From 2ce23baf53b1ce7d11b8efb80c598ddaf9cef9e7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Kat=20March=C3=A1n?= <kzm@zkat.tech>
Date: Mon, 18 Feb 2019 14:58:47 -0800
Subject: [PATCH] lock-verify@2.1.0

Adds support for package aliases
---
 node_modules/lock-verify/index.js     | 14 ++++++++---
 node_modules/lock-verify/package.json | 35 +++++++++++++--------------
 package-lock.json                     |  8 +++---
 package.json                          |  2 +-
 4 files changed, 33 insertions(+), 26 deletions(-)

diff --git a/node_modules/lock-verify/index.js b/node_modules/lock-verify/index.js
index 22721329134d7..cf673888faf01 100644
--- a/node_modules/lock-verify/index.js
+++ b/node_modules/lock-verify/index.js
@@ -36,9 +36,17 @@ function lockVerify(check) {
         if (spec.registry) {
           // Can't match tags to package-lock w/o network
           if (spec.type === 'tag') return
-          if (!semver.satisfies(lock.version, spec.fetchSpec)) {
-            errors.push("Invalid: lock file's " + name + '@' + lock.version + ' does not satisfy ' + name + '@' + spec.fetchSpec)
-            return
+          if (spec.type === 'alias') {
+            const lockSpec = npa.resolve(name, lock.version)
+            if (!semver.satisfies(lockSpec.subSpec.fetchSpec, spec.subSpec.fetchSpec)) {
+              errors.push("Invalid: lock file's " + name + '@' + lock.version + ' does not satisfy ' + name + '@' + spec.rawSpec)
+              return
+            }
+          } else {
+            if (!semver.satisfies(lock.version, spec.fetchSpec)) {
+              errors.push("Invalid: lock file's " + name + '@' + lock.version + ' does not satisfy ' + name + '@' + spec.fetchSpec)
+              return
+            }
           }
         } else if (spec.type === 'git') {
           // can't verify git w/o network
diff --git a/node_modules/lock-verify/package.json b/node_modules/lock-verify/package.json
index 0f2002f549e5a..621c12fb76e87 100644
--- a/node_modules/lock-verify/package.json
+++ b/node_modules/lock-verify/package.json
@@ -1,33 +1,30 @@
 {
-  "_args": [
-    [
-      "lock-verify@2.0.2",
-      "/Users/rebecca/code/npm"
-    ]
-  ],
-  "_from": "lock-verify@2.0.2",
-  "_id": "lock-verify@2.0.2",
+  "_from": "lock-verify@2.1.0",
+  "_id": "lock-verify@2.1.0",
   "_inBundle": false,
-  "_integrity": "sha512-QNVwK0EGZBS4R3YQ7F1Ox8p41Po9VGl2QG/2GsuvTbkJZYSsPeWHKMbbH6iZMCHWSMww5nrJroZYnGzI4cePuw==",
+  "_integrity": "sha512-vcLpxnGvrqisKvLQ2C2v0/u7LVly17ak2YSgoK4PrdsYBXQIax19vhKiLfvKNFx7FRrpTnitrpzF/uuCMuorIg==",
   "_location": "/lock-verify",
   "_phantomChildren": {},
   "_requested": {
     "type": "version",
     "registry": true,
-    "raw": "lock-verify@2.0.2",
+    "raw": "lock-verify@2.1.0",
     "name": "lock-verify",
     "escapedName": "lock-verify",
-    "rawSpec": "2.0.2",
+    "rawSpec": "2.1.0",
     "saveSpec": null,
-    "fetchSpec": "2.0.2"
+    "fetchSpec": "2.1.0"
   },
   "_requiredBy": [
+    "#USER",
     "/",
-    "/libcipm"
+    "/libcipm",
+    "/libnpm"
   ],
-  "_resolved": "https://registry.npmjs.org/lock-verify/-/lock-verify-2.0.2.tgz",
-  "_spec": "2.0.2",
-  "_where": "/Users/rebecca/code/npm",
+  "_resolved": "https://registry.npmjs.org/lock-verify/-/lock-verify-2.1.0.tgz",
+  "_shasum": "fff4c918b8db9497af0c5fa7f6d71555de3ceb47",
+  "_spec": "lock-verify@2.1.0",
+  "_where": "/Users/zkat/Documents/code/work/npm",
   "author": {
     "name": "Rebecca Turner",
     "email": "me@re-becca.org",
@@ -36,10 +33,12 @@
   "bugs": {
     "url": "https://github.com/iarna/lock-verify/issues"
   },
+  "bundleDependencies": false,
   "dependencies": {
-    "npm-package-arg": "^5.1.2 || 6",
+    "npm-package-arg": "^6.1.0",
     "semver": "^5.4.1"
   },
+  "deprecated": false,
   "description": "Report if your package.json is out of sync with your package-lock.json.",
   "devDependencies": {
     "@iarna/cli": "^1.2.0"
@@ -59,5 +58,5 @@
   "scripts": {
     "test": "echo \"Error: no test specified\" && exit 1"
   },
-  "version": "2.0.2"
+  "version": "2.1.0"
 }
diff --git a/package-lock.json b/package-lock.json
index eefd8067bbce2..11cefb7f720ab 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -2812,11 +2812,11 @@
       }
     },
     "lock-verify": {
-      "version": "2.0.2",
-      "resolved": "https://registry.npmjs.org/lock-verify/-/lock-verify-2.0.2.tgz",
-      "integrity": "sha512-QNVwK0EGZBS4R3YQ7F1Ox8p41Po9VGl2QG/2GsuvTbkJZYSsPeWHKMbbH6iZMCHWSMww5nrJroZYnGzI4cePuw==",
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/lock-verify/-/lock-verify-2.1.0.tgz",
+      "integrity": "sha512-vcLpxnGvrqisKvLQ2C2v0/u7LVly17ak2YSgoK4PrdsYBXQIax19vhKiLfvKNFx7FRrpTnitrpzF/uuCMuorIg==",
       "requires": {
-        "npm-package-arg": "^5.1.2 || 6",
+        "npm-package-arg": "^6.1.0",
         "semver": "^5.4.1"
       }
     },
diff --git a/package.json b/package.json
index d08661a8e8f0e..6920c329af406 100644
--- a/package.json
+++ b/package.json
@@ -76,7 +76,7 @@
     "libnpm": "^2.0.1",
     "libnpmhook": "^5.0.2",
     "libnpx": "^10.2.0",
-    "lock-verify": "^2.0.2",
+    "lock-verify": "^2.1.0",
     "lockfile": "^1.0.4",
     "lodash._baseuniq": "~4.6.0",
     "lodash.clonedeep": "~4.5.0",