Socket
Socket
Sign inDemoInstall

pacote

Package Overview
Dependencies
Maintainers
6
Versions
221
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

pacote - npm Package Compare versions

Comparing version 12.0.3 to 13.0.0

lib/util/trailing-slashes.js

30

lib/bin.js

@@ -7,3 +7,5 @@ #!/usr/bin/env node

case 'resolve':
if (conf.long)
case 'manifest':
case 'packument':
if (conf._[0] === 'resolve' && conf.long) {
return pacote.manifest(conf._[1], conf).then(mani => ({

@@ -14,4 +16,3 @@ resolved: mani._resolved,

}))
case 'manifest':
case 'packument':
}
return pacote[conf._[0]](conf._[1], conf)

@@ -23,8 +24,9 @@

stream.pipe(conf.testStdout ||
/* istanbul ignore next */ process.stdout)
/* istanbul ignore next */ process.stdout)
// make sure it resolves something falsey
return stream.promise().then(() => {})
}, conf)
} else
} else {
return pacote.tarball.file(conf._[1], conf._[2], conf)
}

@@ -87,4 +89,5 @@ case 'extract':

const conf = parse(args)
if (conf.help || conf.h)
if (conf.help || conf.h) {
return console.log(usage())
}

@@ -128,10 +131,10 @@ if (!addedLogListener) {

args.forEach(arg => {
if (dashdash)
if (dashdash) {
conf._.push(arg)
else if (arg === '--')
} else if (arg === '--') {
dashdash = true
else if (arg === '-h')
} else if (arg === '-h') {
conf.help = true
else if (/^--/.test(arg)) {
const {key, value} = parseArg(arg)
} else if (/^--/.test(arg)) {
const { key, value } = parseArg(arg)
conf[key] = value

@@ -145,5 +148,5 @@ } else {

if (module === require.main)
if (module === require.main) {
main(process.argv.slice(2))
else
} else {
module.exports = {

@@ -156,1 +159,2 @@ main,

}
}

17

lib/dir.js
const Fetcher = require('./fetcher.js')
const FileFetcher = require('./file.js')
const cacache = require('cacache')
const Minipass = require('minipass')
const { promisify } = require('util')
const readPackageJson = require('read-package-json-fast')
const tarCreateOptions = require('./util/tar-create-options.js')

@@ -12,2 +9,3 @@ const packlist = require('npm-packlist')

const { resolve } = require('path')
const _readPackageJson = Symbol.for('package.Fetcher._readPackageJson')

@@ -35,4 +33,5 @@ const runScript = require('@npmcli/run-script')

return this.manifest().then(mani => {
if (!mani.scripts || !mani.scripts.prepare)
if (!mani.scripts || !mani.scripts.prepare) {
return
}

@@ -44,6 +43,5 @@ // we *only* run prepare.

// hide the banner if loglevel is silent, or if prepare running
// hide the banner if silent opt is passed in, or if prepare running
// in the background.
const banner = this.opts.log && this.opts.log.level === 'silent' ? false
: stdio === 'inherit'
const banner = this.opts.silent ? false : stdio === 'inherit'

@@ -82,6 +80,7 @@ return runScript({

manifest () {
if (this.package)
if (this.package) {
return Promise.resolve(this.package)
}
return readPackageJson(this.resolved + '/package.json')
return this[_readPackageJson](this.resolved + '/package.json')
.then(mani => this.package = {

@@ -88,0 +87,0 @@ ...mani,

101

lib/fetcher.js

@@ -12,3 +12,3 @@ // This is the base class that the other fetcher types in lib

const tar = require('tar')
const procLog = require('./util/proc-log.js')
const log = require('proc-log')
const retry = require('promise-retry')

@@ -18,3 +18,6 @@ const fsm = require('fs-minipass')

const isPackageBin = require('./util/is-package-bin.js')
const removeTrailingSlashes = require('./util/trailing-slashes.js')
const getContents = require('@npmcli/installed-package-contents')
const readPackageJsonFast = require('read-package-json-fast')
const readPackageJson = promisify(require('read-package-json'))

@@ -46,7 +49,9 @@ // we only change ownership on unix platforms, and only if uid is 0

const _cacheFetches = Symbol.for('pacote.Fetcher._cacheFetches')
const _readPackageJson = Symbol.for('package.Fetcher._readPackageJson')
class FetcherBase {
constructor (spec, opts) {
if (!opts || typeof opts !== 'object')
if (!opts || typeof opts !== 'object') {
throw new TypeError('options object is required')
}
this.spec = npa(spec, opts.where)

@@ -68,3 +73,3 @@

// by adding/modifying the integrity value.
this.opts = {...opts}
this.opts = { ...opts }

@@ -79,4 +84,5 @@ this.cache = opts.cache || cacheDir()

if (typeof opts.integrity === 'string')
if (typeof opts.integrity === 'string') {
this.opts.integrity = ssri.parse(opts.integrity)
}

@@ -93,3 +99,2 @@ this.package = null

this.umask = opts.umask || 0
this.log = opts.log || procLog

@@ -102,6 +107,11 @@ this.preferOnline = !!opts.preferOnline

this.fullMetadata = this.before ? true : !!opts.fullMetadata
this.fullReadJson = !!opts.fullReadJson
if (this.fullReadJson) {
this[_readPackageJson] = readPackageJson
} else {
this[_readPackageJson] = readPackageJsonFast
}
this.defaultTag = opts.defaultTag || 'latest'
this.registry = (opts.registry || 'https://registry.npmjs.org')
.replace(/\/+$/, '')
this.registry = removeTrailingSlashes(opts.registry || 'https://registry.npmjs.org')

@@ -114,3 +124,3 @@ // command to run 'prepare' scripts on directories and git dirs

// command to install deps for preparing
this.npmInstallCmd = opts.npmInstallCmd || [ 'install', '--force' ]
this.npmInstallCmd = opts.npmInstallCmd || ['install', '--force']

@@ -143,5 +153,7 @@ // XXX fill more of this in based on what we know from this.opts

}
set integrity (i) {
if (!i)
if (!i) {
return
}

@@ -153,6 +165,7 @@ i = ssri.parse(i)

// merge in NEW algos and hashes that we don't already have.
if (current)
if (current) {
current.merge(i)
else
} else {
this.opts.integrity = i
}
}

@@ -225,4 +238,5 @@

// if not caching this, just pipe through to the istream and return it
if (!this.opts.cache || !this[_cacheFetches])
if (!this.opts.cache || !this[_cacheFetches]) {
return stream.pipe(istream)
}

@@ -302,17 +316,20 @@ // we have to return a stream that gets ALL the data, and proxies errors,

) ? streamHandler(this[_tarballFromCache]()).catch(er => {
if (this.isDataCorruptionError(er)) {
this.log.warn('tarball', `cached data for ${
if (this.isDataCorruptionError(er)) {
log.warn('tarball', `cached data for ${
this.spec
} (${this.integrity}) seems to be corrupted. Refreshing cache.`)
return this.cleanupCached().then(() => { throw er })
} else {
throw er
}
}) : null
return this.cleanupCached().then(() => {
throw er
})
} else {
throw er
}
}) : null
const fromResolved = er => {
if (er) {
if (!this.isRetriableError(er))
if (!this.isRetriableError(er)) {
throw er
this.log.silly('tarball', `no local data for ${
}
log.silly('tarball', `no local data for ${
this.spec

@@ -323,3 +340,3 @@ }. Extracting by manifest.`)

streamHandler(this[_istream](this[_tarballFromResolved]()))
.catch(er => {
.catch(er => {
// Most likely data integrity. A cache ENOENT error is unlikely

@@ -329,10 +346,10 @@ // here, since we're definitely not reading from the cache, but it

// entry got blown away or something. Try one more time to be sure.
if (this.isRetriableError(er)) {
this.log.warn('tarball', `tarball data for ${
if (this.isRetriableError(er)) {
log.warn('tarball', `tarball data for ${
this.spec
} (${this.integrity}) seems to be corrupted. Trying again.`)
return this.cleanupCached().then(() => tryAgain(er))
}
throw er
}), { retries: 1, minTimeout: 0, maxTimeout: 0 }))
return this.cleanupCached().then(() => tryAgain(er))
}
throw er
}), { retries: 1, minTimeout: 0, maxTimeout: 0 }))
}

@@ -354,3 +371,3 @@

[_empty] (path) {
return getContents({path, depth: 1}).then(contents => Promise.all(
return getContents({ path, depth: 1 }).then(contents => Promise.all(
contents.map(entry => rimraf(entry))))

@@ -368,3 +385,3 @@ }

? this[_empty](dest).then(() => mkdirp(dest)).then(() => ({}))
: inferOwner(dest).then(({uid, gid}) =>
: inferOwner(dest).then(({ uid, gid }) =>
this[_empty](dest)

@@ -379,3 +396,3 @@ .then(() => mkdirp(dest))

})
.then(() => ({uid, gid})))
.then(() => ({ uid, gid })))
}

@@ -386,3 +403,3 @@

extract (dest) {
return this[_mkdir](dest).then(({uid, gid}) =>
return this[_mkdir](dest).then(({ uid, gid }) =>
this.tarballStream(tarball => this[_extract](dest, tarball, uid, gid)))

@@ -410,3 +427,3 @@ }

? mkdirp(dir).then(() => this[_toFile](dest))
: inferOwner(dest).then(({uid, gid}) =>
: inferOwner(dest).then(({ uid, gid }) =>
mkdirp(dir).then(made => this[_toFile](dest)

@@ -429,4 +446,4 @@ .then(res => this[_chown](made || dir, uid, gid)

extractor.on('error', er => {
this.log.warn('tar', er.message)
this.log.silly('tar', er)
log.warn('tar', er.message)
log.silly('tar', er)
reject(er)

@@ -462,4 +479,5 @@ })

filter: (name, entry) => {
if (/Link$/.test(entry.type))
if (/Link$/.test(entry.type)) {
return false
}
entry.mode = this[_entryMode](entry.path, entry.mode, entry.type)

@@ -471,9 +489,10 @@ // this replicates the npm pack behavior where .gitignore files

const base = basename(entry.path)
if (base === '.npmignore')
if (base === '.npmignore') {
sawIgnores.add(entry.path)
else if (base === '.gitignore' && !this.allowGitIgnore) {
} else if (base === '.gitignore' && !this.allowGitIgnore) {
// rename, but only if there's not already a .npmignore
const ni = entry.path.replace(/\.gitignore$/, '.npmignore')
if (sawIgnores.has(ni))
if (sawIgnores.has(ni)) {
return false
}
entry.path = ni

@@ -487,4 +506,4 @@ }

(code, msg, data) => {
this.log.warn('tar', code, msg)
this.log.silly('tar', code, msg, data)
log.warn('tar', code, msg)
log.silly('tar', code, msg, data)
},

@@ -491,0 +510,0 @@ uid,

41

lib/file.js
const Fetcher = require('./fetcher.js')
const fsm = require('fs-minipass')
const cacache = require('cacache')
const { promisify } = require('util')
const readPackageJson = require('read-package-json-fast')
const _tarballFromResolved = Symbol.for('pacote.Fetcher._tarballFromResolved')

@@ -10,2 +8,3 @@ const _exeBins = Symbol('_exeBins')

const fs = require('fs')
const _readPackageJson = Symbol.for('package.Fetcher._readPackageJson')

@@ -24,4 +23,5 @@ class FileFetcher extends Fetcher {

manifest () {
if (this.package)
if (this.package) {
return Promise.resolve(this.package)
}

@@ -31,14 +31,15 @@ // have to unpack the tarball for this.

this.extract(dir)
.then(() => readPackageJson(dir + '/package.json'))
.then(mani => this.package = {
...mani,
_integrity: this.integrity && String(this.integrity),
_resolved: this.resolved,
_from: this.from,
}))
.then(() => this[_readPackageJson](dir + '/package.json'))
.then(mani => this.package = {
...mani,
_integrity: this.integrity && String(this.integrity),
_resolved: this.resolved,
_from: this.from,
}))
}
[_exeBins] (pkg, dest) {
if (!pkg.bin)
if (!pkg.bin) {
return Promise.resolve()
}

@@ -52,7 +53,9 @@ return Promise.all(Object.keys(pkg.bin).map(k => new Promise(res => {

fs.stat(script, (er, st) => {
if (er)
if (er) {
return res()
}
const mode = st.mode | 0o111
if (mode === st.mode)
if (mode === st.mode) {
return res()
}
fs.chmod(script, mode, res)

@@ -68,4 +71,4 @@ })

.then(result => this.package ? result
: readPackageJson(dest + '/package.json').then(pkg =>
this[_exeBins](pkg, dest)).then(() => result))
: this[_readPackageJson](dest + '/package.json').then(pkg =>
this[_exeBins](pkg, dest)).then(() => result))
}

@@ -83,3 +86,3 @@

'dist-tags': {
[this.defaultTag]: mani.version
[this.defaultTag]: mani.version,
},

@@ -92,5 +95,5 @@ versions: {

integrity: this.integrity && String(this.integrity),
}
}
}
},
},
},
}))

@@ -97,0 +100,0 @@ }

84

lib/git.js

@@ -9,7 +9,5 @@ const Fetcher = require('./fetcher.js')

const npa = require('npm-package-arg')
const url = require('url')
const Minipass = require('minipass')
const cacache = require('cacache')
const { promisify } = require('util')
const readPackageJson = require('read-package-json-fast')
const log = require('proc-log')
const npm = require('./util/npm.js')

@@ -28,2 +26,3 @@

const _prepareDir = Symbol('_prepareDir')
const _readPackageJson = Symbol.for('package.Fetcher._readPackageJson')

@@ -45,4 +44,5 @@ // get the repository url.

this.resolvedRef = null
if (this.spec.hosted)
if (this.spec.hosted) {
this.from = this.spec.hosted.shortcut({ noCommittish: false })
}

@@ -57,4 +57,5 @@ // shortcut: avoid full clone when we can go straight to the tgz

: this.spec.rawSpec
} else
} else {
this.resolvedSha = ''
}
}

@@ -74,4 +75,5 @@

// but in general, no reason to resolve() more than necessary!
if (this.resolved)
if (this.resolved) {
return super.resolve()
}

@@ -94,8 +96,10 @@ // fetch the git repo and then look at the current hash

// Throw early since we know pathspec errors will fail again if retried
if (er instanceof git.errors.GitPathspecError)
if (er instanceof git.errors.GitPathspecError) {
throw er
}
const ssh = hosted.sshurl && hosted.sshurl()
// no fallthrough if we can't fall through or have https auth
if (!ssh || hosted.auth)
if (!ssh || hosted.auth) {
throw er
}
return this[_resolvedFromRepo](ssh)

@@ -107,4 +111,5 @@ })

// XXX make this a custom error class
if (!gitRemote)
if (!gitRemote) {
return Promise.reject(new Error(`No git url for ${this.spec}`))
}
const gitRange = this.spec.gitRange

@@ -114,15 +119,16 @@ const name = this.spec.name

return gitRange ? pickManifest({
versions: remoteRefs.versions,
'dist-tags': remoteRefs['dist-tags'],
name,
}, gitRange, this.opts)
versions: remoteRefs.versions,
'dist-tags': remoteRefs['dist-tags'],
name,
}, gitRange, this.opts)
: this.spec.gitCommittish ?
remoteRefs.refs[this.spec.gitCommittish] ||
remoteRefs.refs[remoteRefs.shas[this.spec.gitCommittish]]
: remoteRefs.refs.HEAD // no git committish, get default head
: remoteRefs.refs.HEAD // no git committish, get default head
}).then(revDoc => {
// the committish provided isn't in the rev list
// things like HEAD~3 or @yesterday can land here.
if (!revDoc || !revDoc.sha)
if (!revDoc || !revDoc.sha) {
return this[_resolvedFromClone]()
}

@@ -156,12 +162,13 @@ this.resolvedRef = revDoc

[_prepareDir] (dir) {
return readPackageJson(dir + '/package.json').then(mani => {
return this[_readPackageJson](dir + '/package.json').then(mani => {
// no need if we aren't going to do any preparation.
const scripts = mani.scripts
if (!scripts || !(
scripts.postinstall ||
scripts.postinstall ||
scripts.build ||
scripts.preinstall ||
scripts.install ||
scripts.prepare))
scripts.prepare)) {
return
}

@@ -178,3 +185,3 @@ // to avoid cases where we have an cycle of git deps that depend

if (noPrepare.includes(this.resolved)) {
this.log.info('prepare', 'skip prepare, already seen', this.resolved)
log.info('prepare', 'skip prepare, already seen', this.resolved)
return

@@ -215,5 +222,5 @@ }

}))).catch(
/* istanbul ignore next: very unlikely and hard to test */
er => stream.emit('error', er)
)
/* istanbul ignore next: very unlikely and hard to test */
er => stream.emit('error', er)
)
return stream

@@ -251,6 +258,7 @@ }

// fall back to ssh download if tarball fails
if (er.constructor.name.match(/^Http/))
if (er.constructor.name.match(/^Http/)) {
return this[_clone](handler, false)
else
} else {
throw er
}
})

@@ -264,6 +272,7 @@ }

this.resolvedSha = sha
if (!this.resolved)
if (!this.resolved) {
this[_addGitSha](sha)
}
})
.then(() => handler(tmp))
.then(() => handler(tmp))
})

@@ -282,8 +291,10 @@ }

// Throw early since we know pathspec errors will fail again if retried
if (er instanceof git.errors.GitPathspecError)
if (er instanceof git.errors.GitPathspecError) {
throw er
}
const ssh = hosted.sshurl && hosted.sshurl({ noCommittish: true })
// no fallthrough if we can't fall through or have https auth
if (!ssh || hosted.auth)
if (!ssh || hosted.auth) {
throw er
}
return this[_cloneRepo](ssh, ref, tmp)

@@ -299,4 +310,5 @@ })

manifest () {
if (this.package)
if (this.package) {
return Promise.resolve(this.package)
}

@@ -306,9 +318,9 @@ return this.spec.hosted && this.resolved

: this[_clone](dir =>
readPackageJson(dir + '/package.json')
.then(mani => this.package = {
...mani,
_integrity: this.integrity && String(this.integrity),
_resolved: this.resolved,
_from: this.from,
}))
this[_readPackageJson](dir + '/package.json')
.then(mani => this.package = {
...mani,
_integrity: this.integrity && String(this.integrity),
_resolved: this.resolved,
_from: this.from,
}))
}

@@ -315,0 +327,0 @@

39

lib/registry.js

@@ -5,2 +5,3 @@ const Fetcher = require('./fetcher.js')

const pacoteVersion = require('../package.json').version
const removeTrailingSlashes = require('./util/trailing-slashes.js')
const npa = require('npm-package-arg')

@@ -10,3 +11,2 @@ const rpj = require('read-package-json-fast')

const ssri = require('ssri')
const Minipass = require('minipass')

@@ -37,6 +37,7 @@ // Corgis are cute. 🐕🐶

this.spec.rawSpec === '' &&
this.defaultTag !== 'latest')
this.defaultTag !== 'latest') {
this.spec = npa(`${this.spec.name}@${this.defaultTag}`)
}
this.registry = fetch.pickRegistry(spec, opts)
this.packumentUrl = this.registry.replace(/\/*$/, '/') +
this.packumentUrl = removeTrailingSlashes(this.registry) + '/' +
this.spec.escapedName

@@ -51,9 +52,11 @@

resolve () {
if (this.resolved)
if (this.resolved) {
return Promise.resolve(this.resolved)
}
// fetching the manifest sets resolved and (usually) integrity
return this.manifest().then(() => {
if (this.resolved)
if (this.resolved) {
return this.resolved
}

@@ -84,4 +87,5 @@ throw Object.assign(

// one request at a time for the same thing regardless.
if (this.packumentCache && this.packumentCache.has(this.packumentUrl))
if (this.packumentCache && this.packumentCache.has(this.packumentUrl)) {
return this.packumentCache.get(this.packumentUrl)
}

@@ -100,8 +104,10 @@ // npm-registry-fetch the packument

packument._contentLength = +res.headers.get('content-length')
if (this.packumentCache)
if (this.packumentCache) {
this.packumentCache.set(this.packumentUrl, packument)
}
return packument
})).catch(er => {
if (this.packumentCache)
if (this.packumentCache) {
this.packumentCache.delete(this.packumentUrl)
}
if (er.code === 'E404' && !this.fullMetadata) {

@@ -114,4 +120,5 @@ // possible that corgis are not supported by this registry

})
if (this.packumentCache)
if (this.packumentCache) {
this.packumentCache.set(this.packumentUrl, p)
}
return p

@@ -121,4 +128,5 @@ }

manifest () {
if (this.package)
if (this.package) {
return Promise.resolve(this.package)
}

@@ -138,8 +146,8 @@ return this.packument()

const distIntegrity = dist.integrity ? ssri.parse(dist.integrity)
: dist.shasum ? ssri.fromHex(dist.shasum, 'sha1', {...this.opts})
: dist.shasum ? ssri.fromHex(dist.shasum, 'sha1', { ...this.opts })
: null
if (distIntegrity) {
if (!this.integrity)
if (!this.integrity) {
this.integrity = distIntegrity
else if (!this.integrity.match(distIntegrity)) {
} else if (!this.integrity.match(distIntegrity)) {
// only bork if they have algos in common.

@@ -155,3 +163,3 @@ // otherwise we end up breaking if we have saved a sha512

throw Object.assign(new Error(
`Integrity checksum failed when using ${algo}: `+
`Integrity checksum failed when using ${algo}: ` +
`wanted ${this.integrity} but got ${distIntegrity}.`

@@ -168,4 +176,5 @@ ), { code: 'EINTEGRITY' })

}
if (this.integrity)
if (this.integrity) {
mani._integrity = String(this.integrity)
}
this.package = rpj.normalize(mani)

@@ -172,0 +181,0 @@ return this.package

8

lib/remote.js

@@ -6,3 +6,2 @@ const Fetcher = require('./fetcher.js')

const fetch = require('npm-registry-fetch')
const ssri = require('ssri')
const Minipass = require('minipass')

@@ -18,4 +17,5 @@ // The default registry URL is a string of great magic.

this.resolved = this.spec.fetchSpec
if (magic.test(this.resolved) && !magic.test(this.registry + '/'))
if (magic.test(this.resolved) && !magic.test(this.registry + '/')) {
this.resolved = this.resolved.replace(magic, this.registry + '/')
}

@@ -40,3 +40,3 @@ // nam is a fermented pork sausage that is good to eat

integrity: this.integrity,
algorithms: [ this.pickIntegrityAlgorithm() ],
algorithms: [this.pickIntegrityAlgorithm()],
}

@@ -68,3 +68,3 @@ fetch(this.resolved, fetchOpts).then(res => {

...(this.integrity ? { 'pacote-integrity': String(this.integrity) }
: {}),
: {}),
...(this.opts.headers || {}),

@@ -71,0 +71,0 @@ }

2

lib/util/cache-dir.js
const os = require('os')
const {resolve} = require('path')
const { resolve } = require('path')

@@ -4,0 +4,0 @@ module.exports = (fakePlatform = false) => {

7

lib/util/is-package-bin.js

@@ -15,6 +15,7 @@ // Function to determine whether a path is in the package.bin set.

const bin = binObj(pkg.name, pkg.bin)
const p = path.replace(/^[^\\\/]*\//, '')
for (const [k, v] of Object.entries(bin)) {
if (v === p)
const p = path.replace(/^[^\\/]*\//, '')
for (const kv of Object.entries(bin)) {
if (kv[1] === p) {
return true
}
}

@@ -21,0 +22,0 @@ return false

1

lib/util/npm.js
// run an npm command
const spawn = require('@npmcli/promise-spawn')
const {dirname} = require('path')

@@ -5,0 +4,0 @@ module.exports = (npmBin, npmCommand, cwd, env, extra) => {

5

lib/util/tar-create-options.js

@@ -12,3 +12,3 @@ const isPackageBin = require('./is-package-bin.js')

// end results after compression
level: 9
level: 9,
},

@@ -21,4 +21,5 @@

filter: (path, stat) => {
if (isPackageBin(manifest, path))
if (isPackageBin(manifest, path)) {
stat.mode |= 0o111
}
return true

@@ -25,0 +26,0 @@ },

43

package.json
{
"name": "pacote",
"version": "12.0.3",
"version": "13.0.0",
"description": "JavaScript package downloader",
"author": "Isaac Z. Schlueter <i@izs.me> (https://izs.me)",
"author": "GitHub Inc.",
"bin": {

@@ -16,3 +16,8 @@ "pacote": "lib/bin.js"

"postversion": "npm publish",
"prepublishOnly": "git push origin --follow-tags"
"prepublishOnly": "git push origin --follow-tags",
"lint": "eslint '**/*.js'",
"postlint": "npm-template-check",
"lintfix": "npm run lint -- --fix",
"posttest": "npm run lint",
"template-copy": "npm-template-copy --force"
},

@@ -24,8 +29,10 @@ "tap": {

"devDependencies": {
"@npmcli/template-oss": "^2.7.1",
"mutate-fs": "^2.1.1",
"npm-registry-mock": "^1.3.1",
"tap": "^15.0.4"
"tap": "^15.1.6"
},
"files": [
"lib/**/*.js"
"bin",
"lib"
],

@@ -39,20 +46,22 @@ "keywords": [

"@npmcli/git": "^2.1.0",
"@npmcli/installed-package-contents": "^1.0.6",
"@npmcli/installed-package-contents": "^1.0.7",
"@npmcli/promise-spawn": "^1.2.0",
"@npmcli/run-script": "^2.0.0",
"cacache": "^15.0.5",
"cacache": "^15.3.0",
"chownr": "^2.0.0",
"fs-minipass": "^2.1.0",
"infer-owner": "^1.0.4",
"minipass": "^3.1.3",
"mkdirp": "^1.0.3",
"npm-package-arg": "^8.0.1",
"minipass": "^3.1.6",
"mkdirp": "^1.0.4",
"npm-package-arg": "^9.0.0",
"npm-packlist": "^3.0.0",
"npm-pick-manifest": "^6.0.0",
"npm-registry-fetch": "^12.0.0",
"npm-pick-manifest": "^7.0.0",
"npm-registry-fetch": "^12.0.2",
"proc-log": "^2.0.0",
"promise-retry": "^2.0.1",
"read-package-json-fast": "^2.0.1",
"read-package-json": "^4.1.1",
"read-package-json-fast": "^2.0.3",
"rimraf": "^3.0.2",
"ssri": "^8.0.1",
"tar": "^6.1.0"
"tar": "^6.1.11"
},

@@ -62,3 +71,7 @@ "engines": {

},
"repository": "git@github.com:npm/pacote"
"repository": "git@github.com:npm/pacote",
"templateOSS": {
"version": "2.7.1",
"windowsCI": false
}
}

9

README.md

@@ -149,6 +149,2 @@ # pacote

`0o777`. See "Extracted File Modes" below.
* `log` A logger object with methods for various log levels. Typically,
this will be [`npmlog`](http://npm.im/npmlog) in the npm CLI use case,
but if not specified, the default is a logger that emits `'log'` events
on the `process` object.
* `preferOnline` Prefer to revalidate cache entries, even when it would not

@@ -166,2 +162,5 @@ be strictly necessary. Default `false`.

version publish time is part of the extended packument metadata.
* `fullReadJson` Use the slower `read-package-json` package insted of
`read-package-json-fast` in order to include extra fields like "readme" in
the manifest. Defaults to `false`.
* `packumentCache` For registry packuments only, you may provide a `Map`

@@ -172,2 +171,4 @@ object which will be used to cache packument requests between pacote

is unlikely to change in the span of a single command.
* `silent` A boolean that determines whether the banner is displayed
when calling `@npmcli/run-script`.

@@ -174,0 +175,0 @@ 

lib/util/proc-log.js
SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc