Comparing version 11.3.4 to 11.3.5
@@ -122,2 +122,9 @@ // This is the base class that the other fetcher types in lib | ||
'--no-audit', | ||
// override any omit settings from the environment | ||
'--include=dev', | ||
'--include=peer', | ||
'--include=optional', | ||
// we need the actual things, not just the lockfile | ||
'--no-package-lock-only', | ||
'--no-dry-run', | ||
] | ||
@@ -434,2 +441,3 @@ } | ||
noChmod: true, | ||
noMtime: true, | ||
filter: (name, entry) => { | ||
@@ -436,0 +444,0 @@ if (/Link$/.test(entry.type)) |
@@ -88,2 +88,5 @@ const Fetcher = require('./fetcher.js') | ||
.catch(er => { | ||
// Throw early since we know pathspec errors will fail again if retried | ||
if (er instanceof git.errors.GitPathspecError) | ||
throw er | ||
const ssh = hosted.sshurl && hosted.sshurl() | ||
@@ -264,5 +267,7 @@ // no fallthrough if we can't fall through or have https auth | ||
const hosted = this.spec.hosted | ||
const https = hosted.https() | ||
return this[_cloneRepo](hosted.https({ noCommittish: true }), ref, tmp) | ||
.catch(er => { | ||
// Throw early since we know pathspec errors will fail again if retried | ||
if (er instanceof git.errors.GitPathspecError) | ||
throw er | ||
const ssh = hosted.sshurl && hosted.sshurl({ noCommittish: true }) | ||
@@ -269,0 +274,0 @@ // no fallthrough if we can't fall through or have https auth |
{ | ||
"name": "pacote", | ||
"version": "11.3.4", | ||
"version": "11.3.5", | ||
"description": "JavaScript package downloader", | ||
@@ -36,3 +36,3 @@ "author": "Isaac Z. Schlueter <i@izs.me> (https://izs.me)", | ||
"dependencies": { | ||
"@npmcli/git": "^2.0.1", | ||
"@npmcli/git": "^2.1.0", | ||
"@npmcli/installed-package-contents": "^1.0.6", | ||
@@ -39,0 +39,0 @@ "@npmcli/promise-spawn": "^1.2.0", |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
New author
Supply chain riskA new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
65572
1378
4
Updated@npmcli/git@^2.1.0