pacote
Advanced tools
Comparing version 18.0.5 to 18.0.6
@@ -0,10 +1,10 @@ | ||
const { resolve } = require('node:path') | ||
const packlist = require('npm-packlist') | ||
const runScript = require('@npmcli/run-script') | ||
const tar = require('tar') | ||
const { Minipass } = require('minipass') | ||
const Fetcher = require('./fetcher.js') | ||
const FileFetcher = require('./file.js') | ||
const { Minipass } = require('minipass') | ||
const _ = require('./util/protected.js') | ||
const tarCreateOptions = require('./util/tar-create-options.js') | ||
const packlist = require('npm-packlist') | ||
const tar = require('tar') | ||
const { resolve } = require('path') | ||
const runScript = require('@npmcli/run-script') | ||
const _ = require('./util/protected.js') | ||
@@ -30,3 +30,3 @@ class DirFetcher extends Fetcher { | ||
[_.prepareDir] () { | ||
#prepareDir () { | ||
return this.manifest().then(mani => { | ||
@@ -69,3 +69,3 @@ if (!mani.scripts || !mani.scripts.prepare) { | ||
// pipe to the stream, and proxy errors the chain. | ||
this[_.prepareDir]() | ||
this.#prepareDir() | ||
.then(async () => { | ||
@@ -72,0 +72,0 @@ if (!this.tree) { |
@@ -6,18 +6,18 @@ // This is the base class that the other fetcher types in lib | ||
const { basename, dirname } = require('node:path') | ||
const { rm, mkdir } = require('node:fs/promises') | ||
const PackageJson = require('@npmcli/package-json') | ||
const cacache = require('cacache') | ||
const fsm = require('fs-minipass') | ||
const getContents = require('@npmcli/installed-package-contents') | ||
const npa = require('npm-package-arg') | ||
const retry = require('promise-retry') | ||
const ssri = require('ssri') | ||
const { basename, dirname } = require('path') | ||
const tar = require('tar') | ||
const { Minipass } = require('minipass') | ||
const { log } = require('proc-log') | ||
const retry = require('promise-retry') | ||
const fs = require('fs/promises') | ||
const fsm = require('fs-minipass') | ||
const cacache = require('cacache') | ||
const _ = require('./util/protected.js') | ||
const cacheDir = require('./util/cache-dir.js') | ||
const isPackageBin = require('./util/is-package-bin.js') | ||
const removeTrailingSlashes = require('./util/trailing-slashes.js') | ||
const getContents = require('@npmcli/installed-package-contents') | ||
const PackageJson = require('@npmcli/package-json') | ||
const { Minipass } = require('minipass') | ||
const cacheDir = require('./util/cache-dir.js') | ||
const _ = require('./util/protected.js') | ||
@@ -341,3 +341,3 @@ // Pacote is only concerned with the package.json contents | ||
return getContents({ path, depth: 1 }).then(contents => Promise.all( | ||
contents.map(entry => fs.rm(entry, { recursive: true, force: true })))) | ||
contents.map(entry => rm(entry, { recursive: true, force: true })))) | ||
} | ||
@@ -347,3 +347,3 @@ | ||
await this.#empty(dest) | ||
return await fs.mkdir(dest, { recursive: true }) | ||
return await mkdir(dest, { recursive: true }) | ||
} | ||
@@ -375,3 +375,3 @@ | ||
const dir = dirname(dest) | ||
await fs.mkdir(dir, { recursive: true }) | ||
await mkdir(dir, { recursive: true }) | ||
return this.#toFile(dest) | ||
@@ -378,0 +378,0 @@ } |
@@ -0,5 +1,5 @@ | ||
const { resolve } = require('node:path') | ||
const { stat, chmod } = require('node:fs/promises') | ||
const cacache = require('cacache') | ||
const fsm = require('fs-minipass') | ||
const cacache = require('cacache') | ||
const { resolve } = require('path') | ||
const { stat, chmod } = require('fs/promises') | ||
const Fetcher = require('./fetcher.js') | ||
@@ -6,0 +6,0 @@ const _ = require('./util/protected.js') |
@@ -1,14 +0,14 @@ | ||
const Fetcher = require('./fetcher.js') | ||
const FileFetcher = require('./file.js') | ||
const RemoteFetcher = require('./remote.js') | ||
const DirFetcher = require('./dir.js') | ||
const cacache = require('cacache') | ||
const git = require('@npmcli/git') | ||
const npa = require('npm-package-arg') | ||
const pickManifest = require('npm-pick-manifest') | ||
const npa = require('npm-package-arg') | ||
const { Minipass } = require('minipass') | ||
const cacache = require('cacache') | ||
const { log } = require('proc-log') | ||
const DirFetcher = require('./dir.js') | ||
const Fetcher = require('./fetcher.js') | ||
const FileFetcher = require('./file.js') | ||
const RemoteFetcher = require('./remote.js') | ||
const _ = require('./util/protected.js') | ||
const addGitSha = require('./util/add-git-sha.js') | ||
const npm = require('./util/npm.js') | ||
const addGitSha = require('./util/add-git-sha.js') | ||
const _ = require('./util/protected.js') | ||
@@ -15,0 +15,0 @@ const hashre = /^[a-f0-9]{40}$/ |
@@ -1,12 +0,12 @@ | ||
const Fetcher = require('./fetcher.js') | ||
const RemoteFetcher = require('./remote.js') | ||
const pacoteVersion = require('../package.json').version | ||
const removeTrailingSlashes = require('./util/trailing-slashes.js') | ||
const crypto = require('node:crypto') | ||
const PackageJson = require('@npmcli/package-json') | ||
const pickManifest = require('npm-pick-manifest') | ||
const ssri = require('ssri') | ||
const crypto = require('crypto') | ||
const npa = require('npm-package-arg') | ||
const sigstore = require('sigstore') | ||
const fetch = require('npm-registry-fetch') | ||
const Fetcher = require('./fetcher.js') | ||
const RemoteFetcher = require('./remote.js') | ||
const pacoteVersion = require('../package.json').version | ||
const removeTrailingSlashes = require('./util/trailing-slashes.js') | ||
const _ = require('./util/protected.js') | ||
@@ -23,2 +23,3 @@ | ||
class RegistryFetcher extends Fetcher { | ||
#cacheKey | ||
constructor (spec, opts) { | ||
@@ -36,4 +37,4 @@ super(spec, opts) | ||
this.registry = fetch.pickRegistry(spec, opts) | ||
this.packumentUrl = removeTrailingSlashes(this.registry) + '/' + | ||
this.spec.escapedName | ||
this.packumentUrl = `${removeTrailingSlashes(this.registry)}/${this.spec.escapedName}` | ||
this.#cacheKey = `${this.fullMetadata ? 'full' : 'corgi'}:${this.packumentUrl}` | ||
@@ -83,4 +84,4 @@ const parsed = new URL(this.registry) | ||
// one request at a time for the same thing regardless. | ||
if (this.packumentCache?.has(this.packumentUrl)) { | ||
return this.packumentCache.get(this.packumentUrl) | ||
if (this.packumentCache?.has(this.#cacheKey)) { | ||
return this.packumentCache.get(this.#cacheKey) | ||
} | ||
@@ -105,6 +106,6 @@ | ||
} | ||
this.packumentCache?.set(this.packumentUrl, packument) | ||
this.packumentCache?.set(this.#cacheKey, packument) | ||
return packument | ||
} catch (err) { | ||
this.packumentCache?.delete(this.packumentUrl) | ||
this.packumentCache?.delete(this.#cacheKey) | ||
if (err.code !== 'E404' || this.fullMetadata) { | ||
@@ -111,0 +112,0 @@ throw err |
@@ -0,7 +1,7 @@ | ||
const fetch = require('npm-registry-fetch') | ||
const { Minipass } = require('minipass') | ||
const Fetcher = require('./fetcher.js') | ||
const FileFetcher = require('./file.js') | ||
const _ = require('./util/protected.js') | ||
const pacoteVersion = require('../package.json').version | ||
const fetch = require('npm-registry-fetch') | ||
const { Minipass } = require('minipass') | ||
const _ = require('./util/protected.js') | ||
@@ -8,0 +8,0 @@ class RemoteFetcher extends Fetcher { |
@@ -1,8 +0,8 @@ | ||
const os = require('os') | ||
const { resolve } = require('path') | ||
const { resolve } = require('node:path') | ||
const { tmpdir, homedir } = require('node:os') | ||
module.exports = (fakePlatform = false) => { | ||
const temp = os.tmpdir() | ||
const temp = tmpdir() | ||
const uidOrPid = process.getuid ? process.getuid() : process.pid | ||
const home = os.homedir() || resolve(temp, 'npm-' + uidOrPid) | ||
const home = homedir() || resolve(temp, 'npm-' + uidOrPid) | ||
const platform = fakePlatform || process.platform | ||
@@ -9,0 +9,0 @@ const cacheExtra = platform === 'win32' ? 'npm-cache' : '.npm' |
@@ -1,11 +0,5 @@ | ||
const readPackageJson = Symbol.for('package.Fetcher._readPackageJson') | ||
const prepareDir = Symbol('_prepareDir') | ||
const tarballFromResolved = Symbol.for('pacote.Fetcher._tarballFromResolved') | ||
const cacheFetches = Symbol.for('pacote.Fetcher._cacheFetches') | ||
module.exports = { | ||
readPackageJson, | ||
prepareDir, | ||
tarballFromResolved, | ||
cacheFetches, | ||
cacheFetches: Symbol.for('pacote.Fetcher._cacheFetches'), | ||
readPackageJson: Symbol.for('package.Fetcher._readPackageJson'), | ||
tarballFromResolved: Symbol.for('pacote.Fetcher._tarballFromResolved'), | ||
} |
{ | ||
"name": "pacote", | ||
"version": "18.0.5", | ||
"version": "18.0.6", | ||
"description": "JavaScript package downloader", | ||
@@ -5,0 +5,0 @@ "author": "GitHub Inc.", |
Filesystem access
Supply chain riskAccesses the file system, and could potentially read sensitive data.
Found 1 instance in 1 package
8
1554