fix(@schematics/angular): Fix JSON parsing

fixes angular#10880

Author: Brocco

packages/schematics/angular/library/index.ts

@@ -5,7 +5,7 @@
  * Use of this source code is governed by an MIT-style license that can be
  * found in the LICENSE file at https://angular.io/license
  */
-import { strings } from '@angular-devkit/core';
+import { parseJson, strings } from '@angular-devkit/core';
 import {
   Rule,
   SchematicContext,
@@ -61,8 +61,8 @@ function updateJsonFile<T>(host: Tree, path: string, callback: UpdateJsonFn<T>):
   const source = host.read(path);
   if (source) {
     const sourceText = source.toString('utf-8');
-    const json = JSON.parse(sourceText);
-    callback(json);
+    const json = parseJson(sourceText);
+    callback(json as {} as T);
     host.overwrite(path, JSON.stringify(json, null, 2));
   }
 
@@ -121,9 +121,9 @@ function addDependenciesToPackageJson() {
         '@angular/compiler-cli': latestVersions.Angular,
         '@angular-devkit/build-ng-packagr': latestVersions.DevkitBuildNgPackagr,
         '@angular-devkit/build-angular': latestVersions.DevkitBuildNgPackagr,
-        'ng-packagr': '^3.0.0',
-        'tsickle': '>=0.29.0',
-        'tslib': '^1.9.0',
+        'ng-packagr': '^3.0.0-rc.2',
+        'tsickle': '>=0.25.5',
+        'tslib': '^1.7.1',
         'typescript': latestVersions.TypeScript,
         // De-structure last keeps existing user dependencies.
         ...json.devDependencies,
@@ -257,6 +257,6 @@ export default function (options: LibraryOptions): Rule {
           context.addTask(new NodePackageInstallTask());
         }
       },
-    ]);
+    ])(host, context);
   };
 }

packages/schematics/angular/utility/config.ts

@@ -5,7 +5,7 @@
  * Use of this source code is governed by an MIT-style license that can be
  * found in the LICENSE file at https://angular.io/license
  */
-import { experimental } from '@angular-devkit/core';
+import { JsonParseMode, experimental, parseJson } from '@angular-devkit/core';
 import { Rule, SchematicContext, SchematicsException, Tree } from '@angular-devkit/schematics';
 
 
@@ -495,9 +495,9 @@ export function getWorkspace(host: Tree): WorkspaceSchema {
   if (configBuffer === null) {
     throw new SchematicsException(`Could not find (${path})`);
   }
-  const config = configBuffer.toString();
+  const content = configBuffer.toString();
 
-  return JSON.parse(config);
+  return parseJson(content, JsonParseMode.Loose) as {} as WorkspaceSchema;
 }
 
 export function addProjectToWorkspace(
@@ -531,7 +531,7 @@ export function getConfig(host: Tree): CliConfig {
     throw new SchematicsException('Could not find .angular-cli.json');
   }
 
-  const config = JSON.parse(configBuffer.toString());
+  const config = parseJson(configBuffer.toString(), JsonParseMode.Loose) as {} as CliConfig;
 
   return config;
 }

packages/schematics/package_update/utility/npm.ts

@@ -5,7 +5,7 @@
  * Use of this source code is governed by an MIT-style license that can be
  * found in the LICENSE file at https://angular.io/license
  */
-import { JsonObject, logging } from '@angular-devkit/core';
+import { JsonObject, JsonParseMode, logging, parseJson } from '@angular-devkit/core';
 import {
   Rule,
   SchematicContext,
@@ -93,7 +93,7 @@ function _getNpmPackageJson(
       response.on('data', chunk => data += chunk);
       response.on('end', () => {
         try {
-          const json = JSON.parse(data);
+          const json = parseJson(data, JsonParseMode.Strict);
           subject.next(json as JsonObject);
           subject.complete();
         } catch (err) {
@@ -233,7 +233,10 @@ export function updatePackageJson(
       if (!packageJsonContent) {
         throw new SchematicsException('Could not find package.json.');
       }
-      const packageJson = JSON.parse(packageJsonContent.toString());
+      const packageJson = parseJson(packageJsonContent.toString(), JsonParseMode.Loose);
+      if (packageJson === null || typeof packageJson !== 'object' || Array.isArray(packageJson)) {
+        throw new SchematicsException('Could not parse package.json.');
+      }
       const packages: { [name: string]: string } = {};
       for (const name of supportedPackages) {
         packages[name] = version;
@@ -251,17 +254,20 @@ export function updatePackageJson(
       if (!packageJsonContent) {
         throw new SchematicsException('Could not find package.json.');
       }
-      const packageJson = JSON.parse(packageJsonContent.toString());
+      const packageJson = parseJson(packageJsonContent.toString(), JsonParseMode.Loose);
+      if (packageJson === null || typeof packageJson !== 'object' || Array.isArray(packageJson)) {
+        throw new SchematicsException('Could not parse package.json.');
+      }
 
       for (const field of kPackageJsonDependencyFields) {
         const deps = packageJson[field];
-        if (!deps) {
+        if (!deps || typeof deps !== 'object' || Array.isArray(deps)) {
           continue;
         }
 
-        for (const depName of Object.keys(packageJson[field])) {
+        for (const depName of Object.keys(deps)) {
           if (allVersions[depName]) {
-            packageJson[field][depName] = allVersions[depName];
+            deps[depName] = allVersions[depName];
           }
         }
       }