pacote - npm Package Compare versions

Comparing version 6.0.2 to 6.0.3

CHANGELOG.md

@@ -5,2 +5,14 @@ # Change Log
 
+<a name="6.0.3"></a>
+## [6.0.3](https://github.com/zkat/pacote/compare/v6.0.2...v6.0.3) (2017-10-05)
+
+
+### Bug Fixes
+
+* **extract:** clean up mode/fmode/dmode tests ([f915045](https://github.com/zkat/pacote/commit/f915045))
+* **file:** make sure file tarballs are written to cache and have integrity data ([dae391a](https://github.com/zkat/pacote/commit/dae391a))
+* **git:** version resolution regression from #115 (#119) ([9a68205](https://github.com/zkat/pacote/commit/9a68205))
+
+
+
 <a name="6.0.2"></a>
@@ -7,0 +19,0 @@ ## [6.0.2](https://github.com/zkat/pacote/compare/v6.0.1...v6.0.2) (2017-09-06)

lib/fetchers/file.js

@@ -5,2 +5,3 @@ 'use strict'
 
+const cacache = require('cacache')
 const Fetcher = require('../fetch')
@@ -33,6 +34,18 @@ const fs = require('fs')
     statAsync(src).then(stat => {
+      if (spec._resolved) { stream.emit('manifest', spec) }
       if (stat.size <= MAX_BULK_SIZE) {
         // YAY LET'S DO THING IN BULK
         return readFileAsync(src).then(data => {
-          stream.write(data, () => {
+          if (opts.cache) {
+            return cacache.put(
+              opts.cache, `pacote:tarball:file:${src}`, data, {
+                integrity: opts.integrity
+              }
+            ).then(integrity => ({data, integrity}))
+          } else {
+            return {data}
+          }
+        }).then(info => {
+          if (info.integrity) { stream.emit('integrity', info.integrity) }
+          stream.write(info.data, () => {
             stream.end()
@@ -39,0 +52,0 @@ })

lib/util/git.js

@@ -207,4 +207,4 @@ 'use strict'
 
-const REFS_TAGS = '/refs/tags/'
-const REFS_HEADS = '/refs/heads/'
+const REFS_TAGS = 'refs/tags/'
+const REFS_HEADS = 'refs/heads/'
 const HEAD = 'HEAD'
@@ -211,0 +211,0 @@ function refType (ref) {

package.json

 {
   "name": "pacote",
-  "version": "6.0.2",
+  "version": "6.0.3",
   "description": "JavaScript package downloader",
@@ -5,0 +5,0 @@ "main": "index.js",

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

87783

increased by1.12%

Lines of code

1573

increased by0.83%

Number of medium supply chain risk alerts

8

decreased by-11.11%

No dependency changes