Comparing version 0.12.2 to 0.13.0
@@ -1,2 +0,1 @@ | ||
module.exports = exports = configure | ||
@@ -17,2 +16,3 @@ | ||
, cp = require('child_process') | ||
, extend = require('util')._extend | ||
, spawn = cp.spawn | ||
@@ -77,3 +77,5 @@ , execFile = cp.execFile | ||
function checkPythonVersion () { | ||
var env = { TERM: 'dumb', PATH: process.env.PATH }; | ||
var env = extend({}, process.env); | ||
env.TERM = 'dumb'; | ||
execFile(python, ['-c', 'import platform; print(platform.python_version());'], { env: env }, function (err, stdout) { | ||
@@ -93,3 +95,3 @@ if (err) { | ||
} | ||
var range = semver.Range('>=2.5.0 <3.0.0'); | ||
var range = semver.Range('>=2.5.0 <3.0.0') | ||
if (range.test(version)) { | ||
@@ -216,3 +218,3 @@ getNodeDir() | ||
// disable -T "thin" static archives by default | ||
variables.standalone_static_library = gyp.opts.thin ? 0 : 1; | ||
variables.standalone_static_library = gyp.opts.thin ? 0 : 1 | ||
@@ -318,2 +320,3 @@ // loop through the rest of the opts and add the unknown ones as variables. | ||
argv.push('--depth=.') | ||
argv.push('--no-parallel') | ||
@@ -320,0 +323,0 @@ // tell gyp to write the Makefile/Solution files into output_dir |
@@ -15,2 +15,3 @@ | ||
, path = require('path') | ||
, crypto = require('crypto') | ||
, zlib = require('zlib') | ||
@@ -155,2 +156,11 @@ , log = require('npmlog') | ||
function getContentSha(res, callback) { | ||
var shasum = crypto.createHash('sha1') | ||
res.on('data', function (chunk) { | ||
shasum.update(chunk) | ||
}).on('end', function () { | ||
callback(null, shasum.digest('hex')) | ||
}) | ||
} | ||
function go () { | ||
@@ -176,3 +186,3 @@ | ||
// now download the node tarball | ||
var tarPath = gyp.opts['tarball']; | ||
var tarPath = gyp.opts['tarball'] | ||
var tarballUrl = tarPath ? tarPath : distUrl + '/v' + version + '/node-v' + version + '.tar.gz' | ||
@@ -184,2 +194,5 @@ , badDownload = false | ||
var contentShasums = {} | ||
var expectShasums = {} | ||
// checks if a file to be extracted from the tarball is valid. | ||
@@ -237,2 +250,9 @@ // only .h header files and the gyp files get extracted | ||
} | ||
// content sha1 | ||
getContentSha(res, function (_, sha1) { | ||
var filename = path.basename(tarballUrl).trim() | ||
contentShasums[filename] = sha1 | ||
log.verbose('content sha1', filename, sha1) | ||
}) | ||
// start unzipping and untaring | ||
@@ -262,2 +282,6 @@ req.pipe(gunzip).pipe(extracter) | ||
// download SHASUMS.txt | ||
async++ | ||
downloadShasums(deref) | ||
if (async === 0) { | ||
@@ -270,6 +294,55 @@ // no async tasks required | ||
if (err) return cb(err) | ||
--async || cb() | ||
async-- | ||
if (!async) { | ||
log.verbose('download contents shasums', JSON.stringify(contentShasums)) | ||
// check content shasums | ||
for (var k in contentShasums) { | ||
log.verbose('validating download shasum for ' + k, '(%s == %s)', contentShasums[k], expectShasums[k]) | ||
if (contentShasums[k] !== expectShasums[k]) { | ||
cb(new Error(k + ' local sha1 ' + contentShasums[k] + ' not match remote ' + expectShasums[k])) | ||
return | ||
} | ||
} | ||
cb() | ||
} | ||
} | ||
} | ||
function downloadShasums(done) { | ||
log.verbose('check download content sha1, need to download `SHASUMS.txt`...') | ||
var shasumsPath = path.resolve(devDir, 'SHASUMS.txt') | ||
, shasumsUrl = distUrl + '/v' + version + '/SHASUMS.txt' | ||
log.verbose('`SHASUMS.txt` url', shasumsUrl) | ||
var req = download(shasumsUrl) | ||
if (!req) return | ||
req.on('error', done) | ||
req.on('response', function (res) { | ||
if (res.statusCode !== 200) { | ||
done(new Error(res.statusCode + ' status code downloading SHASUMS.txt')) | ||
return | ||
} | ||
var chunks = [] | ||
res.on('data', function (chunk) { | ||
chunks.push(chunk) | ||
}) | ||
res.on('end', function () { | ||
var lines = Buffer.concat(chunks).toString().trim().split('\n') | ||
lines.forEach(function (line) { | ||
var items = line.trim().split(/\s+/) | ||
if (items.length !== 2) return | ||
// 0035d18e2dcf9aad669b1c7c07319e17abfe3762 ./node-v0.11.4.tar.gz | ||
var name = items[1].replace(/^\.\//, '') | ||
expectShasums[name] = items[0] | ||
}) | ||
log.verbose('`SHASUMS.txt` data', JSON.stringify(expectShasums)) | ||
done() | ||
}) | ||
}) | ||
} | ||
function downloadNodeLib (done) { | ||
@@ -303,2 +376,7 @@ log.verbose('on Windows; need to download `node.lib`...') | ||
getContentSha(res, function (_, sha1) { | ||
contentShasums['node.lib'] = sha1 | ||
log.verbose('content sha1', 'node.lib', sha1) | ||
}) | ||
var ws = fs.createWriteStream(nodeLibPath32) | ||
@@ -325,2 +403,7 @@ ws.on('error', cb) | ||
getContentSha(res, function (_, sha1) { | ||
contentShasums['x64/node.lib'] = sha1 | ||
log.verbose('content sha1', 'x64/node.lib', sha1) | ||
}) | ||
var ws = fs.createWriteStream(nodeLibPath64) | ||
@@ -327,0 +410,0 @@ ws.on('error', cb) |
@@ -13,3 +13,3 @@ { | ||
], | ||
"version": "0.12.2", | ||
"version": "0.13.0", | ||
"installVersion": 9, | ||
@@ -16,0 +16,0 @@ "author": "Nathan Rajlich <nathan@tootallnate.net> (http://tootallnate.net)", |
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 1 instance in 1 package
1392615
85
1316