npm-pick-manifest
Advanced tools
Comparing version 2.2.3 to 3.0.0
@@ -5,2 +5,21 @@ # Change Log | ||
<a name="3.0.0"></a> | ||
# [3.0.0](https://github.com/zkat/npm-pick-manifest/compare/v2.2.3...v3.0.0) (2019-08-20) | ||
### Features | ||
* throw forbidden error when package is blocked by policy ([ad2a962](https://github.com/zkat/npm-pick-manifest/commit/ad2a962)), closes [#1](https://github.com/zkat/npm-pick-manifest/issues/1) | ||
### BREAKING CHANGES | ||
* This adds a new error code when package versions are | ||
blocked. | ||
PR-URL: https://github.com/npm/npm-pick-manifest/pull/1 | ||
Credit: @claudiahdz | ||
<a name="2.2.3"></a> | ||
@@ -7,0 +26,0 @@ ## [2.2.3](https://github.com/zkat/npm-pick-manifest/compare/v2.2.2...v2.2.3) (2018-10-31) |
33
index.js
@@ -26,2 +26,5 @@ 'use strict' | ||
}) | ||
const policyRestrictions = packument.policyRestrictions | ||
const restrictedVersions = policyRestrictions | ||
? Object.keys(policyRestrictions.versions) : [] | ||
@@ -36,3 +39,3 @@ function enjoyableBy (v) { | ||
if (!versions.length) { | ||
if (!versions.length && !restrictedVersions.length) { | ||
err = new Error(`No valid versions available for ${packument.name}`) | ||
@@ -103,12 +106,20 @@ err.code = 'ENOVERSIONS' | ||
if (!manifest) { | ||
err = new Error( | ||
`No matching version found for ${packument.name}@${wanted}${ | ||
opts.enjoyBy | ||
? ` with an Enjoy By date of ${ | ||
new Date(opts.enjoyBy).toLocaleString() | ||
}. Maybe try a different date?` | ||
: '' | ||
}` | ||
) | ||
err.code = 'ETARGET' | ||
// Check if target is forbidden | ||
const isForbidden = target && policyRestrictions && policyRestrictions.versions[target] | ||
const pckg = `${packument.name}@${wanted}${ | ||
opts.enjoyBy | ||
? ` with an Enjoy By date of ${ | ||
new Date(opts.enjoyBy).toLocaleString() | ||
}. Maybe try a different date?` | ||
: '' | ||
}` | ||
if (isForbidden) { | ||
err = new Error(`Could not download ${pckg} due to policy violations.\n${policyRestrictions.message}\n`) | ||
err.code = 'E403' | ||
} else { | ||
err = new Error(`No matching version found for ${pckg}.`) | ||
err.code = 'ETARGET' | ||
} | ||
err.name = packument.name | ||
@@ -115,0 +126,0 @@ err.type = type |
{ | ||
"name": "npm-pick-manifest", | ||
"version": "2.2.3", | ||
"version": "3.0.0", | ||
"description": "Resolves a matching manifest from a package metadata document according to standard npm semver resolution rules.", | ||
@@ -5,0 +5,0 @@ "main": "index.js", |
New author
Supply chain riskA new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.
Found 1 instance in 1 package
13144
116
1