fix: error handling for empty yarn lock files (#158) (#159)

packages/lockfile-lint-api/src/ParseLockfile.js

@@ -21,6 +21,9 @@ const {
  * @return boolean
  */
 function checkSampleContent (lockfile, isYarnBerry) {
+  if (Object.entries(lockfile).length < (isYarnBerry ? 2 : 1)) {
+    return false
+  }
   const [sampleKey, sampleValue] = Object.entries(lockfile)[isYarnBerry ? 1 : 0]
   return (
     sampleKey.match(/.*@.*/) &&

packages/lockfile-lint/__tests__/main.test.js

@@ -164,6 +164,48 @@ describe('Main CLI logic', () => {
       expect(result.validatorCount).toEqual(1)
       expect(result.validatorSuccesses).toEqual(1)
     })
+
+    test('should fail with an empty npm lock file', () => {
+      const lockfilePath = path.join(__dirname, '/fixtures/empty.json')
+      const lockfileType = 'npm'
+      const validators = [
+        {
+          name: 'validateHosts',
+          values: ['npm']
+        }
+      ]
+
+      expect(() =>
+        main
+          .runValidators({
+            path: lockfilePath,
+            type: lockfileType,
+            validators
+          })
+          .toThrow('Lockfile does not seem to contain a valid dependency list')
+      )
+    })
+
+    test('should fail with an empty yarn lock file', () => {
+      const lockfilePath = path.join(__dirname, '/fixtures/empty.json')
+      const lockfileType = 'yarn'
+      const validators = [
+        {
+          name: 'validateHosts',
+          values: ['yarn']
+        }
+      ]
+
+      expect(() =>
+        main
+          .runValidators({
+            path: lockfilePath,
+            type: lockfileType,
+            validators
+          })
+          .toThrow('Lockfile does not seem to contain a valid dependency list')
+      )
+    })
   })
 
   describe('validateSchemes', () => {