Socket
Socket
Sign inDemoInstall

libnpmaccess

Package Overview
Dependencies
Maintainers
1
Versions
36
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

libnpmaccess - npm Package Compare versions

Comparing version 2.0.1 to 3.0.0

17

CHANGELOG.md

@@ -5,2 +5,19 @@ # Change Log

<a name="3.0.0"></a>
# [3.0.0](https://github.com/npm/libnpmaccess/compare/v2.0.1...v3.0.0) (2018-08-24)
### Features
* **api:** overhaul API ergonomics ([1faf00a](https://github.com/npm/libnpmaccess/commit/1faf00a))
### BREAKING CHANGES
* **api:** all API calls where scope and team were separate, or
where team was an extra, optional argument should now use a
fully-qualified team name instead, in the `scope:team` format.
<a name="2.0.1"></a>

@@ -7,0 +24,0 @@ ## [2.0.1](https://github.com/npm/libnpmaccess/compare/v2.0.0...v2.0.1) (2018-08-24)

70

index.js

@@ -29,3 +29,3 @@ 'use strict'

opts = AccessConfig(opts)
return new opts.Promise((resolve, reject) => {
return pwrap(opts, () => {
spec = npar(spec)

@@ -38,12 +38,12 @@ validate('OSO', [spec, access, opts])

spec
})).then(resolve, reject)
}))
}).then(res => res.body.resume() && true)
}
cmd.grant = (spec, scope, team, permissions, opts) => {
cmd.grant = (spec, entity, permissions, opts) => {
opts = AccessConfig(opts)
return new opts.Promise((resolve, reject) => {
return pwrap(opts, () => {
spec = npar(spec)
const {scope, team} = splitEntity(entity)
validate('OSSSO', [spec, scope, team, permissions, opts])
scope = scope.replace(/^@/, '')
if (permissions !== 'read-write' && permissions !== 'read-only') {

@@ -57,13 +57,14 @@ throw new Error('`permissions` must be `read-write` or `read-only`. Got `' + permissions + '` instead')

scope,
spec
})).then(resolve, reject)
}).then(res => res.body.resume() && true)
spec,
ignoreBody: true
}))
}).then(() => true)
}
cmd.revoke = (spec, scope, team, opts) => {
cmd.revoke = (spec, entity, opts) => {
opts = AccessConfig(opts)
return new opts.Promise((resolve, reject) => {
return pwrap(opts, () => {
spec = npar(spec)
const {scope, team} = splitEntity(entity)
validate('OSSO', [spec, scope, team, opts])
scope = scope.replace(/^@/, '')
const uri = `/-/team/${eu(scope)}/${eu(team)}/package`

@@ -74,12 +75,13 @@ return npmFetch(uri, opts.concat({

scope,
spec
})).then(resolve, reject)
}).then(res => res.body.resume() && true)
spec,
ignoreBody: true
}))
}).then(() => true)
}
cmd.lsPackages = (scope, team, opts) => {
cmd.lsPackages = (entity, opts) => {
opts = AccessConfig(opts)
return new opts.Promise((resolve, reject) => {
return pwrap(opts, () => {
return getStream.array(
cmd.lsPackages.stream(scope, team, opts)
cmd.lsPackages.stream(entity, opts)
).then(data => data.reduce((acc, [key, val]) => {

@@ -91,10 +93,10 @@ if (!acc) {

return acc
}, null)).then(resolve, reject)
}, null))
})
}
cmd.lsPackages.stream = (scope, team, opts) => {
cmd.lsPackages.stream = (entity, opts) => {
opts = AccessConfig(opts)
const {scope, team} = splitEntity(entity)
validate('SSO|SZO', [scope, team, opts])
scope = scope.replace(/^@/, '')
let uri

@@ -133,4 +135,8 @@ if (team) {

cmd.lsCollaborators = (spec, user, opts) => {
if (typeof user === 'object' && !opts) {
opts = user
user = undefined
}
opts = AccessConfig(opts)
return new opts.Promise((resolve, reject) => {
return pwrap(opts, () => {
return getStream.array(

@@ -144,3 +150,3 @@ cmd.lsCollaborators.stream(spec, user, opts)

return acc
}, null)).then(resolve, reject)
}, null))
})

@@ -150,2 +156,6 @@ }

cmd.lsCollaborators.stream = (spec, user, opts) => {
if (typeof user === 'object' && !opts) {
opts = user
user = undefined
}
opts = AccessConfig(opts)

@@ -180,5 +190,6 @@ spec = npar(spec)

body: {publish_requires_tfa: required},
spec
spec,
ignoreBody: true
})).then(resolve, reject)
}).then(res => res.body.resume() && true)
}).then(() => true)
}

@@ -189,1 +200,12 @@

}
function splitEntity (entity = '') {
let [, scope, team] = entity.match(/^@?([^:]+)(?::(.*))?$/) || []
return {scope, team}
}
function pwrap (opts, fn) {
return new opts.Promise((resolve, reject) => {
fn().then(resolve, reject)
})
}

2

package.json
{
"name": "libnpmaccess",
"version": "2.0.1",
"version": "3.0.0",
"description": "programmatic library for `npm access` commands",

@@ -5,0 +5,0 @@ "author": {

53

README.md

@@ -99,8 +99,8 @@ # libnpmaccess [![npm version](https://img.shields.io/npm/v/libnpmaccess.svg)](https://npm.im/libnpmaccess) [![license](https://img.shields.io/npm/l/libnpmaccess.svg)](https://npm.im/libnpmaccess) [![Travis](https://img.shields.io/travis/npm/libnpmaccess/latest.svg)](https://travis-ci.org/npm/libnpmaccess) [![AppVeyor](https://img.shields.io/appveyor/ci/zkat/libnpmaccess/latest.svg)](https://ci.appveyor.com/project/zkat/libnpmaccess) [![Coverage Status](https://coveralls.io/repos/github/npm/libnpmaccess/badge.svg?branch=latest)](https://coveralls.io/github/npm/libnpmaccess?branch=latest)

#### <a name="grant"></a> `> access.grant(spec, scope, team, permissions, [opts]) -> Promise`
#### <a name="grant"></a> `> access.grant(spec, team, permissions, [opts]) -> Promise`
`spec` must be an [`npm-package-arg`](https://npm.im/npm-package-arg)-compatible
registry spec. `scope` must be a valid scope, with or without the `@` prefix,
and `team` must be a valid team within that scope. `permissions` must be one of
`'read-only'` or `'read-write'`.
registry spec. `team` must be a fully-qualified team name, in the `scope:team`
format, with or without the `@` prefix, and the team must be a valid team within
that scope. `permissions` must be one of `'read-only'` or `'read-write'`.

@@ -112,3 +112,3 @@ Grants `read-only` or `read-write` permissions for a certain package to a team.

```javascript
await access.grant('@foo/bar', '@foo', 'myteam', 'read-write', {
await access.grant('@foo/bar', '@foo:myteam', 'read-write', {
token: 'myregistrytoken'

@@ -119,8 +119,8 @@ })

#### <a name="revoke"></a> `> access.revoke(spec, scope, team, [opts]) -> Promise`
#### <a name="revoke"></a> `> access.revoke(spec, team, [opts]) -> Promise`
`spec` must be an [`npm-package-arg`](https://npm.im/npm-package-arg)-compatible
registry spec. `scope` must be a valid scope, with or without the `@` prefix,
and `team` must be a valid team within that scope. `permissions` must be one of
`'read-only'` or `'read-write'`.
registry spec. `team` must be a fully-qualified team name, in the `scope:team`
format, with or without the `@` prefix, and the team must be a valid team within
that scope. `permissions` must be one of `'read-only'` or `'read-write'`.

@@ -132,3 +132,3 @@ Removes access to a package from a certain team.

```javascript
await access.revoke('@foo/bar', '@foo', 'myteam', {
await access.revoke('@foo/bar', '@foo:myteam', {
token: 'myregistrytoken'

@@ -170,7 +170,6 @@ })

#### <a name="ls-packages"></a> `> access.lsPackages(scope, [team], [opts]) -> Promise`
#### <a name="ls-packages"></a> `> access.lsPackages(entity, [opts]) -> Promise`
`scope` must be a valid org or user name, with or without the `@` prefix. `team`
is optional and, if provided, must be a valid team within that scope. `team`
must be `null` in order to pass in `opts`.
`entity` must be either a valid org or user name, or a fully-qualified team name
in the `scope:team` format, with or without the `@` prefix.

@@ -181,8 +180,12 @@ Lists out packages a user, org, or team has access to, with corresponding

For a streamed version of these results, see [`access.lsPackages.stream()`](#ls-package-stream).
In order to disambiguate between users and orgs, two requests may end up being
made when listing orgs or users.
For a streamed version of these results, see
[`access.lsPackages.stream()`](#ls-package-stream).
##### Example
```javascript
await access.lsPackages('zkat', null, {
await access.lsPackages('zkat', {
token: 'myregistrytoken'

@@ -196,5 +199,4 @@ })

`scope` must be a valid org or user name, with or without the `@` prefix. `team`
is optional and, if provided, must be a valid team within that scope. `team`
must be `null` in order to pass in `opts`.
`entity` must be either a valid org or user name, or a fully-qualified team name
in the `scope:team` format, with or without the `@` prefix.

@@ -206,2 +208,5 @@ Streams out packages a user, org, or team has access to, with corresponding

In order to disambiguate between users and orgs, two requests may end up being
made when listing orgs or users.
The returned stream is a valid `asyncIterator`.

@@ -222,5 +227,4 @@

`spec` must be an [`npm-package-arg`](https://npm.im/npm-package-arg)-compatible
registry spec. `scope` must be a valid org or user name, with or without the `@`
prefix. `team` is optional and, if provided, must be a valid team within that
scope. `team` must be `null` in order to pass in `opts`.
registry spec. `user` must be a valid user name, with or without the `@`
prefix.

@@ -245,5 +249,4 @@ Lists out access privileges for a certain package. Will only show permissions

`spec` must be an [`npm-package-arg`](https://npm.im/npm-package-arg)-compatible
registry spec. `scope` must be a valid org or user name, with or without the `@`
prefix. `team` is optional and, if provided, must be a valid team within that
scope. `team` must be `null` in order to pass in `opts`.
registry spec. `user` must be a valid user name, with or without the `@`
prefix.

@@ -250,0 +253,0 @@ Stream out access privileges for a certain package, with each entry in `[user,

46

test/index.js

@@ -57,3 +57,3 @@ 'use strict'

return access.grant(
'@foo/bar', 'myorg', 'myteam', 'read-write', OPTS
'@foo/bar', 'myorg:myteam', 'read-write', OPTS
).then(ret => {

@@ -70,3 +70,3 @@ t.deepEqual(ret, true, 'request succeeded')

return access.grant(
'@foo/bar', 'myorg', 'myteam', 'read-only', OPTS
'@foo/bar', 'myorg:myteam', 'read-only', OPTS
).then(ret => {

@@ -79,3 +79,3 @@ t.deepEqual(ret, true, 'request succeeded')

return access.grant(
'@foo/bar', 'myorg', 'myteam', 'unknown', OPTS
'@foo/bar', 'myorg:myteam', 'unknown', OPTS
).then(ret => {

@@ -92,2 +92,16 @@ throw new Error('should not have succeeded')

test('access grant no entity', t => {
return access.grant(
'@foo/bar', undefined, 'read-write', OPTS
).then(ret => {
throw new Error('should not have succeeded')
}, err => {
t.match(
err.message,
/Expected string/,
'passing undefined entity gives useful error'
)
})
})
test('access grant basic unscoped', t => {

@@ -99,3 +113,3 @@ tnock(t, REG).put('/-/team/myorg/myteam/package', {

return access.grant(
'bar', 'myorg', 'myteam', 'read-write', OPTS
'bar', 'myorg:myteam', 'read-write', OPTS
).then(ret => {

@@ -110,3 +124,3 @@ t.deepEqual(ret, true, 'request succeeded')

}).reply(200)
return access.revoke('@foo/bar', 'myorg', 'myteam', OPTS).then(ret => {
return access.revoke('@foo/bar', 'myorg:myteam', OPTS).then(ret => {
t.deepEqual(ret, true, 'request succeeded')

@@ -120,3 +134,3 @@ })

}).reply(200, {accessChanged: true})
return access.revoke('bar', 'myorg', 'myteam', OPTS).then(ret => {
return access.revoke('bar', 'myorg:myteam', OPTS).then(ret => {
t.deepEqual(ret, true, 'request succeeded')

@@ -140,3 +154,3 @@ })

).reply(200, serverPackages)
return access.lsPackages('myorg', 'myteam', OPTS).then(data => {
return access.lsPackages('myorg:myteam', OPTS).then(data => {
t.deepEqual(data, clientPackages, 'got client package info')

@@ -160,3 +174,3 @@ })

).reply(200, serverPackages)
return access.lsPackages('myorg', null, OPTS).then(data => {
return access.lsPackages('myorg', OPTS).then(data => {
t.deepEqual(data, clientPackages, 'got client package info')

@@ -180,3 +194,3 @@ })

srv.get('/-/user/myuser/package?format=cli').reply(200, serverPackages)
return access.lsPackages('myuser', null, OPTS).then(data => {
return access.lsPackages('myuser', OPTS).then(data => {
t.deepEqual(data, clientPackages, 'got client package info')

@@ -188,5 +202,3 @@ })

tnock(t, REG).get('/-/team/myorg/myteam/package?format=cli').reply(404)
return access.lsPackages(
'myorg', 'myteam', OPTS
).then(
return access.lsPackages('myorg:myteam', OPTS).then(
() => { throw new Error('should not have succeeded') },

@@ -201,3 +213,3 @@ err => t.equal(err.code, 'E404', 'spit out 404 directly if team provided')

srv.get('/-/user/myuser/package?format=cli').reply(404, {error: 'not found'})
return access.lsPackages('myuser', null, OPTS).then(
return access.lsPackages('myuser', OPTS).then(
() => { throw new Error('should not have succeeded') },

@@ -212,3 +224,3 @@ err => t.equal(err.code, 'E404', 'spit out 404 if both reqs fail')

).reply(200, JSON.stringify(null))
return access.lsPackages('myorg', 'myteam', OPTS).then(data => {
return access.lsPackages('myorg:myteam', OPTS).then(data => {
t.deepEqual(data, null, 'succeeds with null')

@@ -233,3 +245,3 @@ })

return getStream.array(
access.lsPackages.stream('myorg', 'myteam', OPTS)
access.lsPackages.stream('myorg:myteam', OPTS)
).then(data => {

@@ -254,3 +266,3 @@ t.deepEqual(data, clientPackages, 'got streamed client package info')

).reply(200, serverCollaborators)
return access.lsCollaborators('@foo/bar', null, OPTS).then(data => {
return access.lsCollaborators('@foo/bar', OPTS).then(data => {
t.deepEqual(data, clientCollaborators, 'got collaborators')

@@ -275,3 +287,3 @@ })

return getStream.array(
access.lsCollaborators.stream('@foo/bar', null, OPTS)
access.lsCollaborators.stream('@foo/bar', OPTS)
).then(data => {

@@ -278,0 +290,0 @@ t.deepEqual(data, clientCollaborators, 'got collaborators')

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc