cacache - npm Package Compare versions

Comparing version 1.0.0 to 2.0.0

get.js

@@ -1,42 +0,27 @@
-var fs = require('fs')
-var path = require('path')
+var index = require('./lib/entry-index')
+var read = require('./lib/content/read')
 
-module.exports.path = filePath
-function filePath (cache, address) {
-  return path.join(cache, 'content', address)
+module.exports.directory = directory
+module.exports.directory.byDigest = read.asDirectory
+function directory (cache, key, destination, opts, cb) {
+  index.find(cache, key, function (err, data) {
+    if (err) { return cb(err) }
+    if (!data) { return cb(index.notFoundError(cache, key)) }
+    read.asDirectory(cache, data.digest, destination, opts, cb)
+  })
 }
 
-module.exports.readStream = readStream
-function readStream (cache, address) {
-  return _read(cache, address, fs.createReadStream)
-}
-
-module.exports.readSync = readSync
-function readSync (cache, address) {
-  return _read(cache, address, fs.readFileSync)
-}
-
-module.exports.read = read
-function read (cache, address, cb) {
-  fs.readFile(filePath(cache, address), function (err, data) {
-    if (err && err.code === 'ENOENT') {
-      cb(null, null)
-    } else if (err) {
-      cb(err)
-    } else {
-      cb(null, data)
-    }
+module.exports.tarball = tarball
+module.exports.tarball.byDigest = read.asTarball
+function tarball (cache, key, destination, opts, cb) {
+  index.find(cache, key, function (err, data) {
+    if (err) { return cb(err) }
+    if (!data) { return cb(index.notFoundError(cache, key)) }
+    read.asTarball(cache, data.digest, destination, opts, cb)
   })
 }
 
-function _read (cache, address, reader) {
-  try {
-    return reader(filePath(cache, address))
-  } catch (e) {
-    if (e.code === 'ENOENT') {
-      return null
-    } else {
-      throw e
-    }
-  }
+module.exports.info = info
+function info (cache, key, cb) {
+  index.find(cache, key, cb)
 }

index.js

 module.exports = {
-  clear: require('./clear'),
+  chownr: require('./lib/util/fix-owner').chownr,
+  ls: require('./ls'),
   get: require('./get'),
-  put: require('./put')
+  put: require('./put'),
+  rm: require('./rm')
 }

package.json

 {
   "name": "cacache",
-  "version": "1.0.0",
+  "version": "2.0.0",
   "description": "General content-addressable cache system that maintains a filesystem registry of file data.",
   "main": "index.js",
+  "files": [
+    "*.js",
+    "lib"
+  ],
   "scripts": {
-    "test": "echo \"Error: no test specified\" && exit 1"
+    "preversion": "npm t",
+    "postversion": "npm publish && git push --follow-tags",
+    "pretest": "standard",
+    "test": "nyc -- tap test/*.js"
   },
@@ -17,4 +24,9 @@ "keywords": [
   "dependencies": {
+    "chownr": "^1.0.1",
     "dezalgo": "^1.0.3",
-    "fs-write-stream-atomic": "^1.0.8",
+    "from2": "^2.3.0",
+    "fs-extra": "^1.0.0",
+    "graceful-fs": "^4.1.10",
+    "inflight": "^1.0.6",
+    "lockfile": "^1.0.2",
     "mkdirp": "^0.5.1",
@@ -25,8 +37,21 @@ "mv": "^2.1.1",
     "rimraf": "^2.5.4",
+    "slide": "^1.1.6",
+    "split": "^1.0.0",
+    "tar-fs": "^1.14.0",
     "through2": "^2.0.1"
   },
   "devDependencies": {
+    "nyc": "^9.0.1",
     "standard": "^8.5.0",
+    "tacks": "^1.2.2",
     "tap": "^8.0.1"
+  },
+  "config": {
+    "nyc": {
+      "exclude": [
+        "node_modules/**",
+        "test/**"
+      ]
+    }
   }
 }

put.js

@@ -1,16 +0,11 @@
-var crypto = require('crypto')
 var dezalgo = require('dezalgo')
-var fs = require('fs')
-var get = require('./get')
-var mkdirp = require('mkdirp')
-var mv = require('mv')
+var from = require('from2')
+var fs = require('graceful-fs')
+var index = require('./lib/entry-index')
+var inflight = require('inflight')
 var path = require('path')
-var pumpify = require('pumpify')
-var through = require('through2')
-var randomstring = require('randomstring')
-var rimraf = require('rimraf')
-var writeStreamAtomic = require('fs-write-stream-atomic')
+var putContentStream = require('./lib/content/put-stream')
 
 module.exports.file = putFile
-function putFile (cache, filePath, opts, cb) {
+function putFile (cache, key, filePath, opts, cb) {
   if (!cb) {
@@ -21,2 +16,4 @@ cb = opts
   cb = dezalgo(cb)
+  opts = Object.create(opts || {})
+  opts.filename = opts.filename || path.basename(filePath)
   try {
@@ -27,7 +24,25 @@ var stream = fs.createReadStream(filePath)
   }
-  return putStream(cache, stream, opts, cb)
+  return putStream(cache, key, stream, opts, cb)
 }
 
+module.exports.data = putData
+function putData (cache, key, filename, data, opts, cb) {
+  if (!cb) {
+    cb = opts
+    opts = null
+  }
+  cb = dezalgo(cb)
+  opts = Object.create(opts || {})
+  opts.filename = filename
+  var stream = from(function (size, next) {
+    if (data.length <= 0) return next(null, null)
+    var chunk = data.slice(0, size)
+    data = data.slice(size)
+    next(null, chunk)
+  })
+  return putStream(cache, key, stream, opts, cb)
+}
+
 module.exports.stream = putStream
-function putStream (cache, inputStream, opts, cb) {
+function putStream (cache, key, inputStream, opts, cb) {
   if (!cb) {
@@ -37,50 +52,26 @@ cb = opts
   }
-  opts = opts || {}
-  var startTime = +(new Date())
-  var logger = opts.logger || noop
-  var tmpFile = path.join(cache, 'tmp', (opts.prefix || '') + randomstring.generate())
-  mkdirp(path.dirname(tmpFile), function (err) {
+  cb = inflight('cacache.put.stream: ' + key, cb)
+  if (!cb) { return }
+  return putContentStream(cache, inputStream, opts, function (err, digest) {
+    if (err) { cb(err) }
+    index.insert(cache, key, digest, opts, cb)
+  })
+}
+
+module.exports.metadata = putMetadata
+function putMetadata (cache, key, metadata, opts, cb) {
+  if (!cb) {
+    cb = opts
+    opts = null
+  }
+  opts = Object.create(opts || {})
+  opts.metadata = metadata
+  opts.override = true
+  console.log('what the fuck tho')
+  index.find(cache, key, function (err, info) {
+    console.log('ok i read the thing', err, info)
     if (err) { return cb(err) }
-    var outStream = writeStreamAtomic(tmpFile)
-    var hash = crypto.createHash(opts.algorithm || 'sha256')
-    var hashStream = through(function (chunk, enc, cb) {
-      hash.update(chunk, enc)
-      cb(null, chunk)
-    })
-    pumpify(
-      inputStream, hashStream, outStream
-    ).on('error', function () {
-      rimraf(tmpFile, function (err) {
-        if (err) { cb(err) }
-      })
-    })
-    outStream.on('close', moveToDestination)
-
-    function moveToDestination () {
-      logger('verbose', 'Temporary file written. Moving to main cache.')
-      var digest = hash.digest('hex')
-      var destination = get.path(cache, digest)
-      mv(tmpFile, destination, {
-        mkdirp: true, clobber: !!opts.clobber
-      }, function (err) {
-        if (err) {
-          if (err.code === 'EEXIST') {
-            logger('verbose', digest, 'already has an entry in the cache. Skipping move')
-          } else if (err.code === 'EBUSY') {
-            logger('verbose', digest, 'exists and is already being accessed. Skipping move.')
-          } else {
-            return cb(err)
-          }
-        }
-        rimraf(tmpFile, function (err) {
-          if (err) { return cb(err) }
-          var timeDiff = +(new Date()) - startTime
-          logger('verbose', 'processed', digest, 'in', timeDiff + 'ms')
-          cb(null, digest)
-        })
-      })
-    }
+    if (!info) { return cb(index.notFoundError(cache, key)) }
+    index.insert(cache, key, info.digest, opts, cb)
   })
 }
-
-function noop () {}

New alerts

Major refactor

Supply chain risk

Package has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.

Found 1 instance in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 1 instance in 1 package

Fixed alerts

Nonpermissive License

License

(Experimental) A package's licensing information has fine-grained problems

Found 1 instance in 1 package

Network access

Supply chain risk

This module accesses the network.

Found 1 instance in 1 package

Shell access

Supply chain risk

This module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.

Found 1 instance in 1 package

Debug access

Supply chain risk

Uses debug, reflection and dynamic code execution features.

Found 1 instance in 1 package

Dynamic require

Supply chain risk

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 38 instances in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 5 instances in 1 package

Mixed license

License

(Experimental) Package contains multiple licenses.

Found 1 instance in 1 package

No tests

Quality

Package does not have any tests. This is a strong signal of a poorly maintained or low quality package.

Found 1 instance in 1 package

Improved metrics

Number of low license alerts

0

decreased by-100%

Number of medium license alerts

0

decreased by-100%

Number of low quality alerts

1

decreased by-50%

Number of lines in readme file

417

increased by149.7%

Number of low supply chain risk alerts

4

decreased by-98.81%

Number of medium supply chain risk alerts

1

decreased by-95.45%

Worsened metrics

Total package byte prevSize

27982

decreased by-99.7%

Dependency count

16

increased by100%

Dev dependency count

4

increased by100%

Number of package files

13

decreased by-98.18%

Lines of code

498

decreased by-98.75%

Dependency changes

• + Addedchownr@^1.0.1

• + Addedfrom2@^2.3.0

• + Addedfs-extra@^1.0.0

• + Addedgraceful-fs@^4.1.10

• + Addedinflight@^1.0.6

• + Addedlockfile@^1.0.2

• + Addedslide@^1.1.6

• + Addedsplit@^1.0.0

• + Addedtar-fs@^1.14.0

• + Addedbl@1.2.3(transitive)

• + Addedbuffer-alloc@1.2.0(transitive)

• + Addedbuffer-alloc-unsafe@1.1.0(transitive)

• + Addedbuffer-fill@1.0.0(transitive)

• + Addedchownr@1.1.4(transitive)

• + Addedfrom2@2.3.0(transitive)

• + Addedfs-constants@1.0.0(transitive)

• + Addedfs-extra@1.0.0(transitive)

• + Addedjsonfile@2.4.0(transitive)

• + Addedklaw@1.3.1(transitive)

• + Addedlockfile@1.0.4(transitive)

• + Addedpump@1.0.3(transitive)

• + Addedsignal-exit@3.0.7(transitive)

• + Addedslide@1.1.6(transitive)

• + Addedsplit@1.0.1(transitive)

• + Addedtar-fs@1.16.3(transitive)

• + Addedtar-stream@1.6.2(transitive)

• + Addedthrough@2.3.8(transitive)

• + Addedto-buffer@1.1.1(transitive)

• - Removedfs-write-stream-atomic@^1.0.8

• - Removedfs-write-stream-atomic@1.0.10(transitive)

• - Removediferr@0.1.5(transitive)

• - Removedimurmurhash@0.1.4(transitive)