Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More →
pnpm - npm Package Compare versions
Comparing version 0.26.2 to 0.27.0
| 'use strict' | ||
| const path = require('path') | ||
| const spawnSync = require('cross-spawn').sync | ||
| const createGot = require('../network/got') | ||
| const initCmd = require('./init_cmd') | ||
@@ -11,2 +11,3 @@ const installMultiple = require('../install_multiple') | ||
| const getSaveType = require('../get_save_type') | ||
| const runScript = require('../run_script') | ||
@@ -23,3 +24,2 @@ /* | ||
| opts = Object.assign({}, require('../defaults'), opts) | ||
| process.env.pnpm_config_concurrency = opts.concurrency | ||
@@ -47,2 +47,9 @@ let cmd | ||
| cmd.ctx.got = createGot({ | ||
| concurrency: opts.concurrency, | ||
| fetchRetries: opts.fetchRetries, | ||
| fetchRetryFactor: opts.fetchRetryFactor, | ||
| fetchRetryMintimeout: opts.fetchRetryMintimeout, | ||
| fetchRetryMaxtimeout: opts.fetchRetryMaxtimeout | ||
| }) | ||
| return installMultiple(cmd.ctx, | ||
@@ -72,8 +79,8 @@ packagesToInstall, | ||
| const scripts = cmd.pkg.pkg && cmd.pkg.pkg.scripts || {} | ||
| if (scripts.postinstall) runScript('postinstall') | ||
| if (!isProductionInstall && scripts.prepublish) runScript('prepublish') | ||
| if (scripts.postinstall) npmRun('postinstall') | ||
| if (!isProductionInstall && scripts.prepublish) npmRun('prepublish') | ||
| return | ||
| function runScript (scriptName) { | ||
| const result = spawnSync('npm', ['run', scriptName], { | ||
| function npmRun (scriptName) { | ||
| const result = runScript.sync('npm', ['run', scriptName], { | ||
| cwd: path.dirname(cmd.pkg.path), | ||
@@ -80,0 +87,0 @@ stdio: 'inherit' |
| 'use strict' | ||
| module.exports = { | ||
| concurrency: 16, | ||
| fetchRetries: 2, | ||
| fetchRetryFactor: 10, | ||
| fetchRetryMintimeout: 1e4, // 10 seconds | ||
| fetchRetryMaxtimeout: 6e4, // 1 minute | ||
| storePath: 'node_modules/.store', | ||
| logger: 'pretty' | ||
| } |
| 'use strict' | ||
| const debug = require('debug')('pnpm:fetch') | ||
| const got = require('./got') | ||
| const crypto = require('crypto') | ||
@@ -13,6 +12,6 @@ const gunzip = require('gunzip-maybe') | ||
| module.exports = function fetch (dir, dist, log) { | ||
| module.exports = function fetch (dir, dist, opts) { | ||
| if (!dist.local) { | ||
| return got.getStream(dist.tarball) | ||
| .then(stream => fetchStream(dir, dist.tarball, dist.shasum, log, stream)) | ||
| return opts.got.getStream(dist.tarball) | ||
| .then(stream => fetchStream(dir, dist.tarball, dist.shasum, opts.log, stream)) | ||
| } | ||
@@ -19,0 +18,0 @@ return unpackStream(fs.createReadStream(dist.tarball), dir) |
@@ -101,3 +101,3 @@ 'use strict' | ||
| .then(data => log('package.json', data)) | ||
| : resolve(Object.assign({}, pkg.spec, {root: ctx.root}), log) | ||
| : resolve(Object.assign({}, pkg.spec, {root: ctx.root}), {log, got: ctx.got}) | ||
| .then(saveResolution) | ||
@@ -193,3 +193,3 @@ .then(_ => log('resolved', pkg)) | ||
| .then(_ => lock(join(paths.tmp, '.pnpm_inprogress'))) | ||
| .then(_ => fetch(join(paths.tmp, '_'), pkg.dist, log)) | ||
| .then(_ => fetch(join(paths.tmp, '_'), pkg.dist, {log, got: ctx.got})) | ||
| .then(_ => pkg.dist.local ? fs.unlink(pkg.dist.tarball) : Promise.resolve()) | ||
@@ -196,0 +196,0 @@ |
| 'use strict' | ||
| const join = require('path').join | ||
| const dirname = require('path').dirname | ||
| const spawn = require('cross-spawn') | ||
| const debug = require('debug')('pnpm:post_install') | ||
| const delimiter = require('path').delimiter | ||
| const byline = require('byline') | ||
| const fs = require('mz/fs') | ||
| const runScript = require('../run_script') | ||
@@ -42,39 +39,1 @@ module.exports = function postInstall (root_, pkg, log) { | ||
| } | ||
| /* | ||
| * Runs an npm script. | ||
| */ | ||
| function runScript (command, args, opts) { | ||
| opts = opts || {} | ||
| args = args || [] | ||
| const log = opts.log || (() => {}) | ||
| const script = `${command}${args.length ? args.join(' ') : ''}` | ||
| if (script) debug('runscript', script) | ||
| if (!command) return Promise.resolve() | ||
| return new Promise((resolve, reject) => { | ||
| const env = Object.create(process.env) | ||
| env.PATH = [ | ||
| join(opts.cwd, 'node_modules', '.bin'), | ||
| dirname(require.resolve('../../bin/node-gyp-bin/node-gyp')), | ||
| dirname(process.execPath), | ||
| process.env.PATH | ||
| ].join(delimiter) | ||
| const proc = spawn(command, args, { | ||
| cwd: opts.cwd, | ||
| env | ||
| }) | ||
| log('stderr', '$ ' + script) | ||
| proc.on('error', reject) | ||
| byline(proc.stdout).on('data', line => log('stdout', line)) | ||
| byline(proc.stderr).on('data', line => log('stderr', line)) | ||
| proc.on('close', code => { | ||
| if (code > 0) return reject(new Error('Exit code ' + code)) | ||
| return resolve() | ||
| }) | ||
| }) | ||
| } |
@@ -21,11 +21,11 @@ 'use strict' | ||
| module.exports = function resolve (pkg, log) { | ||
| module.exports = function resolve (pkg, opts) { | ||
| if (pkg.type === 'range' || pkg.type === 'version' || pkg.type === 'tag') { | ||
| return resolveNpm(pkg, log) | ||
| return resolveNpm(pkg, opts) | ||
| } else if (pkg.type === 'remote') { | ||
| return resolveTarball(pkg, log) | ||
| return resolveTarball(pkg, opts) | ||
| } else if (pkg.type === 'hosted' && pkg.hosted.type === 'github') { | ||
| return resolveGithub(pkg, log) | ||
| return resolveGithub(pkg, opts) | ||
| } else if (pkg.type === 'local') { | ||
| return resolveLocal(pkg, log) | ||
| return resolveLocal(pkg, opts) | ||
| } else { | ||
@@ -32,0 +32,0 @@ throw new Error('' + pkg.rawSpec + ': ' + pkg.type + ' packages not supported') |
| 'use strict' | ||
| const got = require('../got') | ||
@@ -10,3 +9,4 @@ /** | ||
| module.exports = function resolveGithub (pkg) { | ||
| module.exports = function resolveGithub (pkg, opts) { | ||
| const getJSON = opts.got.getJSON | ||
| const spec = parseGithubSpec(pkg) | ||
@@ -32,38 +32,29 @@ return resolveRef(spec).then(ref => { | ||
| }) | ||
| } | ||
| function resolvePackageName (spec) { | ||
| const url = [ | ||
| 'https://api.github.com/repos', | ||
| spec.owner, | ||
| spec.repo, | ||
| 'contents/package.json?ref=' + spec.ref | ||
| ].join('/') | ||
| return getJSON(url).then(body => { | ||
| const content = new Buffer(body.content, 'base64').toString('utf8') | ||
| const pkg = JSON.parse(content) | ||
| return pkg.name | ||
| }) | ||
| } | ||
| function resolvePackageName (spec) { | ||
| const url = [ | ||
| 'https://api.github.com/repos', | ||
| spec.owner, | ||
| spec.repo, | ||
| 'contents/package.json?ref=' + spec.ref | ||
| ].join('/') | ||
| return getJSON(url).then(body => { | ||
| const content = new Buffer(body.content, 'base64').toString('utf8') | ||
| const pkg = JSON.parse(content) | ||
| return pkg.name | ||
| }) | ||
| } | ||
| function resolveRef (spec) { | ||
| const url = [ | ||
| 'https://api.github.com/repos', | ||
| spec.owner, | ||
| spec.repo, | ||
| 'commits', | ||
| spec.ref | ||
| ].join('/') | ||
| return getJSON(url).then(body => body.sha) | ||
| function resolveRef (spec) { | ||
| const url = [ | ||
| 'https://api.github.com/repos', | ||
| spec.owner, | ||
| spec.repo, | ||
| 'commits', | ||
| spec.ref | ||
| ].join('/') | ||
| return getJSON(url).then(body => body.sha) | ||
| } | ||
| } | ||
| function getJSON (url) { | ||
| return got.get(url) | ||
| .then(res => res.promise) | ||
| .then(res => { | ||
| const body = JSON.parse(res.body) | ||
| return body | ||
| }) | ||
| } | ||
| function parseGithubSpec (pkg) { | ||
@@ -70,0 +61,0 @@ const m = PARSE_GITHUB_RE.exec(pkg.hosted.shortcut) |
@@ -17,2 +17,8 @@ 'use strict' | ||
| let stdout = '' | ||
| proc.stdout.on('data', data => { | ||
| stdout += data.toString() | ||
| }) | ||
| proc.on('error', reject) | ||
@@ -22,8 +28,8 @@ | ||
| if (code > 0) return reject(new Error('Exit code ' + code)) | ||
| return resolve() | ||
| const tgzFilename = stdout.trim() | ||
| return resolve(tgzFilename) | ||
| }) | ||
| }) | ||
| .then(_ => { | ||
| .then(tgzFilename => { | ||
| const localPkg = require(resolve(dependencyPath, 'package.json')) | ||
| const tgzFilename = localPkg.name + '-' + localPkg.version + '.tgz' | ||
| return { | ||
@@ -30,0 +36,0 @@ name: localPkg.name, |
| 'use strict' | ||
| const url = require('url') | ||
| const enc = global.encodeURIComponent | ||
| const got = require('../got') | ||
| const pkgFullName = require('../pkg_full_name') | ||
@@ -23,10 +22,10 @@ const registryUrl = require('registry-url') | ||
| module.exports = function resolveNpm (pkg, log) { | ||
| module.exports = function resolveNpm (pkg, opts) { | ||
| // { raw: 'rimraf@2', scope: null, name: 'rimraf', rawSpec: '2' || '' } | ||
| return Promise.resolve() | ||
| .then(_ => toUri(pkg)) | ||
| .then(url => got.get(url).then(res => { | ||
| if (log) log('resolving') | ||
| return res.promise | ||
| })) | ||
| .then(url => { | ||
| if (opts.log) opts.log('resolving') | ||
| return opts.got.get(url) | ||
| }) | ||
| .then(res => JSON.parse(res.body)) | ||
@@ -33,0 +32,0 @@ .then(res => pickVersionFromRegistryDocument(res, pkg)) |
| { | ||
| "name": "pnpm", | ||
| "description": "A fast implementation of npm install", | ||
| "version": "0.26.2", | ||
| "version": "0.27.0", | ||
| "author": "Rico Sta. Cruz <rico@ricostacruz.com>", | ||
@@ -27,2 +27,3 @@ "bin": { | ||
| "is-ci": "1.0.9", | ||
| "is-retry-allowed": "1.1.0", | ||
| "lockfile": "1.0.1", | ||
@@ -42,2 +43,3 @@ "meow": "3.7.0", | ||
| "registry-url": "3.1.0", | ||
| "retry": "0.10.0", | ||
| "rimraf": "2.5.4", | ||
@@ -55,4 +57,4 @@ "semver": "5.3.0", | ||
| "docpress": "0.6.13", | ||
| "eslint": "3.3.1", | ||
| "eslint-config-standard": "5.3.5", | ||
| "eslint": "3.4.0", | ||
| "eslint-config-standard": "6.0.0", | ||
| "eslint-plugin-promise": "2.0.1", | ||
@@ -59,0 +61,0 @@ "eslint-plugin-standard": "2.0.0", |
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by3.43%
67143
- Number of package files
- increased by1.96%
52
- Lines of code
- increased by3.4%
1888
- Number of low supply chain risk alerts
- decreased by-13.33%
13
Worsened metrics
- Dependency count
- increased by6.45%
33
Dependency changes
+ Addedis-retry-allowed@1.1.0
+ Addedretry@0.10.0
+ Addedis-retry-allowed@1.1.0(transitive)
+ Addedretry@0.10.0(transitive)
- Removedis-retry-allowed@1.2.0(transitive)