npm-package-arg
Advanced tools
Comparing version 8.1.2 to 8.1.3
142
npa.js
@@ -6,12 +6,8 @@ 'use strict' | ||
let url | ||
let HostedGit | ||
let semver | ||
let path_ | ||
function path () { | ||
if (!path_) path_ = require('path') | ||
return path_ | ||
} | ||
let validatePackageName | ||
let os | ||
const url = require('url') | ||
const HostedGit = require('hosted-git-info') | ||
const semver = require('semver') | ||
const path = require('path') | ||
const validatePackageName = require('validate-npm-package-name') | ||
const { homedir } = require('os') | ||
@@ -28,29 +24,26 @@ const isWindows = process.platform === 'win32' || global.FAKE_WINDOWS | ||
if (typeof arg === 'object') { | ||
if (arg instanceof Result && (!where || where === arg.where)) { | ||
if (arg instanceof Result && (!where || where === arg.where)) | ||
return arg | ||
} else if (arg.name && arg.rawSpec) { | ||
else if (arg.name && arg.rawSpec) | ||
return npa.resolve(arg.name, arg.rawSpec, where || arg.where) | ||
} else { | ||
else | ||
return npa(arg.raw, where || arg.where) | ||
} | ||
} | ||
const nameEndsAt = arg[0] === '@' ? arg.slice(1).indexOf('@') + 1 : arg.indexOf('@') | ||
const namePart = nameEndsAt > 0 ? arg.slice(0, nameEndsAt) : arg | ||
if (isURL.test(arg)) { | ||
if (isURL.test(arg)) | ||
spec = arg | ||
} else if (isGit.test(arg)) { | ||
else if (isGit.test(arg)) | ||
spec = `git+ssh://${arg}` | ||
} else if (namePart[0] !== '@' && (hasSlashes.test(namePart) || isFilename.test(namePart))) { | ||
else if (namePart[0] !== '@' && (hasSlashes.test(namePart) || isFilename.test(namePart))) | ||
spec = arg | ||
} else if (nameEndsAt > 0) { | ||
else if (nameEndsAt > 0) { | ||
name = namePart | ||
spec = arg.slice(nameEndsAt + 1) | ||
} else { | ||
if (!validatePackageName) validatePackageName = require('validate-npm-package-name') | ||
const valid = validatePackageName(arg) | ||
if (valid.validForOldPackages) { | ||
if (valid.validForOldPackages) | ||
name = arg | ||
} else { | ||
else | ||
spec = arg | ||
} | ||
} | ||
@@ -67,23 +60,25 @@ return resolve(name, spec, where, arg) | ||
rawSpec: spec, | ||
fromArgument: arg != null | ||
fromArgument: arg != null, | ||
}) | ||
if (name) res.setName(name) | ||
if (name) | ||
res.setName(name) | ||
if (spec && (isFilespec.test(spec) || /^file:/i.test(spec))) { | ||
if (spec && (isFilespec.test(spec) || /^file:/i.test(spec))) | ||
return fromFile(res, where) | ||
} else if (spec && /^npm:/i.test(spec)) { | ||
else if (spec && /^npm:/i.test(spec)) | ||
return fromAlias(res, where) | ||
} | ||
if (!HostedGit) HostedGit = require('hosted-git-info') | ||
const hosted = HostedGit.fromUrl(spec, { noGitPlus: true, noCommittish: true }) | ||
if (hosted) { | ||
const hosted = HostedGit.fromUrl(spec, { | ||
noGitPlus: true, | ||
noCommittish: true, | ||
}) | ||
if (hosted) | ||
return fromHostedGit(res, hosted) | ||
} else if (spec && isURL.test(spec)) { | ||
else if (spec && isURL.test(spec)) | ||
return fromURL(res) | ||
} else if (spec && (hasSlashes.test(spec) || isFilename.test(spec))) { | ||
else if (spec && (hasSlashes.test(spec) || isFilename.test(spec))) | ||
return fromFile(res, where) | ||
} else { | ||
else | ||
return fromRegistry(res) | ||
} | ||
} | ||
@@ -106,7 +101,7 @@ | ||
this.where = opts.where | ||
if (opts.raw == null) { | ||
if (opts.raw == null) | ||
this.raw = opts.name ? opts.name + '@' + opts.rawSpec : opts.rawSpec | ||
} else { | ||
else | ||
this.raw = opts.raw | ||
} | ||
this.name = undefined | ||
@@ -118,3 +113,4 @@ this.escapedName = undefined | ||
this.fetchSpec = opts.fetchSpec | ||
if (opts.name) this.setName(opts.name) | ||
if (opts.name) | ||
this.setName(opts.name) | ||
this.gitRange = opts.gitRange | ||
@@ -126,7 +122,6 @@ this.gitCommittish = opts.gitCommittish | ||
Result.prototype.setName = function (name) { | ||
if (!validatePackageName) validatePackageName = require('validate-npm-package-name') | ||
const valid = validatePackageName(name) | ||
if (!valid.validForOldPackages) { | ||
if (!valid.validForOldPackages) | ||
throw invalidPackageName(name, valid) | ||
} | ||
this.name = name | ||
@@ -141,5 +136,7 @@ this.scope = name[0] === '@' ? name.slice(0, name.indexOf('/')) : undefined | ||
const full = [] | ||
if (this.name != null && this.name !== '') full.push(this.name) | ||
if (this.name != null && this.name !== '') | ||
full.push(this.name) | ||
const spec = this.saveSpec || this.fetchSpec || this.rawSpec | ||
if (spec != null && spec !== '') full.push(spec) | ||
if (spec != null && spec !== '') | ||
full.push(spec) | ||
return full.length ? full.join('@') : this.raw | ||
@@ -158,5 +155,5 @@ } | ||
res.gitCommittish = null | ||
} else { | ||
} else | ||
res.gitCommittish = committish === '' ? null : committish | ||
} | ||
return res | ||
@@ -168,9 +165,12 @@ } | ||
function resolvePath (where, spec) { | ||
if (isAbsolutePath.test(spec)) return spec | ||
return path().resolve(where, spec) | ||
if (isAbsolutePath.test(spec)) | ||
return spec | ||
return path.resolve(where, spec) | ||
} | ||
function isAbsolute (dir) { | ||
if (dir[0] === '/') return true | ||
if (/^[A-Za-z]:/.test(dir)) return true | ||
if (dir[0] === '/') | ||
return true | ||
if (/^[A-Za-z]:/.test(dir)) | ||
return true | ||
return false | ||
@@ -180,3 +180,4 @@ } | ||
function fromFile (res, where) { | ||
if (!where) where = process.cwd() | ||
if (!where) | ||
where = process.cwd() | ||
res.type = isFilename.test(res.rawSpec) ? 'file' : 'directory' | ||
@@ -190,12 +191,10 @@ res.where = where | ||
// this is needed for windows and for file:~/foo/bar | ||
if (!os) os = require('os') | ||
res.fetchSpec = resolvePath(os.homedir(), spec.slice(2)) | ||
res.fetchSpec = resolvePath(homedir(), spec.slice(2)) | ||
res.saveSpec = 'file:' + spec | ||
} else { | ||
res.fetchSpec = resolvePath(where, spec) | ||
if (isAbsolute(spec)) { | ||
if (isAbsolute(spec)) | ||
res.saveSpec = 'file:' + spec | ||
} else { | ||
res.saveSpec = 'file:' + path().relative(where, res.fetchSpec) | ||
} | ||
else | ||
res.saveSpec = 'file:' + path.relative(where, res.fetchSpec) | ||
} | ||
@@ -231,3 +230,3 @@ return res | ||
fetchSpec: matched[1], | ||
gitCommittish: matched[2] == null ? null : matched[2] | ||
gitCommittish: matched[2] == null ? null : matched[2], | ||
} | ||
@@ -237,3 +236,3 @@ } | ||
function fromURL (res) { | ||
if (!url) url = require('url') | ||
// eslint-disable-next-line node/no-deprecated-api | ||
const urlparse = url.parse(res.rawSpec) | ||
@@ -249,5 +248,6 @@ res.saveSpec = res.rawSpec | ||
case 'git+file:': | ||
case 'git+ssh:': | ||
case 'git+ssh:': { | ||
res.type = 'git' | ||
const match = urlparse.protocol === 'git+ssh:' && matchGitScp(res.rawSpec) | ||
const match = urlparse.protocol === 'git+ssh:' ? matchGitScp(res.rawSpec) | ||
: null | ||
if (match) { | ||
@@ -268,2 +268,3 @@ setGitCommittish(res, match.gitCommittish) | ||
break | ||
} | ||
case 'http:': | ||
@@ -284,8 +285,8 @@ case 'https:': | ||
const subSpec = npa(res.rawSpec.substr(4), where) | ||
if (subSpec.type === 'alias') { | ||
if (subSpec.type === 'alias') | ||
throw new Error('nested aliases not supported') | ||
} | ||
if (!subSpec.registry) { | ||
if (!subSpec.registry) | ||
throw new Error('aliases only work for registry deps') | ||
} | ||
res.subSpec = subSpec | ||
@@ -301,3 +302,3 @@ res.registry = true | ||
res.registry = true | ||
const spec = res.rawSpec === '' ? 'latest' : res.rawSpec | ||
const spec = res.rawSpec === '' ? 'latest' : res.rawSpec.trim() | ||
// no save spec for registry components as we save based on the fetched | ||
@@ -307,13 +308,12 @@ // version, not on the argument so this can't compute that. | ||
res.fetchSpec = spec | ||
if (!semver) semver = require('semver') | ||
const version = semver.valid(spec, true) | ||
const range = semver.validRange(spec, true) | ||
if (version) { | ||
if (version) | ||
res.type = 'version' | ||
} else if (range) { | ||
else if (range) | ||
res.type = 'range' | ||
} else { | ||
if (encodeURIComponent(spec) !== spec) { | ||
else { | ||
if (encodeURIComponent(spec) !== spec) | ||
throw invalidTagName(spec) | ||
} | ||
res.type = 'tag' | ||
@@ -320,0 +320,0 @@ } |
{ | ||
"name": "npm-package-arg", | ||
"version": "8.1.2", | ||
"version": "8.1.3", | ||
"description": "Parse the things that can be arguments to `npm install`", | ||
@@ -18,3 +18,4 @@ "main": "npa.js", | ||
"devDependencies": { | ||
"tap": "^14.11.0" | ||
"@npmcli/lint": "^1.0.1", | ||
"tap": "^15.0.9" | ||
}, | ||
@@ -26,3 +27,8 @@ "scripts": { | ||
"test": "tap", | ||
"snap": "tap" | ||
"snap": "tap", | ||
"npmclilint": "npmcli-lint", | ||
"lint": "npm run npmclilint -- \"*.*js\" \"test/**/*.*js\"", | ||
"lintfix": "npm run lint -- --fix", | ||
"posttest": "npm run lint --", | ||
"postsnap": "npm run lintfix --" | ||
}, | ||
@@ -29,0 +35,0 @@ "repository": { |
New author
Supply chain riskA new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.
Found 1 instance in 1 package
0
14492
2
4
271