Socket
Socket
Sign inDemoInstall

npm-packlist

Package Overview
Dependencies
4
Maintainers
5
Versions
62
Alerts
File Explorer

Advanced tools

npm Scripts

Install Socket

Detect and block malicious and high-risk dependencies

Install

Comparing version 6.0.1 to 7.0.0-pre.0

79

lib/index.js
'use strict'
const Arborist = require('@npmcli/arborist')
const { Walker: IgnoreWalker } = require('ignore-walk')

@@ -84,3 +83,3 @@ const { lstatSync: lstat, readFileSync: readFile } = require('fs')

class PackWalker extends IgnoreWalker {
constructor (opts) {
constructor (tree, opts) {
const options = {

@@ -90,9 +89,5 @@ ...opts,

follow: false,
}
// we path.resolve() here because ignore-walk doesn't do it and we want full paths
options.path = resolve(options.path || process.cwd()).replace(/\\/g, '/')
if (!options.ignoreFiles) {
options.ignoreFiles = [
// we path.resolve() here because ignore-walk doesn't do it and we want full paths
path: resolve(opts?.path || tree.path).replace(/\\/g, '/'),
ignoreFiles: opts?.ignoreFiles || [
defaultRules,

@@ -103,3 +98,3 @@ 'package.json',

strictRules,
]
],
}

@@ -110,3 +105,3 @@

this.seen = options.seen || new Set()
this.tree = options.tree // no default, we'll load the tree later if we need to
this.tree = tree
this.requiredFiles = options.requiredFiles || []

@@ -209,18 +204,2 @@

// overridden method: we need to load the arborist tree before we actually start running
start () {
if (this.isPackage && !this.tree) {
const arborist = new Arborist({ path: this.path })
// loading the tree is async while the start function depends on being sync
// eslint-disable-next-line promise/catch-or-return, promise/always-return
arborist.loadActual().then((tree) => {
this.tree = tree
super.start()
})
return this
}
return super.start()
}
// overridden method: this is called to create options for a child walker when we step

@@ -231,12 +210,7 @@ // in to a normal child directory (this will never be a bundle). the default method here

walkerOpt (entry, opts) {
let ignoreFiles = [
defaultRules,
'.npmignore',
'.gitignore',
strictRules,
]
let ignoreFiles = null
// however, if we have a tree, and we have workspaces, and the directory we're about
// to step into is a workspace, then we _do_ want to respect its package.json
if (this.tree && this.tree.workspaces) {
if (this.tree.workspaces) {
const workspaceDirs = [...this.tree.workspaces.values()]

@@ -255,2 +229,9 @@ .map((dir) => dir.replace(/\\/g, '/'))

}
} else {
ignoreFiles = [
defaultRules,
'.npmignore',
'.gitignore',
strictRules,
]
}

@@ -275,3 +256,3 @@

walker (entry, opts, callback) {
new PackWalker(this.walkerOpt(entry, opts)).on('done', callback).start()
new PackWalker(this.tree, this.walkerOpt(entry, opts)).on('done', callback).start()
}

@@ -379,3 +360,3 @@

async gatherBundles () {
if (this.tree && this.seen.has(this.tree)) {
if (this.seen.has(this.tree)) {
return

@@ -409,10 +390,12 @@ }

const node = this.tree.edgesOut.get(dep).to
// we use node.path for the path because we want the location the node was linked to,
// not where it actually lives on disk
const path = node.path
// but link nodes don't have edgesOut, so we need to pass in the target of the node
// in order to make sure we correctly traverse its dependencies
const tree = node.target
// and start building options to be passed to the walker for this package
const walkerOpts = {
// we use node.path for the path because we want the location the node was linked to,
// not where it actually lives on disk
path: node.path,
// but link nodes don't have edgesOut, so we need to pass in the target of the node
// in order to make sure we correctly traverse its dependencies
tree: node.target,
path,
isPackage: true,

@@ -443,3 +426,3 @@ ignoreFiles: [],

// create a walker for this dependency and gather its results
const walker = new PackWalker(walkerOpts)
const walker = new PackWalker(tree, walkerOpts)
const bundled = await new Promise((pResolve, pReject) => {

@@ -461,6 +444,10 @@ walker.on('error', pReject)

const walk = (options, callback) => {
options = { ...options, isPackage: true }
const walk = (tree, options, callback) => {
if (typeof options === 'function') {
callback = options
options = {}
}
const p = new Promise((pResolve, pReject) => {
new PackWalker(options).on('done', pResolve).on('error', pReject).start()
new PackWalker(tree, { ...options, isPackage: true })
.on('done', pResolve).on('error', pReject).start()
})

@@ -467,0 +454,0 @@ return callback ? p.then(res => callback(null, res), callback) : p

10

package.json
{
"name": "npm-packlist",
"version": "6.0.1",
"version": "7.0.0-pre.0",
"description": "Get a list of the files to add from a folder into an npm package",

@@ -10,3 +10,2 @@ "directories": {

"dependencies": {
"@npmcli/arborist": "^5.0.4 || ^6.0.0 || ^6.0.0-pre.0",
"ignore-walk": "^5.0.1"

@@ -21,2 +20,3 @@ },

"devDependencies": {
"@npmcli/arborist": "^6.0.0 || ^6.0.0-pre.0",
"@npmcli/eslint-config": "^3.0.1",

@@ -50,7 +50,7 @@ "@npmcli/template-oss": "4.4.2",

"tap-snapshots/**"
],
"files": [
"test/*.js"
]
},
"bin": {
"npm-packlist": "bin/index.js"
},
"engines": {

@@ -57,0 +57,0 @@ "node": "^14.17.0 || ^16.13.0 || >=18.0.0"

27

README.md

@@ -9,2 +9,3 @@ # npm-packlist

```js
const Arborist = require('@npmcli/arborist')
const packlist = require('npm-packlist')

@@ -15,11 +16,14 @@ const tar = require('tar')

packlist({ path: packageDir })
.then(files => tar.create({
prefix: 'package/',
cwd: packageDir,
file: packageTarball,
gzip: true
}, files))
.then(_ => {
// tarball has been created, continue with your day
const arborist = new Arborist({ path: packageDir })
arborist.loadActual().then((tree) => {
packlist(tree)
.then(files => tar.create({
prefix: 'package/',
cwd: packageDir,
file: packageTarball,
gzip: true
}, files))
.then(_ => {
// tarball has been created, continue with your day
})
})

@@ -102,5 +106,4 @@ ```

Same API as [ignore-walk](http://npm.im/ignore-walk), just hard-coded
file list and rule sets.
Same API as [ignore-walk](http://npm.im/ignore-walk), except providing a `tree` is required and there are hard-coded file list and rule sets.
The `Walker` class will load an [arborist](https://github.com/npm/cli/tree/latest/workspaces/arborist) tree, and if any bundled dependencies are found will include them as well as their own dependencies in the resulting file set.
The `Walker` class requires an [arborist](https://github.com/npm/cli/tree/latest/workspaces/arborist) tree, and if any bundled dependencies are found will include them as well as their own dependencies in the resulting file set.
bin/index.js
SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap

About

Packages

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc