feat(repo): add lock file linting to commit check, PR and nightly (#11071)

.circleci/config.yml

@@ -173,6 +173,7 @@ jobs:
       - run: npx nx-cloud record yarn check-imports
       - run: npx nx-cloud record yarn nx format:check --base=$NX_BASE --head=$NX_HEAD
       - run: npx nx-cloud record yarn check-commit
+      - run: npx nx-cloud record yarn check-lock-files
       - run: npx nx-cloud record yarn depcheck
       - run:
           name: Check Documentation

.github/workflows/npm-audit.yml

@@ -15,6 +15,9 @@ jobs:
     - name: Run a security audit
       run: npx audit-ci --critical --report-type summary
 
+    - name: Check lock file for invalid hosts
+      run: yarn lockfile-lint -s -n -p yarn.lock -a hosts yarn npm
+
     - name: Report Status
       if: ${{ always() && github.repository_owner == 'nrwl' }}
       uses: ravsamhq/notify-slack-action@v1

package.json

@@ -182,6 +182,7 @@
     "less-loader": "^10.1.0",
     "license-webpack-plugin": "^4.0.2",
     "loader-utils": "1.2.3",
+    "lockfile-lint": "^4.7.6",
     "memfs": "^3.0.1",
     "metro-resolver": "^0.71.2",
     "mime": "2.4.4",
@@ -305,4 +306,3 @@
     "minimist": "^1.2.6"
   }
 }
-

scripts/check-lock-files.js

@@ -22,13 +22,24 @@ function checkLockFiles() {
   } catch {
     errors.push('The "yarn.lock" does not exist or cannot be read');
   }
+  try {
+    require('child_process').execSync(
+      'yarn lockfile-lint -s -n -p yarn.lock -a hosts yarn npm',
+      { encoding: 'utf-8', stdio: 'pipe' }
+    );
+  } catch ({ stderr }) {
+    const errorLines = stderr.split('\n').slice(0, -4).join('\n');
+    errors.push(errorLines);
+  }
   return errors;
 }
 
+console.log('🔒🔒🔒 Validating lock files 🔒🔒🔒\n');
 const invalid = checkLockFiles();
 if (invalid.length > 0) {
   invalid.forEach((e) => console.log(e));
   process.exit(1);
 } else {
+  console.log('Lock file is valid 👍');
   process.exit(0);
 }

yarn.lock

@@ -2755,7 +2755,7 @@
 
 "@jest/create-cache-key-function@^27.4.2":
   version "27.5.1"
-  resolved "https://registry.yarnpkg.com/@jest%2fcreate-cache-key-function/-/create-cache-key-function-27.5.1.tgz#7448fae15602ea95c828f5eceed35c202a820b31"
+  resolved "https://registry.yarnpkg.com/@jest/create-cache-key-function/-/create-cache-key-function-27.5.1.tgz#7448fae15602ea95c828f5eceed35c202a820b31"
   integrity sha512-dmH1yW+makpTSURTy8VzdUwFnfQh1G8R+DxO2Ho2FFmBbKFEVm+3jWdvFhE2VqB/LATCTokkP0dotjyQyw5/AQ==
   dependencies:
     "@jest/types" "^27.5.1"
@@ -7097,6 +7097,14 @@
   resolved "https://registry.yarnpkg.com/@yarnpkg/lockfile/-/lockfile-1.1.0.tgz#e77a97fbd345b76d83245edcd17d393b1b41fb31"
   integrity sha512-GpSwvyXOcOOlV70vbnzjj4fW5xW/FdUF6nQEt1ENy7m4ZCczi1+/buVUPAqmGfqznsORNFzUMjctTIp8a9tuCQ==
 
+"@yarnpkg/parsers@^3.0.0-rc.6":
+  version "3.0.0-rc.11"
+  resolved "https://registry.yarnpkg.com/@yarnpkg/parsers/-/parsers-3.0.0-rc.11.tgz#4c2e69f3c904693eea58a8999ca9a189b0d78b41"
+  integrity sha512-qQ2EBj1lRA2iB1SwcyvGI53w5TlEBMgJ/hAR42ts+6bKK/am/xQoozQxtBiqodAyphIGVSm3sfQmQXN2pjMlNA==
+  dependencies:
+    js-yaml "^3.10.0"
+    tslib "^1.13.0"
+
 JSONStream@1.3.5, JSONStream@^1.0.4:
   version "1.3.5"
   resolved "https://registry.yarnpkg.com/JSONStream/-/JSONStream-1.3.5.tgz#3208c1f08d3a4d99261ab64f92302bc15e111ca0"
@@ -15926,7 +15934,7 @@ js-yaml@4.1.0, js-yaml@^4.1.0:
   dependencies:
     argparse "^2.0.1"
 
-js-yaml@^3.13.1, js-yaml@^3.14.0:
+js-yaml@^3.10.0, js-yaml@^3.13.1, js-yaml@^3.14.0:
   version "3.14.1"
   resolved "https://registry.yarnpkg.com/js-yaml/-/js-yaml-3.14.1.tgz#dae812fdb3825fa306609a8717383c50c36a0537"
   integrity sha512-okMH7OXXJ7YrN9Ok3/SXrnu4iX9yOk+25nqX4imS2npuvTYDmo/QEZoqwZkYaIDk3jVvBOTOIEgEhaLOynBS9g==
@@ -16663,6 +16671,24 @@ locate-path@^6.0.0:
   dependencies:
     p-locate "^5.0.0"
 
+lockfile-lint-api@^5.2.6:
+  version "5.2.6"
+  resolved "https://registry.yarnpkg.com/lockfile-lint-api/-/lockfile-lint-api-5.2.6.tgz#379af13945c2cf7ee79cdad0fe11852afbfe9a49"
+  integrity sha512-FY9DRVKH83P5qMqepVlJDUCSstts/4mW0wpB+rC9yEHHyYn4hHaRBnCqaC9/Qk2JITIQlArrO/eBwoEOnSE84Q==
+  dependencies:
+    "@yarnpkg/parsers" "^3.0.0-rc.6"
+    object-hash "^2.0.1"
+
+lockfile-lint@^4.7.6:
+  version "4.7.6"
+  resolved "https://registry.yarnpkg.com/lockfile-lint/-/lockfile-lint-4.7.6.tgz#97ebf8c70838404f1f1a4cfb6f08b98e6e847b18"
+  integrity sha512-vk1EgNh+fkaFWvnrQ/wDMflbkBS0zHx/z0ZjbkMiYObR9rT29AhSHLH6cH52/QG7UqHqSCa64uu8j/nXYubmkQ==
+  dependencies:
+    cosmiconfig "^6.0.0"
+    debug "^4.1.1"
+    lockfile-lint-api "^5.2.6"
+    yargs "^16.0.0"
+
 lockfile@1.0.4:
   version "1.0.4"
   resolved "https://registry.yarnpkg.com/lockfile/-/lockfile-1.0.4.tgz#07f819d25ae48f87e538e6578b6964a4981a5609"
@@ -18268,7 +18294,7 @@ object-hash@3.0.0:
   resolved "https://registry.yarnpkg.com/object-hash/-/object-hash-3.0.0.tgz#73f97f753e7baffc0e2cc9d6e079079744ac82e9"
   integrity sha512-RSn9F68PjH9HqtltsSnqYC1XXoWe9Bju5+213R98cNGttag9q9yAOTzdbsqvIa7aNm5WffBZFpWYr2aWrklWAw==
 
-object-hash@^2.2.0:
+object-hash@^2.0.1, object-hash@^2.2.0:
   version "2.2.0"
   resolved "https://registry.yarnpkg.com/object-hash/-/object-hash-2.2.0.tgz#5ad518581eefc443bd763472b8ff2e9c2c0d54a5"
   integrity sha512-gScRMn0bS5fH+IuwyIFgnh9zBdo4DV+6GhygmWM9HyNJSgS0hScp1f5vjtm7oIIOiT9trXrShAkLFSc2IqKNgw==
@@ -24951,7 +24977,7 @@ yargs@17.4.1:
     y18n "^5.0.5"
     yargs-parser "^21.0.0"
 
-yargs@^16.1.0, yargs@^16.2.0:
+yargs@^16.0.0, yargs@^16.1.0, yargs@^16.2.0:
   version "16.2.0"
   resolved "https://registry.yarnpkg.com/yargs/-/yargs-16.2.0.tgz#1c82bf0f6b6a66eafce7ef30e376f49a12477f66"
   integrity sha512-D1mvvtDG0L5ft/jGWkLpG1+m0eQxOfaBvTNELraWj22wSVUMWxZUvYgJYcKh6jGGIkJFhH4IZPQhR4TKpc8mBw==