Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

npm-registry-client

Package Overview
Dependencies
Maintainers
2
Versions
156
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

npm-registry-client - npm Package Compare versions

Comparing version 3.0.6 to 3.1.0

lib/attempt.js
lib/authify.js
lib/fetch.js
lib/initialize.js
test/fetch-basic.js
test/fetch-retries.js
test/fixtures/@npm/npm-registry-client/cache.json
test/fixtures/underscore/1.3.3/package.tgz
test/unpublish-scoped.js

172

lib/request.js

@@ -1,13 +0,11 @@

module.exports = regRequest
var url = require("url")
var assert = require("assert")
, url = require("url")
, zlib = require("zlib")
, assert = require("assert")
, rm = require("rimraf")
, Stream = require("stream").Stream
var rm = require("rimraf")
, request = require("request")
, retry = require("retry")
, crypto = require("crypto")
, once = require("once")
var pkg = require("../package.json")
module.exports = regRequest

@@ -23,7 +21,8 @@ // npm: means

options = options || {}
var nofollow = (typeof options.follow === 'boolean' ? !options.follow : false)
var etag = options.etag
var what = options.body
var parsed = url.parse(uri)
var where = parsed.pathname
var what = options.body
var follow = (typeof options.follow === "boolean" ? options.follow : true)
this.log.verbose("request", "on initialization, where is", where)

@@ -36,3 +35,2 @@ var authThis = false

var where = parsed.pathname
if (parsed.search) {

@@ -43,20 +41,7 @@ where = where + parsed.search

parsed.pathname = "/"
this.log.verbose("request", "where is", where)
this.log.verbose("request", "after pass 1, where is", where)
var registry = url.format(parsed)
this.log.verbose("request", "registry", registry)
if (!this.sessionToken) {
this.sessionToken = crypto.randomBytes(8).toString("hex")
this.log.verbose("request id", this.sessionToken)
}
// Since there are multiple places where an error could occur,
// don't let the cb be called more than once.
var errState = null
function cb (er) {
if (errState) return
if (er) errState = er
cb_.apply(null, arguments)
}
var cb = once(cb_)

@@ -68,8 +53,8 @@ if (where.match(/^\/?favicon.ico/)) {

var adduserChange = /^\/?-\/user\/org\.couchdb\.user:([^\/]+)\/-rev/
, adduserNew = /^\/?-\/user\/org\.couchdb\.user:([^\/]+)/
, nu = where.match(adduserNew)
, uc = where.match(adduserChange)
, alwaysAuth = this.conf.get("always-auth")
, isDel = method === "DELETE"
, isWrite = what || isDel
, uc = where.match(adduserChange)
, adduserNew = /^\/?-\/user\/org\.couchdb\.user:([^\/]+)/
, nu = where.match(adduserNew)
, alwaysAuth = this.conf.get("always-auth")
, isDel = method === "DELETE"
, isWrite = what || isDel

@@ -93,52 +78,16 @@ // resolve to a full url on the registry

if (q) where += "?" + q
this.log.verbose("request", "url resolving", [registry, where])
where = url.resolve(registry, where)
this.log.verbose("request", "url resolved", where)
}
this.log.verbose("request", "where is", where)
var remote = url.parse(where)
if ((authThis || alwaysAuth || isWrite) && !nu || uc || isDel) {
this.log.verbose("request", "setting basic auth")
var registry = url.format(parsed)
this.log.verbose("request", "resolving registry", [registry, where])
var c = this.conf.getCredentialsByURI(where)
if (c) {
if (!c.token) {
if (c.username && c.password) {
remote.auth = c.username + ":" + c.password
}
else {
return cb(new Error(
"This request requires auth credentials. Run `npm login` and repeat the request."
))
}
}
else {
this.log.verbose("request", "using bearer token for auth")
}
}
else {
return cb(new Error(
"This request requires auth credentials. Run `npm login` and repeat the request."
))
}
where = url.resolve(registry, where)
this.log.verbose("request", "after pass 2, where is", where)
}
else {
this.log.verbose("request", "no basic auth needed")
}
// Tuned to spread 3 attempts over about a minute.
// See formula at <https://github.com/tim-kos/node-retry>.
var operation = retry.operation({
retries: this.conf.get("fetch-retries") || 2,
factor: this.conf.get("fetch-retry-factor"),
minTimeout: this.conf.get("fetch-retry-mintimeout") || 10000,
maxTimeout: this.conf.get("fetch-retry-maxtimeout") || 60000
})
var authed = (authThis || alwaysAuth || isWrite) && !nu || uc || isDel
if (!authed) this.log.verbose("request", "no auth needed")
var self = this
operation.attempt(function (currentAttempt) {
self.log.info("trying", "registry request attempt " + currentAttempt
+ " at " + (new Date()).toLocaleTimeString())
makeRequest.call(self, method, remote, where, what, etag, nofollow
this.attempt(function (operation) {
makeRequest.call(self, method, where, what, options.etag, follow, authed
, function (er, parsed, raw, response) {

@@ -162,52 +111,35 @@ if (!er || (er.message && er.message.match(/^SSL Error/))) {

if (response)
this.log.verbose("headers", response.headers)
self.log.verbose("headers", response.headers)
cb.apply(null, arguments)
}.bind(this))
}.bind(this))
})
})
}
function makeRequest (method, remote, where, what, etag, nofollow, cb_) {
var cbCalled = false
function cb () {
if (cbCalled) return
cbCalled = true
cb_.apply(null, arguments)
}
function makeRequest (method, where, what, etag, follow, authed, cb_) {
var cb = once(cb_)
var strict = this.conf.get("strict-ssl")
if (strict === undefined) strict = true
var opts = { url: remote
, method: method
, encoding: null // tell request let body be Buffer instance
, ca: this.conf.get("ca")
, localAddress: this.conf.get("local-address")
, cert: this.conf.get("cert")
, key: this.conf.get("key")
, strictSSL: strict }
, headers = opts.headers = {}
if (etag) {
this.log.verbose("etag", etag)
headers[method === "GET" ? "if-none-match" : "if-match"] = etag
}
var parsed = url.parse(where)
var headers = {}
headers["npm-session"] = this.sessionToken
headers.version = this.version || pkg.version
// metadata should be compressed
headers["accept-encoding"] = "gzip"
if (this.refer) {
headers.referer = this.refer
}
var er = this.authify(authed, parsed, headers)
if (er) return cb_(er)
headers.accept = "application/json"
headers["accept-encoding"] = "gzip"
var opts = this.initialize(
parsed,
method,
"application/json",
headers
)
headers["user-agent"] = this.conf.get("user-agent") ||
"node/" + process.version
opts.followRedirect = follow
opts.encoding = null // tell request let body be Buffer instance
var c = this.conf.getCredentialsByURI(url.format(remote))
if (c.token) headers.authorization = "Bearer " + c.token
if (etag) {
this.log.verbose("etag", etag)
headers[method === "GET" ? "if-none-match" : "if-match"] = etag
}
var p = this.conf.get("proxy")
var sp = this.conf.get("https-proxy") || p
opts.proxy = remote.protocol === "https:" ? sp : p
// figure out wth "what" is

@@ -228,8 +160,4 @@ if (what) {

if (nofollow) {
opts.followRedirect = false
}
this.log.http("request", method, parsed.href || "/")
this.log.http(method, remote.href || "/")
var done = requestDone.call(this, method, where, cb)

@@ -236,0 +164,0 @@ var req = request(opts, decodeResponseBody(done))

11

lib/unpublish.js

@@ -25,3 +25,3 @@

this.log.info("unpublish", "No version specified, removing all")
return this.request("DELETE", uri+'/-rev/'+data._rev, null, cb)
return this.request("DELETE", uri+"/-rev/"+data._rev, null, cb)
}

@@ -76,3 +76,3 @@

if (er) return cb(er)
this.get(url.resolve(uri, data.name), null, function (er, data) {
this.get(escape(uri, data.name), null, function (er, data) {
if (er) return cb(er)

@@ -101,3 +101,3 @@

}
this.get(url.resolve(uri, data.name), null, function (er, data) {
this.get(escape(uri, data.name), null, function (er, data) {
rev = data._rev

@@ -109,1 +109,6 @@ if (!rev) return cb(new Error(

}
function escape (base, name) {
var escaped = name.replace(/\//, "%2f")
return url.resolve(base, escaped)
}

4

package.json

@@ -5,3 +5,3 @@ {

"description": "Client for the npm registry",
"version": "3.0.6",
"version": "3.1.0",
"repository": {

@@ -16,2 +16,3 @@ "url": "git://github.com/isaacs/npm-registry-client"

"chownr": "0",
"concat-stream": "^1.4.6",
"graceful-fs": "^3.0.0",

@@ -21,2 +22,3 @@ "mkdirp": "^0.5.0",

"npm-cache-filename": "^1.0.0",
"once": "^1.3.0",
"request": "2 >=2.25.0",

@@ -23,0 +25,0 @@ "retry": "0.6.0",

8

test/request-gzip-content.js

@@ -22,6 +22,8 @@ var zlib = require("zlib")

tap.test("request gzip package content", function (t) {
t.ifError(err, "example package compressed")
server.expect("GET", "/some-package-gzip/1.2.3", function (req, res) {
res.statusCode = 200
res.setHeader("Content-Encoding", "gzip");
res.setHeader("Content-Type", "application/json");
res.setHeader("Content-Encoding", "gzip")
res.setHeader("Content-Type", "application/json")
res.end(pkgGzip)

@@ -50,2 +52,2 @@ })

})
});
})
SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc