pacote - npm Package Compare versions

pacote

Advanced tools

Install Socket

Detect and block malicious and high-risk dependencies

Comparing version 7.3.1 to 7.3.2

CHANGELOG.md

		@@ -5,2 +5,12 @@ # Change Log

		<a name="7.3.2"></a>
		## [7.3.2](https://github.com/zkat/pacote/compare/v7.3.1...v7.3.2) (2018-02-15)


		### Bug Fixes

		* tarball: opts.resolved impl was triggering extra registry lookups ([0a4729d](https://github.com/zkat/pacote/commit/0a4729d))



		<a name="7.3.1"></a>
		@@ -7,0 +17,0 @@ ## [7.3.1](https://github.com/zkat/pacote/compare/v7.3.0...v7.3.1) (2018-02-14)

lib/fetchers/registry/tarball.js

		@@ -79,11 +79,13 @@ 'use strict'
		return (
		// We cannot trust the _resolved field on manifests as-is: there can only
		// be one registry per "scope" on any individual npm run, so we have to
		// take any previously resolved fields and check them against the current
		// registry -- if they don't match, we need to do a manifest fetch from
		// the correct registry to get the tarball URL we're trying to reference.
		(reg.hostname === tarball.hostname)
		// We cannot trust opts.resolved as-is: there can only be one registry per
		// "scope" on any individual npm run, so we have to take any previously
		// resolved fields and check them against the current registry -- if they
		// don't match, we need to do a manifest fetch from the correct registry to
		// get the tarball URL we're trying to reference.
		(!opts.resolved \|\| reg.hostname === tarball.hostname)
		? Promise.resolve(Object.assign(mani, {
		_resolved: opts.resolved \|\| mani._resolved
		}))
		// This second lookup should ONLY happen when we didn't already do a
		// registry lookup earlier.
		: manifest(spec, opts)
		@@ -90,0 +92,0 @@ )

package.json

		{
		"name": "pacote",
		"version": "7.3.1",
		"version": "7.3.2",
		"description": "JavaScript package downloader",
		@@ -5,0 +5,0 @@ "main": "index.js",

Improved metrics