npm-registry-client - npm Package Compare versions

Comparing version 0.2.16 to 0.2.17

lib/publish.js

@@ -75,19 +75,20 @@
 
+      function handle(er) {
+        if (er.message.indexOf("conflict Document update conflict.") === 0) {
+          return cb(conflictError.call(this, data._id));
+        }
+        this.log.error("publish", "Error uploading package");
+        return cb(er)
+      }
+
       var exists = fullData.versions && fullData.versions[data.version]
       if (exists) return cb(conflictError.call(this, data._id))
 
-      this.request("PUT", dataURI, data, function (er) {
-        if (er) {
-          if (er.message.indexOf("conflict Document update conflict.") === 0) {
-            return cb(conflictError.call(this, data._id))
-          }
-          this.log.error("publish", "Error sending version data")
+      var rev = fullData._rev;
+      attach.call(this, data.name, tarball, tbName, rev, function (er) {
+        if (er) return handle(er)
+        this.log.verbose("publish", "attached", [data.name, tarball, tbName])
+        this.request("PUT", dataURI, data, function (er) {
+          if (er) return handle(er)
           return cb(er)
-        }
-
-        this.log.verbose("publish", "attach 2", [data.name, tarball, tbName])
-        attach.call(this, data.name, tarball, tbName, function (er) {
-          this.log.verbose("publish", "attach 3"
-                          ,[er, data.name])
-          return cb(er)
         }.bind(this))
@@ -106,13 +107,8 @@ }.bind(this))
 
-function attach (doc, file, filename, cb) {
+function attach (doc, file, filename, rev, cb) {
   doc = encodeURIComponent(doc)
-  this.request("GET", doc, function (er, d) {
-    if (er) return cb(er)
-    if (!d) return cb(new Error(
-      "Attempting to upload to invalid doc "+doc))
-    var rev = "-rev/"+d._rev
-      , attURI = doc + "/-/" + encodeURIComponent(filename) + "/" + rev
-    this.log.verbose("uploading", [attURI, file])
-    this.upload(attURI, file, cb)
-  }.bind(this))
+  var revu = "-rev/"+rev
+    , attURI = doc + "/-/" + encodeURIComponent(filename) + "/" + revu
+  this.log.verbose("uploading", [attURI, file])
+  this.upload(attURI, file, cb)
 }

package.json

@@ -5,3 +5,3 @@ {
   "description": "Client for the npm registry",
-  "version": "0.2.16",
+  "version": "0.2.17",
   "repository": {
@@ -8,0 +8,0 @@ "url": "git://github.com/isaacs/npm-registry-client"

New alerts

Network access

Supply chain risk

This module accesses the network.

Found 2 instances in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 5 instances in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 1 instance in 1 package

Long strings

Supply chain risk

Contains long string literals, which may be a sign of obfuscated or packed code.

Found 1 instance in 1 package

Fixed alerts

Network access

Supply chain risk

This module accesses the network.

Found 2 instances in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 5 instances in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 1 instance in 1 package

Long strings

Supply chain risk

Contains long string literals, which may be a sign of obfuscated or packed code.

Found 1 instance in 1 package

Worsened metrics

Total package byte prevSize

68296

-0.24%

Lines of code

1049

-0.38%

No dependency changes