npm-install-checks
Advanced tools
Comparing version 3.0.2 to 4.0.0
@@ -1,3 +0,11 @@ | ||
### v3.0.0 2016-01-12 | ||
# Change Log | ||
## v4.0 | ||
* Remove `checkCycle` and `checkGit`, as they are no longer used in npm v7 | ||
* Synchronous throw-or-return API instead of taking a callback needlessly | ||
* Modernize code and drop support for node versions less than 10 | ||
## v3 2016-01-12 | ||
* Change error messages to be more informative. | ||
@@ -8,4 +16,4 @@ * checkEngine, when not in strict mode, now calls back with the error | ||
### v2.0.0 2015-01-20 | ||
## v2 2015-01-20 | ||
* Remove checking of engineStrict in the package.json |
174
index.js
@@ -1,61 +0,51 @@ | ||
var fs = require('fs') | ||
var path = require('path') | ||
var util = require('util') | ||
var semver = require('semver') | ||
const {format} = require('util') | ||
const semver = require('semver') | ||
exports.checkEngine = checkEngine | ||
function checkEngine (target, npmVer, nodeVer, force, strict, cb) { | ||
var nodev = force ? null : nodeVer | ||
var eng = target.engines | ||
var opt = { includePrerelease: true } | ||
if (!eng) return cb() | ||
if (nodev && eng.node && !semver.satisfies(nodev, eng.node, opt) || | ||
eng.npm && !semver.satisfies(npmVer, eng.npm, opt)) { | ||
var er = new Error(util.format('Unsupported engine for %s: wanted: %j (current: %j)', | ||
target._id, eng, {node: nodev, npm: npmVer})) | ||
er.code = 'ENOTSUP' | ||
er.required = eng | ||
er.pkgid = target._id | ||
if (strict) { | ||
return cb(er) | ||
} else { | ||
return cb(null, er) | ||
} | ||
const checkEngine = (target, npmVer, nodeVer, force = false) => { | ||
const nodev = force ? null : nodeVer | ||
const eng = target.engines | ||
const opt = { includePrerelease: true } | ||
if (!eng) { | ||
return | ||
} | ||
return cb() | ||
const nodeFail = nodev && eng.node && !semver.satisfies(nodev, eng.node, opt) | ||
const npmFail = npmVer && eng.npm && !semver.satisfies(npmVer, eng.npm, opt) | ||
if (nodeFail || npmFail) { | ||
throw Object.assign(new Error('Unsupported engine'), { | ||
pkgid: target._id, | ||
current: { node: nodeVer, npm: npmVer }, | ||
required: eng, | ||
code: 'EBADENGINE' | ||
}) | ||
} | ||
} | ||
exports.checkPlatform = checkPlatform | ||
function checkPlatform (target, force, cb) { | ||
var platform = process.platform | ||
var arch = process.arch | ||
var osOk = true | ||
var cpuOk = true | ||
const checkPlatform = (target, force = false) => { | ||
if (force) { | ||
return cb() | ||
return | ||
} | ||
if (target.os) { | ||
osOk = checkList(platform, target.os) | ||
} | ||
if (target.cpu) { | ||
cpuOk = checkList(arch, target.cpu) | ||
} | ||
const platform = process.platform | ||
const arch = process.arch | ||
const osOk = target.os ? checkList(platform, target.os) : true | ||
const cpuOk = target.cpu ? checkList(arch, target.cpu) : true | ||
if (!osOk || !cpuOk) { | ||
var er = new Error(util.format('Unsupported platform for %s: wanted %j (current: %j)', | ||
target._id, target, {os: platform, cpu: arch})) | ||
er.code = 'EBADPLATFORM' | ||
er.os = target.os || ['any'] | ||
er.cpu = target.cpu || ['any'] | ||
er.pkgid = target._id | ||
return cb(er) | ||
throw Object.assign(new Error('Unsupported platform'), { | ||
pkgid: target._id, | ||
current: { | ||
os: platform, | ||
cpu: arch | ||
}, | ||
required: { | ||
os: target.os, | ||
cpu: target.cpu | ||
}, | ||
code: 'EBADPLATFORM' | ||
}) | ||
} | ||
return cb() | ||
} | ||
function checkList (value, list) { | ||
var tmp | ||
var match = false | ||
var blc = 0 | ||
const checkList = (value, list) => { | ||
if (typeof list === 'string') { | ||
@@ -67,80 +57,24 @@ list = [list] | ||
} | ||
for (var i = 0; i < list.length; ++i) { | ||
tmp = list[i] | ||
if (tmp[0] === '!') { | ||
tmp = tmp.slice(1) | ||
if (tmp === value) { | ||
// match none of the negated values, and at least one of the | ||
// non-negated values, if any are present. | ||
let negated = 0 | ||
let match = false | ||
for (const entry of list) { | ||
const negate = entry.charAt(0) === '!' | ||
const test = negate ? entry.slice(1) : entry | ||
if (negate) { | ||
negated ++ | ||
if (value === test) { | ||
return false | ||
} | ||
++blc | ||
} else { | ||
match = match || tmp === value | ||
match = match || value === test | ||
} | ||
} | ||
return match || blc === list.length | ||
return match || negated === list.length | ||
} | ||
exports.checkCycle = checkCycle | ||
function checkCycle (target, ancestors, cb) { | ||
// there are some very rare and pathological edge-cases where | ||
// a cycle can cause npm to try to install a never-ending tree | ||
// of stuff. | ||
// Simplest: | ||
// | ||
// A -> B -> A' -> B' -> A -> B -> A' -> B' -> A -> ... | ||
// | ||
// Solution: Simply flat-out refuse to install any name@version | ||
// that is already in the prototype tree of the ancestors object. | ||
// A more correct, but more complex, solution would be to symlink | ||
// the deeper thing into the new location. | ||
// Will do that if anyone whines about this irl. | ||
// | ||
// Note: `npm install foo` inside of the `foo` package will abort | ||
// earlier if `--force` is not set. However, if it IS set, then | ||
// we need to still fail here, but just skip the first level. Of | ||
// course, it'll still fail eventually if it's a true cycle, and | ||
// leave things in an undefined state, but that's what is to be | ||
// expected when `--force` is used. That is why getPrototypeOf | ||
// is used *twice* here: to skip the first level of repetition. | ||
var p = Object.getPrototypeOf(Object.getPrototypeOf(ancestors)) | ||
var name = target.name | ||
var version = target.version | ||
while (p && p !== Object.prototype && p[name] !== version) { | ||
p = Object.getPrototypeOf(p) | ||
} | ||
if (p[name] !== version) return cb() | ||
var er = new Error(target._id + ': Unresolvable cycle detected') | ||
var tree = [target._id, JSON.parse(JSON.stringify(ancestors))] | ||
var t = Object.getPrototypeOf(ancestors) | ||
while (t && t !== Object.prototype) { | ||
if (t === p) t.THIS_IS_P = true | ||
tree.push(JSON.parse(JSON.stringify(t))) | ||
t = Object.getPrototypeOf(t) | ||
} | ||
er.pkgid = target._id | ||
er.code = 'ECYCLE' | ||
return cb(er) | ||
module.exports = { | ||
checkEngine, | ||
checkPlatform | ||
} | ||
exports.checkGit = checkGit | ||
function checkGit (folder, cb) { | ||
// if it's a git repo then don't touch it! | ||
fs.lstat(folder, function (er, s) { | ||
if (er || !s.isDirectory()) return cb() | ||
else checkGit_(folder, cb) | ||
}) | ||
} | ||
function checkGit_ (folder, cb) { | ||
fs.stat(path.resolve(folder, '.git'), function (er, s) { | ||
if (!er && s.isDirectory()) { | ||
var e = new Error(folder + ': Appears to be a git repo or submodule.') | ||
e.path = folder | ||
e.code = 'EISGIT' | ||
return cb(e) | ||
} | ||
cb() | ||
}) | ||
} |
{ | ||
"name": "npm-install-checks", | ||
"version": "3.0.2", | ||
"description": "checks that npm runs during the installation of a module", | ||
"version": "4.0.0", | ||
"description": "Check the engines and platform fields in package.json", | ||
"main": "index.js", | ||
"dependencies": { | ||
"semver": "^2.3.0 || 3.x || 4 || 5" | ||
"semver": "^7.1.1" | ||
}, | ||
"devDependencies": { | ||
"mkdirp": "^0.5.1", | ||
"rimraf": "^2.6.3", | ||
"standard": "^5.4.1", | ||
"tap": "^12.4.0" | ||
"tap": "^14.10.6" | ||
}, | ||
"scripts": { | ||
"test": "standard && tap --coverage test/*.js" | ||
"test": "tap", | ||
"preversion": "npm test", | ||
"postversion": "npm publish", | ||
"postpublish": "git push origin --follow-tags" | ||
}, | ||
@@ -22,3 +22,2 @@ "repository": { | ||
}, | ||
"homepage": "https://github.com/npm/npm-install-checks", | ||
"keywords": [ | ||
@@ -28,10 +27,9 @@ "npm,", | ||
], | ||
"author": "Robert Kowalski <rok@kowalski.gd>", | ||
"license": "BSD-2-Clause", | ||
"bugs": { | ||
"url": "https://github.com/npm/npm-install-checks/issues" | ||
}, | ||
"files": [ | ||
"index.js" | ||
] | ||
], | ||
"engines": { | ||
"node": ">=10" | ||
} | ||
} |
# npm-install-checks | ||
A package that contains checks that npm runs during the installation. | ||
Check the engines and platform fields in package.json | ||
## API | ||
### .checkEngine(target, npmVer, nodeVer, force, strict, cb) | ||
Check if node/npm version is supported by the package. If not | ||
strict and it isn't supported, `cb` is called with the error | ||
object as its second argument. | ||
Both functions will throw an error if the check fails, or return | ||
`undefined` if everything is ok. | ||
Error type: `ENOTSUP` | ||
Errors have a `required` and `current` fields. | ||
### .checkPlatform(target, force, cb) | ||
Check if OS/Arch is supported by the package. | ||
### .checkEngine(pkg, npmVer, nodeVer, force = false) | ||
Error type: `EBADPLATFORM` | ||
Check if node/npm version is supported by the package. If it isn't | ||
supported, an error is thrown. | ||
### .checkCycle(target, ancestors, cb) | ||
Check for cyclic dependencies. | ||
`force` argument will override the node version check, but not the npm | ||
version check, as this typically would indicate that the current version of | ||
npm is unable to install the package properly for some reason. | ||
Error type: `ECYCLE` | ||
Error code: 'EBADENGINE' | ||
### .checkGit(folder, cb) | ||
Check if a folder is a .git folder. | ||
### .checkPlatform(pkg, force) | ||
Error type: `EISGIT` | ||
Check if OS/Arch is supported by the package. | ||
Error code: 'EBADPLATFORM' |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
No contributors or author data
MaintenancePackage does not specify a list of contributors or an author in package.json.
Found 1 instance in 1 package
No bug tracker
MaintenancePackage does not have a linked bug tracker in package.json.
Found 1 instance in 1 package
No website
QualityPackage does not have a website.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Filesystem access
Supply chain riskAccesses the file system, and could potentially read sensitive data.
Found 1 instance in 1 package
1
0
5169
72
2
1
+ Addedsemver@7.6.3(transitive)
- Removedsemver@5.7.2(transitive)
Updatedsemver@^7.1.1