pacote - npm Package Compare versions

pacote

Advanced tools

Install Socket

Detect and block malicious and high-risk dependencies

lib/dir.js

		@@ -6,3 +6,2 @@ const Fetcher = require('./fetcher.js')
		const packlist = require('npm-packlist')
		const Arborist = require('@npmcli/arborist')
		const tar = require('tar')
		@@ -21,2 +20,5 @@ const _prepareDir = Symbol('_prepareDir')
		this.resolved = this.spec.fetchSpec

		this.tree = opts.tree \|\| null
		this.Arborist = opts.Arborist \|\| null
		}
		@@ -65,2 +67,6 @@
		[_tarballFromResolved] () {
		if (!this.tree && !this.Arborist) {
		throw new Error('DirFetcher requires either a tree or an Arborist constructor to pack')
		}

		const stream = new Minipass()
		@@ -77,3 +83,3 @@ stream.resolved = this.resolved
		if (!this.tree) {
		const arb = new Arborist({ path: this.resolved })
		const arb = new this.Arborist({ path: this.resolved })
		this.tree = await arb.loadActual()
		@@ -80,0 +86,0 @@ }

lib/fetcher.js

		@@ -75,3 +75,2 @@ // This is the base class that the other fetcher types in lib
		this.resolved = opts.resolved \|\| null
		this.tree = opts.tree \|\| null

		@@ -78,0 +77,0 @@ // default to caching/verifying with sha512, that's what we usually have

lib/git.js

		@@ -64,2 +64,4 @@ const Fetcher = require('./fetcher.js')
		}

		this.Arborist = opts.Arborist \|\| null
		}
		@@ -210,4 +212,8 @@
		.then(() => new Promise((res, rej) => {
		if (!this.Arborist) {
		throw new Error('GitFetcher requires an Arborist constructor to pack a tarball')
		}
		const df = new DirFetcher(`file:${dir}`, {
		...this.opts,
		Arborist: this.Arborist,
		resolved: null,
		@@ -214,0 +220,0 @@ integrity: null,

package.json

		{
		"name": "pacote",
		"version": "14.0.0-pre.2",
		"version": "14.0.0-pre.3",
		"description": "JavaScript package downloader",
		@@ -69,5 +69,2 @@ "author": "GitHub Inc.",
		},
		"peerDependencies": {
		"@npmcli/arborist": "^6.0.0 \|\| ^6.0.0-pre.0"
		},
		"engines": {
		@@ -74,0 +71,0 @@ "node": "^14.17.0 \|\| ^16.13.0 \|\| >=18.0.0"

Improved metrics