diff --git a/lib/datasource/npm.js b/lib/datasource/npm.js
index 4d871d39770e7c46e36b43a7c062c303135e2cf4..bb20f7d4726817ad89c29c90a46541efdb4cfbe5 100644
--- a/lib/datasource/npm.js
+++ b/lib/datasource/npm.js
@@ -147,6 +147,13 @@ async function getDependencyInner(name, retries = 5) {
retries: 5,
headers,
})).body;
+ if (res.name !== name) {
+ logger.warn(
+ { lookupName: name, returnedName: res.name },
+ 'Returned name does not match with requested name'
+ );
+ return null;
+ }
if (!res.versions || !Object.keys(res.versions).length) {
// Registry returned a 200 OK but with no versions
if (retries <= 0) {
diff --git a/test/datasource/__snapshots__/npm.spec.js.snap b/test/datasource/__snapshots__/npm.spec.js.snap
index aa91c3b0a26dd5092090777187e818f0e58c93d1..68ed4c27fdd52b507677e960ac2a24d3346d6831 100644
--- a/test/datasource/__snapshots__/npm.spec.js.snap
+++ b/test/datasource/__snapshots__/npm.spec.js.snap
@@ -4,7 +4,7 @@ exports[`api/npm should fetch package info from custom registry 1`] = `
Object {
"homepage": undefined,
"latestVersion": "0.0.1",
- "name": undefined,
+ "name": "foobar",
"releases": Array [
Object {
"canBeUnpublished": false,
@@ -29,7 +29,7 @@ exports[`api/npm should fetch package info from npm 1`] = `
Object {
"homepage": undefined,
"latestVersion": "0.0.1",
- "name": undefined,
+ "name": "foobar",
"releases": Array [
Object {
"canBeUnpublished": false,
@@ -54,7 +54,7 @@ exports[`api/npm should handle no time 1`] = `
Object {
"homepage": undefined,
"latestVersion": "0.0.1",
- "name": undefined,
+ "name": "foobar",
"releases": Array [
Object {
"canBeUnpublished": false,
@@ -77,7 +77,7 @@ exports[`api/npm should handle purl 1`] = `
Object {
"homepage": undefined,
"latestVersion": "0.0.1",
- "name": undefined,
+ "name": "foobar",
"releases": Array [
Object {
"canBeUnpublished": false,
@@ -102,7 +102,7 @@ exports[`api/npm should replace any environment variable in npmrc 1`] = `
Object {
"homepage": undefined,
"latestVersion": "0.0.1",
- "name": undefined,
+ "name": "foobar",
"releases": Array [
Object {
"canBeUnpublished": false,
@@ -135,7 +135,7 @@ Marking the latest version of an npm package as deprecated results in the entire
"deprecationSource": "npm",
"homepage": undefined,
"latestVersion": "0.0.2",
- "name": undefined,
+ "name": "foobar",
"releases": Array [
Object {
"canBeUnpublished": false,
@@ -168,7 +168,7 @@ exports[`api/npm should send an authorization header if provided 1`] = `
Object {
"homepage": undefined,
"latestVersion": "0.0.1",
- "name": undefined,
+ "name": "foobar",
"releases": Array [
Object {
"canBeUnpublished": false,
@@ -193,7 +193,7 @@ exports[`api/npm should use NPM_TOKEN if provided 1`] = `
Object {
"homepage": undefined,
"latestVersion": "0.0.1",
- "name": undefined,
+ "name": "foobar",
"releases": Array [
Object {
"canBeUnpublished": false,
@@ -218,7 +218,7 @@ exports[`api/npm should use default registry if missing from npmrc 1`] = `
Object {
"homepage": undefined,
"latestVersion": "0.0.1",
- "name": undefined,
+ "name": "foobar",
"releases": Array [
Object {
"canBeUnpublished": false,
diff --git a/test/datasource/npm.spec.js b/test/datasource/npm.spec.js
index c53f76c4693fe2fa2cf48401ad9f0bd672e02801..cef89e65aa2dfd281c34f10702801e255652fa70 100644
--- a/test/datasource/npm.spec.js
+++ b/test/datasource/npm.spec.js
@@ -18,6 +18,7 @@ describe('api/npm', () => {
jest.resetAllMocks();
npm.resetCache();
npmResponse = {
+ name: 'foobar',
versions: {
'0.0.1': {
foo: 1,
@@ -62,6 +63,7 @@ describe('api/npm', () => {
});
it('should return deprecated', async () => {
const deprecatedPackage = {
+ name: 'foobar',
versions: {
'0.0.1': {
foo: 1,
diff --git a/test/workers/repository/process/lookup/index.spec.js b/test/workers/repository/process/lookup/index.spec.js
index 395c9ecb5aaf8e1a0e2d62be79ffb8b2721a7b94..a0f1bad64fa0377e32181008d285d15a9ea47452 100644
--- a/test/workers/repository/process/lookup/index.spec.js
+++ b/test/workers/repository/process/lookup/index.spec.js
@@ -652,20 +652,20 @@ describe('manager/npm/lookup', () => {
it('should treat zero zero tilde ranges as 0.0.x', async () => {
config.rangeStrategy = 'replace';
config.currentValue = '~0.0.34';
- config.depName = 'helmet';
- config.purl = 'pkg:npm/helmet';
+ config.depName = '@types/helmet';
+ config.purl = 'pkg:npm/%40types/helmet';
nock('https://registry.npmjs.org')
- .get('/helmet')
+ .get('/@types%2Fhelmet')
.reply(200, helmetJson);
expect((await lookup.lookupUpdates(config)).updates).toEqual([]);
});
it('should treat zero zero caret ranges as pinned', async () => {
config.rangeStrategy = 'replace';
config.currentValue = '^0.0.34';
- config.depName = 'helmet';
- config.purl = 'pkg:npm/helmet';
+ config.depName = '@types/helmet';
+ config.purl = 'pkg:npm/%40types/helmet';
nock('https://registry.npmjs.org')
- .get('/helmet')
+ .get('/@types%2Fhelmet')
.reply(200, helmetJson);
expect((await lookup.lookupUpdates(config)).updates).toMatchSnapshot();
});