npm-registry-fetch - npm Package Compare versions

Comparing version 0.0.0 to 0.0.1

index.js

 'use strict'
 
-console.log('coming soon')
+'use strict'
+
+const Buffer = require('safe-buffer').Buffer
+
+const fetch = require('make-fetch-happen')
+const LRU = require('lru-cache')
+const npmlog = require('npmlog')
+const url = require('url')
+
+const WARNING_REGEXP = /^\s*(\d{3})\s+(\S+)\s+"(.*)"\s+"([^"]+)"/
+const BAD_HOSTS = new LRU({ max: 50 })
+
+module.exports = regFetch
+function regFetch (uri, opts) {
+  opts = Object.assign({
+    log: npmlog
+  }, opts)
+  const registry = opts.registry || url.parse(uri).host
+  const startTime = Date.now()
+  return fetch(uri, {
+    agent: opts.agent,
+    algorithms: opts.algorithms,
+    cache: getCacheMode(opts),
+    cacheManager: opts.cache,
+    ca: opts.ca,
+    cert: opts.cert,
+    headers: getHeaders(uri, registry, opts),
+    integrity: opts.integrity,
+    key: opts.key,
+    localAddress: opts.localAddress,
+    maxSockets: opts.maxSockets,
+    memoize: opts.memoize,
+    noProxy: opts.noProxy,
+    Promise: opts.Promise,
+    proxy: opts.proxy,
+    referer: opts.refer,
+    retry: opts.retry,
+    strictSSL: !!opts.strictSSL,
+    timeout: opts.timeout,
+    uid: opts.uid,
+    gid: opts.gid
+  }).then(res => {
+    if (res.headers.has('npm-notice') && !res.headers.has('x-local-cache')) {
+      opts.log.warn('notice', res.headers.get('npm-notice'))
+    }
+    checkWarnings(res, registry, opts)
+    if (res.status >= 400) {
+      const err = new Error(`${res.status} ${res.statusText}: ${
+        opts.spec ? opts.spec : uri
+      }`)
+      err.code = `E${res.status}`
+      err.uri = uri
+      err.response = res
+      err.spec = opts.spec
+      logRequest(uri, res, startTime, opts)
+      throw err
+    } else {
+      res.body.on('end', () => logRequest(uri, res, startTime, opts))
+      return res
+    }
+  })
+}
+
+function logRequest (uri, res, startTime, opts) {
+  const elapsedTime = Date.now() - startTime
+  const attempt = res.headers.get('x-fetch-attempts')
+  const attemptStr = attempt && attempt > 1 ? ` attempt #${attempt}` : ''
+  const cacheStr = res.headers.get('x-local-cache') ? ' (from cache)' : ''
+  opts.log.http(
+    'fetch',
+    `GET ${res.status} ${uri} ${elapsedTime}ms${attemptStr}${cacheStr}`
+  )
+}
+
+function getCacheMode (opts) {
+  return opts.offline
+  ? 'only-if-cached'
+  : opts.preferOffline
+  ? 'force-cache'
+  : opts.preferOnline
+  ? 'no-cache'
+  : 'default'
+}
+
+function getHeaders (uri, registry, opts) {
+  const headers = Object.assign({
+    'npm-in-ci': opts.isFromCI,
+    'npm-scope': opts.projectScope,
+    'npm-session': opts.npmSession,
+    'user-agent': opts.userAgent,
+    'referer': opts.refer
+  }, opts.headers)
+  // check for auth settings specific to this registry
+  let auth = (
+    opts.auth &&
+    opts.auth[registryKey(registry)]
+  ) || opts.auth
+  // If a tarball is hosted on a different place than the manifest, only send
+  // credentials on `alwaysAuth`
+  const shouldAuth = auth && (
+    auth.alwaysAuth ||
+    url.parse(uri).host === url.parse(registry).host
+  )
+  if (shouldAuth && auth.token) {
+    headers.authorization = `Bearer ${auth.token}`
+  } else if (shouldAuth && auth.username && auth.password) {
+    const encoded = Buffer.from(
+      `${auth.username}:${auth.password}`, 'utf8'
+    ).toString('base64')
+    headers.authorization = `Basic ${encoded}`
+  } else if (shouldAuth && auth._auth) {
+    headers.authorization = `Basic ${auth._auth}`
+  }
+  return headers
+}
+
+// Called a nerf dart in the main codebase. Used as a "safe"
+// key when fetching registry info from config.
+function registryKey (registry) {
+  const parsed = url.parse(registry)
+  const formatted = url.format({
+    host: parsed.host,
+    pathname: parsed.pathname,
+    slashes: parsed.slashes
+  })
+  return url.resolve(formatted, '.')
+}
+
+function checkWarnings (res, registry, opts) {
+  if (res.headers.has('warning') && !BAD_HOSTS.has(registry)) {
+    const warnings = {}
+    res.headers.raw()['warning'].forEach(w => {
+      const match = w.match(WARNING_REGEXP)
+      if (match) {
+        warnings[match[1]] = {
+          code: match[1],
+          host: match[2],
+          message: match[3],
+          date: new Date(match[4])
+        }
+      }
+    })
+    BAD_HOSTS.set(registry, true)
+    if (warnings['199']) {
+      if (warnings['199'].message.match(/ENOTFOUND/)) {
+        opts.log.warn('registry', `Using stale data from ${registry} because the host is inaccessible -- are you offline?`)
+      } else {
+        opts.log.warn('registry', `Unexpected warning for ${registry}: ${warnings['199'].message}`)
+      }
+    }
+    if (warnings['111']) {
+      // 111 Revalidation failed -- we're using stale data
+      opts.log.warn(
+        'registry',
+        `Using stale data from ${registry} due to a request error during revalidation.`
+      )
+    }
+  }
+}

LICENSE.md

@@ -1,16 +0,21 @@
-ISC License
+The MIT License (MIT)
+Copyright (c) 2017 npm, Inc
 
-Copyright (c) npm, Inc.
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
 
-Permission to use, copy, modify, and/or distribute this software for
-any purpose with or without fee is hereby granted, provided that the
-above copyright notice and this permission notice appear in all copies.
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
 
-THE SOFTWARE IS PROVIDED "AS IS" AND THE COPYRIGHT HOLDER DISCLAIMS
-ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
-WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE
-COPYRIGHT HOLDER BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR
-CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS
-OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
-OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE
-USE OR PERFORMANCE OF THIS SOFTWARE.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
+DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
+OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE
+OR OTHER DEALINGS IN THE SOFTWARE.
+

package.json

 {
   "name": "npm-registry-fetch",
-  "version": "0.0.0",
+  "version": "0.0.1",
   "description": "Fetch-based http client for use with npm registry APIs",
@@ -30,4 +30,9 @@ "main": "index.js",
   },
-  "license": "ISC",
-  "dependencies": {},
+  "license": "MIT",
+  "dependencies": {
+    "lru-cache": "^4.1.1",
+    "make-fetch-happen": "^2.5.0",
+    "npmlog": "^4.1.2",
+    "safe-buffer": "^5.1.1"
+  },
   "devDependencies": {
@@ -34,0 +39,0 @@ "nyc": "^11.1.0",

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Network access

Supply chain risk

This module accesses the network.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Trivial Package

Supply chain risk

Packages less than 10 lines of code are easily copied into your own project and may not warrant the additional supply chain risk of an external dependency.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

9139

increased by126.49%

Lines of code

151

increased by7450%

Worsened metrics

Dependency count

4

increased byInfinity%

Dependency changes

• + Addedlru-cache@^4.1.1

• + Addedmake-fetch-happen@^2.5.0

• + Addednpmlog@^4.1.2

• + Addedsafe-buffer@^5.1.1

• + Addedagent-base@4.3.0(transitive)

• + Addedagentkeepalive@3.5.3(transitive)

• + Addedansi-regex@2.1.1(transitive)

• + Addedaproba@1.2.0(transitive)

• + Addedare-we-there-yet@1.1.7(transitive)

• + Addedbalanced-match@1.0.2(transitive)

• + Addedbluebird@3.7.2(transitive)

• + Addedbrace-expansion@1.1.11(transitive)

• + Addedbuffer-from@1.1.2(transitive)

• + Addedcacache@10.0.4(transitive)

• + Addedchownr@1.1.4(transitive)

• + Addedcode-point-at@1.1.0(transitive)

• + Addedconcat-map@0.0.1(transitive)

• + Addedconcat-stream@1.6.2(transitive)

• + Addedconsole-control-strings@1.1.0(transitive)

• + Addedcopy-concurrently@1.0.5(transitive)

• + Addedcore-util-is@1.0.3(transitive)

• + Addedcyclist@1.0.2(transitive)

• + Addeddebug@3.1.0(transitive)

• + Addeddelegates@1.0.0(transitive)

• + Addedduplexify@3.7.1(transitive)

• + Addedencoding@0.1.13(transitive)

• + Addedend-of-stream@1.4.4(transitive)

• + Addederr-code@1.1.2(transitive)

• + Addedes6-promise@4.2.8(transitive)

• + Addedes6-promisify@5.0.0(transitive)

• + Addedflush-write-stream@1.1.1(transitive)

• + Addedfrom2@2.3.0(transitive)

• + Addedfs-write-stream-atomic@1.0.10(transitive)

• + Addedfs.realpath@1.0.0(transitive)

• + Addedgauge@2.7.4(transitive)

• + Addedglob@7.2.3(transitive)

• + Addedgraceful-fs@4.2.11(transitive)

• + Addedhas-unicode@2.0.1(transitive)

• + Addedhttp-cache-semantics@3.8.1(transitive)

• + Addedhttp-proxy-agent@2.1.0(transitive)

• + Addedhttps-proxy-agent@2.2.4(transitive)

• + Addedhumanize-ms@1.2.1(transitive)

• + Addediconv-lite@0.6.3(transitive)

• + Addediferr@0.1.5(transitive)

• + Addedimurmurhash@0.1.4(transitive)

• + Addedinflight@1.0.6(transitive)

• + Addedinherits@2.0.4(transitive)

• + Addedip@1.1.9(transitive)

• + Addedis-fullwidth-code-point@1.0.0(transitive)

• + Addedisarray@1.0.0(transitive)

• + Addedjson-parse-better-errors@1.0.2(transitive)

• + Addedlru-cache@4.1.5(transitive)

• + Addedmake-fetch-happen@2.6.0(transitive)

• + Addedminimatch@3.1.2(transitive)

• + Addedminimist@1.2.8(transitive)

• + Addedmississippi@1.3.12.0.0(transitive)

• + Addedmkdirp@0.5.6(transitive)

• + Addedmove-concurrently@1.0.1(transitive)

• + Addedms@2.0.0(transitive)

• + Addednode-fetch-npm@2.0.4(transitive)

• + Addednpmlog@4.1.2(transitive)

• + Addednumber-is-nan@1.0.1(transitive)

• + Addedobject-assign@4.1.1(transitive)

• + Addedonce@1.4.0(transitive)

• + Addedparallel-transform@1.2.0(transitive)

• + Addedpath-is-absolute@1.0.1(transitive)

• + Addedprocess-nextick-args@2.0.1(transitive)

• + Addedpromise-inflight@1.0.1(transitive)

• + Addedpromise-retry@1.1.1(transitive)

• + Addedpseudomap@1.0.2(transitive)

• + Addedpump@1.0.32.0.1(transitive)

• + Addedpumpify@1.5.1(transitive)

• + Addedreadable-stream@2.3.8(transitive)

• + Addedretry@0.10.1(transitive)

• + Addedrimraf@2.7.1(transitive)

• + Addedrun-queue@1.0.3(transitive)

• + Addedsafe-buffer@5.1.25.2.1(transitive)

• + Addedsafer-buffer@2.1.2(transitive)

• + Addedset-blocking@2.0.0(transitive)

• + Addedsignal-exit@3.0.7(transitive)

• + Addedsmart-buffer@1.1.15(transitive)

• + Addedsocks@1.1.10(transitive)

• + Addedsocks-proxy-agent@3.0.1(transitive)

• + Addedssri@5.3.0(transitive)

• + Addedstream-each@1.2.3(transitive)

• + Addedstream-shift@1.0.3(transitive)

• + Addedstring-width@1.0.2(transitive)

• + Addedstring_decoder@1.1.1(transitive)

• + Addedstrip-ansi@3.0.1(transitive)

• + Addedthrough2@2.0.5(transitive)

• + Addedtypedarray@0.0.6(transitive)

• + Addedunique-filename@1.1.1(transitive)

• + Addedunique-slug@2.0.2(transitive)

• + Addedutil-deprecate@1.0.2(transitive)

• + Addedwide-align@1.1.5(transitive)

• + Addedwrappy@1.0.2(transitive)

• + Addedxtend@4.0.2(transitive)

• + Addedy18n@4.0.3(transitive)

• + Addedyallist@2.1.2(transitive)