-
Notifications
You must be signed in to change notification settings - Fork 66
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat(core): add a schema for policy files
- Loading branch information
Showing
1 changed file
with
93 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,93 @@ | ||
{ | ||
"$schema": "http://json-schema.org/draft-07/schema#", | ||
"title": "LavaMoat Policy Schema", | ||
"$id": "lavamoat-policy.v0-0-1", | ||
"type": "object", | ||
"description": "Schema for LavaMoat policy files", | ||
"properties": { | ||
"resources": { | ||
"description": "Describe the resources available to your application and direct dependencies", | ||
"title": "Resources", | ||
"type": "object", | ||
"$comment": "This one or more valid npm package names delimited by a \">\" character", | ||
"patternProperties": { | ||
"^(@[a-z0-9-~][a-z0-9-._~]*/)?[a-z0-9-~][a-z0-9-._~]*(>(@[a-z0-9-~][a-z0-9-._~]*/)?[a-z0-9-~][a-z0-9-._~]*)*$": { | ||
"$ref": "#/$defs/resourcePolicy" | ||
} | ||
}, | ||
"additionalProperties": false | ||
}, | ||
"resolutions": { | ||
"type": "object", | ||
"title": "Resolutions", | ||
"description": "Custom run-time module resolutions by direct dependency", | ||
"patternProperties": { | ||
"^(@[a-z0-9-~][a-z0-9-._~]*/)?[a-z0-9-~][a-z0-9-._~]*(>(@[a-z0-9-~][a-z0-9-._~]*/)?[a-z0-9-~][a-z0-9-._~]*)*$": { | ||
"type": "object", | ||
"patternProperties": { | ||
"^(@[a-z0-9-~][a-z0-9-._~]*/)?[a-z0-9-~][a-z0-9-._~]*(>(@[a-z0-9-~][a-z0-9-._~]*/)?[a-z0-9-~][a-z0-9-._~]*)*$": { | ||
"type": "string", | ||
"pattern": "^(\\.{1,2})(/(?=[^/\\0])[^/\\0]+)*/?$", | ||
"minLength": 1, | ||
"description": "Relative POSIX path to module from package root" | ||
} | ||
}, | ||
"additionalProperties": false | ||
} | ||
}, | ||
"additionalProperties": false | ||
} | ||
}, | ||
"additionalProperties": false, | ||
"anyOf": [{ "required": ["resources"] }, { "required": ["resolutions"] }], | ||
"$defs": { | ||
"resourcePolicy": { | ||
"type": "object", | ||
"title": "Resource Policy", | ||
"properties": { | ||
"globals": { | ||
"title": "Globals", | ||
"description": "Globals (including properties using dot notation) accessible to the module; `true` to allow and `false` to deny", | ||
"type": "object", | ||
"$comment": "A global property key can be any string (accessible via bracket notation)", | ||
"additionalProperties": { | ||
"type": "boolean" | ||
} | ||
}, | ||
"native": { | ||
"title": "Natives", | ||
"description": "Native modules accessible to the module; `true` to allow and `false` to deny", | ||
"type": "object", | ||
"patternProperties": { | ||
"^(@[a-z0-9-~][a-z0-9-._~]*/)?[a-z0-9-~][a-z0-9-._~]*(>(@[a-z0-9-~][a-z0-9-._~]*/)?[a-z0-9-~][a-z0-9-._~]*)*$": { | ||
"type": "boolean" | ||
} | ||
}, | ||
"additionalProperties": false | ||
}, | ||
"builtins": { | ||
"title": "Node.js Builtins", | ||
"description": "Node.js builtins (including properties using dot notation); `true` to allow and `false` to deny", | ||
"type": "object", | ||
"$comment": "I don't think narrowing the possible values here is feasible (or maintainable)", | ||
"additionalProperties": { | ||
"type": "boolean" | ||
} | ||
}, | ||
"packages": { | ||
"type": "object", | ||
"title": "External Packages", | ||
"description": "Additional external packages (in their entirety) accessible to the module; `true` to allow and `false` to deny", | ||
"$comment": "This one or more valid npm package names delimited by a \">\" character", | ||
"patternProperties": { | ||
"^(@[a-z0-9-~][a-z0-9-._~]*/)?[a-z0-9-~][a-z0-9-._~]*(>(@[a-z0-9-~][a-z0-9-._~]*/)?[a-z0-9-~][a-z0-9-._~]*)*$": { | ||
"type": "boolean" | ||
} | ||
}, | ||
"additionalProperties": false | ||
} | ||
}, | ||
"additionalProperties": false | ||
} | ||
} | ||
} |