-
Notifications
You must be signed in to change notification settings - Fork 65
/
lavamoat-policy.v0-0-1.schema.ts
130 lines (110 loc) · 2.85 KB
/
lavamoat-policy.v0-0-1.schema.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
import { RequireAtLeastOne } from 'type-fest'
import { LavamoatModuleRecord } from '../moduleRecord'
/**
* Schema for LavaMoat policy files
*/
export type LavaMoatPolicy = RequireAtLeastOne<
PartialLavaMoatPolicy,
'resources' | 'resolutions'
>
export type LavaMoatPolicyOverrides = PartialLavaMoatPolicy
export type LavaMoatPolicyDebug = LavaMoatPolicy & {
debugInfo: Record<string, DebugInfo>
}
export interface PartialLavaMoatPolicy {
resources?: Resources
resolutions?: Resolutions
}
export interface DebugInfo {
/**
* @todo This is an array of `@babel/parser`'s `ParseError`. To use it
* directly we'd need to add `@babel/parser` as a production dependency of
* `lavamoat-tofu`, and I don't want to do that right now.
*/
parseErrors?: { code: string; reasonCode: string }[]
moduleRecord: Omit<LavamoatModuleRecord, 'ast'>
/**
* @todo Move these types into lavamoat-tofu
*/
sesCompat: SesCompat
globals: Record<string, boolean>
builtin: string[]
}
export interface SesCompat {
dynamicRequires: SesCompatObj[]
primordialMutations: SesCompatObj[]
strictModeViolations: SesCompatObj[]
}
export interface SesCompatObj {
node: SesCompatNode
}
export interface SesCompatNode {
loc: SesCompatNodeLocation
}
export interface SesCompatNodeLocation {
start: NodeLocation
end: NodeLocation
}
export interface NodeLocation {
column: number
index: number
line: number
}
/**
* @deprecated - Use `true` instead
*/
export type GlobalPolicyRead = 'read'
export type GlobalPolicyWrite = 'write'
export type GlobalPolicyValue = GlobalPolicyRead | GlobalPolicyWrite | boolean
/**
* Describe the resources available to your application and direct dependencies
*/
export interface Resources {
[k: string]: ResourcePolicy
}
export interface ResourcePolicy {
globals?: GlobalPolicy
builtin?: BuiltinPolicy
packages?: PackagePolicy
/**
* Allow native modules
*/
native?: boolean
}
/**
* Globals (including properties using dot notation) accessible to the module;
* `true` to allow and `false` to deny
*/
export interface GlobalPolicy {
[k: string]: GlobalPolicyValue
}
/**
* Node.js builtins (including properties using dot notation); `true` to allow
* and `false` to deny
*/
export interface BuiltinPolicy {
[k: string]: boolean
}
/**
* Additional external packages (in their entirety) accessible to the module;
* `true` to allow and `false` to deny
*/
export interface PackagePolicy {
[k: string]: PackagePolicyValue
}
/**
* Custom run-time module resolutions by direct dependency
*/
export interface Resolutions {
/**
* The key is the dependency name
*/
[k: string]: {
/**
* The key is the original module path and the value is the new module path
*/
[k: string]: string
}
}
export type PackagePolicyValue = DynamicPkgPolicy | boolean
export type DynamicPkgPolicy = 'dynamic'