1 files changed, 42 insertions, 0 deletions

diff --git a/test/internal/package-json-lint.test.ts b/test/internal/package-json-lint.test.ts
new file mode 100644
index 000000000..5a1fae5f9
--- /dev/null
+++ b/test/internal/package-json-lint.test.ts
@@ -0,0 +1,42 @@
+import { test, expect, describe } from "bun:test";
+import { join } from "path";
+import { readdirSync, existsSync } from "fs";
+const base = join(import.meta.dir, "../");
+
+const packageJSONDirs = [
+  base,
+  ...readdirSync(join(import.meta.dir, "../", "js", "third_party"))
+    .map(a => join(import.meta.dir, "../", "js", "third_party", a))
+    .filter(a => existsSync(join(a, "./package.json"))),
+];
+
+// For test reliability and security reasons
+// We must use exact versions for third-party dependencies in our tests.
+describe("package.json dependencies must be exact versions", async () => {
+  for (const dir of packageJSONDirs) {
+    test(join("test", dir.replace(base, ""), "package.json"), async () => {
+      const {
+        dependencies = {},
+        devDependencies = {},
+        peerDependencies = {},
+        optionalDependencies = {},
+      } = await Bun.file(join(dir, "./package.json")).json();
+
+      for (const [name, dep] of Object.entries(dependencies)) {
+        expect(dep).toMatch(/^([a-zA-Z0-9\.])+$/);
+      }
+
+      for (const [name, dep] of Object.entries(devDependencies)) {
+        expect(dep).toMatch(/^([a-zA-Z0-9\.])+$/);
+      }
+
+      for (const [name, dep] of Object.entries(peerDependencies)) {
+        expect(dep).toMatch(/^([a-zA-Z0-9\.])+$/);
+      }
+
+      for (const [name, dep] of Object.entries(optionalDependencies)) {
+        expect(dep).toMatch(/^([a-zA-Z0-9\.])+$/);
+      }
+    });
+  }
+});