libnpmexec
Advanced tools
Comparing version 5.0.0-pre.4 to 5.0.0-pre.5
const { resolve } = require('path') | ||
const fs = require('@npmcli/fs') | ||
const { stat } = require('fs/promises') | ||
const walkUp = require('walk-up-path') | ||
@@ -7,3 +7,3 @@ | ||
try { | ||
const res = await fs.stat(file) | ||
const res = await stat(file) | ||
return res.isFile() | ||
@@ -10,0 +10,0 @@ } catch { |
'use strict' | ||
const { mkdir } = require('fs/promises') | ||
const { promisify } = require('util') | ||
@@ -9,3 +10,2 @@ | ||
const log = require('proc-log') | ||
const mkdirp = require('mkdirp-infer-owner') | ||
const npa = require('npm-package-arg') | ||
@@ -42,20 +42,18 @@ const npmlog = require('npmlog') | ||
const missingFromTree = async ({ spec, tree, flatOptions }) => { | ||
if (spec.registry && (spec.rawSpec === '' || spec.type !== 'tag')) { | ||
if (spec.registry && spec.type !== 'tag') { | ||
// registry spec that is not a specific tag. | ||
const nodesBySpec = tree.inventory.query('packageName', spec.name) | ||
for (const node of nodesBySpec) { | ||
if (spec.type === 'tag') { | ||
// package requested by name only | ||
// package requested by name only (or name@*) | ||
if (spec.rawSpec === '*') { | ||
return { node } | ||
} else if (spec.type === 'version') { | ||
// package requested by specific version | ||
if (node.pkgid === spec.raw) { | ||
return { node } | ||
} | ||
} else { | ||
// package requested by version range, only remaining registry type | ||
if (semver.satisfies(node.package.version, spec.rawSpec)) { | ||
return { node } | ||
} | ||
} | ||
// package requested by specific version | ||
if (spec.type === 'version' && (node.pkgid === spec.raw)) { | ||
return { node } | ||
} | ||
// package requested by version range, only remaining registry type | ||
if (semver.satisfies(node.package.version, spec.rawSpec)) { | ||
return { node } | ||
} | ||
} | ||
@@ -210,3 +208,3 @@ const manifest = await getManifest(spec, flatOptions) | ||
const installDir = resolve(npxCache, hash) | ||
await mkdirp(installDir) | ||
await mkdir(installDir, { recursive: true }) | ||
const npxArb = new Arborist({ | ||
@@ -213,0 +211,0 @@ ...flatOptions, |
{ | ||
"name": "libnpmexec", | ||
"version": "5.0.0-pre.4", | ||
"version": "5.0.0-pre.5", | ||
"files": [ | ||
@@ -53,5 +53,5 @@ "bin/", | ||
"devDependencies": { | ||
"@npmcli/eslint-config": "^3.1.0", | ||
"@npmcli/template-oss": "4.5.0", | ||
"bin-links": "^3.0.3", | ||
"@npmcli/eslint-config": "^4.0.0", | ||
"@npmcli/template-oss": "4.6.2", | ||
"bin-links": "^4.0.1", | ||
"minify-registry-metadata": "^2.2.0", | ||
@@ -62,14 +62,12 @@ "mkdirp": "^1.0.4", | ||
"dependencies": { | ||
"@npmcli/arborist": "^6.0.0-pre.4", | ||
"@npmcli/arborist": "^6.0.0-pre.5", | ||
"@npmcli/ci-detect": "^3.0.0", | ||
"@npmcli/fs": "^2.1.1", | ||
"@npmcli/run-script": "^4.2.0", | ||
"@npmcli/run-script": "^5.0.0", | ||
"chalk": "^4.1.0", | ||
"mkdirp-infer-owner": "^2.0.0", | ||
"npm-package-arg": "^9.0.1", | ||
"npmlog": "^6.0.2", | ||
"pacote": "^14.0.0", | ||
"proc-log": "^2.0.0", | ||
"npm-package-arg": "^10.0.0", | ||
"npmlog": "^7.0.1", | ||
"pacote": "^15.0.2", | ||
"proc-log": "^3.0.0", | ||
"read": "^1.0.7", | ||
"read-package-json-fast": "^2.0.2", | ||
"read-package-json-fast": "^3.0.1", | ||
"semver": "^7.3.7", | ||
@@ -80,5 +78,5 @@ "walk-up-path": "^1.0.0" | ||
"//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.", | ||
"version": "4.5.0", | ||
"version": "4.6.2", | ||
"content": "../../scripts/template-oss/index.js" | ||
} | ||
} |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Filesystem access
Supply chain riskAccesses the file system, and could potentially read sensitive data.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
12
16399
358
3
+ Added@npmcli/run-script@5.1.1(transitive)
- Removed@npmcli/fs@^2.1.1
- Removedmkdirp-infer-owner@^2.0.0
- Removed@npmcli/git@3.0.2(transitive)
- Removed@npmcli/installed-package-contents@1.0.7(transitive)
- Removed@npmcli/node-gyp@2.0.0(transitive)
- Removed@npmcli/promise-spawn@3.0.0(transitive)
- Removed@npmcli/run-script@4.2.1(transitive)
- Removedbuiltins@5.1.0(transitive)
- Removedhosted-git-info@5.2.1(transitive)
- Removedjson-parse-even-better-errors@2.3.1(transitive)
- Removedmkdirp-infer-owner@2.0.0(transitive)
- Removednormalize-package-data@4.0.1(transitive)
- Removednpm-bundled@1.1.2(transitive)
- Removednpm-install-checks@5.0.0(transitive)
- Removednpm-normalize-package-bin@1.0.12.0.0(transitive)
- Removednpm-package-arg@9.1.2(transitive)
- Removednpm-pick-manifest@7.0.2(transitive)
- Removednpm-registry-fetch@13.3.1(transitive)
- Removedpacote@14.0.0(transitive)
- Removedproc-log@2.0.1(transitive)
- Removedread-package-json@5.0.2(transitive)
- Removedread-package-json-fast@2.0.3(transitive)
- Removedvalidate-npm-package-name@4.0.0(transitive)
Updated@npmcli/run-script@^5.0.0
Updatednpm-package-arg@^10.0.0
Updatednpmlog@^7.0.1
Updatedpacote@^15.0.2
Updatedproc-log@^3.0.0