From a425d2d58d12ab887f3df240c0ce16dd5c8d28c9 Mon Sep 17 00:00:00 2001
From: per1234 <accounts@perglass.com>
Date: Wed, 5 Jan 2022 22:35:51 -0800
Subject: [PATCH 1/2] Add CI workflow to check for problems with npm
 configuration files

On every push and pull request that affects relevant files, and periodically:

- Validate package.json against its JSON schema.
- Check for forgotten package-lock.json syncs.
---
 .github/workflows/check-npm.yml | 69 +++++++++++++++++++++++++++++++++
 README.md                       |  1 +
 2 files changed, 70 insertions(+)
 create mode 100644 .github/workflows/check-npm.yml

diff --git a/.github/workflows/check-npm.yml b/.github/workflows/check-npm.yml
new file mode 100644
index 00000000..4264c599
--- /dev/null
+++ b/.github/workflows/check-npm.yml
@@ -0,0 +1,69 @@
+name: Check npm
+
+env:
+  # See: https://github.com/actions/setup-node/#readme
+  NODE_VERSION: 10.x
+
+# See: https://docs.github.com/en/actions/reference/events-that-trigger-workflows
+on:
+  push:
+    paths:
+      - ".github/workflows/check-npm.ya?ml"
+      - "**/package.json"
+      - "**/package-lock.json"
+  pull_request:
+    paths:
+      - ".github/workflows/check-npm.ya?ml"
+      - "**/package.json"
+      - "**/package-lock.json"
+  schedule:
+    # Run every Tuesday at 8 AM UTC to catch breakage resulting from changes to the JSON schema.
+    - cron: "0 8 * * TUE"
+  workflow_dispatch:
+  repository_dispatch:
+
+jobs:
+  validate:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v2
+
+      - name: Download JSON schema for package.json
+        id: download-schema
+        uses: carlosperate/download-file-action@v1
+        with:
+          # See: https://github.com/SchemaStore/schemastore/blob/master/src/schemas/json/package.json
+          file-url: https://json.schemastore.org/package.json
+          location: ${{ runner.temp }}/package-json-schema
+          file-name: package-json-schema.json
+
+      - name: Install JSON schema validator
+        # package.json schema is draft-04, which is not supported by ajv-cli >=4.
+        run: sudo npm install --global ajv-cli@3.x
+
+      - name: Validate GitHub Actions workflows
+        run: |
+          # See: https://github.com/ajv-validator/ajv-cli#readme
+          ajv validate \
+            -s "${{ steps.download-schema.outputs.file-path }}" \
+            -d "./**/package.json"
+
+  check-sync:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v2
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v2
+        with:
+          node-version: ${{ env.NODE_VERSION }}
+
+      - name: Install dependencies
+        run: npm install
+
+      - name: Check package-lock.json
+        run: git diff --color --exit-code package-lock.json
diff --git a/README.md b/README.md
index cbb11b9d..bc288cc3 100644
--- a/README.md
+++ b/README.md
@@ -3,6 +3,7 @@
 [![Tests Status](https://github.com/arduino/arduino-lint-action/workflows/Test%20Action/badge.svg)](https://github.com/arduino/arduino-lint-action/actions?workflow=Test+Action)
 [![Integration Tests Status](https://github.com/arduino/arduino-lint-action/workflows/Integration%20Tests/badge.svg)](https://github.com/arduino/arduino-lint-action/actions?workflow=Integration+Tests)
 [![Check Packaging status](https://github.com/arduino/arduino-lint-action/actions/workflows/check-packaging-ncc-typescript-npm.yml/badge.svg)](https://github.com/arduino/arduino-lint-action/actions/workflows/check-packaging-ncc-typescript-npm.yml)
+[![Check npm status](https://github.com/arduino/arduino-lint-action/actions/workflows/check-npm.yml/badge.svg)](https://github.com/arduino/arduino-lint-action/actions/workflows/check-npm.yml)
 [![Spellcheck Status](https://github.com/arduino/arduino-lint-action/workflows/Spell%20Check/badge.svg)](https://github.com/arduino/arduino-lint-action/actions?workflow=Spell+Check)
 
 [GitHub Actions](https://docs.github.com/en/free-pro-team@latest/actions) action that uses

From b006d81922fefe3ad7caffb9d901618c17df2a63 Mon Sep 17 00:00:00 2001
From: per1234 <accounts@perglass.com>
Date: Wed, 5 Jan 2022 22:41:43 -0800
Subject: [PATCH 2/2] Bring `package-lock.json` format up to date

Apparently an `optional` field was added since the time of whatever version of npm was used to generate it last.
---
 package-lock.json | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 6fc505fa..cd63f0e7 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -4735,7 +4735,8 @@
       "version": "1.3.0",
       "resolved": "https://registry.npmjs.org/growly/-/growly-1.3.0.tgz",
       "integrity": "sha1-8QdIy+dq+WS3yWyTxrzCivEgwIE=",
-      "dev": true
+      "dev": true,
+      "optional": true
     },
     "har-schema": {
       "version": "2.0.0",
@@ -5108,6 +5109,7 @@
       "resolved": "https://registry.npmjs.org/is-wsl/-/is-wsl-2.2.0.tgz",
       "integrity": "sha512-fKzAra0rGJUUBwGBgNkHZuToZcn+TtXHpeCgmkMJMMYx1sQDYaCSyjJBSCa2nH1DGm7s3n1oBnohoVTBaN7Lww==",
       "dev": true,
+      "optional": true,
       "requires": {
         "is-docker": "^2.0.0"
       }
@@ -9970,6 +9972,7 @@
       "resolved": "https://registry.npmjs.org/node-notifier/-/node-notifier-8.0.2.tgz",
       "integrity": "sha512-oJP/9NAdd9+x2Q+rfphB2RJCHjod70RcRLjosiPMMu5gjIfwVnOUGq2nbTjTUbmy0DJ/tFIVT30+Qe3nzl4TJg==",
       "dev": true,
+      "optional": true,
       "requires": {
         "growly": "^1.3.0",
         "is-wsl": "^2.2.0",
@@ -9984,6 +9987,7 @@
           "resolved": "https://registry.npmjs.org/semver/-/semver-7.3.5.tgz",
           "integrity": "sha512-PoeGJYh8HK4BTO/a9Tf6ZG3veo/A7ZVsYrSA6J8ny9nb3B1VrpkuN+z9OE5wfE5p6H4LchYZsegiQgbJD94ZFQ==",
           "dev": true,
+          "optional": true,
           "requires": {
             "lru-cache": "^6.0.0"
           }
@@ -9992,13 +9996,15 @@
           "version": "8.3.2",
           "resolved": "https://registry.npmjs.org/uuid/-/uuid-8.3.2.tgz",
           "integrity": "sha512-+NYs2QeMWy+GWFOEm9xnn6HCDp0l7QBD7ml8zLUmJ+93Q5NF0NocErnwkTkXVFNiX3/fpC6afS8Dhb/gz7R7eg==",
-          "dev": true
+          "dev": true,
+          "optional": true
         },
         "which": {
           "version": "2.0.2",
           "resolved": "https://registry.npmjs.org/which/-/which-2.0.2.tgz",
           "integrity": "sha512-BLI3Tl1TW3Pvl70l3yq3Y64i+awpwXqsGBYWkkqMtnbXgrMD+yj7rhW0kuEDxzJaYXGjEW5ogapKNMEKNMjibA==",
           "dev": true,
+          "optional": true,
           "requires": {
             "isexe": "^2.0.0"
           }
@@ -10731,7 +10737,8 @@
       "version": "0.1.1",
       "resolved": "https://registry.npmjs.org/shellwords/-/shellwords-0.1.1.tgz",
       "integrity": "sha512-vFwSUfQvqybiICwZY5+DAWIPLKsWO31Q91JSKl3UYv+K5c2QRPzn0qzec6QPu1Qc9eHYItiP3NdJqNVqetYAww==",
-      "dev": true
+      "dev": true,
+      "optional": true
     },
     "signal-exit": {
       "version": "3.0.3",