diff options
| author | claudiahdz <cghr1990@gmail.com> | 2020-02-18 21:00:02 +0300 |
|---|---|---|
| committer | isaacs <i@izs.me> | 2020-05-08 04:11:51 +0300 |
| commit | 03ac5a62c2ca629335d696ead33a56a656daa80c (patch) | |
| tree | 32a3192eac65c0bb27dbc125e205f675084c9b5f /node_modules | |
| parent | 56e1f868e8634a4bf0f7a7186a68a6f3de9cfb2a (diff) | |
npm-registry-fetch@7.0.0
Diffstat (limited to 'node_modules')
37 files changed, 564 insertions, 1420 deletions
diff --git a/node_modules/@npmcli/ci-detect/README.md b/node_modules/@npmcli/ci-detect/README.md index 29db4660e..64f15f689 100644 --- a/node_modules/@npmcli/ci-detect/README.md +++ b/node_modules/@npmcli/ci-detect/README.md @@ -29,15 +29,24 @@ at the appropriate environment variables. * `'jenkins'` Jenkins * `'bamboo'` Bamboo * `'gocd'` GoCD -* `'codeship'` CodeShip (or any that set `CI_NAME` environment variable) +* `'wercker'` Oracle Wercker +* `'netlify'` Netlify +* `'now-github'` Zeit.co's Now for GitHub deployment service +* `'now-bitbucket'` Zeit.co's Now for BitBucket deployment service +* `'now-gitlab'` Zeit.co's Now for GitLab deployment service +* `'codeship'` CodeShip +* Anything that sets the `CI_NAME` environment variable will return the + value as the result. (This is how CodeShip is detected.) * `'travis-ci'` Travis-CI - A few other CI systems set `TRAVIS=1` in the environment, because devs use that to indicate "test mode", so this one - can get some false positives. + can get some false positives, and is tested later in the process to + minimize this effect. * `'aws-codebuild'` AWS CodeBuild * `'builder'` Google Cloud Builder - This one is a bit weird. It doesn't really set anything that can be reliably detected except `BUILDER_OUTPUT`, so it can get false positives pretty easily. -* `'custom'` anything else that sets `CI` environment variable +* `'custom'` anything else that sets `CI` environment variable to either + `'1'` or `'true'`. ## Caveats diff --git a/node_modules/@npmcli/ci-detect/index.js b/node_modules/@npmcli/ci-detect/index.js index 8bd3bd07d..a84c5b642 100644 --- a/node_modules/@npmcli/ci-detect/index.js +++ b/node_modules/@npmcli/ci-detect/index.js @@ -10,6 +10,11 @@ module.exports = () => : process.env.JENKINS_URL ? 'jenkins' : process.env['bamboo.buildKey'] ? 'bamboo' : process.env.GO_PIPELINE_NAME ? 'gocd' + : process.env.WERCKER ? 'wercker' + : process.env.NETLIFY ? 'netlify' + : process.env.NOW_GITHUB_DEPLOYMENT ? 'now-github' + : process.env.GITLAB_DEPLOYMENT ? 'now-gitlab' + : process.env.BITBUCKET_DEPLOYMENT ? 'now-bitbucket' // codeship and a few others : process.env.CI_NAME ? process.env.CI_NAME // test travis after the others, since several CI systems mimic it diff --git a/node_modules/@npmcli/ci-detect/package.json b/node_modules/@npmcli/ci-detect/package.json index 64d5ac232..ea24c90b5 100644 --- a/node_modules/@npmcli/ci-detect/package.json +++ b/node_modules/@npmcli/ci-detect/package.json @@ -1,8 +1,8 @@ { "_from": "@npmcli/ci-detect@^1.0.0", - "_id": "@npmcli/ci-detect@1.1.1", + "_id": "@npmcli/ci-detect@1.2.0", "_inBundle": false, - "_integrity": "sha512-h5eW3DljLypyhvfK94FkSSm4qtSUFddth/xW+7vnkVCEUJR38MYvctCSZkxqrzmXZSzpfImuAwwKvRqkEuDvCQ==", + "_integrity": "sha512-JtktVH7ASBVIWsQTFlFpeOzhBJskvoBCTfeeRhhZy7ybATcUvwiwotZ8j5rkqUUyB69lIy/AvboiiiGBjYBKBA==", "_location": "/@npmcli/ci-detect", "_phantomChildren": {}, "_requested": { @@ -19,10 +19,10 @@ "_requiredBy": [ "/npm-registry-fetch" ], - "_resolved": "https://registry.npmjs.org/@npmcli/ci-detect/-/ci-detect-1.1.1.tgz", - "_shasum": "9a158cf4e3e88f0067cbc1ca5d0de2f453de6afe", + "_resolved": "https://registry.npmjs.org/@npmcli/ci-detect/-/ci-detect-1.2.0.tgz", + "_shasum": "0df142a1ac3bba6cbf2e9da1a6994cd898e32c95", "_spec": "@npmcli/ci-detect@^1.0.0", - "_where": "/Users/mperrotte/npminc/cli/node_modules/npm-registry-fetch", + "_where": "/Users/claudiahdz/npm/cli/node_modules/npm-registry-fetch", "author": { "name": "Isaac Z. Schlueter", "email": "i@izs.me", @@ -56,5 +56,5 @@ "tap": { "check-coverage": true }, - "version": "1.1.1" + "version": "1.2.0" } diff --git a/node_modules/npm-registry-fetch/CHANGELOG.md b/node_modules/npm-registry-fetch/CHANGELOG.md index daf8a9378..36eb6efb3 100644 --- a/node_modules/npm-registry-fetch/CHANGELOG.md +++ b/node_modules/npm-registry-fetch/CHANGELOG.md @@ -2,6 +2,45 @@ All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines. +## [7.0.0](https://github.com/npm/registry-fetch/compare/v6.0.2...v7.0.0) (2020-02-18) + + +### ⚠ BREAKING CHANGES + +* figgy pudding is now nowhere to be found. +* this removes figgy-pudding, and drops several option +aliases. + +Defaults and behavior are all the same, and this module is now using the +canonical camelCase option names that npm v7 will provide to all its +deps. + +Related to: https://github.com/npm/rfcs/pull/102 + +PR-URL: https://github.com/npm/npm-registry-fetch/pull/22 +Credit: @isaacs + +### Bug Fixes + +* Remove figgy-pudding, use canonical option names ([ede3c08](https://github.com/npm/registry-fetch/commit/ede3c087007fd1808e02b1af70562220d03b18a9)), closes [#22](https://github.com/npm/registry-fetch/issues/22) + + +* update cacache, ssri, make-fetch-happen ([57fcc88](https://github.com/npm/registry-fetch/commit/57fcc889bee03edcc0a2025d96a171039108c231)) + +### [6.0.2](https://github.com/npm/registry-fetch/compare/v6.0.1...v6.0.2) (2020-02-14) + + +### Bug Fixes + +* always bypass cache when ?write=true ([83f89f3](https://github.com/npm/registry-fetch/commit/83f89f35abd2ed0507c869e37f90ed746375772c)) + +### [6.0.1](https://github.com/npm/registry-fetch/compare/v6.0.0...v6.0.1) (2020-02-14) + + +### Bug Fixes + +* use 30s default for timeout as per README ([50e8afc](https://github.com/npm/registry-fetch/commit/50e8afc6ff850542feb588f9f9c64ebae59e72a0)), closes [#20](https://github.com/npm/registry-fetch/issues/20) + ## [6.0.0](https://github.com/npm/registry-fetch/compare/v5.0.1...v6.0.0) (2019-12-17) diff --git a/node_modules/npm-registry-fetch/README.md b/node_modules/npm-registry-fetch/README.md index 5f601916d..da7228277 100644 --- a/node_modules/npm-registry-fetch/README.md +++ b/node_modules/npm-registry-fetch/README.md @@ -1,4 +1,10 @@ -# npm-registry-fetch [](https://npm.im/npm-registry-fetch) [](https://npm.im/npm-registry-fetch) [](https://travis-ci.org/npm/npm-registry-fetch) [](https://ci.appveyor.com/project/npm/npm-registry-fetch) [](https://coveralls.io/github/npm/npm-registry-fetch?branch=latest) +# npm-registry-fetch + +[](https://npm.im/npm-registry-fetch) +[](https://npm.im/npm-registry-fetch) +[](https://travis-ci.org/npm/npm-registry-fetch) +[](https://ci.appveyor.com/project/npm/npm-registry-fetch) +[](https://coveralls.io/github/npm/npm-registry-fetch?branch=latest) [`npm-registry-fetch`](https://github.com/npm/npm-registry-fetch) is a Node.js library that implements a `fetch`-like API for accessing npm registry APIs @@ -50,6 +56,25 @@ Happy hacking! ### API +#### Caching and `write=true` query strings + +Before performing any PUT or DELETE operation, npm clients first make a +GET request to the registry resource being updated, which includes +the query string `?write=true`. + +The semantics of this are, effectively, "I intend to write to this thing, +and need to know the latest current value, so that my write can land +cleanly". + +The public npm registry handles these `?write=true` requests by ensuring +that the cache is re-validated before sending a response. In order to +maintain the same behavior on the client, and not get tripped up by an +overeager local cache when we intend to write data to the registry, any +request that comes through `npm-registry-fetch` that contains `write=true` +in the query string will forcibly set the `prefer-online` option to `true`, +and set both `prefer-offline` and `offline` to false, so that any local +cached value will be revalidated. + #### <a name="fetch"></a> `> fetch(url, [opts]) -> Promise<Response>` Performs a request to a given URL. @@ -156,7 +181,7 @@ to trust only that specific signing authority. Multiple CAs can be trusted by specifying an array of certificates instead of a single string. -See also [`opts.strict-ssl`](#opts-strict-ssl), [`opts.ca`](#opts-ca) and +See also [`opts.strictSSL`](#opts-strictSSL), [`opts.ca`](#opts-ca) and [`opts.key`](#opts-key) ##### <a name="opts-cache"></a> `opts.cache` @@ -169,8 +194,8 @@ will be cached according to [IETF RFC 7234](https://tools.ietf.org/html/rfc7234) rules. This will speed up future requests, as well as make the cached data available offline if necessary/requested. -See also [`offline`](#opts-offline), [`prefer-offline`](#opts-prefer-offline), -and [`prefer-online`](#opts-prefer-online). +See also [`offline`](#opts-offline), [`preferOffline`](#opts-preferOffline), +and [`preferOnline`](#opts-preferOnline). ##### <a name="opts-cert"></a> `opts.cert` @@ -191,7 +216,7 @@ It is _not_ the path to a certificate file (and there is no "certfile" option). See also: [`opts.ca`](#opts-ca) and [`opts.key`](#opts-key) -##### <a name="opts-fetch-retries"></a> `opts.fetch-retries` +##### <a name="opts-fetchRetries"></a> `opts.fetchRetries` * Type: Number * Default: 2 @@ -202,7 +227,7 @@ packages from the registry. See also [`opts.retry`](#opts-retry) to provide all retry options as a single object. -##### <a name="opts-fetch-retry-factor"></a> `opts.fetch-retry-factor` +##### <a name="opts-fetchRetryFactor"></a> `opts.fetchRetryFactor` * Type: Number * Default: 10 @@ -213,7 +238,7 @@ packages. See also [`opts.retry`](#opts-retry) to provide all retry options as a single object. -##### <a name="opts-fetch-retry-mintimeout"></a> `opts.fetch-retry-mintimeout` +##### <a name="opts-fetchRetryMintimeout"></a> `opts.fetchRetryMintimeout` * Type: Number * Default: 10000 (10 seconds) @@ -224,7 +249,7 @@ packages. See also [`opts.retry`](#opts-retry) to provide all retry options as a single object. -##### <a name="opts-fetch-retry-maxtimeout"></a> `opts.fetch-retry-maxtimeout` +##### <a name="opts-fetchRetryMaxtimeout"></a> `opts.fetchRetryMaxtimeout` * Type: Number * Default: 60000 (1 minute) @@ -235,9 +260,8 @@ packages. See also [`opts.retry`](#opts-retry) to provide all retry options as a single object. -##### <a name="opts-force-auth"></a> `opts.force-auth` +##### <a name="opts-forceAuth"></a> `opts.forceAuth` -* Alias: `opts.forceAuth` * Type: Object * Default: null @@ -263,9 +287,8 @@ Additional headers for the outgoing request. This option can also be used to override headers automatically generated by `npm-registry-fetch`, such as `Content-Type`. -##### <a name="opts-ignore-body"></a> `opts.ignore-body` +##### <a name="opts-ignoreBody"></a> `opts.ignoreBody` -* Alias: `opts.ignoreBody` * Type: Boolean * Default: false @@ -292,9 +315,8 @@ previously-generated integrity hash for the saved request information, so `EINTEGRITY` errors can happen if [`opts.cache`](#opts-cache) is used, even if `opts.integrity` is not passed in. -##### <a name='opts-is-from-ci'></a> `opts.is-from-ci` +##### <a name='opts-isFromCI'></a> `opts.isFromCI` -* Alias: `opts.isFromCI` * Type: Boolean * Default: Based on environment variables @@ -318,7 +340,7 @@ It is _not_ the path to a key file (and there is no "keyfile" option). See also: [`opts.ca`](#opts-ca) and [`opts.cert`](#opts-cert) -##### <a name="opts-local-address"></a> `opts.local-address` +##### <a name="opts-localAddress"></a> `opts.localAddress` * Type: IP Address String * Default: null @@ -336,9 +358,8 @@ See also [`opts.proxy`](#opts-proxy) Logger object to use for logging operation details. Must have the same methods as `npmlog`. -##### <a name="opts-map-json"></a> `opts.map-json` +##### <a name="opts-mapJSON"></a> `opts.mapJSON` -* Alias: `mapJson`, `mapJSON` * Type: Function * Default: undefined @@ -346,9 +367,8 @@ When using `fetch.json.stream()` (NOT `fetch.json()`), this will be passed down to [`JSONStream`](https://npm.im/JSONStream) as the second argument to `JSONStream.parse`, and can be used to transform stream data before output. -##### <a name="opts-maxsockets"></a> `opts.maxsockets` +##### <a name="opts-maxSockets"></a> `opts.maxSockets` -* Alias: `opts.max-sockets` * Type: Integer * Default: 12 @@ -369,9 +389,8 @@ HTTP method to use for the outgoing request. Case-insensitive. If true, proxying will be disabled even if [`opts.proxy`](#opts-proxy) is used. -##### <a name="opts-npm-session"></a> `opts.npm-session` +##### <a name="opts-npmSession"></a> `opts.npmSession` -* Alias: `opts.npmSession` * Type: String * Default: null @@ -386,11 +405,14 @@ invocations of the CLI). Force offline mode: no network requests will be done during install. To allow `npm-registry-fetch` to fill in missing cache data, see -[`opts.prefer-offline`](#opts-prefer-offline). +[`opts.preferOffline`](#opts-preferOffline). This option is only really useful if you're also using [`opts.cache`](#opts-cache). +This option is set to `true` when the request includes `write=true` in the +query string. + ##### <a name="opts-otp"></a> `opts.otp` * Type: Number | String @@ -402,7 +424,7 @@ account. ##### <a name="opts-password"></a> `opts.password` -* Alias: _password +* Alias: `_password` * Type: String * Default: null @@ -420,7 +442,7 @@ That is: See also [`opts.username`](#opts-username) -##### <a name="opts-prefer-offline"></a> `opts.prefer-offline` +##### <a name="opts-preferOffline"></a> `opts.preferOffline` * Type: Boolean * Default: false @@ -432,7 +454,10 @@ will be requested from the server. To force full offline mode, use This option is generally only useful if you're also using [`opts.cache`](#opts-cache). -##### <a name="opts-prefer-online"></a> `opts.prefer-online` +This option is set to `false` when the request includes `write=true` in the +query string. + +##### <a name="opts-preferOnline"></a> `opts.preferOnline` * Type: Boolean * Default: false @@ -443,10 +468,11 @@ for updates immediately even for fresh package data. This option is generally only useful if you're also using [`opts.cache`](#opts-cache). +This option is set to `true` when the request includes `write=true` in the +query string. -##### <a name="opts-project-scope"></a> `opts.project-scope` +##### <a name="opts-projectScope"></a> `opts.projectScope` -* Alias: `opts.projectScope` * Type: String * Default: null @@ -477,7 +503,6 @@ If the request URI already has a query string, it will be merged with ##### <a name="opts-refer"></a> `opts.refer` -* Alias: `opts.referer` * Type: String * Default: null @@ -541,7 +566,7 @@ If provided, can be used to automatically configure [`opts.scope`](#opts-scope) based on a specific package name. Non-registry package specs will throw an error. -##### <a name="opts-strict-ssl"></a> `opts.strict-ssl` +##### <a name="opts-strictSSL"></a> `opts.strictSSL` * Type: Boolean * Default: true @@ -574,7 +599,7 @@ Can be scoped to a registry by using a "nerf dart" for that registry. That is: } ``` -##### <a name="opts-user-agent"></a> `opts.user-agent` +##### <a name="opts-userAgent"></a> `opts.userAgent` * Type: String * Default: `'npm-registry-fetch@<version>/node@<node-version>+<arch> (<platform>)'` @@ -606,4 +631,4 @@ See also [`opts.password`](#opts-password) * Default: null ** DEPRECATED ** This is a legacy authentication token supported only for -*compatibility. Please use [`opts.token`](#opts-token) instead. +compatibility. Please use [`opts.token`](#opts-token) instead. diff --git a/node_modules/npm-registry-fetch/auth.js b/node_modules/npm-registry-fetch/auth.js index 3198b9c40..11c3bde6b 100644 --- a/node_modules/npm-registry-fetch/auth.js +++ b/node_modules/npm-registry-fetch/auth.js @@ -1,17 +1,14 @@ 'use strict' -const config = require('./config.js') +const defaultOpts = require('./default-opts.js') const url = require('url') module.exports = getAuth -function getAuth (registry, opts) { +function getAuth (registry, opts_ = {}) { if (!registry) { throw new Error('registry is required') } - opts = config(opts) + const opts = opts_.forceAuth ? opts_.forceAuth : { ...defaultOpts, ...opts_ } const AUTH = {} const regKey = registry && registryKey(registry) - if (opts.forceAuth) { - opts = opts.forceAuth - } const doKey = (key, alias) => addKey(opts, AUTH, regKey, key, alias) doKey('token') doKey('_authToken', 'token') diff --git a/node_modules/npm-registry-fetch/check-response.js b/node_modules/npm-registry-fetch/check-response.js index 3137ea712..933c8f7cd 100644 --- a/node_modules/npm-registry-fetch/check-response.js +++ b/node_modules/npm-registry-fetch/check-response.js @@ -1,12 +1,13 @@ 'use strict' -const config = require('./config.js') const errors = require('./errors.js') const LRU = require('lru-cache') const { Response } = require('minipass-fetch') +const defaultOpts = require('./default-opts.js') + module.exports = checkResponse -function checkResponse (method, res, registry, startTime, opts) { - opts = config(opts) +function checkResponse (method, res, registry, startTime, opts_ = {}) { + const opts = { ...defaultOpts, ...opts_ } if (res.headers.has('npm-notice') && !res.headers.has('x-local-cache')) { opts.log.notice('', res.headers.get('npm-notice')) } diff --git a/node_modules/npm-registry-fetch/config.js b/node_modules/npm-registry-fetch/config.js deleted file mode 100644 index d22ef4ca4..000000000 --- a/node_modules/npm-registry-fetch/config.js +++ /dev/null @@ -1,90 +0,0 @@ -'use strict' - -const pkg = require('./package.json') -const figgyPudding = require('figgy-pudding') -const silentLog = require('./silentlog.js') -const ciDetect = require('@npmcli/ci-detect') - -const AUTH_REGEX = /^(?:.*:)?(token|_authToken|username|_password|password|email|always-auth|_auth|otp)$/ -const SCOPE_REGISTRY_REGEX = /@.*:registry$/gi -module.exports = figgyPudding({ - agent: {}, - algorithms: {}, - body: {}, - ca: {}, - cache: {}, - cert: {}, - 'fetch-retries': {}, - 'fetch-retry-factor': {}, - 'fetch-retry-maxtimeout': {}, - 'fetch-retry-mintimeout': {}, - 'force-auth': {}, - forceAuth: 'force-auth', - gzip: {}, - headers: {}, - 'https-proxy': {}, - 'ignore-body': {}, - ignoreBody: 'ignore-body', - integrity: {}, - 'is-from-ci': 'isFromCI', - isFromCI: { - default () { - return ciDetect() - } - }, - key: {}, - 'local-address': {}, - log: { - default: silentLog - }, - 'map-json': 'mapJson', - mapJSON: 'mapJson', - mapJson: {}, - 'max-sockets': 'maxsockets', - maxsockets: { - default: 12 - }, - memoize: {}, - method: { - default: 'GET' - }, - 'no-proxy': {}, - noproxy: {}, - 'npm-session': 'npmSession', - npmSession: {}, - offline: {}, - otp: {}, - 'prefer-offline': {}, - 'prefer-online': {}, - projectScope: {}, - 'project-scope': 'projectScope', - proxy: {}, - query: {}, - refer: {}, - referer: 'refer', - registry: { - default: 'https://registry.npmjs.org/' - }, - retry: {}, - scope: {}, - spec: {}, - 'strict-ssl': {}, - timeout: {}, - 'user-agent': { - default: `${ - pkg.name - }@${ - pkg.version - }/node@${ - process.version - }+${ - process.arch - } (${ - process.platform - })` - } -}, { - other (key) { - return key.match(AUTH_REGEX) || key.match(SCOPE_REGISTRY_REGEX) - } -}) diff --git a/node_modules/npm-registry-fetch/default-opts.js b/node_modules/npm-registry-fetch/default-opts.js new file mode 100644 index 000000000..4d51da470 --- /dev/null +++ b/node_modules/npm-registry-fetch/default-opts.js @@ -0,0 +1,22 @@ +const pkg = require('./package.json') +const ciDetect = require('@npmcli/ci-detect') +module.exports = { + isFromCI: ciDetect(), + log: require('./silentlog.js'), + maxSockets: 12, + method: 'GET', + registry: 'https://registry.npmjs.org/', + timeout: 30 * 1000, + strictSSL: true, + noProxy: process.env.NOPROXY, + userAgent: `${pkg.name + }@${ + pkg.version + }/node@${ + process.version + }+${ + process.arch + } (${ + process.platform + })` +} diff --git a/node_modules/npm-registry-fetch/index.js b/node_modules/npm-registry-fetch/index.js index 47d0ab60a..2942db225 100644 --- a/node_modules/npm-registry-fetch/index.js +++ b/node_modules/npm-registry-fetch/index.js @@ -1,10 +1,6 @@ 'use strict' -const Buffer = require('safe-buffer').Buffer - -const ciDetect = require('@npmcli/ci-detect') const checkResponse = require('./check-response.js') -const config = require('./config.js') const getAuth = require('./auth.js') const fetch = require('make-fetch-happen') const JSONStream = require('minipass-json-stream') @@ -14,6 +10,8 @@ const url = require('url') const zlib = require('minizlib') const Minipass = require('minipass') +const defaultOpts = require('./default-opts.js') + // WhatWG URL throws if it's not fully resolved const urlIsValid = u => { try { @@ -24,12 +22,15 @@ const urlIsValid = u => { } module.exports = regFetch -function regFetch (uri, opts) { - opts = config(opts) - const registry = ( +function regFetch (uri, /* istanbul ignore next */ opts_ = {}) { + const opts = { + ...defaultOpts, + ...opts_ + } + const registry = opts.registry = ( (opts.spec && pickRegistry(opts.spec, opts)) || opts.registry || - /* istanbul ignore next: default set in figgy pudding config */ + /* istanbul ignore next */ 'https://registry.npmjs.org/' ) @@ -41,9 +42,7 @@ function regFetch (uri, opts) { }` } - const method = opts.method || - /* istanbul ignore next: default set in figgy pudding config */ - 'GET' + const method = opts.method || 'GET' // through that takes into account the scope, the prefix of `uri`, etc const startTime = Date.now() @@ -73,12 +72,13 @@ function regFetch (uri, opts) { } } + const parsed = new url.URL(uri) + if (opts.query) { const q = typeof opts.query === 'string' ? qs.parse(opts.query) : opts.query - const parsed = new url.URL(uri) Object.keys(q).forEach(key => { if (q[key] !== undefined) { parsed.searchParams.set(key, q[key]) @@ -87,6 +87,15 @@ function regFetch (uri, opts) { uri = url.format(parsed) } + if (parsed.searchParams.get('write') === 'true' && method === 'GET') { + // do not cache, because this GET is fetching a rev that will be + // used for a subsequent PUT or DELETE, so we need to conditionally + // update cache. + opts.offline = false + opts.preferOffline = false + opts.preferOnline = true + } + const doFetch = (body) => fetch(uri, { agent: opts.agent, algorithms: opts.algorithms, @@ -98,21 +107,21 @@ function regFetch (uri, opts) { headers, integrity: opts.integrity, key: opts.key, - localAddress: opts['local-address'], - maxSockets: opts.maxsockets, + localAddress: opts.localAddress, + maxSockets: opts.maxSockets, memoize: opts.memoize, method: method, - noProxy: opts['no-proxy'] || opts.noproxy, - proxy: opts['https-proxy'] || opts.proxy, + noProxy: opts.noProxy, + proxy: opts.httpsProxy || opts.proxy, referer: opts.refer, - retry: opts.retry != null ? opts.retry : { - retries: opts['fetch-retries'], - factor: opts['fetch-retry-factor'], - minTimeout: opts['fetch-retry-mintimeout'], - maxTimeout: opts['fetch-retry-maxtimeout'] + retry: opts.retry ? opts.retry : { + retries: opts.fetchRetries, + factor: opts.fetchRetryFactor, + minTimeout: opts.fetchRetryMintimeout, + maxTimeout: opts.fetchRetryMaxtimeout }, - strictSSL: !!opts['strict-ssl'], - timeout: opts.timeout + strictSSL: opts.strictSSL, + timeout: opts.timeout || 30 * 1000 }).then(res => checkResponse( method, res, registry, startTime, opts )) @@ -126,9 +135,9 @@ function fetchJSON (uri, opts) { } module.exports.json.stream = fetchJSONStream -function fetchJSONStream (uri, jsonPath, opts) { - opts = config(opts) - const parser = JSONStream.parse(jsonPath, opts.mapJson) +function fetchJSONStream (uri, jsonPath, /* istanbul ignore next */ opts_ = {}) { + const opts = { ...defaultOpts, ...opts_ } + const parser = JSONStream.parse(jsonPath, opts.mapJSON) regFetch(uri, opts).then(res => res.body.on('error', /* istanbul ignore next: unlikely and difficult to test */ @@ -138,9 +147,8 @@ function fetchJSONStream (uri, jsonPath, opts) { } module.exports.pickRegistry = pickRegistry -function pickRegistry (spec, opts) { +function pickRegistry (spec, opts = {}) { spec = npa(spec) - opts = config(opts) let registry = spec.scope && opts[spec.scope.replace(/^@?/, '@') + ':registry'] @@ -149,9 +157,7 @@ function pickRegistry (spec, opts) { } if (!registry) { - registry = opts.registry || - /* istanbul ignore next: default set by figgy pudding config */ - 'https://registry.npmjs.org/' + registry = opts.registry || 'https://registry.npmjs.org/' } return registry @@ -160,23 +166,21 @@ function pickRegistry (spec, opts) { function getCacheMode (opts) { return opts.offline ? 'only-if-cached' - : opts['prefer-offline'] + : opts.preferOffline ? 'force-cache' - : opts['prefer-online'] + : opts.preferOnline ? 'no-cache' : 'default' } function getHeaders (registry, uri, opts) { const headers = Object.assign({ - 'npm-in-ci': !!( - opts['is-from-ci'] || ciDetect() - ), - 'npm-scope': opts['project-scope'], - 'npm-session': opts['npm-session'], - 'user-agent': opts['user-agent'], + 'npm-in-ci': !!opts.isFromCI, + 'npm-scope': opts.projectScope, + 'npm-session': opts.npmSession, + 'user-agent': opts.userAgent, referer: opts.refer - }, opts.headers) + }, opts.headers || {}) const auth = getAuth(registry, opts) // If a tarball is hosted on a different place than the manifest, only send diff --git a/node_modules/npm-registry-fetch/node_modules/cacache/CHANGELOG.md b/node_modules/npm-registry-fetch/node_modules/cacache/CHANGELOG.md index 6f70b4e7f..b8540a375 100644 --- a/node_modules/npm-registry-fetch/node_modules/cacache/CHANGELOG.md +++ b/node_modules/npm-registry-fetch/node_modules/cacache/CHANGELOG.md @@ -2,6 +2,17 @@ All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines. +## [15.0.0](https://github.com/npm/cacache/compare/v14.0.0...v15.0.0) (2020-02-18) + + +### ⚠ BREAKING CHANGES + +* drop figgy-pudding and use canonical option names. + +### Features + +* remove figgy-pudding ([57d11bc](https://github.com/npm/cacache/commit/57d11bce34f979247d1057d258acc204c4944491)) + ## [14.0.0](https://github.com/npm/cacache/compare/v13.0.1...v14.0.0) (2020-01-28) diff --git a/node_modules/npm-registry-fetch/node_modules/cacache/README.md b/node_modules/npm-registry-fetch/node_modules/cacache/README.md index 19546b5bb..3f70f49a4 100644 --- a/node_modules/npm-registry-fetch/node_modules/cacache/README.md +++ b/node_modules/npm-registry-fetch/node_modules/cacache/README.md @@ -33,7 +33,6 @@ just as easily be used on its own. * Writing * [`put`](#put-data) * [`put.stream`](#put-stream) - * [`put*` opts](#put-options) * [`rm.all`](#rm-all) * [`rm.entry`](#rm-entry) * [`rm.content`](#rm-content) @@ -92,7 +91,7 @@ cacache.get.byDigest(cachePath, integrityHash).then(data => { * Lockless, high-concurrency cache access * Streaming support * Promise support -* Pretty darn fast -- sub-millisecond reads and writes including verification +* Fast -- sub-millisecond reads and writes including verification * Arbitrary metadata storage * Garbage collection and additional offline verification * Thorough test coverage @@ -201,6 +200,8 @@ A sub-function, `get.byDigest` may be used for identical behavior, except lookup will happen by integrity hash, bypassing the index entirely. This version of the function *only* returns `data` itself, without any wrapper. +See: [options](#get-options) + ##### Note This function loads the entire cache entry into memory before returning it. If @@ -242,6 +243,8 @@ A sub-function, `get.stream.byDigest` may be used for identical behavior, except lookup will happen by integrity hash, bypassing the index entirely. This version does not emit the `metadata` and `integrity` events at all. +See: [options](#get-options) + ##### Example ```javascript @@ -328,12 +331,33 @@ cacache.get.hasContent(cachePath, 'sha521-NOT+IN/CACHE==').then(console.log) false ``` +##### <a name="get-options"></a> Options + +##### `opts.integrity` +If present, the pre-calculated digest for the inserted content. If this option +is provided and does not match the post-insertion digest, insertion will fail +with an `EINTEGRITY` error. + +##### `opts.memoize` + +Default: null + +If explicitly truthy, cacache will read from memory and memoize data on bulk read. If `false`, cacache will read from disk data. Reader functions by default read from in-memory cache. + +##### `opts.size` +If provided, the data stream will be verified to check that enough data was +passed through. If there's more or less data than expected, insertion will fail +with an `EBADSIZE` error. + + #### <a name="put-data"></a> `> cacache.put(cache, key, data, [opts]) -> Promise` Inserts data passed to it into the cache. The returned Promise resolves with a digest (generated according to [`opts.algorithms`](#optsalgorithms)) after the cache entry has been successfully written. +See: [options](#put-options) + ##### Example ```javascript @@ -353,6 +377,8 @@ Stream](https://nodejs.org/api/stream.html#stream_writable_streams) that inserts data written to it into the cache. Emits an `integrity` event with the digest of written contents when it succeeds. +See: [options](#put-options) + ##### Example ```javascript @@ -365,9 +391,7 @@ request.get( ) ``` -#### <a name="put-options"></a> `> cacache.put options` - -`cacache.put` functions have a number of options in common. +##### <a name="put-options"></a> Options ##### `opts.metadata` @@ -382,7 +406,7 @@ with an `EBADSIZE` error. ##### `opts.integrity` If present, the pre-calculated digest for the inserted content. If this option -if provided and does not match the post-insertion digest, insertion will fail +is provided and does not match the post-insertion digest, insertion will fail with an `EINTEGRITY` error. `algorithms` has no effect if this option is present. @@ -415,6 +439,11 @@ cache. Reading from disk data can be forced by explicitly passing `memoize: false` to the reader functions, but their default will be to read from memory. +##### `opts.tmpPrefix` +Default: null + +Prefix to append on the temporary directory name inside the cache's tmp dir. + #### <a name="rm-all"></a> `> cacache.rm.all(cache) -> Promise` Clears the entire cache. Mainly by blowing away the cache directory itself. @@ -478,6 +507,8 @@ permissions. If you want automatic cleanup of this directory, use [`tmp.withTmp()`](#with-tpm) +See: [options](#tmp-options) + ##### Example ```javascript @@ -517,6 +548,8 @@ promise completes. The same caveats apply when it comes to managing permissions for the tmp dir's contents. +See: [options](#tmp-options) + ##### Example ```javascript @@ -527,6 +560,13 @@ cacache.tmp.withTmp(cache, dir => { }) ``` +##### <a name="tmp-options"></a> Options + +##### `opts.tmpPrefix` +Default: null + +Prefix to append on the temporary directory name inside the cache's tmp dir. + #### <a name="integrity"></a> Subresource Integrity Digests For content verification and addressing, cacache uses strings following the @@ -582,10 +622,24 @@ When it's done, it'll return an object with various stats about the verification process, including amount of storage reclaimed, number of valid entries, number of entries removed, etc. -##### Options +##### <a name="verify-options"></a> Options + +##### `opts.concurrency` + +Default: 20 -* `opts.filter` - receives a formatted entry. Return false to remove it. - Note: might be called more than once on the same entry. +Number of concurrently read files in the filesystem while doing clean up. + +##### `opts.filter` +Receives a formatted entry. Return false to remove it. +Note: might be called more than once on the same entry. + +##### `opts.log` +Custom logger function: +``` + log: { silly () {} } + log.silly('verify', 'verifying cache at', cache) +``` ##### Example diff --git a/node_modules/npm-registry-fetch/node_modules/cacache/get.js b/node_modules/npm-registry-fetch/node_modules/cacache/get.js index 638d40137..b6bae1e50 100644 --- a/node_modules/npm-registry-fetch/node_modules/cacache/get.js +++ b/node_modules/npm-registry-fetch/node_modules/cacache/get.js @@ -1,8 +1,6 @@ 'use strict' const util = require('util') - -const figgyPudding = require('figgy-pudding') const fs = require('fs') const index = require('./lib/entry-index') const memo = require('./lib/memoization') @@ -14,12 +12,6 @@ const Pipeline = require('minipass-pipeline') const writeFile = util.promisify(fs.writeFile) -const GetOpts = figgyPudding({ - integrity: {}, - memoize: {}, - size: {} -}) - module.exports = function get (cache, key, opts) { return getData(false, cache, key, opts) } @@ -27,12 +19,12 @@ module.exports.byDigest = function getByDigest (cache, digest, opts) { return getData(true, cache, digest, opts) } -function getData (byDigest, cache, key, opts) { - opts = GetOpts(opts) +function getData (byDigest, cache, key, opts = {}) { + const { integrity, memoize, size } = opts const memoized = byDigest ? memo.get.byDigest(cache, key, opts) : memo.get(cache, key, opts) - if (memoized && opts.memoize !== false) { + if (memoized && memoize !== false) { return Promise.resolve( byDigest ? memoized @@ -50,23 +42,23 @@ function getData (byDigest, cache, key, opts) { throw new index.NotFoundError(cache, key) } return read(cache, byDigest ? key : entry.integrity, { - integrity: opts.integrity, - size: opts.size + integrity, + size }) .then((data) => byDigest ? data : { + data, metadata: entry.metadata, - data: data, size: entry.size, integrity: entry.integrity } ) .then((res) => { - if (opts.memoize && byDigest) { + if (memoize && byDigest) { memo.put.byDigest(cache, key, res, opts) - } else if (opts.memoize) { + } else if (memoize) { memo.put(cache, entry, res.data, opts) } return res @@ -82,12 +74,12 @@ module.exports.sync.byDigest = function getByDigest (cache, digest, opts) { return getDataSync(true, cache, digest, opts) } -function getDataSync (byDigest, cache, key, opts) { - opts = GetOpts(opts) +function getDataSync (byDigest, cache, key, opts = {}) { + const { integrity, memoize, size } = opts const memoized = byDigest ? memo.get.byDigest(cache, key, opts) : memo.get(cache, key, opts) - if (memoized && opts.memoize !== false) { + if (memoized && memoize !== false) { return byDigest ? memoized : { @@ -102,8 +94,8 @@ function getDataSync (byDigest, cache, key, opts) { throw new index.NotFoundError(cache, key) } const data = read.sync(cache, byDigest ? key : entry.integrity, { - integrity: opts.integrity, - size: opts.size + integrity: integrity, + size: size }) const res = byDigest ? data @@ -113,9 +105,9 @@ function getDataSync (byDigest, cache, key, opts) { size: entry.size, integrity: entry.integrity } - if (opts.memoize && byDigest) { + if (memoize && byDigest) { memo.put.byDigest(cache, key, res, opts) - } else if (opts.memoize) { + } else if (memoize) { memo.put(cache, entry, res.data, opts) } return res @@ -134,10 +126,10 @@ const getMemoizedStream = (memoized) => { return stream } -function getStream (cache, key, opts) { - opts = GetOpts(opts) +function getStream (cache, key, opts = {}) { + const { memoize, size } = opts const memoized = memo.get(cache, key, opts) - if (memoized && opts.memoize !== false) { + if (memoized && memoize !== false) { return getMemoizedStream(memoized) } @@ -160,12 +152,10 @@ function getStream (cache, key, opts) { const src = read.readStream( cache, entry.integrity, - opts.concat({ - size: opts.size == null ? entry.size : opts.size - }) + { ...opts, size: typeof size !== 'number' ? entry.size : size } ) - if (opts.memoize) { + if (memoize) { const memoStream = new Collect.PassThrough() memoStream.on('collect', data => memo.put(cache, entry, data, opts)) stream.unshift(memoStream) @@ -179,16 +169,16 @@ function getStream (cache, key, opts) { module.exports.stream.byDigest = getStreamDigest -function getStreamDigest (cache, integrity, opts) { - opts = GetOpts(opts) +function getStreamDigest (cache, integrity, opts = {}) { + const { memoize } = opts const memoized = memo.get.byDigest(cache, integrity, opts) - if (memoized && opts.memoize !== false) { + if (memoized && memoize !== false) { const stream = new Minipass() stream.end(memoized) return stream } else { const stream = read.readStream(cache, integrity, opts) - if (!opts.memoize) { + if (!memoize) { return stream } const memoStream = new Collect.PassThrough() @@ -204,10 +194,10 @@ function getStreamDigest (cache, integrity, opts) { module.exports.info = info -function info (cache, key, opts) { - opts = GetOpts(opts) +function info (cache, key, opts = {}) { + const { memoize } = opts const memoized = memo.get(cache, key, opts) - if (memoized && opts.memoize !== false) { + if (memoized && memoize !== false) { return Promise.resolve(memoized.entry) } else { return index.find(cache, key) @@ -228,8 +218,7 @@ function cpDigest (cache, digest, dest, opts) { module.exports.copy.byDigest = cpDigest -function copy (byDigest, cache, key, dest, opts) { - opts = GetOpts(opts) +function copy (byDigest, cache, key, dest, opts = {}) { if (read.copy) { return (byDigest ? Promise.resolve(null) diff --git a/node_modules/npm-registry-fetch/node_modules/cacache/lib/content/read.js b/node_modules/npm-registry-fetch/node_modules/cacache/lib/content/read.js index 153926dd1..7cc16482d 100644 --- a/node_modules/npm-registry-fetch/node_modules/cacache/lib/content/read.js +++ b/node_modules/npm-registry-fetch/node_modules/cacache/lib/content/read.js @@ -2,8 +2,7 @@ const util = require('util') -const figgyPudding = require('figgy-pudding') -const fs = require('graceful-fs') +const fs = require('fs') const fsm = require('fs-minipass') const ssri = require('ssri') const contentPath = require('./path') @@ -12,21 +11,17 @@ const Pipeline = require('minipass-pipeline') const lstat = util.promisify(fs.lstat) const readFile = util.promisify(fs.readFile) -const ReadOpts = figgyPudding({ - size: {} -}) - module.exports = read const MAX_SINGLE_READ_SIZE = 64 * 1024 * 1024 -function read (cache, integrity, opts) { - opts = ReadOpts(opts) +function read (cache, integrity, opts = {}) { + const { size } = opts return withContentSri(cache, integrity, (cpath, sri) => { // get size return lstat(cpath).then(stat => ({ stat, cpath, sri })) }).then(({ stat, cpath, sri }) => { - if (typeof opts.size === 'number' && stat.size !== opts.size) { - throw sizeError(opts.size, stat.size) + if (typeof size === 'number' && stat.size !== size) { + throw sizeError(size, stat.size) } if (stat.size > MAX_SINGLE_READ_SIZE) { return readPipeline(cpath, stat.size, sri, new Pipeline()).concat() @@ -57,12 +52,12 @@ const readPipeline = (cpath, size, sri, stream) => { module.exports.sync = readSync -function readSync (cache, integrity, opts) { - opts = ReadOpts(opts) +function readSync (cache, integrity, opts = {}) { + const { size } = opts return withContentSriSync(cache, integrity, (cpath, sri) => { const data = fs.readFileSync(cpath) - if (typeof opts.size === 'number' && opts.size !== data.length) { - throw sizeError(opts.size, data.length) + if (typeof size === 'number' && size !== data.length) { + throw sizeError(size, data.length) } if (ssri.checkData(data, sri)) { @@ -76,16 +71,15 @@ function readSync (cache, integrity, opts) { module.exports.stream = readStream module.exports.readStream = readStream -function readStream (cache, integrity, opts) { - opts = ReadOpts(opts) - +function readStream (cache, integrity, opts = {}) { + const { size } = opts const stream = new Pipeline() withContentSri(cache, integrity, (cpath, sri) => { // just lstat to ensure it exists return lstat(cpath).then((stat) => ({ stat, cpath, sri })) }).then(({ stat, cpath, sri }) => { - if (typeof opts.size === 'number' && opts.size !== stat.size) { - return stream.emit('error', sizeError(opts.size, stat.size)) + if (typeof size === 'number' && size !== stat.size) { + return stream.emit('error', sizeError(size, stat.size)) } readPipeline(cpath, stat.size, sri, stream) }, er => stream.emit('error', er)) @@ -100,15 +94,13 @@ if (fs.copyFile) { copyFile = util.promisify(fs.copyFile) } -function copy (cache, integrity, dest, opts) { - opts = ReadOpts(opts) +function copy (cache, integrity, dest) { return withContentSri(cache, integrity, (cpath, sri) => { return copyFile(cpath, dest) }) } -function copySync (cache, integrity, dest, opts) { - opts = ReadOpts(opts) +function copySync (cache, integrity, dest) { return withContentSriSync(cache, integrity, (cpath, sri) => { return fs.copyFileSync(cpath, dest) }) diff --git a/node_modules/npm-registry-fetch/node_modules/cacache/lib/content/write.js b/node_modules/npm-registry-fetch/node_modules/cacache/lib/content/write.js index b585938ce..e8f3e3534 100644 --- a/node_modules/npm-registry-fetch/node_modules/cacache/lib/content/write.js +++ b/node_modules/npm-registry-fetch/node_modules/cacache/lib/content/write.js @@ -4,7 +4,7 @@ const util = require('util') const contentPath = require('./path') const fixOwner = require('../util/fix-owner') -const fs = require('graceful-fs') +const fs = require('fs') const moveFile = require('../util/move-file') const Minipass = require('minipass') const Pipeline = require('minipass-pipeline') @@ -20,19 +20,17 @@ const writeFile = util.promisify(fs.writeFile) module.exports = write -function write (cache, data, opts) { - opts = opts || {} - if (opts.algorithms && opts.algorithms.length > 1) { +function write (cache, data, opts = {}) { + const { algorithms, size, integrity } = opts + if (algorithms && algorithms.length > 1) { throw new Error('opts.algorithms only supports a single algorithm for now') } - if (typeof opts.size === 'number' && data.length !== opts.size) { - return Promise.reject(sizeError(opts.size, data.length)) + if (typeof size === 'number' && data.length !== size) { + return Promise.reject(sizeError(size, data.length)) } - const sri = ssri.fromData(data, { - algorithms: opts.algorithms - }) - if (opts.integrity && !ssri.checkData(data, opts.integrity, opts)) { - return Promise.reject(checksumError(opts.integrity, sri)) + const sri = ssri.fromData(data, algorithms ? { algorithms } : {}) + if (integrity && !ssri.checkData(data, integrity, opts)) { + return Promise.reject(checksumError(integrity, sri)) } return disposer(makeTmp(cache, opts), makeTmpDisposer, @@ -90,8 +88,7 @@ class CacacheWriteStream extends Flush { } } -function writeStream (cache, opts) { - opts = opts || {} +function writeStream (cache, opts = {}) { return new CacacheWriteStream(cache, opts) } diff --git a/node_modules/npm-registry-fetch/node_modules/cacache/lib/entry-index.js b/node_modules/npm-registry-fetch/node_modules/cacache/lib/entry-index.js index 5e6798523..58b205bfe 100644 --- a/node_modules/npm-registry-fetch/node_modules/cacache/lib/entry-index.js +++ b/node_modules/npm-registry-fetch/node_modules/cacache/lib/entry-index.js @@ -3,8 +3,7 @@ const util = require('util') const crypto = require('crypto') -const figgyPudding = require('figgy-pudding') -const fs = require('graceful-fs') +const fs = require('fs') const Minipass = require('minipass') const path = require('path') const ssri = require('ssri') @@ -26,22 +25,17 @@ module.exports.NotFoundError = class NotFoundError extends Error { } } -const IndexOpts = figgyPudding({ - metadata: {}, - size: {} -}) - module.exports.insert = insert -function insert (cache, key, integrity, opts) { - opts = IndexOpts(opts) +function insert (cache, key, integrity, opts = {}) { + const { metadata, size } = opts const bucket = bucketPath(cache, key) const entry = { key, integrity: integrity && ssri.stringify(integrity), time: Date.now(), - size: opts.size, - metadata: opts.metadata + size, + metadata } return fixOwner .mkdirfix(cache, path.dirname(bucket)) @@ -75,15 +69,15 @@ function insert (cache, key, integrity, opts) { module.exports.insert.sync = insertSync -function insertSync (cache, key, integrity, opts) { - opts = IndexOpts(opts) +function insertSync (cache, key, integrity, opts = {}) { + const { metadata, size } = opts const bucket = bucketPath(cache, key) const entry = { key, integrity: integrity && ssri.stringify(integrity), time: Date.now(), - size: opts.size, - metadata: opts.metadata + size, + metadata } fixOwner.mkdirfix.sync(cache, path.dirname(bucket)) const stringified = JSON.stringify(entry) diff --git a/node_modules/npm-registry-fetch/node_modules/cacache/lib/util/move-file.js b/node_modules/npm-registry-fetch/node_modules/cacache/lib/util/move-file.js index 7f3ae917b..1b1d81067 100644 --- a/node_modules/npm-registry-fetch/node_modules/cacache/lib/util/move-file.js +++ b/node_modules/npm-registry-fetch/node_modules/cacache/lib/util/move-file.js @@ -1,6 +1,6 @@ 'use strict' -const fs = require('graceful-fs') +const fs = require('fs') const util = require('util') const chmod = util.promisify(fs.chmod) const unlink = util.promisify(fs.unlink) diff --git a/node_modules/npm-registry-fetch/node_modules/cacache/lib/util/tmp.js b/node_modules/npm-registry-fetch/node_modules/cacache/lib/util/tmp.js index 8d0ba38ab..fbcd2ab13 100644 --- a/node_modules/npm-registry-fetch/node_modules/cacache/lib/util/tmp.js +++ b/node_modules/npm-registry-fetch/node_modules/cacache/lib/util/tmp.js @@ -2,22 +2,17 @@ const util = require('util') -const figgyPudding = require('figgy-pudding') const fixOwner = require('./fix-owner') const path = require('path') const rimraf = util.promisify(require('rimraf')) const uniqueFilename = require('unique-filename') const { disposer } = require('./disposer') -const TmpOpts = figgyPudding({ - tmpPrefix: {} -}) - module.exports.mkdir = mktmpdir -function mktmpdir (cache, opts) { - opts = TmpOpts(opts) - const tmpTarget = uniqueFilename(path.join(cache, 'tmp'), opts.tmpPrefix) +function mktmpdir (cache, opts = {}) { + const { tmpPrefix } = opts + const tmpTarget = uniqueFilename(path.join(cache, 'tmp'), tmpPrefix) return fixOwner.mkdirfix(cache, tmpTarget).then(() => { return tmpTarget }) @@ -28,10 +23,8 @@ module.exports.withTmp = withTmp function withTmp (cache, opts, cb) { if (!cb) { cb = opts - opts = null + opts = {} } - opts = TmpOpts(opts) - return disposer(mktmpdir(cache, opts), rimraf, cb) } diff --git a/node_modules/npm-registry-fetch/node_modules/cacache/lib/verify.js b/node_modules/npm-registry-fetch/node_modules/cacache/lib/verify.js index 51c241f80..5a011a3f1 100644 --- a/node_modules/npm-registry-fetch/node_modules/cacache/lib/verify.js +++ b/node_modules/npm-registry-fetch/node_modules/cacache/lib/verify.js @@ -4,9 +4,8 @@ const util = require('util') const pMap = require('p-map') const contentPath = require('./content/path') -const figgyPudding = require('figgy-pudding') const fixOwner = require('./util/fix-owner') -const fs = require('graceful-fs') +const fs = require('fs') const fsm = require('fs-minipass') const glob = util.promisify(require('glob')) const index = require('./entry-index') @@ -22,20 +21,16 @@ const truncate = util.promisify(fs.truncate) const writeFile = util.promisify(fs.writeFile) const readFile = util.promisify(fs.readFile) -const VerifyOpts = figgyPudding({ - concurrency: { - default: 20 - }, - filter: {}, - log: { - default: { silly () {} } - } +const verifyOpts = (opts) => ({ + concurrency: 20, + log: { silly () {} }, + ...opts }) module.exports = verify function verify (cache, opts) { - opts = VerifyOpts(opts) + opts = verifyOpts(opts) opts.log.silly('verify', 'verifying cache at', cache) const steps = [ diff --git a/node_modules/npm-registry-fetch/node_modules/cacache/package.json b/node_modules/npm-registry-fetch/node_modules/cacache/package.json index e0a2180d6..779ecb386 100644 --- a/node_modules/npm-registry-fetch/node_modules/cacache/package.json +++ b/node_modules/npm-registry-fetch/node_modules/cacache/package.json @@ -1,27 +1,27 @@ { - "_from": "cacache@^14.0.0", - "_id": "cacache@14.0.0", + "_from": "cacache@^15.0.0", + "_id": "cacache@15.0.0", "_inBundle": false, - "_integrity": "sha512-+Nr/BnA/tjAUXza9gH8F+FSP+1HvWqCKt4c95dQr4EDVJVafbzmPZpLKCkLYexs6vSd2B/1TOXrAoNnqVPfvRA==", + "_integrity": "sha512-L0JpXHhplbJSiDGzyJJnJCTL7er7NzbBgxzVqLswEb4bO91Zbv17OUMuUeu/q0ZwKn3V+1HM4wb9tO4eVE/K8g==", "_location": "/npm-registry-fetch/cacache", "_phantomChildren": {}, "_requested": { "type": "range", "registry": true, - "raw": "cacache@^14.0.0", + "raw": "cacache@^15.0.0", "name": "cacache", "escapedName": "cacache", - "rawSpec": "^14.0.0", + "rawSpec": "^15.0.0", "saveSpec": null, - "fetchSpec": "^14.0.0" + "fetchSpec": "^15.0.0" }, "_requiredBy": [ "/npm-registry-fetch/make-fetch-happen" ], - "_resolved": "https://registry.npmjs.org/cacache/-/cacache-14.0.0.tgz", - "_shasum": "97c10fc87c4c7ee41d45e32631c26761c2687caa", - "_spec": "cacache@^14.0.0", - "_where": "/Users/mperrotte/npminc/cli/node_modules/npm-registry-fetch/node_modules/make-fetch-happen", + "_resolved": "https://registry.npmjs.org/cacache/-/cacache-15.0.0.tgz", + "_shasum": "133b59edbd2a37ea8ef2d54964c6f247e47e5059", + "_spec": "cacache@^15.0.0", + "_where": "/Users/claudiahdz/npm/cli/node_modules/npm-registry-fetch/node_modules/make-fetch-happen", "author": { "name": "Kat Marchán", "email": "kzm@sykosomatic.org" @@ -46,13 +46,11 @@ ], "dependencies": { "chownr": "^1.1.2", - "figgy-pudding": "^3.5.1", "fs-minipass": "^2.0.0", "glob": "^7.1.4", - "graceful-fs": "^4.2.2", "infer-owner": "^1.0.4", "lru-cache": "^5.1.1", - "minipass": "^3.0.0", + "minipass": "^3.1.1", "minipass-collect": "^1.0.2", "minipass-flush": "^1.0.5", "minipass-pipeline": "^1.2.2", @@ -61,8 +59,8 @@ "p-map": "^3.0.0", "promise-inflight": "^1.0.1", "rimraf": "^2.7.1", - "ssri": "^7.0.0", - "tar": "^6.0.0", + "ssri": "^8.0.0", + "tar": "^6.0.1", "unique-filename": "^1.1.1" }, "deprecated": false, @@ -70,22 +68,18 @@ "devDependencies": { "benchmark": "^2.1.4", "chalk": "^2.4.2", - "cross-env": "^5.2.1", "require-inject": "^1.4.4", - "standard": "^14.3.0", - "standard-version": "^7.0.0", + "standard": "^14.3.1", + "standard-version": "^7.1.0", "tacks": "^1.3.0", - "tap": "^14.6.9", - "weallbehave": "^1.2.0", - "weallcontribute": "^1.0.9" + "tap": "^14.10.6" }, "engines": { "node": ">= 10" }, "files": [ "*.js", - "lib", - "locales" + "lib" ], "homepage": "https://github.com/npm/cacache#readme", "keywords": [ @@ -112,17 +106,19 @@ }, "scripts": { "benchmarks": "node test/benchmarks", - "postrelease": "npm publish && git push --follow-tags", + "coverage": "tap", + "lint": "standard", + "postrelease": "npm publish", + "posttest": "npm run lint", + "prepublishOnly": "git push --follow-tags", "prerelease": "npm t", - "pretest": "standard", "release": "standard-version -s", - "test": "tap test/*.js", - "test-docker": "docker run -it --rm --name pacotest -v \"$PWD\":/tmp -w /tmp node:latest npm test", - "update-coc": "weallbehave -o . && git add CODE_OF_CONDUCT.md && git commit -m 'docs(coc): updated CODE_OF_CONDUCT.md'", - "update-contrib": "weallcontribute -o . && git add CONTRIBUTING.md && git commit -m 'docs(contributing): updated CONTRIBUTING.md'" + "test": "tap", + "test-docker": "docker run -it --rm --name pacotest -v \"$PWD\":/tmp -w /tmp node:latest npm test" }, "tap": { - "100": true + "100": true, + "test-regex": "test/[^/]*.js" }, - "version": "14.0.0" + "version": "15.0.0" } diff --git a/node_modules/npm-registry-fetch/node_modules/cacache/put.js b/node_modules/npm-registry-fetch/node_modules/cacache/put.js index 3e535fedb..eb21aa867 100644 --- a/node_modules/npm-registry-fetch/node_modules/cacache/put.js +++ b/node_modules/npm-registry-fetch/node_modules/cacache/put.js @@ -1,6 +1,5 @@ 'use strict' -const figgyPudding = require('figgy-pudding') const index = require('./lib/entry-index') const memo = require('./lib/memoization') const write = require('./lib/content/write') @@ -8,31 +7,21 @@ const Flush = require('minipass-flush') const { PassThrough } = require('minipass-collect') const Pipeline = require('minipass-pipeline') -const PutOpts = figgyPudding({ - algorithms: { - default: ['sha512'] - }, - integrity: {}, - memoize: {}, - metadata: {}, - pickAlgorithm: {}, - size: {}, - tmpPrefix: {}, - single: {}, - sep: {}, - error: {}, - strict: {} +const putOpts = (opts) => ({ + algorithms: ['sha512'], + ...opts }) module.exports = putData -function putData (cache, key, data, opts) { - opts = PutOpts(opts) +function putData (cache, key, data, opts = {}) { + const { memoize } = opts + opts = putOpts(opts) return write(cache, data, opts).then((res) => { return index - .insert(cache, key, res.integrity, opts.concat({ size: res.size })) + .insert(cache, key, res.integrity, { ...opts, size: res.size }) .then((entry) => { - if (opts.memoize) { + if (memoize) { memo.put(cache, entry, data, opts) } return res.integrity @@ -42,8 +31,9 @@ function putData (cache, key, data, opts) { module.exports.stream = putStream -function putStream (cache, key, opts) { - opts = PutOpts(opts) +function putStream (cache, key, opts = {}) { + const { memoize } = opts + opts = putOpts(opts) let integrity let size @@ -51,7 +41,7 @@ function putStream (cache, key, opts) { const pipeline = new Pipeline() // first item in the pipeline is the memoizer, because we need // that to end first and get the collected data. - if (opts.memoize) { + if (memoize) { const memoizer = new PassThrough().on('collect', data => { memoData = data }) @@ -75,9 +65,9 @@ function putStream (cache, key, opts) { pipeline.push(new Flush({ flush () { return index - .insert(cache, key, integrity, opts.concat({ size })) + .insert(cache, key, integrity, { ...opts, size }) .then((entry) => { - if (opts.memoize && memoData) { + if (memoize && memoData) { memo.put(cache, entry, memoData, opts) } if (integrity) { diff --git a/node_modules/npm-registry-fetch/node_modules/http-cache-semantics/README.md b/node_modules/npm-registry-fetch/node_modules/http-cache-semantics/README.md index a9d689d85..03ec9e629 100644 --- a/node_modules/npm-registry-fetch/node_modules/http-cache-semantics/README.md +++ b/node_modules/npm-registry-fetch/node_modules/http-cache-semantics/README.md @@ -145,7 +145,7 @@ if (!oldPolicy.satisfiesWithoutRevalidation(newRequest)) { newRequest.headers = oldPolicy.revalidationHeaders(newRequest); // Send request to the origin server. The server may respond with status 304 - const newResponse = await makeRequest(newResponse); + const newResponse = await makeRequest(newRequest); // Create updated policy and combined response from the old and new data const { policy, modified } = oldPolicy.revalidatedPolicy( diff --git a/node_modules/npm-registry-fetch/node_modules/http-cache-semantics/index.js b/node_modules/npm-registry-fetch/node_modules/http-cache-semantics/index.js index 957721296..14a0cf042 100644 --- a/node_modules/npm-registry-fetch/node_modules/http-cache-semantics/index.js +++ b/node_modules/npm-registry-fetch/node_modules/http-cache-semantics/index.js @@ -180,9 +180,9 @@ module.exports = class CachePolicy { // contains a max-age response directive, or // contains a s-maxage response directive and the cache is shared, or // contains a public response directive. - this._rescc.public || this._rescc['max-age'] || - this._rescc['s-maxage'] || + (this._isShared && this._rescc['s-maxage']) || + this._rescc.public || // has a status code that is defined as cacheable by default statusCodeCacheableByDefault.indexOf(this._status) !== -1) ); @@ -342,12 +342,12 @@ module.exports = class CachePolicy { } _serverDate() { - const dateValue = Date.parse(this._resHeaders.date); - if (isFinite(dateValue)) { + const serverDate = Date.parse(this._resHeaders.date); + if (isFinite(serverDate)) { const maxClockDrift = 8 * 3600 * 1000; - const clockDrift = Math.abs(this._responseTime - dateValue); + const clockDrift = Math.abs(this._responseTime - serverDate); if (clockDrift < maxClockDrift) { - return dateValue; + return serverDate; } } return this._responseTime; @@ -419,22 +419,22 @@ module.exports = class CachePolicy { const defaultMinTtl = this._rescc.immutable ? this._immutableMinTtl : 0; - const dateValue = this._serverDate(); + const serverDate = this._serverDate(); if (this._resHeaders.expires) { const expires = Date.parse(this._resHeaders.expires); // A cache recipient MUST interpret invalid date formats, especially the value "0", as representing a time in the past (i.e., "already expired"). - if (Number.isNaN(expires) || expires < dateValue) { + if (Number.isNaN(expires) || expires < serverDate) { return 0; } - return Math.max(defaultMinTtl, (expires - dateValue) / 1000); + return Math.max(defaultMinTtl, (expires - serverDate) / 1000); } if (this._resHeaders['last-modified']) { const lastModified = Date.parse(this._resHeaders['last-modified']); - if (isFinite(lastModified) && dateValue > lastModified) { + if (isFinite(lastModified) && serverDate > lastModified) { return Math.max( defaultMinTtl, - ((dateValue - lastModified) / 1000) * this._cacheHeuristic + ((serverDate - lastModified) / 1000) * this._cacheHeuristic ); } } diff --git a/node_modules/npm-registry-fetch/node_modules/http-cache-semantics/package.json b/node_modules/npm-registry-fetch/node_modules/http-cache-semantics/package.json index 54b79fde5..a6637b404 100644 --- a/node_modules/npm-registry-fetch/node_modules/http-cache-semantics/package.json +++ b/node_modules/npm-registry-fetch/node_modules/http-cache-semantics/package.json @@ -1,27 +1,27 @@ { - "_from": "http-cache-semantics@^4.0.3", - "_id": "http-cache-semantics@4.0.3", + "_from": "http-cache-semantics@^4.0.4", + "_id": "http-cache-semantics@4.0.4", "_inBundle": false, - "_integrity": "sha512-TcIMG3qeVLgDr1TEd2XvHaTnMPwYQUQMIBLy+5pLSDKYFc7UIqj39w8EGzZkaxoLv/l2K8HaI0t5AVA+YYgUew==", + "_integrity": "sha512-Z2EICWNJou7Tr9Bd2M2UqDJq3A9F2ePG9w3lIpjoyuSyXFP9QbniJVu3XQYytuw5ebmG7dXSXO9PgAjJG8DDKA==", "_location": "/npm-registry-fetch/http-cache-semantics", "_phantomChildren": {}, "_requested": { "type": "range", "registry": true, - "raw": "http-cache-semantics@^4.0.3", + "raw": "http-cache-semantics@^4.0.4", "name": "http-cache-semantics", "escapedName": "http-cache-semantics", - "rawSpec": "^4.0.3", + "rawSpec": "^4.0.4", "saveSpec": null, - "fetchSpec": "^4.0.3" + "fetchSpec": "^4.0.4" }, "_requiredBy": [ "/npm-registry-fetch/make-fetch-happen" ], - "_resolved": "https://registry.npmjs.org/http-cache-semantics/-/http-cache-semantics-4.0.3.tgz", - "_shasum": "495704773277eeef6e43f9ab2c2c7d259dda25c5", - "_spec": "http-cache-semantics@^4.0.3", - "_where": "/Users/mperrotte/npminc/cli/node_modules/npm-registry-fetch/node_modules/make-fetch-happen", + "_resolved": "https://registry.npmjs.org/http-cache-semantics/-/http-cache-semantics-4.0.4.tgz", + "_shasum": "13eeb612424bb113d52172c28a13109c46fa85d7", + "_spec": "http-cache-semantics@^4.0.4", + "_where": "/Users/claudiahdz/npm/cli/node_modules/npm-registry-fetch/node_modules/make-fetch-happen", "author": { "name": "Kornel Lesiński", "email": "kornel@geekhood.net", @@ -56,5 +56,5 @@ "scripts": { "test": "mocha" }, - "version": "4.0.3" + "version": "4.0.4" } diff --git a/node_modules/npm-registry-fetch/node_modules/make-fetch-happen/CHANGELOG.md b/node_modules/npm-registry-fetch/node_modules/make-fetch-happen/CHANGELOG.md index 7ed6cb7f2..c8eded2e3 100644 --- a/node_modules/npm-registry-fetch/node_modules/make-fetch-happen/CHANGELOG.md +++ b/node_modules/npm-registry-fetch/node_modules/make-fetch-happen/CHANGELOG.md @@ -2,6 +2,18 @@ All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines. +### [8.0.1](https://github.com/npm/make-fetch-happen/compare/v8.0.0...v8.0.1) (2020-02-18) + +## [8.0.0](https://github.com/npm/make-fetch-happen/compare/v7.1.1...v8.0.0) (2020-02-18) + + +### ⚠ BREAKING CHANGES + +* this module now only supports taking a plain JavaScript +options object, not a figgy pudding config object. + +* update cacache and ssri ([09e4f97](https://github.com/npm/make-fetch-happen/commit/09e4f9794a6f134d3f1d8e65eb9bd940e38e5bfc)) + ### [7.1.1](https://github.com/npm/make-fetch-happen/compare/v7.1.0...v7.1.1) (2020-01-28) ## [7.1.0](https://github.com/npm/make-fetch-happen/compare/v7.0.0...v7.1.0) (2019-12-17) diff --git a/node_modules/npm-registry-fetch/node_modules/make-fetch-happen/package.json b/node_modules/npm-registry-fetch/node_modules/make-fetch-happen/package.json index aec9d77fa..0d3245282 100644 --- a/node_modules/npm-registry-fetch/node_modules/make-fetch-happen/package.json +++ b/node_modules/npm-registry-fetch/node_modules/make-fetch-happen/package.json @@ -1,27 +1,27 @@ { - "_from": "make-fetch-happen@^7.1.0", - "_id": "make-fetch-happen@7.1.1", + "_from": "make-fetch-happen@^8.0.1", + "_id": "make-fetch-happen@8.0.1", "_inBundle": false, - "_integrity": "sha512-7fNjiOXNZhNGQzG5P15nU97aZQtzPU2GVgVd7pnqnl5gnpLzMAD8bAe5YG4iW2s0PTqaZy9xGv4Wfqe872kRNQ==", + "_integrity": "sha512-oiK8xz6+IxaPqmOCW+rmlH922RTZ+fi4TAULGRih8ryqIju0x6WriDR3smm7Z+8NZRxDIK/iDLM096F/gLfiWg==", "_location": "/npm-registry-fetch/make-fetch-happen", "_phantomChildren": {}, "_requested": { "type": "range", "registry": true, - "raw": "make-fetch-happen@^7.1.0", + "raw": "make-fetch-happen@^8.0.1", "name": "make-fetch-happen", "escapedName": "make-fetch-happen", - "rawSpec": "^7.1.0", + "rawSpec": "^8.0.1", "saveSpec": null, - "fetchSpec": "^7.1.0" + "fetchSpec": "^8.0.1" }, "_requiredBy": [ "/npm-registry-fetch" ], - "_resolved": "https://registry.npmjs.org/make-fetch-happen/-/make-fetch-happen-7.1.1.tgz", - "_shasum": "89ac8112eaa9d4361541deb591329e9238a531b1", - "_spec": "make-fetch-happen@^7.1.0", - "_where": "/Users/mperrotte/npminc/cli/node_modules/npm-registry-fetch", + "_resolved": "https://registry.npmjs.org/make-fetch-happen/-/make-fetch-happen-8.0.1.tgz", + "_shasum": "94e0c57c42617d28f3e3c6c64a8977f87887362b", + "_spec": "make-fetch-happen@^8.0.1", + "_where": "/Users/claudiahdz/npm/cli/node_modules/npm-registry-fetch", "author": { "name": "Kat Marchán", "email": "kzm@zkat.tech" @@ -32,8 +32,8 @@ "bundleDependencies": false, "dependencies": { "agentkeepalive": "^4.1.0", - "cacache": "^14.0.0", - "http-cache-semantics": "^4.0.3", + "cacache": "^15.0.0", + "http-cache-semantics": "^4.0.4", "http-proxy-agent": "^3.0.0", "https-proxy-agent": "^4.0.0", "is-lambda": "^1.0.1", @@ -45,21 +45,21 @@ "minipass-pipeline": "^1.2.2", "promise-retry": "^1.1.1", "socks-proxy-agent": "^4.0.0", - "ssri": "^7.0.1" + "ssri": "^8.0.0" }, "deprecated": false, "description": "Opinionated, caching, retrying fetch client", "devDependencies": { "mkdirp": "^1.0.3", - "nock": "^11.7.0", + "nock": "^11.9.1", "npmlog": "^4.1.2", "require-inject": "^1.4.2", "rimraf": "^2.7.1", "safe-buffer": "^5.2.0", "standard": "^14.3.1", - "standard-version": "^7.0.1", + "standard-version": "^7.1.0", "tacks": "^1.2.6", - "tap": "^14.10.2" + "tap": "^14.10.6" }, "engines": { "node": ">= 10" @@ -94,5 +94,5 @@ "release": "standard-version -s", "test": "tap test/*.js" }, - "version": "7.1.1" + "version": "8.0.1" } diff --git a/node_modules/npm-registry-fetch/node_modules/safe-buffer/LICENSE b/node_modules/npm-registry-fetch/node_modules/safe-buffer/LICENSE deleted file mode 100644 index 0c068ceec..000000000 --- a/node_modules/npm-registry-fetch/node_modules/safe-buffer/LICENSE +++ /dev/null @@ -1,21 +0,0 @@ -The MIT License (MIT) - -Copyright (c) Feross Aboukhadijeh - -Permission is hereby granted, free of charge, to any person obtaining a copy -of this software and associated documentation files (the "Software"), to deal -in the Software without restriction, including without limitation the rights -to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -copies of the Software, and to permit persons to whom the Software is -furnished to do so, subject to the following conditions: - -The above copyright notice and this permission notice shall be included in -all copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN -THE SOFTWARE. diff --git a/node_modules/npm-registry-fetch/node_modules/safe-buffer/README.md b/node_modules/npm-registry-fetch/node_modules/safe-buffer/README.md deleted file mode 100644 index 356e35193..000000000 --- a/node_modules/npm-registry-fetch/node_modules/safe-buffer/README.md +++ /dev/null @@ -1,586 +0,0 @@ -# safe-buffer [![travis][travis-image]][travis-url] [![npm][npm-image]][npm-url] [![downloads][downloads-image]][downloads-url] [![javascript style guide][standard-image]][standard-url] - -[travis-image]: https://img.shields.io/travis/feross/safe-buffer/master.svg -[travis-url]: https://travis-ci.org/feross/safe-buffer -[npm-image]: https://img.shields.io/npm/v/safe-buffer.svg -[npm-url]: https://npmjs.org/package/safe-buffer -[downloads-image]: https://img.shields.io/npm/dm/safe-buffer.svg -[downloads-url]: https://npmjs.org/package/safe-buffer -[standard-image]: https://img.shields.io/badge/code_style-standard-brightgreen.svg -[standard-url]: https://standardjs.com - -#### Safer Node.js Buffer API - -**Use the new Node.js Buffer APIs (`Buffer.from`, `Buffer.alloc`, -`Buffer.allocUnsafe`, `Buffer.allocUnsafeSlow`) in all versions of Node.js.** - -**Uses the built-in implementation when available.** - -## install - -``` -npm install safe-buffer -``` - -[Get supported safe-buffer with the Tidelift Subscription](https://tidelift.com/subscription/pkg/npm-safe-buffer?utm_source=npm-safe-buffer&utm_medium=referral&utm_campaign=readme) - -## usage - -The goal of this package is to provide a safe replacement for the node.js `Buffer`. - -It's a drop-in replacement for `Buffer`. You can use it by adding one `require` line to -the top of your node.js modules: - -```js -var Buffer = require('safe-buffer').Buffer - -// Existing buffer code will continue to work without issues: - -new Buffer('hey', 'utf8') -new Buffer([1, 2, 3], 'utf8') -new Buffer(obj) -new Buffer(16) // create an uninitialized buffer (potentially unsafe) - -// But you can use these new explicit APIs to make clear what you want: - -Buffer.from('hey', 'utf8') // convert from many types to a Buffer -Buffer.alloc(16) // create a zero-filled buffer (safe) -Buffer.allocUnsafe(16) // create an uninitialized buffer (potentially unsafe) -``` - -## api - -### Class Method: Buffer.from(array) -<!-- YAML -added: v3.0.0 ---> - -* `array` {Array} - -Allocates a new `Buffer` using an `array` of octets. - -```js -const buf = Buffer.from([0x62,0x75,0x66,0x66,0x65,0x72]); - // creates a new Buffer containing ASCII bytes - // ['b','u','f','f','e','r'] -``` - -A `TypeError` will be thrown if `array` is not an `Array`. - -### Class Method: Buffer.from(arrayBuffer[, byteOffset[, length]]) -<!-- YAML -added: v5.10.0 ---> - -* `arrayBuffer` {ArrayBuffer} The `.buffer` property of a `TypedArray` or - a `new ArrayBuffer()` -* `byteOffset` {Number} Default: `0` -* `length` {Number} Default: `arrayBuffer.length - byteOffset` - -When passed a reference to the `.buffer` property of a `TypedArray` instance, -the newly created `Buffer` will share the same allocated memory as the -TypedArray. - -```js -const arr = new Uint16Array(2); -arr[0] = 5000; -arr[1] = 4000; - -const buf = Buffer.from(arr.buffer); // shares the memory with arr; - -console.log(buf); - // Prints: <Buffer 88 13 a0 0f> - -// changing the TypedArray changes the Buffer also -arr[1] = 6000; - -console.log(buf); - // Prints: <Buffer 88 13 70 17> -``` - -The optional `byteOffset` and `length` arguments specify a memory range within -the `arrayBuffer` that will be shared by the `Buffer`. - -```js -const ab = new ArrayBuffer(10); -const buf = Buffer.from(ab, 0, 2); -console.log(buf.length); - // Prints: 2 -``` - -A `TypeError` will be thrown if `arrayBuffer` is not an `ArrayBuffer`. - -### Class Method: Buffer.from(buffer) -<!-- YAML -added: v3.0.0 ---> - -* `buffer` {Buffer} - -Copies the passed `buffer` data onto a new `Buffer` instance. - -```js -const buf1 = Buffer.from('buffer'); -const buf2 = Buffer.from(buf1); - -buf1[0] = 0x61; -console.log(buf1.toString()); - // 'auffer' -console.log(buf2.toString()); - // 'buffer' (copy is not changed) -``` - -A `TypeError` will be thrown if `buffer` is not a `Buffer`. - -### Class Method: Buffer.from(str[, encoding]) -<!-- YAML -added: v5.10.0 ---> - -* `str` {String} String to encode. -* `encoding` {String} Encoding to use, Default: `'utf8'` - -Creates a new `Buffer` containing the given JavaScript string `str`. If -provided, the `encoding` parameter identifies the character encoding. -If not provided, `encoding` defaults to `'utf8'`. - -```js -const buf1 = Buffer.from('this is a tést'); -console.log(buf1.toString()); - // prints: this is a tést -console.log(buf1.toString('ascii')); - // prints: this is a tC)st - -const buf2 = Buffer.from('7468697320697320612074c3a97374', 'hex'); -console.log(buf2.toString()); - // prints: this is a tést -``` - -A `TypeError` will be thrown if `str` is not a string. - -### Class Method: Buffer.alloc(size[, fill[, encoding]]) -<!-- YAML -added: v5.10.0 ---> - -* `size` {Number} -* `fill` {Value} Default: `undefined` -* `encoding` {String} Default: `utf8` - -Allocates a new `Buffer` of `size` bytes. If `fill` is `undefined`, the -`Buffer` will be *zero-filled*. - -```js -const buf = Buffer.alloc(5); -console.log(buf); - // <Buffer 00 00 00 00 00> -``` - -The `size` must be less than or equal to the value of -`require('buffer').kMaxLength` (on 64-bit architectures, `kMaxLength` is -`(2^31)-1`). Otherwise, a [`RangeError`][] is thrown. A zero-length Buffer will -be created if a `size` less than or equal to 0 is specified. - -If `fill` is specified, the allocated `Buffer` will be initialized by calling -`buf.fill(fill)`. See [`buf.fill()`][] for more information. - -```js -const buf = Buffer.alloc(5, 'a'); -console.log(buf); - // <Buffer 61 61 61 61 61> -``` - -If both `fill` and `encoding` are specified, the allocated `Buffer` will be -initialized by calling `buf.fill(fill, encoding)`. For example: - -```js -const buf = Buffer.alloc(11, 'aGVsbG8gd29ybGQ=', 'base64'); -console.log(buf); - // <Buffer 68 65 6c 6c 6f 20 77 6f 72 6c 64> -``` - -Calling `Buffer.alloc(size)` can be significantly slower than the alternative -`Buffer.allocUnsafe(size)` but ensures that the newly created `Buffer` instance -contents will *never contain sensitive data*. - -A `TypeError` will be thrown if `size` is not a number. - -### Class Method: Buffer.allocUnsafe(size) -<!-- YAML -added: v5.10.0 ---> - -* `size` {Number} - -Allocates a new *non-zero-filled* `Buffer` of `size` bytes. The `size` must -be less than or equal to the value of `require('buffer').kMaxLength` (on 64-bit -architectures, `kMaxLength` is `(2^31)-1`). Otherwise, a [`RangeError`][] is -thrown. A zero-length Buffer will be created if a `size` less than or equal to -0 is specified. - -The underlying memory for `Buffer` instances created in this way is *not -initialized*. The contents of the newly created `Buffer` are unknown and -*may contain sensitive data*. Use [`buf.fill(0)`][] to initialize such -`Buffer` instances to zeroes. - -```js -const buf = Buffer.allocUnsafe(5); -console.log(buf); - // <Buffer 78 e0 82 02 01> - // (octets will be different, every time) -buf.fill(0); -console.log(buf); - // <Buffer 00 00 00 00 00> -``` - -A `TypeError` will be thrown if `size` is not a number. - -Note that the `Buffer` module pre-allocates an internal `Buffer` instance of -size `Buffer.poolSize` that is used as a pool for the fast allocation of new -`Buffer` instances created using `Buffer.allocUnsafe(size)` (and the deprecated -`new Buffer(size)` constructor) only when `size` is less than or equal to -`Buffer.poolSize >> 1` (floor of `Buffer.poolSize` divided by two). The default -value of `Buffer.poolSize` is `8192` but can be modified. - -Use of this pre-allocated internal memory pool is a key difference between -calling `Buffer.alloc(size, fill)` vs. `Buffer.allocUnsafe(size).fill(fill)`. -Specifically, `Buffer.alloc(size, fill)` will *never* use the internal Buffer -pool, while `Buffer.allocUnsafe(size).fill(fill)` *will* use the internal -Buffer pool if `size` is less than or equal to half `Buffer.poolSize`. The -difference is subtle but can be important when an application requires the -additional performance that `Buffer.allocUnsafe(size)` provides. - -### Class Method: Buffer.allocUnsafeSlow(size) -<!-- YAML -added: v5.10.0 ---> - -* `size` {Number} - -Allocates a new *non-zero-filled* and non-pooled `Buffer` of `size` bytes. The -`size` must be less than or equal to the value of -`require('buffer').kMaxLength` (on 64-bit architectures, `kMaxLength` is -`(2^31)-1`). Otherwise, a [`RangeError`][] is thrown. A zero-length Buffer will -be created if a `size` less than or equal to 0 is specified. - -The underlying memory for `Buffer` instances created in this way is *not -initialized*. The contents of the newly created `Buffer` are unknown and -*may contain sensitive data*. Use [`buf.fill(0)`][] to initialize such -`Buffer` instances to zeroes. - -When using `Buffer.allocUnsafe()` to allocate new `Buffer` instances, -allocations under 4KB are, by default, sliced from a single pre-allocated -`Buffer`. This allows applications to avoid the garbage collection overhead of -creating many individually allocated Buffers. This approach improves both -performance and memory usage by eliminating the need to track and cleanup as -many `Persistent` objects. - -However, in the case where a developer may need to retain a small chunk of -memory from a pool for an indeterminate amount of time, it may be appropriate -to create an un-pooled Buffer instance using `Buffer.allocUnsafeSlow()` then -copy out the relevant bits. - -```js -// need to keep around a few small chunks of memory -const store = []; - -socket.on('readable', () => { - const data = socket.read(); - // allocate for retained data - const sb = Buffer.allocUnsafeSlow(10); - // copy the data into the new allocation - data.copy(sb, 0, 0, 10); - store.push(sb); -}); -``` - -Use of `Buffer.allocUnsafeSlow()` should be used only as a last resort *after* -a developer has observed undue memory retention in their applications. - -A `TypeError` will be thrown if `size` is not a number. - -### All the Rest - -The rest of the `Buffer` API is exactly the same as in node.js. -[See the docs](https://nodejs.org/api/buffer.html). - - -## Related links - -- [Node.js issue: Buffer(number) is unsafe](https://github.com/nodejs/node/issues/4660) -- [Node.js Enhancement Proposal: Buffer.from/Buffer.alloc/Buffer.zalloc/Buffer() soft-deprecate](https://github.com/nodejs/node-eps/pull/4) - -## Why is `Buffer` unsafe? - -Today, the node.js `Buffer` constructor is overloaded to handle many different argument -types like `String`, `Array`, `Object`, `TypedArrayView` (`Uint8Array`, etc.), -`ArrayBuffer`, and also `Number`. - -The API is optimized for convenience: you can throw any type at it, and it will try to do -what you want. - -Because the Buffer constructor is so powerful, you often see code like this: - -```js -// Convert UTF-8 strings to hex -function toHex (str) { - return new Buffer(str).toString('hex') -} -``` - -***But what happens if `toHex` is called with a `Number` argument?*** - -### Remote Memory Disclosure - -If an attacker can make your program call the `Buffer` constructor with a `Number` -argument, then they can make it allocate uninitialized memory from the node.js process. -This could potentially disclose TLS private keys, user data, or database passwords. - -When the `Buffer` constructor is passed a `Number` argument, it returns an -**UNINITIALIZED** block of memory of the specified `size`. When you create a `Buffer` like -this, you **MUST** overwrite the contents before returning it to the user. - -From the [node.js docs](https://nodejs.org/api/buffer.html#buffer_new_buffer_size): - -> `new Buffer(size)` -> -> - `size` Number -> -> The underlying memory for `Buffer` instances created in this way is not initialized. -> **The contents of a newly created `Buffer` are unknown and could contain sensitive -> data.** Use `buf.fill(0)` to initialize a Buffer to zeroes. - -(Emphasis our own.) - -Whenever the programmer intended to create an uninitialized `Buffer` you often see code -like this: - -```js -var buf = new Buffer(16) - -// Immediately overwrite the uninitialized buffer with data from another buffer -for (var i = 0; i < buf.length; i++) { - buf[i] = otherBuf[i] -} -``` - - -### Would this ever be a problem in real code? - -Yes. It's surprisingly common to forget to check the type of your variables in a -dynamically-typed language like JavaScript. - -Usually the consequences of assuming the wrong type is that your program crashes with an -uncaught exception. But the failure mode for forgetting to check the type of arguments to -the `Buffer` constructor is more catastrophic. - -Here's an example of a vulnerable service that takes a JSON payload and converts it to -hex: - -```js -// Take a JSON payload {str: "some string"} and convert it to hex -var server = http.createServer(function (req, res) { - var data = '' - req.setEncoding('utf8') - req.on('data', function (chunk) { - data += chunk - }) - req.on('end', function () { - var body = JSON.parse(data) - res.end(new Buffer(body.str).toString('hex')) - }) -}) - -server.listen(8080) -``` - -In this example, an http client just has to send: - -```json -{ - "str": 1000 -} -``` - -and it will get back 1,000 bytes of uninitialized memory from the server. - -This is a very serious bug. It's similar in severity to the -[the Heartbleed bug](http://heartbleed.com/) that allowed disclosure of OpenSSL process -memory by remote attackers. - - -### Which real-world packages were vulnerable? - -#### [`bittorrent-dht`](https://www.npmjs.com/package/bittorrent-dht) - -[Mathias Buus](https://github.com/mafintosh) and I -([Feross Aboukhadijeh](http://feross.org/)) found this issue in one of our own packages, -[`bittorrent-dht`](https://www.npmjs.com/package/bittorrent-dht). The bug would allow -anyone on the internet to send a series of messages to a user of `bittorrent-dht` and get -them to reveal 20 bytes at a time of uninitialized memory from the node.js process. - -Here's -[the commit](https://github.com/feross/bittorrent-dht/commit/6c7da04025d5633699800a99ec3fbadf70ad35b8) -that fixed it. We released a new fixed version, created a -[Node Security Project disclosure](https://nodesecurity.io/advisories/68), and deprecated all -vulnerable versions on npm so users will get a warning to upgrade to a newer version. - -#### [`ws`](https://www.npmjs.com/package/ws) - -That got us wondering if there were other vulnerable packages. Sure enough, within a short -period of time, we found the same issue in [`ws`](https://www.npmjs.com/package/ws), the -most popular WebSocket implementation in node.js. - -If certain APIs were called with `Number` parameters instead of `String` or `Buffer` as -expected, then uninitialized server memory would be disclosed to the remote peer. - -These were the vulnerable methods: - -```js -socket.send(number) -socket.ping(number) -socket.pong(number) -``` - -Here's a vulnerable socket server with some echo functionality: - -```js -server.on('connection', function (socket) { - socket.on('message', function (message) { - message = JSON.parse(message) - if (message.type === 'echo') { - socket.send(message.data) // send back the user's message - } - }) -}) -``` - -`socket.send(number)` called on the server, will disclose server memory. - -Here's [the release](https://github.com/websockets/ws/releases/tag/1.0.1) where the issue -was fixed, with a more detailed explanation. Props to -[Arnout Kazemier](https://github.com/3rd-Eden) for the quick fix. Here's the -[Node Security Project disclosure](https://nodesecurity.io/advisories/67). - - -### What's the solution? - -It's important that node.js offers a fast way to get memory otherwise performance-critical -applications would needlessly get a lot slower. - -But we need a better way to *signal our intent* as programmers. **When we want -uninitialized memory, we should request it explicitly.** - -Sensitive functionality should not be packed into a developer-friendly API that loosely -accepts many different types. This type of API encourages the lazy practice of passing -variables in without checking the type very carefully. - -#### A new API: `Buffer.allocUnsafe(number)` - -The functionality of creating buffers with uninitialized memory should be part of another -API. We propose `Buffer.allocUnsafe(number)`. This way, it's not part of an API that -frequently gets user input of all sorts of different types passed into it. - -```js -var buf = Buffer.allocUnsafe(16) // careful, uninitialized memory! - -// Immediately overwrite the uninitialized buffer with data from another buffer -for (var i = 0; i < buf.length; i++) { - buf[i] = otherBuf[i] -} -``` - - -### How do we fix node.js core? - -We sent [a PR to node.js core](https://github.com/nodejs/node/pull/4514) (merged as -`semver-major`) which defends against one case: - -```js -var str = 16 -new Buffer(str, 'utf8') -``` - -In this situation, it's implied that the programmer intended the first argument to be a -string, since they passed an encoding as a second argument. Today, node.js will allocate -uninitialized memory in the case of `new Buffer(number, encoding)`, which is probably not -what the programmer intended. - -But this is only a partial solution, since if the programmer does `new Buffer(variable)` -(without an `encoding` parameter) there's no way to know what they intended. If `variable` -is sometimes a number, then uninitialized memory will sometimes be returned. - -### What's the real long-term fix? - -We could deprecate and remove `new Buffer(number)` and use `Buffer.allocUnsafe(number)` when -we need uninitialized memory. But that would break 1000s of packages. - -~~We believe the best solution is to:~~ - -~~1. Change `new Buffer(number)` to return safe, zeroed-out memory~~ - -~~2. Create a new API for creating uninitialized Buffers. We propose: `Buffer.allocUnsafe(number)`~~ - -#### Update - -We now support adding three new APIs: - -- `Buffer.from(value)` - convert from any type to a buffer -- `Buffer.alloc(size)` - create a zero-filled buffer -- `Buffer.allocUnsafe(size)` - create an uninitialized buffer with given size - -This solves the core problem that affected `ws` and `bittorrent-dht` which is -`Buffer(variable)` getting tricked into taking a number argument. - -This way, existing code continues working and the impact on the npm ecosystem will be -minimal. Over time, npm maintainers can migrate performance-critical code to use -`Buffer.allocUnsafe(number)` instead of `new Buffer(number)`. - - -### Conclusion - -We think there's a serious design issue with the `Buffer` API as it exists today. It -promotes insecure software by putting high-risk functionality into a convenient API -with friendly "developer ergonomics". - -This wasn't merely a theoretical exercise because we found the issue in some of the -most popular npm packages. - -Fortunately, there's an easy fix that can be applied today. Use `safe-buffer` in place of -`buffer`. - -```js -var Buffer = require('safe-buffer').Buffer -``` - -Eventually, we hope that node.js core can switch to this new, safer behavior. We believe -the impact on the ecosystem would be minimal since it's not a breaking change. -Well-maintained, popular packages would be updated to use `Buffer.alloc` quickly, while -older, insecure packages would magically become safe from this attack vector. - - -## links - -- [Node.js PR: buffer: throw if both length and enc are passed](https://github.com/nodejs/node/pull/4514) -- [Node Security Project disclosure for `ws`](https://nodesecurity.io/advisories/67) -- [Node Security Project disclosure for`bittorrent-dht`](https://nodesecurity.io/advisories/68) - - -## credit - -The original issues in `bittorrent-dht` -([disclosure](https://nodesecurity.io/advisories/68)) and -`ws` ([disclosure](https://nodesecurity.io/advisories/67)) were discovered by -[Mathias Buus](https://github.com/mafintosh) and -[Feross Aboukhadijeh](http://feross.org/). - -Thanks to [Adam Baldwin](https://github.com/evilpacket) for helping disclose these issues -and for his work running the [Node Security Project](https://nodesecurity.io/). - -Thanks to [John Hiesey](https://github.com/jhiesey) for proofreading this README and -auditing the code. - - -## license - -MIT. Copyright (C) [Feross Aboukhadijeh](http://feross.org) diff --git a/node_modules/npm-registry-fetch/node_modules/safe-buffer/index.d.ts b/node_modules/npm-registry-fetch/node_modules/safe-buffer/index.d.ts deleted file mode 100644 index e9fed809a..000000000 --- a/node_modules/npm-registry-fetch/node_modules/safe-buffer/index.d.ts +++ /dev/null @@ -1,187 +0,0 @@ -declare module "safe-buffer" { - export class Buffer { - length: number - write(string: string, offset?: number, length?: number, encoding?: string): number; - toString(encoding?: string, start?: number, end?: number): string; - toJSON(): { type: 'Buffer', data: any[] }; - equals(otherBuffer: Buffer): boolean; - compare(otherBuffer: Buffer, targetStart?: number, targetEnd?: number, sourceStart?: number, sourceEnd?: number): number; - copy(targetBuffer: Buffer, targetStart?: number, sourceStart?: number, sourceEnd?: number): number; - slice(start?: number, end?: number): Buffer; - writeUIntLE(value: number, offset: number, byteLength: number, noAssert?: boolean): number; - writeUIntBE(value: number, offset: number, byteLength: number, noAssert?: boolean): number; - writeIntLE(value: number, offset: number, byteLength: number, noAssert?: boolean): number; - writeIntBE(value: number, offset: number, byteLength: number, noAssert?: boolean): number; - readUIntLE(offset: number, byteLength: number, noAssert?: boolean): number; - readUIntBE(offset: number, byteLength: number, noAssert?: boolean): number; - readIntLE(offset: number, byteLength: number, noAssert?: boolean): number; - readIntBE(offset: number, byteLength: number, noAssert?: boolean): number; - readUInt8(offset: number, noAssert?: boolean): number; - readUInt16LE(offset: number, noAssert?: boolean): number; - readUInt16BE(offset: number, noAssert?: boolean): number; - readUInt32LE(offset: number, noAssert?: boolean): number; - readUInt32BE(offset: number, noAssert?: boolean): number; - readInt8(offset: number, noAssert?: boolean): number; - readInt16LE(offset: number, noAssert?: boolean): number; - readInt16BE(offset: number, noAssert?: boolean): number; - readInt32LE(offset: number, noAssert?: boolean): number; - readInt32BE(offset: number, noAssert?: boolean): number; - readFloatLE(offset: number, noAssert?: boolean): number; - readFloatBE(offset: number, noAssert?: boolean): number; - readDoubleLE(offset: number, noAssert?: boolean): number; - readDoubleBE(offset: number, noAssert?: boolean): number; - swap16(): Buffer; - swap32(): Buffer; - swap64(): Buffer; - writeUInt8(value: number, offset: number, noAssert?: boolean): number; - writeUInt16LE(value: number, offset: number, noAssert?: boolean): number; - writeUInt16BE(value: number, offset: number, noAssert?: boolean): number; - writeUInt32LE(value: number, offset: number, noAssert?: boolean): number; - writeUInt32BE(value: number, offset: number, noAssert?: boolean): number; - writeInt8(value: number, offset: number, noAssert?: boolean): number; - writeInt16LE(value: number, offset: number, noAssert?: boolean): number; - writeInt16BE(value: number, offset: number, noAssert?: boolean): number; - writeInt32LE(value: number, offset: number, noAssert?: boolean): number; - writeInt32BE(value: number, offset: number, noAssert?: boolean): number; - writeFloatLE(value: number, offset: number, noAssert?: boolean): number; - writeFloatBE(value: number, offset: number, noAssert?: boolean): number; - writeDoubleLE(value: number, offset: number, noAssert?: boolean): number; - writeDoubleBE(value: number, offset: number, noAssert?: boolean): number; - fill(value: any, offset?: number, end?: number): this; - indexOf(value: string | number | Buffer, byteOffset?: number, encoding?: string): number; - lastIndexOf(value: string | number | Buffer, byteOffset?: number, encoding?: string): number; - includes(value: string | number | Buffer, byteOffset?: number, encoding?: string): boolean; - - /** - * Allocates a new buffer containing the given {str}. - * - * @param str String to store in buffer. - * @param encoding encoding to use, optional. Default is 'utf8' - */ - constructor (str: string, encoding?: string); - /** - * Allocates a new buffer of {size} octets. - * - * @param size count of octets to allocate. - */ - constructor (size: number); - /** - * Allocates a new buffer containing the given {array} of octets. - * - * @param array The octets to store. - */ - constructor (array: Uint8Array); - /** - * Produces a Buffer backed by the same allocated memory as - * the given {ArrayBuffer}. - * - * - * @param arrayBuffer The ArrayBuffer with which to share memory. - */ - constructor (arrayBuffer: ArrayBuffer); - /** - * Allocates a new buffer containing the given {array} of octets. - * - * @param array The octets to store. - */ - constructor (array: any[]); - /** - * Copies the passed {buffer} data onto a new {Buffer} instance. - * - * @param buffer The buffer to copy. - */ - constructor (buffer: Buffer); - prototype: Buffer; - /** - * Allocates a new Buffer using an {array} of octets. - * - * @param array - */ - static from(array: any[]): Buffer; - /** - * When passed a reference to the .buffer property of a TypedArray instance, - * the newly created Buffer will share the same allocated memory as the TypedArray. - * The optional {byteOffset} and {length} arguments specify a memory range - * within the {arrayBuffer} that will be shared by the Buffer. - * - * @param arrayBuffer The .buffer property of a TypedArray or a new ArrayBuffer() - * @param byteOffset - * @param length - */ - static from(arrayBuffer: ArrayBuffer, byteOffset?: number, length?: number): Buffer; - /** - * Copies the passed {buffer} data onto a new Buffer instance. - * - * @param buffer - */ - static from(buffer: Buffer): Buffer; - /** - * Creates a new Buffer containing the given JavaScript string {str}. - * If provided, the {encoding} parameter identifies the character encoding. - * If not provided, {encoding} defaults to 'utf8'. - * - * @param str - */ - static from(str: string, encoding?: string): Buffer; - /** - * Returns true if {obj} is a Buffer - * - * @param obj object to test. - */ - static isBuffer(obj: any): obj is Buffer; - /** - * Returns true if {encoding} is a valid encoding argument. - * Valid string encodings in Node 0.12: 'ascii'|'utf8'|'utf16le'|'ucs2'(alias of 'utf16le')|'base64'|'binary'(deprecated)|'hex' - * - * @param encoding string to test. - */ - static isEncoding(encoding: string): boolean; - /** - * Gives the actual byte length of a string. encoding defaults to 'utf8'. - * This is not the same as String.prototype.length since that returns the number of characters in a string. - * - * @param string string to test. - * @param encoding encoding used to evaluate (defaults to 'utf8') - */ - static byteLength(string: string, encoding?: string): number; - /** - * Returns a buffer which is the result of concatenating all the buffers in the list together. - * - * If the list has no items, or if the totalLength is 0, then it returns a zero-length buffer. - * If the list has exactly one item, then the first item of the list is returned. - * If the list has more than one item, then a new Buffer is created. - * - * @param list An array of Buffer objects to concatenate - * @param totalLength Total length of the buffers when concatenated. - * If totalLength is not provided, it is read from the buffers in the list. However, this adds an additional loop to the function, so it is faster to provide the length explicitly. - */ - static concat(list: Buffer[], totalLength?: number): Buffer; - /** - * The same as buf1.compare(buf2). - */ - static compare(buf1: Buffer, buf2: Buffer): number; - /** - * Allocates a new buffer of {size} octets. - * - * @param size count of octets to allocate. - * @param fill if specified, buffer will be initialized by calling buf.fill(fill). - * If parameter is omitted, buffer will be filled with zeros. - * @param encoding encoding used for call to buf.fill while initalizing - */ - static alloc(size: number, fill?: string | Buffer | number, encoding?: string): Buffer; - /** - * Allocates a new buffer of {size} octets, leaving memory not initialized, so the contents - * of the newly created Buffer are unknown and may contain sensitive data. - * - * @param size count of octets to allocate - */ - static allocUnsafe(size: number): Buffer; - /** - * Allocates a new non-pooled buffer of {size} octets, leaving memory not initialized, so the contents - * of the newly created Buffer are unknown and may contain sensitive data. - * - * @param size count of octets to allocate - */ - static allocUnsafeSlow(size: number): Buffer; - } -}
\ No newline at end of file diff --git a/node_modules/npm-registry-fetch/node_modules/safe-buffer/index.js b/node_modules/npm-registry-fetch/node_modules/safe-buffer/index.js deleted file mode 100644 index 054c8d30d..000000000 --- a/node_modules/npm-registry-fetch/node_modules/safe-buffer/index.js +++ /dev/null @@ -1,64 +0,0 @@ -/* eslint-disable node/no-deprecated-api */ -var buffer = require('buffer') -var Buffer = buffer.Buffer - -// alternative to using Object.keys for old browsers -function copyProps (src, dst) { - for (var key in src) { - dst[key] = src[key] - } -} -if (Buffer.from && Buffer.alloc && Buffer.allocUnsafe && Buffer.allocUnsafeSlow) { - module.exports = buffer -} else { - // Copy properties from require('buffer') - copyProps(buffer, exports) - exports.Buffer = SafeBuffer -} - -function SafeBuffer (arg, encodingOrOffset, length) { - return Buffer(arg, encodingOrOffset, length) -} - -SafeBuffer.prototype = Object.create(Buffer.prototype) - -// Copy static methods from Buffer -copyProps(Buffer, SafeBuffer) - -SafeBuffer.from = function (arg, encodingOrOffset, length) { - if (typeof arg === 'number') { - throw new TypeError('Argument must not be a number') - } - return Buffer(arg, encodingOrOffset, length) -} - -SafeBuffer.alloc = function (size, fill, encoding) { - if (typeof size !== 'number') { - throw new TypeError('Argument must be a number') - } - var buf = Buffer(size) - if (fill !== undefined) { - if (typeof encoding === 'string') { - buf.fill(fill, encoding) - } else { - buf.fill(fill) - } - } else { - buf.fill(0) - } - return buf -} - -SafeBuffer.allocUnsafe = function (size) { - if (typeof size !== 'number') { - throw new TypeError('Argument must be a number') - } - return Buffer(size) -} - -SafeBuffer.allocUnsafeSlow = function (size) { - if (typeof size !== 'number') { - throw new TypeError('Argument must be a number') - } - return buffer.SlowBuffer(size) -} diff --git a/node_modules/npm-registry-fetch/node_modules/safe-buffer/package.json b/node_modules/npm-registry-fetch/node_modules/safe-buffer/package.json deleted file mode 100644 index 576c453b2..000000000 --- a/node_modules/npm-registry-fetch/node_modules/safe-buffer/package.json +++ /dev/null @@ -1,62 +0,0 @@ -{ - "_from": "safe-buffer@^5.2.0", - "_id": "safe-buffer@5.2.0", - "_inBundle": false, - "_integrity": "sha512-fZEwUGbVl7kouZs1jCdMLdt95hdIv0ZeHg6L7qPeciMZhZ+/gdesW4wgTARkrFWEpspjEATAzUGPG8N2jJiwbg==", - "_location": "/npm-registry-fetch/safe-buffer", - "_phantomChildren": {}, - "_requested": { - "type": "range", - "registry": true, - "raw": "safe-buffer@^5.2.0", - "name": "safe-buffer", - "escapedName": "safe-buffer", - "rawSpec": "^5.2.0", - "saveSpec": null, - "fetchSpec": "^5.2.0" - }, - "_requiredBy": [ - "/npm-registry-fetch" - ], - "_resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.0.tgz", - "_shasum": "b74daec49b1148f88c64b68d49b1e815c1f2f519", - "_spec": "safe-buffer@^5.2.0", - "_where": "/Users/mperrotte/npminc/cli/node_modules/npm-registry-fetch", - "author": { - "name": "Feross Aboukhadijeh", - "email": "feross@feross.org", - "url": "http://feross.org" - }, - "bugs": { - "url": "https://github.com/feross/safe-buffer/issues" - }, - "bundleDependencies": false, - "deprecated": false, - "description": "Safer Node.js Buffer API", - "devDependencies": { - "standard": "*", - "tape": "^4.0.0" - }, - "homepage": "https://github.com/feross/safe-buffer", - "keywords": [ - "buffer", - "buffer allocate", - "node security", - "safe", - "safe-buffer", - "security", - "uninitialized" - ], - "license": "MIT", - "main": "index.js", - "name": "safe-buffer", - "repository": { - "type": "git", - "url": "git://github.com/feross/safe-buffer.git" - }, - "scripts": { - "test": "standard && tape test/*.js" - }, - "types": "index.d.ts", - "version": "5.2.0" -} diff --git a/node_modules/npm-registry-fetch/node_modules/semver/functions/diff.js b/node_modules/npm-registry-fetch/node_modules/semver/functions/diff.js index 1493666e1..87200ef3b 100644 --- a/node_modules/npm-registry-fetch/node_modules/semver/functions/diff.js +++ b/node_modules/npm-registry-fetch/node_modules/semver/functions/diff.js @@ -7,11 +7,9 @@ const diff = (version1, version2) => { } else { const v1 = parse(version1) const v2 = parse(version2) - let prefix = '' - if (v1.prerelease.length || v2.prerelease.length) { - prefix = 'pre' - var defaultResult = 'prerelease' - } + const hasPre = v1.prerelease.length || v2.prerelease.length + const prefix = hasPre ? 'pre' : '' + const defaultResult = hasPre ? 'prerelease' : '' for (const key in v1) { if (key === 'major' || key === 'minor' || key === 'patch') { if (v1[key] !== v2[key]) { diff --git a/node_modules/npm-registry-fetch/node_modules/semver/package.json b/node_modules/npm-registry-fetch/node_modules/semver/package.json index 646da3ce3..a414a3150 100644 --- a/node_modules/npm-registry-fetch/node_modules/semver/package.json +++ b/node_modules/npm-registry-fetch/node_modules/semver/package.json @@ -1,8 +1,8 @@ { "_from": "semver@^7.0.0", - "_id": "semver@7.1.2", + "_id": "semver@7.1.3", "_inBundle": false, - "_integrity": "sha512-BJs9T/H8sEVHbeigqzIEo57Iu/3DG6c4QoqTfbQB3BPA4zgzAomh/Fk9E7QtjWQ8mx2dgA9YCfSF4y9k9bHNpQ==", + "_integrity": "sha512-ekM0zfiA9SCBlsKa2X1hxyxiI4L3B6EbVJkkdgQXnSEEaHlGdvyodMruTiulSRWMMB4NeIuYNMC9rTKTz97GxA==", "_location": "/npm-registry-fetch/semver", "_phantomChildren": {}, "_requested": { @@ -16,13 +16,12 @@ "fetchSpec": "^7.0.0" }, "_requiredBy": [ - "/npm-registry-fetch", "/npm-registry-fetch/npm-package-arg" ], - "_resolved": "https://registry.npmjs.org/semver/-/semver-7.1.2.tgz", - "_shasum": "847bae5bce68c5d08889824f02667199b70e3d87", + "_resolved": "https://registry.npmjs.org/semver/-/semver-7.1.3.tgz", + "_shasum": "e4345ce73071c53f336445cfc19efb1c311df2a6", "_spec": "semver@^7.0.0", - "_where": "/Users/mperrotte/npminc/cli/node_modules/npm-registry-fetch", + "_where": "/Users/claudiahdz/npm/cli/node_modules/npm-registry-fetch/node_modules/npm-package-arg", "bin": { "semver": "bin/semver.js" }, @@ -67,5 +66,5 @@ "check-coverage": true, "coverage-map": "map.js" }, - "version": "7.1.2" + "version": "7.1.3" } diff --git a/node_modules/npm-registry-fetch/node_modules/ssri/CHANGELOG.md b/node_modules/npm-registry-fetch/node_modules/ssri/CHANGELOG.md index 1d5447aea..822e8506e 100644 --- a/node_modules/npm-registry-fetch/node_modules/ssri/CHANGELOG.md +++ b/node_modules/npm-registry-fetch/node_modules/ssri/CHANGELOG.md @@ -2,6 +2,31 @@ All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines. +## [8.0.0](https://github.com/npm/ssri/compare/v7.1.0...v8.0.0) (2020-02-18) + + +### ⚠ BREAKING CHANGES + +* SRI values with `../` in the algorithm name now throw +as invalid (which they always probably should have!) +* adds a new error that will be thrown. Empty SRIs are +no longer considered valid for checking, only when using integrityStream +to calculate the SRI value. + +PR-URL: https://github.com/npm/ssri/pull/12 +Credit: @claudiahdz + +### Features + +* remove figgy-pudding ([0e78fd7](https://github.com/npm/ssri/commit/0e78fd7b754e2d098875eb4c57238709d96d7c27)) + + +### Bug Fixes + +* harden SRI parsing against ../ funny business ([4062735](https://github.com/npm/ssri/commit/4062735d1281941fd32ac4320b9f9965fcec278b)) +* IntegrityStream responds to mutating opts object mid-stream ([4a963e5](https://github.com/npm/ssri/commit/4a963e5982478c6b07f86848cdb72d142c765195)) +* throw null when sri is empty or bad ([a6811cb](https://github.com/npm/ssri/commit/a6811cba71e20ea1fdefa6e50c9ea3c67efc2500)), closes [#12](https://github.com/npm/ssri/issues/12) + ## [7.1.0](https://github.com/npm/ssri/compare/v7.0.1...v7.1.0) (2019-10-24) diff --git a/node_modules/npm-registry-fetch/node_modules/ssri/index.js b/node_modules/npm-registry-fetch/node_modules/ssri/index.js index daee85d73..950548cf2 100644 --- a/node_modules/npm-registry-fetch/node_modules/ssri/index.js +++ b/node_modules/npm-registry-fetch/node_modules/ssri/index.js @@ -1,27 +1,28 @@ 'use strict' const crypto = require('crypto') -const figgyPudding = require('figgy-pudding') const MiniPass = require('minipass') const SPEC_ALGORITHMS = ['sha256', 'sha384', 'sha512'] +// TODO: this should really be a hardcoded list of algorithms we support, +// rather than [a-z0-9]. const BASE64_REGEX = /^[a-z0-9+/]+(?:=?=?)$/i -const SRI_REGEX = /^([^-]+)-([^?]+)([?\S*]*)$/ -const STRICT_SRI_REGEX = /^([^-]+)-([A-Za-z0-9+/=]{44,88})(\?[\x21-\x7E]*)*$/ +const SRI_REGEX = /^([a-z0-9]+)-([^?]+)([?\S*]*)$/ +const STRICT_SRI_REGEX = /^([a-z0-9]+)-([A-Za-z0-9+/=]{44,88})(\?[\x21-\x7E]*)*$/ const VCHAR_REGEX = /^[\x21-\x7E]+$/ -const SsriOpts = figgyPudding({ - algorithms: { default: ['sha512'] }, - error: { default: false }, - integrity: {}, - options: { default: [] }, - pickAlgorithm: { default: () => getPrioritizedHash }, - sep: { default: ' ' }, - single: { default: false }, - size: {}, - strict: { default: false } -}) +const defaultOpts = { + algorithms: ['sha512'], + error: false, + options: [], + pickAlgorithm: getPrioritizedHash, + sep: ' ', + single: false, + strict: false +} + +const ssriOpts = (opts = {}) => ({ ...defaultOpts, ...opts }) const getOptString = options => !options || !options.length ? '' : `?${options.join('?')}` @@ -38,21 +39,27 @@ class IntegrityStream extends MiniPass { this[_getOptions]() // options used for calculating stream. can't be changed. + const { algorithms = defaultOpts.algorithms } = opts this.algorithms = Array.from( - new Set(opts.algorithms.concat(this.algorithm ? [this.algorithm] : [])) + new Set(algorithms.concat(this.algorithm ? [this.algorithm] : [])) ) this.hashes = this.algorithms.map(crypto.createHash) } [_getOptions] () { - const opts = this.opts + const { + integrity, + size, + options + } = { ...defaultOpts, ...this.opts } + // For verification - this.sri = opts.integrity ? parse(opts.integrity, opts) : null - this.expectedSize = opts.size + this.sri = integrity ? parse(integrity, this.opts) : null + this.expectedSize = size this.goodSri = this.sri ? !!Object.keys(this.sri).length : false - this.algorithm = this.goodSri ? this.sri.pickAlgorithm(opts) : null + this.algorithm = this.goodSri ? this.sri.pickAlgorithm(this.opts) : null this.digests = this.goodSri ? this.sri[this.algorithm] : null - this.optString = getOptString(opts.options) + this.optString = getOptString(options) } emit (ev, data) { @@ -101,7 +108,7 @@ class IntegrityStream extends MiniPass { class Hash { get isHash () { return true } constructor (hash, opts) { - opts = SsriOpts(opts) + opts = ssriOpts(opts) const strict = !!opts.strict this.source = hash.trim() @@ -138,7 +145,7 @@ class Hash { } toString (opts) { - opts = SsriOpts(opts) + opts = ssriOpts(opts) if (opts.strict) { // Strict mode enforces the standard as close to the foot of the // letter as it can. @@ -172,8 +179,12 @@ class Integrity { return this.toString() } + isEmpty () { + return Object.keys(this).length === 0 + } + toString (opts) { - opts = SsriOpts(opts) + opts = ssriOpts(opts) let sep = opts.sep || ' ' if (opts.strict) { // Entries must be separated by whitespace, according to spec. @@ -187,7 +198,7 @@ class Integrity { } concat (integrity, opts) { - opts = SsriOpts(opts) + opts = ssriOpts(opts) const other = typeof integrity === 'string' ? integrity : stringify(integrity, opts) @@ -201,7 +212,7 @@ class Integrity { // add additional hashes to an integrity value, but prevent // *changing* an existing integrity hash. merge (integrity, opts) { - opts = SsriOpts(opts) + opts = ssriOpts(opts) const other = parse(integrity, opts) for (const algo in other) { if (this[algo]) { @@ -217,7 +228,7 @@ class Integrity { } match (integrity, opts) { - opts = SsriOpts(opts) + opts = ssriOpts(opts) const other = parse(integrity, opts) const algo = other.pickAlgorithm(opts) return ( @@ -232,14 +243,9 @@ class Integrity { } pickAlgorithm (opts) { - opts = SsriOpts(opts) + opts = ssriOpts(opts) const pickAlgorithm = opts.pickAlgorithm const keys = Object.keys(this) - if (!keys.length) { - throw new Error(`No algorithms available for ${ - JSON.stringify(this.toString()) - }`) - } return keys.reduce((acc, algo) => { return pickAlgorithm(acc, algo) || acc }) @@ -248,7 +254,8 @@ class Integrity { module.exports.parse = parse function parse (sri, opts) { - opts = SsriOpts(opts) + if (!sri) return null + opts = ssriOpts(opts) if (typeof sri === 'string') { return _parse(sri, opts) } else if (sri.algorithm && sri.digest) { @@ -266,7 +273,7 @@ function _parse (integrity, opts) { if (opts.single) { return new Hash(integrity, opts) } - return integrity.trim().split(/\s+/).reduce((acc, string) => { + const hashes = integrity.trim().split(/\s+/).reduce((acc, string) => { const hash = new Hash(string, opts) if (hash.algorithm && hash.digest) { const algo = hash.algorithm @@ -275,11 +282,12 @@ function _parse (integrity, opts) { } return acc }, new Integrity()) + return hashes.isEmpty() ? null : hashes } module.exports.stringify = stringify function stringify (obj, opts) { - opts = SsriOpts(opts) + opts = ssriOpts(opts) if (obj.algorithm && obj.digest) { return Hash.prototype.toString.call(obj, opts) } else if (typeof obj === 'string') { @@ -291,7 +299,7 @@ function stringify (obj, opts) { module.exports.fromHex = fromHex function fromHex (hexDigest, algorithm, opts) { - opts = SsriOpts(opts) + opts = ssriOpts(opts) const optString = getOptString(opts.options) return parse( `${algorithm}-${ @@ -302,7 +310,7 @@ function fromHex (hexDigest, algorithm, opts) { module.exports.fromData = fromData function fromData (data, opts) { - opts = SsriOpts(opts) + opts = ssriOpts(opts) const algorithms = opts.algorithms const optString = getOptString(opts.options) return algorithms.reduce((acc, algo) => { @@ -325,7 +333,7 @@ function fromData (data, opts) { module.exports.fromStream = fromStream function fromStream (stream, opts) { - opts = SsriOpts(opts) + opts = ssriOpts(opts) const istream = integrityStream(opts) return new Promise((resolve, reject) => { stream.pipe(istream) @@ -340,9 +348,9 @@ function fromStream (stream, opts) { module.exports.checkData = checkData function checkData (data, sri, opts) { - opts = SsriOpts(opts) + opts = ssriOpts(opts) sri = parse(sri, opts) - if (!Object.keys(sri).length) { + if (!sri || !Object.keys(sri).length) { if (opts.error) { throw Object.assign( new Error('No valid integrity hashes to check against'), { @@ -379,10 +387,17 @@ function checkData (data, sri, opts) { module.exports.checkStream = checkStream function checkStream (stream, sri, opts) { - opts = SsriOpts(opts) - const checker = integrityStream(opts.concat({ - integrity: sri - })) + opts = ssriOpts(opts) + opts.integrity = sri + sri = parse(sri, opts) + if (!sri || !Object.keys(sri).length) { + return Promise.reject(Object.assign( + new Error('No valid integrity hashes to check against'), { + code: 'EINTEGRITY' + } + )) + } + const checker = integrityStream(opts) return new Promise((resolve, reject) => { stream.pipe(checker) stream.on('error', reject) @@ -395,13 +410,13 @@ function checkStream (stream, sri, opts) { } module.exports.integrityStream = integrityStream -function integrityStream (opts) { - return new IntegrityStream(SsriOpts(opts)) +function integrityStream (opts = {}) { + return new IntegrityStream(opts) } module.exports.create = createIntegrity function createIntegrity (opts) { - opts = SsriOpts(opts) + opts = ssriOpts(opts) const algorithms = opts.algorithms const optString = getOptString(opts.options) diff --git a/node_modules/npm-registry-fetch/node_modules/ssri/package.json b/node_modules/npm-registry-fetch/node_modules/ssri/package.json index 6df454b60..39935b38f 100644 --- a/node_modules/npm-registry-fetch/node_modules/ssri/package.json +++ b/node_modules/npm-registry-fetch/node_modules/ssri/package.json @@ -1,28 +1,28 @@ { - "_from": "ssri@^7.0.1", - "_id": "ssri@7.1.0", + "_from": "ssri@^8.0.0", + "_id": "ssri@8.0.0", "_inBundle": false, - "_integrity": "sha512-77/WrDZUWocK0mvA5NTRQyveUf+wsrIc6vyrxpS8tVvYBcX215QbafrJR3KtkpskIzoFLqqNuuYQvxaMjXJ/0g==", + "_integrity": "sha512-aq/pz989nxVYwn16Tsbj1TqFpD5LLrQxHf5zaHuieFV+R0Bbr4y8qUsOA45hXT/N4/9UNXTarBjnjVmjSOVaAA==", "_location": "/npm-registry-fetch/ssri", "_phantomChildren": {}, "_requested": { "type": "range", "registry": true, - "raw": "ssri@^7.0.1", + "raw": "ssri@^8.0.0", "name": "ssri", "escapedName": "ssri", - "rawSpec": "^7.0.1", + "rawSpec": "^8.0.0", "saveSpec": null, - "fetchSpec": "^7.0.1" + "fetchSpec": "^8.0.0" }, "_requiredBy": [ "/npm-registry-fetch/cacache", "/npm-registry-fetch/make-fetch-happen" ], - "_resolved": "https://registry.npmjs.org/ssri/-/ssri-7.1.0.tgz", - "_shasum": "92c241bf6de82365b5c7fb4bd76e975522e1294d", - "_spec": "ssri@^7.0.1", - "_where": "/Users/mperrotte/npminc/cli/node_modules/npm-registry-fetch/node_modules/make-fetch-happen", + "_resolved": "https://registry.npmjs.org/ssri/-/ssri-8.0.0.tgz", + "_shasum": "79ca74e21f8ceaeddfcb4b90143c458b8d988808", + "_spec": "ssri@^8.0.0", + "_where": "/Users/claudiahdz/npm/cli/node_modules/npm-registry-fetch/node_modules/make-fetch-happen", "author": { "name": "Kat Marchán", "email": "kzm@sykosomatic.org" @@ -32,24 +32,19 @@ }, "bundleDependencies": false, "dependencies": { - "figgy-pudding": "^3.5.1", "minipass": "^3.1.1" }, "deprecated": false, "description": "Standard Subresource Integrity library -- parses, serializes, generates, and verifies integrity metadata according to the SRI spec.", "devDependencies": { - "standard": "^14.3.0", - "standard-version": "^7.0.0", - "tap": "^14.8.2", - "weallbehave": "^1.2.0", - "weallcontribute": "^1.0.8" + "standard": "^14.3.1", + "standard-version": "^7.1.0", + "tap": "^14.10.6" }, "engines": { "node": ">= 8" }, - "files": [ - "*.js" - ], + "files": [], "homepage": "https://github.com/npm/ssri#readme", "keywords": [ "w3c", @@ -73,16 +68,17 @@ "url": "git+https://github.com/npm/ssri.git" }, "scripts": { - "postrelease": "npm publish && git push --follow-tags", + "coverage": "tap", + "lint": "standard", + "postrelease": "npm publish", + "posttest": "npm run lint", + "prepublishOnly": "git push --follow-tags", "prerelease": "npm t", - "pretest": "standard", "release": "standard-version -s", - "test": "tap -J --coverage test/*.js", - "update-coc": "weallbehave -o . && git add CODE_OF_CONDUCT.md && git commit -m 'docs(coc): updated CODE_OF_CONDUCT.md'", - "update-contrib": "weallcontribute -o . && git add CONTRIBUTING.md && git commit -m 'docs(contributing): updated CONTRIBUTING.md'" + "test": "tap" }, "tap": { "check-coverage": true }, - "version": "7.1.0" + "version": "8.0.0" } diff --git a/node_modules/npm-registry-fetch/package.json b/node_modules/npm-registry-fetch/package.json index dc942d669..648ef7a60 100644 --- a/node_modules/npm-registry-fetch/package.json +++ b/node_modules/npm-registry-fetch/package.json @@ -1,15 +1,13 @@ { - "_from": "npm-registry-fetch@6.0.0", - "_id": "npm-registry-fetch@6.0.0", + "_from": "npm-registry-fetch@7.0.0", + "_id": "npm-registry-fetch@7.0.0", "_inBundle": false, - "_integrity": "sha512-TSzEzudrky0ArPskchM/7F5SrawBY5acMNtRqFuacEI2lCKEyfBjaENuuIU5Uq2CyHfJ+gWp5QlCprolKa5wKg==", + "_integrity": "sha512-XABSG02i/03EfnXM8azGksxICQO8g5MSiaxIUBsNTLXnQLBcdQNS67aOZsF5Yn97RV9o9g+fBUUN2Sg8u7iCBw==", "_location": "/npm-registry-fetch", "_phantomChildren": { "chownr": "1.1.3", "depd": "1.1.2", - "figgy-pudding": "3.5.1", "glob": "7.1.4", - "graceful-fs": "4.2.3", "humanize-ms": "1.2.1", "infer-owner": "1.0.4", "is-lambda": "1.0.1", @@ -31,21 +29,21 @@ "_requested": { "type": "version", "registry": true, - "raw": "npm-registry-fetch@6.0.0", + "raw": "npm-registry-fetch@7.0.0", "name": "npm-registry-fetch", "escapedName": "npm-registry-fetch", - "rawSpec": "6.0.0", + "rawSpec": "7.0.0", "saveSpec": null, - "fetchSpec": "6.0.0" + "fetchSpec": "7.0.0" }, "_requiredBy": [ "#USER", "/" ], - "_resolved": "https://registry.npmjs.org/npm-registry-fetch/-/npm-registry-fetch-6.0.0.tgz", - "_shasum": "260974e4f8f76536312749dc53a2bf08cce1b331", - "_spec": "npm-registry-fetch@6.0.0", - "_where": "/Users/mperrotte/npminc/cli", + "_resolved": "https://registry.npmjs.org/npm-registry-fetch/-/npm-registry-fetch-7.0.0.tgz", + "_shasum": "314529aa2818a379947912c26d41b42942e40b9f", + "_spec": "npm-registry-fetch@7.0.0", + "_where": "/Users/claudiahdz/npm/cli", "author": { "name": "Kat Marchán", "email": "kzm@sykosomatic.org" @@ -56,26 +54,24 @@ "bundleDependencies": false, "dependencies": { "@npmcli/ci-detect": "^1.0.0", - "figgy-pudding": "^3.4.1", "lru-cache": "^5.1.1", - "make-fetch-happen": "^7.1.0", + "make-fetch-happen": "^8.0.1", "minipass": "^3.0.0", "minipass-fetch": "^1.1.2", "minipass-json-stream": "^1.0.1", "minizlib": "^2.0.0", - "npm-package-arg": "^8.0.0", - "safe-buffer": "^5.2.0", - "semver": "^7.0.0" + "npm-package-arg": "^8.0.0" }, "deprecated": false, "description": "Fetch-based http client for use with npm registry APIs", "devDependencies": { - "cacache": "^13.0.1", + "cacache": "^15.0.0", "mkdirp": "^0.5.1", "nock": "^11.7.0", "npmlog": "^4.1.2", + "require-inject": "^1.4.4", "rimraf": "^2.6.2", - "ssri": "^7.1.0", + "ssri": "^8.0.0", "standard": "^14.3.1", "standard-version": "^7.0.1", "tap": "^14.10.4" @@ -112,5 +108,5 @@ "check-coverage": true, "test-ignore": "test[\\\\/](util|cache)[\\\\/]" }, - "version": "6.0.0" + "version": "7.0.0" } |