Security News
tea.xyz Spam Plagues npm and RubyGems Package Registries
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
realize-package-specifier
Advanced tools
Readme
Parse a package specifier, peeking at the disk to differentiate between
local tarballs, directories and named modules. This implements the logic
used by npm install
and npm cache
to determine where to get packages
from.
var realizePackageSpecifier = require("realize-package-specifier")
realizePackageSpecifier("foo.tar.gz", ".", function (err, package) {
…
})
Parses spec using npm-package-arg
and then uses stat to check to see if
it refers to a local tarball or package directory. Stats are done relative
to where. If it does then the local module is loaded. If it doesn't then
target is left as a remote package specifier. Package directories are
recognized by the presence of a package.json in them.
spec -- a package specifier, like: foo@1.2
, or foo@user/foo
, or
http://x.com/foo.tgz
, or git+https://github.com/user/foo
where (optional, default: .) -- The directory in which we should look for local tarballs or package directories.
callback function(err, result) -- Called once we've determined what
kind of specifier this is. The result object will be very like the one
returned by npm-package-arg
except with three differences: 1) There's a
new type of directory
. 2) The local
type only refers to tarballs. 2)
For all local
and directory
type results spec will contain the full path of
the local package.
The full definition of the result object is:
name
- If known, the name
field expected in the resulting pkg.type
- One of the following strings:
git
- A git repohosted
- A hosted project, from github, bitbucket or gitlab. Originally
either a full url pointing at one of these services or a shorthand like
user/project
or github:user/project
for github or bitbucket:user/project
for bitbucket.tag
- A tagged version, like "foo@latest"
version
- A specific version number, like "foo@1.2.3"
range
- A version range, like "foo@2.x"
local
- A local file pathdirectory
- A local package directoryremote
- An http url (presumably to a tgz)spec
- The "thing". URL, the range, git repo, etc.hosted
- If type=hosted this will be an object with the following keys:
type
- github, bitbucket or gitlabssh
- The ssh path for this git reposshurl
- The ssh URL for this git repohttps
- The HTTPS URL for this git repodirectUrl
- The URL for the package.json in this git reporaw
- The original un-modified string that was provided.rawSpec
- The part after the name@...
, as it was originally
provided.scope
- If a name is something like @org/module
then the scope
field will be set to org
. If it doesn't have a scoped name, then
scope is null
.FAQs
Like npm-package-arg, but more so, producing full file paths and differentiating local tar and directory sources.
The npm package realize-package-specifier receives a total of 17,268 weekly downloads. As such, realize-package-specifier popularity was classified as popular.
We found that realize-package-specifier demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
Security News
As cyber threats become more autonomous, AI-powered defenses are crucial for businesses to stay ahead of attackers who can exploit software vulnerabilities at scale.
Security News
UnitedHealth Group disclosed that the ransomware attack on Change Healthcare compromised protected health information for millions in the U.S., with estimated costs to the company expected to reach $1 billion.