pacote - npm Package Compare versions

pacote

Advanced tools

Install Socket

Detect and block malicious and high-risk dependencies

Comparing version 7.3.0 to 7.3.1

CHANGELOG.md

		@@ -5,2 +5,12 @@ # Change Log

		<a name="7.3.1"></a>
		## [7.3.1](https://github.com/zkat/pacote/compare/v7.3.0...v7.3.1) (2018-02-14)


		### Bug Fixes

		* tarball: stop using mississippi.pipe() in tarball.js and extract.js ([f5c1da9](https://github.com/zkat/pacote/commit/f5c1da9))



		<a name="7.3.0"></a>
		@@ -7,0 +17,0 @@ # [7.3.0](https://github.com/zkat/pacote/compare/v7.2.0...v7.3.0) (2018-02-07)

lib/fetchers/registry/tarball.js

		@@ -10,3 +10,2 @@ 'use strict'
		const pickRegistry = require('./pick-registry')
		const pipe = BB.promisify(require('mississippi').pipe)
		const ssri = require('ssri')
		@@ -30,8 +29,7 @@ const url = require('url')
		!manifest._fakeChild && stream.emit('manifest', manifest)
		return pipe(
		fromManifest(manifest, spec, opts).on(
		'integrity', i => stream.emit('integrity', i)
		),
		stream
		const fetchStream = fromManifest(manifest, spec, opts).on(
		'integrity', i => stream.emit('integrity', i)
		)
		fetchStream.on('error', err => stream.emit('error', err))
		fetchStream.pipe(stream)
		}).catch(err => stream.emit('error', err))
		@@ -38,0 +36,0 @@ return stream

package.json

		{
		"name": "pacote",
		"version": "7.3.0",
		"version": "7.3.1",
		"description": "JavaScript package downloader",
		@@ -51,3 +51,3 @@ "main": "index.js",
		"minimatch": "^3.0.4",
		"mississippi": "^1.2.0",
		"mississippi": "^2.0.0",
		"normalize-package-data": "^2.4.0",
		@@ -63,3 +63,3 @@ "npm-package-arg": "^6.0.0",
		"semver": "^5.5.0",
		"ssri": "^5.1.0",
		"ssri": "^5.2.1",
		"tar": "^4.3.3",
		@@ -71,3 +71,3 @@ "unique-filename": "^1.1.0",
		"mkdirp": "^0.5.1",
		"nock": "^9.1.5",
		"nock": "^9.1.6",
		"npmlog": "^4.1.2",
		@@ -80,3 +80,3 @@ "nyc": "^11.4.1",
		"tacks": "^1.2.6",
		"tap": "^11.0.1",
		"tap": "^11.1.0",
		"tar-stream": "^1.5.5",
		@@ -83,0 +83,0 @@ "weallbehave": "^1.2.0",

tarball.js

		@@ -13,3 +13,2 @@ 'use strict'
		const path = require('path')
		const pipe = BB.promisify(require('mississippi').pipe)
		const pipeline = require('mississippi').pipeline
		@@ -110,3 +109,5 @@ const ssri = require('ssri')
		.then(
		tarStream => pipe(tarStream, stream),
		tarStream => tarStream
		.on('error', err => stream.emit('error', err))
		.pipe(stream),
		err => stream.emit('error', err)
		@@ -116,3 +117,5 @@ )
		opts.log.silly('tarball', `no integrity hash provided for ${spec} - fetching by manifest`)
		pipe(tarballByManifest(startTime, spec, opts), stream)
		tarballByManifest(startTime, spec, opts)
		.on('error', err => stream.emit('error', err))
		.pipe(stream)
		}
		@@ -135,6 +138,10 @@ return stream
		if (err.code === 'ENOENT') {
		return pipe(
		tarballByManifest(startTime, spec, opts),
		fs.createWriteStream(dest)
		)
		return new BB((resolve, reject) => {
		const tardata = tarballByManifest(startTime, spec, opts)
		const writer = fs.createWriteStream(dest)
		tardata.on('error', reject)
		writer.on('error', reject)
		writer.on('close', resolve)
		tardata.pipe(writer)
		})
		} else {
		@@ -146,6 +153,10 @@ throw err
		opts.log.silly('tarball', `no integrity hash provided for ${spec} - fetching by manifest`)
		return pipe(
		tarballByManifest(startTime, spec, opts),
		fs.createWriteStream(dest)
		)
		return new BB((resolve, reject) => {
		const tardata = tarballByManifest(startTime, spec, opts)
		const writer = fs.createWriteStream(dest)
		tardata.on('error', reject)
		writer.on('error', reject)
		writer.on('close', resolve)
		tardata.pipe(writer)
		})
		}
		@@ -152,0 +163,0 @@ })

Improved metrics