libnpmpublish - npm Package Compare versions

Comparing version 7.5.0 to 8.0.0

lib/publish.js

@@ -53,38 +53,12 @@ const { fixer } = require('normalize-package-data')
 
-  try {
-    const res = await npmFetch(spec.escapedName, {
-      ...opts,
-      method: 'PUT',
-      body: metadata,
-      ignoreBody: true,
-    })
-    if (transparencyLogUrl) {
-      res.transparencyLogUrl = transparencyLogUrl
-    }
-    return res
-  } catch (err) {
-    if (err.code !== 'E409') {
-      throw err
-    }
-    // if E409, we attempt exactly ONE retry, to protect us
-    // against malicious activity like trying to publish
-    // a bunch of new versions of a package at the same time
-    // and/or spamming the registry
-    const current = await npmFetch.json(spec.escapedName, {
-      ...opts,
-      query: { write: true },
-    })
-    const newMetadata = patchMetadata(current, metadata)
-    const res = await npmFetch(spec.escapedName, {
-      ...opts,
-      method: 'PUT',
-      body: newMetadata,
-      ignoreBody: true,
-    })
-    /* istanbul ignore next */
-    if (transparencyLogUrl) {
-      res.transparencyLogUrl = transparencyLogUrl
-    }
-    return res
+  const res = await npmFetch(spec.escapedName, {
+    ...opts,
+    method: 'PUT',
+    body: metadata,
+    ignoreBody: true,
+  })
+  if (transparencyLogUrl) {
+    res.transparencyLogUrl = transparencyLogUrl
   }
+  return res
 }
@@ -199,47 +173,2 @@
 
-const patchMetadata = (current, newData) => {
-  const curVers = Object.keys(current.versions || {})
-    .map(v => semver.clean(v, true))
-    .concat(Object.keys(current.time || {})
-      .map(v => semver.valid(v, true) && semver.clean(v, true))
-      .filter(v => v))
-
-  const newVersion = Object.keys(newData.versions)[0]
-
-  if (curVers.indexOf(newVersion) !== -1) {
-    const { name: pkgid, version } = newData
-    throw Object.assign(
-      new Error(
-        `Cannot publish ${pkgid}@${version} over existing version.`
-      ), {
-        code: 'EPUBLISHCONFLICT',
-        pkgid,
-        version,
-      })
-  }
-
-  current.versions = current.versions || {}
-  current.versions[newVersion] = newData.versions[newVersion]
-  for (const i in newData) {
-    switch (i) {
-      // objects that copy over the new stuffs
-      case 'dist-tags':
-      case 'versions':
-      case '_attachments':
-        for (const j in newData[i]) {
-          current[i] = current[i] || {}
-          current[i][j] = newData[i][j]
-        }
-        break
-
-      // copy
-      default:
-        current[i] = newData[i]
-        break
-    }
-  }
-
-  return current
-}
-
 // Check that all the prereqs are met for provenance generation
@@ -246,0 +175,0 @@ const ensureProvenanceGeneration = async (registry, spec, opts) => {

package.json

 {
   "name": "libnpmpublish",
-  "version": "7.5.0",
+  "version": "8.0.0",
   "description": "Programmatic API for the bits behind npm publish and unpublish",
@@ -29,4 +29,3 @@ "author": "GitHub Inc.",
     "@npmcli/mock-registry": "^1.0.0",
-    "@npmcli/template-oss": "4.14.1",
-    "lodash.clonedeep": "^4.5.0",
+    "@npmcli/template-oss": "4.18.0",
     "nock": "^13.3.0",
@@ -57,3 +56,3 @@ "tap": "^16.3.4"
     "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.",
-    "version": "4.14.1",
+    "version": "4.18.0",
     "content": "../../scripts/template-oss/index.js"
@@ -60,0 +59,0 @@ },

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Dev dependency count

6

decreased by-14.29%

Worsened metrics

Total package byte prevSize

27048

decreased by-6.66%

Lines of code

537

decreased by-10.8%

No dependency changes