@node-red/registry - npm Package Compare versions

Comparing version 2.0.6 to 2.1.0-beta.1

lib/installer.js

@@ -43,2 +43,7 @@ /**
 
+let updateAllowed = true;
+let updateAllowList = ['*'];
+let updateDenyList = [];
+let updateAllAllowed = true;
+
 function init(_settings) {
@@ -48,3 +53,15 @@ settings = _settings;
     //       Should it *all* be managed by util?
+
+    installAllowList = ['*'];
+    installDenyList = [];
+    installAllAllowed = true;
+    installVersionRestricted = false;
+
+    updateAllowed = true;
+    updateAllowList = ['*'];
+    updateDenyList = [];
+    updateAllAllowed = true;
+
     if (settings.externalModules && settings.externalModules.palette) {
+
         if (settings.externalModules.palette.allowList || settings.externalModules.palette.denyList) {
@@ -54,2 +71,12 @@ installAllowList = settings.externalModules.palette.allowList;
         }
+
+        if (settings.externalModules.palette.hasOwnProperty('allowUpdate')) {
+            updateAllowed = !!settings.externalModules.palette.allowUpdate;
+        }
+        if (settings.externalModules.palette.allowUpdateList || settings.externalModules.palette.denyUpdateList) {
+            updateAllowList = settings.externalModules.palette.allowUpdateList;
+            updateDenyList = settings.externalModules.palette.denyUpdateList;
+        }
+
+
     }
@@ -70,2 +97,6 @@ installAllowList = registryUtil.parseModuleList(installAllowList);
     }
+
+    updateAllowList = registryUtil.parseModuleList(updateAllowList);
+    updateDenyList = registryUtil.parseModuleList(updateDenyList);
+    updateAllAllowed = updateAllowed ? updateDenyList.length === 0 : false;
 }
@@ -168,2 +199,11 @@
 
+        if (isUpgrade && !updateAllAllowed) {
+            // Check this module is allowed to be upgraded...
+            if (!updateAllowed || !registryUtil.checkModuleAllowed(module,null,updateAllowList,updateDenyList)) {
+                const e = new Error("Update not allowed");
+                e.code = "update_not_allowed";
+                throw e;
+            }
+        }
+
         if (!isUpgrade) {
@@ -267,12 +307,25 @@ log.info(log._("server.install.installing",{name: module,version: version||"latest"}));
     if (info.nodes.length > 0) {
-        log.info(log._("server.added-types"));
+        const installedTypes = [];
+        const errorSets = [];
         for (var i=0;i<info.nodes.length;i++) {
-            for (var j=0;j<info.nodes[i].types.length;j++) {
-                log.info(" - "+
-                    (info.nodes[i].module?info.nodes[i].module+":":"")+
-                    info.nodes[i].types[j]+
-                    (info.nodes[i].err?" : "+info.nodes[i].err:"")
-                );
+            const typeCount = info.nodes[i].types.length;
+            if (typeCount > 0) {
+                for (var j=0;j<typeCount;j++) {
+                    installedTypes.push(" - "+
+                        (info.nodes[i].module?info.nodes[i].module+":":"")+
+                        info.nodes[i].types[j]+
+                        (info.nodes[i].err?" : "+info.nodes[i].err:"")
+                    );
+                }
+            } else if (info.nodes[i].err) {
+                errorSets.push(`[${info.nodes[i].id}] ${info.nodes[i].err}`)
             }
         }
+        if (errorSets.length > 0) {
+            errorSets.forEach(l => log.warn(l))
+        }
+        if (installedTypes.length > 0) {
+            log.info(log._("server.added-types"));
+            installedTypes.forEach(l => log.info(l))
+        }
     }
@@ -279,0 +332,0 @@ return info;

lib/library.js

@@ -17,3 +17,3 @@ /**
 
-var fs = require('fs-extra');
+var fs = require('fs');
 var fspath = require('path');
@@ -29,3 +29,3 @@
     var validFiles = [];
-    return fs.readdir(path).then(files => {
+    return fs.promises.readdir(path).then(files => {
         var promises = [];
@@ -32,0 +32,0 @@ if (files) {

lib/plugins.js

@@ -153,2 +153,2 @@ const registry = require("./registry");
     exportPluginSettings
-}
+}

package.json

 {
     "name": "@node-red/registry",
-    "version": "2.0.6",
+    "version": "2.1.0-beta.1",
     "license": "Apache-2.0",
@@ -19,3 +19,3 @@ "main": "./lib/index.js",
     "dependencies": {
-        "@node-red/util": "2.0.6",
+        "@node-red/util": "2.1.0-beta.1",
         "clone": "2.1.2",
@@ -25,4 +25,4 @@ "fs-extra": "10.0.0",
         "tar": "6.1.11",
-        "uglify-js": "3.14.1"
+        "uglify-js": "3.14.2"
     }
 }

New alerts

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 1 instance in 1 package

No v1

Quality

Package is not semver >=1. This means it is not stable and does not support ^ ranges.

Found 1 instance in 1 package

Fixed alerts

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

135968

increased by1.43%

Lines of code

3368

increased by1.32%

Worsened metrics

Number of low quality alerts

2

increased by100%

Dependency changes

• + Added@node-red/util@2.1.0-beta.1(transitive)

• + Addedi18next@21.2.4(transitive)

• + Addeduglify-js@3.14.2(transitive)

• - Removed@node-red/util@2.0.6(transitive)

• - Removedi18next@20.3.2(transitive)

• - Removeduglify-js@3.14.1(transitive)

• Updated@node-red/util@2.1.0-beta.1

• Updateduglify-js@3.14.2