Comparing version 18.0.4 to 18.0.5
@@ -7,9 +7,6 @@ const Fetcher = require('./fetcher.js') | ||
const tar = require('tar') | ||
const _prepareDir = Symbol('_prepareDir') | ||
const { resolve } = require('path') | ||
const _readPackageJson = Symbol.for('package.Fetcher._readPackageJson') | ||
const runScript = require('@npmcli/run-script') | ||
const _ = require('./util/protected.js') | ||
const _tarballFromResolved = Symbol.for('pacote.Fetcher._tarballFromResolved') | ||
class DirFetcher extends Fetcher { | ||
@@ -34,3 +31,3 @@ constructor (spec, opts) { | ||
[_prepareDir] () { | ||
[_.prepareDir] () { | ||
return this.manifest().then(mani => { | ||
@@ -60,3 +57,3 @@ if (!mani.scripts || !mani.scripts.prepare) { | ||
[_tarballFromResolved] () { | ||
[_.tarballFromResolved] () { | ||
if (!this.tree && !this.Arborist) { | ||
@@ -74,3 +71,3 @@ throw new Error('DirFetcher requires either a tree or an Arborist constructor to pack') | ||
// pipe to the stream, and proxy errors the chain. | ||
this[_prepareDir]() | ||
this[_.prepareDir]() | ||
.then(async () => { | ||
@@ -94,3 +91,3 @@ if (!this.tree) { | ||
return this[_readPackageJson](this.resolved) | ||
return this[_.readPackageJson](this.resolved) | ||
.then(mani => this.package = { | ||
@@ -97,0 +94,0 @@ ...mani, |
@@ -21,2 +21,3 @@ // This is the base class that the other fetcher types in lib | ||
const cacheDir = require('./util/cache-dir.js') | ||
const _ = require('./util/protected.js') | ||
@@ -27,18 +28,2 @@ // Pacote is only concerned with the package.json contents | ||
// Private methods. | ||
// Child classes should not have to override these. | ||
// Users should never call them. | ||
const _extract = Symbol('_extract') | ||
const _mkdir = Symbol('_mkdir') | ||
const _empty = Symbol('_empty') | ||
const _toFile = Symbol('_toFile') | ||
const _tarxOptions = Symbol('_tarxOptions') | ||
const _entryMode = Symbol('_entryMode') | ||
const _istream = Symbol('_istream') | ||
const _assertType = Symbol('_assertType') | ||
const _tarballFromCache = Symbol('_tarballFromCache') | ||
const _tarballFromResolved = Symbol.for('pacote.Fetcher._tarballFromResolved') | ||
const _cacheFetches = Symbol.for('pacote.Fetcher._cacheFetches') | ||
const _readPackageJson = Symbol.for('package.Fetcher._readPackageJson') | ||
class FetcherBase { | ||
@@ -62,3 +47,3 @@ constructor (spec, opts) { | ||
this[_assertType]() | ||
this.#assertType() | ||
// clone the opts object so that others aren't upset when we mutate it | ||
@@ -99,7 +84,5 @@ // by adding/modifying the integrity value. | ||
this.fullReadJson = !!opts.fullReadJson | ||
if (this.fullReadJson) { | ||
this[_readPackageJson] = packageJsonPrepare | ||
} else { | ||
this[_readPackageJson] = packageJsonNormalize | ||
} | ||
this[_.readPackageJson] = this.fullReadJson | ||
? packageJsonPrepare | ||
: packageJsonNormalize | ||
@@ -195,3 +178,3 @@ // rrh is a registry hostname or 'never' or 'always' | ||
// but *just* return the raw tarball data stream. | ||
[_tarballFromResolved] () { | ||
[_.tarballFromResolved] () { | ||
throw this.notImplementedError | ||
@@ -212,13 +195,13 @@ } | ||
// Note: cacache will raise a EINTEGRITY error if the integrity doesn't match | ||
[_tarballFromCache] () { | ||
#tarballFromCache () { | ||
return cacache.get.stream.byDigest(this.cache, this.integrity, this.opts) | ||
} | ||
get [_cacheFetches] () { | ||
get [_.cacheFetches] () { | ||
return true | ||
} | ||
[_istream] (stream) { | ||
#istream (stream) { | ||
// if not caching this, just return it | ||
if (!this.opts.cache || !this[_cacheFetches]) { | ||
if (!this.opts.cache || !this[_.cacheFetches]) { | ||
// instead of creating a new integrity stream, we only piggyback on the | ||
@@ -276,3 +259,3 @@ // provided stream's events | ||
[_assertType] () { | ||
#assertType () { | ||
if (this.types && !this.types.includes(this.spec.type)) { | ||
@@ -316,3 +299,3 @@ throw new TypeError(`Wrong spec type (${ | ||
this.resolved | ||
) ? streamHandler(this[_tarballFromCache]()).catch(er => { | ||
) ? streamHandler(this.#tarballFromCache()).catch(er => { | ||
if (this.isDataCorruptionError(er)) { | ||
@@ -340,3 +323,3 @@ log.warn('tarball', `cached data for ${ | ||
return this.resolve().then(() => retry(tryAgain => | ||
streamHandler(this[_istream](this[_tarballFromResolved]())) | ||
streamHandler(this.#istream(this[_.tarballFromResolved]())) | ||
.catch(streamErr => { | ||
@@ -364,3 +347,3 @@ // Most likely data integrity. A cache ENOENT error is unlikely | ||
[_empty] (path) { | ||
#empty (path) { | ||
return getContents({ path, depth: 1 }).then(contents => Promise.all( | ||
@@ -370,4 +353,4 @@ contents.map(entry => fs.rm(entry, { recursive: true, force: true })))) | ||
async [_mkdir] (dest) { | ||
await this[_empty](dest) | ||
async #mkdir (dest) { | ||
await this.#empty(dest) | ||
return await fs.mkdir(dest, { recursive: true }) | ||
@@ -379,7 +362,7 @@ } | ||
async extract (dest) { | ||
await this[_mkdir](dest) | ||
return this.tarballStream((tarball) => this[_extract](dest, tarball)) | ||
await this.#mkdir(dest) | ||
return this.tarballStream((tarball) => this.#extract(dest, tarball)) | ||
} | ||
[_toFile] (dest) { | ||
#toFile (dest) { | ||
return this.tarballStream(str => new Promise((res, rej) => { | ||
@@ -398,11 +381,11 @@ const writer = new fsm.WriteStream(dest) | ||
// don't use this[_mkdir] because we don't want to rimraf anything | ||
// don't use this.#mkdir because we don't want to rimraf anything | ||
async tarballFile (dest) { | ||
const dir = dirname(dest) | ||
await fs.mkdir(dir, { recursive: true }) | ||
return this[_toFile](dest) | ||
return this.#toFile(dest) | ||
} | ||
[_extract] (dest, tarball) { | ||
const extractor = tar.x(this[_tarxOptions]({ cwd: dest })) | ||
#extract (dest, tarball) { | ||
const extractor = tar.x(this.#tarxOptions({ cwd: dest })) | ||
const p = new Promise((resolve, reject) => { | ||
@@ -432,3 +415,3 @@ extractor.on('end', () => { | ||
// dmode/fmode, but never more permissive than the umask allows. | ||
[_entryMode] (path, mode, type) { | ||
#entryMode (path, mode, type) { | ||
const m = /Directory|GNUDumpDir/.test(type) ? this.dmode | ||
@@ -444,3 +427,3 @@ : /File$/.test(type) ? this.fmode | ||
[_tarxOptions] ({ cwd }) { | ||
#tarxOptions ({ cwd }) { | ||
const sawIgnores = new Set() | ||
@@ -455,3 +438,3 @@ return { | ||
} | ||
entry.mode = this[_entryMode](entry.path, entry.mode, entry.type) | ||
entry.mode = this.#entryMode(entry.path, entry.mode, entry.type) | ||
// this replicates the npm pack behavior where .gitignore files | ||
@@ -458,0 +441,0 @@ // are treated like .npmignore files, but only if a .npmignore |
@@ -6,7 +6,4 @@ const fsm = require('fs-minipass') | ||
const Fetcher = require('./fetcher.js') | ||
const _ = require('./util/protected.js') | ||
const _exeBins = Symbol('_exeBins') | ||
const _tarballFromResolved = Symbol.for('pacote.Fetcher._tarballFromResolved') | ||
const _readPackageJson = Symbol.for('package.Fetcher._readPackageJson') | ||
class FileFetcher extends Fetcher { | ||
@@ -31,3 +28,3 @@ constructor (spec, opts) { | ||
this.extract(dir) | ||
.then(() => this[_readPackageJson](dir)) | ||
.then(() => this[_.readPackageJson](dir)) | ||
.then(mani => this.package = { | ||
@@ -41,3 +38,3 @@ ...mani, | ||
[_exeBins] (pkg, dest) { | ||
#exeBins (pkg, dest) { | ||
if (!pkg.bin) { | ||
@@ -71,7 +68,7 @@ return Promise.resolve() | ||
.then(result => this.package ? result | ||
: this[_readPackageJson](dest).then(pkg => | ||
this[_exeBins](pkg, dest)).then(() => result)) | ||
: this[_.readPackageJson](dest).then(pkg => | ||
this.#exeBins(pkg, dest)).then(() => result)) | ||
} | ||
[_tarballFromResolved] () { | ||
[_.tarballFromResolved] () { | ||
// create a read stream and return it | ||
@@ -78,0 +75,0 @@ return new fsm.ReadStream(this.resolved) |
@@ -5,3 +5,2 @@ const Fetcher = require('./fetcher.js') | ||
const DirFetcher = require('./dir.js') | ||
const hashre = /^[a-f0-9]{40}$/ | ||
const git = require('@npmcli/git') | ||
@@ -14,16 +13,7 @@ const pickManifest = require('npm-pick-manifest') | ||
const npm = require('./util/npm.js') | ||
const _resolvedFromRepo = Symbol('_resolvedFromRepo') | ||
const _resolvedFromHosted = Symbol('_resolvedFromHosted') | ||
const _resolvedFromClone = Symbol('_resolvedFromClone') | ||
const _tarballFromResolved = Symbol.for('pacote.Fetcher._tarballFromResolved') | ||
const _addGitSha = Symbol('_addGitSha') | ||
const addGitSha = require('./util/add-git-sha.js') | ||
const _clone = Symbol('_clone') | ||
const _cloneHosted = Symbol('_cloneHosted') | ||
const _cloneRepo = Symbol('_cloneRepo') | ||
const _setResolvedWithSha = Symbol('_setResolvedWithSha') | ||
const _prepareDir = Symbol('_prepareDir') | ||
const _readPackageJson = Symbol.for('package.Fetcher._readPackageJson') | ||
const _ = require('./util/protected.js') | ||
const hashre = /^[a-f0-9]{40}$/ | ||
// get the repository url. | ||
@@ -89,4 +79,5 @@ // prefer https if there's auth, since ssh will drop that. | ||
// try to use ssh, fall back to git. | ||
return h ? this[_resolvedFromHosted](h) | ||
: this[_resolvedFromRepo](this.spec.fetchSpec) | ||
return h | ||
? this.#resolvedFromHosted(h) | ||
: this.#resolvedFromRepo(this.spec.fetchSpec) | ||
} | ||
@@ -99,19 +90,18 @@ | ||
// is present, otherwise ssh if the hosted type provides it | ||
[_resolvedFromHosted] (hosted) { | ||
return this[_resolvedFromRepo](hosted.https && hosted.https()) | ||
.catch(er => { | ||
// Throw early since we know pathspec errors will fail again if retried | ||
if (er instanceof git.errors.GitPathspecError) { | ||
throw er | ||
} | ||
const ssh = hosted.sshurl && hosted.sshurl() | ||
// no fallthrough if we can't fall through or have https auth | ||
if (!ssh || hosted.auth) { | ||
throw er | ||
} | ||
return this[_resolvedFromRepo](ssh) | ||
}) | ||
#resolvedFromHosted (hosted) { | ||
return this.#resolvedFromRepo(hosted.https && hosted.https()).catch(er => { | ||
// Throw early since we know pathspec errors will fail again if retried | ||
if (er instanceof git.errors.GitPathspecError) { | ||
throw er | ||
} | ||
const ssh = hosted.sshurl && hosted.sshurl() | ||
// no fallthrough if we can't fall through or have https auth | ||
if (!ssh || hosted.auth) { | ||
throw er | ||
} | ||
return this.#resolvedFromRepo(ssh) | ||
}) | ||
} | ||
[_resolvedFromRepo] (gitRemote) { | ||
#resolvedFromRepo (gitRemote) { | ||
// XXX make this a custom error class | ||
@@ -137,3 +127,3 @@ if (!gitRemote) { | ||
if (!revDoc || !revDoc.sha) { | ||
return this[_resolvedFromClone]() | ||
return this.#resolvedFromClone() | ||
} | ||
@@ -143,3 +133,3 @@ | ||
this.resolvedSha = revDoc.sha | ||
this[_addGitSha](revDoc.sha) | ||
this.#addGitSha(revDoc.sha) | ||
return this.resolved | ||
@@ -149,3 +139,3 @@ }) | ||
[_setResolvedWithSha] (withSha) { | ||
#setResolvedWithSha (withSha) { | ||
// we haven't cloned, so a tgz download is still faster | ||
@@ -159,14 +149,14 @@ // of course, if it's not a known host, we can't do that. | ||
// either a git url with a hash, or a tarball download URL | ||
[_addGitSha] (sha) { | ||
this[_setResolvedWithSha](addGitSha(this.spec, sha)) | ||
#addGitSha (sha) { | ||
this.#setResolvedWithSha(addGitSha(this.spec, sha)) | ||
} | ||
[_resolvedFromClone] () { | ||
#resolvedFromClone () { | ||
// do a full or shallow clone, then look at the HEAD | ||
// kind of wasteful, but no other option, really | ||
return this[_clone](() => this.resolved) | ||
return this.#clone(() => this.resolved) | ||
} | ||
[_prepareDir] (dir) { | ||
return this[_readPackageJson](dir).then(mani => { | ||
#prepareDir (dir) { | ||
return this[_.readPackageJson](dir).then(mani => { | ||
// no need if we aren't going to do any preparation. | ||
@@ -211,3 +201,3 @@ const scripts = mani.scripts | ||
[_tarballFromResolved] () { | ||
[_.tarballFromResolved] () { | ||
const stream = new Minipass() | ||
@@ -218,3 +208,3 @@ stream.resolved = this.resolved | ||
// check it out and then shell out to the DirFetcher tarball packer | ||
this[_clone](dir => this[_prepareDir](dir) | ||
this.#clone(dir => this.#prepareDir(dir) | ||
.then(() => new Promise((res, rej) => { | ||
@@ -230,3 +220,3 @@ if (!this.Arborist) { | ||
}) | ||
const dirStream = df[_tarballFromResolved]() | ||
const dirStream = df[_.tarballFromResolved]() | ||
dirStream.on('error', rej) | ||
@@ -249,3 +239,3 @@ dirStream.on('end', res) | ||
// spec and repo, so that we don't ever clone the same thing multiple times. | ||
[_clone] (handler, tarballOk = true) { | ||
#clone (handler, tarballOk = true) { | ||
const o = { tmpPrefix: 'git-clone' } | ||
@@ -273,3 +263,3 @@ const ref = this.resolvedSha || this.spec.gitCommittish | ||
if (er.constructor.name.match(/^Http/)) { | ||
return this[_clone](handler, false) | ||
return this.#clone(handler, false) | ||
} else { | ||
@@ -282,8 +272,8 @@ throw er | ||
const sha = await ( | ||
h ? this[_cloneHosted](ref, tmp) | ||
: this[_cloneRepo](this.spec.fetchSpec, ref, tmp) | ||
h ? this.#cloneHosted(ref, tmp) | ||
: this.#cloneRepo(this.spec.fetchSpec, ref, tmp) | ||
) | ||
this.resolvedSha = sha | ||
if (!this.resolved) { | ||
await this[_addGitSha](sha) | ||
await this.#addGitSha(sha) | ||
} | ||
@@ -299,5 +289,5 @@ return handler(tmp) | ||
// is present, otherwise ssh if the hosted type provides it | ||
[_cloneHosted] (ref, tmp) { | ||
#cloneHosted (ref, tmp) { | ||
const hosted = this.spec.hosted | ||
return this[_cloneRepo](hosted.https({ noCommittish: true }), ref, tmp) | ||
return this.#cloneRepo(hosted.https({ noCommittish: true }), ref, tmp) | ||
.catch(er => { | ||
@@ -313,7 +303,7 @@ // Throw early since we know pathspec errors will fail again if retried | ||
} | ||
return this[_cloneRepo](ssh, ref, tmp) | ||
return this.#cloneRepo(ssh, ref, tmp) | ||
}) | ||
} | ||
[_cloneRepo] (repo, ref, tmp) { | ||
#cloneRepo (repo, ref, tmp) { | ||
const { opts, spec } = this | ||
@@ -330,4 +320,4 @@ return git.clone(repo, ref, tmp, { ...opts, spec }) | ||
? FileFetcher.prototype.manifest.apply(this) | ||
: this[_clone](dir => | ||
this[_readPackageJson](dir) | ||
: this.#clone(dir => | ||
this[_.readPackageJson](dir) | ||
.then(mani => this.package = { | ||
@@ -334,0 +324,0 @@ ...mani, |
@@ -8,2 +8,6 @@ const { get } = require('./fetcher.js') | ||
const tarball = (spec, opts) => get(spec, opts).tarball() | ||
tarball.stream = (spec, handler, opts) => get(spec, opts).tarballStream(handler) | ||
tarball.file = (spec, dest, opts) => get(spec, opts).tarballFile(dest) | ||
module.exports = { | ||
@@ -18,8 +22,4 @@ GitFetcher, | ||
manifest: (spec, opts) => get(spec, opts).manifest(), | ||
tarball: (spec, opts) => get(spec, opts).tarball(), | ||
packument: (spec, opts) => get(spec, opts).packument(), | ||
tarball, | ||
} | ||
module.exports.tarball.stream = (spec, handler, opts) => | ||
get(spec, opts).tarballStream(handler) | ||
module.exports.tarball.file = (spec, dest, opts) => | ||
get(spec, opts).tarballFile(dest) |
const Fetcher = require('./fetcher.js') | ||
const RemoteFetcher = require('./remote.js') | ||
const _tarballFromResolved = Symbol.for('pacote.Fetcher._tarballFromResolved') | ||
const pacoteVersion = require('../package.json').version | ||
@@ -12,2 +11,4 @@ const removeTrailingSlashes = require('./util/trailing-slashes.js') | ||
const sigstore = require('sigstore') | ||
const fetch = require('npm-registry-fetch') | ||
const _ = require('./util/protected.js') | ||
@@ -22,5 +23,2 @@ // Corgis are cute. 🐕🐶 | ||
const fetch = require('npm-registry-fetch') | ||
const _headers = Symbol('_headers') | ||
class RegistryFetcher extends Fetcher { | ||
@@ -68,3 +66,3 @@ constructor (spec, opts) { | ||
[_headers] () { | ||
#headers () { | ||
return { | ||
@@ -86,3 +84,3 @@ // npm will override UA, but ensure that we always send *something* | ||
// one request at a time for the same thing regardless. | ||
if (this.packumentCache && this.packumentCache.has(this.packumentUrl)) { | ||
if (this.packumentCache?.has(this.packumentUrl)) { | ||
return this.packumentCache.get(this.packumentUrl) | ||
@@ -97,4 +95,5 @@ } | ||
...this.opts, | ||
headers: this[_headers](), | ||
headers: this.#headers(), | ||
spec: this.spec, | ||
// never check integrity for packuments themselves | ||
@@ -104,11 +103,10 @@ integrity: null, | ||
const packument = await res.json() | ||
packument._contentLength = +res.headers.get('content-length') | ||
if (this.packumentCache) { | ||
this.packumentCache.set(this.packumentUrl, packument) | ||
const contentLength = res.headers.get('content-length') | ||
if (contentLength) { | ||
packument._contentLength = Number(contentLength) | ||
} | ||
this.packumentCache?.set(this.packumentUrl, packument) | ||
return packument | ||
} catch (err) { | ||
if (this.packumentCache) { | ||
this.packumentCache.delete(this.packumentUrl) | ||
} | ||
this.packumentCache?.delete(this.packumentUrl) | ||
if (err.code !== 'E404' || this.fullMetadata) { | ||
@@ -359,3 +357,3 @@ throw err | ||
[_tarballFromResolved] () { | ||
[_.tarballFromResolved] () { | ||
// we use a RemoteFetcher to get the actual tarball stream | ||
@@ -366,3 +364,3 @@ return new RemoteFetcher(this.resolved, { | ||
pkgid: `registry:${this.spec.name}@${this.resolved}`, | ||
})[_tarballFromResolved]() | ||
})[_.tarballFromResolved]() | ||
} | ||
@@ -369,0 +367,0 @@ |
const Fetcher = require('./fetcher.js') | ||
const FileFetcher = require('./file.js') | ||
const _tarballFromResolved = Symbol.for('pacote.Fetcher._tarballFromResolved') | ||
const pacoteVersion = require('../package.json').version | ||
const fetch = require('npm-registry-fetch') | ||
const { Minipass } = require('minipass') | ||
const _ = require('./util/protected.js') | ||
const _cacheFetches = Symbol.for('pacote.Fetcher._cacheFetches') | ||
const _headers = Symbol('_headers') | ||
class RemoteFetcher extends Fetcher { | ||
@@ -28,7 +26,7 @@ constructor (spec, opts) { | ||
// will write into cacache anyway. | ||
get [_cacheFetches] () { | ||
get [_.cacheFetches] () { | ||
return false | ||
} | ||
[_tarballFromResolved] () { | ||
[_.tarballFromResolved] () { | ||
const stream = new Minipass() | ||
@@ -39,3 +37,3 @@ stream.hasIntegrityEmitter = true | ||
...this.opts, | ||
headers: this[_headers](), | ||
headers: this.#headers(), | ||
spec: this.spec, | ||
@@ -64,3 +62,3 @@ integrity: this.integrity, | ||
[_headers] () { | ||
#headers () { | ||
return { | ||
@@ -67,0 +65,0 @@ // npm will override this, but ensure that we always send *something* |
{ | ||
"name": "pacote", | ||
"version": "18.0.4", | ||
"version": "18.0.5", | ||
"description": "JavaScript package downloader", | ||
"author": "GitHub Inc.", | ||
"bin": { | ||
"pacote": "lib/bin.js" | ||
"pacote": "bin/index.js" | ||
}, | ||
@@ -9,0 +9,0 @@ "license": "ISC", |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
18
73198
1558