Merge pull request oclif#1311 from oclif/mdonnalley/validate-pkg-name

fix: validate package name and bin
appfolio · Mar 4, 2024 · a80b8c7 · a80b8c7
2 parents 30f24dd + d9ed853
commit a80b8c7
Show file tree

Hide file tree

Showing 5 changed files with 47 additions and 1 deletion.
diff --git a/package.json b/package.json
@@ -25,6 +25,7 @@
     "normalize-package-data": "^3.0.3",
     "semver": "^7.6.0",
     "sort-package-json": "^2.8.0",
+    "validate-npm-package-name": "^5.0.0",
     "yeoman-environment": "^3.15.1",
     "yeoman-generator": "^5.8.0"
   },
@@ -43,6 +44,7 @@
     "@types/node": "^18",
     "@types/semver": "^7.5.7",
     "@types/shelljs": "^0.8.11",
+    "@types/validate-npm-package-name": "^4.0.2",
     "@types/yeoman-generator": "^5.2.11",
     "chai": "^4.4.1",
     "commitlint": "^18",

diff --git a/src/generators/cli.ts b/src/generators/cli.ts
@@ -2,9 +2,10 @@ import {Interfaces} from '@oclif/core'
 import {execSync} from 'node:child_process'
 import * as fs from 'node:fs'
 import * as path from 'node:path'
+import validatePkgName from 'validate-npm-package-name'
 import Generator from 'yeoman-generator'
 
-import {compact, isEmpty, uniq} from '../util'
+import {compact, isEmpty, uniq, validateBin} from '../util'
 
 const debug = require('debug')('generator-oclif')
 const {version} = require('../../package.json')
@@ -159,12 +160,14 @@ export default class CLI extends Generator {
             message: 'npm package name',
             name: 'name',
             type: 'input',
+            validate: (d: string) => validatePkgName(d).validForNewPackages || 'Invalid package name',
           },
           {
             default: (answers: {name: string}) => answers.name,
             message: 'command bin name the CLI will export',
             name: 'bin',
             type: 'input',
+            validate: (d: string) => validateBin(d) || 'Invalid bin name',
           },
           {
             default: defaults.description,

diff --git a/src/util.ts b/src/util.ts
@@ -115,3 +115,7 @@ export async function checkFor7Zip() {
 export function isEmpty(obj: Record<string, unknown>): boolean {
   return Object.keys(obj).length === 0
 }
+
+export function validateBin(bin: string): boolean {
+  return /^[\w-]+$/.test(bin)
+}
diff --git a/test/unit/util.test.ts b/test/unit/util.test.ts
@@ -0,0 +1,32 @@
+import {expect} from 'chai'
+
+import {validateBin} from '../../src/util'
+
+describe('validateBin', () => {
+  const validBins = [
+    'foo',
+    'foo-bar',
+    'foo-bar_baz',
+    'foo_bar',
+    'foo123',
+    '123foo',
+    'foo-bar-',
+    'foo_bar_',
+    '-foo-bar',
+    '_foo_bar',
+    '123',
+  ]
+
+  const invalidBins = ['foo bar', 'foo!bar']
+  it('should return true for valid bins', () => {
+    for (const bin of validBins) {
+      expect(validateBin(bin), `${bin} to be valid`).to.be.true
+    }
+  })
+
+  it('should return false for invalid bins', () => {
+    for (const bin of invalidBins) {
+      expect(validateBin(bin), `${bin} to be invalid`).to.be.false
+    }
+  })
+})
diff --git a/yarn.lock b/yarn.lock
@@ -2785,6 +2785,11 @@
   dependencies:
     "@types/node" "*"
 
+"@types/validate-npm-package-name@^4.0.2":
+  version "4.0.2"
+  resolved "https://registry.yarnpkg.com/@types/validate-npm-package-name/-/validate-npm-package-name-4.0.2.tgz#df0f7dac25df7761f7476605ddac54cb1abda26e"
+  integrity sha512-lrpDziQipxCEeK5kWxvljWYhUvOiB2A9izZd9B2AFarYAkqZshb4lPbRs7zKEic6eGtH8V/2qJW+dPp9OtF6bw==
+
 "@types/vinyl@*", "@types/vinyl@^2.0.4":
   version "2.0.11"
   resolved "https://registry.yarnpkg.com/@types/vinyl/-/vinyl-2.0.11.tgz#b95a5bb007e7a0a61dad5a8971dc9922abbc2629"