Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

@evocateur/pacote

Package Overview
Dependencies
Maintainers
1
Versions
7
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@evocateur/pacote

JavaScript package downloader

  • 9.6.5
  • latest
  • Source
  • npm
  • Socket score

Version published
Weekly downloads
70K
decreased by-43.47%
Maintainers
1
Weekly downloads
 
Created
Source

@evocatur/pacote

NOTE: This is a fork of https://github.com/npm/pacote and you probably don't want to use it.

pacote is a Node.js library for downloading npm-compatible packages. It supports all package specifier syntax that npm install and its ilk support. It transparently caches anything needed to reduce excess operations, using cacache.

Install

$ npm install --save pacote

Table of Contents

Example

const pacote = require('pacote')

pacote.manifest('pacote@^1').then(pkg => {
  console.log('package manifest for registry pkg:', pkg)
  // { "name": "pacote", "version": "1.0.0", ... }
})

pacote.extract('http://hi.com/pkg.tgz', './here').then(() => {
  console.log('remote tarball contents extracted to ./here')
})

Features

Contributing

The pacote team enthusiastically welcomes contributions and project participation! There's a bunch of things you can do if you want to contribute! The Contributor Guide has all the information you need for everything from reporting bugs to contributing entire new features. Please don't hesitate to jump in if you'd like to, or even ask us questions if something isn't clear.

API

> pacote.manifest(spec, [opts])

Fetches the manifest for a package. Manifest objects are similar and based on the package.json for that package, but with pre-processed and limited fields. The object has the following shape:

{
  "name": PkgName,
  "version": SemverString,
  "dependencies": { PkgName: SemverString },
  "optionalDependencies": { PkgName: SemverString },
  "devDependencies": { PkgName: SemverString },
  "peerDependencies": { PkgName: SemverString },
  "bundleDependencies": false || [PkgName],
  "bin": { BinName: Path },
  "_resolved": TarballSource, // different for each package type
  "_integrity": SubresourceIntegrityHash,
  "_shrinkwrap": null || ShrinkwrapJsonObj
}

Note that depending on the spec type, some additional fields might be present. For example, packages from registry.npmjs.org have additional metadata appended by the registry.

Example
pacote.manifest('pacote@1.0.0').then(pkgJson => {
  // fetched `package.json` data from the registry
})
> pacote.packument(spec, [opts])

Fetches the packument for a package. Packument objects are general metadata about a project corresponding to registry metadata, and include version and dist-tag information about a package's available versions, rather than a specific version. It may include additional metadata not usually available through the individual package metadata objects.

It generally looks something like this:

{
  "name": PkgName,
  "dist-tags": {
    'latest': VersionString,
    [TagName]: VersionString,
    ...
  },
  "versions": {
    [VersionString]: Manifest,
    ...
  }
}

Note that depending on the spec type, some additional fields might be present. For example, packages from registry.npmjs.org have additional metadata appended by the registry.

Example
pacote.packument('pacote').then(pkgJson => {
  // fetched package versions metadata from the registry
})
> pacote.extract(spec, destination, [opts])

Extracts package data identified by <spec> into a directory named <destination>, which will be created if it does not already exist.

If opts.digest is provided and the data it identifies is present in the cache, extract will bypass most of its operations and go straight to extracting the tarball.

Example
pacote.extract('pacote@1.0.0', './woot', {
  digest: 'deadbeef'
}).then(() => {
  // Succeeds as long as `pacote@1.0.0` still exists somewhere. Network and
  // other operations are bypassed entirely if `digest` is present in the cache.
})
> pacote.tarball(spec, [opts])

Fetches package data identified by <spec> and returns the data as a buffer.

This API has two variants:

  • pacote.tarball.stream(spec, [opts]) - Same as pacote.tarball, except it returns a stream instead of a Promise.
  • pacote.tarball.toFile(spec, dest, [opts]) - Instead of returning data directly, data will be written directly to dest, and create any required directories along the way.
Example
pacote.tarball('pacote@1.0.0', { cache: './my-cache' }).then(data => {
  // data is the tarball data for pacote@1.0.0
})
> pacote.tarball.stream(spec, [opts])

Same as pacote.tarball, except it returns a stream instead of a Promise.

Example
pacote.tarball.stream('pacote@1.0.0')
.pipe(fs.createWriteStream('./pacote-1.0.0.tgz'))
> pacote.tarball.toFile(spec, dest, [opts])

Like pacote.tarball, but instead of returning data directly, data will be written directly to dest, and create any required directories along the way.

Example
pacote.tarball.toFile('pacote@1.0.0', './pacote-1.0.0.tgz')
.then(() => /* pacote tarball written directly to ./pacote-1.0.0.tgz */)
> pacote.prefetch(spec, [opts])
THIS API IS DEPRECATED. USE pacote.tarball() INSTEAD

Fetches package data identified by <spec>, usually for the purpose of warming up the local package cache (with opts.cache). It does not return anything.

Example
pacote.prefetch('pacote@1.0.0', { cache: './my-cache' }).then(() => {
  // ./my-cache now has both the manifest and tarball for `pacote@1.0.0`.
})
> pacote.clearMemoized()

This utility function can be used to force pacote to release its references to any memoized data in its various internal caches. It might help free some memory.

pacote.manifest(...).then(() => pacote.clearMemoized)

> options

pacote accepts the options for npm-registry-fetch as-is, with a couple of additional pacote-specific ones:

opts.dirPacker

Expects a function that takes a single argument, dir, and returns a ReadableStream that outputs packaged tarball data. Used when creating tarballs for package specs that are not already packaged, such as git and directory dependencies. The default opts.dirPacker does not execute prepare scripts, even though npm itself does.

opts.enjoy-by
  • Alias: opts.enjoyBy, opts.before
  • Type: Date-able
  • Default: undefined

If passed in, will be used while resolving to filter the versions for registry dependencies such that versions published after opts.enjoy-by are not considered -- as if they'd never been published.

opts.include-deprecated
  • Alias: opts.includeDeprecated
  • Type: Boolean
  • Default: false

If false, deprecated versions will be skipped when selecting from registry range specifiers. If true, deprecations do not affect version selection.

opts.full-metadata
  • Type: Boolean
  • Default: false

If true, the full packument will be fetched when doing metadata requests. By defaul, pacote only fetches the summarized packuments, also called "corgis".

opts.tag
  • Alias: opts.defaultTag
  • Type: String
  • Default: 'latest'

Package version resolution tag. When processing registry spec ranges, this option is used to determine what dist-tag to treat as "latest". For more details about how pacote selects versions and how tag is involved, see the documentation for npm-pick-manifest.

opts.resolved
  • Type: String
  • Default: null

When fetching tarballs, this option can be passed in to skip registry metadata lookups when downloading tarballs. If the string is a file: URL, pacote will try to read the referenced local file before attempting to do any further lookups. This option does not bypass integrity checks when opts.integrity is passed in.

opts.where
  • Type: String
  • Default: null

Passed as an argument to npm-package-arg when resolving spec arguments. Used to determine what path to resolve local path specs relatively from.

Keywords

FAQs

Package last updated on 20 Aug 2019

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc