemas/json/package-lock-3.json @@ -1,25 +1,25 @@ { "$schema": "http://json-schema.org/draft-07/schema#", - "$id": "https://www.schemastore.org/package-lock-3.json", + "$id": "https://json.schemastore.org/package-lock-3.json", "additionalProperties": true, "description": "NPM package lockfile, version 3", "type": "object", "properties": { "name": { - "$ref": "https://www.schemastore.org/package-lock-2.json#/properties/name" + "$ref": "package-lock-2.json#/properties/name" }, "lockfileVersion": { - "$ref": "https://www.schemastore.org/package-lock.json#/properties/lockfileVersion", + "$ref": "package-lock.json#/properties/lockfileVersion", "const": 3 }, "packages": { - "$ref": "https://www.schemastore.org/package-lock-2.json#/definitions/packages" + "$ref": "package-lock-2.json#/definitions/packages" }, "requires": { - "$ref": "https://www.schemastore.org/package-lock-2.json#/properties/requires" + "$ref": "package-lock-2.json#/properties/requires" }, "version": { - "$ref": "https://www.schemastore.org/package-lock-2.json#/properties/version" + "$ref": "package-lock-2.json#/properties/version" } }, "required": ["name", "version", "lockfileVersion"] diff --git a/src/schemas/json/package-lock.json b/src/schemas/json/package-lock.json index 88853747ff4..8458f4562e4 100644 --- a/src/schemas/json/package-lock.json +++ b/src/schemas/json/package-lock.json @@ -1,5 +1,5 @@ { - "$id": "https://www.schemastore.org/package-lock.json", + "$id": "https://json.schemastore.org/package-lock.json", "$schema": "http://json-schema.org/draft-07/schema#", "additionalProperties": true, "description": "NPM package lockfile", @@ -12,14 +12,12 @@ "default": 3 }, "name": { - "description": "The name of the package this is a lockfile for. This must match what's in `package.json`.", - "type": "string", - "maxLength": 214, - "minLength": 1 + "$ref": "package.json#/properties/name", + "description": "The name of the package this is a lockfile for. This must match what's in `package.json`." }, "version": { - "description": "The version of the package this is a lockfile for. This must match what's in `package.json`.", - "type": "string" + "$ref": "package.json#/properties/version", + "description": "The version of the package this is a lockfile for. This must match what's in `package.json`." } }, "required": [ @@ -39,25 +37,25 @@ "then": { "properties": { "dependencies": { - "$ref": "https://www.schemastore.org/package-lock-1.json#/properties/dependencies" + "$ref": "package-lock-1.json#/properties/dependencies" }, "name": { - "$ref": "https://www.schemastore.org/package-lock-1.json#/properties/name" + "$ref": "package-lock-1.json#/properties/name" }, "lockfileVersion": { - "$ref": "https://www.schemastore.org/package-lock-1.json#/properties/lockfileVersion" + "$ref": "package-lock-1.json#/properties/lockfileVersion" }, "packageIntegrity": { - "$ref": "https://www.schemastore.org/package-lock-1.json#/properties/packageIntegrity" + "$ref": "package-lock-1.json#/properties/packageIntegrity" }, "preserveSymlinks": { - "$ref": "https://www.schemastore.org/package-lock-1.json#/properties/preserveSymlinks" + "$ref": "package-lock-1.json#/properties/preserveSymlinks" }, "requires": { - "$ref": "https://www.schemastore.org/package-lock-1.json#/properties/requires" + "$ref": "package-lock-1.json#/properties/requires" }, "version": { - "$ref": "https://www.schemastore.org/package-lock-1.json#/properties/version" + "$ref": "package-lock-1.json#/properties/version" } } } @@ -73,25 +71,25 @@ "then": { "properties": { "dependencies": { - "$ref": "https://www.schemastore.org/package-lock-2.json#/properties/dependencies" + "$ref": "package-lock-2.json#/properties/dependencies" }, "name": { - "$ref": "https://www.schemastore.org/package-lock-2.json#/properties/name" + "$ref": "package-lock-2.json#/properties/name" }, "lockfileVersion": { - "$ref": "https://www.schemastore.org/package-lock-2.json#/properties/lockfileVersion" + "$ref": "package-lock-2.json#/properties/lockfileVersion" }, "packageIntegrity": { - "$ref": "https://www.schemastore.org/package-lock-2.json#/properties/packageIntegrity" + "$ref": "package-lock-2.json#/properties/packageIntegrity" }, "preserveSymlinks": { - "$ref": "https://www.schemastore.org/package-lock-2.json#/properties/preserveSymlinks" + "$ref": "package-lock-2.json#/properties/preserveSymlinks" }, "requires": { - "$ref": "https://www.schemastore.org/package-lock-2.json#/properties/requires" + "$ref": "package-lock-2.json#/properties/requires" }, "version": { - "$ref": "https://www.schemastore.org/package-lock-2.json#/properties/version" + "$ref": "package-lock-2.json#/properties/version" } } } @@ -107,19 +105,19 @@ "then": { "properties": { "name": { - "$ref": "https://www.schemastore.org/package-lock-3.json#/properties/name" + "$ref": "package-lock-3.json#/properties/name" }, "lockfileVersion": { - "$ref": "https://www.schemastore.org/package-lock-3.json#/properties/lockfileVersion" + "$ref": "package-lock-3.json#/properties/lockfileVersion" }, "packages": { - "$ref": "https://www.schemastore.org/package-lock-3.json#/properties/packages" + "$ref": "package-lock-3.json#/properties/packages" }, "requires": { - "$ref": "https://www.schemastore.org/package-lock-3.json#/properties/requires" + "$ref": "package-lock-3.json#/properties/requires" }, "version": { - "$ref": "https://www.schemastore.org/package-lock-3.json#/properties/version" + "$ref": "package-lock-3.json#/properties/version" } } } From a35203f928eaa95d5bc19e6136da028a328e8a76 Mon Sep 17 00:00:00 2001 From: Vessel9817 <151808241+Vessel9817@users.noreply.github.com> Date: Fri, 26 Jun 2026 16:36:08 -0400 Subject: [PATCH 23/30] Fixed local `$ref`s Signed-off-by: Vessel9817 <151808241+Vessel9817@users.noreply.github.com> --- src/schema-validation.jsonc | 66 +++++++++++++++++++++++++++++++++++-- 1 file changed, 63 insertions(+), 3 deletions(-) diff --git a/src/schema-validation.jsonc b/src/schema-validation.jsonc index 6aaf46b61ec..38e2d814e8d 100644 --- a/src/schema-validation.jsonc +++ b/src/schema-validation.jsonc @@ -212,6 +212,9 @@ "opspec-io-0.1.7.json", "package.json", "package-lock.json", + "package-lock-1.json", + "package-lock-2.json", + "package-lock-3.json", "package.manifest-8.0.0.json", "package.manifest.json", "paper-plugin.json", @@ -439,6 +442,9 @@ "cargo-lints-cargo.json", "cargo-lints-clippy.json", "cargo-lints-rust.json", + "package-lock-1.json", + "package-lock-2.json", + "package-lock-3.json", "partial-pyright.json", // pyproject.json[tool.pyright] "partial-setuptools.json", // pyproject.json[tool.setuptools] "partial-setuptools-scm.json", // pyproject.json[tool.setuptools-scm] @@ -488,9 +494,6 @@ "sarif-2.0.0-csd.2.beta.2019-01-24.json", "sarif-2.1.0-rtm.0.json", "sarif-2.1.0-rtm.1.json", - "package-lock-1.json", - "package-lock-2.json", - "package-lock-3.json", "sarif-external-property-file-2.1.0-rtm.0.json", "sarif-external-property-file-2.1.0-rtm.1.json", "sarif-external-property-file.json", @@ -1366,6 +1369,63 @@ "quikrun.json" ] }, + "package-lock-1.json": { + "externalSchema": [ + "package.json", + "package-lock.json", + "package-lock-2.json", + "package-lock-3.json", + "eslintrc.json", + "partial-eslint-plugins.json", + "prettierrc.json", + "ava.json", + "npm-badges.json", + "stylelintrc.json", + "semantic-release.json", + "jscpd.json", + "nodemon.json", + "base.json", + "quikrun.json" + ] + }, + "package-lock-2.json": { + "externalSchema": [ + "package.json", + "package-lock.json", + "package-lock-1.json", + "package-lock-3.json", + "eslintrc.json", + "partial-eslint-plugins.json", + "prettierrc.json", + "ava.json", + "npm-badges.json", + "stylelintrc.json", + "semantic-release.json", + "jscpd.json", + "nodemon.json", + "base.json", + "quikrun.json" + ] + }, + "package-lock-3.json": { + "externalSchema": [ + "package.json", + "package-lock.json", + "package-lock-1.json", + "package-lock-2.json", + "eslintrc.json", + "partial-eslint-plugins.json", + "prettierrc.json", + "ava.json", + "npm-badges.json", + "stylelintrc.json", + "semantic-release.json", + "jscpd.json", + "nodemon.json", + "base.json", + "quikrun.json" + ] + }, "package.json": { "externalSchema": [ "eslintrc.json", From 8a1b0a7335dcc611d2eeba08596fc73e9ee6b3dd Mon Sep 17 00:00:00 2001 From: Vessel9817 <151808241+Vessel9817@users.noreply.github.com> Date: Sat, 27 Jun 2026 04:31:26 -0400 Subject: [PATCH 24/30] Revert "Removed `tsType` properties" This reverts commit 15f437f092087cf2938b800bf93bd04ae384d45d. Signed-off-by: Vessel9817 <151808241+Vessel9817@users.noreply.github.com> --- src/schemas/json/package.json | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/schemas/json/package.json b/src/schemas/json/package.json index 832de9ce6ce..acc169ca345 100644 --- a/src/schemas/json/package.json +++ b/src/schemas/json/package.json @@ -380,7 +380,8 @@ "type": "object", "patternProperties": { "^_": { - "description": "Any property starting with _ is valid." + "description": "Any property starting with _ is valid.", + "tsType": "any" } }, "properties": { @@ -787,6 +788,7 @@ }, "additionalProperties": { "type": "string", + "tsType": "string | undefined", "x-intellij-language-injection": "Shell Script" } }, From 241c274dbfa0c2c487c6875c685d3ce38aa703c6 Mon Sep 17 00:00:00 2001 From: Vessel9817 <151808241+Vessel9817@users.noreply.github.com> Date: Sat, 27 Jun 2026 05:15:15 -0400 Subject: [PATCH 25/30] Removed `package-lock.json` in place of versioned schemas Signed-off-by: Vessel9817 <151808241+Vessel9817@users.noreply.github.com> --- src/api/json/catalog.json | 2 +- src/schema-validation.jsonc | 35 ++----- src/schemas/json/package-lock-1.json | 15 ++- src/schemas/json/package-lock-2.json | 2 +- src/schemas/json/package-lock-3.json | 2 +- src/schemas/json/package-lock.json | 126 -------------------------- src/test/package-lock/general-v1.json | 60 ------------ src/test/package-lock/general-v2.json | 98 -------------------- src/test/package-lock/general-v3.json | 29 ------ src/test/package-lock/min-v1.json | 5 - src/test/package-lock/min-v2.json | 5 - src/test/package-lock/min-v3.json | 5 - 12 files changed, 21 insertions(+), 363 deletions(-) delete mode 100644 src/schemas/json/package-lock.json delete mode 100644 src/test/package-lock/general-v1.json delete mode 100644 src/test/package-lock/general-v2.json delete mode 100644 src/test/package-lock/general-v3.json delete mode 100644 src/test/package-lock/min-v1.json delete mode 100644 src/test/package-lock/min-v2.json delete mode 100644 src/test/package-lock/min-v3.json diff --git a/src/api/json/catalog.json b/src/api/json/catalog.json index 129dc97d63c..9e7cf972c2f 100644 --- a/src/api/json/catalog.json +++ b/src/api/json/catalog.json @@ -5563,7 +5563,7 @@ "npm-shrinkwrap.json", ".package-lock.json" ], - "url": "https://www.schemastore.org/package-lock.json", + "url": "https://www.schemastore.org/package-lock-3.json", "versions": { "1": "https://www.schemastore.org/package-lock-1.json", "2": "https://www.schemastore.org/package-lock-2.json", diff --git a/src/schema-validation.jsonc b/src/schema-validation.jsonc index 38e2d814e8d..57277ba685b 100644 --- a/src/schema-validation.jsonc +++ b/src/schema-validation.jsonc @@ -211,7 +211,6 @@ "opensrm.json", "opspec-io-0.1.7.json", "package.json", - "package-lock.json", "package-lock-1.json", "package-lock-2.json", "package-lock-3.json", @@ -1350,31 +1349,9 @@ "externalSchema": ["geojson.json"], "unknownKeywords": ["name"] }, - "package-lock.json": { - "externalSchema": [ - "package.json", - "package-lock-1.json", - "package-lock-2.json", - "package-lock-3.json", - "eslintrc.json", - "partial-eslint-plugins.json", - "prettierrc.json", - "ava.json", - "npm-badges.json", - "stylelintrc.json", - "semantic-release.json", - "jscpd.json", - "nodemon.json", - "base.json", - "quikrun.json" - ] - }, "package-lock-1.json": { "externalSchema": [ "package.json", - "package-lock.json", - "package-lock-2.json", - "package-lock-3.json", "eslintrc.json", "partial-eslint-plugins.json", "prettierrc.json", @@ -1386,14 +1363,13 @@ "nodemon.json", "base.json", "quikrun.json" - ] + ], + "unknownKeywords": ["tsType"] }, "package-lock-2.json": { "externalSchema": [ "package.json", - "package-lock.json", "package-lock-1.json", - "package-lock-3.json", "eslintrc.json", "partial-eslint-plugins.json", "prettierrc.json", @@ -1405,12 +1381,12 @@ "nodemon.json", "base.json", "quikrun.json" - ] + ], + "unknownKeywords": ["tsType"] }, "package-lock-3.json": { "externalSchema": [ "package.json", - "package-lock.json", "package-lock-1.json", "package-lock-2.json", "eslintrc.json", @@ -1424,7 +1400,8 @@ "nodemon.json", "base.json", "quikrun.json" - ] + ], + "unknownKeywords": ["tsType"] }, "package.json": { "externalSchema": [ diff --git a/src/schemas/json/package-lock-1.json b/src/schemas/json/package-lock-1.json index ec57c273646..c50048b1faa 100644 --- a/src/schemas/json/package-lock-1.json +++ b/src/schemas/json/package-lock-1.json @@ -14,6 +14,13 @@ "type": "string", "description": "A Standard Subresource Integrity for this resource." }, + "lockfileVersion": { + "$comment": "Any version below 3 is DEPRECATED.", + "type": "integer", + "description": "The version number of this document whose semantics were used when generating this lockfile.", + "minimum": 1, + "default": 3 + }, "packageIntegrity": { "$ref": "#/definitions/integrity", "description": "DEPRECATED. This is a subresource integrity value created from the `package.json`. No preprocessing of the `package.json` should be done." @@ -28,10 +35,11 @@ "$ref": "#/definitions/dependencies" }, "name": { - "$ref": "package-lock.json#/properties/name" + "$ref": "package.json#/properties/name", + "description": "The name of the package this is a lockfile for. This must match what's in `package.json`." }, "lockfileVersion": { - "$ref": "package-lock.json#/properties/lockfileVersion", + "$ref": "#/definitions/lockfileVersion", "const": 1 }, "packageIntegrity": { @@ -46,7 +54,8 @@ "description": "UNDOCUMENTED." }, "version": { - "$ref": "package-lock.json#/properties/version" + "$ref": "package.json#/properties/version", + "description": "The version of the package this is a lockfile for. This must match what's in `package.json`." } }, "required": ["name", "version", "lockfileVersion"] diff --git a/src/schemas/json/package-lock-2.json b/src/schemas/json/package-lock-2.json index 4a6a91d09d6..bb85e9f2b4a 100644 --- a/src/schemas/json/package-lock-2.json +++ b/src/schemas/json/package-lock-2.json @@ -19,7 +19,7 @@ "$ref": "package-lock-1.json#/properties/name" }, "lockfileVersion": { - "$ref": "package-lock.json#/properties/lockfileVersion", + "$ref": "package-lock-1.json#/definitions/lockfileVersion", "const": 2 }, "packageIntegrity": { diff --git a/src/schemas/json/package-lock-3.json b/src/schemas/json/package-lock-3.json index 1794e13853c..d752834f9f5 100644 --- a/src/schemas/json/package-lock-3.json +++ b/src/schemas/json/package-lock-3.json @@ -9,7 +9,7 @@ "$ref": "package-lock-2.json#/properties/name" }, "lockfileVersion": { - "$ref": "package-lock.json#/properties/lockfileVersion", + "$ref": "package-lock-1.json#/definitions/lockfileVersion", "const": 3 }, "packages": { diff --git a/src/schemas/json/package-lock.json b/src/schemas/json/package-lock.json deleted file mode 100644 index 8458f4562e4..00000000000 --- a/src/schemas/json/package-lock.json +++ /dev/null @@ -1,126 +0,0 @@ -{ - "$id": "https://json.schemastore.org/package-lock.json", - "$schema": "http://json-schema.org/draft-07/schema#", - "additionalProperties": true, - "description": "NPM package lockfile", - "type": "object", - "properties": { - "lockfileVersion": { - "type": "integer", - "description": "The version number of this document whose semantics were used when generating this lockfile.", - "minimum": 1, - "default": 3 - }, - "name": { - "$ref": "package.json#/properties/name", - "description": "The name of the package this is a lockfile for. This must match what's in `package.json`." - }, - "version": { - "$ref": "package.json#/properties/version", - "description": "The version of the package this is a lockfile for. This must match what's in `package.json`." - } - }, - "required": [ - "name", - "version", - "lockfileVersion" - ], - "allOf": [ - { - "if": { - "properties": { - "lockfileVersion": { - "const": 1 - } - } - }, - "then": { - "properties": { - "dependencies": { - "$ref": "package-lock-1.json#/properties/dependencies" - }, - "name": { - "$ref": "package-lock-1.json#/properties/name" - }, - "lockfileVersion": { - "$ref": "package-lock-1.json#/properties/lockfileVersion" - }, - "packageIntegrity": { - "$ref": "package-lock-1.json#/properties/packageIntegrity" - }, - "preserveSymlinks": { - "$ref": "package-lock-1.json#/properties/preserveSymlinks" - }, - "requires": { - "$ref": "package-lock-1.json#/properties/requires" - }, - "version": { - "$ref": "package-lock-1.json#/properties/version" - } - } - } - }, - { - "if": { - "properties": { - "lockfileVersion": { - "const": 2 - } - } - }, - "then": { - "properties": { - "dependencies": { - "$ref": "package-lock-2.json#/properties/dependencies" - }, - "name": { - "$ref": "package-lock-2.json#/properties/name" - }, - "lockfileVersion": { - "$ref": "package-lock-2.json#/properties/lockfileVersion" - }, - "packageIntegrity": { - "$ref": "package-lock-2.json#/properties/packageIntegrity" - }, - "preserveSymlinks": { - "$ref": "package-lock-2.json#/properties/preserveSymlinks" - }, - "requires": { - "$ref": "package-lock-2.json#/properties/requires" - }, - "version": { - "$ref": "package-lock-2.json#/properties/version" - } - } - } - }, - { - "if": { - "properties": { - "lockfileVersion": { - "const": 3 - } - } - }, - "then": { - "properties": { - "name": { - "$ref": "package-lock-3.json#/properties/name" - }, - "lockfileVersion": { - "$ref": "package-lock-3.json#/properties/lockfileVersion" - }, - "packages": { - "$ref": "package-lock-3.json#/properties/packages" - }, - "requires": { - "$ref": "package-lock-3.json#/properties/requires" - }, - "version": { - "$ref": "package-lock-3.json#/properties/version" - } - } - } - } - ] -} diff --git a/src/test/package-lock/general-v1.json b/src/test/package-lock/general-v1.json deleted file mode 100644 index 8fe86a8c20e..00000000000 --- a/src/test/package-lock/general-v1.json +++ /dev/null @@ -1,60 +0,0 @@ -{ - "dependencies": { - "body-parser": { - "dependencies": { - "iconv-lite": { - "dev": true, - "integrity": "sha1-H4irpKsLFQjoMSrMOTRfNumS4vI=", - "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.4.13.tgz", - "version": "0.4.13" - }, - "qs": { - "dev": true, - "integrity": "sha1-qfMRQq9GjLcrJbMBNrokVoNJFr4=", - "resolved": "https://registry.npmjs.org/qs/-/qs-5.2.0.tgz", - "version": "5.2.0" - } - }, - "dev": true, - "integrity": "sha1-EBXLH+LEQ4WCWVgdtTMy+NDPUPk=", - "requires": { - "bytes": "2.2.0", - "content-type": "~1.0.1", - "debug": "~2.2.0", - "depd": "~1.1.0", - "http-errors": "~1.3.1", - "iconv-lite": "0.4.13", - "on-finished": "~2.3.0", - "qs": "5.2.0", - "raw-body": "~2.1.5", - "type-is": "~1.6.10" - }, - "resolved": "https://registry.npmjs.org/body-parser/-/body-parser-1.14.2.tgz", - "version": "1.14.2" - }, - "boom": { - "dependencies": { - "hoek": { - "dev": true, - "integrity": "sha512-v0XCLxICi9nPfYrS9RL8HbYnXi9obYAeLbSP00BmnZwCK9+Ih9WOjoZ8YoHCoav2csqn4FOz4Orldsy2dmDwmQ==", - "optional": true, - "resolved": "https://registry.npmjs.org/hoek/-/hoek-4.2.0.tgz", - "version": "4.2.0" - } - }, - "dev": true, - "integrity": "sha1-DwzF0ErcUAO4x9cfQsynJx/vDng=", - "optional": true, - "requires": { - "hoek": "4.x.x" - }, - "resolved": "https://registry.npmjs.org/boom/-/boom-3.2.2.tgz", - "version": "3.2.2" - } - }, - "lockfileVersion": 1, - "name": "project", - "preserveSymlinks": "abcdef", - "requires": true, - "version": "1.0.0" -} diff --git a/src/test/package-lock/general-v2.json b/src/test/package-lock/general-v2.json deleted file mode 100644 index 8def5976781..00000000000 --- a/src/test/package-lock/general-v2.json +++ /dev/null @@ -1,98 +0,0 @@ -{ - "dependencies": { - "body-parser": { - "dependencies": { - "iconv-lite": { - "dev": true, - "integrity": "sha1-H4irpKsLFQjoMSrMOTRfNumS4vI=", - "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.4.13.tgz", - "version": "0.4.13" - }, - "qs": { - "dev": true, - "funding": { - "type": "github", - "url": "https://github.com/sponsors/Vessel9817" - }, - "integrity": "sha1-qfMRQq9GjLcrJbMBNrokVoNJFr4=", - "resolved": "https://registry.npmjs.org/qs/-/qs-5.2.0.tgz", - "version": "5.2.0" - } - }, - "dev": true, - "integrity": "sha1-EBXLH+LEQ4WCWVgdtTMy+NDPUPk=", - "requires": { - "bytes": "2.2.0", - "content-type": "~1.0.1", - "debug": "~2.2.0", - "depd": "~1.1.0", - "http-errors": "~1.3.1", - "iconv-lite": "0.4.13", - "on-finished": "~2.3.0", - "qs": "5.2.0", - "raw-body": "~2.1.5", - "type-is": "~1.6.10" - }, - "resolved": "https://registry.npmjs.org/body-parser/-/body-parser-1.14.2.tgz", - "version": "1.14.2" - }, - "boom": { - "dependencies": { - "hoek": { - "dev": true, - "integrity": "sha512-v0XCLxICi9nPfYrS9RL8HbYnXi9obYAeLbSP00BmnZwCK9+Ih9WOjoZ8YoHCoav2csqn4FOz4Orldsy2dmDwmQ==", - "optional": true, - "resolved": "https://registry.npmjs.org/hoek/-/hoek-4.2.0.tgz", - "version": "4.2.0" - } - }, - "dev": true, - "integrity": "sha1-DwzF0ErcUAO4x9cfQsynJx/vDng=", - "optional": true, - "requires": { - "hoek": "4.x.x" - }, - "resolved": "https://registry.npmjs.org/boom/-/boom-3.2.2.tgz", - "version": "3.2.2" - } - }, - "lockfileVersion": 2, - "name": "project", - "packages": { - "node_modules/@babel/helper-validator-identifier": { - "dev": true, - "engines": { - "node": ">=6.9.0" - }, - "integrity": "sha512-K4JvCtQqad9OY2+yTU8w+E82ywk/fe+ELNlt1G8z3bVGlZfn/hOcQQsUhGhW/N+tb3fxK800wLtKOE/aM0m72w==", - "resolved": "https://registry.npmjs.org/@babel/helper-validator-identifier/-/helper-validator-identifier-7.15.7.tgz", - "version": "7.15.7" - }, - "node_modules/ajv-draft-04": { - "dev": true, - "integrity": "sha512-svCd36YT75yU7ofob2z7ItEWo7kq4XicQYU9T7yiVaetWzaA4xz9kKsgq3py8v1ri0UQvoJ63YEqpDQ1W/DUww==", - "peerDependencies": { - "ajv": "^8.0.0" - }, - "peerDependenciesMeta": { - "ajv": { - "optional": true - } - }, - "resolved": "https://registry.npmjs.org/ajv-draft-04/-/ajv-draft-04-0.1.0.tgz", - "version": "0.1.0" - }, - "": { - "devDependencies": { - "ajv": "^8.7.1", - "ajv-draft-04": "^0.1.0" - }, - "license": "Apache 2.0", - "name": "@npm/apple", - "version": "1.0.0" - } - }, - "preserveSymlinks": "abcdef", - "requires": true, - "version": "1.0.0" -} diff --git a/src/test/package-lock/general-v3.json b/src/test/package-lock/general-v3.json deleted file mode 100644 index f628bcdc7af..00000000000 --- a/src/test/package-lock/general-v3.json +++ /dev/null @@ -1,29 +0,0 @@ -{ - "lockfileVersion": 3, - "name": "test", - "packages": { - "node_modules/@discoveryjs/json-ext": { - "dev": true, - "engines": { - "node": ">=14.17.0" - }, - "integrity": "sha512-Xc3VhU02wqZ1HvHRJUwL09HkZSTvidqY5Ya0NXBSYOxAp+Ln9dcJr9fySI+CkONzP3PekQo9WdzCv0PGER/mOA==", - "license": "MIT", - "resolved": "https://registry.npmjs.org/@discoveryjs/json-ext/-/json-ext-1.1.0.tgz", - "version": "1.1.0" - }, - "": { - "devDependencies": { - "@dotenvx/dotenvx": "^1.69.1" - }, - "license": "MIT", - "name": "test", - "version": "0.0.0", - "workspaces": { - "packages": ["./src/package1"] - } - } - }, - "requires": true, - "version": "0.0.0" -} diff --git a/src/test/package-lock/min-v1.json b/src/test/package-lock/min-v1.json deleted file mode 100644 index 72461e16ab2..00000000000 --- a/src/test/package-lock/min-v1.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "lockfileVersion": 1, - "name": "a", - "version": "0.0.0" -} diff --git a/src/test/package-lock/min-v2.json b/src/test/package-lock/min-v2.json deleted file mode 100644 index 2708f4b4450..00000000000 --- a/src/test/package-lock/min-v2.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "lockfileVersion": 2, - "name": "test", - "version": "0.0.0" -} diff --git a/src/test/package-lock/min-v3.json b/src/test/package-lock/min-v3.json deleted file mode 100644 index d1f07baba15..00000000000 --- a/src/test/package-lock/min-v3.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "lockfileVersion": 3, - "name": "test", - "version": "0.0.0" -} From 3decd9ed734aea4b39417feb21e782e1c0728503 Mon Sep 17 00:00:00 2001 From: Vessel9817 <151808241+Vessel9817@users.noreply.github.com> Date: Sun, 28 Jun 2026 20:40:19 -0400 Subject: [PATCH 26/30] Added properties For stricter package name validation, see: #5230 Signed-off-by: Vessel9817 <151808241+Vessel9817@users.noreply.github.com> --- src/schemas/json/package-lock-1.json | 72 +++++++++++++++++++------ src/schemas/json/package-lock-2.json | 80 +++++++++++++++++++++++----- src/schemas/json/package-lock-3.json | 21 +++++++- 3 files changed, 143 insertions(+), 30 deletions(-) diff --git a/src/schemas/json/package-lock-1.json b/src/schemas/json/package-lock-1.json index c50048b1faa..2add697e3cf 100644 --- a/src/schemas/json/package-lock-1.json +++ b/src/schemas/json/package-lock-1.json @@ -1,18 +1,14 @@ { "$schema": "http://json-schema.org/draft-07/schema#", "$id": "https://json.schemastore.org/package-lock-1.json", + "$comment": "Added in npm v5", "additionalProperties": true, "description": "DEPRECATED. NPM package lockfile, version 1", "type": "object", "definitions": { - "dependencies": { - "type": "object", - "additionalProperties": true, - "description": "A mapping of package locations to an object containing information about that package." - }, "integrity": { "type": "string", - "description": "A Standard Subresource Integrity for this resource." + "description": "A Standard Subresource Integrity (SRI) value for this resource." }, "lockfileVersion": { "$comment": "Any version below 3 is DEPRECATED.", @@ -20,33 +16,74 @@ "description": "The version number of this document whose semantics were used when generating this lockfile.", "minimum": 1, "default": 3 - }, - "packageIntegrity": { - "$ref": "#/definitions/integrity", - "description": "DEPRECATED. This is a subresource integrity value created from the `package.json`. No preprocessing of the `package.json` should be done." - }, - "preserveSymlinks": { - "type": "string", - "description": "DEPRECATED. Indicates that the install was done with the environment variable `NODE_PRESERVE_SYMLINKS` set to this value. The installer should insist that the value of this property match that environment variable." } }, "properties": { "dependencies": { - "$ref": "#/definitions/dependencies" + "$comment": "https://docs.npmjs.com/cli/v6/configuring-npm/package-lock-json#dependencies", + "type": "object", + "additionalProperties": true, + "description": "A mapping of package locations to an object containing information about that package. npm v7 ignores this section entirely if a `packages` section is present, but does keep it up to date in order to support switching between npm v6 and npm v7.", + "properties": { + "version": { + "$ref": "#/properties/version", + "description": "This is a specifier that uniquely identifies this package and should be usable in fetching a new copy of it." + }, + "integrity": { + "$ref": "#/definitions/integrity" + }, + "resolved": { + "description": "For registry sources, this is path of the tarball relative to the registry URL. If the tarball URL isn't on the same server as the registry URL then this is a complete URL. For bundled dependencies, this is not included, regardless of source.", + "type": "string" + }, + "bundled": { + "description": "If `true`, this is the bundled dependency and will be installed by the parent module. When installing, this module will be extracted from the parent module during the extract phase, not installed as a separate dependency.", + "type": "boolean" + }, + "dev": { + "description": "If `true`, then this dependency is either a development dependency ONLY of the top level module or a transitive dependency of one. This is `false` for dependencies that are both a development dependency of the top level and a transitive dependency of a non-development dependency of the top level.", + "type": "boolean" + }, + "optional": { + "description": "If `true`, then this dependency is either an optional dependency ONLY of the top level module or a transitive dependency of one. This is `false` for dependencies that are both an optional dependency of the top level and a transitive dependency of a non-optional dependency of the top level. All optional dependencies should be included even if they're uninstallable on the current platform.", + "type": "boolean" + }, + "requires": { + "description": "A mapping of module name to version. This is a list of everything this module requires, regardless of where it will be installed. The version should match, via normal matching rules, a dependency either in our `dependencies` or in a level higher than us.", + "type": "object", + "patternProperties": { + "^.+$": { + "type": "string", + "description": "The version range for the dependency." + } + } + }, + "dependencies": { + "$ref": "#/properties/dependencies", + "description": "The dependencies of this dependency, exactly as at the top level." + } + }, + "required": ["version"] }, "name": { + "$comment": "https://docs.npmjs.com/cli/v6/configuring-npm/package-lock-json#name", "$ref": "package.json#/properties/name", "description": "The name of the package this is a lockfile for. This must match what's in `package.json`." }, "lockfileVersion": { + "$comment": "https://docs.npmjs.com/cli/v6/configuring-npm/package-lock-json#lockfileversion", "$ref": "#/definitions/lockfileVersion", "const": 1 }, "packageIntegrity": { - "$ref": "#/definitions/packageIntegrity" + "$comment": "https://docs.npmjs.com/cli/v6/configuring-npm/package-lock-json#packageintegrity", + "$ref": "#/definitions/integrity", + "description": "DEPRECATED. This is an SRI created from the `package.json`. No preprocessing of the `package.json` should be done." }, "preserveSymlinks": { - "$ref": "#/definitions/preserveSymlinks" + "$comment": "https://docs.npmjs.com/cli/v6/configuring-npm/package-lock-json#preservesymlinks", + "type": "string", + "description": "DEPRECATED. Indicates that the install was done with the environment variable `NODE_PRESERVE_SYMLINKS` set to this value. The installer should insist that the value of this property match that environment variable." }, "requires": { "type": "boolean", @@ -54,6 +91,7 @@ "description": "UNDOCUMENTED." }, "version": { + "$comment": "https://docs.npmjs.com/cli/v6/configuring-npm/package-lock-json#version", "$ref": "package.json#/properties/version", "description": "The version of the package this is a lockfile for. This must match what's in `package.json`." } diff --git a/src/schemas/json/package-lock-2.json b/src/schemas/json/package-lock-2.json index bb85e9f2b4a..6ac087982a5 100644 --- a/src/schemas/json/package-lock-2.json +++ b/src/schemas/json/package-lock-2.json @@ -1,16 +1,10 @@ { "$schema": "http://json-schema.org/draft-07/schema#", "$id": "https://json.schemastore.org/package-lock-2.json", + "$comment": "Added in npm v7", "additionalProperties": true, "description": "DEPRECATED. NPM package lockfile, version 2", "type": "object", - "definitions": { - "packages": { - "type": "object", - "additionalProperties": true, - "description": "A mapping of package locations to an object containing information about that package." - } - }, "properties": { "dependencies": { "$ref": "package-lock-1.json#/properties/dependencies" @@ -22,11 +16,73 @@ "$ref": "package-lock-1.json#/definitions/lockfileVersion", "const": 2 }, - "packageIntegrity": { - "$ref": "package-lock-1.json#/properties/packageIntegrity" - }, - "preserveSymlinks": { - "$ref": "package-lock-1.json#/properties/preserveSymlinks" + "packages": { + "type": "object", + "additionalProperties": true, + "description": "A mapping of package locations to an object containing information about that package. The root project is typically listed with a key of `\"\"`, and all other packages are listed with their relative paths from the root project folder.", + "properties": { + "bin": { + "$ref": "package.json#/properties/bin", + "description": "Matches the `bin` field set in package.json" + }, + "dependencies": { + "$ref": "package.json#/properties/dependencies", + "description": "Matches the `dependencies` field set in package.json" + }, + "dev": { + "description": "A flag specifying this package is strictly part of the `devDependencies` tree.", + "type": "boolean" + }, + "devOptional": { + "description": "A flag specifying this package is a `dev` dependency *and* an `optional` dependency of a non-dev dependency.", + "type": "boolean" + }, + "engines": { + "$ref": "package.json#/properties/engines", + "description": "Matches the `engines` field set in package.json" + }, + "hasInstallScript": { + "description": "A flag to indicate that this package has a `preinstall`, `install`, or `postinstall` script.", + "type": "boolean" + }, + "hasShrinkwrap": { + "description": "A flag to indicate that this package has an `npm-shrinkwrap.json` file.", + "type": "boolean" + }, + "inBundle": { + "description": "A flag to indicate that this package is a bundled dependency.", + "type": "boolean" + }, + "integrity": { + "$ref": "package-lock-1.json#/definitions/integrity", + "description": "A `sha512` or `sha1` SRI for the artifact that was unpacked in this location. For git dependencies, this is the commit hash." + }, + "license": { + "$ref": "package.json#/properties/license", + "description": "Matches the `license` field set in package.json" + }, + "link": { + "description": "A flag to indicate that this is a symbolic link. If this is present, no other fields are specified, since the link target will also be included in the lockfile.", + "type": "boolean" + }, + "optional": { + "description": "A flag to indicate this this package is either an `optional` dependency of a `dev` dependency, or strictly part of the `optionalDependencies` tree and not a `dev` dependency.", + "type": "boolean" + }, + "optionalDependencies": { + "$ref": "package.json#/properties/optionalDependencies", + "description": "Matches the `optionalDependencies` field set in package.json" + }, + "resolved": { + "description": "For registry sources, this is path of the tarball relative to the registry URL. If the tarball URL isn't on the same server as the registry URL then this is a complete URL. For bundled dependencies, this is not included, regardless of source.", + "type": "string" + }, + "version": { + "$ref": "#/properties/version", + "description": "This is a specifier that uniquely identifies this package and should be usable in fetching a new copy of it." + } + }, + "required": ["version"] }, "requires": { "$ref": "package-lock-1.json#/properties/requires" diff --git a/src/schemas/json/package-lock-3.json b/src/schemas/json/package-lock-3.json index d752834f9f5..be7bdc73539 100644 --- a/src/schemas/json/package-lock-3.json +++ b/src/schemas/json/package-lock-3.json @@ -1,24 +1,43 @@ { "$schema": "http://json-schema.org/draft-07/schema#", "$id": "https://json.schemastore.org/package-lock-3.json", + "$comment": "Added in npm v7", "additionalProperties": true, "description": "NPM package lockfile, version 3", "type": "object", "properties": { "name": { + "$comment": "https://docs.npmjs.com/cli/v11/configuring-npm/package-lock-json#name", "$ref": "package-lock-2.json#/properties/name" }, "lockfileVersion": { + "$comment": "https://docs.npmjs.com/cli/v11/configuring-npm/package-lock-json#lockfileversion", "$ref": "package-lock-1.json#/definitions/lockfileVersion", "const": 3 }, "packages": { - "$ref": "package-lock-2.json#/definitions/packages" + "$comment": "https://docs.npmjs.com/cli/v11/configuring-npm/package-lock-json#packages", + "$ref": "package-lock-2.json#/properties/packages", + "properties": { + "os": { + "$comment": "Added in npm v11", + "$ref": "package.json#/properties/os" + }, + "cpu": { + "$comment": "Added in npm v11", + "$ref": "package.json#/properties/cpu" + }, + "funding": { + "$comment": "Added in npm v11", + "$ref": "package.json#/properties/funding" + } + } }, "requires": { "$ref": "package-lock-2.json#/properties/requires" }, "version": { + "$comment": "https://docs.npmjs.com/cli/v11/configuring-npm/package-lock-json#version", "$ref": "package-lock-2.json#/properties/version" } }, From 9bd7f4de44b91974ce9264bef25826fca99257f1 Mon Sep 17 00:00:00 2001 From: Vessel9817 <151808241+Vessel9817@users.noreply.github.com> Date: Sun, 28 Jun 2026 20:46:32 -0400 Subject: [PATCH 27/30] Tightened `link` validation Signed-off-by: Vessel9817 <151808241+Vessel9817@users.noreply.github.com> --- src/schemas/json/package-lock-2.json | 56 +++++++++++++++++++--------- src/schemas/json/package-lock-3.json | 40 +++++++++++++------- 2 files changed, 66 insertions(+), 30 deletions(-) diff --git a/src/schemas/json/package-lock-2.json b/src/schemas/json/package-lock-2.json index 6ac087982a5..1e1e8dc29ff 100644 --- a/src/schemas/json/package-lock-2.json +++ b/src/schemas/json/package-lock-2.json @@ -5,21 +5,8 @@ "additionalProperties": true, "description": "DEPRECATED. NPM package lockfile, version 2", "type": "object", - "properties": { - "dependencies": { - "$ref": "package-lock-1.json#/properties/dependencies" - }, - "name": { - "$ref": "package-lock-1.json#/properties/name" - }, - "lockfileVersion": { - "$ref": "package-lock-1.json#/definitions/lockfileVersion", - "const": 2 - }, - "packages": { - "type": "object", - "additionalProperties": true, - "description": "A mapping of package locations to an object containing information about that package. The root project is typically listed with a key of `\"\"`, and all other packages are listed with their relative paths from the root project folder.", + "definitions": { + "package": { "properties": { "bin": { "$ref": "package.json#/properties/bin", @@ -62,8 +49,8 @@ "description": "Matches the `license` field set in package.json" }, "link": { - "description": "A flag to indicate that this is a symbolic link. If this is present, no other fields are specified, since the link target will also be included in the lockfile.", - "type": "boolean" + "$ref": "#/definitions/link", + "const": false }, "optional": { "description": "A flag to indicate this this package is either an `optional` dependency of a `dev` dependency, or strictly part of the `optionalDependencies` tree and not a `dev` dependency.", @@ -83,6 +70,41 @@ } }, "required": ["version"] + } + }, + "properties": { + "dependencies": { + "$ref": "package-lock-1.json#/properties/dependencies" + }, + "name": { + "$ref": "package-lock-1.json#/properties/name" + }, + "link": { + "description": "A flag to indicate that this is a symbolic link. If this is present, no other fields are specified, since the link target will also be included in the lockfile.", + "type": "boolean" + }, + "lockfileVersion": { + "$ref": "package-lock-1.json#/definitions/lockfileVersion", + "const": 2 + }, + "packages": { + "type": "object", + "additionalProperties": true, + "description": "A mapping of package locations to an object containing information about that package. The root project is typically listed with a key of `\"\"`, and all other packages are listed with their relative paths from the root project folder.", + "oneOf": [ + { + "$ref": "#/definitions/package" + }, + { + "properties": { + "link": { + "$ref": "#/definitions/link", + "const": true + } + }, + "required": ["link"] + } + ] }, "requires": { "$ref": "package-lock-1.json#/properties/requires" diff --git a/src/schemas/json/package-lock-3.json b/src/schemas/json/package-lock-3.json index be7bdc73539..733e3aaa51c 100644 --- a/src/schemas/json/package-lock-3.json +++ b/src/schemas/json/package-lock-3.json @@ -17,21 +17,35 @@ }, "packages": { "$comment": "https://docs.npmjs.com/cli/v11/configuring-npm/package-lock-json#packages", - "$ref": "package-lock-2.json#/properties/packages", - "properties": { - "os": { - "$comment": "Added in npm v11", - "$ref": "package.json#/properties/os" + "type": "object", + "additionalProperties": true, + "description": "A mapping of package locations to an object containing information about that package. The root project is typically listed with a key of `\"\"`, and all other packages are listed with their relative paths from the root project folder.", + "oneOf": [ + { + "$ref": "package-lock-2.json#/definitions/package", + "os": { + "$comment": "Added in npm v11", + "$ref": "package.json#/properties/os" + }, + "cpu": { + "$comment": "Added in npm v11", + "$ref": "package.json#/properties/cpu" + }, + "funding": { + "$comment": "Added in npm v11", + "$ref": "package.json#/properties/funding" + } }, - "cpu": { - "$comment": "Added in npm v11", - "$ref": "package.json#/properties/cpu" - }, - "funding": { - "$comment": "Added in npm v11", - "$ref": "package.json#/properties/funding" + { + "properties": { + "link": { + "$ref": "package-lock-2.json#/definitions/link", + "const": true + } + }, + "required": ["link"] } - } + ] }, "requires": { "$ref": "package-lock-2.json#/properties/requires" From 23780b2c8c195c16747c503af14d114820616736 Mon Sep 17 00:00:00 2001 From: Vessel9817 <151808241+Vessel9817@users.noreply.github.com> Date: Sun, 28 Jun 2026 20:54:54 -0400 Subject: [PATCH 28/30] Fixed dependency fields Signed-off-by: Vessel9817 <151808241+Vessel9817@users.noreply.github.com> --- src/schemas/json/package-lock-1.json | 83 ++++++++++++++-------------- src/schemas/json/package-lock-2.json | 32 +++++++---- src/schemas/json/package-lock-3.json | 57 +++++++++++-------- 3 files changed, 96 insertions(+), 76 deletions(-) diff --git a/src/schemas/json/package-lock-1.json b/src/schemas/json/package-lock-1.json index 2add697e3cf..5c66c9fb563 100644 --- a/src/schemas/json/package-lock-1.json +++ b/src/schemas/json/package-lock-1.json @@ -20,50 +20,53 @@ }, "properties": { "dependencies": { - "$comment": "https://docs.npmjs.com/cli/v6/configuring-npm/package-lock-json#dependencies", - "type": "object", - "additionalProperties": true, - "description": "A mapping of package locations to an object containing information about that package. npm v7 ignores this section entirely if a `packages` section is present, but does keep it up to date in order to support switching between npm v6 and npm v7.", - "properties": { - "version": { - "$ref": "#/properties/version", - "description": "This is a specifier that uniquely identifies this package and should be usable in fetching a new copy of it." - }, - "integrity": { - "$ref": "#/definitions/integrity" - }, - "resolved": { - "description": "For registry sources, this is path of the tarball relative to the registry URL. If the tarball URL isn't on the same server as the registry URL then this is a complete URL. For bundled dependencies, this is not included, regardless of source.", - "type": "string" - }, - "bundled": { - "description": "If `true`, this is the bundled dependency and will be installed by the parent module. When installing, this module will be extracted from the parent module during the extract phase, not installed as a separate dependency.", - "type": "boolean" - }, - "dev": { - "description": "If `true`, then this dependency is either a development dependency ONLY of the top level module or a transitive dependency of one. This is `false` for dependencies that are both a development dependency of the top level and a transitive dependency of a non-development dependency of the top level.", - "type": "boolean" - }, - "optional": { - "description": "If `true`, then this dependency is either an optional dependency ONLY of the top level module or a transitive dependency of one. This is `false` for dependencies that are both an optional dependency of the top level and a transitive dependency of a non-optional dependency of the top level. All optional dependencies should be included even if they're uninstallable on the current platform.", - "type": "boolean" - }, - "requires": { - "description": "A mapping of module name to version. This is a list of everything this module requires, regardless of where it will be installed. The version should match, via normal matching rules, a dependency either in our `dependencies` or in a level higher than us.", + "patternProperties": { + "^.*$": { + "$comment": "https://docs.npmjs.com/cli/v6/configuring-npm/package-lock-json#dependencies", "type": "object", - "patternProperties": { - "^.+$": { - "type": "string", - "description": "The version range for the dependency." + "additionalProperties": true, + "description": "A mapping of package locations to an object containing information about that package. npm v7 ignores this section entirely if a `packages` section is present, but does keep it up to date in order to support switching between npm v6 and npm v7.", + "properties": { + "version": { + "$ref": "#/properties/version", + "description": "This is a specifier that uniquely identifies this package and should be usable in fetching a new copy of it." + }, + "integrity": { + "$ref": "#/definitions/integrity" + }, + "resolved": { + "description": "For registry sources, this is path of the tarball relative to the registry URL. If the tarball URL isn't on the same server as the registry URL then this is a complete URL. For bundled dependencies, this is not included, regardless of source.", + "type": "string" + }, + "bundled": { + "description": "If `true`, this is the bundled dependency and will be installed by the parent module. When installing, this module will be extracted from the parent module during the extract phase, not installed as a separate dependency.", + "type": "boolean" + }, + "dev": { + "description": "If `true`, then this dependency is either a development dependency ONLY of the top level module or a transitive dependency of one. This is `false` for dependencies that are both a development dependency of the top level and a transitive dependency of a non-development dependency of the top level.", + "type": "boolean" + }, + "optional": { + "description": "If `true`, then this dependency is either an optional dependency ONLY of the top level module or a transitive dependency of one. This is `false` for dependencies that are both an optional dependency of the top level and a transitive dependency of a non-optional dependency of the top level. All optional dependencies should be included even if they're uninstallable on the current platform.", + "type": "boolean" + }, + "requires": { + "description": "A mapping of module name to version. This is a list of everything this module requires, regardless of where it will be installed. The version should match, via normal matching rules, a dependency either in our `dependencies` or in a level higher than us.", + "type": "object", + "patternProperties": { + "^.+$": { + "type": "string", + "description": "The version range for the dependency." + } + } + }, + "dependencies": { + "$ref": "#/properties/dependencies", + "description": "The dependencies of this dependency, exactly as at the top level." } } - }, - "dependencies": { - "$ref": "#/properties/dependencies", - "description": "The dependencies of this dependency, exactly as at the top level." } - }, - "required": ["version"] + } }, "name": { "$comment": "https://docs.npmjs.com/cli/v6/configuring-npm/package-lock-json#name", diff --git a/src/schemas/json/package-lock-2.json b/src/schemas/json/package-lock-2.json index 1e1e8dc29ff..4179a0d6dd2 100644 --- a/src/schemas/json/package-lock-2.json +++ b/src/schemas/json/package-lock-2.json @@ -6,6 +6,10 @@ "description": "DEPRECATED. NPM package lockfile, version 2", "type": "object", "definitions": { + "link": { + "description": "A flag to indicate that this is a symbolic link. If this is present, no other fields are specified, since the link target will also be included in the lockfile.", + "type": "boolean" + }, "package": { "properties": { "bin": { @@ -91,20 +95,24 @@ "type": "object", "additionalProperties": true, "description": "A mapping of package locations to an object containing information about that package. The root project is typically listed with a key of `\"\"`, and all other packages are listed with their relative paths from the root project folder.", - "oneOf": [ - { - "$ref": "#/definitions/package" - }, - { - "properties": { - "link": { - "$ref": "#/definitions/link", - "const": true + "patternProperties": { + "^.*$": { + "oneOf": [ + { + "$ref": "#/definitions/package" + }, + { + "properties": { + "link": { + "$ref": "#/definitions/link", + "const": true + } + }, + "required": ["link"] } - }, - "required": ["link"] + ] } - ] + } }, "requires": { "$ref": "package-lock-1.json#/properties/requires" diff --git a/src/schemas/json/package-lock-3.json b/src/schemas/json/package-lock-3.json index 733e3aaa51c..d20346f3cd2 100644 --- a/src/schemas/json/package-lock-3.json +++ b/src/schemas/json/package-lock-3.json @@ -5,6 +5,23 @@ "additionalProperties": true, "description": "NPM package lockfile, version 3", "type": "object", + "definitions": { + "package": { + "$ref": "package-lock-2.json#/definitions/package", + "os": { + "$comment": "Added in npm v11", + "$ref": "package.json#/properties/os" + }, + "cpu": { + "$comment": "Added in npm v11", + "$ref": "package.json#/properties/cpu" + }, + "funding": { + "$comment": "Added in npm v11", + "$ref": "package.json#/properties/funding" + } + } + }, "properties": { "name": { "$comment": "https://docs.npmjs.com/cli/v11/configuring-npm/package-lock-json#name", @@ -20,32 +37,24 @@ "type": "object", "additionalProperties": true, "description": "A mapping of package locations to an object containing information about that package. The root project is typically listed with a key of `\"\"`, and all other packages are listed with their relative paths from the root project folder.", - "oneOf": [ - { - "$ref": "package-lock-2.json#/definitions/package", - "os": { - "$comment": "Added in npm v11", - "$ref": "package.json#/properties/os" - }, - "cpu": { - "$comment": "Added in npm v11", - "$ref": "package.json#/properties/cpu" - }, - "funding": { - "$comment": "Added in npm v11", - "$ref": "package.json#/properties/funding" - } - }, - { - "properties": { - "link": { - "$ref": "package-lock-2.json#/definitions/link", - "const": true + "patternProperties": { + "^.*$": { + "oneOf": [ + { + "$ref": "#/definitions/package" + }, + { + "properties": { + "link": { + "$ref": "package-lock-2.json#/definitions/link", + "const": true + } + }, + "required": ["link"] } - }, - "required": ["link"] + ] } - ] + } }, "requires": { "$ref": "package-lock-2.json#/properties/requires" From ab89f451a03c7e76b07c9ba7c6556fc9518fc25f Mon Sep 17 00:00:00 2001 From: Vessel9817 <151808241+Vessel9817@users.noreply.github.com> Date: Sun, 28 Jun 2026 23:22:09 -0400 Subject: [PATCH 29/30] Added undocumented properties and documentation references Signed-off-by: Vessel9817 <151808241+Vessel9817@users.noreply.github.com> --- src/schemas/json/package-lock-1.json | 83 +++++++++++++++++++++++----- src/schemas/json/package-lock-2.json | 60 +++++++++++++++----- src/schemas/json/package-lock-3.json | 42 +------------- src/schemas/json/package.json | 3 + 4 files changed, 119 insertions(+), 69 deletions(-) diff --git a/src/schemas/json/package-lock-1.json b/src/schemas/json/package-lock-1.json index 5c66c9fb563..21509889fa1 100644 --- a/src/schemas/json/package-lock-1.json +++ b/src/schemas/json/package-lock-1.json @@ -16,6 +16,39 @@ "description": "The version number of this document whose semantics were used when generating this lockfile.", "minimum": 1, "default": 3 + }, + "packageProperties": { + "properties": { + "deprecated": { + "description": "UNDOCUMENTED. A deprecation message. If present, indicates this package is deprecated.", + "type": "string" + }, + "devDependencies": { + "$comment": "https://docs.npmjs.com/cli/v11/configuring-npm/package-json#devdependencies", + "$ref": "package.json#/properties/devDependencies", + "description": "UNDOCUMENTED. Specifies dependencies that are required for the development and testing of the project. These dependencies are not needed in the production environment." + }, + "funding": { + "$comment": "Prior to npm v11, this field is UNDOCUMENTED. https://docs.npmjs.com/cli/v11/configuring-npm/package-json#funding", + "$ref": "package.json#/properties/funding", + "description": "Funding information for the package, as specified in `package.json`. This field contains details about how to support the package maintainers." + }, + "peerDependencies": { + "$comment": "https://docs.npmjs.com/cli/v11/configuring-npm/package-json#peerdependencies", + "$ref": "package.json#/properties/peerDependencies", + "description": "UNDOCUMENTED. Specifies dependencies that are required by the package but are expected to be provided by the consumer of the package." + }, + "os": { + "$comment": "Prior to npm v11, this field is UNDOCUMENTED. https://docs.npmjs.com/cli/v11/configuring-npm/package-json#os", + "$ref": "package.json#/properties/os", + "description": "An array of operating systems this package is compatible with, as specified in `package.json`. This field is included when the package specifies OS restrictions." + }, + "cpu": { + "$comment": "Prior to npm v11, this field is UNDOCUMENTED. https://docs.npmjs.com/cli/v11/configuring-npm/package-json#cpu", + "$ref": "package.json#/properties/cpu", + "description": "An array of CPU architectures this package is compatible with, as specified in `package.json`. This field is included when the package specifies CPU restrictions." + } + } } }, "properties": { @@ -23,46 +56,70 @@ "patternProperties": { "^.*$": { "$comment": "https://docs.npmjs.com/cli/v6/configuring-npm/package-lock-json#dependencies", + "$ref": "#/definitions/packageProperties", "type": "object", "additionalProperties": true, "description": "A mapping of package locations to an object containing information about that package. npm v7 ignores this section entirely if a `packages` section is present, but does keep it up to date in order to support switching between npm v6 and npm v7.", "properties": { - "version": { - "$ref": "#/properties/version", - "description": "This is a specifier that uniquely identifies this package and should be usable in fetching a new copy of it." - }, - "integrity": { - "$ref": "#/definitions/integrity" - }, - "resolved": { - "description": "For registry sources, this is path of the tarball relative to the registry URL. If the tarball URL isn't on the same server as the registry URL then this is a complete URL. For bundled dependencies, this is not included, regardless of source.", - "type": "string" + "dependencies": { + "$ref": "#/properties/dependencies", + "description": "The dependencies of this dependency, exactly as at the top level." }, "bundled": { + "$comment": "https://docs.npmjs.com/cli/v6/configuring-npm/package-lock-json#bundled", "description": "If `true`, this is the bundled dependency and will be installed by the parent module. When installing, this module will be extracted from the parent module during the extract phase, not installed as a separate dependency.", "type": "boolean" }, + "bundledDependencies": { + "$comment": "https://docs.npmjs.com/cli/v11/configuring-npm/package-json#bundledependencies", + "$ref": "package.json#/properties/bundledDependencies", + "description": "UNDOCUMENTED. DEPRECATED: This field is honored, but \"bundleDependencies\" is the correct field name. Ignored if \"bundleDependencies\" is also present." + }, + "bundleDependencies": { + "$comment": "https://docs.npmjs.com/cli/v11/configuring-npm/package-json#bundledependencies", + "$ref": "package.json#/properties/bundleDependencies", + "description": "UNDOCUMENTED. Array of package names that will be bundled when publishing the package." + }, "dev": { + "$comment": "https://docs.npmjs.com/cli/v6/configuring-npm/package-lock-json#dev", "description": "If `true`, then this dependency is either a development dependency ONLY of the top level module or a transitive dependency of one. This is `false` for dependencies that are both a development dependency of the top level and a transitive dependency of a non-development dependency of the top level.", "type": "boolean" }, "optional": { + "$comment": "https://docs.npmjs.com/cli/v6/configuring-npm/package-lock-json#optional", "description": "If `true`, then this dependency is either an optional dependency ONLY of the top level module or a transitive dependency of one. This is `false` for dependencies that are both an optional dependency of the top level and a transitive dependency of a non-optional dependency of the top level. All optional dependencies should be included even if they're uninstallable on the current platform.", "type": "boolean" }, + "integrity": { + "$comment": "https://docs.npmjs.com/cli/v6/configuring-npm/package-lock-json#integrity", + "$ref": "#/definitions/integrity" + }, + "peer": { + "$comment": "https://docs.npmjs.com/cli/v11/configuring-npm/package-lock-json#dependencies", + "description": "UNDOCUMENTED. A flag to indicate this package is a peer dependency.", + "type": "boolean" + }, + "resolved": { + "$comment": "https://docs.npmjs.com/cli/v6/configuring-npm/package-lock-json#resolved", + "description": "For registry sources, this is path of the tarball relative to the registry URL. If the tarball URL isn't on the same server as the registry URL then this is a complete URL. For bundled dependencies, this is not included, regardless of source.", + "type": "string" + }, "requires": { + "$comment": "https://docs.npmjs.com/cli/v6/configuring-npm/package-lock-json#requires", "description": "A mapping of module name to version. This is a list of everything this module requires, regardless of where it will be installed. The version should match, via normal matching rules, a dependency either in our `dependencies` or in a level higher than us.", "type": "object", "patternProperties": { "^.+$": { + "$comment": "https://docs.npmjs.com/cli/v6/configuring-npm/package-lock-json#requires", "type": "string", "description": "The version range for the dependency." } } }, - "dependencies": { - "$ref": "#/properties/dependencies", - "description": "The dependencies of this dependency, exactly as at the top level." + "version": { + "$comment": "https://docs.npmjs.com/cli/v6/configuring-npm/package-lock-json#version-1", + "$ref": "#/properties/version", + "description": "This is a specifier that uniquely identifies this package and should be usable in fetching a new copy of it." } } } diff --git a/src/schemas/json/package-lock-2.json b/src/schemas/json/package-lock-2.json index 4179a0d6dd2..c604d7af3c5 100644 --- a/src/schemas/json/package-lock-2.json +++ b/src/schemas/json/package-lock-2.json @@ -7,16 +7,43 @@ "type": "object", "definitions": { "link": { + "$comment": "https://docs.npmjs.com/cli/v11/configuring-npm/package-lock-json#packages", "description": "A flag to indicate that this is a symbolic link. If this is present, no other fields are specified, since the link target will also be included in the lockfile.", "type": "boolean" }, - "package": { + "linkedPackage": { + "properties": { + "link": { + "$ref": "#/definitions/link", + "const": true + } + }, + "required": ["link"] + }, + "packageProperties": { + "$ref": "package-json-1.json/#/definitions/packageProperties", + "properties": { + "peerDependenciesMeta": { + "$comment": "https://docs.npmjs.com/cli/v11/configuring-npm/package-json#peerdependenciesmeta", + "$ref": "package.json#/properties/peerDependenciesMeta", + "description": "UNDOCUMENTED. When a user installs your package, warnings are emitted if packages specified in \"peerDependencies\" are not already installed. The \"peerDependenciesMeta\" field serves to provide more information on how your peer dependencies are utilized. Most commonly, it allows peer dependencies to be marked as optional. Metadata for this field is specified with a simple hash of the package name to a metadata object." + }, + "workspaces": { + "$comment": "https://docs.npmjs.com/cli/v11/configuring-npm/package-json#workspaces", + "$ref": "package.json#/properties/workspaces", + "description": "UNDOCUMENTED. Allows packages within a directory to depend on one another using direct linking of local files. Additionally, dependencies within a workspace are hoisted to the workspace root when possible to reduce duplication. Note: It's also a good idea to set \"private\" to true when using this feature." + } + } + }, + "unlinkedPackage": { "properties": { "bin": { + "$comment": "https://docs.npmjs.com/cli/v11/configuring-npm/package-json#bin", "$ref": "package.json#/properties/bin", "description": "Matches the `bin` field set in package.json" }, "dependencies": { + "$comment": "https://docs.npmjs.com/cli/v11/configuring-npm/package-json#dependencies", "$ref": "package.json#/properties/dependencies", "description": "Matches the `dependencies` field set in package.json" }, @@ -29,6 +56,7 @@ "type": "boolean" }, "engines": { + "$comment": "https://docs.npmjs.com/cli/v11/configuring-npm/package-json#engines", "$ref": "package.json#/properties/engines", "description": "Matches the `engines` field set in package.json" }, @@ -49,6 +77,7 @@ "description": "A `sha512` or `sha1` SRI for the artifact that was unpacked in this location. For git dependencies, this is the commit hash." }, "license": { + "$comment": "https://docs.npmjs.com/cli/v11/configuring-npm/package-json#license", "$ref": "package.json#/properties/license", "description": "Matches the `license` field set in package.json" }, @@ -57,20 +86,24 @@ "const": false }, "optional": { + "$comment": "https://docs.npmjs.com/cli/v11/configuring-npm/package-lock-json#packages", "description": "A flag to indicate this this package is either an `optional` dependency of a `dev` dependency, or strictly part of the `optionalDependencies` tree and not a `dev` dependency.", "type": "boolean" }, "optionalDependencies": { + "$comment": "https://docs.npmjs.com/cli/v11/configuring-npm/package-json#optionaldependencies", "$ref": "package.json#/properties/optionalDependencies", - "description": "Matches the `optionalDependencies` field set in package.json" + "description": "Matches the `optionalDependencies` field set in `package.json`" }, "resolved": { + "$comment": "https://docs.npmjs.com/cli/v11/configuring-npm/package-lock-json#packages", "description": "For registry sources, this is path of the tarball relative to the registry URL. If the tarball URL isn't on the same server as the registry URL then this is a complete URL. For bundled dependencies, this is not included, regardless of source.", "type": "string" }, "version": { + "$comment": "https://docs.npmjs.com/cli/v11/configuring-npm/package-lock-json#packages", "$ref": "#/properties/version", - "description": "This is a specifier that uniquely identifies this package and should be usable in fetching a new copy of it." + "description": "The version found in `package.json`" } }, "required": ["version"] @@ -78,46 +111,43 @@ }, "properties": { "dependencies": { + "$comment": "https://docs.npmjs.com/cli/v11/configuring-npm/package-lock-json#dependencies", "$ref": "package-lock-1.json#/properties/dependencies" }, "name": { + "$comment": "https://docs.npmjs.com/cli/v11/configuring-npm/package-lock-json#name", "$ref": "package-lock-1.json#/properties/name" }, - "link": { - "description": "A flag to indicate that this is a symbolic link. If this is present, no other fields are specified, since the link target will also be included in the lockfile.", - "type": "boolean" - }, "lockfileVersion": { + "$comment": "https://docs.npmjs.com/cli/v8/configuring-npm/package-lock-json#lockfileversion", "$ref": "package-lock-1.json#/definitions/lockfileVersion", "const": 2 }, "packages": { + "$comment": "https://docs.npmjs.com/cli/v11/configuring-npm/package-lock-json#packages", "type": "object", "additionalProperties": true, "description": "A mapping of package locations to an object containing information about that package. The root project is typically listed with a key of `\"\"`, and all other packages are listed with their relative paths from the root project folder.", "patternProperties": { "^.*$": { + "$comment": "https://docs.npmjs.com/cli/v11/configuring-npm/package-lock-json#packages", "oneOf": [ { - "$ref": "#/definitions/package" + "$ref": "#/definitions/unlinkedPackage" }, { - "properties": { - "link": { - "$ref": "#/definitions/link", - "const": true - } - }, - "required": ["link"] + "$ref": "#/definitions/linkedPackage" } ] } } }, "requires": { + "$comment": "https://docs.npmjs.com/cli/v11/configuring-npm/package-lock-json#dependencies", "$ref": "package-lock-1.json#/properties/requires" }, "version": { + "$comment": "https://docs.npmjs.com/cli/v11/configuring-npm/package-lock-json#dependencies", "$ref": "package-lock-1.json#/properties/version" } }, diff --git a/src/schemas/json/package-lock-3.json b/src/schemas/json/package-lock-3.json index d20346f3cd2..db4803bcf64 100644 --- a/src/schemas/json/package-lock-3.json +++ b/src/schemas/json/package-lock-3.json @@ -5,26 +5,8 @@ "additionalProperties": true, "description": "NPM package lockfile, version 3", "type": "object", - "definitions": { - "package": { - "$ref": "package-lock-2.json#/definitions/package", - "os": { - "$comment": "Added in npm v11", - "$ref": "package.json#/properties/os" - }, - "cpu": { - "$comment": "Added in npm v11", - "$ref": "package.json#/properties/cpu" - }, - "funding": { - "$comment": "Added in npm v11", - "$ref": "package.json#/properties/funding" - } - } - }, "properties": { "name": { - "$comment": "https://docs.npmjs.com/cli/v11/configuring-npm/package-lock-json#name", "$ref": "package-lock-2.json#/properties/name" }, "lockfileVersion": { @@ -33,34 +15,12 @@ "const": 3 }, "packages": { - "$comment": "https://docs.npmjs.com/cli/v11/configuring-npm/package-lock-json#packages", - "type": "object", - "additionalProperties": true, - "description": "A mapping of package locations to an object containing information about that package. The root project is typically listed with a key of `\"\"`, and all other packages are listed with their relative paths from the root project folder.", - "patternProperties": { - "^.*$": { - "oneOf": [ - { - "$ref": "#/definitions/package" - }, - { - "properties": { - "link": { - "$ref": "package-lock-2.json#/definitions/link", - "const": true - } - }, - "required": ["link"] - } - ] - } - } + "$ref": "package-lock-2.json#/properties/packages" }, "requires": { "$ref": "package-lock-2.json#/properties/requires" }, "version": { - "$comment": "https://docs.npmjs.com/cli/v11/configuring-npm/package-lock-json#version", "$ref": "package-lock-2.json#/properties/version" } }, diff --git a/src/schemas/json/package.json b/src/schemas/json/package.json index acc169ca345..fa1b99349b0 100644 --- a/src/schemas/json/package.json +++ b/src/schemas/json/package.json @@ -901,6 +901,8 @@ } }, "engineStrict": { + "$comment": "Removed in npm v3", + "description": "DEPRECATED. A flag that indicates this package should be treated as if the user had set `engine-strict`.", "type": "boolean" }, "os": { @@ -994,6 +996,7 @@ } }, "preferGlobal": { + "$comment": "Removed in npm v7", "type": "boolean", "description": "DEPRECATED: This option used to trigger an npm warning, but it will no longer warn. It is purely there for informational purposes. It is now recommended that you install any binaries as local devDependencies wherever possible." }, From 2bac5f4b746ba4e00ee87334d4c5c261d14d805b Mon Sep 17 00:00:00 2001 From: Vessel9817 <151808241+Vessel9817@users.noreply.github.com> Date: Mon, 29 Jun 2026 21:24:31 -0400 Subject: [PATCH 30/30] Added some tests Signed-off-by: Vessel9817 <151808241+Vessel9817@users.noreply.github.com> --- src/test/package-lock-1/dependencies.json | 6 ++++++ src/test/package-lock-1/dependencyIntegrity.json | 11 +++++++++++ src/test/package-lock-1/dependencyVersion.json | 10 ++++++++++ src/test/package-lock-1/general.json | 3 +++ src/test/package-lock-1/name.json | 5 +++++ src/test/package-lock-1/packageIntegrity.json | 1 - src/test/package-lock-1/preserveSymlinks.json | 1 - src/test/package-lock-1/requires.json | 1 - src/test/package-lock-1/version.json | 5 +++++ 9 files changed, 40 insertions(+), 3 deletions(-) create mode 100644 src/test/package-lock-1/dependencies.json create mode 100644 src/test/package-lock-1/dependencyIntegrity.json create mode 100644 src/test/package-lock-1/dependencyVersion.json create mode 100644 src/test/package-lock-1/name.json create mode 100644 src/test/package-lock-1/version.json diff --git a/src/test/package-lock-1/dependencies.json b/src/test/package-lock-1/dependencies.json new file mode 100644 index 00000000000..bd1d4f7cfd3 --- /dev/null +++ b/src/test/package-lock-1/dependencies.json @@ -0,0 +1,6 @@ +{ + "dependencies": {}, + "lockfileVersion": 1, + "name": "a", + "version": "0.0.0" +} diff --git a/src/test/package-lock-1/dependencyIntegrity.json b/src/test/package-lock-1/dependencyIntegrity.json new file mode 100644 index 00000000000..86086769443 --- /dev/null +++ b/src/test/package-lock-1/dependencyIntegrity.json @@ -0,0 +1,11 @@ +{ + "dependencies": { + "hoek": { + "integrity": "sha512-v0XCLxICi9nPfYrS9RL8HbYnXi9obYAeLbSP00BmnZwCK9+Ih9WOjoZ8YoHCoav2csqn4FOz4Orldsy2dmDwmQ==", + "version": "4.2.0" + } + }, + "lockfileVersion": 1, + "name": "a", + "version": "0.0.0" +} diff --git a/src/test/package-lock-1/dependencyVersion.json b/src/test/package-lock-1/dependencyVersion.json new file mode 100644 index 00000000000..fac28865361 --- /dev/null +++ b/src/test/package-lock-1/dependencyVersion.json @@ -0,0 +1,10 @@ +{ + "dependencies": { + "@types/test": { + "version": "1.2.3" + } + }, + "lockfileVersion": 1, + "name": "a", + "version": "0.0.0" +} diff --git a/src/test/package-lock-1/general.json b/src/test/package-lock-1/general.json index 8fe86a8c20e..fc7208ee60c 100644 --- a/src/test/package-lock-1/general.json +++ b/src/test/package-lock-1/general.json @@ -34,6 +34,9 @@ }, "boom": { "dependencies": { + "body-parser": { + "link": true + }, "hoek": { "dev": true, "integrity": "sha512-v0XCLxICi9nPfYrS9RL8HbYnXi9obYAeLbSP00BmnZwCK9+Ih9WOjoZ8YoHCoav2csqn4FOz4Orldsy2dmDwmQ==", diff --git a/src/test/package-lock-1/name.json b/src/test/package-lock-1/name.json new file mode 100644 index 00000000000..97e46bc0b72 --- /dev/null +++ b/src/test/package-lock-1/name.json @@ -0,0 +1,5 @@ +{ + "lockfileVersion": 1, + "name": "@is-(unknown)/is-one", + "version": "0.0.0" +} diff --git a/src/test/package-lock-1/packageIntegrity.json b/src/test/package-lock-1/packageIntegrity.json index eae01d9fe7e..ba794eb58e4 100644 --- a/src/test/package-lock-1/packageIntegrity.json +++ b/src/test/package-lock-1/packageIntegrity.json @@ -1,5 +1,4 @@ { - "dependencies": {}, "lockfileVersion": 1, "name": "test", "packageIntegrity": "sha512-Q2bFTOhEALkN8hOms2FKTDLy7eugP2zFZ1T8LCvX42Fp3WoNr3bjZSAHeOsHrbV1Fu9/A0EzCinRE7Af1ofPrw==", diff --git a/src/test/package-lock-1/preserveSymlinks.json b/src/test/package-lock-1/preserveSymlinks.json index 8b47b445f23..c5dcf3792c5 100644 --- a/src/test/package-lock-1/preserveSymlinks.json +++ b/src/test/package-lock-1/preserveSymlinks.json @@ -1,5 +1,4 @@ { - "dependencies": {}, "lockfileVersion": 1, "name": "test", "preserveSymlinks": "abcd", diff --git a/src/test/package-lock-1/requires.json b/src/test/package-lock-1/requires.json index e26ddfbe019..dc71cdc8eba 100644 --- a/src/test/package-lock-1/requires.json +++ b/src/test/package-lock-1/requires.json @@ -1,5 +1,4 @@ { - "dependencies": {}, "lockfileVersion": 1, "name": "a", "requires": true, diff --git a/src/test/package-lock-1/version.json b/src/test/package-lock-1/version.json new file mode 100644 index 00000000000..7c1ae7599e0 --- /dev/null +++ b/src/test/package-lock-1/version.json @@ -0,0 +1,5 @@ +{ + "lockfileVersion": 1, + "name": "a", + "version": "2.1.0-beta.6" +}