@node-red/registry
Advanced tools
Comparing version 2.0.6 to 2.1.0-beta.1
@@ -43,2 +43,7 @@ /** | ||
let updateAllowed = true; | ||
let updateAllowList = ['*']; | ||
let updateDenyList = []; | ||
let updateAllAllowed = true; | ||
function init(_settings) { | ||
@@ -48,3 +53,15 @@ settings = _settings; | ||
// Should it *all* be managed by util? | ||
installAllowList = ['*']; | ||
installDenyList = []; | ||
installAllAllowed = true; | ||
installVersionRestricted = false; | ||
updateAllowed = true; | ||
updateAllowList = ['*']; | ||
updateDenyList = []; | ||
updateAllAllowed = true; | ||
if (settings.externalModules && settings.externalModules.palette) { | ||
if (settings.externalModules.palette.allowList || settings.externalModules.palette.denyList) { | ||
@@ -54,2 +71,12 @@ installAllowList = settings.externalModules.palette.allowList; | ||
} | ||
if (settings.externalModules.palette.hasOwnProperty('allowUpdate')) { | ||
updateAllowed = !!settings.externalModules.palette.allowUpdate; | ||
} | ||
if (settings.externalModules.palette.allowUpdateList || settings.externalModules.palette.denyUpdateList) { | ||
updateAllowList = settings.externalModules.palette.allowUpdateList; | ||
updateDenyList = settings.externalModules.palette.denyUpdateList; | ||
} | ||
} | ||
@@ -70,2 +97,6 @@ installAllowList = registryUtil.parseModuleList(installAllowList); | ||
} | ||
updateAllowList = registryUtil.parseModuleList(updateAllowList); | ||
updateDenyList = registryUtil.parseModuleList(updateDenyList); | ||
updateAllAllowed = updateAllowed ? updateDenyList.length === 0 : false; | ||
} | ||
@@ -168,2 +199,11 @@ | ||
if (isUpgrade && !updateAllAllowed) { | ||
// Check this module is allowed to be upgraded... | ||
if (!updateAllowed || !registryUtil.checkModuleAllowed(module,null,updateAllowList,updateDenyList)) { | ||
const e = new Error("Update not allowed"); | ||
e.code = "update_not_allowed"; | ||
throw e; | ||
} | ||
} | ||
if (!isUpgrade) { | ||
@@ -267,12 +307,25 @@ log.info(log._("server.install.installing",{name: module,version: version||"latest"})); | ||
if (info.nodes.length > 0) { | ||
log.info(log._("server.added-types")); | ||
const installedTypes = []; | ||
const errorSets = []; | ||
for (var i=0;i<info.nodes.length;i++) { | ||
for (var j=0;j<info.nodes[i].types.length;j++) { | ||
log.info(" - "+ | ||
(info.nodes[i].module?info.nodes[i].module+":":"")+ | ||
info.nodes[i].types[j]+ | ||
(info.nodes[i].err?" : "+info.nodes[i].err:"") | ||
); | ||
const typeCount = info.nodes[i].types.length; | ||
if (typeCount > 0) { | ||
for (var j=0;j<typeCount;j++) { | ||
installedTypes.push(" - "+ | ||
(info.nodes[i].module?info.nodes[i].module+":":"")+ | ||
info.nodes[i].types[j]+ | ||
(info.nodes[i].err?" : "+info.nodes[i].err:"") | ||
); | ||
} | ||
} else if (info.nodes[i].err) { | ||
errorSets.push(`[${info.nodes[i].id}] ${info.nodes[i].err}`) | ||
} | ||
} | ||
if (errorSets.length > 0) { | ||
errorSets.forEach(l => log.warn(l)) | ||
} | ||
if (installedTypes.length > 0) { | ||
log.info(log._("server.added-types")); | ||
installedTypes.forEach(l => log.info(l)) | ||
} | ||
} | ||
@@ -279,0 +332,0 @@ return info; |
@@ -17,3 +17,3 @@ /** | ||
var fs = require('fs-extra'); | ||
var fs = require('fs'); | ||
var fspath = require('path'); | ||
@@ -29,3 +29,3 @@ | ||
var validFiles = []; | ||
return fs.readdir(path).then(files => { | ||
return fs.promises.readdir(path).then(files => { | ||
var promises = []; | ||
@@ -32,0 +32,0 @@ if (files) { |
@@ -153,2 +153,2 @@ const registry = require("./registry"); | ||
exportPluginSettings | ||
} | ||
} |
{ | ||
"name": "@node-red/registry", | ||
"version": "2.0.6", | ||
"version": "2.1.0-beta.1", | ||
"license": "Apache-2.0", | ||
@@ -19,3 +19,3 @@ "main": "./lib/index.js", | ||
"dependencies": { | ||
"@node-red/util": "2.0.6", | ||
"@node-red/util": "2.1.0-beta.1", | ||
"clone": "2.1.2", | ||
@@ -25,4 +25,4 @@ "fs-extra": "10.0.0", | ||
"tar": "6.1.11", | ||
"uglify-js": "3.14.1" | ||
"uglify-js": "3.14.2" | ||
} | ||
} |
Filesystem access
Supply chain riskAccesses the file system, and could potentially read sensitive data.
Found 1 instance in 1 package
No v1
QualityPackage is not semver >=1. This means it is not stable and does not support ^ ranges.
Found 1 instance in 1 package
Filesystem access
Supply chain riskAccesses the file system, and could potentially read sensitive data.
Found 1 instance in 1 package
135968
3368
2
+ Added@node-red/util@2.1.0-beta.1(transitive)
+ Addedi18next@21.2.4(transitive)
+ Addeduglify-js@3.14.2(transitive)
- Removed@node-red/util@2.0.6(transitive)
- Removedi18next@20.3.2(transitive)
- Removeduglify-js@3.14.1(transitive)
Updated@node-red/util@2.1.0-beta.1
Updateduglify-js@3.14.2