Regex is way slower than normal String#include? and String#start_with?.
Also, we often forget to proper escape them. So avoid using them if it
is not necessary.
Closes#503.
Signed-off-by: Xu Cheng <xucheng@me.com>
* audit.rb: require https for ftpmirror.gnu.org
The situation is similar to other mirror redirectors: the server
may subsequently redirect to an insecure url. But it's a step.
* manpage: update HOMEBREW_NO_INSECURE_REDIRECT section
The new check also allows the `+` operator instead of our (still heavily
preferred) `/` operator for path concatenation and also triggers if the
operator is surrounded by whitespace.
Also recognizes single-quoted strings and uses a back reference to
match the closing quote for a slightly lower chance of false positives.
Closes#322.
Should help with being more consistent and makes sure to suggest the
HTTPS redirector even if equally valid HTTP URLs for specific hosts or
`central.maven.org` are used.
The FTP protocol is prone to getting firewalled to death in places, so where
we know we can avoid that by using either secure or more commonly accepted
protocols let's do so.
Examples of output:
```
* Stable: ftp://ftp.cpan.org/pub/CPAN/authors/id/N/NE/NEILB/Time-Duration-1.20.tar.gz should be `http://search.cpan.org/CPAN/authors/id/N/NE/NEILB/Time-Duration-1.20.tar.gz`
* Stable: Please use https:// for ftp://ftp.mirrorservice.org/sites/lsof.itap.purdue.edu/pub/tools/unix/lsof/lsof_4.89.tar.bz2
```
For some reason the existing check seems to have started failing between
March and today. I haven't managed to narrow down why yet but the biggest
change between then and now was the core separation so perhaps related to that.
Perhaps at some point we started considering purely short tap names,
i.e. homebrew/devel-only rather than full tap names, i.e. homebrew/homebrew-devel-only,
in the audit mechanism.
This fixes the current issue whilst retaining the spirit of the original commit:
86d04e94e9
* add Language::Node helper module
This adds a language module for Node module based formulas.
It contains the 2 public methods `std_npm_install_args(libexec)` and
`local_npm_install_args`:
* `std_npm_install_args` is intended to be used in formulas for
standard node modules and returns `npm install` args for a global
style module installation to libexec.
* `local_npm_install_args` is for formulas, in which the `npm install`
step is only one of multiple parts of the installation process and
returns `npm install` args for a default local installation in place.
Both methods have in common, that they are
* making sure that a working copy of npm and node-gyp from node's
libexec is prepended to the PATH (to not rely of a user managed npm)
* seting the npm cache to HOMEBREW_CACHE/npm, which fixes issues caused
by overriding $HOME resulting in long install times + high disk usage
(see https://github.com/Homebrew/brew/pull/37#issuecomment-208840366)
* audit: update npm install check for Language::Node
* cleanup: remove npm_cache too
* doc: add Node-for-Formula-Authors.md
This collects all violations for each formula in a single place, instead
of doing `brew style` outputs for all formulae first, and then the other
audit checks.
Closes#112.
Signed-off-by: Andrew Janke <andrew@apjanke.net>
Currently, brew audit --strict includes the name of the tap when calculating the
length of a formula's description. This makes it difficult to pass the audit for
formulas in taps with lengthy names. In #47033 @jawshooah called out head-only
or devel-only taps specifically, but this is an issue elsewhere. For example:
homebrew/versions/elasticsearch20: Distributed search & analytics engine (72)
This commit updates audit.rb to use formula.name rather than formula.full_name.
Closes#47033 -- Audit shouldn't include tap name in description length
Running brew audit --strict --online on a formula with a GitHub
homepage/url would crash if HOMEBREW_NO_GITHUB_API is set because
GitHub.repository returns `nil` and the audit code assumes it always
returns a hash.
ClosesHomebrew/homebrew#50054.
Signed-off-by: Baptiste Fontaine <batifon@yahoo.fr>
We allow certain special regex characters in formula names, and if
those aren't escaped when interpolating them into a regex, they'll be
interpreted as special regex characters.
This can cause regex compile errors on Ruby 1.8 (for example, with
"libxml++3", which has nested match characters), and more subtle
matching bugs in general.
Refs an issue surfaced in Homebrew/homebrew#48744.
ClosesHomebrew/homebrew#49005.
Signed-off-by: Misty De Meo <mistydemeo@gmail.com>
Add two checks:
* revision should be reset to 0 for new version.
* revision should not decrease inside the same version interval.
ClosesHomebrew/homebrew#48032.
Signed-off-by: Xu Cheng <xucheng@me.com>
Adding a strict check for usage that should be using pkgshare.
Pulled onto two unique checks to provide a better problem message, with a
clearer solution, but open to thoughts.
* Use pkgshare instead of (share/"example")
* Use #{pkgshare} instead of #{share}/example
ClosesHomebrew/homebrew#47900.
Signed-off-by: Dominyk Tiller <dominyktiller@gmail.com>
