@npmcli/git
Advanced tools
Comparing version 5.0.7 to 5.0.8
@@ -0,7 +1,49 @@ | ||
const fs = require('node:fs') | ||
const os = require('node:os') | ||
const path = require('node:path') | ||
const ini = require('ini') | ||
const gitConfigPath = path.join(os.homedir(), '.gitconfig') | ||
let cachedConfig = null | ||
// Function to load and cache the git config | ||
const loadGitConfig = () => { | ||
if (cachedConfig === null) { | ||
try { | ||
cachedConfig = {} | ||
if (fs.existsSync(gitConfigPath)) { | ||
const configContent = fs.readFileSync(gitConfigPath, 'utf-8') | ||
cachedConfig = ini.parse(configContent) | ||
} | ||
} catch (error) { | ||
cachedConfig = {} | ||
} | ||
} | ||
return cachedConfig | ||
} | ||
const checkGitConfigs = () => { | ||
const config = loadGitConfig() | ||
return { | ||
sshCommandSetInConfig: config?.core?.sshCommand !== undefined, | ||
askPassSetInConfig: config?.core?.askpass !== undefined, | ||
} | ||
} | ||
const sshCommandSetInEnv = process.env.GIT_SSH_COMMAND !== undefined | ||
const askPassSetInEnv = process.env.GIT_ASKPASS !== undefined | ||
const { sshCommandSetInConfig, askPassSetInConfig } = checkGitConfigs() | ||
// Values we want to set if they're not already defined by the end user | ||
// This defaults to accepting new ssh host key fingerprints | ||
const gitEnv = { | ||
GIT_ASKPASS: 'echo', | ||
GIT_SSH_COMMAND: 'ssh -oStrictHostKeyChecking=accept-new', | ||
const finalGitEnv = { | ||
...(askPassSetInEnv || askPassSetInConfig ? {} : { | ||
GIT_ASKPASS: 'echo', | ||
}), | ||
...(sshCommandSetInEnv || sshCommandSetInConfig ? {} : { | ||
GIT_SSH_COMMAND: 'ssh -oStrictHostKeyChecking=accept-new', | ||
}), | ||
} | ||
module.exports = (opts = {}) => ({ | ||
@@ -11,3 +53,6 @@ stdioString: true, | ||
shell: false, | ||
env: opts.env || { ...gitEnv, ...process.env }, | ||
env: opts.env || { ...finalGitEnv, ...process.env }, | ||
}) | ||
// Export the loadGitConfig function for testing | ||
module.exports.loadGitConfig = loadGitConfig |
{ | ||
"name": "@npmcli/git", | ||
"version": "5.0.7", | ||
"version": "5.0.8", | ||
"main": "lib/index.js", | ||
@@ -41,2 +41,3 @@ "files": [ | ||
"@npmcli/promise-spawn": "^7.0.0", | ||
"ini": "^4.1.3", | ||
"lru-cache": "^10.0.1", | ||
@@ -43,0 +44,0 @@ "npm-pick-manifest": "^9.0.0", |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 3 instances in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
23042
505
9
5
+ Addedini@^4.1.3
+ Addedini@4.1.3(transitive)