npm-registry-fetch
Advanced tools
npm-registry-fetch - npm Package Compare versions
Comparing version 5.0.1 to 6.0.0
@@ -50,9 +50,10 @@ 'use strict' | ||
| function registryKey (registry) { | ||
| const parsed = url.parse(registry) | ||
| const parsed = new url.URL(registry) | ||
| const formatted = url.format({ | ||
| protocol: parsed.protocol, | ||
| host: parsed.host, | ||
| pathname: parsed.pathname, | ||
| slashes: parsed.slashes | ||
| slashes: true | ||
| }) | ||
| return url.resolve(formatted, '.') | ||
| return url.format(new url.URL('.', formatted)).replace(/^[^:]+:/, '') | ||
| } |
@@ -1,5 +0,25 @@ | ||
| # Change Log | ||
| # Changelog | ||
| All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines. | ||
| ## [6.0.0](https://github.com/npm/registry-fetch/compare/v5.0.1...v6.0.0) (2019-12-17) | ||
| ### ⚠ BREAKING CHANGES | ||
| * This drops support for node < 10. | ||
| There are some lint failures due to standard pushing for using WhatWG URL | ||
| objects instead of url.parse/url.resolve. However, the code in this lib | ||
| does some fancy things with the query/search portions of the parsed url | ||
| object, so it'll take a bit of care to make it work properly. | ||
| ### Bug Fixes | ||
| * detect CI so our tests don't fail in CI ([5813da6](https://github.com/npm/registry-fetch/commit/5813da634cef73b12e40373972d7937e6934fce0)) | ||
| * Use WhatWG URLs instead of url.parse ([8ccfa8a](https://github.com/npm/registry-fetch/commit/8ccfa8a72c38cfedb0f525b7f453644fd4444f99)) | ||
| * normalize settings, drop old nodes, update deps ([510b125](https://github.com/npm/registry-fetch/commit/510b1255cc7ed4bb397a34e0007757dae33e2275)) | ||
| <a name="5.0.1"></a> | ||
@@ -6,0 +26,0 @@ ## [5.0.1](https://github.com/npm/registry-fetch/compare/v5.0.0...v5.0.1) (2019-11-11) |
@@ -6,3 +6,3 @@ 'use strict' | ||
| const LRU = require('lru-cache') | ||
| const {Response} = require('minipass-fetch') | ||
| const { Response } = require('minipass-fetch') | ||
| module.exports = checkResponse | ||
@@ -9,0 +9,0 @@ function checkResponse (method, res, registry, startTime, opts) { |
@@ -6,2 +6,3 @@ 'use strict' | ||
| const silentLog = require('./silentlog.js') | ||
| const ciDetect = require('@npmcli/ci-detect') | ||
@@ -11,8 +12,8 @@ const AUTH_REGEX = /^(?:.*:)?(token|_authToken|username|_password|password|email|always-auth|_auth|otp)$/ | ||
| module.exports = figgyPudding({ | ||
| 'agent': {}, | ||
| 'algorithms': {}, | ||
| 'body': {}, | ||
| 'ca': {}, | ||
| 'cache': {}, | ||
| 'cert': {}, | ||
| agent: {}, | ||
| algorithms: {}, | ||
| body: {}, | ||
| ca: {}, | ||
| cache: {}, | ||
| cert: {}, | ||
| 'fetch-retries': {}, | ||
@@ -24,58 +25,52 @@ 'fetch-retry-factor': {}, | ||
| forceAuth: 'force-auth', | ||
| 'gzip': {}, | ||
| 'headers': {}, | ||
| gzip: {}, | ||
| headers: {}, | ||
| 'https-proxy': {}, | ||
| 'ignore-body': {}, | ||
| ignoreBody: 'ignore-body', | ||
| 'integrity': {}, | ||
| integrity: {}, | ||
| 'is-from-ci': 'isFromCI', | ||
| 'isFromCI': { | ||
| isFromCI: { | ||
| default () { | ||
| return ( | ||
| process.env['CI'] === 'true' || | ||
| process.env['TDDIUM'] || | ||
| process.env['JENKINS_URL'] || | ||
| process.env['bamboo.buildKey'] || | ||
| process.env['GO_PIPELINE_NAME'] | ||
| ) | ||
| return ciDetect() | ||
| } | ||
| }, | ||
| 'key': {}, | ||
| key: {}, | ||
| 'local-address': {}, | ||
| 'log': { | ||
| log: { | ||
| default: silentLog | ||
| }, | ||
| 'map-json': 'mapJson', | ||
| 'mapJSON': 'mapJson', | ||
| 'mapJson': {}, | ||
| mapJSON: 'mapJson', | ||
| mapJson: {}, | ||
| 'max-sockets': 'maxsockets', | ||
| 'maxsockets': { | ||
| maxsockets: { | ||
| default: 12 | ||
| }, | ||
| 'memoize': {}, | ||
| 'method': { | ||
| memoize: {}, | ||
| method: { | ||
| default: 'GET' | ||
| }, | ||
| 'no-proxy': {}, | ||
| 'noproxy': {}, | ||
| noproxy: {}, | ||
| 'npm-session': 'npmSession', | ||
| 'npmSession': {}, | ||
| 'offline': {}, | ||
| 'otp': {}, | ||
| npmSession: {}, | ||
| offline: {}, | ||
| otp: {}, | ||
| 'prefer-offline': {}, | ||
| 'prefer-online': {}, | ||
| 'projectScope': {}, | ||
| projectScope: {}, | ||
| 'project-scope': 'projectScope', | ||
| 'proxy': {}, | ||
| 'query': {}, | ||
| 'refer': {}, | ||
| 'referer': 'refer', | ||
| 'registry': { | ||
| proxy: {}, | ||
| query: {}, | ||
| refer: {}, | ||
| referer: 'refer', | ||
| registry: { | ||
| default: 'https://registry.npmjs.org/' | ||
| }, | ||
| 'retry': {}, | ||
| 'scope': {}, | ||
| 'spec': {}, | ||
| retry: {}, | ||
| scope: {}, | ||
| spec: {}, | ||
| 'strict-ssl': {}, | ||
| 'timeout': {}, | ||
| timeout: {}, | ||
| 'user-agent': { | ||
@@ -82,0 +77,0 @@ default: `${ |
@@ -7,3 +7,3 @@ 'use strict' | ||
| try { | ||
| let basePath = url.parse(href).pathname.substr(1) | ||
| let basePath = new url.URL(href).pathname.substr(1) | ||
| if (!basePath.match(/^-/)) { | ||
@@ -10,0 +10,0 @@ basePath = basePath.split('/') |
50
index.js
@@ -5,2 +5,3 @@ 'use strict' | ||
| const ciDetect = require('@npmcli/ci-detect') | ||
| const checkResponse = require('./check-response.js') | ||
@@ -17,2 +18,11 @@ const config = require('./config.js') | ||
| // WhatWG URL throws if it's not fully resolved | ||
| const urlIsValid = u => { | ||
| try { | ||
| return !!new url.URL(u) | ||
| } catch (_) { | ||
| return false | ||
| } | ||
| } | ||
| module.exports = regFetch | ||
@@ -28,5 +38,4 @@ function regFetch (uri, opts) { | ||
| uri = url.parse(uri).protocol | ||
| ? uri | ||
| : `${ | ||
| if (!urlIsValid(uri)) { | ||
| uri = `${ | ||
| registry.trim().replace(/\/?$/g, '') | ||
@@ -36,2 +45,3 @@ }/${ | ||
| }` | ||
| } | ||
@@ -71,20 +81,13 @@ const method = opts.method || | ||
| if (opts.query) { | ||
| let q = opts.query | ||
| if (typeof q === 'string') { | ||
| q = qs.parse(q) | ||
| } | ||
| const q = typeof opts.query === 'string' | ||
| ? qs.parse(opts.query) | ||
| : opts.query | ||
| const parsed = new url.URL(uri) | ||
| Object.keys(q).forEach(key => { | ||
| if (q[key] === undefined) { | ||
| delete q[key] | ||
| if (q[key] !== undefined) { | ||
| parsed.searchParams.set(key, q[key]) | ||
| } | ||
| }) | ||
| if (Object.keys(q).length) { | ||
| const parsed = url.parse(uri) | ||
| parsed.search = '?' + qs.stringify( | ||
| parsed.query | ||
| ? Object.assign(qs.parse(parsed.query), q) | ||
| : q | ||
| ) | ||
| uri = url.format(parsed) | ||
| } | ||
| uri = url.format(parsed) | ||
| } | ||
@@ -175,8 +178,3 @@ | ||
| 'npm-in-ci': !!( | ||
| opts['is-from-ci'] || | ||
| process.env['CI'] === 'true' || | ||
| process.env['TDDIUM'] || | ||
| process.env['JENKINS_URL'] || | ||
| process.env['bamboo.buildKey'] || | ||
| process.env['GO_PIPELINE_NAME'] | ||
| opts['is-from-ci'] || ciDetect() | ||
| ), | ||
@@ -186,3 +184,3 @@ 'npm-scope': opts['project-scope'], | ||
| 'user-agent': opts['user-agent'], | ||
| 'referer': opts.refer | ||
| referer: opts.refer | ||
| }, opts.headers) | ||
@@ -195,3 +193,3 @@ | ||
| auth.alwaysAuth || | ||
| url.parse(uri).host === url.parse(registry).host | ||
| new url.URL(uri).host === new url.URL(registry).host | ||
| ) | ||
@@ -198,0 +196,0 @@ if (shouldAuth && auth.token) { |
| { | ||
| "name": "npm-registry-fetch", | ||
| "version": "5.0.1", | ||
| "version": "6.0.0", | ||
| "description": "Fetch-based http client for use with npm registry APIs", | ||
@@ -11,9 +11,8 @@ "main": "index.js", | ||
| "scripts": { | ||
| "postrelease": "npm publish", | ||
| "posttest": "standard", | ||
| "prepublishOnly": "git push --follow-tags", | ||
| "prerelease": "npm t", | ||
| "postrelease": "npm publish && git push --follow-tags", | ||
| "pretest": "standard", | ||
| "release": "standard-version -s", | ||
| "test": "tap -J --coverage test/*.js", | ||
| "update-coc": "weallbehave -o . && git add CODE_OF_CONDUCT.md && git commit -m 'docs(coc): updated CODE_OF_CONDUCT.md'", | ||
| "update-contrib": "weallcontribute -o . && git add CONTRIBUTING.md && git commit -m 'docs(contributing): updated CONTRIBUTING.md'" | ||
| "test": "tap" | ||
| }, | ||
@@ -33,6 +32,6 @@ "repository": "https://github.com/npm/registry-fetch", | ||
| "dependencies": { | ||
| "bluebird": "^3.5.1", | ||
| "@npmcli/ci-detect": "^1.0.0", | ||
| "figgy-pudding": "^3.4.1", | ||
| "lru-cache": "^5.1.1", | ||
| "make-fetch-happen": "^6.0.0", | ||
| "make-fetch-happen": "^7.1.0", | ||
| "minipass": "^3.0.0", | ||
@@ -42,4 +41,5 @@ "minipass-fetch": "^1.1.2", | ||
| "minizlib": "^2.0.0", | ||
| "npm-package-arg": "^7.0.0", | ||
| "safe-buffer": "^5.2.0" | ||
| "npm-package-arg": "^8.0.0", | ||
| "safe-buffer": "^5.2.0", | ||
| "semver": "^7.0.0" | ||
| }, | ||
@@ -49,20 +49,17 @@ "devDependencies": { | ||
| "mkdirp": "^0.5.1", | ||
| "nock": "^9.4.3", | ||
| "nock": "^11.7.0", | ||
| "npmlog": "^4.1.2", | ||
| "rimraf": "^2.6.2", | ||
| "ssri": "^6.0.0", | ||
| "standard": "^11.0.1", | ||
| "standard-version": "^4.4.0", | ||
| "tap": "^14.6.9", | ||
| "weallbehave": "^1.2.0", | ||
| "weallcontribute": "^1.0.8" | ||
| "ssri": "^7.1.0", | ||
| "standard": "^14.3.1", | ||
| "standard-version": "^7.0.1", | ||
| "tap": "^14.10.4" | ||
| }, | ||
| "config": { | ||
| "nyc": { | ||
| "exclude": [ | ||
| "node_modules/**", | ||
| "test/**" | ||
| ] | ||
| } | ||
| "tap": { | ||
| "check-coverage": true, | ||
| "test-ignore": "test[\\\\/](util|cache)[\\\\/]" | ||
| }, | ||
| "engines": { | ||
| "node": ">=10" | ||
| } | ||
| } |
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 5 instances in 1 package
Improved metrics
- Total package byte prevSize
- increased by0.77%
44843
- Dev dependency count
- decreased by-18.18%
9
- Number of low supply chain risk alerts
- decreased by-90.91%
1
Worsened metrics
- Dependency count
- increased by10%
11
- Lines of code
- decreased by-1.53%
516
Dependency changes
+ Added@npmcli/ci-detect@^1.0.0
+ Addedsemver@^7.0.0
+ Added@npmcli/ci-detect@1.4.0(transitive)
+ Addedagent-base@5.1.1(transitive)
+ Addedagentkeepalive@4.5.0(transitive)
+ Addedcacache@14.0.0(transitive)
+ Addedchownr@2.0.0(transitive)
+ Addeddebug@4.3.7(transitive)
+ Addedhosted-git-info@4.1.0(transitive)
+ Addedhttp-cache-semantics@4.1.1(transitive)
+ Addedhttp-proxy-agent@3.0.0(transitive)
+ Addedhttps-proxy-agent@4.0.0(transitive)
+ Addedis-lambda@1.0.1(transitive)
+ Addedmake-fetch-happen@7.1.1(transitive)
+ Addedminipass@5.0.0(transitive)
+ Addedmkdirp@1.0.4(transitive)
+ Addedms@2.1.3(transitive)
+ Addednpm-package-arg@8.1.5(transitive)
+ Addedsemver@7.6.3(transitive)
+ Addedtar@6.2.1(transitive)
- Removedbluebird@^3.5.1
- Removedagent-base@4.3.0(transitive)
- Removedagentkeepalive@3.5.3(transitive)
- Removedbluebird@3.7.2(transitive)
- Removedcacache@13.0.1(transitive)
- Removeddebug@3.1.0(transitive)
- Removedhosted-git-info@3.0.8(transitive)
- Removedhttp-cache-semantics@3.8.1(transitive)
- Removedhttp-proxy-agent@2.1.0(transitive)
- Removedhttps-proxy-agent@3.0.1(transitive)
- Removedmake-fetch-happen@6.1.0(transitive)
- Removedms@2.0.0(transitive)
- Removednpm-package-arg@7.0.0(transitive)
- Removedos-homedir@1.0.2(transitive)
- Removedos-tmpdir@1.0.2(transitive)
- Removedosenv@0.1.5(transitive)
- Removedsemver@5.7.2(transitive)
Updatedmake-fetch-happen@^7.1.0
Updatednpm-package-arg@^8.0.0