diff options
| author | isaacs <i@izs.me> | 2021-01-07 23:11:21 +0300 |
|---|---|---|
| committer | isaacs <i@izs.me> | 2021-01-07 23:11:21 +0300 |
| commit | 7a49fd4afc8cd24db40aee008031ea648583d0bc (patch) | |
| tree | 16e0371f2fd0752e9d9ea45c61a8b2b8bda5b179 /node_modules/pacote | |
| parent | 7282329512a729d05c630583c52a085bc9ecc03b (diff) | |
tar@6.1.0 pacote@11.1.14
Diffstat (limited to 'node_modules/pacote')
| -rw-r--r-- | node_modules/pacote/lib/fetcher.js | 13 | ||||
| -rw-r--r-- | node_modules/pacote/package.json | 4 |
2 files changed, 12 insertions, 5 deletions
diff --git a/node_modules/pacote/lib/fetcher.js b/node_modules/pacote/lib/fetcher.js index 5142bb280..33fbf79c6 100644 --- a/node_modules/pacote/lib/fetcher.js +++ b/node_modules/pacote/lib/fetcher.js @@ -75,7 +75,12 @@ class FetcherBase { this.type = this.constructor.name this.fmode = opts.fmode || 0o666 this.dmode = opts.dmode || 0o777 - this.umask = opts.umask || 0o022 + // we don't need a default umask, because we don't chmod files coming + // out of package tarballs. they're forced to have a mode that is + // valid, regardless of what's in the tarball entry, and then we let + // the process's umask setting do its job. but if configured, we do + // respect it. + this.umask = opts.umask || 0 this.log = opts.log || procLog this.preferOnline = !!opts.preferOnline @@ -290,7 +295,7 @@ class FetcherBase { return cacache.rm.content(this.cache, this.integrity, this.opts) } - [_chown] (path, uid, gid) { + async [_chown] (path, uid, gid) { return selfOwner && (selfOwner.gid !== gid || selfOwner.uid !== uid) ? chownr(path, uid, gid) : /* istanbul ignore next - we don't test in root-owned folders */ null @@ -388,13 +393,15 @@ class FetcherBase { // make sure package bins are executable const exe = isPackageBin(this.package, path) ? 0o111 : 0 - return ((mode | m) & ~this.umask) | exe + // always ensure that files are read/writable by the owner + return ((mode | m) & ~this.umask) | exe | 0o600 } [_tarxOptions] ({ cwd, uid, gid }) { const sawIgnores = new Set() return { cwd, + noChmod: true, filter: (name, entry) => { if (/Link$/.test(entry.type)) return false diff --git a/node_modules/pacote/package.json b/node_modules/pacote/package.json index bef19b662..085e8f66a 100644 --- a/node_modules/pacote/package.json +++ b/node_modules/pacote/package.json @@ -1,6 +1,6 @@ { "name": "pacote", - "version": "11.1.13", + "version": "11.1.14", "description": "JavaScript package downloader", "author": "Isaac Z. Schlueter <i@izs.me> (https://izs.me)", "bin": { @@ -54,7 +54,7 @@ "read-package-json-fast": "^1.1.3", "rimraf": "^3.0.2", "ssri": "^8.0.0", - "tar": "^6.0.1" + "tar": "^6.1.0" }, "engines": { "node": ">=10" |