Skip to content

Commit 23f220d

Browse files
hashtagchrishashtagchris
authored
fix: reject leading hyphens (#156)
<!-- What / Why --> <!-- Describe the request in detail. What it does and why it's being changed. --> Reject unscoped names with leading hypens (dashes). These package names are often interpreted as options on the command-line. ## References <!-- Examples: Related to #0 Depends on #0 Blocked by #0 Fixes #0 Closes #0 --> https://en.wikipedia.org/wiki/Hyphen-minus (I usually call them dashes)
1 parent 52ff0f1 commit 23f220d

2 files changed

Lines changed: 20 additions & 0 deletions

File tree

lib/index.js

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -34,6 +34,10 @@ function validate (name) {
3434
errors.push('name cannot start with a period')
3535
}
3636

37+
if (name.startsWith('-')) {
38+
errors.push('name cannot start with a hyphen')
39+
}
40+
3741
if (name.match(/^_/)) {
3842
errors.push('name cannot start with an underscore')
3943
}

test/index.js

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,7 @@ const validate = require('..')
77
test('validate-npm-package-name', function () {
88
// Traditional
99

10+
assert.deepStrictEqual(validate('validate-npm-package-name'), { validForNewPackages: true, validForOldPackages: true })
1011
assert.deepStrictEqual(validate('some-package'), { validForNewPackages: true, validForOldPackages: true })
1112
assert.deepStrictEqual(validate('example.com'), { validForNewPackages: true, validForOldPackages: true })
1213
assert.deepStrictEqual(validate('under_score'), { validForNewPackages: true, validForOldPackages: true })
@@ -34,6 +35,11 @@ test('validate-npm-package-name', function () {
3435
validForOldPackages: true,
3536
})
3637

38+
assert.deepStrictEqual(validate('@user/-package'), {
39+
validForNewPackages: true,
40+
validForOldPackages: true,
41+
})
42+
3743
assert.deepStrictEqual(validate('@user/_package'), {
3844
validForNewPackages: true,
3945
validForOldPackages: true,
@@ -91,6 +97,16 @@ test('validate-npm-package-name', function () {
9197
validForOldPackages: false,
9298
errors: ['name cannot start with an underscore'] })
9399

100+
assert.deepStrictEqual(validate('-start-with-hyphen'), {
101+
validForNewPackages: false,
102+
validForOldPackages: false,
103+
errors: ['name cannot start with a hyphen'] })
104+
105+
assert.deepStrictEqual(validate('--start-with-double-hyphen'), {
106+
validForNewPackages: false,
107+
validForOldPackages: false,
108+
errors: ['name cannot start with a hyphen'] })
109+
94110
assert.deepStrictEqual(validate('contain:colons'), {
95111
validForNewPackages: false,
96112
validForOldPackages: false,

0 commit comments

Comments
 (0)