diff options
| author | claudiahdz <cghr1990@gmail.com> | 2020-03-28 02:24:27 +0300 |
|---|---|---|
| committer | isaacs <i@izs.me> | 2020-05-08 04:12:57 +0300 |
| commit | a29031f9eafd001b73abfc63b8ec3341a1e12f28 (patch) | |
| tree | 9726ebaf83bfb38bcb7e7148bb180cd4faaf538b /node_modules/libnpmpack | |
| parent | f39e6d3dcdd58cfbfb14c66be070d0bbb77056ec (diff) | |
libnpmpublish@3.0.1
Diffstat (limited to 'node_modules/libnpmpack')
49 files changed, 4036 insertions, 0 deletions
diff --git a/node_modules/libnpmpack/CHANGELOG.md b/node_modules/libnpmpack/CHANGELOG.md new file mode 100644 index 000000000..2c078c63b --- /dev/null +++ b/node_modules/libnpmpack/CHANGELOG.md @@ -0,0 +1,17 @@ +# Change Log + +<a name="2.0.0"></a> +# [2.0.0](https://github.com/npm/libnpmpublish/compare/v1.0.0...v2.0.0) (2020-03-27) + +### Breaking Changes + +* [`cb2ecf2`](https://github.com/npm/libnpmpack/commit/cb2ecf2) feat: resolve to tarball data Buffer ([@claudiahdz](https://github.com/claudiahdz)) + +<a name="1.0.0"></a> +# 1.0.0 (2020-03-26) + +### Features + +* [`a35c590`](https://github.com/npm/libnpmpack/commit/a35c590) feat: pack tarballs from local dir or registry spec ([@claudiahdz](https://github.com/claudiahdz)) + +* [`6d72149`](https://github.com/npm/libnpmpack/commit/6d72149) feat: sorted tarball contents ([@eridal](https://github.com/eridal)) diff --git a/node_modules/libnpmpack/LICENSE b/node_modules/libnpmpack/LICENSE new file mode 100644 index 000000000..209e4477f --- /dev/null +++ b/node_modules/libnpmpack/LICENSE @@ -0,0 +1,13 @@ +Copyright npm, Inc + +Permission to use, copy, modify, and/or distribute this software for any +purpose with or without fee is hereby granted, provided that the above +copyright notice and this permission notice appear in all copies. + +THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. diff --git a/node_modules/libnpmpack/README.md b/node_modules/libnpmpack/README.md new file mode 100644 index 000000000..74b4934b0 --- /dev/null +++ b/node_modules/libnpmpack/README.md @@ -0,0 +1,56 @@ +# libnpmpack + +[](https://npm.im/libnpmpack) +[](https://npm.im/libnpmpack) +[](https://github.com/npm/libnpmpack/actions?query=workflow%3A%22Node+CI%22) +[](https://coveralls.io/github/npm/libnpmpack?branch=latest) + +[`libnpmpack`](https://github.com/npm/libnpmpack) is a Node.js library for +programmatically packing tarballs from a local directory or from a registry or github spec. If packing from a local source, `libnpmpack` will also run the `prepack` and `postpack` lifecycles. + +## Table of Contents + +* [Example](#example) +* [Install](#install) +* [API](#api) + * [`pack()`](#pack) + +## Example + +```js +const pack = require('libnpmpack') +``` + +## Install + +`$ npm install libnpmpack` + +### API + +#### <a name="pack"></a> `> pack(spec, [opts]) -> Promise` + +Packs a tarball from a local directory or from a registry or github spec and returns a Promise that resolves to the tarball data Buffer, with from, resolved, and integrity fields attached. + +If no options are passed, the tarball file will be saved on the same directory from which `pack` was called in. + +`libnpmpack` uses [`pacote`](https://npm.im/pacote). +Most options are passed through directly to that library, so please refer to +[its own `opts` +documentation](https://www.npmjs.com/package/pacote#options) +for options that can be passed in. + +##### Examples + +```javascript +// packs from cwd +const tarball = await pack() + +// packs from a local directory +const localTar = await pack('/Users/claudiahdz/projects/my-cool-pkg') + +// packs from a registry spec +const registryTar = await pack('abbrev@1.0.3') + +// packs from a github spec +const githubTar = await pack('isaacs/rimraf#PR-192') +``` diff --git a/node_modules/libnpmpack/index.js b/node_modules/libnpmpack/index.js new file mode 100644 index 000000000..a756ebca0 --- /dev/null +++ b/node_modules/libnpmpack/index.js @@ -0,0 +1,48 @@ +'use strict' + +const pacote = require('pacote') +const npa = require('npm-package-arg') +const runScript = require('@npmcli/run-script') + +module.exports = pack +async function pack (spec = 'file:.', opts = {}) { + // gets spec + spec = npa(spec) + + const manifest = await pacote.manifest(spec, opts) + + if (spec.type === 'directory') { + // prepack + await runScript({ + ...opts, + event: 'prepack', + path: spec.fetchSpec, + stdio: 'inherit', + pkg: manifest + }) + } + + // packs tarball + const tarball = await pacote.tarball(manifest._resolved, { + ...opts, + integrity: manifest._integrity + }) + + if (spec.type === 'directory') { + // postpack + await runScript({ + ...opts, + event: 'postpack', + path: spec.fetchSpec, + stdio: 'inherit', + pkg: manifest, + env: { + npm_package_from: tarball.from, + npm_package_resolved: tarball.resolved, + npm_package_integrity: tarball.integrity + } + }) + } + + return tarball +} diff --git a/node_modules/libnpmpack/node_modules/.bin/mkdirp b/node_modules/libnpmpack/node_modules/.bin/mkdirp new file mode 120000 index 000000000..017896ceb --- /dev/null +++ b/node_modules/libnpmpack/node_modules/.bin/mkdirp @@ -0,0 +1 @@ +../mkdirp/bin/cmd.js
\ No newline at end of file diff --git a/node_modules/libnpmpack/node_modules/.bin/pacote b/node_modules/libnpmpack/node_modules/.bin/pacote new file mode 120000 index 000000000..e59583143 --- /dev/null +++ b/node_modules/libnpmpack/node_modules/.bin/pacote @@ -0,0 +1 @@ +../pacote/lib/bin.js
\ No newline at end of file diff --git a/node_modules/libnpmpack/node_modules/.bin/rimraf b/node_modules/libnpmpack/node_modules/.bin/rimraf new file mode 120000 index 000000000..4cd49a49d --- /dev/null +++ b/node_modules/libnpmpack/node_modules/.bin/rimraf @@ -0,0 +1 @@ +../rimraf/bin.js
\ No newline at end of file diff --git a/node_modules/libnpmpack/node_modules/chownr/LICENSE b/node_modules/libnpmpack/node_modules/chownr/LICENSE new file mode 100644 index 000000000..19129e315 --- /dev/null +++ b/node_modules/libnpmpack/node_modules/chownr/LICENSE @@ -0,0 +1,15 @@ +The ISC License + +Copyright (c) Isaac Z. Schlueter and Contributors + +Permission to use, copy, modify, and/or distribute this software for any +purpose with or without fee is hereby granted, provided that the above +copyright notice and this permission notice appear in all copies. + +THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR +IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. diff --git a/node_modules/libnpmpack/node_modules/chownr/README.md b/node_modules/libnpmpack/node_modules/chownr/README.md new file mode 100644 index 000000000..70e9a54a3 --- /dev/null +++ b/node_modules/libnpmpack/node_modules/chownr/README.md @@ -0,0 +1,3 @@ +Like `chown -R`. + +Takes the same arguments as `fs.chown()` diff --git a/node_modules/libnpmpack/node_modules/chownr/chownr.js b/node_modules/libnpmpack/node_modules/chownr/chownr.js new file mode 100644 index 000000000..0d4093216 --- /dev/null +++ b/node_modules/libnpmpack/node_modules/chownr/chownr.js @@ -0,0 +1,167 @@ +'use strict' +const fs = require('fs') +const path = require('path') + +/* istanbul ignore next */ +const LCHOWN = fs.lchown ? 'lchown' : 'chown' +/* istanbul ignore next */ +const LCHOWNSYNC = fs.lchownSync ? 'lchownSync' : 'chownSync' + +/* istanbul ignore next */ +const needEISDIRHandled = fs.lchown && + !process.version.match(/v1[1-9]+\./) && + !process.version.match(/v10\.[6-9]/) + +const lchownSync = (path, uid, gid) => { + try { + return fs[LCHOWNSYNC](path, uid, gid) + } catch (er) { + if (er.code !== 'ENOENT') + throw er + } +} + +/* istanbul ignore next */ +const chownSync = (path, uid, gid) => { + try { + return fs.chownSync(path, uid, gid) + } catch (er) { + if (er.code !== 'ENOENT') + throw er + } +} + +/* istanbul ignore next */ +const handleEISDIR = + needEISDIRHandled ? (path, uid, gid, cb) => er => { + // Node prior to v10 had a very questionable implementation of + // fs.lchown, which would always try to call fs.open on a directory + // Fall back to fs.chown in those cases. + if (!er || er.code !== 'EISDIR') + cb(er) + else + fs.chown(path, uid, gid, cb) + } + : (_, __, ___, cb) => cb + +/* istanbul ignore next */ +const handleEISDirSync = + needEISDIRHandled ? (path, uid, gid) => { + try { + return lchownSync(path, uid, gid) + } catch (er) { + if (er.code !== 'EISDIR') + throw er + chownSync(path, uid, gid) + } + } + : (path, uid, gid) => lchownSync(path, uid, gid) + +// fs.readdir could only accept an options object as of node v6 +const nodeVersion = process.version +let readdir = (path, options, cb) => fs.readdir(path, options, cb) +let readdirSync = (path, options) => fs.readdirSync(path, options) +/* istanbul ignore next */ +if (/^v4\./.test(nodeVersion)) + readdir = (path, options, cb) => fs.readdir(path, cb) + +const chown = (cpath, uid, gid, cb) => { + fs[LCHOWN](cpath, uid, gid, handleEISDIR(cpath, uid, gid, er => { + // Skip ENOENT error + cb(er && er.code !== 'ENOENT' ? er : null) + })) +} + +const chownrKid = (p, child, uid, gid, cb) => { + if (typeof child === 'string') + return fs.lstat(path.resolve(p, child), (er, stats) => { + // Skip ENOENT error + if (er) + return cb(er.code !== 'ENOENT' ? er : null) + stats.name = child + chownrKid(p, stats, uid, gid, cb) + }) + + if (child.isDirectory()) { + chownr(path.resolve(p, child.name), uid, gid, er => { + if (er) + return cb(er) + const cpath = path.resolve(p, child.name) + chown(cpath, uid, gid, cb) + }) + } else { + const cpath = path.resolve(p, child.name) + chown(cpath, uid, gid, cb) + } +} + + +const chownr = (p, uid, gid, cb) => { + readdir(p, { withFileTypes: true }, (er, children) => { + // any error other than ENOTDIR or ENOTSUP means it's not readable, + // or doesn't exist. give up. + if (er) { + if (er.code === 'ENOENT') + return cb() + else if (er.code !== 'ENOTDIR' && er.code !== 'ENOTSUP') + return cb(er) + } + if (er || !children.length) + return chown(p, uid, gid, cb) + + let len = children.length + let errState = null + const then = er => { + if (errState) + return + if (er) + return cb(errState = er) + if (-- len === 0) + return chown(p, uid, gid, cb) + } + + children.forEach(child => chownrKid(p, child, uid, gid, then)) + }) +} + +const chownrKidSync = (p, child, uid, gid) => { + if (typeof child === 'string') { + try { + const stats = fs.lstatSync(path.resolve(p, child)) + stats.name = child + child = stats + } catch (er) { + if (er.code === 'ENOENT') + return + else + throw er + } + } + + if (child.isDirectory()) + chownrSync(path.resolve(p, child.name), uid, gid) + + handleEISDirSync(path.resolve(p, child.name), uid, gid) +} + +const chownrSync = (p, uid, gid) => { + let children + try { + children = readdirSync(p, { withFileTypes: true }) + } catch (er) { + if (er.code === 'ENOENT') + return + else if (er.code === 'ENOTDIR' || er.code === 'ENOTSUP') + return handleEISDirSync(p, uid, gid) + else + throw er + } + + if (children && children.length) + children.forEach(child => chownrKidSync(p, child, uid, gid)) + + return handleEISDirSync(p, uid, gid) +} + +module.exports = chownr +chownr.sync = chownrSync diff --git a/node_modules/libnpmpack/node_modules/chownr/package.json b/node_modules/libnpmpack/node_modules/chownr/package.json new file mode 100644 index 000000000..f6ebbde8f --- /dev/null +++ b/node_modules/libnpmpack/node_modules/chownr/package.json @@ -0,0 +1,62 @@ +{ + "_from": "chownr@^1.1.4", + "_id": "chownr@1.1.4", + "_inBundle": false, + "_integrity": "sha512-jJ0bqzaylmJtVnNgzTeSOs8DPavpbYgEr/b0YL8/2GO3xJEhInFmhKMUnEJQjZumK7KXGFhUy89PrsJWlakBVg==", + "_location": "/libnpmpack/chownr", + "_phantomChildren": {}, + "_requested": { + "type": "range", + "registry": true, + "raw": "chownr@^1.1.4", + "name": "chownr", + "escapedName": "chownr", + "rawSpec": "^1.1.4", + "saveSpec": null, + "fetchSpec": "^1.1.4" + }, + "_requiredBy": [ + "/libnpmpack/pacote" + ], + "_resolved": "https://registry.npmjs.org/chownr/-/chownr-1.1.4.tgz", + "_shasum": "6fc9d7b42d32a583596337666e7d08084da2cc6b", + "_spec": "chownr@^1.1.4", + "_where": "/Users/claudiahdz/npm/cli/node_modules/libnpmpack/node_modules/pacote", + "author": { + "name": "Isaac Z. Schlueter", + "email": "i@izs.me", + "url": "http://blog.izs.me/" + }, + "bugs": { + "url": "https://github.com/isaacs/chownr/issues" + }, + "bundleDependencies": false, + "deprecated": false, + "description": "like `chown -R`", + "devDependencies": { + "mkdirp": "0.3", + "rimraf": "^2.7.1", + "tap": "^14.10.6" + }, + "files": [ + "chownr.js" + ], + "homepage": "https://github.com/isaacs/chownr#readme", + "license": "ISC", + "main": "chownr.js", + "name": "chownr", + "repository": { + "type": "git", + "url": "git://github.com/isaacs/chownr.git" + }, + "scripts": { + "postversion": "npm publish", + "prepublishOnly": "git push origin --follow-tags", + "preversion": "npm test", + "test": "tap" + }, + "tap": { + "check-coverage": true + }, + "version": "1.1.4" +} diff --git a/node_modules/libnpmpack/node_modules/mkdirp/CHANGELOG.md b/node_modules/libnpmpack/node_modules/mkdirp/CHANGELOG.md new file mode 100644 index 000000000..81458380b --- /dev/null +++ b/node_modules/libnpmpack/node_modules/mkdirp/CHANGELOG.md @@ -0,0 +1,15 @@ +# Changers Lorgs! + +## 1.0 + +Full rewrite. Essentially a brand new module. + +- Return a promise instead of taking a callback. +- Use native `fs.mkdir(path, { recursive: true })` when available. +- Drop support for outdated Node.js versions. (Technically still works on + Node.js v8, but only 10 and above are officially supported.) + +## 0.x + +Original and most widely used recursive directory creation implementation +in JavaScript, dating back to 2010. diff --git a/node_modules/libnpmpack/node_modules/mkdirp/LICENSE b/node_modules/libnpmpack/node_modules/mkdirp/LICENSE new file mode 100644 index 000000000..13fcd15f0 --- /dev/null +++ b/node_modules/libnpmpack/node_modules/mkdirp/LICENSE @@ -0,0 +1,21 @@ +Copyright James Halliday (mail@substack.net) and Isaac Z. Schlueter (i@izs.me) + +This project is free software released under the MIT license: + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in +all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +THE SOFTWARE. diff --git a/node_modules/libnpmpack/node_modules/mkdirp/bin/cmd.js b/node_modules/libnpmpack/node_modules/mkdirp/bin/cmd.js new file mode 100755 index 000000000..6e0aa8dc4 --- /dev/null +++ b/node_modules/libnpmpack/node_modules/mkdirp/bin/cmd.js @@ -0,0 +1,68 @@ +#!/usr/bin/env node + +const usage = () => ` +usage: mkdirp [DIR1,DIR2..] {OPTIONS} + + Create each supplied directory including any necessary parent directories + that don't yet exist. + + If the directory already exists, do nothing. + +OPTIONS are: + + -m<mode> If a directory needs to be created, set the mode as an octal + --mode=<mode> permission string. + + -v --version Print the mkdirp version number + + -h --help Print this helpful banner + + -p --print Print the first directories created for each path provided + + --manual Use manual implementation, even if native is available +` + +const dirs = [] +const opts = {} +let print = false +let dashdash = false +let manual = false +for (const arg of process.argv.slice(2)) { + if (dashdash) + dirs.push(arg) + else if (arg === '--') + dashdash = true + else if (arg === '--manual') + manual = true + else if (/^-h/.test(arg) || /^--help/.test(arg)) { + console.log(usage()) + process.exit(0) + } else if (arg === '-v' || arg === '--version') { + console.log(require('../package.json').version) + process.exit(0) + } else if (arg === '-p' || arg === '--print') { + print = true + } else if (/^-m/.test(arg) || /^--mode=/.test(arg)) { + const mode = parseInt(arg.replace(/^(-m|--mode=)/, ''), 8) + if (isNaN(mode)) { + console.error(`invalid mode argument: ${arg}\nMust be an octal number.`) + process.exit(1) + } + opts.mode = mode + } else + dirs.push(arg) +} + +const mkdirp = require('../') +const impl = manual ? mkdirp.manual : mkdirp +if (dirs.length === 0) + console.error(usage()) + +Promise.all(dirs.map(dir => impl(dir, opts))) + .then(made => print ? made.forEach(m => m && console.log(m)) : null) + .catch(er => { + console.error(er.message) + if (er.code) + console.error(' code: ' + er.code) + process.exit(1) + }) diff --git a/node_modules/libnpmpack/node_modules/mkdirp/index.js b/node_modules/libnpmpack/node_modules/mkdirp/index.js new file mode 100644 index 000000000..ad7a16c9f --- /dev/null +++ b/node_modules/libnpmpack/node_modules/mkdirp/index.js @@ -0,0 +1,31 @@ +const optsArg = require('./lib/opts-arg.js') +const pathArg = require('./lib/path-arg.js') + +const {mkdirpNative, mkdirpNativeSync} = require('./lib/mkdirp-native.js') +const {mkdirpManual, mkdirpManualSync} = require('./lib/mkdirp-manual.js') +const {useNative, useNativeSync} = require('./lib/use-native.js') + + +const mkdirp = (path, opts) => { + path = pathArg(path) + opts = optsArg(opts) + return useNative(opts) + ? mkdirpNative(path, opts) + : mkdirpManual(path, opts) +} + +const mkdirpSync = (path, opts) => { + path = pathArg(path) + opts = optsArg(opts) + return useNativeSync(opts) + ? mkdirpNativeSync(path, opts) + : mkdirpManualSync(path, opts) +} + +mkdirp.sync = mkdirpSync +mkdirp.native = (path, opts) => mkdirpNative(pathArg(path), optsArg(opts)) +mkdirp.manual = (path, opts) => mkdirpManual(pathArg(path), optsArg(opts)) +mkdirp.nativeSync = (path, opts) => mkdirpNativeSync(pathArg(path), optsArg(opts)) +mkdirp.manualSync = (path, opts) => mkdirpManualSync(pathArg(path), optsArg(opts)) + +module.exports = mkdirp diff --git a/node_modules/libnpmpack/node_modules/mkdirp/lib/find-made.js b/node_modules/libnpmpack/node_modules/mkdirp/lib/find-made.js new file mode 100644 index 000000000..022e492c0 --- /dev/null +++ b/node_modules/libnpmpack/node_modules/mkdirp/lib/find-made.js @@ -0,0 +1,29 @@ +const {dirname} = require('path') + +const findMade = (opts, parent, path = undefined) => { + // we never want the 'made' return value to be a root directory + if (path === parent) + return Promise.resolve() + + return opts.statAsync(parent).then( + st => st.isDirectory() ? path : undefined, // will fail later + er => er.code === 'ENOENT' + ? findMade(opts, dirname(parent), parent) + : undefined + ) +} + +const findMadeSync = (opts, parent, path = undefined) => { + if (path === parent) + return undefined + + try { + return opts.statSync(parent).isDirectory() ? path : undefined + } catch (er) { + return er.code === 'ENOENT' + ? findMadeSync(opts, dirname(parent), parent) + : undefined + } +} + +module.exports = {findMade, findMadeSync} diff --git a/node_modules/libnpmpack/node_modules/mkdirp/lib/mkdirp-manual.js b/node_modules/libnpmpack/node_modules/mkdirp/lib/mkdirp-manual.js new file mode 100644 index 000000000..2eb18cd64 --- /dev/null +++ b/node_modules/libnpmpack/node_modules/mkdirp/lib/mkdirp-manual.js @@ -0,0 +1,64 @@ +const {dirname} = require('path') + +const mkdirpManual = (path, opts, made) => { + opts.recursive = false + const parent = dirname(path) + if (parent === path) { + return opts.mkdirAsync(path, opts).catch(er => { + // swallowed by recursive implementation on posix systems + // any other error is a failure + if (er.code !== 'EISDIR') + throw er + }) + } + + return opts.mkdirAsync(path, opts).then(() => made || path, er => { + if (er.code === 'ENOENT') + return mkdirpManual(parent, opts) + .then(made => mkdirpManual(path, opts, made)) + if (er.code !== 'EEXIST' && er.code !== 'EROFS') + throw er + return opts.statAsync(path).then(st => { + if (st.isDirectory()) + return made + else + throw er + }, () => { throw er }) + }) +} + +const mkdirpManualSync = (path, opts, made) => { + const parent = dirname(path) + opts.recursive = false + + if (parent === path) { + try { + return opts.mkdirSync(path, opts) + } catch (er) { + // swallowed by recursive implementation on posix systems + // any other error is a failure + if (er.code !== 'EISDIR') + throw er + else + return + } + } + + try { + opts.mkdirSync(path, opts) + return made || path + } catch (er) { + if (er.code === 'ENOENT') + return mkdirpManualSync(path, opts, mkdirpManualSync(parent, opts, made)) + if (er.code !== 'EEXIST' && er.code !== 'EROFS') + throw er + try { + if (!opts.statSync(path).isDirectory()) + throw er + } catch (_) { + throw er + } + } +} + +module.exports = {mkdirpManual, mkdirpManualSync} diff --git a/node_modules/libnpmpack/node_modules/mkdirp/lib/mkdirp-native.js b/node_modules/libnpmpack/node_modules/mkdirp/lib/mkdirp-native.js new file mode 100644 index 000000000..c7a6b6980 --- /dev/null +++ b/node_modules/libnpmpack/node_modules/mkdirp/lib/mkdirp-native.js @@ -0,0 +1,39 @@ +const {dirname} = require('path') +const {findMade, findMadeSync} = require('./find-made.js') +const {mkdirpManual, mkdirpManualSync} = require('./mkdirp-manual.js') + +const mkdirpNative = (path, opts) => { + opts.recursive = true + const parent = dirname(path) + if (parent === path) + return opts.mkdirAsync(path, opts) + + return findMade(opts, path).then(made => + opts.mkdirAsync(path, opts).then(() => made) + .catch(er => { + if (er.code === 'ENOENT') + return mkdirpManual(path, opts) + else + throw er + })) +} + +const mkdirpNativeSync = (path, opts) => { + opts.recursive = true + const parent = dirname(path) + if (parent === path) + return opts.mkdirSync(path, opts) + + const made = findMadeSync(opts, path) + try { + opts.mkdirSync(path, opts) + return made + } catch (er) { + if (er.code === 'ENOENT') + return mkdirpManualSync(path, opts) + else + throw er + } +} + +module.exports = {mkdirpNative, mkdirpNativeSync} diff --git a/node_modules/libnpmpack/node_modules/mkdirp/lib/opts-arg.js b/node_modules/libnpmpack/node_modules/mkdirp/lib/opts-arg.js new file mode 100644 index 000000000..488bd44c3 --- /dev/null +++ b/node_modules/libnpmpack/node_modules/mkdirp/lib/opts-arg.js @@ -0,0 +1,23 @@ +const { promisify } = require('util') +const fs = require('fs') +const optsArg = opts => { + if (!opts) + opts = { mode: 0o777 & (~process.umask()), fs } + else if (typeof opts === 'object') + opts = { mode: 0o777 & (~process.umask()), fs, ...opts } + else if (typeof opts === 'number') + opts = { mode: opts, fs } + else if (typeof opts === 'string') + opts = { mode: parseInt(opts, 8), fs } + else + throw new TypeError('invalid options argument') + + opts.mkdir = opts.mkdir || opts.fs.mkdir || fs.mkdir + opts.mkdirAsync = promisify(opts.mkdir) + opts.stat = opts.stat || opts.fs.stat || fs.stat + opts.statAsync = promisify(opts.stat) + opts.statSync = opts.statSync || opts.fs.statSync || fs.statSync + opts.mkdirSync = opts.mkdirSync || opts.fs.mkdirSync || fs.mkdirSync + return opts +} +module.exports = optsArg diff --git a/node_modules/libnpmpack/node_modules/mkdirp/lib/path-arg.js b/node_modules/libnpmpack/node_modules/mkdirp/lib/path-arg.js new file mode 100644 index 000000000..cc07de5a6 --- /dev/null +++ b/node_modules/libnpmpack/node_modules/mkdirp/lib/path-arg.js @@ -0,0 +1,29 @@ +const platform = process.env.__TESTING_MKDIRP_PLATFORM__ || process.platform +const { resolve, parse } = require('path') +const pathArg = path => { + if (/\0/.test(path)) { + // simulate same failure that node raises + throw Object.assign( + new TypeError('path must be a string without null bytes'), + { + path, + code: 'ERR_INVALID_ARG_VALUE', + } + ) + } + + path = resolve(path) + if (platform === 'win32') { + const badWinChars = /[*|"<>?:]/ + const {root} = parse(path) + if (badWinChars.test(path.substr(root.length))) { + throw Object.assign(new Error('Illegal characters in path.'), { + path, + code: 'EINVAL', + }) + } + } + + return path +} +module.exports = pathArg diff --git a/node_modules/libnpmpack/node_modules/mkdirp/lib/use-native.js b/node_modules/libnpmpack/node_modules/mkdirp/lib/use-native.js new file mode 100644 index 000000000..079361de1 --- /dev/null +++ b/node_modules/libnpmpack/node_modules/mkdirp/lib/use-native.js @@ -0,0 +1,10 @@ +const fs = require('fs') + +const version = process.env.__TESTING_MKDIRP_NODE_VERSION__ || process.version +const versArr = version.replace(/^v/, '').split('.') +const hasNative = +versArr[0] > 10 || +versArr[0] === 10 && +versArr[1] >= 12 + +const useNative = !hasNative ? () => false : opts => opts.mkdir === fs.mkdir +const useNativeSync = !hasNative ? () => false : opts => opts.mkdirSync === fs.mkdirSync + +module.exports = {useNative, useNativeSync} diff --git a/node_modules/libnpmpack/node_modules/mkdirp/package.json b/node_modules/libnpmpack/node_modules/mkdirp/package.json new file mode 100644 index 000000000..d4c0acbb8 --- /dev/null +++ b/node_modules/libnpmpack/node_modules/mkdirp/package.json @@ -0,0 +1,75 @@ +{ + "_from": "mkdirp@^1.0.3", + "_id": "mkdirp@1.0.3", + "_inBundle": false, + "_integrity": "sha512-6uCP4Qc0sWsgMLy1EOqqS/3rjDHOEnsStVr/4vtAIK2Y5i2kA7lFFejYrpIyiN9w0pYf4ckeCYT9f1r1P9KX5g==", + "_location": "/libnpmpack/mkdirp", + "_phantomChildren": {}, + "_requested": { + "type": "range", + "registry": true, + "raw": "mkdirp@^1.0.3", + "name": "mkdirp", + "escapedName": "mkdirp", + "rawSpec": "^1.0.3", + "saveSpec": null, + "fetchSpec": "^1.0.3" + }, + "_requiredBy": [ + "/libnpmpack/pacote" + ], + "_resolved": "https://registry.npmjs.org/mkdirp/-/mkdirp-1.0.3.tgz", + "_shasum": "4cf2e30ad45959dddea53ad97d518b6c8205e1ea", + "_spec": "mkdirp@^1.0.3", + "_where": "/Users/claudiahdz/npm/cli/node_modules/libnpmpack/node_modules/pacote", + "bin": { + "mkdirp": "bin/cmd.js" + }, + "bugs": { + "url": "https://github.com/isaacs/node-mkdirp/issues" + }, + "bundleDependencies": false, + "deprecated": false, + "description": "Recursively mkdir, like `mkdir -p`", + "devDependencies": { + "require-inject": "^1.4.4", + "tap": "^14.10.6" + }, + "engines": { + "node": ">=10" + }, + "files": [ + "bin", + "lib", + "index.js" + ], + "homepage": "https://github.com/isaacs/node-mkdirp#readme", + "keywords": [ + "mkdir", + "directory", + "make dir", + "make", + "dir", + "recursive", + "native" + ], + "license": "MIT", + "main": "index.js", + "name": "mkdirp", + "repository": { + "type": "git", + "url": "git+https://github.com/isaacs/node-mkdirp.git" + }, + "scripts": { + "postpublish": "git push origin --follow-tags", + "postversion": "npm publish", + "preversion": "npm test", + "snap": "tap", + "test": "tap" + }, + "tap": { + "check-coverage": true, + "coverage-map": "map.js" + }, + "version": "1.0.3" +} diff --git a/node_modules/libnpmpack/node_modules/mkdirp/readme.markdown b/node_modules/libnpmpack/node_modules/mkdirp/readme.markdown new file mode 100644 index 000000000..827de5905 --- /dev/null +++ b/node_modules/libnpmpack/node_modules/mkdirp/readme.markdown @@ -0,0 +1,266 @@ +# mkdirp + +Like `mkdir -p`, but in Node.js! + +Now with a modern API and no\* bugs! + +<small>\* may contain some bugs</small> + +# example + +## pow.js + +```js +const mkdirp = require('mkdirp') + +// return value is a Promise resolving to the first directory created +mkdirp('/tmp/foo/bar/baz').then(made => + console.log(`made directories, starting with ${made}`)) +``` + +Output (where `/tmp/foo` already exists) + +``` +made directories, starting with /tmp/foo/bar +``` + +Or, if you don't have time to wait around for promises: + +```js +const mkdirp = require('mkdirp') + +// return value is the first directory created +const made = mkdirp.sync('/tmp/foo/bar/baz') +console.log(`made directories, starting with ${made}`) +``` + +And now /tmp/foo/bar/baz exists, huzzah! + +# methods + +```js +const mkdirp = require('mkdirp') +``` + +## mkdirp(dir, [opts]) -> Promise<String | undefined> + +Create a new directory and any necessary subdirectories at `dir` with octal +permission string `opts.mode`. If `opts` is a string or number, it will be +treated as the `opts.mode`. + +If `opts.mode` isn't specified, it defaults to `0o777 & +(~process.umask())`. + +Promise resolves to first directory `made` that had to be created, or +`undefined` if everything already exists. Promise rejects if any errors +are encountered. Note that, in the case of promise rejection, some +directories _may_ have been created, as recursive directory creation is not +an atomic operation. + +You can optionally pass in an alternate `fs` implementation by passing in +`opts.fs`. Your implementation should have `opts.fs.mkdir(path, opts, cb)` +and `opts.fs.stat(path, cb)`. + +You can also override just one or the other of `mkdir` and `stat` by +passing in `opts.stat` or `opts.mkdir`, or providing an `fs` option that +only overrides one of these. + +## mkdirp.sync(dir, opts) -> String|null + +Synchronously create a new directory and any necessary subdirectories at +`dir` with octal permission string `opts.mode`. If `opts` is a string or +number, it will be treated as the `opts.mode`. + +If `opts.mode` isn't specified, it defaults to `0o777 & +(~process.umask())`. + +Returns the first directory that had to be created, or undefined if +everything already exists. + +You can optionally pass in an alternate `fs` implementation by passing in +`opts.fs`. Your implementation should have `opts.fs.mkdirSync(path, mode)` +and `opts.fs.statSync(path)`. + +You can also override just one or the other of `mkdirSync` and `statSync` +by passing in `opts.statSync` or `opts.mkdirSync`, or providing an `fs` +option that only overrides one of these. + +## mkdirp.manual, mkdirp.manualSync + +Use the manual implementation (not the native one). This is the default +when the native implementation is not available or the stat/mkdir +implementation is overridden. + +## mkdirp.native, mkdirp.nativeSync + +Use the native implementation (not the manual one). This is the default +when the native implementation is available and stat/mkdir are not +overridden. + +# implementation + +On Node.js v10.12.0 and above, use the native `fs.mkdir(p, +{recursive:true})` option, unless `fs.mkdir`/`fs.mkdirSync` has been +overridden by an option. + +## native implementation + +- If the path is a root directory, then pass it to the underlying + implementation and return the result/error. (In this case, it'll either + succeed or fail, but we aren't actually creating any dirs.) +- Walk up the path statting each directory, to find the first path that + will be created, `made`. +- Call `fs.mkdir(path, { recursive: true })` (or `fs.mkdirSync`) +- If error, raise it to the caller. +- Return `made`. + +## manual implementation + +- Call underlying `fs.mkdir` implementation, with `recursive: false` +- If error: + - If path is a root directory, raise to the caller and do not handle it + - If ENOENT, mkdirp parent dir, store result as `made` + - stat(path) + - If error, raise original `mkdir` error + - If directory, return `made` + - Else, raise original `mkdir` error +- else + - return `undefined` if a root dir, or `made` if set, or `path` + +## windows vs unix caveat + +On Windows file systems, attempts to create a root directory (ie, a drive +letter or root UNC path) will fail. If the root directory exists, then it +will fail with `EPERM`. If the root directory does not exist, then it will +fail with `ENOENT`. + +On posix file systems, attempts to create a root directory (in recursive +mode) will succeed silently, as it is treated like just another directory +that already exists. (In non-recursive mode, of course, it fails with +`EEXIST`.) + +In order to preserve this system-specific behavior (and because it's not as +if we can create the parent of a root directory anyway), attempts to create +a root directory are passed directly to the `fs` implementation, and any +errors encountered are not handled. + +## native error caveat + +The native implementation (as of at least Node.js v13.4.0) does not provide +appropriate errors in some cases (see +[nodejs/node#31481](https://github.com/nodejs/node/issues/31481) and +[nodejs/node#28015](https://github.com/nodejs/node/issues/28015)). + +In order to work around this issue, the native implementation will fall +back to the manual implementation if an `ENOENT` error is encountered. + +# choosing a recursive mkdir implementation + +There are a few to choose from! Use the one that suits your needs best :D + +## use `fs.mkdir(path, {recursive: true}, cb)` if: + +- You wish to optimize performance even at the expense of other factors. +- You don't need to know the first dir created. +- You are ok with getting `ENOENT` as the error when some other problem is + the actual cause. +- You can limit your platforms to Node.js v10.12 and above. +- You're ok with using callbacks instead of promises. +- You don't need/want a CLI. +- You don't need to override the `fs` methods in use. + +## use this module (mkdirp 1.x) if: + +- You need to know the first directory that was created. +- You wish to use the native implementation if available, but fall back + when it's not. +- You prefer promise-returning APIs to callback-taking APIs. +- You want more useful error messages than the native recursive mkdir + provides (at least as of Node.js v13.4), and are ok with re-trying on + `ENOENT` to achieve this. +- You need (or at least, are ok with) a CLI. +- You need to override the `fs` methods in use. + +## use [`make-dir`](http://npm.im/make-dir) if: + +- You do not need to know the first dir created (and wish to save a few + `stat` calls when using the native implementation for this reason). +- You wish to use the native implementation if available, but fall back + when it's not. +- You prefer promise-returning APIs to callback-taking APIs. +- You are ok with occasionally getting `ENOENT` errors for failures that + are actually related to something other than a missing file system entry. +- You don't need/want a CLI. +- You need to override the `fs` methods in use. + +## use mkdirp 0.x if: + +- You need to know the first directory that was created. +- You need (or at least, are ok with) a CLI. +- You need to override the `fs` methods in use. +- You're ok with using callbacks instead of promises. +- You are not running on Windows, where the root-level ENOENT errors can + lead to infinite regress. +- You think vinyl just sounds warmer and richer for some weird reason. +- You are supporting truly ancient Node.js versions, before even the advent + of a `Promise` language primitive. (Please don't. You deserve better.) + +# cli + +This package also ships with a `mkdirp` command. + +``` +$ mkdirp -h + +usage: mkdirp [DIR1,DIR2..] {OPTIONS} + + Create each supplied directory including any necessary parent directories + that don't yet exist. + + If the directory already exists, do nothing. + +OPTIONS are: + + -m<mode> If a directory needs to be created, set the mode as an octal + --mode=<mode> permission string. + + -v --version Print the mkdirp version number + + -h --help Print this helpful banner + + -p --print Print the first directories created for each path provided + + --manual Use manual implementation, even if native is available +``` + +# install + +With [npm](http://npmjs.org) do: + +``` +npm install mkdirp +``` + +to get the library locally, or + +``` +npm install -g mkdirp +``` + +to get the command everywhere, or + +``` +npx mkdirp ... +``` + +to run the command without installing it globally. + +# platform support + +This module works on node v8, but only v10 and above are officially +supported, as Node v8 reached its LTS end of life 2020-01-01, which is in +the past, as of this writing. + +# license + +MIT diff --git a/node_modules/libnpmpack/node_modules/pacote/LICENSE b/node_modules/libnpmpack/node_modules/pacote/LICENSE new file mode 100644 index 000000000..a03cd0ed0 --- /dev/null +++ b/node_modules/libnpmpack/node_modules/pacote/LICENSE @@ -0,0 +1,15 @@ +The ISC License + +Copyright (c) Isaac Z. Schlueter, Kat Marchán, npm, Inc., and Contributors + +Permission to use, copy, modify, and/or distribute this software for any +purpose with or without fee is hereby granted, provided that the above +copyright notice and this permission notice appear in all copies. + +THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR +IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. diff --git a/node_modules/libnpmpack/node_modules/pacote/README.md b/node_modules/libnpmpack/node_modules/pacote/README.md new file mode 100644 index 000000000..49dbde6a9 --- /dev/null +++ b/node_modules/libnpmpack/node_modules/pacote/README.md @@ -0,0 +1,244 @@ +# pacote + +JavaScript Package Handler + +## USAGE + +```js +const pacote = require('pacote') + +// get a package manifest +pacote.manifest('foo@1.x').then(manifest => console.log('got it', manifest)) + +// extract a package into a folder +pacote.extract('github:npm/cli', 'some/path', options) + .then(({from, resolved, integrity}) => { + console.log('extracted!', from, resolved, integrity) + }) + +pacote.tarball('https://server.com/package.tgz').then(data => { + console.log('got ' + data.length + ' bytes of tarball data') +}) +``` + +Anything that you can do to with kind of package, you can do to any kind of +package. Data that isn't relevant (like a packument for a tarball) will be +simulated. + +## CLI + +This module exports a command line interface that can do most of what is +described below. Run `pacote -h` to learn more. + +``` +Pacote - The JavaScript Package Handler, v10.1.1 + +Usage: + + pacote resolve <spec> + Resolve a specifier and output the fully resolved target + Returns integrity and from if '--long' flag is set. + + pacote manifest <spec> + Fetch a manifest and print to stdout + + pacote packument <spec> + Fetch a full packument and print to stdout + + pacote tarball <spec> [<filename>] + Fetch a package tarball and save to <filename> + If <filename> is missing or '-', the tarball will be streamed to stdout. + + pacote extract <spec> <folder> + Extract a package to the destination folder. + +Configuration values all match the names of configs passed to npm, or +options passed to Pacote. Additional flags for this executable: + + --long Print an object from 'resolve', including integrity and spec. + --json Print result objects as JSON rather than node's default. + (This is the default if stdout is not a TTY.) + --help -h Print this helpful text. + +For example '--cache=/path/to/folder' will use that folder as the cache. +``` + +## API + +The `spec` refers to any kind of package specifier that npm can install. +If you can pass it to the npm CLI, you can pass it to pacote. (In fact, +that's exactly what the npm CLI does.) + +See below for valid `opts` values. + +* `pacote.resolve(spec, opts)` Resolve a specifier like `foo@latest` or + `github:user/project` all the way to a tarball url, tarball file, or git + repo with commit hash. + +* `pacote.extract(spec, dest, opts)` Extract a package's tarball into a + destination folder. Returns a promise that resolves to the + `{from,resolved,integrity}` of the extracted package. + +* `pacote.manifest(spec, opts)` Fetch (or simulate) a package's manifest + (basically, the `package.json` file, plus a bit of metadata). + See below for more on manifests and packuments. Returns a Promise that + resolves to the manifest object. + +* `pacote.packument(spec, opts)` Fetch (or simulate) a package's packument + (basically, the top-level package document listing all the manifests that + the registry returns). See below for more on manifests and packuments. + Returns a Promise that resolves to the packument object. + +* `pacote.tarball(spec, opts)` Get a package tarball data as a buffer in + memory. Returns a Promise that resolves to the tarball data Buffer, with + `from`, `resolved`, and `integrity` fields attached. + +* `pacote.tarball.file(spec, dest, opts)` Save a package tarball data to + a file on disk. Returns a Promise that resolves to + `{from,integrity,resolved}` of the fetched tarball. + +* `pacote.tarball.stream(spec, streamHandler, opts)` Fetch a tarball and + make the stream available to the `streamHandler` function. + + This is mostly an internal function, but it is exposed because it does + provide some functionality that may be difficult to achieve otherwise. + + The `streamHandler` function MUST return a Promise that resolves when + the stream (and all associated work) is ended, or rejects if the stream + has an error. + + The `streamHandler` function MAY be called multiple times, as Pacote + retries requests in some scenarios, such as cache corruption or + retriable network failures. + +### Options + +Options are passed to +[`npm-registry-fetch`](http://npm.im/npm-registry-fetch) and +[`cacache`](http://npm.im/cacache), so in addition to these, anything for +those modules can be given to pacote as well. + +Options object is cloned, and mutated along the way to add integrity, +resolved, and other properties, as they are determined. + +* `cache` Where to store cache entries and temp files. Passed to + [`cacache`](http://npm.im/cacache). Defaults to the same cache directory + that npm will use by default, based on platform and environment. +* `where` Base folder for resolving relative `file:` dependencies. +* `resolved` Shortcut for looking up resolved values. Should be specified + if known. +* `integrity` Expected integrity of fetched package tarball. If specified, + tarballs with mismatched integrity values will raise an `EINTEGRITY` + error. +* `umask` Permission mode mask for extracted files and directories. + Defaults to `0o22`. See "Extracted File Modes" below. +* `fmode` Minimum permission mode for extracted files. Defaults to + `0o666`. See "Extracted File Modes" below. +* `dmode` Minimum permission mode for extracted directories. Defaults to + `0o777`. See "Extracted File Modes" below. +* `log` A logger object with methods for various log levels. Typically, + this will be [`npmlog`](http://npm.im/npmlog) in the npm CLI use case, + but if not specified, the default is a logger that emits `'log'` events + on the `process` object. +* `preferOnline` Prefer to revalidate cache entries, even when it would not + be strictly necessary. Default `false`. +* `before` When picking a manifest from a packument, only consider + packages published before the specified date. Default `null`. +* `defaultTag` The default `dist-tag` to use when choosing a manifest from a + packument. Defaults to `latest`. +* `registry` The npm registry to use by default. Defaults to + `https://registry.npmjs.org/`. +* `fullMetadata` Fetch the full metadata from the registry for packuments, + including information not strictly required for installation (author, + description, etc.) Defaults to `true` when `before` is set, since the + version publish time is part of the extended packument metadata. + +## Extracted File Modes + +Files are extracted with a mode matching the following formula: + +``` +( (tarball entry mode value) | (minimum mode option) ) ~ (umask) +``` + +This is in order to prevent unreadable files or unlistable directories from +cluttering a project's `node_modules` folder, even if the package tarball +specifies that the file should be inaccessible. + +It also prevents files from being group- or world-writable without explicit +opt-in by the user, because all file and directory modes are masked against +the `umask` value. + +So, a file which is `0o771` in the tarball, using the default `fmode` of +`0o666` and `umask` of `0o22`, will result in a file mode of `0o755`: + +``` +(0o771 | 0o666) => 0o777 +(0o777 ~ 0o22) => 0o755 +``` + +In almost every case, the defaults are appropriate. To respect exactly +what is in the package tarball (even if this makes an unusable system), set +both `dmode` and `fmode` options to `0`. Otherwise, the `umask` config +should be used in most cases where file mode modifications are required, +and this functions more or less the same as the `umask` value in most Unix +systems. + +## Extracted File Ownership + +When running as `root` on Unix systems, all extracted files and folders +will have their owning `uid` and `gid` values set to match the ownership +of the containing folder. + +This prevents `root`-owned files showing up in a project's `node_modules` +folder when a user runs `sudo npm install`. + +## Manifests + +A `manifest` is similar to a `package.json` file. However, it has a few +pieces of extra metadata, and sometimes lacks metadata that is inessential +to package installation. + +In addition to the common `package.json` fields, manifests include: + +* `manifest._resolved` The tarball url or file path where the package + artifact can be found. +* `manifest._from` A normalized form of the spec passed in as an argument. +* `manifest._integrity` The integrity value for the package artifact. +* `manifest.dist` Registry manifests (those included in a packument) have a + `dist` object. Only `tarball` is required, though at least one of + `shasum` or `integrity` is almost always present. + + * `tarball` The url to the associated package artifact. (Copied by + Pacote to `manifest._resolved`.) + * `integrity` The integrity SRI string for the artifact. This may not + be present for older packages on the npm registry. (Copied by Pacote + to `manifest._integrity`.) + * `shasum` Legacy integrity value. Hexadecimal-encoded sha1 hash. + (Converted to an SRI string and copied by Pacote to + `manifest._integrity` when `dist.integrity` is not present.) + * `fileCount` Number of files in the tarball. + * `unpackedSize` Size on disk of the package when unpacked. + * `npm-signature` A signature of the package by the + [`npmregistry`](https://keybase.io/npmregistry) Keybase account. + (Obviously only present for packages published to + `https://registry.npmjs.org`.) + +## Packuments + +A packument is the top-level package document that lists the set of +manifests for available versions for a package. + +When a packument is fetched with `accept: +application/vnd.npm.install-v1+json` in the HTTP headers, only the most +minimum necessary metadata is returned. Additional metadata is returned +when fetched with only `accept: application/json`. + +For Pacote's purposes, the following fields are relevant: + +* `versions` An object where each key is a version, and each value is the + manifest for that version. +* `dist-tags` An object mapping dist-tags to version numbers. This is how + `foo@latest` gets turned into `foo@1.2.3`. +* `time` In the full packument, an object mapping version numbers to + publication times, for the `opts.before` functionality. diff --git a/node_modules/libnpmpack/node_modules/pacote/lib/bin.js b/node_modules/libnpmpack/node_modules/pacote/lib/bin.js new file mode 100755 index 000000000..c0409be1f --- /dev/null +++ b/node_modules/libnpmpack/node_modules/pacote/lib/bin.js @@ -0,0 +1,149 @@ +#!/usr/bin/env node + +const run = conf => { + const pacote = require('../') + switch (conf._[0]) { + case 'resolve': + if (conf.long) + return pacote.manifest(conf._[1], conf).then(mani => ({ + resolved: mani._resolved, + integrity: mani._integrity, + from: mani._from, + })) + case 'manifest': + case 'packument': + return pacote[conf._[0]](conf._[1], conf) + + case 'tarball': + if (!conf._[2] || conf._[2] === '-') { + return pacote.tarball.stream(conf._[1], stream => { + stream.pipe(conf.testStdout || + /* istanbul ignore next */ process.stdout) + // make sure it resolves something falsey + return stream.promise().then(() => {}) + }, conf) + } else + return pacote.tarball.file(conf._[1], conf._[2], conf) + + case 'extract': + return pacote.extract(conf._[1], conf._[2], conf) + + default: /* istanbul ignore next */ { + throw new Error(`bad command: ${conf._[0]}`) + } + } +} + +const version = require('../package.json').version +const usage = () => +`Pacote - The JavaScript Package Handler, v${version} + +Usage: + + pacote resolve <spec> + Resolve a specifier and output the fully resolved target + Returns integrity and from if '--long' flag is set. + + pacote manifest <spec> + Fetch a manifest and print to stdout + + pacote packument <spec> + Fetch a full packument and print to stdout + + pacote tarball <spec> [<filename>] + Fetch a package tarball and save to <filename> + If <filename> is missing or '-', the tarball will be streamed to stdout. + + pacote extract <spec> <folder> + Extract a package to the destination folder. + +Configuration values all match the names of configs passed to npm, or +options passed to Pacote. Additional flags for this executable: + + --long Print an object from 'resolve', including integrity and spec. + --json Print result objects as JSON rather than node's default. + (This is the default if stdout is not a TTY.) + --help -h Print this helpful text. + +For example '--cache=/path/to/folder' will use that folder as the cache. +` + +const shouldJSON = (conf, result) => + conf.json || + !process.stdout.isTTY && + conf.json === undefined && + result && + typeof result === 'object' + +const pretty = (conf, result) => + shouldJSON(conf, result) ? JSON.stringify(result, 0, 2) : result + +let addedLogListener = false +const main = args => { + const conf = parse(args) + if (conf.help || conf.h) + return console.log(usage()) + + if (!addedLogListener) { + process.on('log', console.error) + addedLogListener = true + } + + try { + return run(conf) + .then(result => result && console.log(pretty(conf, result))) + .catch(er => { + console.error(er) + process.exit(1) + }) + } catch (er) { + console.error(er.message) + console.error(usage()) + } +} + +const parseArg = arg => { + const split = arg.slice(2).split('=') + const k = split.shift() + const v = split.join('=') + const no = /^no-/.test(k) && !v + const key = (no ? k.substr(3) : k) + .replace(/^tag$/, 'defaultTag') + .replace(/-([a-z])/g, (_, c) => c.toUpperCase()) + const value = v ? v.replace(/^~/, process.env.HOME) : !no + return { key, value } +} + +const parse = args => { + const conf = { + _: [], + cache: process.env.HOME + '/.npm/_cacache', + } + let dashdash = false + args.forEach(arg => { + if (dashdash) + conf._.push(arg) + else if (arg === '--') + dashdash = true + else if (arg === '-h') + conf.help = true + else if (/^--/.test(arg)) { + const {key, value} = parseArg(arg) + conf[key] = value + } else { + conf._.push(arg) + } + }) + return conf +} + +if (module === require.main) + main(process.argv.slice(2)) +else + module.exports = { + main, + run, + usage, + parseArg, + parse, + } diff --git a/node_modules/libnpmpack/node_modules/pacote/lib/dir.js b/node_modules/libnpmpack/node_modules/pacote/lib/dir.js new file mode 100644 index 000000000..44dadaa32 --- /dev/null +++ b/node_modules/libnpmpack/node_modules/pacote/lib/dir.js @@ -0,0 +1,98 @@ +const Fetcher = require('./fetcher.js') +const FileFetcher = require('./file.js') +const cacache = require('cacache') +const Minipass = require('minipass') +const { promisify } = require('util') +const readPackageJson = require('read-package-json-fast') +const npm = require('./util/npm.js') +const isPackageBin = require('./util/is-package-bin.js') +const packlist = require('npm-packlist') +const tar = require('tar') +const _prepareDir = Symbol('_prepareDir') +const _tarcOpts = Symbol('_tarcOpts') + +const _tarballFromResolved = Symbol.for('pacote.Fetcher._tarballFromResolved') +class DirFetcher extends Fetcher { + constructor (spec, opts) { + super(spec, opts) + // just the fully resolved filename + this.resolved = this.spec.fetchSpec + } + + get types () { + return ['directory'] + } + + [_prepareDir] () { + return this.manifest().then(mani => { + if (!mani.scripts || !mani.scripts.prepare) + return + + // we *only* run prepare. + // pre/post-pack is run by the npm CLI for publish and pack, + // but this function is *also* run when installing git deps + return npm( + this.npmBin, + [].concat(this.npmRunCmd).concat('prepare').concat(this.npmCliConfig), + this.resolved, + { message: 'directory preparation failed' } + ) + }) + } + + [_tarballFromResolved] () { + const stream = new Minipass() + stream.resolved = this.resolved + stream.integrity = this.integrity + + // run the prepare script, get the list of files, and tar it up + // pipe to the stream, and proxy errors the chain. + this[_prepareDir]() + .then(() => packlist({ path: this.resolved })) + .then(files => tar.c(this[_tarcOpts](), files) + .on('error', er => stream.emit('error', er)).pipe(stream)) + .catch(er => stream.emit('error', er)) + return stream + } + + [_tarcOpts] () { + return { + cwd: this.resolved, + prefix: 'package/', + portable: true, + gzip: true, + + // ensure that package bins are always executable + // Note that npm-packlist is already filtering out + // anything that is not a regular file, ignored by + // .npmignore or package.json "files", etc. + filter: (path, stat) => { + if (isPackageBin(this.package, path)) + stat.mode |= 0o111 + return true + }, + + // Provide a specific date in the 1980s for the benefit of zip, + // which is confounded by files dated at the Unix epoch 0. + mtime: new Date('1985-10-26T08:15:00.000Z'), + } + } + + manifest () { + if (this.package) + return Promise.resolve(this.package) + + return readPackageJson(this.resolved + '/package.json') + .then(mani => this.package = { + ...mani, + _integrity: this.integrity && String(this.integrity), + _resolved: this.resolved, + _from: this.from, + }) + } + + packument () { + return FileFetcher.prototype.packument.apply(this) + } +} +module.exports = DirFetcher diff --git a/node_modules/libnpmpack/node_modules/pacote/lib/fetcher.js b/node_modules/libnpmpack/node_modules/pacote/lib/fetcher.js new file mode 100644 index 000000000..4c5efdc01 --- /dev/null +++ b/node_modules/libnpmpack/node_modules/pacote/lib/fetcher.js @@ -0,0 +1,470 @@ +// This is the base class that the other fetcher types in lib +// all descend from. +// It handles the unpacking and retry logic that is shared among +// all of the other Fetcher types. + +const npa = require('npm-package-arg') +const ssri = require('ssri') +const { promisify } = require('util') +const { basename, dirname } = require('path') +const rimraf = promisify(require('rimraf')) +const tar = require('tar') +const procLog = require('./util/proc-log.js') +const retry = require('promise-retry') +const fsm = require('fs-minipass') +const cacache = require('cacache') +const isPackageBin = require('./util/is-package-bin.js') +const getContents = require('@npmcli/installed-package-contents') + +// we only change ownership on unix platforms, and only if uid is 0 +const selfOwner = process.getuid && process.getuid() === 0 ? { + uid: 0, + gid: process.getgid(), +} : null +const chownr = selfOwner ? promisify(require('chownr')) : null +const inferOwner = selfOwner ? require('infer-owner') : null +const mkdirp = require('mkdirp') +const cacheDir = require('./util/cache-dir.js') + +// Private methods. +// Child classes should not have to override these. +// Users should never call them. +const _chown = Symbol('_chown') +const _extract = Symbol('_extract') +const _mkdir = Symbol('_mkdir') +const _empty = Symbol('_empty') +const _toFile = Symbol('_toFile') +const _tarxOptions = Symbol('_tarxOptions') +const _entryMode = Symbol('_entryMode') +const _istream = Symbol('_istream') +const _assertType = Symbol('_assertType') +const _tarballFromCache = Symbol('_tarballFromCache') +const _tarballFromResolved = Symbol.for('pacote.Fetcher._tarballFromResolved') + +class FetcherBase { + constructor (spec, opts) { + if (!opts || typeof opts !== 'object') + throw new TypeError('options object is required') + this.spec = npa(spec, opts.where) + + // a bit redundant because presumably the caller already knows this, + // but it makes it easier to not have to keep track of the requested + // spec when we're dispatching thousands of these at once, and normalizing + // is nice. saveSpec is preferred if set, because it turns stuff like + // x/y#committish into github:x/y#committish. use name@rawSpec for + // registry deps so that we turn xyz and xyz@ -> xyz@ + this.from = this.spec.registry + ? `${this.spec.name}@${this.spec.rawSpec}` : this.spec.saveSpec + + this[_assertType]() + // clone the opts object so that others aren't upset when we mutate it + // by adding/modifying the integrity value. + this.opts = {...opts} + this.cache = opts.cache || cacheDir() + this.resolved = opts.resolved || null + + // default to caching/verifying with sha512, that's what we usually have + // need to change this default, or start overriding it, when sha512 + // is no longer strong enough. + this.defaultIntegrityAlgorithm = opts.defaultIntegrityAlgorithm || 'sha512' + + if (typeof opts.integrity === 'string') + this.opts.integrity = ssri.parse(opts.integrity) + + this.package = null + this.type = this.constructor.name + this.fmode = opts.fmode || 0o666 + this.dmode = opts.dmode || 0o777 + this.umask = opts.umask || 0o022 + this.log = opts.log || procLog + + this.preferOnline = !!opts.preferOnline + this.preferOffline = !!opts.preferOffline + this.offline = !!opts.offline + + this.before = opts.before + this.fullMetadata = this.before ? true : !!opts.fullMetadata + + this.defaultTag = opts.defaultTag || 'latest' + this.registry = opts.registry || 'https://registry.npmjs.org' + + // command to run 'prepare' scripts on directories and git dirs + // To use pacote with yarn, for example, set npmBin to 'yarn' + // and npmRunCmd to [], and npmCliConfig with yarn's equivalents. + this.npmBin = opts.npmBin || 'npm' + this.npmRunCmd = opts.npmRunCmd || 'run' + + // command to install deps for preparing + this.npmInstallCmd = opts.npmInstallCmd || [ + 'install', + '--only=dev', + '--prod', + '--ignore-prepublish', + '--no-progress', + '--no-save', + ] + + // XXX fill more of this in based on what we know from this.opts + // we explicitly DO NOT fill in --tag, though, since we are often + // going to be packing in the context of a publish, which may set + // a dist-tag, but certainly wants to keep defaulting to latest. + this.npmCliConfig = opts.npmCliConfig || [ + `--cache=${this.cache}`, + `--prefer-offline=${!!this.preferOffline}`, + `--prefer-online=${!!this.preferOnline}`, + `--offline=${!!this.offline}`, + `--before=${this.before ? this.before.toISOString() : ''}`, + ] + } + + get integrity () { + return this.opts.integrity || null + } + set integrity (i) { + if (!i) + return + + i = ssri.parse(i) + const current = this.opts.integrity + + // do not ever update an existing hash value, but do + // merge in NEW algos and hashes that we don't already have. + if (current) + current.merge(i) + else + this.opts.integrity = i + } + + get notImplementedError () { + return new Error('not implemented in this fetcher type: ' + this.type) + } + + // override in child classes + // Returns a Promise that resolves to this.resolved string value + resolve () { + return this.resolved ? Promise.resolve(this.resolved) + : Promise.reject(this.notImplementedError) + } + + packument () { + return Promise.reject(this.notImplementedError) + } + + // override in child class + // returns a manifest containing: + // - name + // - version + // - _resolved + // - _integrity + // - plus whatever else was in there (corgi, full metadata, or pj file) + manifest () { + return Promise.reject(this.notImplementedError) + } + + // private, should be overridden. + // Note that they should *not* calculate or check integrity, but *just* + // return the raw tarball data stream. + [_tarballFromResolved] () { + throw this.notImplementedError + } + + // public, should not be overridden + tarball () { + return this.tarballStream(stream => new Promise((res, rej) => { + const buf = [] + stream.on('error', er => rej(er)) + stream.on('end', () => { + const data = Buffer.concat(buf) + data.integrity = this.integrity && String(this.integrity) + data.resolved = this.resolved + data.from = this.from + return res(data) + }) + stream.on('data', d => buf.push(d)) + })) + } + + // private + // Note: cacache will raise a EINTEGRITY error if the integrity doesn't match + [_tarballFromCache] () { + return cacache.get.stream.byDigest(this.cache, this.integrity, this.opts) + } + + [_istream] (stream) { + // everyone will need one of these, either for verifying or calculating + // We always set it, because we have might only have a weak legacy hex + // sha1 in the packument, and this MAY upgrade it to a stronger algo. + // If we had an integrity, and it doesn't match, then this does not + // override that error; the istream will raise the error before it + // gets to the point of re-setting the integrity. + const istream = ssri.integrityStream(this.opts) + istream.on('integrity', i => this.integrity = i) + return stream.on('error', er => istream.emit('error', er)).pipe(istream) + } + + pickIntegrityAlgorithm () { + return this.integrity ? this.integrity.pickAlgorithm(this.opts) + : this.defaultIntegrityAlgorithm + } + + // TODO: check error class, once those are rolled out to our deps + isDataCorruptionError (er) { + return er.code === 'EINTEGRITY' || er.code === 'Z_DATA_ERROR' + } + + // override the types getter + get types () {} + [_assertType] () { + if (this.types && !this.types.includes(this.spec.type)) { + throw new TypeError(`Wrong spec type (${ + this.spec.type + }) for ${ + this.constructor.name + }. Supported types: ${this.types.join(', ')}`) + } + } + + // We allow ENOENTs from cacache, but not anywhere else. + // An ENOENT trying to read a tgz file, for example, is Right Out. + isRetriableError (er) { + // TODO: check error class, once those are rolled out to our deps + return this.isDataCorruptionError(er) || er.code === 'ENOENT' + } + + // Mostly internal, but has some uses + // Pass in a function which returns a promise + // Function will be called 1 or more times with streams that may fail. + // Retries: + // Function MUST handle errors on the stream by rejecting the promise, + // so that retry logic can pick it up and either retry or fail whatever + // promise it was making (ie, failing extraction, etc.) + // + // The return value of this method is a Promise that resolves the same + // as whatever the streamHandler resolves to. + // + // This should never be overridden by child classes, but it is public. + tarballStream (streamHandler) { + // Only short-circuit via cache if we have everything else we'll need, + // and the user has not expressed a preference for checking online. + + const fromCache = ( + !this.preferOnline && + this.integrity && + this.resolved + ) ? streamHandler(this[_tarballFromCache]()).catch(er => { + if (this.isDataCorruptionError(er)) { + this.log.warn('tarball', `cached data for ${ + this.spec + } (${this.integrity}) seems to be corrupted. Refreshing cache.`) + return this.cleanupCached().then(() => { throw er }) + } else { + throw er + } + }) : null + + const fromResolved = er => { + if (er) { + if (!this.isRetriableError(er)) + throw er + this.log.silly('tarball', `no local data for ${ + this.spec + }. Extracting by manifest.`) + } + return this.resolve().then(() => retry(tryAgain => + streamHandler(this[_istream](this[_tarballFromResolved]())) + .catch(er => { + // Most likely data integrity. A cache ENOENT error is unlikely + // here, since we're definitely not reading from the cache, but it + // IS possible that the fetch subsystem accessed the cache, and the + // entry got blown away or something. Try one more time to be sure. + if (this.isRetriableError(er)) { + this.log.warn('tarball', `tarball data for ${ + this.spec + } (${this.integrity}) seems to be corrupted. Trying again.`) + return this.cleanupCached().then(() => tryAgain(er)) + } + throw er + }), { retries: 1, minTimeout: 0, maxTimeout: 0 })) + } + + return fromCache ? fromCache.catch(fromResolved) : fromResolved() + } + + cleanupCached () { + return cacache.rm.content(this.cache, this.integrity, this.opts) + } + + [_chown] (path, uid, gid) { + return selfOwner && (selfOwner.gid !== gid || selfOwner.uid !== uid) + ? chownr(path, uid, gid) + : /* istanbul ignore next - we don't test in root-owned folders */ null + } + + [_empty] (path) { + return getContents({path, depth: 1}).then(contents => Promise.all( + contents.map(entry => rimraf(entry)))) + } + + [_mkdir] (dest) { + // if we're bothering to do owner inference, then do it. + // otherwise just make the dir, and return an empty object. + // always empty the dir dir to start with, but do so + // _after_ inferring the owner, in case there's an existing folder + // there that we would want to preserve which differs from the + // parent folder (rare, but probably happens sometimes). + return !inferOwner + ? this[_empty](dest).then(() => mkdirp(dest)).then(() => ({})) + : inferOwner(dest).then(({uid, gid}) => + this[_empty](dest) + .then(() => mkdirp(dest)) + .then(made => { + // ignore the || dest part in coverage. It's there to handle + // race conditions where the dir may be made by someone else + // after being removed by us. + const dir = made || /* istanbul ignore next */ dest + return this[_chown](dir, uid, gid) + }) + .then(() => ({uid, gid}))) + } + + // extraction is always the same. the only difference is where + // the tarball comes from. + extract (dest) { + return this[_mkdir](dest).then(({uid, gid}) => + this.tarballStream(tarball => this[_extract](dest, tarball, uid, gid))) + } + + [_toFile] (dest) { + return this.tarballStream(str => new Promise((res, rej) => { + const writer = new fsm.WriteStream(dest) + str.on('error', er => writer.emit('error', er)) + writer.on('error', er => rej(er)) + writer.on('close', () => res({ + integrity: this.integrity && String(this.integrity), + resolved: this.resolved, + from: this.from, + })) + str.pipe(writer) + })) + } + + // don't use this[_mkdir] because we don't want to rimraf anything + tarballFile (dest) { + const dir = dirname(dest) + return !inferOwner + ? mkdirp(dir).then(() => this[_toFile](dest)) + : inferOwner(dest).then(({uid, gid}) => + mkdirp(dir).then(made => this[_toFile](dest) + .then(res => this[_chown](made || dir, uid, gid) + .then(() => res)))) + } + + [_extract] (dest, tarball, uid, gid) { + const extractor = tar.x(this[_tarxOptions]({ cwd: dest, uid, gid })) + const p = new Promise((resolve, reject) => { + extractor.on('end', () => { + resolve({ + resolved: this.resolved, + integrity: this.integrity && String(this.integrity), + from: this.from, + }) + }) + + extractor.on('error', er => { + this.log.warn('tar', er.message) + this.log.silly('tar', er) + reject(er) + }) + + tarball.on('error', er => reject(er)) + }) + + tarball.pipe(extractor) + return p + } + + // always ensure that entries are at least as permissive as our configured + // dmode/fmode, but never more permissive than the umask allows. + [_entryMode] (path, mode, type) { + const m = /Directory|GNUDumpDir/.test(type) ? this.dmode + : /File$/.test(type) ? this.fmode + : /* istanbul ignore next - should never happen in a pkg */ 0 + + // make sure package bins are executable + const exe = isPackageBin(this.package, path) ? 0o111 : 0 + return ((mode | m) & ~this.umask) | exe + } + + [_tarxOptions] ({ cwd, uid, gid }) { + const sawIgnores = new Set() + return { + cwd, + filter: (name, entry) => { + if (/Link$/.test(entry.type)) + return false + entry.mode = this[_entryMode](entry.path, entry.mode, entry.type) + // this replicates the npm pack behavior where .gitignore files + // are treated like .npmignore files, but only if a .npmignore + // file is not present. + if (/File$/.test(entry.type)) { + const base = basename(entry.path) + if (base === '.npmignore') + sawIgnores.add(entry.path) + else if (base === '.gitignore') { + // rename, but only if there's not already a .npmignore + const ni = entry.path.replace(/\.gitignore$/, '.npmignore') + if (sawIgnores.has(ni)) + return false + entry.path = ni + } + return true + } + }, + strip: 1, + onwarn: /* istanbul ignore next - we can trust that tar logs */ + (code, msg, data) => { + this.log.warn('tar', code, msg) + this.log.silly('tar', code, msg, data) + }, + uid, + gid, + umask: this.umask, + } + } +} + +module.exports = FetcherBase + +// Child classes +const GitFetcher = require('./git.js') +const RegistryFetcher = require('./registry.js') +const FileFetcher = require('./file.js') +const DirFetcher = require('./dir.js') +const RemoteFetcher = require('./remote.js') + +// Get an appropriate fetcher object from a spec and options +FetcherBase.get = (rawSpec, opts = {}) => { + const spec = npa(rawSpec, opts.where) + switch (spec.type) { + case 'git': + return new GitFetcher(spec, opts) + + case 'remote': + return new RemoteFetcher(spec, opts) + + case 'version': + case 'range': + case 'tag': + case 'alias': + return new RegistryFetcher(spec.subSpec || spec, opts) + + case 'file': + return new FileFetcher(spec, opts) + + case 'directory': + return new DirFetcher(spec, opts) + + default: + throw new TypeError('Unknown spec type: ' + spec.type) + } +} diff --git a/node_modules/libnpmpack/node_modules/pacote/lib/file.js b/node_modules/libnpmpack/node_modules/pacote/lib/file.js new file mode 100644 index 000000000..d5c601aab --- /dev/null +++ b/node_modules/libnpmpack/node_modules/pacote/lib/file.js @@ -0,0 +1,93 @@ +const Fetcher = require('./fetcher.js') +const fsm = require('fs-minipass') +const cacache = require('cacache') +const { promisify } = require('util') +const readPackageJson = require('read-package-json-fast') +const _tarballFromResolved = Symbol.for('pacote.Fetcher._tarballFromResolved') +const _exeBins = Symbol('_exeBins') +const { resolve } = require('path') +const fs = require('fs') + +class FileFetcher extends Fetcher { + constructor (spec, opts) { + super(spec, opts) + // just the fully resolved filename + this.resolved = this.spec.fetchSpec + } + + get types () { + return ['file'] + } + + manifest () { + if (this.package) + return Promise.resolve(this.package) + + // have to unpack the tarball for this. + return cacache.tmp.withTmp(this.cache, this.opts, dir => + this.extract(dir) + .then(() => readPackageJson(dir + '/package.json')) + .then(mani => this.package = { + ...mani, + _integrity: this.integrity && String(this.integrity), + _resolved: this.resolved, + _from: this.from, + })) + } + + [_exeBins] (pkg, dest) { + if (!pkg.bin) + return Promise.resolve() + + return Promise.all(Object.keys(pkg.bin).map(k => new Promise(res => { + const script = resolve(dest, pkg.bin[k]) + // Best effort. Ignore errors here, the only result is that + // a bin script is not executable. But if it's missing or + // something, we just leave it for a later stage to trip over + // when we can provide a more useful contextual error. + fs.stat(script, (er, st) => { + if (er) + return res() + const mode = st.mode | 0o111 + if (mode === st.mode) + return res() + fs.chmod(script, mode, res) + }) + }))) + } + + extract (dest) { + // if we've already loaded the manifest, then the super got it. + // but if not, read the unpacked manifest and chmod properly. + return super.extract(dest) + .then(result => this.package ? result + : readPackageJson(dest + '/package.json').then(pkg => + this[_exeBins](pkg, dest)).then(() => result)) + } + + [_tarballFromResolved] () { + // create a read stream and return it + return new fsm.ReadStream(this.resolved) + } + + packument () { + // simulate based on manifest + return this.manifest().then(mani => ({ + name: mani.name, + 'dist-tags': { + [this.defaultTag]: mani.version + }, + versions: { + [mani.version]: { + ...mani, + dist: { + tarball: `file:${this.resolved}`, + integrity: this.integrity && String(this.integrity), + } + } + } + })) + } +} + +module.exports = FileFetcher diff --git a/node_modules/libnpmpack/node_modules/pacote/lib/git.js b/node_modules/libnpmpack/node_modules/pacote/lib/git.js new file mode 100644 index 000000000..81f7ca256 --- /dev/null +++ b/node_modules/libnpmpack/node_modules/pacote/lib/git.js @@ -0,0 +1,272 @@ +const Fetcher = require('./fetcher.js') +const FileFetcher = require('./file.js') +const RemoteFetcher = require('./remote.js') +const DirFetcher = require('./dir.js') +const hashre = /^[a-f0-9]{40}$/ +const git = require('@npmcli/git') +const pickManifest = require('npm-pick-manifest') +const npa = require('npm-package-arg') +const url = require('url') +const Minipass = require('minipass') +const cacache = require('cacache') +const { promisify } = require('util') +const readPackageJson = require('read-package-json-fast') +const npm = require('./util/npm.js') + +const _resolvedFromRepo = Symbol('_resolvedFromRepo') +const _resolvedFromHosted = Symbol('_resolvedFromHosted') +const _resolvedFromClone = Symbol('_resolvedFromClone') +const _tarballFromResolved = Symbol.for('pacote.Fetcher._tarballFromResolved') +const _addGitSha = Symbol('_addGitSha') +const _clone = Symbol('_clone') +const _cloneHosted = Symbol('_cloneHosted') +const _cloneRepo = Symbol('_cloneRepo') +const _setResolvedWithSha = Symbol('_setResolvedWithSha') +const _prepareDir = Symbol('_prepareDir') + +// get the repository url. prefer ssh, fall back to git:// +// We have to add the git+ back because npa suppresses it. +const repoUrl = (hosted, opts) => + hosted.sshurl && addGitPlus(hosted.sshurl(opts)) || + hosted.https && addGitPlus(hosted.https(opts)) + +const addGitPlus = url => url && `git+${url}` + +class GitFetcher extends Fetcher { + constructor (spec, opts) { + super(spec, opts) + this.resolvedRef = null + if (this.spec.hosted) + this.from = this.spec.hosted.shortcut({ noCommittish: false }) + + // shortcut: avoid full clone when we can go straight to the tgz + // if we have the full sha and it's a hosted git platform + if (this.spec.gitCommittish && hashre.test(this.spec.gitCommittish)) { + this.resolvedSha = this.spec.gitCommittish + // use hosted.tarball() when we shell to RemoteFetcher later + this.resolved = this.spec.hosted + ? repoUrl(this.spec.hosted, { noCommittish: false }) + : this.spec.fetchSpec + '#' + this.spec.gitCommittish + } else + this.resolvedSha = '' + } + + get types () { + return ['git'] + } + + resolve () { + // likely a hosted git repo with a sha, so get the tarball url + // but in general, no reason to resolve() more than necessary! + if (this.resolved) + return super.resolve() + + // fetch the git repo and then look at the current hash + const h = this.spec.hosted + // try to use ssh, fall back to git. + return h ? this[_resolvedFromHosted](h) + : this[_resolvedFromRepo](this.spec.fetchSpec) + } + + // first try https, since that's faster and passphrase-less for + // public repos. Fall back to SSH to support private repos. + // NB: we always store the SSH url in the 'resolved' field. + [_resolvedFromHosted] (hosted) { + return this[_resolvedFromRepo](hosted.https && hosted.https()) + .catch(er => { + const ssh = hosted.sshurl && hosted.sshurl() + if (!ssh) + throw er + return this[_resolvedFromRepo](ssh) + }) + } + + [_resolvedFromRepo] (gitRemote) { + // XXX make this a custom error class + if (!gitRemote) + return Promise.reject(new Error(`No git url for ${this.spec}`)) + const gitRange = this.spec.gitRange + const name = this.spec.name + return git.revs(gitRemote, this.opts).then(remoteRefs => { + return gitRange ? pickManifest({ + versions: remoteRefs.versions, + 'dist-tags': remoteRefs['dist-tags'], + name, + }, gitRange, this.opts) + : this.spec.gitCommittish ? + remoteRefs.refs[this.spec.gitCommittish] || + remoteRefs.refs[remoteRefs.shas[this.spec.gitCommittish]] + : remoteRefs.refs.HEAD // no git committish, get default head + }).then(revDoc => { + // the committish provided isn't in the rev list + // things like HEAD~3 or @yesterday can land here. + if (!revDoc || !revDoc.sha) + return this[_resolvedFromClone]() + + this.resolvedRef = revDoc + this.resolvedSha = revDoc.sha + this[_addGitSha](revDoc.sha) + return this.resolved + }) + } + + [_setResolvedWithSha] (withSha) { + // we haven't cloned, so a tgz download is still faster + // of course, if it's not a known host, we can't do that. + this.resolved = !this.spec.hosted ? withSha + : repoUrl(npa(withSha).hosted, { noCommittish: false }) + } + + // when we get the git sha, we affix it to our spec to build up + // either a git url with a hash, or a tarball download URL + [_addGitSha] (sha) { + if (this.spec.hosted) { + this[_setResolvedWithSha]( + this.spec.hosted.shortcut({ noCommittish: true }) + '#' + sha + ) + } else { + const u = url.format(new url.URL(`#${sha}`, this.spec.rawSpec)) + this[_setResolvedWithSha](url.format(u)) + } + } + + [_resolvedFromClone] () { + // do a full or shallow clone, then look at the HEAD + // kind of wasteful, but no other option, really + return this[_clone](dir => this.resolved) + } + + [_prepareDir] (dir) { + return readPackageJson(dir + '/package.json').then(mani => { + // no need if we aren't going to do any preparation. + const scripts = mani.scripts + if (!scripts || !( + scripts.postinstall || + scripts.build || + scripts.preinstall || + scripts.install || + scripts.prepare)) + return + + // the DirFetcher will do its own preparation to run the prepare scripts + // All we have to do is put the deps in place so that it can succeed. + return npm( + this.npmBin, + [].concat(this.npmInstallCmd).concat(this.npmCliConfig), + dir, + { message: 'git dep preparation failed' } + ) + }) + } + + [_tarballFromResolved] () { + const stream = new Minipass() + stream.resolved = this.resolved + stream.integrity = this.integrity + stream.from = this.from + + // check it out and then shell out to the DirFetcher tarball packer + this[_clone](dir => this[_prepareDir](dir) + .then(() => new Promise((res, rej) => { + const df = new DirFetcher(`file:${dir}`, { + ...this.opts, + resolved: null, + integrity: null, + }) + const dirStream = df[_tarballFromResolved]() + dirStream.on('error', rej) + dirStream.on('end', res) + dirStream.pipe(stream) + }))).catch( + /* istanbul ignore next: very unlikely and hard to test */ + er => stream.emit('error', er) + ) + return stream + } + + // clone a git repo into a temp folder (or fetch and unpack if possible) + // handler accepts a directory, and returns a promise that resolves + // when we're done with it, at which point, cacache deletes it + // + // TODO: after cloning, create a tarball of the folder, and add to the cache + // with cacache.put.stream(), using a key that's deterministic based on the + // spec and repo, so that we don't ever clone the same thing multiple times. + [_clone] (handler, tarballOk = true) { + const o = { tmpPrefix: 'git-clone' } + const ref = this.resolvedSha || this.spec.gitCommittish + const h = this.spec.hosted + const resolved = this.resolved + + // can be set manually to false to fall back to actual git clone + tarballOk = tarballOk && + h && resolved === repoUrl(h, { noCommittish: false }) && h.tarball + + return cacache.tmp.withTmp(this.cache, o, tmp => { + // if we're resolved, and have a tarball url, shell out to RemoteFetcher + if (tarballOk) { + const nameat = this.spec.name ? `${this.spec.name}@` : '' + return new RemoteFetcher(h.tarball({ noCommittish: false }), { + ...this.opts, + pkgid: `git:${nameat}${this.resolved}`, + resolved: this.resolved, + integrity: null, // it'll always be different, if we have one + }).extract(tmp).then(() => handler(tmp), er => { + // fall back to ssh download if tarball fails + if (er.constructor.name.match(/^Http/)) + return this[_clone](handler, false) + else + throw er + }) + } + + return ( + h ? this[_cloneHosted](ref, tmp) + : this[_cloneRepo](this.spec.fetchSpec, ref, tmp) + ).then(sha => { + this.resolvedSha = sha + if (!this.resolved) + this[_addGitSha](sha) + }) + .then(() => handler(tmp)) + }) + } + + [_cloneHosted] (ref, tmp) { + const hosted = this.spec.hosted + const https = hosted.https() + return this[_cloneRepo](hosted.https({ noCommittish: true }), ref, tmp) + .catch(er => { + const ssh = hosted.sshurl && hosted.sshurl({ noCommittish: true }) + /* istanbul ignore if - should be covered by the resolve() call */ + if (!ssh) + throw er + return this[_cloneRepo](ssh, ref, tmp) + }) + } + + [_cloneRepo] (repo, ref, tmp) { + const { opts, spec } = this + return git.clone(repo, ref, tmp, { ...opts, spec }) + } + + manifest () { + if (this.package) + return Promise.resolve(this.package) + + return this.spec.hosted && this.resolved + ? FileFetcher.prototype.manifest.apply(this) + : this[_clone](dir => + readPackageJson(dir + '/package.json') + .then(mani => this.package = { + ...mani, + _integrity: this.integrity && String(this.integrity), + _resolved: this.resolved, + _from: this.from, + })) + } + + packument () { + return FileFetcher.prototype.packument.apply(this) + } +} +module.exports = GitFetcher diff --git a/node_modules/libnpmpack/node_modules/pacote/lib/index.js b/node_modules/libnpmpack/node_modules/pacote/lib/index.js new file mode 100644 index 000000000..546ba960b --- /dev/null +++ b/node_modules/libnpmpack/node_modules/pacote/lib/index.js @@ -0,0 +1,12 @@ +const { get } = require('./fetcher.js') +module.exports = { + resolve: (spec, opts) => get(spec, opts).resolve(), + extract: (spec, dest, opts) => get(spec, opts).extract(dest), + manifest: (spec, opts) => get(spec, opts).manifest(), + tarball: (spec, opts) => get(spec, opts).tarball(), + packument: (spec, opts) => get(spec, opts).packument(), +} +module.exports.tarball.stream = (spec, handler, opts) => + get(spec, opts).tarballStream(handler) +module.exports.tarball.file = (spec, dest, opts) => + get(spec, opts).tarballFile(dest) diff --git a/node_modules/libnpmpack/node_modules/pacote/lib/registry.js b/node_modules/libnpmpack/node_modules/pacote/lib/registry.js new file mode 100644 index 000000000..b9df03614 --- /dev/null +++ b/node_modules/libnpmpack/node_modules/pacote/lib/registry.js @@ -0,0 +1,159 @@ +const Fetcher = require('./fetcher.js') +const RemoteFetcher = require('./remote.js') +const _tarballFromResolved = Symbol.for('pacote.Fetcher._tarballFromResolved') +const pacoteVersion = require('../package.json').version +const npa = require('npm-package-arg') +const pickManifest = require('npm-pick-manifest') +const ssri = require('ssri') +const Minipass = require('minipass') + +// Corgis are cute. 🐕🐶 +const corgiDoc = 'application/vnd.npm.install-v1+json; q=1.0, application/json; q=0.8, */*' +const fullDoc = 'application/json' + +const fetch = require('npm-registry-fetch') + +// TODO: memoize reg requests, so we don't even have to check cache + +const _headers = Symbol('_headers') +class RegistryFetcher extends Fetcher { + constructor (spec, opts) { + super(spec, opts) + + // handle case when npm-package-arg guesses wrong. + if (this.spec.type === 'tag' && + this.spec.rawSpec === '' && + this.defaultTag !== 'latest') + this.spec = npa(`${this.spec.name}@${this.defaultTag}`) + this.registry = fetch.pickRegistry(spec, opts) + this.packumentUrl = this.registry.replace(/\/*$/, '/') + + this.spec.escapedName + + // XXX pacote <=9 has some logic to ignore opts.resolved if + // the resolved URL doesn't go to the same registry. + // Consider reproducing that here, to throw away this.resolved + // in that case. + } + + resolve () { + if (this.resolved) + return Promise.resolve(this.resolved) + + // fetching the manifest sets resolved and (usually) integrity + return this.manifest().then(() => { + if (this.resolved) + return this.resolved + + throw Object.assign( + new Error('Invalid package manifest: no `dist.tarball` field'), + { package: this.spec.toString() } + ) + }) + } + + [_headers] () { + return { + // npm will override UA, but ensure that we always send *something* + 'user-agent': this.opts.userAgent || + `pacote/${pacoteVersion} node/${process.version}`, + ...(this.opts.headers || {}), + 'pacote-version': pacoteVersion, + 'pacote-req-type': 'packument', + 'pacote-pkg-id': `registry:${this.spec.name}`, + accept: this.fullMetadata ? fullDoc : corgiDoc, + } + } + + packument () { + // npm-registry-fetch the packument + // set the appropriate header for corgis if fullMetadata isn't set + // return the res.json() promise + return fetch(this.packumentUrl, { + ...this.opts, + headers: this[_headers](), + spec: this.spec, + // never check integrity for packuments themselves + integrity: null, + }).then(res => res.json().then(packument => { + packument._cached = res.headers.has('x-local-cache') + packument._contentLength = +res.headers.get('content-length') + return packument + })).catch(er => { + if (er.code === 'E404' && !this.fullMetadata) { + // possible that corgis are not supported by this registry + this.fullMetadata = true + return this.packument() + } + throw er + }) + } + + manifest () { + if (this.package) + return Promise.resolve(this.package) + + return this.packument() + .then(packument => pickManifest(packument, this.spec.fetchSpec, { + ...this.opts, + defaultTag: this.defaultTag, + before: this.before, + }) /* XXX add ETARGET and E403 revalidation of cached packuments here */) + .then(mani => { + // add _resolved and _integrity from dist object + const { dist } = mani + if (dist) { + this.resolved = mani._resolved = dist.tarball + mani._from = this.from + const distIntegrity = dist.integrity ? ssri.parse(dist.integrity) + : dist.shasum ? ssri.fromHex(dist.shasum, 'sha1', {...this.opts}) + : null + if (distIntegrity) { + if (!this.integrity) + this.integrity = distIntegrity + else if (!this.integrity.match(distIntegrity)) { + // only bork if they have algos in common. + // otherwise we end up breaking if we have saved a sha512 + // previously for the tarball, but the manifest only + // provides a sha1, which is possible for older publishes. + // Otherwise, this is almost certainly a case of holding it + // wrong, and will result in weird or insecure behavior + // later on when building package tree. + for (const algo of Object.keys(this.integrity)) { + if (distIntegrity[algo]) { + throw Object.assign(new Error( + `Integrity checksum failed when using ${algo}: `+ + `wanted ${this.integrity} but got ${distIntegrity}.` + ), { code: 'EINTEGRITY' }) + } + } + // made it this far, the integrity is worthwhile. accept it. + // the setter here will take care of merging it into what we + // already had. + this.integrity = distIntegrity + } + } + } + if (this.integrity) + mani._integrity = String(this.integrity) + return this.package = mani + }) + } + + [_tarballFromResolved] () { + // we use a RemoteFetcher to get the actual tarball stream + return new RemoteFetcher(this.resolved, { + ...this.opts, + resolved: this.resolved, + pkgid: `registry:${this.spec.name}@${this.resolved}`, + })[_tarballFromResolved]() + } + + get types () { + return [ + 'tag', + 'version', + 'range', + ] + } +} +module.exports = RegistryFetcher diff --git a/node_modules/libnpmpack/node_modules/pacote/lib/remote.js b/node_modules/libnpmpack/node_modules/pacote/lib/remote.js new file mode 100644 index 000000000..81f14efbc --- /dev/null +++ b/node_modules/libnpmpack/node_modules/pacote/lib/remote.js @@ -0,0 +1,72 @@ +const Fetcher = require('./fetcher.js') +const FileFetcher = require('./file.js') +const _tarballFromResolved = Symbol.for('pacote.Fetcher._tarballFromResolved') +const pacoteVersion = require('../package.json').version +const fetch = require('npm-registry-fetch') +const ssri = require('ssri') +const Minipass = require('minipass') + +const _headers = Symbol('_headers') +class RemoteFetcher extends Fetcher { + constructor (spec, opts) { + super(spec, opts) + this.resolved = this.spec.fetchSpec + // nam is a fermented pork sausage that is good to eat + const nameat = this.spec.name ? `${this.spec.name}@` : '' + this.pkgid = opts.pkgid ? opts.pkgid : `remote:${nameat}${this.resolved}` + } + + [_tarballFromResolved] () { + const stream = new Minipass() + const fetchOpts = { + ...this.opts, + headers: this[_headers](), + spec: this.spec, + integrity: this.integrity, + algorithms: [ this.pickIntegrityAlgorithm() ], + } + fetch(this.resolved, fetchOpts).then(res => { + const hash = res.headers.get('x-local-cache-hash') + if (hash) { + this.integrity = decodeURIComponent(hash) + } + + res.body.on('error', + /* istanbul ignore next - exceedingly rare and hard to simulate */ + er => stream.emit('error', er) + ).pipe(stream) + }).catch(er => stream.emit('error', er)) + + return stream + } + + [_headers] () { + return { + // npm will override this, but ensure that we always send *something* + 'user-agent': this.opts.userAgent || + `pacote/${pacoteVersion} node/${process.version}`, + ...(this.opts.headers || {}), + 'pacote-version': pacoteVersion, + 'pacote-req-type': 'tarball', + 'pacote-pkg-id': this.pkgid, + ...(this.integrity ? { 'pacote-integrity': String(this.integrity) } + : {}), + ...(this.opts.headers || {}), + } + } + + get types () { + return ['remote'] + } + + // getting a packument and/or manifest is the same as with a file: spec. + // unpack the tarball stream, and then read from the package.json file. + packument () { + return FileFetcher.prototype.packument.apply(this) + } + + manifest () { + return FileFetcher.prototype.manifest.apply(this) + } +} +module.exports = RemoteFetcher diff --git a/node_modules/libnpmpack/node_modules/pacote/lib/util/cache-dir.js b/node_modules/libnpmpack/node_modules/pacote/lib/util/cache-dir.js new file mode 100644 index 000000000..d5c0bf28f --- /dev/null +++ b/node_modules/libnpmpack/node_modules/pacote/lib/util/cache-dir.js @@ -0,0 +1,12 @@ +const os = require('os') +const {resolve} = require('path') + +module.exports = (fakePlatform = false) => { + const temp = os.tmpdir() + const uidOrPid = process.getuid ? process.getuid() : process.pid + const home = os.homedir() || resolve(temp, 'npm-' + uidOrPid) + const platform = fakePlatform || process.platform + const cacheExtra = platform === 'win32' ? 'npm-cache' : '.npm' + const cacheRoot = (platform === 'win32' && process.env.APPDATA) || home + return resolve(cacheRoot, cacheExtra) +} diff --git a/node_modules/libnpmpack/node_modules/pacote/lib/util/is-package-bin.js b/node_modules/libnpmpack/node_modules/pacote/lib/util/is-package-bin.js new file mode 100644 index 000000000..35cf06427 --- /dev/null +++ b/node_modules/libnpmpack/node_modules/pacote/lib/util/is-package-bin.js @@ -0,0 +1,24 @@ +// Function to determine whether a path is in the package.bin set. +// Used to prevent issues when people publish a package from a +// windows machine, and then install with --no-bin-links. +// +// Note: this is not possible in remote or file fetchers, since +// we don't have the manifest until AFTER we've unpacked. But the +// main use case is registry fetching with git a distant second, +// so that's an acceptable edge case to not handle. + +const binObj = (name, bin) => + typeof bin === 'string' ? { [name]: bin } : bin + +const hasBin = (pkg, path) => { + const bin = binObj(pkg.name, pkg.bin) + const p = path.replace(/^[^\\\/]*\//, '') + for (const [k, v] of Object.entries(bin)) { + if (v === p) + return true + } + return false +} + +module.exports = (pkg, path) => + pkg && pkg.bin ? hasBin(pkg, path) : false diff --git a/node_modules/libnpmpack/node_modules/pacote/lib/util/npm.js b/node_modules/libnpmpack/node_modules/pacote/lib/util/npm.js new file mode 100644 index 000000000..293695525 --- /dev/null +++ b/node_modules/libnpmpack/node_modules/pacote/lib/util/npm.js @@ -0,0 +1,9 @@ +// run an npm command +const spawn = require('@npmcli/promise-spawn') + +module.exports = (npmBin, npmCommand, cwd, extra) => { + const isJS = npmBin.endsWith('.js') + const cmd = isJS ? process.execPath : npmBin + const args = (isJS ? [npmBin] : []).concat(npmCommand) + return spawn(cmd, args, { cwd, stdioString: true }, extra) +} diff --git a/node_modules/libnpmpack/node_modules/pacote/lib/util/proc-log.js b/node_modules/libnpmpack/node_modules/pacote/lib/util/proc-log.js new file mode 100644 index 000000000..b2bdd9dc9 --- /dev/null +++ b/node_modules/libnpmpack/node_modules/pacote/lib/util/proc-log.js @@ -0,0 +1,21 @@ +// default logger. +// emits 'log' events on the process +const LEVELS = [ + 'notice', + 'error', + 'warn', + 'info', + 'verbose', + 'http', + 'silly', + 'pause', + 'resume' +] + +const log = level => (...args) => process.emit('log', level, ...args) + +const logger = {} +for (const level of LEVELS) { + logger[level] = log(level) +} +module.exports = logger diff --git a/node_modules/libnpmpack/node_modules/pacote/node_modules/npm-package-arg/CHANGELOG.md b/node_modules/libnpmpack/node_modules/pacote/node_modules/npm-package-arg/CHANGELOG.md new file mode 100644 index 000000000..390a3a3c4 --- /dev/null +++ b/node_modules/libnpmpack/node_modules/pacote/node_modules/npm-package-arg/CHANGELOG.md @@ -0,0 +1,52 @@ +# Changelog + +All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines. + +## [8.0.0](https://github.com/npm/npm-package-arg/compare/v7.0.0...v8.0.0) (2019-12-15) + + +### ⚠ BREAKING CHANGES + +* Dropping support for node 6 and 8. It'll probably +still work on those versions, but they are no longer supported or +tested, since npm v7 is moving away from them. + +* drop support for node 6 and 8 ([ba85e68](https://github.com/npm/npm-package-arg/commit/ba85e68555d6270f672c3d59da17672f744d0376)) + +<a name="7.0.0"></a> +# [7.0.0](https://github.com/npm/npm-package-arg/compare/v6.1.1...v7.0.0) (2019-11-11) + + +### deps + +* bump hosted-git-info to 3.0.2 ([68a4fc3](https://github.com/npm/npm-package-arg/commit/68a4fc3)), closes [/github.com/npm/hosted-git-info/pull/38#issuecomment-520243803](https://github.com//github.com/npm/hosted-git-info/pull/38/issues/issuecomment-520243803) + + +### BREAKING CHANGES + +* this drops support for ancient node versions. + + + +<a name="6.1.1"></a> +## [6.1.1](https://github.com/npm/npm-package-arg/compare/v6.1.0...v6.1.1) (2019-08-21) + + +### Bug Fixes + +* preserve drive letter on windows git file:// urls ([3909203](https://github.com/npm/npm-package-arg/commit/3909203)) + + + +<a name="6.1.0"></a> +# [6.1.0](https://github.com/npm/npm-package-arg/compare/v6.0.0...v6.1.0) (2018-04-10) + + +### Bug Fixes + +* **git:** Fix gitRange for git+ssh for private git ([#33](https://github.com/npm/npm-package-arg/issues/33)) ([647a0b3](https://github.com/npm/npm-package-arg/commit/647a0b3)) + + +### Features + +* **alias:** add `npm:` registry alias spec ([#34](https://github.com/npm/npm-package-arg/issues/34)) ([ab99f8e](https://github.com/npm/npm-package-arg/commit/ab99f8e)) diff --git a/node_modules/libnpmpack/node_modules/pacote/node_modules/npm-package-arg/LICENSE b/node_modules/libnpmpack/node_modules/pacote/node_modules/npm-package-arg/LICENSE new file mode 100644 index 000000000..19cec97b1 --- /dev/null +++ b/node_modules/libnpmpack/node_modules/pacote/node_modules/npm-package-arg/LICENSE @@ -0,0 +1,15 @@ +The ISC License + +Copyright (c) npm, Inc. + +Permission to use, copy, modify, and/or distribute this software for any +purpose with or without fee is hereby granted, provided that the above +copyright notice and this permission notice appear in all copies. + +THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR +IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. diff --git a/node_modules/libnpmpack/node_modules/pacote/node_modules/npm-package-arg/README.md b/node_modules/libnpmpack/node_modules/pacote/node_modules/npm-package-arg/README.md new file mode 100644 index 000000000..847341b21 --- /dev/null +++ b/node_modules/libnpmpack/node_modules/pacote/node_modules/npm-package-arg/README.md @@ -0,0 +1,83 @@ +# npm-package-arg + +[](https://travis-ci.org/npm/npm-package-arg) + +Parses package name and specifier passed to commands like `npm install` or +`npm cache add`, or as found in `package.json` dependency sections. + +## EXAMPLES + +```javascript +var assert = require("assert") +var npa = require("npm-package-arg") + +// Pass in the descriptor, and it'll return an object +try { + var parsed = npa("@bar/foo@1.2") +} catch (ex) { + … +} +``` + +## USING + +`var npa = require('npm-package-arg')` + +### var result = npa(*arg*[, *where*]) + +* *arg* - a string that you might pass to `npm install`, like: +`foo@1.2`, `@bar/foo@1.2`, `foo@user/foo`, `http://x.com/foo.tgz`, +`git+https://github.com/user/foo`, `bitbucket:user/foo`, `foo.tar.gz`, +`../foo/bar/` or `bar`. If the *arg* you provide doesn't have a specifier +part, eg `foo` then the specifier will default to `latest`. +* *where* - Optionally the path to resolve file paths relative to. Defaults to `process.cwd()` + +**Throws** if the package name is invalid, a dist-tag is invalid or a URL's protocol is not supported. + +### var result = npa.resolve(*name*, *spec*[, *where*]) + +* *name* - The name of the module you want to install. For example: `foo` or `@bar/foo`. +* *spec* - The specifier indicating where and how you can get this module. Something like: +`1.2`, `^1.7.17`, `http://x.com/foo.tgz`, `git+https://github.com/user/foo`, +`bitbucket:user/foo`, `file:foo.tar.gz` or `file:../foo/bar/`. If not +included then the default is `latest`. +* *where* - Optionally the path to resolve file paths relative to. Defaults to `process.cwd()` + +**Throws** if the package name is invalid, a dist-tag is invalid or a URL's protocol is not supported. + +## RESULT OBJECT + +The objects that are returned by npm-package-arg contain the following +keys: + +* `type` - One of the following strings: + * `git` - A git repo + * `tag` - A tagged version, like `"foo@latest"` + * `version` - A specific version number, like `"foo@1.2.3"` + * `range` - A version range, like `"foo@2.x"` + * `file` - A local `.tar.gz`, `.tar` or `.tgz` file. + * `directory` - A local directory. + * `remote` - An http url (presumably to a tgz) +* `registry` - If true this specifier refers to a resource hosted on a + registry. This is true for `tag`, `version` and `range` types. +* `name` - If known, the `name` field expected in the resulting pkg. +* `scope` - If a name is something like `@org/module` then the `scope` + field will be set to `@org`. If it doesn't have a scoped name, then + scope is `null`. +* `escapedName` - A version of `name` escaped to match the npm scoped packages + specification. Mostly used when making requests against a registry. When + `name` is `null`, `escapedName` will also be `null`. +* `rawSpec` - The specifier part that was parsed out in calls to `npa(arg)`, + or the value of `spec` in calls to `npa.resolve(name, spec). +* `saveSpec` - The normalized specifier, for saving to package.json files. + `null` for registry dependencies. +* `fetchSpec` - The version of the specifier to be used to fetch this + resource. `null` for shortcuts to hosted git dependencies as there isn't + just one URL to try with them. +* `gitRange` - If set, this is a semver specifier to match against git tags with +* `gitCommittish` - If set, this is the specific committish to use with a git dependency. +* `hosted` - If `from === 'hosted'` then this will be a `hosted-git-info` + object. This property is not included when serializing the object as + JSON. +* `raw` - The original un-modified string that was provided. If called as + `npa.resolve(name, spec)` then this will be `name + '@' + spec`. diff --git a/node_modules/libnpmpack/node_modules/pacote/node_modules/npm-package-arg/npa.js b/node_modules/libnpmpack/node_modules/pacote/node_modules/npm-package-arg/npa.js new file mode 100644 index 000000000..d18168b75 --- /dev/null +++ b/node_modules/libnpmpack/node_modules/pacote/node_modules/npm-package-arg/npa.js @@ -0,0 +1,301 @@ +'use strict' +module.exports = npa +module.exports.resolve = resolve +module.exports.Result = Result + +let url +let HostedGit +let semver +let path_ +function path () { + if (!path_) path_ = require('path') + return path_ +} +let validatePackageName +let os + +const isWindows = process.platform === 'win32' || global.FAKE_WINDOWS +const hasSlashes = isWindows ? /\\|[/]/ : /[/]/ +const isURL = /^(?:git[+])?[a-z]+:/i +const isFilename = /[.](?:tgz|tar.gz|tar)$/i + +function npa (arg, where) { + let name + let spec + if (typeof arg === 'object') { + if (arg instanceof Result && (!where || where === arg.where)) { + return arg + } else if (arg.name && arg.rawSpec) { + return npa.resolve(arg.name, arg.rawSpec, where || arg.where) + } else { + return npa(arg.raw, where || arg.where) + } + } + const nameEndsAt = arg[0] === '@' ? arg.slice(1).indexOf('@') + 1 : arg.indexOf('@') + const namePart = nameEndsAt > 0 ? arg.slice(0, nameEndsAt) : arg + if (isURL.test(arg)) { + spec = arg + } else if (namePart[0] !== '@' && (hasSlashes.test(namePart) || isFilename.test(namePart))) { + spec = arg + } else if (nameEndsAt > 0) { + name = namePart + spec = arg.slice(nameEndsAt + 1) + } else { + if (!validatePackageName) validatePackageName = require('validate-npm-package-name') + const valid = validatePackageName(arg) + if (valid.validForOldPackages) { + name = arg + } else { + spec = arg + } + } + return resolve(name, spec, where, arg) +} + +const isFilespec = isWindows ? /^(?:[.]|~[/]|[/\\]|[a-zA-Z]:)/ : /^(?:[.]|~[/]|[/]|[a-zA-Z]:)/ + +function resolve (name, spec, where, arg) { + const res = new Result({ + raw: arg, + name: name, + rawSpec: spec, + fromArgument: arg != null + }) + + if (name) res.setName(name) + + if (spec && (isFilespec.test(spec) || /^file:/i.test(spec))) { + return fromFile(res, where) + } else if (spec && /^npm:/i.test(spec)) { + return fromAlias(res, where) + } + if (!HostedGit) HostedGit = require('hosted-git-info') + const hosted = HostedGit.fromUrl(spec, { noGitPlus: true, noCommittish: true }) + if (hosted) { + return fromHostedGit(res, hosted) + } else if (spec && isURL.test(spec)) { + return fromURL(res) + } else if (spec && (hasSlashes.test(spec) || isFilename.test(spec))) { + return fromFile(res, where) + } else { + return fromRegistry(res) + } +} + +function invalidPackageName (name, valid) { + const err = new Error(`Invalid package name "${name}": ${valid.errors.join('; ')}`) + err.code = 'EINVALIDPACKAGENAME' + return err +} +function invalidTagName (name) { + const err = new Error(`Invalid tag name "${name}": Tags may not have any characters that encodeURIComponent encodes.`) + err.code = 'EINVALIDTAGNAME' + return err +} + +function Result (opts) { + this.type = opts.type + this.registry = opts.registry + this.where = opts.where + if (opts.raw == null) { + this.raw = opts.name ? opts.name + '@' + opts.rawSpec : opts.rawSpec + } else { + this.raw = opts.raw + } + this.name = undefined + this.escapedName = undefined + this.scope = undefined + this.rawSpec = opts.rawSpec == null ? '' : opts.rawSpec + this.saveSpec = opts.saveSpec + this.fetchSpec = opts.fetchSpec + if (opts.name) this.setName(opts.name) + this.gitRange = opts.gitRange + this.gitCommittish = opts.gitCommittish + this.hosted = opts.hosted +} + +Result.prototype.setName = function (name) { + if (!validatePackageName) validatePackageName = require('validate-npm-package-name') + const valid = validatePackageName(name) + if (!valid.validForOldPackages) { + throw invalidPackageName(name, valid) + } + this.name = name + this.scope = name[0] === '@' ? name.slice(0, name.indexOf('/')) : undefined + // scoped packages in couch must have slash url-encoded, e.g. @foo%2Fbar + this.escapedName = name.replace('/', '%2f') + return this +} + +Result.prototype.toString = function () { + const full = [] + if (this.name != null && this.name !== '') full.push(this.name) + const spec = this.saveSpec || this.fetchSpec || this.rawSpec + if (spec != null && spec !== '') full.push(spec) + return full.length ? full.join('@') : this.raw +} + +Result.prototype.toJSON = function () { + const result = Object.assign({}, this) + delete result.hosted + return result +} + +function setGitCommittish (res, committish) { + if (committish != null && committish.length >= 7 && committish.slice(0, 7) === 'semver:') { + res.gitRange = decodeURIComponent(committish.slice(7)) + res.gitCommittish = null + } else { + res.gitCommittish = committish === '' ? null : committish + } + return res +} + +const isAbsolutePath = /^[/]|^[A-Za-z]:/ + +function resolvePath (where, spec) { + if (isAbsolutePath.test(spec)) return spec + return path().resolve(where, spec) +} + +function isAbsolute (dir) { + if (dir[0] === '/') return true + if (/^[A-Za-z]:/.test(dir)) return true + return false +} + +function fromFile (res, where) { + if (!where) where = process.cwd() + res.type = isFilename.test(res.rawSpec) ? 'file' : 'directory' + res.where = where + + const spec = res.rawSpec.replace(/\\/g, '/') + .replace(/^file:[/]*([A-Za-z]:)/, '$1') // drive name paths on windows + .replace(/^file:(?:[/]*([~./]))?/, '$1') + if (/^~[/]/.test(spec)) { + // this is needed for windows and for file:~/foo/bar + if (!os) os = require('os') + res.fetchSpec = resolvePath(os.homedir(), spec.slice(2)) + res.saveSpec = 'file:' + spec + } else { + res.fetchSpec = resolvePath(where, spec) + if (isAbsolute(spec)) { + res.saveSpec = 'file:' + spec + } else { + res.saveSpec = 'file:' + path().relative(where, res.fetchSpec) + } + } + return res +} + +function fromHostedGit (res, hosted) { + res.type = 'git' + res.hosted = hosted + res.saveSpec = hosted.toString({ noGitPlus: false, noCommittish: false }) + res.fetchSpec = hosted.getDefaultRepresentation() === 'shortcut' ? null : hosted.toString() + return setGitCommittish(res, hosted.committish) +} + +function unsupportedURLType (protocol, spec) { + const err = new Error(`Unsupported URL Type "${protocol}": ${spec}`) + err.code = 'EUNSUPPORTEDPROTOCOL' + return err +} + +function matchGitScp (spec) { + // git ssh specifiers are overloaded to also use scp-style git + // specifiers, so we have to parse those out and treat them special. + // They are NOT true URIs, so we can't hand them to `url.parse`. + // + // This regex looks for things that look like: + // git+ssh://git@my.custom.git.com:username/project.git#deadbeef + // + // ...and various combinations. The username in the beginning is *required*. + const matched = spec.match(/^git\+ssh:\/\/([^:#]+:[^#]+(?:\.git)?)(?:#(.*))?$/i) + return matched && !matched[1].match(/:[0-9]+\/?.*$/i) && { + fetchSpec: matched[1], + gitCommittish: matched[2] == null ? null : matched[2] + } +} + +function fromURL (res) { + if (!url) url = require('url') + const urlparse = url.parse(res.rawSpec) + res.saveSpec = res.rawSpec + // check the protocol, and then see if it's git or not + switch (urlparse.protocol) { + case 'git:': + case 'git+http:': + case 'git+https:': + case 'git+rsync:': + case 'git+ftp:': + case 'git+file:': + case 'git+ssh:': + res.type = 'git' + const match = urlparse.protocol === 'git+ssh:' && matchGitScp(res.rawSpec) + if (match) { + setGitCommittish(res, match.gitCommittish) + res.fetchSpec = match.fetchSpec + } else { + setGitCommittish(res, urlparse.hash != null ? urlparse.hash.slice(1) : '') + urlparse.protocol = urlparse.protocol.replace(/^git[+]/, '') + if (urlparse.protocol === 'file:' && /^git\+file:\/\/[a-z]:/i.test(res.rawSpec)) { + // keep the drive letter : on windows file paths + urlparse.host += ':' + urlparse.hostname += ':' + } + delete urlparse.hash + res.fetchSpec = url.format(urlparse) + } + break + case 'http:': + case 'https:': + res.type = 'remote' + res.fetchSpec = res.saveSpec + break + + default: + throw unsupportedURLType(urlparse.protocol, res.rawSpec) + } + + return res +} + +function fromAlias (res, where) { + const subSpec = npa(res.rawSpec.substr(4), where) + if (subSpec.type === 'alias') { + throw new Error('nested aliases not supported') + } + if (!subSpec.registry) { + throw new Error('aliases only work for registry deps') + } + res.subSpec = subSpec + res.registry = true + res.type = 'alias' + res.saveSpec = null + res.fetchSpec = null + return res +} + +function fromRegistry (res) { + res.registry = true + const spec = res.rawSpec === '' ? 'latest' : res.rawSpec + // no save spec for registry components as we save based on the fetched + // version, not on the argument so this can't compute that. + res.saveSpec = null + res.fetchSpec = spec + if (!semver) semver = require('semver') + const version = semver.valid(spec, true) + const range = semver.validRange(spec, true) + if (version) { + res.type = 'version' + } else if (range) { + res.type = 'range' + } else { + if (encodeURIComponent(spec) !== spec) { + throw invalidTagName(spec) + } + res.type = 'tag' + } + return res +} diff --git a/node_modules/libnpmpack/node_modules/pacote/node_modules/npm-package-arg/package.json b/node_modules/libnpmpack/node_modules/pacote/node_modules/npm-package-arg/package.json new file mode 100644 index 000000000..71728e253 --- /dev/null +++ b/node_modules/libnpmpack/node_modules/pacote/node_modules/npm-package-arg/package.json @@ -0,0 +1,69 @@ +{ + "_from": "npm-package-arg@^8.0.1", + "_id": "npm-package-arg@8.0.1", + "_inBundle": false, + "_integrity": "sha512-/h5Fm6a/exByzFSTm7jAyHbgOqErl9qSNJDQF32Si/ZzgwT2TERVxRxn3Jurw1wflgyVVAxnFR4fRHPM7y1ClQ==", + "_location": "/libnpmpack/pacote/npm-package-arg", + "_phantomChildren": {}, + "_requested": { + "type": "range", + "registry": true, + "raw": "npm-package-arg@^8.0.1", + "name": "npm-package-arg", + "escapedName": "npm-package-arg", + "rawSpec": "^8.0.1", + "saveSpec": null, + "fetchSpec": "^8.0.1" + }, + "_requiredBy": [ + "/libnpmpack/pacote" + ], + "_resolved": "https://registry.npmjs.org/npm-package-arg/-/npm-package-arg-8.0.1.tgz", + "_shasum": "9d76f8d7667b2373ffda60bb801a27ef71e3e270", + "_spec": "npm-package-arg@^8.0.1", + "_where": "/Users/claudiahdz/npm/cli/node_modules/libnpmpack/node_modules/pacote", + "author": { + "name": "Isaac Z. Schlueter", + "email": "i@izs.me", + "url": "http://blog.izs.me/" + }, + "bugs": { + "url": "https://github.com/npm/npm-package-arg/issues" + }, + "bundleDependencies": false, + "dependencies": { + "hosted-git-info": "^3.0.2", + "semver": "^7.0.0", + "validate-npm-package-name": "^3.0.0" + }, + "deprecated": false, + "description": "Parse the things that can be arguments to `npm install`", + "devDependencies": { + "tap": "^14.10.2" + }, + "directories": { + "test": "test" + }, + "engines": { + "node": ">=10" + }, + "files": [ + "npa.js" + ], + "homepage": "https://github.com/npm/npm-package-arg", + "license": "ISC", + "main": "npa.js", + "name": "npm-package-arg", + "repository": { + "type": "git", + "url": "git+https://github.com/npm/npm-package-arg.git" + }, + "scripts": { + "postversion": "npm publish", + "prepublishOnly": "git push origin --follow-tags", + "preversion": "npm test", + "snap": "tap", + "test": "tap" + }, + "version": "8.0.1" +} diff --git a/node_modules/libnpmpack/node_modules/pacote/package.json b/node_modules/libnpmpack/node_modules/pacote/package.json new file mode 100644 index 000000000..2e53042d9 --- /dev/null +++ b/node_modules/libnpmpack/node_modules/pacote/package.json @@ -0,0 +1,107 @@ +{ + "_from": "pacote@^11.1.4", + "_id": "pacote@11.1.4", + "_inBundle": false, + "_integrity": "sha512-eUGJvSSpWFZKn3z8gig/HgnBmUl6gIWByIIaHzSyEr3tOWX0w8tFEADXtpu8HGv5E0ShCeTP6enRq8iHKCHSvw==", + "_location": "/libnpmpack/pacote", + "_phantomChildren": { + "hosted-git-info": "3.0.2", + "semver": "7.1.3", + "validate-npm-package-name": "3.0.0" + }, + "_requested": { + "type": "range", + "registry": true, + "raw": "pacote@^11.1.4", + "name": "pacote", + "escapedName": "pacote", + "rawSpec": "^11.1.4", + "saveSpec": null, + "fetchSpec": "^11.1.4" + }, + "_requiredBy": [ + "/libnpmpack" + ], + "_resolved": "https://registry.npmjs.org/pacote/-/pacote-11.1.4.tgz", + "_shasum": "5529a453c59881b7f059da8af6903b0f79c124b2", + "_spec": "pacote@^11.1.4", + "_where": "/Users/claudiahdz/npm/cli/node_modules/libnpmpack", + "author": { + "name": "Isaac Z. Schlueter", + "email": "i@izs.me", + "url": "https://izs.me" + }, + "bin": { + "pacote": "lib/bin.js" + }, + "bugs": { + "url": "https://github.com/npm/pacote/issues" + }, + "bundleDependencies": false, + "dependencies": { + "@npmcli/git": "^2.0.1", + "@npmcli/installed-package-contents": "^1.0.5", + "@npmcli/promise-spawn": "^1.1.0", + "cacache": "^15.0.0", + "chownr": "^1.1.4", + "fs-minipass": "^2.1.0", + "infer-owner": "^1.0.4", + "lru-cache": "^5.1.1", + "minipass": "^3.0.1", + "minipass-fetch": "^1.2.1", + "mkdirp": "^1.0.3", + "npm-package-arg": "^8.0.1", + "npm-packlist": "^2.1.0", + "npm-pick-manifest": "^6.0.0", + "npm-registry-fetch": "^8.0.0", + "promise-inflight": "^1.0.1", + "promise-retry": "^1.1.1", + "read-package-json-fast": "^1.1.3", + "rimraf": "^2.7.1", + "semver": "^7.1.3", + "ssri": "^8.0.0", + "tar": "^6.0.1", + "which": "^2.0.2" + }, + "deprecated": false, + "description": "JavaScript package downloader", + "devDependencies": { + "mutate-fs": "^2.1.1", + "npm-registry-mock": "^1.3.1", + "require-inject": "^1.4.4", + "tap": "^14.10.6" + }, + "engines": { + "node": ">=10" + }, + "files": [ + "lib/**/*.js" + ], + "homepage": "https://github.com/npm/pacote#readme", + "keywords": [ + "packages", + "npm", + "git" + ], + "license": "ISC", + "main": "lib/index.js", + "name": "pacote", + "repository": { + "type": "git", + "url": "git+ssh://git@github.com/npm/pacote.git" + }, + "scripts": { + "postpublish": "git push origin --follow-tags", + "postversion": "npm publish", + "preversion": "npm test", + "snap": "tap", + "test": "tap" + }, + "tap": { + "timeout": 300, + "check-coverage": true, + "coverage-map": "map.js", + "esm": false + }, + "version": "11.1.4" +} diff --git a/node_modules/libnpmpack/node_modules/rimraf/LICENSE b/node_modules/libnpmpack/node_modules/rimraf/LICENSE new file mode 100644 index 000000000..19129e315 --- /dev/null +++ b/node_modules/libnpmpack/node_modules/rimraf/LICENSE @@ -0,0 +1,15 @@ +The ISC License + +Copyright (c) Isaac Z. Schlueter and Contributors + +Permission to use, copy, modify, and/or distribute this software for any +purpose with or without fee is hereby granted, provided that the above +copyright notice and this permission notice appear in all copies. + +THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR +IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. diff --git a/node_modules/libnpmpack/node_modules/rimraf/README.md b/node_modules/libnpmpack/node_modules/rimraf/README.md new file mode 100644 index 000000000..423b8cf85 --- /dev/null +++ b/node_modules/libnpmpack/node_modules/rimraf/README.md @@ -0,0 +1,101 @@ +[](https://travis-ci.org/isaacs/rimraf) [](https://david-dm.org/isaacs/rimraf) [](https://david-dm.org/isaacs/rimraf#info=devDependencies) + +The [UNIX command](http://en.wikipedia.org/wiki/Rm_(Unix)) `rm -rf` for node. + +Install with `npm install rimraf`, or just drop rimraf.js somewhere. + +## API + +`rimraf(f, [opts], callback)` + +The first parameter will be interpreted as a globbing pattern for files. If you +want to disable globbing you can do so with `opts.disableGlob` (defaults to +`false`). This might be handy, for instance, if you have filenames that contain +globbing wildcard characters. + +The callback will be called with an error if there is one. Certain +errors are handled for you: + +* Windows: `EBUSY` and `ENOTEMPTY` - rimraf will back off a maximum of + `opts.maxBusyTries` times before giving up, adding 100ms of wait + between each attempt. The default `maxBusyTries` is 3. +* `ENOENT` - If the file doesn't exist, rimraf will return + successfully, since your desired outcome is already the case. +* `EMFILE` - Since `readdir` requires opening a file descriptor, it's + possible to hit `EMFILE` if too many file descriptors are in use. + In the sync case, there's nothing to be done for this. But in the + async case, rimraf will gradually back off with timeouts up to + `opts.emfileWait` ms, which defaults to 1000. + +## options + +* unlink, chmod, stat, lstat, rmdir, readdir, + unlinkSync, chmodSync, statSync, lstatSync, rmdirSync, readdirSync + + In order to use a custom file system library, you can override + specific fs functions on the options object. + + If any of these functions are present on the options object, then + the supplied function will be used instead of the default fs + method. + + Sync methods are only relevant for `rimraf.sync()`, of course. + + For example: + + ```javascript + var myCustomFS = require('some-custom-fs') + + rimraf('some-thing', myCustomFS, callback) + ``` + +* maxBusyTries + + If an `EBUSY`, `ENOTEMPTY`, or `EPERM` error code is encountered + on Windows systems, then rimraf will retry with a linear backoff + wait of 100ms longer on each try. The default maxBusyTries is 3. + + Only relevant for async usage. + +* emfileWait + + If an `EMFILE` error is encountered, then rimraf will retry + repeatedly with a linear backoff of 1ms longer on each try, until + the timeout counter hits this max. The default limit is 1000. + + If you repeatedly encounter `EMFILE` errors, then consider using + [graceful-fs](http://npm.im/graceful-fs) in your program. + + Only relevant for async usage. + +* glob + + Set to `false` to disable [glob](http://npm.im/glob) pattern + matching. + + Set to an object to pass options to the glob module. The default + glob options are `{ nosort: true, silent: true }`. + + Glob version 6 is used in this module. + + Relevant for both sync and async usage. + +* disableGlob + + Set to any non-falsey value to disable globbing entirely. + (Equivalent to setting `glob: false`.) + +## rimraf.sync + +It can remove stuff synchronously, too. But that's not so good. Use +the async API. It's better. + +## CLI + +If installed with `npm install rimraf -g` it can be used as a global +command `rimraf <path> [<path> ...]` which is useful for cross platform support. + +## mkdirp + +If you need to create a directory recursively, check out +[mkdirp](https://github.com/substack/node-mkdirp). diff --git a/node_modules/libnpmpack/node_modules/rimraf/bin.js b/node_modules/libnpmpack/node_modules/rimraf/bin.js new file mode 100755 index 000000000..0d1e17be7 --- /dev/null +++ b/node_modules/libnpmpack/node_modules/rimraf/bin.js @@ -0,0 +1,50 @@ +#!/usr/bin/env node + +var rimraf = require('./') + +var help = false +var dashdash = false +var noglob = false +var args = process.argv.slice(2).filter(function(arg) { + if (dashdash) + return !!arg + else if (arg === '--') + dashdash = true + else if (arg === '--no-glob' || arg === '-G') + noglob = true + else if (arg === '--glob' || arg === '-g') + noglob = false + else if (arg.match(/^(-+|\/)(h(elp)?|\?)$/)) + help = true + else + return !!arg +}) + +if (help || args.length === 0) { + // If they didn't ask for help, then this is not a "success" + var log = help ? console.log : console.error + log('Usage: rimraf <path> [<path> ...]') + log('') + log(' Deletes all files and folders at "path" recursively.') + log('') + log('Options:') + log('') + log(' -h, --help Display this usage info') + log(' -G, --no-glob Do not expand glob patterns in arguments') + log(' -g, --glob Expand glob patterns in arguments (default)') + process.exit(help ? 0 : 1) +} else + go(0) + +function go (n) { + if (n >= args.length) + return + var options = {} + if (noglob) + options = { glob: false } + rimraf(args[n], options, function (er) { + if (er) + throw er + go(n+1) + }) +} diff --git a/node_modules/libnpmpack/node_modules/rimraf/package.json b/node_modules/libnpmpack/node_modules/rimraf/package.json new file mode 100644 index 000000000..a61c985d5 --- /dev/null +++ b/node_modules/libnpmpack/node_modules/rimraf/package.json @@ -0,0 +1,67 @@ +{ + "_from": "rimraf@^2.7.1", + "_id": "rimraf@2.7.1", + "_inBundle": false, + "_integrity": "sha512-uWjbaKIK3T1OSVptzX7Nl6PvQ3qAGtKEtVRjRuazjfL3Bx5eI409VZSqgND+4UNnmzLVdPj9FqFJNPqBZFve4w==", + "_location": "/libnpmpack/rimraf", + "_phantomChildren": {}, + "_requested": { + "type": "range", + "registry": true, + "raw": "rimraf@^2.7.1", + "name": "rimraf", + "escapedName": "rimraf", + "rawSpec": "^2.7.1", + "saveSpec": null, + "fetchSpec": "^2.7.1" + }, + "_requiredBy": [ + "/libnpmpack/pacote" + ], + "_resolved": "https://registry.npmjs.org/rimraf/-/rimraf-2.7.1.tgz", + "_shasum": "35797f13a7fdadc566142c29d4f07ccad483e3ec", + "_spec": "rimraf@^2.7.1", + "_where": "/Users/claudiahdz/npm/cli/node_modules/libnpmpack/node_modules/pacote", + "author": { + "name": "Isaac Z. Schlueter", + "email": "i@izs.me", + "url": "http://blog.izs.me/" + }, + "bin": { + "rimraf": "bin.js" + }, + "bugs": { + "url": "https://github.com/isaacs/rimraf/issues" + }, + "bundleDependencies": false, + "dependencies": { + "glob": "^7.1.3" + }, + "deprecated": false, + "description": "A deep deletion module for node (like `rm -rf`)", + "devDependencies": { + "mkdirp": "^0.5.1", + "tap": "^12.1.1" + }, + "files": [ + "LICENSE", + "README.md", + "bin.js", + "rimraf.js" + ], + "homepage": "https://github.com/isaacs/rimraf#readme", + "license": "ISC", + "main": "rimraf.js", + "name": "rimraf", + "repository": { + "type": "git", + "url": "git://github.com/isaacs/rimraf.git" + }, + "scripts": { + "postpublish": "git push origin --all; git push origin --tags", + "postversion": "npm publish", + "preversion": "npm test", + "test": "tap test/*.js" + }, + "version": "2.7.1" +} diff --git a/node_modules/libnpmpack/node_modules/rimraf/rimraf.js b/node_modules/libnpmpack/node_modules/rimraf/rimraf.js new file mode 100644 index 000000000..a90ad029f --- /dev/null +++ b/node_modules/libnpmpack/node_modules/rimraf/rimraf.js @@ -0,0 +1,372 @@ +module.exports = rimraf +rimraf.sync = rimrafSync + +var assert = require("assert") +var path = require("path") +var fs = require("fs") +var glob = undefined +try { + glob = require("glob") +} catch (_err) { + // treat glob as optional. +} +var _0666 = parseInt('666', 8) + +var defaultGlobOpts = { + nosort: true, + silent: true +} + +// for EMFILE handling +var timeout = 0 + +var isWindows = (process.platform === "win32") + +function defaults (options) { + var methods = [ + 'unlink', + 'chmod', + 'stat', + 'lstat', + 'rmdir', + 'readdir' + ] + methods.forEach(function(m) { + options[m] = options[m] || fs[m] + m = m + 'Sync' + options[m] = options[m] || fs[m] + }) + + options.maxBusyTries = options.maxBusyTries || 3 + options.emfileWait = options.emfileWait || 1000 + if (options.glob === false) { + options.disableGlob = true + } + if (options.disableGlob !== true && glob === undefined) { + throw Error('glob dependency not found, set `options.disableGlob = true` if intentional') + } + options.disableGlob = options.disableGlob || false + options.glob = options.glob || defaultGlobOpts +} + +function rimraf (p, options, cb) { + if (typeof options === 'function') { + cb = options + options = {} + } + + assert(p, 'rimraf: missing path') + assert.equal(typeof p, 'string', 'rimraf: path should be a string') + assert.equal(typeof cb, 'function', 'rimraf: callback function required') + assert(options, 'rimraf: invalid options argument provided') + assert.equal(typeof options, 'object', 'rimraf: options should be object') + + defaults(options) + + var busyTries = 0 + var errState = null + var n = 0 + + if (options.disableGlob || !glob.hasMagic(p)) + return afterGlob(null, [p]) + + options.lstat(p, function (er, stat) { + if (!er) + return afterGlob(null, [p]) + + glob(p, options.glob, afterGlob) + }) + + function next (er) { + errState = errState || er + if (--n === 0) + cb(errState) + } + + function afterGlob (er, results) { + if (er) + return cb(er) + + n = results.length + if (n === 0) + return cb() + + results.forEach(function (p) { + rimraf_(p, options, function CB (er) { + if (er) { + if ((er.code === "EBUSY" || er.code === "ENOTEMPTY" || er.code === "EPERM") && + busyTries < options.maxBusyTries) { + busyTries ++ + var time = busyTries * 100 + // try again, with the same exact callback as this one. + return setTimeout(function () { + rimraf_(p, options, CB) + }, time) + } + + // this one won't happen if graceful-fs is used. + if (er.code === "EMFILE" && timeout < options.emfileWait) { + return setTimeout(function () { + rimraf_(p, options, CB) + }, timeout ++) + } + + // already gone + if (er.code === "ENOENT") er = null + } + + timeout = 0 + next(er) + }) + }) + } +} + +// Two possible strategies. +// 1. Assume it's a file. unlink it, then do the dir stuff on EPERM or EISDIR +// 2. Assume it's a directory. readdir, then do the file stuff on ENOTDIR +// +// Both result in an extra syscall when you guess wrong. However, there +// are likely far more normal files in the world than directories. This +// is based on the assumption that a the average number of files per +// directory is >= 1. +// +// If anyone ever complains about this, then I guess the strategy could +// be made configurable somehow. But until then, YAGNI. +function rimraf_ (p, options, cb) { + assert(p) + assert(options) + assert(typeof cb === 'function') + + // sunos lets the root user unlink directories, which is... weird. + // so we have to lstat here and make sure it's not a dir. + options.lstat(p, function (er, st) { + if (er && er.code === "ENOENT") + return cb(null) + + // Windows can EPERM on stat. Life is suffering. + if (er && er.code === "EPERM" && isWindows) + fixWinEPERM(p, options, er, cb) + + if (st && st.isDirectory()) + return rmdir(p, options, er, cb) + + options.unlink(p, function (er) { + if (er) { + if (er.code === "ENOENT") + return cb(null) + if (er.code === "EPERM") + return (isWindows) + ? fixWinEPERM(p, options, er, cb) + : rmdir(p, options, er, cb) + if (er.code === "EISDIR") + return rmdir(p, options, er, cb) + } + return cb(er) + }) + }) +} + +function fixWinEPERM (p, options, er, cb) { + assert(p) + assert(options) + assert(typeof cb === 'function') + if (er) + assert(er instanceof Error) + + options.chmod(p, _0666, function (er2) { + if (er2) + cb(er2.code === "ENOENT" ? null : er) + else + options.stat(p, function(er3, stats) { + if (er3) + cb(er3.code === "ENOENT" ? null : er) + else if (stats.isDirectory()) + rmdir(p, options, er, cb) + else + options.unlink(p, cb) + }) + }) +} + +function fixWinEPERMSync (p, options, er) { + assert(p) + assert(options) + if (er) + assert(er instanceof Error) + + try { + options.chmodSync(p, _0666) + } catch (er2) { + if (er2.code === "ENOENT") + return + else + throw er + } + + try { + var stats = options.statSync(p) + } catch (er3) { + if (er3.code === "ENOENT") + return + else + throw er + } + + if (stats.isDirectory()) + rmdirSync(p, options, er) + else + options.unlinkSync(p) +} + +function rmdir (p, options, originalEr, cb) { + assert(p) + assert(options) + if (originalEr) + assert(originalEr instanceof Error) + assert(typeof cb === 'function') + + // try to rmdir first, and only readdir on ENOTEMPTY or EEXIST (SunOS) + // if we guessed wrong, and it's not a directory, then + // raise the original error. + options.rmdir(p, function (er) { + if (er && (er.code === "ENOTEMPTY" || er.code === "EEXIST" || er.code === "EPERM")) + rmkids(p, options, cb) + else if (er && er.code === "ENOTDIR") + cb(originalEr) + else + cb(er) + }) +} + +function rmkids(p, options, cb) { + assert(p) + assert(options) + assert(typeof cb === 'function') + + options.readdir(p, function (er, files) { + if (er) + return cb(er) + var n = files.length + if (n === 0) + return options.rmdir(p, cb) + var errState + files.forEach(function (f) { + rimraf(path.join(p, f), options, function (er) { + if (errState) + return + if (er) + return cb(errState = er) + if (--n === 0) + options.rmdir(p, cb) + }) + }) + }) +} + +// this looks simpler, and is strictly *faster*, but will +// tie up the JavaScript thread and fail on excessively +// deep directory trees. +function rimrafSync (p, options) { + options = options || {} + defaults(options) + + assert(p, 'rimraf: missing path') + assert.equal(typeof p, 'string', 'rimraf: path should be a string') + assert(options, 'rimraf: missing options') + assert.equal(typeof options, 'object', 'rimraf: options should be object') + + var results + + if (options.disableGlob || !glob.hasMagic(p)) { + results = [p] + } else { + try { + options.lstatSync(p) + results = [p] + } catch (er) { + results = glob.sync(p, options.glob) + } + } + + if (!results.length) + return + + for (var i = 0; i < results.length; i++) { + var p = results[i] + + try { + var st = options.lstatSync(p) + } catch (er) { + if (er.code === "ENOENT") + return + + // Windows can EPERM on stat. Life is suffering. + if (er.code === "EPERM" && isWindows) + fixWinEPERMSync(p, options, er) + } + + try { + // sunos lets the root user unlink directories, which is... weird. + if (st && st.isDirectory()) + rmdirSync(p, options, null) + else + options.unlinkSync(p) + } catch (er) { + if (er.code === "ENOENT") + return + if (er.code === "EPERM") + return isWindows ? fixWinEPERMSync(p, options, er) : rmdirSync(p, options, er) + if (er.code !== "EISDIR") + throw er + + rmdirSync(p, options, er) + } + } +} + +function rmdirSync (p, options, originalEr) { + assert(p) + assert(options) + if (originalEr) + assert(originalEr instanceof Error) + + try { + options.rmdirSync(p) + } catch (er) { + if (er.code === "ENOENT") + return + if (er.code === "ENOTDIR") + throw originalEr + if (er.code === "ENOTEMPTY" || er.code === "EEXIST" || er.code === "EPERM") + rmkidsSync(p, options) + } +} + +function rmkidsSync (p, options) { + assert(p) + assert(options) + options.readdirSync(p).forEach(function (f) { + rimrafSync(path.join(p, f), options) + }) + + // We only end up here once we got ENOTEMPTY at least once, and + // at this point, we are guaranteed to have removed all the kids. + // So, we know that it won't be ENOENT or ENOTDIR or anything else. + // try really hard to delete stuff on windows, because it has a + // PROFOUNDLY annoying habit of not closing handles promptly when + // files are deleted, resulting in spurious ENOTEMPTY errors. + var retries = isWindows ? 100 : 1 + var i = 0 + do { + var threw = true + try { + var ret = options.rmdirSync(p, options) + threw = false + return ret + } finally { + if (++i < retries && threw) + continue + } + } while (true) +} diff --git a/node_modules/libnpmpack/package.json b/node_modules/libnpmpack/package.json new file mode 100644 index 000000000..6ed78d9ac --- /dev/null +++ b/node_modules/libnpmpack/package.json @@ -0,0 +1,100 @@ +{ + "_from": "libnpmpack@^2.0.0", + "_id": "libnpmpack@2.0.0", + "_inBundle": false, + "_integrity": "sha512-w4wB8ZQUceUANUEiSYqi4nHlqFxhzLXWmhVbDt3NlyZVkmblTokR4xK9VfihLXJhdARQxeILx/HxReeqas1KZQ==", + "_location": "/libnpmpack", + "_phantomChildren": { + "@npmcli/git": "2.0.1", + "@npmcli/installed-package-contents": "1.0.5", + "@npmcli/promise-spawn": "1.1.0", + "cacache": "15.0.0", + "fs-minipass": "2.1.0", + "glob": "7.1.4", + "hosted-git-info": "3.0.2", + "infer-owner": "1.0.4", + "lru-cache": "5.1.1", + "minipass": "3.1.1", + "minipass-fetch": "1.2.1", + "npm-packlist": "2.1.0", + "npm-pick-manifest": "6.0.0", + "npm-registry-fetch": "8.0.0", + "promise-inflight": "1.0.1", + "promise-retry": "1.1.1", + "read-package-json-fast": "1.1.3", + "semver": "7.1.3", + "ssri": "8.0.0", + "tar": "6.0.1", + "validate-npm-package-name": "3.0.0", + "which": "2.0.2" + }, + "_requested": { + "type": "range", + "registry": true, + "raw": "libnpmpack@^2.0.0", + "name": "libnpmpack", + "escapedName": "libnpmpack", + "rawSpec": "^2.0.0", + "saveSpec": null, + "fetchSpec": "^2.0.0" + }, + "_requiredBy": [ + "/libnpmpublish" + ], + "_resolved": "https://registry.npmjs.org/libnpmpack/-/libnpmpack-2.0.0.tgz", + "_shasum": "6b7f050f8dde248776c92495147f623dc711a221", + "_spec": "libnpmpack@^2.0.0", + "_where": "/Users/claudiahdz/npm/cli/node_modules/libnpmpublish", + "author": { + "name": "npm Inc.", + "email": "support@npmjs.com" + }, + "bugs": { + "url": "https://github.com/npm/libnpmpack/issues" + }, + "bundleDependencies": false, + "contributors": [ + { + "name": "Claudia Hernández", + "email": "claudia@npmjs.com" + } + ], + "dependencies": { + "@npmcli/run-script": "^1.3.0", + "npm-package-arg": "^8.0.0", + "pacote": "^11.1.4" + }, + "deprecated": false, + "description": "Programmatic API for the bits behind npm pack", + "devDependencies": { + "nock": "^12.0.2", + "standard": "^14.3.1", + "tap": "^14.10.6" + }, + "engines": { + "node": ">=10" + }, + "files": [ + "*.js" + ], + "homepage": "https://npmjs.com/package/libnpmpack", + "license": "ISC", + "main": "index.js", + "name": "libnpmpack", + "repository": { + "type": "git", + "url": "git+https://github.com/npm/libnpmpack.git" + }, + "scripts": { + "lint": "standard", + "posttest": "npm run lint", + "postversion": "npm publish", + "prepublishOnly": "git push origin --follow-tags", + "preversion": "npm test", + "test": "tap" + }, + "tap": { + "check-coverage": true + }, + "version": "2.0.0" +} |