mirror of
https://github.com/zhigang1992/wallet.git
synced 2026-01-13 09:40:36 +08:00
31 lines
936 B
JavaScript
31 lines
936 B
JavaScript
const core = require('@actions/core');
|
|
const appPackage = require('../../../package.json');
|
|
|
|
const illegalVersionSymbol = ['~', '^', '>', '<'];
|
|
|
|
function containsIllegalChar(input) {
|
|
return illegalVersionSymbol.some(symbol => input.includes(symbol));
|
|
}
|
|
|
|
(async () => {
|
|
try {
|
|
const dependencies = appPackage.dependencies;
|
|
const devDependencies = appPackage.devDependencies;
|
|
|
|
const allPackages = [...Object.entries(dependencies), ...Object.entries(devDependencies)];
|
|
|
|
const illegalPackages = allPackages
|
|
.filter(([package, version]) => containsIllegalChar(version))
|
|
.map(([package, version]) => ({ package, version }));
|
|
|
|
if (illegalPackages.length > 0) {
|
|
core.setFailed(`
|
|
There are packages with non-exact versions defined. This presents a security risk.
|
|
${JSON.stringify(illegalPackages, null, 2)}
|
|
`);
|
|
}
|
|
} catch (error) {
|
|
core.setFailed(error.message);
|
|
}
|
|
})();
|