diff options
| author | claudiahdz <cghr1990@gmail.com> | 2020-02-19 00:17:29 +0300 |
|---|---|---|
| committer | isaacs <i@izs.me> | 2020-05-08 04:11:51 +0300 |
| commit | b9bc4f04019a9c8af266e28d95d38f0d1e25d1f7 (patch) | |
| tree | 0c262a7fa0f4f1a0e6b16ac578491a5aaa92b7bc /node_modules | |
| parent | 0a30b0d8a1c448b6d89d781ad81f46117d014953 (diff) | |
pacote@11.0.0
Diffstat (limited to 'node_modules')
375 files changed, 28313 insertions, 956 deletions
diff --git a/node_modules/pacote/node_modules/npm-package-arg/LICENSE b/node_modules/@npmcli/installed-package-contents/LICENSE index 05eeeb88c..19cec97b1 100644 --- a/node_modules/pacote/node_modules/npm-package-arg/LICENSE +++ b/node_modules/@npmcli/installed-package-contents/LICENSE @@ -1,6 +1,6 @@ The ISC License -Copyright (c) Isaac Z. Schlueter +Copyright (c) npm, Inc. Permission to use, copy, modify, and/or distribute this software for any purpose with or without fee is hereby granted, provided that the above diff --git a/node_modules/@npmcli/installed-package-contents/README.md b/node_modules/@npmcli/installed-package-contents/README.md new file mode 100644 index 000000000..edd23bd26 --- /dev/null +++ b/node_modules/@npmcli/installed-package-contents/README.md @@ -0,0 +1,109 @@ +# @npmcli/installed-package-contents + +Get the list of files installed in a package in node_modules, including +bundled dependencies. + +This is useful if you want to remove a package node from the tree _without_ +removing its child nodes, for example to extract a new version of the +dependency into place safely. + +It's sort of the reflection of [npm-packlist](http://npm.im/npm-packlist), +but for listing out the _installed_ files rather than the files that _will_ +be installed. This is of course a much simpler operation, because we don't +have to handle ignore files or package.json `files` lists. + +## USAGE + +```js +// programmatic usage +const pkgContents = require('@npmcli/installed-package-contents') + +pkgContents({ path: 'node_modules/foo', depth: 1 }).then(files => { + // files is an array of items that need to be passed to + // rimraf or moved out of the way to make the folder empty + // if foo bundled dependencies, those will be included. + // It will not traverse into child directories, because we set + // depth:1 in the options. + // If the folder doesn't exist, this returns an empty array. +}) + +pkgContents({ path: 'node_modules/foo', depth: Infinity }).then(files => { + // setting depth:Infinity tells it to keep walking forever + // until it hits something that isn't a directory, so we'll + // just get the list of all files, but not their containing + // directories. +}) +``` + +As a CLI: + +```bash +$ installed-package-contents node_modules/bundle-some -d1 +node_modules/.bin/some +node_modules/bundle-some/package.json +node_modules/bundle-some/node_modules/@scope/baz +node_modules/bundle-some/node_modules/.bin/foo +node_modules/bundle-some/node_modules/foo +``` + +CLI options: + +``` +Usage: + installed-package-contents <path> [-d<n> --depth=<n>] + +Lists the files installed for a package specified by <path>. + +Options: + -d<n> --depth=<n> Provide a numeric value ("Infinity" is allowed) + to specify how deep in the file tree to traverse. + Default=1 + -h --help Show this usage information +``` + +## OPTIONS + +* `depth` Number, default `1`. How deep to traverse through folders to get + contents. Typically you'd want to set this to either `1` (to get the + surface files and folders) or `Infinity` (to get all files), but any + other positive number is supported as well. If set to `0` or a + negative number, returns the path provided and (if it is a package) its + set of linked bins. +* `path` Required. Path to the package in `node_modules` where traversal + should begin. + +## RETURN VALUE + +A Promise that resolves to an array of fully-resolved files and folders +matching the criteria. This includes all bundled dependencies in +`node_modules`, and any linked executables in `node_modules/.bin` that the +package caused to be installed. + +An empty or missing package folder will return an empty array. Empty +directories _within_ package contents are listed, even if the `depth` +argument would cause them to be traversed into. + +## CAVEAT + +If using this module to generate a list of files that should be recursively +removed to clear away the package, note that this will leave empty +directories behind in certain cases: + +- If all child packages are bundled dependencies, then the + `node_modules` folder will remain. +- If all child packages within a given scope were bundled dependencies, + then the `node_modules/@scope` folder will remain. +- If all linked bin scripts were removed, then an empty `node_modules/.bin` + folder will remain. + +In the interest of speed and algorithmic complexity, this module does _not_ +do a subsequent readdir to see if it would remove all directory entries, +though it would be easier to look at if it returned `node_modules` or +`.bin` in that case rather than the contents. However, if the intent is to +pass these arguments to `rimraf`, it hardly makes sense to do _two_ +`readdir` calls just so that we can have the luxury of having to make a +third. + +Since the primary use case is to delete a package's contents so that they +can be re-filled with a new version of that package, this caveat does not +pose a problem. Empty directories are already ignored by both npm and git. diff --git a/node_modules/@npmcli/installed-package-contents/index.js b/node_modules/@npmcli/installed-package-contents/index.js new file mode 100755 index 000000000..fa81551fe --- /dev/null +++ b/node_modules/@npmcli/installed-package-contents/index.js @@ -0,0 +1,224 @@ +// to GET CONTENTS for folder at PATH (which may be a PACKAGE): +// - if PACKAGE, read path/package.json +// - if bins in ../node_modules/.bin, add those to result +// - if depth >= maxDepth, add PATH to result, and finish +// - readdir(PATH, with file types) +// - add all FILEs in PATH to result +// - if PARENT: +// - if depth < maxDepth, add GET CONTENTS of all DIRs in PATH +// - else, add all DIRs in PATH +// - if no parent +// - if no bundled deps, +// - if depth < maxDepth, add GET CONTENTS of DIRs in path except +// node_modules +// - else, add all DIRs in path other than node_modules +// - if has bundled deps, +// - get list of bundled deps +// - add GET CONTENTS of bundled deps, PACKAGE=true, depth + 1 + +const bundled = require('npm-bundled') +const {promisify} = require('util') +const fs = require('fs') +const readFile = promisify(fs.readFile) +const readdir = promisify(fs.readdir) +const stat = promisify(fs.stat) +const {relative, resolve, basename, dirname} = require('path') +const normalizePackageBin = require('npm-normalize-package-bin') + +const readPackage = ({ path, packageJsonCache }) => + packageJsonCache.has(path) ? Promise.resolve(packageJsonCache.get(path)) + : readFile(path).then(json => { + const pkg = normalizePackageBin(JSON.parse(json)) + packageJsonCache.set(path, pkg) + return pkg + }) + .catch(er => null) + +// just normalize bundle deps and bin, that's all we care about here. +const normalized = Symbol('package data has been normalized') +const rpj = ({ path, packageJsonCache }) => + readPackage({path, packageJsonCache}) + .then(pkg => { + if (!pkg || pkg[normalized]) + return pkg + if (pkg.bundledDependencies && !pkg.bundleDependencies) { + pkg.bundleDependencies = pkg.bundledDependencies + delete pkg.bundledDependencies + } + const bd = pkg.bundleDependencies + if (bd === true) { + pkg.bundleDependencies = [ + ...Object.keys(pkg.dependencies || {}), + ...Object.keys(pkg.optionalDependencies || {}), + ] + } + if (typeof bd === 'object' && !Array.isArray(bd)) { + pkg.bundleDependencies = Object.keys(bd) + } + pkg[normalized] = true + return pkg + }) + + +const pkgContents = async ({ + path, + depth, + currentDepth = 0, + pkg = null, + result = null, + packageJsonCache = null, +}) => { + if (!result) + result = new Set() + + if (!packageJsonCache) + packageJsonCache = new Map() + + if (pkg === true) { + return rpj({ path: path + '/package.json', packageJsonCache }) + .then(pkg => pkgContents({ + path, + depth, + currentDepth, + pkg, + result, + packageJsonCache, + })) + } + + if (pkg) { + // add all bins to result if they exist + if (pkg.bin) { + const dir = dirname(path) + const base = basename(path) + const scope = basename(dir) + const nm = /^@.+/.test(scope) ? dirname(dir) : dir + + const binFiles = [] + Object.keys(pkg.bin).forEach(b => { + const base = resolve(nm, '.bin', b) + binFiles.push(base, base + '.cmd', base + '.ps1') + }) + + const bins = await Promise.all( + binFiles.map(b => stat(b).then(() => b).catch((er) => null)) + ) + bins.filter(b => b).forEach(b => result.add(b)) + } + } + + if (currentDepth >= depth) { + result.add(path) + return result + } + + // we'll need bundle list later, so get that now in parallel + const [dirEntries, bundleDeps] = await Promise.all([ + readdir(path, { withFileTypes: true }), + currentDepth === 0 && pkg && pkg.bundleDependencies + ? bundled({ path, packageJsonCache }) : null, + ]).catch(() => []) + + // not a thing, probably a missing folder + if (!dirEntries) + return result + + // empty folder, just add the folder itself to the result + if (!dirEntries.length && !bundleDeps && currentDepth !== 0) { + result.add(path) + return result + } + + const recursePromises = [] + + for (const entry of dirEntries) { + const p = resolve(path, entry.name) + if (entry.isDirectory() === false) { + result.add(p) + continue + } + + if (currentDepth !== 0 || entry.name !== 'node_modules') { + if (currentDepth < depth - 1) { + recursePromises.push(pkgContents({ + path: p, + packageJsonCache, + depth, + currentDepth: currentDepth + 1, + result, + })) + } else { + result.add(p) + } + continue + } + } + + if (bundleDeps) { + // bundle deps are all folders + // we always recurse to get pkg bins, but if currentDepth is too high, + // it'll return early before walking their contents. + recursePromises.push(...bundleDeps.map(dep => { + const p = resolve(path, 'node_modules', dep) + return pkgContents({ + path: p, + packageJsonCache, + pkg: true, + depth, + currentDepth: currentDepth + 1, + result, + }) + })) + } + + if (recursePromises.length) + await Promise.all(recursePromises) + + return result +} + +module.exports = ({path, depth = 1, packageJsonCache}) => pkgContents({ + path: resolve(path), + depth, + pkg: true, + packageJsonCache, +}).then(results => [...results]) + + +if (require.main === module) { + const options = { path: null, depth: 1 } + const usage = `Usage: + installed-package-contents <path> [-d<n> --depth=<n>] + +Lists the files installed for a package specified by <path>. + +Options: + -d<n> --depth=<n> Provide a numeric value ("Infinity" is allowed) + to specify how deep in the file tree to traverse. + Default=1 + -h --help Show this usage information` + + process.argv.slice(2).forEach(arg => { + let match + if ((match = arg.match(/^--depth=([0-9]+|Infinity)/)) || + (match = arg.match(/^-d([0-9]+|Infinity)/))) + options.depth = +match[1] + else if (arg === '-h' || arg === '--help') { + console.log(usage) + process.exit(0) + } else + options.path = arg + }) + if (!options.path) { + console.error('ERROR: no path provided') + console.error(usage) + process.exit(1) + } + const cwd = process.cwd() + module.exports(options) + .then(list => list.sort().forEach(p => console.log(relative(cwd, p)))) + .catch(/* istanbul ignore next - pretty unusual */ er => { + console.error(er) + process.exit(1) + }) +} diff --git a/node_modules/@npmcli/installed-package-contents/package.json b/node_modules/@npmcli/installed-package-contents/package.json new file mode 100644 index 000000000..1b89d044e --- /dev/null +++ b/node_modules/@npmcli/installed-package-contents/package.json @@ -0,0 +1,74 @@ +{ + "_from": "@npmcli/installed-package-contents@^1.0.5", + "_id": "@npmcli/installed-package-contents@1.0.5", + "_inBundle": false, + "_integrity": "sha512-aKIwguaaqb6ViwSOFytniGvLPb9SMCUm39TgM3SfUo7n0TxUMbwoXfpwyvQ4blm10lzbAwTsvjr7QZ85LvTi4A==", + "_location": "/@npmcli/installed-package-contents", + "_phantomChildren": {}, + "_requested": { + "type": "range", + "registry": true, + "raw": "@npmcli/installed-package-contents@^1.0.5", + "name": "@npmcli/installed-package-contents", + "escapedName": "@npmcli%2finstalled-package-contents", + "scope": "@npmcli", + "rawSpec": "^1.0.5", + "saveSpec": null, + "fetchSpec": "^1.0.5" + }, + "_requiredBy": [ + "/pacote" + ], + "_resolved": "https://registry.npmjs.org/@npmcli/installed-package-contents/-/installed-package-contents-1.0.5.tgz", + "_shasum": "cc78565e55d9f14d46acf46a96f70934e516fa3d", + "_spec": "@npmcli/installed-package-contents@^1.0.5", + "_where": "/Users/claudiahdz/npm/cli/node_modules/pacote", + "author": { + "name": "Isaac Z. Schlueter", + "email": "i@izs.me", + "url": "https://izs.me" + }, + "bin": { + "installed-package-contents": "index.js" + }, + "bugs": { + "url": "https://github.com/npm/installed-package-contents/issues" + }, + "bundleDependencies": false, + "dependencies": { + "npm-bundled": "^1.1.1", + "npm-normalize-package-bin": "^1.0.1", + "read-package-json-fast": "^1.1.1", + "readdir-scoped-modules": "^1.1.0" + }, + "deprecated": false, + "description": "Get the list of files installed in a package in node_modules, including bundled dependencies", + "devDependencies": { + "tap": "^14.10.4" + }, + "engines": { + "node": ">= 10" + }, + "files": [ + "index.js" + ], + "homepage": "https://github.com/npm/installed-package-contents#readme", + "license": "ISC", + "main": "index.js", + "name": "@npmcli/installed-package-contents", + "repository": { + "type": "git", + "url": "git+https://github.com/npm/installed-package-contents.git" + }, + "scripts": { + "postpublish": "git push origin --follow-tags", + "postversion": "npm publish", + "preversion": "npm test", + "snap": "tap", + "test": "tap" + }, + "tap": { + "check-coverage": true + }, + "version": "1.0.5" +} diff --git a/node_modules/json-parse-even-better-errors/CHANGELOG.md b/node_modules/json-parse-even-better-errors/CHANGELOG.md new file mode 100644 index 000000000..dfd67330a --- /dev/null +++ b/node_modules/json-parse-even-better-errors/CHANGELOG.md @@ -0,0 +1,50 @@ +# Change Log + +All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines. + +## 2.0.0 + +* Add custom error classes + +<a name="1.0.2"></a> +## [1.0.2](https://github.com/npm/json-parse-even-better-errors/compare/v1.0.1...v1.0.2) (2018-03-30) + + +### Bug Fixes + +* **messages:** More friendly messages for non-string ([#1](https://github.com/npm/json-parse-even-better-errors/issues/1)) ([a476d42](https://github.com/npm/json-parse-even-better-errors/commit/a476d42)) + + + +<a name="1.0.1"></a> +## [1.0.1](https://github.com/npm/json-parse-even-better-errors/compare/v1.0.0...v1.0.1) (2017-08-16) + + +### Bug Fixes + +* **license:** oops. Forgot to update license.md ([efe2958](https://github.com/npm/json-parse-even-better-errors/commit/efe2958)) + + + +<a name="1.0.0"></a> +# 1.0.0 (2017-08-15) + + +### Features + +* **init:** Initial Commit ([562c977](https://github.com/npm/json-parse-even-better-errors/commit/562c977)) + + +### BREAKING CHANGES + +* **init:** This is the first commit! + + + +<a name="0.1.0"></a> +# 0.1.0 (2017-08-15) + + +### Features + +* **init:** Initial Commit ([9dd1a19](https://github.com/npm/json-parse-even-better-errors/commit/9dd1a19)) diff --git a/node_modules/json-parse-even-better-errors/LICENSE.md b/node_modules/json-parse-even-better-errors/LICENSE.md new file mode 100644 index 000000000..cb6c4a624 --- /dev/null +++ b/node_modules/json-parse-even-better-errors/LICENSE.md @@ -0,0 +1,25 @@ +Copyright 2017 Kat Marchán +Copyright npm, Inc. and Contributors + +Permission is hereby granted, free of charge, to any person obtaining a +copy of this software and associated documentation files (the "Software"), +to deal in the Software without restriction, including without limitation +the rights to use, copy, modify, merge, publish, distribute, sublicense, +and/or sell copies of the Software, and to permit persons to whom the +Software is furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in +all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING +FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER +DEALINGS IN THE SOFTWARE. + +--- + +This library is a fork of 'better-json-errors' by Kat Marchán, extended and +distributed under the terms of the MIT license above. diff --git a/node_modules/json-parse-even-better-errors/README.md b/node_modules/json-parse-even-better-errors/README.md new file mode 100644 index 000000000..631035f9a --- /dev/null +++ b/node_modules/json-parse-even-better-errors/README.md @@ -0,0 +1,51 @@ +# json-parse-even-better-errors [](https://npm.im/json-parse-even-better-errors) [](https://npm.im/json-parse-even-better-errors) [](https://travis-ci.org/npm/json-parse-even-better-errors) [](https://ci.appveyor.com/project/npm/json-parse-even-better-errors) [](https://coveralls.io/github/npm/json-parse-even-better-errors?branch=latest) + +[`json-parse-even-better-errors`](https://github.com/npm/json-parse-even-better-errors) is a Node.js library for +getting nicer errors out of `JSON.parse()`, including context and position of the parse errors. + +## Install + +`$ npm install --save json-parse-even-better-errors` + +## Table of Contents + +* [Example](#example) +* [Features](#features) +* [Contributing](#contributing) +* [API](#api) + * [`parse`](#parse) + +### Example + +```javascript +const parseJson = require('json-parse-even-better-errors') + +parseJson('"foo"') +parseJson('garbage') // more useful error message +``` + +### Features + +* Like JSON.parse, but the errors are better. + +### API + +#### <a name="parse"></a> `parse(txt, reviver = null, context = 20)` + +Works just like `JSON.parse`, but will include a bit more information when an +error happens. This throws a `JSONParseError`. + +#### <a name="jsonparseerror"></a> `class JSONParseError(er, text, context = 20, caller = null)` + +Extends the JavaScript `SyntaxError` class to parse the message and provide +better metadata. + +Pass in the error thrown by the built-in `JSON.parse`, and the text being +parsed, and it'll parse out the bits needed to be helpful. + +`context` defaults to 20. + +Set a `caller` function to trim internal implementation details out of the +stack trace. When calling `parseJson`, this is set to the `parseJson` +function. If not set, then the constructor defaults to itself, so the +stack trace will point to the spot where you call `new JSONParseError`. diff --git a/node_modules/json-parse-even-better-errors/index.js b/node_modules/json-parse-even-better-errors/index.js new file mode 100644 index 000000000..a6354e81d --- /dev/null +++ b/node_modules/json-parse-even-better-errors/index.js @@ -0,0 +1,75 @@ +'use strict' + +const parseError = (e, txt, context) => { + if (!txt) { + return { + message: e.message + ' while parsing empty string', + position: 0, + } + } + const badToken = e.message.match(/^Unexpected token.*position\s+(\d+)/i) + const errIdx = badToken ? +badToken[1] + : e.message.match(/^Unexpected end of JSON.*/i) ? txt.length - 1 + : null + + if (errIdx !== null && errIdx !== undefined) { + const start = errIdx <= context ? 0 + : errIdx - context + + const end = errIdx + context >= txt.length ? txt.length + : errIdx + context + + const slice = (start === 0 ? '' : '...') + + txt.slice(start, end) + + (end === txt.length ? '' : '...') + + const near = txt === slice ? '' : 'near ' + + return { + message: e.message + ` while parsing ${near}'${slice}'`, + position: errIdx, + } + } else { + return { + message: e.message + ` while parsing '${txt.slice(0, context * 2)}'`, + position: 0, + } + } +} + +class JSONParseError extends SyntaxError { + constructor (er, txt, context, caller) { + context = context || 20 + const metadata = parseError(er, txt, context) + super(metadata.message) + Object.assign(this, metadata) + this.code = 'EJSONPARSE' + this.systemError = er + Error.captureStackTrace(this, caller || this.constructor) + } + get name () { return this.constructor.name } + set name (n) {} + get [Symbol.toStringTag] () { return this.constructor.name } +} + +const parseJson = (txt, reviver, context) => { + context = context || 20 + try { + return JSON.parse(txt, reviver) + } catch (e) { + if (typeof txt !== 'string') { + const isEmptyArray = Array.isArray(txt) && txt.length === 0 + throw Object.assign(new TypeError( + `Cannot parse ${isEmptyArray ? 'an empty array' : String(txt)}` + ), { + code: 'EJSONPARSE', + systemError: e, + }) + } + + throw new JSONParseError(e, txt, context, parseJson) + } +} + +module.exports = parseJson +parseJson.JSONParseError = JSONParseError diff --git a/node_modules/json-parse-even-better-errors/package.json b/node_modules/json-parse-even-better-errors/package.json new file mode 100644 index 000000000..de383dac7 --- /dev/null +++ b/node_modules/json-parse-even-better-errors/package.json @@ -0,0 +1,64 @@ +{ + "_from": "json-parse-even-better-errors@^2.0.1", + "_id": "json-parse-even-better-errors@2.0.1", + "_inBundle": false, + "_integrity": "sha512-XFY2Mbnmg+8r7MRsxfArVkZcfjxGlF/NjM3LsPXVeCX/GBF/1FTCv+idHBYC4qLPtK7q8HC8bapLoWqnhP/bXw==", + "_location": "/json-parse-even-better-errors", + "_phantomChildren": {}, + "_requested": { + "type": "range", + "registry": true, + "raw": "json-parse-even-better-errors@^2.0.1", + "name": "json-parse-even-better-errors", + "escapedName": "json-parse-even-better-errors", + "rawSpec": "^2.0.1", + "saveSpec": null, + "fetchSpec": "^2.0.1" + }, + "_requiredBy": [ + "/read-package-json-fast" + ], + "_resolved": "https://registry.npmjs.org/json-parse-even-better-errors/-/json-parse-even-better-errors-2.0.1.tgz", + "_shasum": "ed0009e0f5e7eb21ae0675d0d34782cc7a53c60e", + "_spec": "json-parse-even-better-errors@^2.0.1", + "_where": "/Users/claudiahdz/npm/cli/node_modules/read-package-json-fast", + "author": { + "name": "Kat Marchán", + "email": "kzm@zkat.tech" + }, + "bugs": { + "url": "https://github.com/npm/json-parse-even-better-errors/issues" + }, + "bundleDependencies": false, + "deprecated": false, + "description": "JSON.parse with context information on error", + "devDependencies": { + "tap": "^14.6.5" + }, + "files": [ + "*.js" + ], + "homepage": "https://github.com/npm/json-parse-even-better-errors#readme", + "keywords": [ + "JSON", + "parser" + ], + "license": "MIT", + "main": "index.js", + "name": "json-parse-even-better-errors", + "repository": { + "type": "git", + "url": "git+https://github.com/npm/json-parse-even-better-errors.git" + }, + "scripts": { + "postpublish": "git push --follow-tags", + "postversion": "npm publish", + "preversion": "npm t", + "snap": "tap", + "test": "tap" + }, + "tap": { + "check-coverage": true + }, + "version": "2.0.1" +} diff --git a/node_modules/pacote/node_modules/.bin/which b/node_modules/libcipm/node_modules/.bin/which index f62471c85..f62471c85 120000 --- a/node_modules/pacote/node_modules/.bin/which +++ b/node_modules/libcipm/node_modules/.bin/which diff --git a/node_modules/pacote/node_modules/cacache/CHANGELOG.md b/node_modules/libcipm/node_modules/cacache/CHANGELOG.md index f67fbc8b4..f67fbc8b4 100644 --- a/node_modules/pacote/node_modules/cacache/CHANGELOG.md +++ b/node_modules/libcipm/node_modules/cacache/CHANGELOG.md diff --git a/node_modules/pacote/node_modules/cacache/LICENSE.md b/node_modules/libcipm/node_modules/cacache/LICENSE.md index 8d28acf86..8d28acf86 100644 --- a/node_modules/pacote/node_modules/cacache/LICENSE.md +++ b/node_modules/libcipm/node_modules/cacache/LICENSE.md diff --git a/node_modules/pacote/node_modules/cacache/README.es.md b/node_modules/libcipm/node_modules/cacache/README.es.md index 55007e20d..55007e20d 100644 --- a/node_modules/pacote/node_modules/cacache/README.es.md +++ b/node_modules/libcipm/node_modules/cacache/README.es.md diff --git a/node_modules/pacote/node_modules/cacache/README.md b/node_modules/libcipm/node_modules/cacache/README.md index 7f8ec5eec..7f8ec5eec 100644 --- a/node_modules/pacote/node_modules/cacache/README.md +++ b/node_modules/libcipm/node_modules/cacache/README.md diff --git a/node_modules/pacote/node_modules/cacache/en.js b/node_modules/libcipm/node_modules/cacache/en.js index a3db581c9..a3db581c9 100644 --- a/node_modules/pacote/node_modules/cacache/en.js +++ b/node_modules/libcipm/node_modules/cacache/en.js diff --git a/node_modules/pacote/node_modules/cacache/es.js b/node_modules/libcipm/node_modules/cacache/es.js index 6282363c3..6282363c3 100644 --- a/node_modules/pacote/node_modules/cacache/es.js +++ b/node_modules/libcipm/node_modules/cacache/es.js diff --git a/node_modules/pacote/node_modules/cacache/get.js b/node_modules/libcipm/node_modules/cacache/get.js index 008cb83a9..008cb83a9 100644 --- a/node_modules/pacote/node_modules/cacache/get.js +++ b/node_modules/libcipm/node_modules/cacache/get.js diff --git a/node_modules/pacote/node_modules/cacache/index.js b/node_modules/libcipm/node_modules/cacache/index.js index a3db581c9..a3db581c9 100644 --- a/node_modules/pacote/node_modules/cacache/index.js +++ b/node_modules/libcipm/node_modules/cacache/index.js diff --git a/node_modules/pacote/node_modules/cacache/lib/content/path.js b/node_modules/libcipm/node_modules/cacache/lib/content/path.js index c67c28061..c67c28061 100644 --- a/node_modules/pacote/node_modules/cacache/lib/content/path.js +++ b/node_modules/libcipm/node_modules/cacache/lib/content/path.js diff --git a/node_modules/pacote/node_modules/cacache/lib/content/read.js b/node_modules/libcipm/node_modules/cacache/lib/content/read.js index 7929524f8..7929524f8 100644 --- a/node_modules/pacote/node_modules/cacache/lib/content/read.js +++ b/node_modules/libcipm/node_modules/cacache/lib/content/read.js diff --git a/node_modules/pacote/node_modules/cacache/lib/content/rm.js b/node_modules/libcipm/node_modules/cacache/lib/content/rm.js index 12cf15823..12cf15823 100644 --- a/node_modules/pacote/node_modules/cacache/lib/content/rm.js +++ b/node_modules/libcipm/node_modules/cacache/lib/content/rm.js diff --git a/node_modules/pacote/node_modules/cacache/lib/content/write.js b/node_modules/libcipm/node_modules/cacache/lib/content/write.js index 4d96a3cff..4d96a3cff 100644 --- a/node_modules/pacote/node_modules/cacache/lib/content/write.js +++ b/node_modules/libcipm/node_modules/cacache/lib/content/write.js diff --git a/node_modules/pacote/node_modules/cacache/lib/entry-index.js b/node_modules/libcipm/node_modules/cacache/lib/entry-index.js index dee1824b1..dee1824b1 100644 --- a/node_modules/pacote/node_modules/cacache/lib/entry-index.js +++ b/node_modules/libcipm/node_modules/cacache/lib/entry-index.js diff --git a/node_modules/pacote/node_modules/cacache/lib/memoization.js b/node_modules/libcipm/node_modules/cacache/lib/memoization.js index 92179c7ac..92179c7ac 100644 --- a/node_modules/pacote/node_modules/cacache/lib/memoization.js +++ b/node_modules/libcipm/node_modules/cacache/lib/memoization.js diff --git a/node_modules/pacote/node_modules/cacache/lib/util/fix-owner.js b/node_modules/libcipm/node_modules/cacache/lib/util/fix-owner.js index f5c33db5f..f5c33db5f 100644 --- a/node_modules/pacote/node_modules/cacache/lib/util/fix-owner.js +++ b/node_modules/libcipm/node_modules/cacache/lib/util/fix-owner.js diff --git a/node_modules/pacote/node_modules/cacache/lib/util/hash-to-segments.js b/node_modules/libcipm/node_modules/cacache/lib/util/hash-to-segments.js index 192be2a6d..192be2a6d 100644 --- a/node_modules/pacote/node_modules/cacache/lib/util/hash-to-segments.js +++ b/node_modules/libcipm/node_modules/cacache/lib/util/hash-to-segments.js diff --git a/node_modules/pacote/node_modules/cacache/lib/util/move-file.js b/node_modules/libcipm/node_modules/cacache/lib/util/move-file.js index b43744b3d..b43744b3d 100644 --- a/node_modules/pacote/node_modules/cacache/lib/util/move-file.js +++ b/node_modules/libcipm/node_modules/cacache/lib/util/move-file.js diff --git a/node_modules/pacote/node_modules/cacache/lib/util/tmp.js b/node_modules/libcipm/node_modules/cacache/lib/util/tmp.js index 78494b8ea..78494b8ea 100644 --- a/node_modules/pacote/node_modules/cacache/lib/util/tmp.js +++ b/node_modules/libcipm/node_modules/cacache/lib/util/tmp.js diff --git a/node_modules/pacote/node_modules/cacache/lib/util/y.js b/node_modules/libcipm/node_modules/cacache/lib/util/y.js index d62bedacb..d62bedacb 100644 --- a/node_modules/pacote/node_modules/cacache/lib/util/y.js +++ b/node_modules/libcipm/node_modules/cacache/lib/util/y.js diff --git a/node_modules/pacote/node_modules/cacache/lib/verify.js b/node_modules/libcipm/node_modules/cacache/lib/verify.js index 617d38db1..617d38db1 100644 --- a/node_modules/pacote/node_modules/cacache/lib/verify.js +++ b/node_modules/libcipm/node_modules/cacache/lib/verify.js diff --git a/node_modules/pacote/node_modules/cacache/locales/en.js b/node_modules/libcipm/node_modules/cacache/locales/en.js index 1715fdb53..1715fdb53 100644 --- a/node_modules/pacote/node_modules/cacache/locales/en.js +++ b/node_modules/libcipm/node_modules/cacache/locales/en.js diff --git a/node_modules/pacote/node_modules/cacache/locales/en.json b/node_modules/libcipm/node_modules/cacache/locales/en.json index 4f1452884..4f1452884 100644 --- a/node_modules/pacote/node_modules/cacache/locales/en.json +++ b/node_modules/libcipm/node_modules/cacache/locales/en.json diff --git a/node_modules/pacote/node_modules/cacache/locales/es.js b/node_modules/libcipm/node_modules/cacache/locales/es.js index ac4e4cfe7..ac4e4cfe7 100644 --- a/node_modules/pacote/node_modules/cacache/locales/es.js +++ b/node_modules/libcipm/node_modules/cacache/locales/es.js diff --git a/node_modules/pacote/node_modules/cacache/locales/es.json b/node_modules/libcipm/node_modules/cacache/locales/es.json index a91d76225..a91d76225 100644 --- a/node_modules/pacote/node_modules/cacache/locales/es.json +++ b/node_modules/libcipm/node_modules/cacache/locales/es.json diff --git a/node_modules/pacote/node_modules/cacache/ls.js b/node_modules/libcipm/node_modules/cacache/ls.js index 9f49b388a..9f49b388a 100644 --- a/node_modules/pacote/node_modules/cacache/ls.js +++ b/node_modules/libcipm/node_modules/cacache/ls.js diff --git a/node_modules/libcipm/node_modules/cacache/package.json b/node_modules/libcipm/node_modules/cacache/package.json new file mode 100644 index 000000000..5d8cc8953 --- /dev/null +++ b/node_modules/libcipm/node_modules/cacache/package.json @@ -0,0 +1,126 @@ +{ + "_from": "cacache@^12.0.2", + "_id": "cacache@12.0.3", + "_inBundle": false, + "_integrity": "sha512-kqdmfXEGFepesTuROHMs3MpFLWrPkSSpRqOw80RCflZXy/khxaArvFrQ7uJxSUduzAufc6G0g1VUCOZXxWavPw==", + "_location": "/libcipm/cacache", + "_phantomChildren": {}, + "_requested": { + "type": "range", + "registry": true, + "raw": "cacache@^12.0.2", + "name": "cacache", + "escapedName": "cacache", + "rawSpec": "^12.0.2", + "saveSpec": null, + "fetchSpec": "^12.0.2" + }, + "_requiredBy": [ + "/libcipm/pacote" + ], + "_resolved": "https://registry.npmjs.org/cacache/-/cacache-12.0.3.tgz", + "_shasum": "be99abba4e1bf5df461cd5a2c1071fc432573390", + "_spec": "cacache@^12.0.2", + "_where": "/Users/claudiahdz/npm/cli/node_modules/libcipm/node_modules/pacote", + "author": { + "name": "Kat Marchán", + "email": "kzm@sykosomatic.org" + }, + "bugs": { + "url": "https://github.com/npm/cacache/issues" + }, + "bundleDependencies": false, + "cache-version": { + "content": "2", + "index": "5" + }, + "config": { + "nyc": { + "exclude": [ + "node_modules/**", + "test/**" + ] + } + }, + "contributors": [ + { + "name": "Charlotte Spencer", + "email": "charlottelaspencer@gmail.com" + }, + { + "name": "Rebecca Turner", + "email": "me@re-becca.org" + } + ], + "dependencies": { + "bluebird": "^3.5.5", + "chownr": "^1.1.1", + "figgy-pudding": "^3.5.1", + "glob": "^7.1.4", + "graceful-fs": "^4.1.15", + "infer-owner": "^1.0.3", + "lru-cache": "^5.1.1", + "mississippi": "^3.0.0", + "mkdirp": "^0.5.1", + "move-concurrently": "^1.0.1", + "promise-inflight": "^1.0.1", + "rimraf": "^2.6.3", + "ssri": "^6.0.1", + "unique-filename": "^1.1.1", + "y18n": "^4.0.0" + }, + "deprecated": false, + "description": "Fast, fault-tolerant, cross-platform, disk-based, data-agnostic, content-addressable cache.", + "devDependencies": { + "benchmark": "^2.1.4", + "chalk": "^2.4.2", + "cross-env": "^5.1.4", + "require-inject": "^1.4.4", + "standard": "^12.0.1", + "standard-version": "^6.0.1", + "tacks": "^1.3.0", + "tap": "^12.7.0", + "weallbehave": "^1.2.0", + "weallcontribute": "^1.0.9" + }, + "files": [ + "*.js", + "lib", + "locales" + ], + "homepage": "https://github.com/npm/cacache#readme", + "keywords": [ + "cache", + "caching", + "content-addressable", + "sri", + "sri hash", + "subresource integrity", + "cache", + "storage", + "store", + "file store", + "filesystem", + "disk cache", + "disk storage" + ], + "license": "ISC", + "main": "index.js", + "name": "cacache", + "repository": { + "type": "git", + "url": "git+https://github.com/npm/cacache.git" + }, + "scripts": { + "benchmarks": "node test/benchmarks", + "postrelease": "npm publish && git push --follow-tags", + "prerelease": "npm t", + "pretest": "standard", + "release": "standard-version -s", + "test": "cross-env CACACHE_UPDATE_LOCALE_FILES=true tap --coverage --nyc-arg=--all -J test/*.js", + "test-docker": "docker run -it --rm --name pacotest -v \"$PWD\":/tmp -w /tmp node:latest npm test", + "update-coc": "weallbehave -o . && git add CODE_OF_CONDUCT.md && git commit -m 'docs(coc): updated CODE_OF_CONDUCT.md'", + "update-contrib": "weallcontribute -o . && git add CONTRIBUTING.md && git commit -m 'docs(contributing): updated CONTRIBUTING.md'" + }, + "version": "12.0.3" +} diff --git a/node_modules/pacote/node_modules/cacache/put.js b/node_modules/libcipm/node_modules/cacache/put.js index a40063930..a40063930 100644 --- a/node_modules/pacote/node_modules/cacache/put.js +++ b/node_modules/libcipm/node_modules/cacache/put.js diff --git a/node_modules/pacote/node_modules/cacache/rm.js b/node_modules/libcipm/node_modules/cacache/rm.js index e71a1d27b..e71a1d27b 100644 --- a/node_modules/pacote/node_modules/cacache/rm.js +++ b/node_modules/libcipm/node_modules/cacache/rm.js diff --git a/node_modules/pacote/node_modules/cacache/verify.js b/node_modules/libcipm/node_modules/cacache/verify.js index db7763d7a..db7763d7a 100644 --- a/node_modules/pacote/node_modules/cacache/verify.js +++ b/node_modules/libcipm/node_modules/cacache/verify.js diff --git a/node_modules/pacote/node_modules/fs-minipass/LICENSE b/node_modules/libcipm/node_modules/fs-minipass/LICENSE index 19129e315..19129e315 100644 --- a/node_modules/pacote/node_modules/fs-minipass/LICENSE +++ b/node_modules/libcipm/node_modules/fs-minipass/LICENSE diff --git a/node_modules/pacote/node_modules/fs-minipass/README.md b/node_modules/libcipm/node_modules/fs-minipass/README.md index 1e61241cf..1e61241cf 100644 --- a/node_modules/pacote/node_modules/fs-minipass/README.md +++ b/node_modules/libcipm/node_modules/fs-minipass/README.md diff --git a/node_modules/pacote/node_modules/fs-minipass/index.js b/node_modules/libcipm/node_modules/fs-minipass/index.js index cd585a83c..cd585a83c 100644 --- a/node_modules/pacote/node_modules/fs-minipass/index.js +++ b/node_modules/libcipm/node_modules/fs-minipass/index.js diff --git a/node_modules/libcipm/node_modules/fs-minipass/package.json b/node_modules/libcipm/node_modules/fs-minipass/package.json new file mode 100644 index 000000000..6cc2bd684 --- /dev/null +++ b/node_modules/libcipm/node_modules/fs-minipass/package.json @@ -0,0 +1,65 @@ +{ + "_from": "fs-minipass@^1.2.5", + "_id": "fs-minipass@1.2.7", + "_inBundle": false, + "_integrity": "sha512-GWSSJGFy4e9GUeCcbIkED+bgAoFyj7XF1mV8rma3QW4NIqX9Kyx79N/PF61H5udOV3aY1IaMLs6pGbH71nlCTA==", + "_location": "/libcipm/fs-minipass", + "_phantomChildren": {}, + "_requested": { + "type": "range", + "registry": true, + "raw": "fs-minipass@^1.2.5", + "name": "fs-minipass", + "escapedName": "fs-minipass", + "rawSpec": "^1.2.5", + "saveSpec": null, + "fetchSpec": "^1.2.5" + }, + "_requiredBy": [ + "/libcipm/tar" + ], + "_resolved": "https://registry.npmjs.org/fs-minipass/-/fs-minipass-1.2.7.tgz", + "_shasum": "ccff8570841e7fe4265693da88936c55aed7f7c7", + "_spec": "fs-minipass@^1.2.5", + "_where": "/Users/claudiahdz/npm/cli/node_modules/libcipm/node_modules/tar", + "author": { + "name": "Isaac Z. Schlueter", + "email": "i@izs.me", + "url": "http://blog.izs.me/" + }, + "bugs": { + "url": "https://github.com/npm/fs-minipass/issues" + }, + "bundleDependencies": false, + "dependencies": { + "minipass": "^2.6.0" + }, + "deprecated": false, + "description": "fs read and write streams based on minipass", + "devDependencies": { + "mutate-fs": "^2.0.1", + "tap": "^14.6.4" + }, + "files": [ + "index.js" + ], + "homepage": "https://github.com/npm/fs-minipass#readme", + "keywords": [], + "license": "ISC", + "main": "index.js", + "name": "fs-minipass", + "repository": { + "type": "git", + "url": "git+https://github.com/npm/fs-minipass.git" + }, + "scripts": { + "postpublish": "git push origin --follow-tags", + "postversion": "npm publish", + "preversion": "npm test", + "test": "tap" + }, + "tap": { + "check-coverage": true + }, + "version": "1.2.7" +} diff --git a/node_modules/libcipm/node_modules/minipass/LICENSE b/node_modules/libcipm/node_modules/minipass/LICENSE new file mode 100644 index 000000000..20a476254 --- /dev/null +++ b/node_modules/libcipm/node_modules/minipass/LICENSE @@ -0,0 +1,15 @@ +The ISC License + +Copyright (c) npm, Inc. and Contributors + +Permission to use, copy, modify, and/or distribute this software for any +purpose with or without fee is hereby granted, provided that the above +copyright notice and this permission notice appear in all copies. + +THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR +IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. diff --git a/node_modules/libcipm/node_modules/minipass/README.md b/node_modules/libcipm/node_modules/minipass/README.md new file mode 100644 index 000000000..c989beea0 --- /dev/null +++ b/node_modules/libcipm/node_modules/minipass/README.md @@ -0,0 +1,606 @@ +# minipass + +A _very_ minimal implementation of a [PassThrough +stream](https://nodejs.org/api/stream.html#stream_class_stream_passthrough) + +[It's very +fast](https://docs.google.com/spreadsheets/d/1oObKSrVwLX_7Ut4Z6g3fZW-AX1j1-k6w-cDsrkaSbHM/edit#gid=0) +for objects, strings, and buffers. + +Supports pipe()ing (including multi-pipe() and backpressure +transmission), buffering data until either a `data` event handler or +`pipe()` is added (so you don't lose the first chunk), and most other +cases where PassThrough is a good idea. + +There is a `read()` method, but it's much more efficient to consume +data from this stream via `'data'` events or by calling `pipe()` into +some other stream. Calling `read()` requires the buffer to be +flattened in some cases, which requires copying memory. + +There is also no `unpipe()` method. Once you start piping, there is +no stopping it! + +If you set `objectMode: true` in the options, then whatever is written +will be emitted. Otherwise, it'll do a minimal amount of Buffer +copying to ensure proper Streams semantics when `read(n)` is called. + +`objectMode` can also be set by doing `stream.objectMode = true`, or by +writing any non-string/non-buffer data. `objectMode` cannot be set to +false once it is set. + +This is not a `through` or `through2` stream. It doesn't transform +the data, it just passes it right through. If you want to transform +the data, extend the class, and override the `write()` method. Once +you're done transforming the data however you want, call +`super.write()` with the transform output. + +For some examples of streams that extend Minipass in various ways, check +out: + +- [minizlib](http://npm.im/minizlib) +- [fs-minipass](http://npm.im/fs-minipass) +- [tar](http://npm.im/tar) +- [minipass-collect](http://npm.im/minipass-collect) +- [minipass-flush](http://npm.im/minipass-flush) +- [minipass-pipeline](http://npm.im/minipass-pipeline) +- [tap](http://npm.im/tap) +- [tap-parser](http://npm.im/tap) +- [treport](http://npm.im/tap) + +## Differences from Node.js Streams + +There are several things that make Minipass streams different from (and in +some ways superior to) Node.js core streams. + +Please read these caveats if you are familiar with noode-core streams and +intend to use Minipass streams in your programs. + +### Timing + +Minipass streams are designed to support synchronous use-cases. Thus, data +is emitted as soon as it is available, always. It is buffered until read, +but no longer. Another way to look at it is that Minipass streams are +exactly as synchronous as the logic that writes into them. + +This can be surprising if your code relies on `PassThrough.write()` always +providing data on the next tick rather than the current one, or being able +to call `resume()` and not have the entire buffer disappear immediately. + +However, without this synchronicity guarantee, there would be no way for +Minipass to achieve the speeds it does, or support the synchronous use +cases that it does. Simply put, waiting takes time. + +This non-deferring approach makes Minipass streams much easier to reason +about, especially in the context of Promises and other flow-control +mechanisms. + +### No High/Low Water Marks + +Node.js core streams will optimistically fill up a buffer, returning `true` +on all writes until the limit is hit, even if the data has nowhere to go. +Then, they will not attempt to draw more data in until the buffer size dips +below a minimum value. + +Minipass streams are much simpler. The `write()` method will return `true` +if the data has somewhere to go (which is to say, given the timing +guarantees, that the data is already there by the time `write()` returns). + +If the data has nowhere to go, then `write()` returns false, and the data +sits in a buffer, to be drained out immediately as soon as anyone consumes +it. + +### Hazards of Buffering (or: Why Minipass Is So Fast) + +Since data written to a Minipass stream is immediately written all the way +through the pipeline, and `write()` always returns true/false based on +whether the data was fully flushed, backpressure is communicated +immediately to the upstream caller. This minimizes buffering. + +Consider this case: + +```js +const {PassThrough} = require('stream') +const p1 = new PassThrough({ highWaterMark: 1024 }) +const p2 = new PassThrough({ highWaterMark: 1024 }) +const p3 = new PassThrough({ highWaterMark: 1024 }) +const p4 = new PassThrough({ highWaterMark: 1024 }) + +p1.pipe(p2).pipe(p3).pipe(p4) +p4.on('data', () => console.log('made it through')) + +// this returns false and buffers, then writes to p2 on next tick (1) +// p2 returns false and buffers, pausing p1, then writes to p3 on next tick (2) +// p3 returns false and buffers, pausing p2, then writes to p4 on next tick (3) +// p4 returns false and buffers, pausing p3, then emits 'data' and 'drain' +// on next tick (4) +// p3 sees p4's 'drain' event, and calls resume(), emitting 'resume' and +// 'drain' on next tick (5) +// p2 sees p3's 'drain', calls resume(), emits 'resume' and 'drain' on next tick (6) +// p1 sees p2's 'drain', calls resume(), emits 'resume' and 'drain' on next +// tick (7) + +p1.write(Buffer.alloc(2048)) // returns false +``` + +Along the way, the data was buffered and deferred at each stage, and +multiple event deferrals happened, for an unblocked pipeline where it was +perfectly safe to write all the way through! + +Furthermore, setting a `highWaterMark` of `1024` might lead someone reading +the code to think an advisory maximum of 1KiB is being set for the +pipeline. However, the actual advisory buffering level is the _sum_ of +`highWaterMark` values, since each one has its own bucket. + +Consider the Minipass case: + +```js +const m1 = new Minipass() +const m2 = new Minipass() +const m3 = new Minipass() +const m4 = new Minipass() + +m1.pipe(m2).pipe(m3).pipe(m4) +m4.on('data', () => console.log('made it through')) + +// m1 is flowing, so it writes the data to m2 immediately +// m2 is flowing, so it writes the data to m3 immediately +// m3 is flowing, so it writes the data to m4 immediately +// m4 is flowing, so it fires the 'data' event immediately, returns true +// m4's write returned true, so m3 is still flowing, returns true +// m3's write returned true, so m2 is still flowing, returns true +// m2's write returned true, so m1 is still flowing, returns true +// No event deferrals or buffering along the way! + +m1.write(Buffer.alloc(2048)) // returns true +``` + +It is extremely unlikely that you _don't_ want to buffer any data written, +or _ever_ buffer data that can be flushed all the way through. Neither +node-core streams nor Minipass ever fail to buffer written data, but +node-core streams do a lot of unnecessary buffering and pausing. + +As always, the faster implementation is the one that does less stuff and +waits less time to do it. + +### Immediately emit `end` for empty streams (when not paused) + +If a stream is not paused, and `end()` is called before writing any data +into it, then it will emit `end` immediately. + +If you have logic that occurs on the `end` event which you don't want to +potentially happen immediately (for example, closing file descriptors, +moving on to the next entry in an archive parse stream, etc.) then be sure +to call `stream.pause()` on creation, and then `stream.resume()` once you +are ready to respond to the `end` event. + +### Emit `end` When Asked + +One hazard of immediately emitting `'end'` is that you may not yet have had +a chance to add a listener. In order to avoid this hazard, Minipass +streams safely re-emit the `'end'` event if a new listener is added after +`'end'` has been emitted. + +Ie, if you do `stream.on('end', someFunction)`, and the stream has already +emitted `end`, then it will call the handler right away. (You can think of +this somewhat like attaching a new `.then(fn)` to a previously-resolved +Promise.) + +To prevent calling handlers multiple times who would not expect multiple +ends to occur, all listeners are removed from the `'end'` event whenever it +is emitted. + +### Impact of "immediate flow" on Tee-streams + +A "tee stream" is a stream piping to multiple destinations: + +```js +const tee = new Minipass() +t.pipe(dest1) +t.pipe(dest2) +t.write('foo') // goes to both destinations +``` + +Since Minipass streams _immediately_ process any pending data through the +pipeline when a new pipe destination is added, this can have surprising +effects, especially when a stream comes in from some other function and may +or may not have data in its buffer. + +```js +// WARNING! WILL LOSE DATA! +const src = new Minipass() +src.write('foo') +src.pipe(dest1) // 'foo' chunk flows to dest1 immediately, and is gone +src.pipe(dest2) // gets nothing! +``` + +The solution is to create a dedicated tee-stream junction that pipes to +both locations, and then pipe to _that_ instead. + +```js +// Safe example: tee to both places +const src = new Minipass() +src.write('foo') +const tee = new Minipass() +tee.pipe(dest1) +tee.pipe(dest2) +stream.pipe(tee) // tee gets 'foo', pipes to both locations +``` + +The same caveat applies to `on('data')` event listeners. The first one +added will _immediately_ receive all of the data, leaving nothing for the +second: + +```js +// WARNING! WILL LOSE DATA! +const src = new Minipass() +src.write('foo') +src.on('data', handler1) // receives 'foo' right away +src.on('data', handler2) // nothing to see here! +``` + +Using a dedicated tee-stream can be used in this case as well: + +```js +// Safe example: tee to both data handlers +const src = new Minipass() +src.write('foo') +const tee = new Minipass() +tee.on('data', handler1) +tee.on('data', handler2) +src.pipe(tee) +``` + +## USAGE + +It's a stream! Use it like a stream and it'll most likely do what you want. + +```js +const Minipass = require('minipass') +const mp = new Minipass(options) // optional: { encoding, objectMode } +mp.write('foo') +mp.pipe(someOtherStream) +mp.end('bar') +``` + +### OPTIONS + +* `encoding` How would you like the data coming _out_ of the stream to be + encoded? Accepts any values that can be passed to `Buffer.toString()`. +* `objectMode` Emit data exactly as it comes in. This will be flipped on + by default if you write() something other than a string or Buffer at any + point. Setting `objectMode: true` will prevent setting any encoding + value. + +### API + +Implements the user-facing portions of Node.js's `Readable` and `Writable` +streams. + +### Methods + +* `write(chunk, [encoding], [callback])` - Put data in. (Note that, in the + base Minipass class, the same data will come out.) Returns `false` if + the stream will buffer the next write, or true if it's still in + "flowing" mode. +* `end([chunk, [encoding]], [callback])` - Signal that you have no more + data to write. This will queue an `end` event to be fired when all the + data has been consumed. +* `setEncoding(encoding)` - Set the encoding for data coming of the + stream. This can only be done once. +* `pause()` - No more data for a while, please. This also prevents `end` + from being emitted for empty streams until the stream is resumed. +* `resume()` - Resume the stream. If there's data in the buffer, it is + all discarded. Any buffered events are immediately emitted. +* `pipe(dest)` - Send all output to the stream provided. There is no way + to unpipe. When data is emitted, it is immediately written to any and + all pipe destinations. +* `on(ev, fn)`, `emit(ev, fn)` - Minipass streams are EventEmitters. + Some events are given special treatment, however. (See below under + "events".) +* `promise()` - Returns a Promise that resolves when the stream emits + `end`, or rejects if the stream emits `error`. +* `collect()` - Return a Promise that resolves on `end` with an array + containing each chunk of data that was emitted, or rejects if the + stream emits `error`. Note that this consumes the stream data. +* `concat()` - Same as `collect()`, but concatenates the data into a + single Buffer object. Will reject the returned promise if the stream is + in objectMode, or if it goes into objectMode by the end of the data. +* `read(n)` - Consume `n` bytes of data out of the buffer. If `n` is not + provided, then consume all of it. If `n` bytes are not available, then + it returns null. **Note** consuming streams in this way is less + efficient, and can lead to unnecessary Buffer copying. +* `destroy([er])` - Destroy the stream. If an error is provided, then an + `'error'` event is emitted. If the stream has a `close()` method, and + has not emitted a `'close'` event yet, then `stream.close()` will be + called. Any Promises returned by `.promise()`, `.collect()` or + `.concat()` will be rejected. After being destroyed, writing to the + stream will emit an error. No more data will be emitted if the stream is + destroyed, even if it was previously buffered. + +### Properties + +* `bufferLength` Read-only. Total number of bytes buffered, or in the case + of objectMode, the total number of objects. +* `encoding` The encoding that has been set. (Setting this is equivalent + to calling `setEncoding(enc)` and has the same prohibition against + setting multiple times.) +* `flowing` Read-only. Boolean indicating whether a chunk written to the + stream will be immediately emitted. +* `emittedEnd` Read-only. Boolean indicating whether the end-ish events + (ie, `end`, `prefinish`, `finish`) have been emitted. Note that + listening on any end-ish event will immediateyl re-emit it if it has + already been emitted. +* `writable` Whether the stream is writable. Default `true`. Set to + `false` when `end()` +* `readable` Whether the stream is readable. Default `true`. +* `buffer` A [yallist](http://npm.im/yallist) linked list of chunks written + to the stream that have not yet been emitted. (It's probably a bad idea + to mess with this.) +* `pipes` A [yallist](http://npm.im/yallist) linked list of streams that + this stream is piping into. (It's probably a bad idea to mess with + this.) +* `destroyed` A getter that indicates whether the stream was destroyed. +* `paused` True if the stream has been explicitly paused, otherwise false. +* `objectMode` Indicates whether the stream is in `objectMode`. Once set + to `true`, it cannot be set to `false`. + +### Events + +* `data` Emitted when there's data to read. Argument is the data to read. + This is never emitted while not flowing. If a listener is attached, that + will resume the stream. +* `end` Emitted when there's no more data to read. This will be emitted + immediately for empty streams when `end()` is called. If a listener is + attached, and `end` was already emitted, then it will be emitted again. + All listeners are removed when `end` is emitted. +* `prefinish` An end-ish event that follows the same logic as `end` and is + emitted in the same conditions where `end` is emitted. Emitted after + `'end'`. +* `finish` An end-ish event that follows the same logic as `end` and is + emitted in the same conditions where `end` is emitted. Emitted after + `'prefinish'`. +* `close` An indication that an underlying resource has been released. + Minipass does not emit this event, but will defer it until after `end` + has been emitted, since it throws off some stream libraries otherwise. +* `drain` Emitted when the internal buffer empties, and it is again + suitable to `write()` into the stream. +* `readable` Emitted when data is buffered and ready to be read by a + consumer. +* `resume` Emitted when stream changes state from buffering to flowing + mode. (Ie, when `resume` is called, `pipe` is called, or a `data` event + listener is added.) + +### Static Methods + +* `Minipass.isStream(stream)` Returns `true` if the argument is a stream, + and false otherwise. To be considered a stream, the object must be + either an instance of Minipass, or an EventEmitter that has either a + `pipe()` method, or both `write()` and `end()` methods. (Pretty much any + stream in node-land will return `true` for this.) + +## EXAMPLES + +Here are some examples of things you can do with Minipass streams. + +### simple "are you done yet" promise + +```js +mp.promise().then(() => { + // stream is finished +}, er => { + // stream emitted an error +}) +``` + +### collecting + +```js +mp.collect().then(all => { + // all is an array of all the data emitted + // encoding is supported in this case, so + // so the result will be a collection of strings if + // an encoding is specified, or buffers/objects if not. + // + // In an async function, you may do + // const data = await stream.collect() +}) +``` + +### collecting into a single blob + +This is a bit slower because it concatenates the data into one chunk for +you, but if you're going to do it yourself anyway, it's convenient this +way: + +```js +mp.concat().then(onebigchunk => { + // onebigchunk is a string if the stream + // had an encoding set, or a buffer otherwise. +}) +``` + +### iteration + +You can iterate over streams synchronously or asynchronously in +platforms that support it. + +Synchronous iteration will end when the currently available data is +consumed, even if the `end` event has not been reached. In string and +buffer mode, the data is concatenated, so unless multiple writes are +occurring in the same tick as the `read()`, sync iteration loops will +generally only have a single iteration. + +To consume chunks in this way exactly as they have been written, with +no flattening, create the stream with the `{ objectMode: true }` +option. + +```js +const mp = new Minipass({ objectMode: true }) +mp.write('a') +mp.write('b') +for (let letter of mp) { + console.log(letter) // a, b +} +mp.write('c') +mp.write('d') +for (let letter of mp) { + console.log(letter) // c, d +} +mp.write('e') +mp.end() +for (let letter of mp) { + console.log(letter) // e +} +for (let letter of mp) { + console.log(letter) // nothing +} +``` + +Asynchronous iteration will continue until the end event is reached, +consuming all of the data. + +```js +const mp = new Minipass({ encoding: 'utf8' }) + +// some source of some data +let i = 5 +const inter = setInterval(() => { + if (i --> 0) + mp.write(Buffer.from('foo\n', 'utf8')) + else { + mp.end() + clearInterval(inter) + } +}, 100) + +// consume the data with asynchronous iteration +async function consume () { + for await (let chunk of mp) { + console.log(chunk) + } + return 'ok' +} + +consume().then(res => console.log(res)) +// logs `foo\n` 5 times, and then `ok` +``` + +### subclass that `console.log()`s everything written into it + +```js +class Logger extends Minipass { + write (chunk, encoding, callback) { + console.log('WRITE', chunk, encoding) + return super.write(chunk, encoding, callback) + } + end (chunk, encoding, callback) { + console.log('END', chunk, encoding) + return super.end(chunk, encoding, callback) + } +} + +someSource.pipe(new Logger()).pipe(someDest) +``` + +### same thing, but using an inline anonymous class + +```js +// js classes are fun +someSource + .pipe(new (class extends Minipass { + emit (ev, ...data) { + // let's also log events, because debugging some weird thing + console.log('EMIT', ev) + return super.emit(ev, ...data) + } + write (chunk, encoding, callback) { + console.log('WRITE', chunk, encoding) + return super.write(chunk, encoding, callback) + } + end (chunk, encoding, callback) { + console.log('END', chunk, encoding) + return super.end(chunk, encoding, callback) + } + })) + .pipe(someDest) +``` + +### subclass that defers 'end' for some reason + +```js +class SlowEnd extends Minipass { + emit (ev, ...args) { + if (ev === 'end') { + console.log('going to end, hold on a sec') + setTimeout(() => { + console.log('ok, ready to end now') + super.emit('end', ...args) + }, 100) + } else { + return super.emit(ev, ...args) + } + } +} +``` + +### transform that creates newline-delimited JSON + +```js +class NDJSONEncode extends Minipass { + write (obj, cb) { + try { + // JSON.stringify can throw, emit an error on that + return super.write(JSON.stringify(obj) + '\n', 'utf8', cb) + } catch (er) { + this.emit('error', er) + } + } + end (obj, cb) { + if (typeof obj === 'function') { + cb = obj + obj = undefined + } + if (obj !== undefined) { + this.write(obj) + } + return super.end(cb) + } +} +``` + +### transform that parses newline-delimited JSON + +```js +class NDJSONDecode extends Minipass { + constructor (options) { + // always be in object mode, as far as Minipass is concerned + super({ objectMode: true }) + this._jsonBuffer = '' + } + write (chunk, encoding, cb) { + if (typeof chunk === 'string' && + typeof encoding === 'string' && + encoding !== 'utf8') { + chunk = Buffer.from(chunk, encoding).toString() + } else if (Buffer.isBuffer(chunk)) + chunk = chunk.toString() + } + if (typeof encoding === 'function') { + cb = encoding + } + const jsonData = (this._jsonBuffer + chunk).split('\n') + this._jsonBuffer = jsonData.pop() + for (let i = 0; i < jsonData.length; i++) { + let parsed + try { + super.write(parsed) + } catch (er) { + this.emit('error', er) + continue + } + } + if (cb) + cb() + } +} +``` diff --git a/node_modules/libcipm/node_modules/minipass/index.js b/node_modules/libcipm/node_modules/minipass/index.js new file mode 100644 index 000000000..c072352d4 --- /dev/null +++ b/node_modules/libcipm/node_modules/minipass/index.js @@ -0,0 +1,537 @@ +'use strict' +const EE = require('events') +const Yallist = require('yallist') +const SD = require('string_decoder').StringDecoder + +const EOF = Symbol('EOF') +const MAYBE_EMIT_END = Symbol('maybeEmitEnd') +const EMITTED_END = Symbol('emittedEnd') +const EMITTING_END = Symbol('emittingEnd') +const CLOSED = Symbol('closed') +const READ = Symbol('read') +const FLUSH = Symbol('flush') +const FLUSHCHUNK = Symbol('flushChunk') +const ENCODING = Symbol('encoding') +const DECODER = Symbol('decoder') +const FLOWING = Symbol('flowing') +const PAUSED = Symbol('paused') +const RESUME = Symbol('resume') +const BUFFERLENGTH = Symbol('bufferLength') +const BUFFERPUSH = Symbol('bufferPush') +const BUFFERSHIFT = Symbol('bufferShift') +const OBJECTMODE = Symbol('objectMode') +const DESTROYED = Symbol('destroyed') + +// TODO remove when Node v8 support drops +const doIter = global._MP_NO_ITERATOR_SYMBOLS_ !== '1' +const ASYNCITERATOR = doIter && Symbol.asyncIterator + || Symbol('asyncIterator not implemented') +const ITERATOR = doIter && Symbol.iterator + || Symbol('iterator not implemented') + +// Buffer in node 4.x < 4.5.0 doesn't have working Buffer.from +// or Buffer.alloc, and Buffer in node 10 deprecated the ctor. +// .M, this is fine .\^/M.. +const B = Buffer.alloc ? Buffer + : /* istanbul ignore next */ require('safe-buffer').Buffer + +// events that mean 'the stream is over' +// these are treated specially, and re-emitted +// if they are listened for after emitting. +const isEndish = ev => + ev === 'end' || + ev === 'finish' || + ev === 'prefinish' + +const isArrayBuffer = b => b instanceof ArrayBuffer || + typeof b === 'object' && + b.constructor && + b.constructor.name === 'ArrayBuffer' && + b.byteLength >= 0 + +const isArrayBufferView = b => !B.isBuffer(b) && ArrayBuffer.isView(b) + +module.exports = class Minipass extends EE { + constructor (options) { + super() + this[FLOWING] = false + // whether we're explicitly paused + this[PAUSED] = false + this.pipes = new Yallist() + this.buffer = new Yallist() + this[OBJECTMODE] = options && options.objectMode || false + if (this[OBJECTMODE]) + this[ENCODING] = null + else + this[ENCODING] = options && options.encoding || null + if (this[ENCODING] === 'buffer') + this[ENCODING] = null + this[DECODER] = this[ENCODING] ? new SD(this[ENCODING]) : null + this[EOF] = false + this[EMITTED_END] = false + this[EMITTING_END] = false + this[CLOSED] = false + this.writable = true + this.readable = true + this[BUFFERLENGTH] = 0 + this[DESTROYED] = false + } + + get bufferLength () { return this[BUFFERLENGTH] } + + get encoding () { return this[ENCODING] } + set encoding (enc) { + if (this[OBJECTMODE]) + throw new Error('cannot set encoding in objectMode') + + if (this[ENCODING] && enc !== this[ENCODING] && + (this[DECODER] && this[DECODER].lastNeed || this[BUFFERLENGTH])) + throw new Error('cannot change encoding') + + if (this[ENCODING] !== enc) { + this[DECODER] = enc ? new SD(enc) : null + if (this.buffer.length) + this.buffer = this.buffer.map(chunk => this[DECODER].write(chunk)) + } + + this[ENCODING] = enc + } + + setEncoding (enc) { + this.encoding = enc + } + + get objectMode () { return this[OBJECTMODE] } + set objectMode (ॐ ) { this[OBJECTMODE] = this[OBJECTMODE] || !!ॐ } + + write (chunk, encoding, cb) { + if (this[EOF]) + throw new Error('write after end') + + if (this[DESTROYED]) { + this.emit('error', Object.assign( + new Error('Cannot call write after a stream was destroyed'), + { code: 'ERR_STREAM_DESTROYED' } + )) + return true + } + + if (typeof encoding === 'function') + cb = encoding, encoding = 'utf8' + + if (!encoding) + encoding = 'utf8' + + // convert array buffers and typed array views into buffers + // at some point in the future, we may want to do the opposite! + // leave strings and buffers as-is + // anything else switches us into object mode + if (!this[OBJECTMODE] && !B.isBuffer(chunk)) { + if (isArrayBufferView(chunk)) + chunk = B.from(chunk.buffer, chunk.byteOffset, chunk.byteLength) + else if (isArrayBuffer(chunk)) + chunk = B.from(chunk) + else if (typeof chunk !== 'string') + // use the setter so we throw if we have encoding set + this.objectMode = true + } + + // this ensures at this point that the chunk is a buffer or string + // don't buffer it up or send it to the decoder + if (!this.objectMode && !chunk.length) { + const ret = this.flowing + if (this[BUFFERLENGTH] !== 0) + this.emit('readable') + if (cb) + cb() + return ret + } + + // fast-path writing strings of same encoding to a stream with + // an empty buffer, skipping the buffer/decoder dance + if (typeof chunk === 'string' && !this[OBJECTMODE] && + // unless it is a string already ready for us to use + !(encoding === this[ENCODING] && !this[DECODER].lastNeed)) { + chunk = B.from(chunk, encoding) + } + + if (B.isBuffer(chunk) && this[ENCODING]) + chunk = this[DECODER].write(chunk) + + try { + return this.flowing + ? (this.emit('data', chunk), this.flowing) + : (this[BUFFERPUSH](chunk), false) + } finally { + if (this[BUFFERLENGTH] !== 0) + this.emit('readable') + if (cb) + cb() + } + } + + read (n) { + if (this[DESTROYED]) + return null + + try { + if (this[BUFFERLENGTH] === 0 || n === 0 || n > this[BUFFERLENGTH]) + return null + + if (this[OBJECTMODE]) + n = null + + if (this.buffer.length > 1 && !this[OBJECTMODE]) { + if (this.encoding) + this.buffer = new Yallist([ + Array.from(this.buffer).join('') + ]) + else + this.buffer = new Yallist([ + B.concat(Array.from(this.buffer), this[BUFFERLENGTH]) + ]) + } + + return this[READ](n || null, this.buffer.head.value) + } finally { + this[MAYBE_EMIT_END]() + } + } + + [READ] (n, chunk) { + if (n === chunk.length || n === null) + this[BUFFERSHIFT]() + else { + this.buffer.head.value = chunk.slice(n) + chunk = chunk.slice(0, n) + this[BUFFERLENGTH] -= n + } + + this.emit('data', chunk) + + if (!this.buffer.length && !this[EOF]) + this.emit('drain') + + return chunk + } + + end (chunk, encoding, cb) { + if (typeof chunk === 'function') + cb = chunk, chunk = null + if (typeof encoding === 'function') + cb = encoding, encoding = 'utf8' + if (chunk) + this.write(chunk, encoding) + if (cb) + this.once('end', cb) + this[EOF] = true + this.writable = false + + // if we haven't written anything, then go ahead and emit, + // even if we're not reading. + // we'll re-emit if a new 'end' listener is added anyway. + // This makes MP more suitable to write-only use cases. + if (this.flowing || !this[PAUSED]) + this[MAYBE_EMIT_END]() + return this + } + + // don't let the internal resume be overwritten + [RESUME] () { + if (this[DESTROYED]) + return + + this[PAUSED] = false + this[FLOWING] = true + this.emit('resume') + if (this.buffer.length) + this[FLUSH]() + else if (this[EOF]) + this[MAYBE_EMIT_END]() + else + this.emit('drain') + } + + resume () { + return this[RESUME]() + } + + pause () { + this[FLOWING] = false + this[PAUSED] = true + } + + get destroyed () { + return this[DESTROYED] + } + + get flowing () { + return this[FLOWING] + } + + get paused () { + return this[PAUSED] + } + + [BUFFERPUSH] (chunk) { + if (this[OBJECTMODE]) + this[BUFFERLENGTH] += 1 + else + this[BUFFERLENGTH] += chunk.length + return this.buffer.push(chunk) + } + + [BUFFERSHIFT] () { + if (this.buffer.length) { + if (this[OBJECTMODE]) + this[BUFFERLENGTH] -= 1 + else + this[BUFFERLENGTH] -= this.buffer.head.value.length + } + return this.buffer.shift() + } + + [FLUSH] () { + do {} while (this[FLUSHCHUNK](this[BUFFERSHIFT]())) + + if (!this.buffer.length && !this[EOF]) + this.emit('drain') + } + + [FLUSHCHUNK] (chunk) { + return chunk ? (this.emit('data', chunk), this.flowing) : false + } + + pipe (dest, opts) { + if (this[DESTROYED]) + return + + const ended = this[EMITTED_END] + opts = opts || {} + if (dest === process.stdout || dest === process.stderr) + opts.end = false + else + opts.end = opts.end !== false + + const p = { dest: dest, opts: opts, ondrain: _ => this[RESUME]() } + this.pipes.push(p) + + dest.on('drain', p.ondrain) + this[RESUME]() + // piping an ended stream ends immediately + if (ended && p.opts.end) + p.dest.end() + return dest + } + + addListener (ev, fn) { + return this.on(ev, fn) + } + + on (ev, fn) { + try { + return super.on(ev, fn) + } finally { + if (ev === 'data' && !this.pipes.length && !this.flowing) + this[RESUME]() + else if (isEndish(ev) && this[EMITTED_END]) { + super.emit(ev) + this.removeAllListeners(ev) + } + } + } + + get emittedEnd () { + return this[EMITTED_END] + } + + [MAYBE_EMIT_END] () { + if (!this[EMITTING_END] && + !this[EMITTED_END] && + !this[DESTROYED] && + this.buffer.length === 0 && + this[EOF]) { + this[EMITTING_END] = true + this.emit('end') + this.emit('prefinish') + this.emit('finish') + if (this[CLOSED]) + this.emit('close') + this[EMITTING_END] = false + } + } + + emit (ev, data) { + // error and close are only events allowed after calling destroy() + if (ev !== 'error' && ev !== 'close' && ev !== DESTROYED && this[DESTROYED]) + return + else if (ev === 'data') { + if (!data) + return + + if (this.pipes.length) + this.pipes.forEach(p => + p.dest.write(data) === false && this.pause()) + } else if (ev === 'end') { + // only actual end gets this treatment + if (this[EMITTED_END] === true) + return + + this[EMITTED_END] = true + this.readable = false + + if (this[DECODER]) { + data = this[DECODER].end() + if (data) { + this.pipes.forEach(p => p.dest.write(data)) + super.emit('data', data) + } + } + + this.pipes.forEach(p => { + p.dest.removeListener('drain', p.ondrain) + if (p.opts.end) + p.dest.end() + }) + } else if (ev === 'close') { + this[CLOSED] = true + // don't emit close before 'end' and 'finish' + if (!this[EMITTED_END] && !this[DESTROYED]) + return + } + + // TODO: replace with a spread operator when Node v4 support drops + const args = new Array(arguments.length) + args[0] = ev + args[1] = data + if (arguments.length > 2) { + for (let i = 2; i < arguments.length; i++) { + args[i] = arguments[i] + } + } + + try { + return super.emit.apply(this, args) + } finally { + if (!isEndish(ev)) + this[MAYBE_EMIT_END]() + else + this.removeAllListeners(ev) + } + } + + // const all = await stream.collect() + collect () { + const buf = [] + buf.dataLength = 0 + this.on('data', c => { + buf.push(c) + buf.dataLength += c.length + }) + return this.promise().then(() => buf) + } + + // const data = await stream.concat() + concat () { + return this[OBJECTMODE] + ? Promise.reject(new Error('cannot concat in objectMode')) + : this.collect().then(buf => + this[OBJECTMODE] + ? Promise.reject(new Error('cannot concat in objectMode')) + : this[ENCODING] ? buf.join('') : B.concat(buf, buf.dataLength)) + } + + // stream.promise().then(() => done, er => emitted error) + promise () { + return new Promise((resolve, reject) => { + this.on(DESTROYED, () => reject(new Error('stream destroyed'))) + this.on('end', () => resolve()) + this.on('error', er => reject(er)) + }) + } + + // for await (let chunk of stream) + [ASYNCITERATOR] () { + const next = () => { + const res = this.read() + if (res !== null) + return Promise.resolve({ done: false, value: res }) + + if (this[EOF]) + return Promise.resolve({ done: true }) + + let resolve = null + let reject = null + const onerr = er => { + this.removeListener('data', ondata) + this.removeListener('end', onend) + reject(er) + } + const ondata = value => { + this.removeListener('error', onerr) + this.removeListener('end', onend) + this.pause() + resolve({ value: value, done: !!this[EOF] }) + } + const onend = () => { + this.removeListener('error', onerr) + this.removeListener('data', ondata) + resolve({ done: true }) + } + const ondestroy = () => onerr(new Error('stream destroyed')) + return new Promise((res, rej) => { + reject = rej + resolve = res + this.once(DESTROYED, ondestroy) + this.once('error', onerr) + this.once('end', onend) + this.once('data', ondata) + }) + } + + return { next } + } + + // for (let chunk of stream) + [ITERATOR] () { + const next = () => { + const value = this.read() + const done = value === null + return { value, done } + } + return { next } + } + + destroy (er) { + if (this[DESTROYED]) { + if (er) + this.emit('error', er) + else + this.emit(DESTROYED) + return this + } + + this[DESTROYED] = true + + // throw away all buffered data, it's never coming out + this.buffer = new Yallist() + this[BUFFERLENGTH] = 0 + + if (typeof this.close === 'function' && !this[CLOSED]) + this.close() + + if (er) + this.emit('error', er) + else // if no error to emit, still reject pending promises + this.emit(DESTROYED) + + return this + } + + static isStream (s) { + return !!s && (s instanceof Minipass || s instanceof EE && ( + typeof s.pipe === 'function' || // readable + (typeof s.write === 'function' && typeof s.end === 'function') // writable + )) + } +} diff --git a/node_modules/libcipm/node_modules/minipass/package.json b/node_modules/libcipm/node_modules/minipass/package.json new file mode 100644 index 000000000..c03c3363a --- /dev/null +++ b/node_modules/libcipm/node_modules/minipass/package.json @@ -0,0 +1,73 @@ +{ + "_from": "minipass@^2.3.5", + "_id": "minipass@2.9.0", + "_inBundle": false, + "_integrity": "sha512-wxfUjg9WebH+CUDX/CdbRlh5SmfZiy/hpkxaRI16Y9W56Pa75sWgd/rvFilSgrauD9NyFymP/+JFV3KwzIsJeg==", + "_location": "/libcipm/minipass", + "_phantomChildren": {}, + "_requested": { + "type": "range", + "registry": true, + "raw": "minipass@^2.3.5", + "name": "minipass", + "escapedName": "minipass", + "rawSpec": "^2.3.5", + "saveSpec": null, + "fetchSpec": "^2.3.5" + }, + "_requiredBy": [ + "/libcipm/fs-minipass", + "/libcipm/minizlib", + "/libcipm/pacote", + "/libcipm/tar" + ], + "_resolved": "https://registry.npmjs.org/minipass/-/minipass-2.9.0.tgz", + "_shasum": "e713762e7d3e32fed803115cf93e04bca9fcc9a6", + "_spec": "minipass@^2.3.5", + "_where": "/Users/claudiahdz/npm/cli/node_modules/libcipm/node_modules/pacote", + "author": { + "name": "Isaac Z. Schlueter", + "email": "i@izs.me", + "url": "http://blog.izs.me/" + }, + "bugs": { + "url": "https://github.com/isaacs/minipass/issues" + }, + "bundleDependencies": false, + "dependencies": { + "safe-buffer": "^5.1.2", + "yallist": "^3.0.0" + }, + "deprecated": false, + "description": "minimal implementation of a PassThrough stream", + "devDependencies": { + "end-of-stream": "^1.4.0", + "tap": "^14.6.5", + "through2": "^2.0.3" + }, + "files": [ + "index.js" + ], + "homepage": "https://github.com/isaacs/minipass#readme", + "keywords": [ + "passthrough", + "stream" + ], + "license": "ISC", + "main": "index.js", + "name": "minipass", + "repository": { + "type": "git", + "url": "git+https://github.com/isaacs/minipass.git" + }, + "scripts": { + "postpublish": "git push origin --follow-tags", + "postversion": "npm publish", + "preversion": "npm test", + "test": "tap" + }, + "tap": { + "check-coverage": true + }, + "version": "2.9.0" +} diff --git a/node_modules/pacote/node_modules/minizlib/LICENSE b/node_modules/libcipm/node_modules/minizlib/LICENSE index ffce7383f..ffce7383f 100644 --- a/node_modules/pacote/node_modules/minizlib/LICENSE +++ b/node_modules/libcipm/node_modules/minizlib/LICENSE diff --git a/node_modules/pacote/node_modules/minizlib/README.md b/node_modules/libcipm/node_modules/minizlib/README.md index 4097b8522..4097b8522 100644 --- a/node_modules/pacote/node_modules/minizlib/README.md +++ b/node_modules/libcipm/node_modules/minizlib/README.md diff --git a/node_modules/pacote/node_modules/minizlib/constants.js b/node_modules/libcipm/node_modules/minizlib/constants.js index 641ebc731..641ebc731 100644 --- a/node_modules/pacote/node_modules/minizlib/constants.js +++ b/node_modules/libcipm/node_modules/minizlib/constants.js diff --git a/node_modules/pacote/node_modules/minizlib/index.js b/node_modules/libcipm/node_modules/minizlib/index.js index 295047b9c..295047b9c 100644 --- a/node_modules/pacote/node_modules/minizlib/index.js +++ b/node_modules/libcipm/node_modules/minizlib/index.js diff --git a/node_modules/libcipm/node_modules/minizlib/package.json b/node_modules/libcipm/node_modules/minizlib/package.json new file mode 100644 index 000000000..1650216f6 --- /dev/null +++ b/node_modules/libcipm/node_modules/minizlib/package.json @@ -0,0 +1,71 @@ +{ + "_from": "minizlib@^1.2.1", + "_id": "minizlib@1.3.3", + "_inBundle": false, + "_integrity": "sha512-6ZYMOEnmVsdCeTJVE0W9ZD+pVnE8h9Hma/iOwwRDsdQoePpoX56/8B6z3P9VNwppJuBKNRuFDRNRqRWexT9G9Q==", + "_location": "/libcipm/minizlib", + "_phantomChildren": {}, + "_requested": { + "type": "range", + "registry": true, + "raw": "minizlib@^1.2.1", + "name": "minizlib", + "escapedName": "minizlib", + "rawSpec": "^1.2.1", + "saveSpec": null, + "fetchSpec": "^1.2.1" + }, + "_requiredBy": [ + "/libcipm/tar" + ], + "_resolved": "https://registry.npmjs.org/minizlib/-/minizlib-1.3.3.tgz", + "_shasum": "2290de96818a34c29551c8a8d301216bd65a861d", + "_spec": "minizlib@^1.2.1", + "_where": "/Users/claudiahdz/npm/cli/node_modules/libcipm/node_modules/tar", + "author": { + "name": "Isaac Z. Schlueter", + "email": "i@izs.me", + "url": "http://blog.izs.me/" + }, + "bugs": { + "url": "https://github.com/isaacs/minizlib/issues" + }, + "bundleDependencies": false, + "dependencies": { + "minipass": "^2.9.0" + }, + "deprecated": false, + "description": "A small fast zlib stream built on [minipass](http://npm.im/minipass) and Node.js's zlib binding.", + "devDependencies": { + "tap": "^12.0.1" + }, + "files": [ + "index.js", + "constants.js" + ], + "homepage": "https://github.com/isaacs/minizlib#readme", + "keywords": [ + "zlib", + "gzip", + "gunzip", + "deflate", + "inflate", + "compression", + "zip", + "unzip" + ], + "license": "MIT", + "main": "index.js", + "name": "minizlib", + "repository": { + "type": "git", + "url": "git+https://github.com/isaacs/minizlib.git" + }, + "scripts": { + "postpublish": "git push origin --all; git push origin --tags", + "postversion": "npm publish", + "preversion": "npm test", + "test": "tap test/*.js --100 -J" + }, + "version": "1.3.3" +} diff --git a/node_modules/pacote/node_modules/npm-pick-manifest/CHANGELOG.md b/node_modules/libcipm/node_modules/npm-pick-manifest/CHANGELOG.md index c594ba140..c594ba140 100644 --- a/node_modules/pacote/node_modules/npm-pick-manifest/CHANGELOG.md +++ b/node_modules/libcipm/node_modules/npm-pick-manifest/CHANGELOG.md diff --git a/node_modules/pacote/node_modules/npm-pick-manifest/LICENSE.md b/node_modules/libcipm/node_modules/npm-pick-manifest/LICENSE.md index 8d28acf86..8d28acf86 100644 --- a/node_modules/pacote/node_modules/npm-pick-manifest/LICENSE.md +++ b/node_modules/libcipm/node_modules/npm-pick-manifest/LICENSE.md diff --git a/node_modules/pacote/node_modules/npm-pick-manifest/README.md b/node_modules/libcipm/node_modules/npm-pick-manifest/README.md index d32d47af1..d32d47af1 100644 --- a/node_modules/pacote/node_modules/npm-pick-manifest/README.md +++ b/node_modules/libcipm/node_modules/npm-pick-manifest/README.md diff --git a/node_modules/pacote/node_modules/npm-pick-manifest/index.js b/node_modules/libcipm/node_modules/npm-pick-manifest/index.js index 9eb2d82d1..9eb2d82d1 100644 --- a/node_modules/pacote/node_modules/npm-pick-manifest/index.js +++ b/node_modules/libcipm/node_modules/npm-pick-manifest/index.js diff --git a/node_modules/libcipm/node_modules/npm-pick-manifest/package.json b/node_modules/libcipm/node_modules/npm-pick-manifest/package.json new file mode 100644 index 000000000..68412f665 --- /dev/null +++ b/node_modules/libcipm/node_modules/npm-pick-manifest/package.json @@ -0,0 +1,82 @@ +{ + "_from": "npm-pick-manifest@^3.0.0", + "_id": "npm-pick-manifest@3.0.2", + "_inBundle": false, + "_integrity": "sha512-wNprTNg+X5nf+tDi+hbjdHhM4bX+mKqv6XmPh7B5eG+QY9VARfQPfCEH013H5GqfNj6ee8Ij2fg8yk0mzps1Vw==", + "_location": "/libcipm/npm-pick-manifest", + "_phantomChildren": {}, + "_requested": { + "type": "range", + "registry": true, + "raw": "npm-pick-manifest@^3.0.0", + "name": "npm-pick-manifest", + "escapedName": "npm-pick-manifest", + "rawSpec": "^3.0.0", + "saveSpec": null, + "fetchSpec": "^3.0.0" + }, + "_requiredBy": [ + "/libcipm/pacote" + ], + "_resolved": "https://registry.npmjs.org/npm-pick-manifest/-/npm-pick-manifest-3.0.2.tgz", + "_shasum": "f4d9e5fd4be2153e5f4e5f9b7be8dc419a99abb7", + "_spec": "npm-pick-manifest@^3.0.0", + "_where": "/Users/claudiahdz/npm/cli/node_modules/libcipm/node_modules/pacote", + "author": { + "name": "Kat Marchán", + "email": "kzm@sykosomatic.org" + }, + "bugs": { + "url": "https://github.com/npm/npm-pick-manifest/issues" + }, + "bundleDependencies": false, + "config": { + "nyc": { + "exclude": [ + "node_modules/**", + "test/**" + ] + } + }, + "dependencies": { + "figgy-pudding": "^3.5.1", + "npm-package-arg": "^6.0.0", + "semver": "^5.4.1" + }, + "deprecated": false, + "description": "Resolves a matching manifest from a package metadata document according to standard npm semver resolution rules.", + "devDependencies": { + "nyc": "^13.1.0", + "standard": "^10.0.3", + "standard-version": "^4.4.0", + "tap": "^12.0.1", + "weallbehave": "^1.2.0", + "weallcontribute": "^1.0.8" + }, + "files": [ + "*.js" + ], + "homepage": "https://github.com/npm/npm-pick-manifest#readme", + "keywords": [ + "npm", + "semver", + "package manager" + ], + "license": "ISC", + "main": "index.js", + "name": "npm-pick-manifest", + "repository": { + "type": "git", + "url": "git+https://github.com/npm/npm-pick-manifest.git" + }, + "scripts": { + "postrelease": "npm publish && git push --follow-tags", + "prerelease": "npm t", + "pretest": "standard", + "release": "standard-version -s", + "test": "tap -J --100 --coverage test/*.js", + "update-coc": "weallbehave -o . && git add CODE_OF_CONDUCT.md && git commit -m 'docs(coc): updated CODE_OF_CONDUCT.md'", + "update-contrib": "weallcontribute -o . && git add CONTRIBUTING.md && git commit -m 'docs(contributing): updated CONTRIBUTING.md'" + }, + "version": "3.0.2" +} diff --git a/node_modules/pacote/node_modules/npm-registry-fetch/CHANGELOG.md b/node_modules/libcipm/node_modules/npm-registry-fetch/CHANGELOG.md index 8eee50a47..3599c6b2f 100644 --- a/node_modules/pacote/node_modules/npm-registry-fetch/CHANGELOG.md +++ b/node_modules/libcipm/node_modules/npm-registry-fetch/CHANGELOG.md @@ -2,6 +2,17 @@ All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines. +<a name="4.0.3"></a> +## [4.0.3](https://github.com/npm/registry-fetch/compare/v4.0.2...v4.0.3) (2020-02-13) + + +### Bug Fixes + +* always bypass cache when ?write=true ([ba8b4fe](https://github.com/npm/registry-fetch/commit/ba8b4fe)) +* use 30s default for timeout as per README ([69c2977](https://github.com/npm/registry-fetch/commit/69c2977)), closes [#20](https://github.com/npm/registry-fetch/issues/20) + + + <a name="4.0.2"></a> ## [4.0.2](https://github.com/npm/registry-fetch/compare/v4.0.0...v4.0.2) (2019-10-04) diff --git a/node_modules/pacote/node_modules/npm-registry-fetch/LICENSE.md b/node_modules/libcipm/node_modules/npm-registry-fetch/LICENSE.md index 8d28acf86..8d28acf86 100644 --- a/node_modules/pacote/node_modules/npm-registry-fetch/LICENSE.md +++ b/node_modules/libcipm/node_modules/npm-registry-fetch/LICENSE.md diff --git a/node_modules/pacote/node_modules/npm-registry-fetch/README.md b/node_modules/libcipm/node_modules/npm-registry-fetch/README.md index 0c3f4f946..80ce64cda 100644 --- a/node_modules/pacote/node_modules/npm-registry-fetch/README.md +++ b/node_modules/libcipm/node_modules/npm-registry-fetch/README.md @@ -50,6 +50,25 @@ Happy hacking! ### API +#### Caching and `write=true` query strings + +Before performing any PUT or DELETE operation, npm clients first make a +GET request to the registry resource being updated, which includes +the query string `?write=true`. + +The semantics of this are, effectively, "I intend to write to this thing, +and need to know the latest current value, so that my write can land +cleanly". + +The public npm registry handles these `?write=true` requests by ensuring +that the cache is re-validated before sending a response. In order to +maintain the same behavior on the client, and not get tripped up by an +overeager local cache when we intend to write data to the registry, any +request that comes through `npm-registry-fetch` that contains `write=true` +in the query string will forcibly set the `prefer-online` option to `true`, +and set both `prefer-offline` and `offline` to false, so that any local +cached value will be revalidated. + #### <a name="fetch"></a> `> fetch(url, [opts]) -> Promise<Response>` Performs a request to a given URL. @@ -391,6 +410,9 @@ Force offline mode: no network requests will be done during install. To allow This option is only really useful if you're also using [`opts.cache`](#opts-cache). +This option is set to `true` when the request includes `write=true` in the +query string. + ##### <a name="opts-otp"></a> `opts.otp` * Type: Number | String @@ -402,7 +424,7 @@ account. ##### <a name="opts-password"></a> `opts.password` -* Alias: _password +* Alias: `_password` * Type: String * Default: null @@ -432,6 +454,9 @@ will be requested from the server. To force full offline mode, use This option is generally only useful if you're also using [`opts.cache`](#opts-cache). +This option is set to `false` when the request includes `write=true` in the +query string. + ##### <a name="opts-prefer-online"></a> `opts.prefer-online` * Type: Boolean @@ -443,6 +468,8 @@ for updates immediately even for fresh package data. This option is generally only useful if you're also using [`opts.cache`](#opts-cache). +This option is set to `true` when the request includes `write=true` in the +query string. ##### <a name="opts-project-scope"></a> `opts.project-scope` @@ -606,4 +633,4 @@ See also [`opts.password`](#opts-password) * Default: null ** DEPRECATED ** This is a legacy authentication token supported only for -*compatibility. Please use [`opts.token`](#opts-token) instead. +compatibility. Please use [`opts.token`](#opts-token) instead. diff --git a/node_modules/pacote/node_modules/npm-registry-fetch/auth.js b/node_modules/libcipm/node_modules/npm-registry-fetch/auth.js index d583982d0..d583982d0 100644 --- a/node_modules/pacote/node_modules/npm-registry-fetch/auth.js +++ b/node_modules/libcipm/node_modules/npm-registry-fetch/auth.js diff --git a/node_modules/pacote/node_modules/npm-registry-fetch/check-response.js b/node_modules/libcipm/node_modules/npm-registry-fetch/check-response.js index 14058239b..14058239b 100644 --- a/node_modules/pacote/node_modules/npm-registry-fetch/check-response.js +++ b/node_modules/libcipm/node_modules/npm-registry-fetch/check-response.js diff --git a/node_modules/pacote/node_modules/npm-registry-fetch/config.js b/node_modules/libcipm/node_modules/npm-registry-fetch/config.js index 1c43b26ea..d7be3f9b3 100644 --- a/node_modules/pacote/node_modules/npm-registry-fetch/config.js +++ b/node_modules/libcipm/node_modules/npm-registry-fetch/config.js @@ -75,7 +75,9 @@ module.exports = figgyPudding({ 'scope': {}, 'spec': {}, 'strict-ssl': {}, - 'timeout': {}, + 'timeout': { + default: 30 * 1000 + }, 'user-agent': { default: `${ pkg.name diff --git a/node_modules/pacote/node_modules/npm-registry-fetch/errors.js b/node_modules/libcipm/node_modules/npm-registry-fetch/errors.js index ba78735fc..ba78735fc 100644 --- a/node_modules/pacote/node_modules/npm-registry-fetch/errors.js +++ b/node_modules/libcipm/node_modules/npm-registry-fetch/errors.js diff --git a/node_modules/pacote/node_modules/npm-registry-fetch/index.js b/node_modules/libcipm/node_modules/npm-registry-fetch/index.js index c18487388..9bd0ad32d 100644 --- a/node_modules/pacote/node_modules/npm-registry-fetch/index.js +++ b/node_modules/libcipm/node_modules/npm-registry-fetch/index.js @@ -53,26 +53,38 @@ function regFetch (uri, opts) { }) } } - if (opts.query) { - let q = opts.query + + let q = opts.query + if (q) { if (typeof q === 'string') { q = qs.parse(q) + } else if (typeof q !== 'object') { + throw new TypeError('invalid query option, must be string or object') } Object.keys(q).forEach(key => { if (q[key] === undefined) { delete q[key] } }) - if (Object.keys(q).length) { - const parsed = url.parse(uri) - parsed.search = '?' + qs.stringify( - parsed.query - ? Object.assign(qs.parse(parsed.query), q) - : q - ) - uri = url.format(parsed) + } + const parsed = url.parse(uri) + + const query = parsed.query ? Object.assign(qs.parse(parsed.query), q || {}) + : Object.keys(q || {}).length ? q + : null + + if (query) { + if (String(query.write) === 'true' && opts.method === 'GET') { + opts = opts.concat({ + offline: false, + 'prefer-offline': false, + 'prefer-online': true + }) } + parsed.search = '?' + qs.stringify(query) + uri = url.format(parsed) } + return opts.Promise.resolve(body).then(body => fetch(uri, { agent: opts.agent, algorithms: opts.algorithms, diff --git a/node_modules/pacote/node_modules/npm-registry-fetch/node_modules/safe-buffer/LICENSE b/node_modules/libcipm/node_modules/npm-registry-fetch/node_modules/safe-buffer/LICENSE index 0c068ceec..0c068ceec 100644 --- a/node_modules/pacote/node_modules/npm-registry-fetch/node_modules/safe-buffer/LICENSE +++ b/node_modules/libcipm/node_modules/npm-registry-fetch/node_modules/safe-buffer/LICENSE diff --git a/node_modules/pacote/node_modules/npm-registry-fetch/node_modules/safe-buffer/README.md b/node_modules/libcipm/node_modules/npm-registry-fetch/node_modules/safe-buffer/README.md index 356e35193..356e35193 100644 --- a/node_modules/pacote/node_modules/npm-registry-fetch/node_modules/safe-buffer/README.md +++ b/node_modules/libcipm/node_modules/npm-registry-fetch/node_modules/safe-buffer/README.md diff --git a/node_modules/pacote/node_modules/npm-registry-fetch/node_modules/safe-buffer/index.d.ts b/node_modules/libcipm/node_modules/npm-registry-fetch/node_modules/safe-buffer/index.d.ts index e9fed809a..e9fed809a 100644 --- a/node_modules/pacote/node_modules/npm-registry-fetch/node_modules/safe-buffer/index.d.ts +++ b/node_modules/libcipm/node_modules/npm-registry-fetch/node_modules/safe-buffer/index.d.ts diff --git a/node_modules/pacote/node_modules/npm-registry-fetch/node_modules/safe-buffer/index.js b/node_modules/libcipm/node_modules/npm-registry-fetch/node_modules/safe-buffer/index.js index 054c8d30d..054c8d30d 100644 --- a/node_modules/pacote/node_modules/npm-registry-fetch/node_modules/safe-buffer/index.js +++ b/node_modules/libcipm/node_modules/npm-registry-fetch/node_modules/safe-buffer/index.js diff --git a/node_modules/pacote/node_modules/npm-registry-fetch/node_modules/safe-buffer/package.json b/node_modules/libcipm/node_modules/npm-registry-fetch/node_modules/safe-buffer/package.json index 5f40b4432..bc0e115d5 100644 --- a/node_modules/pacote/node_modules/npm-registry-fetch/node_modules/safe-buffer/package.json +++ b/node_modules/libcipm/node_modules/npm-registry-fetch/node_modules/safe-buffer/package.json @@ -3,7 +3,7 @@ "_id": "safe-buffer@5.2.0", "_inBundle": false, "_integrity": "sha512-fZEwUGbVl7kouZs1jCdMLdt95hdIv0ZeHg6L7qPeciMZhZ+/gdesW4wgTARkrFWEpspjEATAzUGPG8N2jJiwbg==", - "_location": "/pacote/npm-registry-fetch/safe-buffer", + "_location": "/libcipm/npm-registry-fetch/safe-buffer", "_phantomChildren": {}, "_requested": { "type": "range", @@ -16,12 +16,12 @@ "fetchSpec": "^5.2.0" }, "_requiredBy": [ - "/pacote/npm-registry-fetch" + "/libcipm/npm-registry-fetch" ], "_resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.0.tgz", "_shasum": "b74daec49b1148f88c64b68d49b1e815c1f2f519", "_spec": "safe-buffer@^5.2.0", - "_where": "/Users/mperrotte/npminc/cli/node_modules/pacote/node_modules/npm-registry-fetch", + "_where": "/Users/claudiahdz/npm/cli/node_modules/libcipm/node_modules/npm-registry-fetch", "author": { "name": "Feross Aboukhadijeh", "email": "feross@feross.org", diff --git a/node_modules/pacote/node_modules/npm-registry-fetch/package.json b/node_modules/libcipm/node_modules/npm-registry-fetch/package.json index e01daa82e..2d48376b2 100644 --- a/node_modules/pacote/node_modules/npm-registry-fetch/package.json +++ b/node_modules/libcipm/node_modules/npm-registry-fetch/package.json @@ -1,9 +1,9 @@ { "_from": "npm-registry-fetch@^4.0.0", - "_id": "npm-registry-fetch@4.0.2", + "_id": "npm-registry-fetch@4.0.3", "_inBundle": false, - "_integrity": "sha512-Z0IFtPEozNdeZRPh3aHHxdG+ZRpzcbQaJLthsm3VhNf6DScicTFRHZzK82u8RsJUsUHkX+QH/zcB/5pmd20H4A==", - "_location": "/pacote/npm-registry-fetch", + "_integrity": "sha512-WGvUx0lkKFhu9MbiGFuT9nG2NpfQ+4dCJwRwwtK2HK5izJEvwDxMeUyqbuMS7N/OkpVCqDorV6rO5E4V9F8lJw==", + "_location": "/libcipm/npm-registry-fetch", "_phantomChildren": {}, "_requested": { "type": "range", @@ -16,12 +16,12 @@ "fetchSpec": "^4.0.0" }, "_requiredBy": [ - "/pacote" + "/libcipm/pacote" ], - "_resolved": "https://registry.npmjs.org/npm-registry-fetch/-/npm-registry-fetch-4.0.2.tgz", - "_shasum": "2b1434f93ccbe6b6385f8e45f45db93e16921d7a", + "_resolved": "https://registry.npmjs.org/npm-registry-fetch/-/npm-registry-fetch-4.0.3.tgz", + "_shasum": "3c2179e39e04f9348b1c2979545951d36bee8766", "_spec": "npm-registry-fetch@^4.0.0", - "_where": "/Users/mperrotte/npminc/cli/node_modules/pacote", + "_where": "/Users/claudiahdz/npm/cli/node_modules/libcipm/node_modules/pacote", "author": { "name": "Kat Marchán", "email": "kzm@sykosomatic.org" @@ -76,6 +76,9 @@ "license": "ISC", "main": "index.js", "name": "npm-registry-fetch", + "publishConfig": { + "tag": "latest-v4" + }, "repository": { "type": "git", "url": "git+https://github.com/npm/registry-fetch.git" @@ -89,5 +92,5 @@ "update-coc": "weallbehave -o . && git add CODE_OF_CONDUCT.md && git commit -m 'docs(coc): updated CODE_OF_CONDUCT.md'", "update-contrib": "weallcontribute -o . && git add CONTRIBUTING.md && git commit -m 'docs(contributing): updated CONTRIBUTING.md'" }, - "version": "4.0.2" + "version": "4.0.3" } diff --git a/node_modules/pacote/node_modules/npm-registry-fetch/silentlog.js b/node_modules/libcipm/node_modules/npm-registry-fetch/silentlog.js index 886c5d55b..886c5d55b 100644 --- a/node_modules/pacote/node_modules/npm-registry-fetch/silentlog.js +++ b/node_modules/libcipm/node_modules/npm-registry-fetch/silentlog.js diff --git a/node_modules/pacote/CHANGELOG.md b/node_modules/libcipm/node_modules/pacote/CHANGELOG.md index b632c4eb4..b632c4eb4 100644 --- a/node_modules/pacote/CHANGELOG.md +++ b/node_modules/libcipm/node_modules/pacote/CHANGELOG.md diff --git a/node_modules/libcipm/node_modules/pacote/LICENSE b/node_modules/libcipm/node_modules/pacote/LICENSE new file mode 100644 index 000000000..841ef53a2 --- /dev/null +++ b/node_modules/libcipm/node_modules/pacote/LICENSE @@ -0,0 +1,21 @@ +The MIT License (MIT) +Copyright (c) Kat Marchán, npm, Inc., and Contributors + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. +IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, +DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR +OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE +OR OTHER DEALINGS IN THE SOFTWARE. + diff --git a/node_modules/libcipm/node_modules/pacote/README.md b/node_modules/libcipm/node_modules/pacote/README.md new file mode 100644 index 000000000..f29d330d8 --- /dev/null +++ b/node_modules/libcipm/node_modules/pacote/README.md @@ -0,0 +1,288 @@ +# pacote [](https://npm.im/pacote) [](https://npm.im/pacote) [](https://travis-ci.org/npm/pacote) [](https://ci.appveyor.com/project/npm/pacote) [](https://coveralls.io/github/npm/pacote?branch=latest) + +[`pacote`](https://github.com/npm/pacote) is a Node.js library for downloading +[npm](https://npmjs.org)-compatible packages. It supports all package specifier +syntax that `npm install` and its ilk support. It transparently caches anything +needed to reduce excess operations, using [`cacache`](https://npm.im/cacache). + +## Install + +`$ npm install --save pacote` + +## Table of Contents + +* [Example](#example) +* [Features](#features) +* [Contributing](#contributing) +* [API](#api) + * [`manifest`](#manifest) + * [`packument`](#packument) + * [`extract`](#extract) + * [`tarball`](#tarball) + * [`tarball.stream`](#tarball-stream) + * [`tarball.toFile`](#tarball-to-file) + * ~~[`prefetch`](#prefetch)~~ (deprecated) + * [`clearMemoized`](#clearMemoized) + * [`options`](#options) + +### Example + +```javascript +const pacote = require('pacote') + +pacote.manifest('pacote@^1').then(pkg => { + console.log('package manifest for registry pkg:', pkg) + // { "name": "pacote", "version": "1.0.0", ... } +}) + +pacote.extract('http://hi.com/pkg.tgz', './here').then(() => { + console.log('remote tarball contents extracted to ./here') +}) +``` + +### Features + +* Handles all package types [npm](https://npm.im/npm) does +* [high-performance, reliable, verified local cache](https://npm.im/cacache) +* offline mode +* authentication support (private git, private npm registries, etc) +* github, gitlab, and bitbucket-aware +* semver range support for git dependencies + +### Contributing + +The pacote team enthusiastically welcomes contributions and project participation! There's a bunch of things you can do if you want to contribute! The [Contributor Guide](CONTRIBUTING.md) has all the information you need for everything from reporting bugs to contributing entire new features. Please don't hesitate to jump in if you'd like to, or even ask us questions if something isn't clear. + +### API + +#### <a name="manifest"></a> `> pacote.manifest(spec, [opts])` + +Fetches the *manifest* for a package. Manifest objects are similar and based +on the `package.json` for that package, but with pre-processed and limited +fields. The object has the following shape: + +```javascript +{ + "name": PkgName, + "version": SemverString, + "dependencies": { PkgName: SemverString }, + "optionalDependencies": { PkgName: SemverString }, + "devDependencies": { PkgName: SemverString }, + "peerDependencies": { PkgName: SemverString }, + "bundleDependencies": false || [PkgName], + "bin": { BinName: Path }, + "_resolved": TarballSource, // different for each package type + "_integrity": SubresourceIntegrityHash, + "_shrinkwrap": null || ShrinkwrapJsonObj +} +``` + +Note that depending on the spec type, some additional fields might be present. +For example, packages from `registry.npmjs.org` have additional metadata +appended by the registry. + +##### Example + +```javascript +pacote.manifest('pacote@1.0.0').then(pkgJson => { + // fetched `package.json` data from the registry +}) +``` + +#### <a name="packument"></a> `> pacote.packument(spec, [opts])` + +Fetches the *packument* for a package. Packument objects are general metadata +about a project corresponding to registry metadata, and include version and +`dist-tag` information about a package's available versions, rather than a +specific version. It may include additional metadata not usually available +through the individual package metadata objects. + +It generally looks something like this: + +```javascript +{ + "name": PkgName, + "dist-tags": { + 'latest': VersionString, + [TagName]: VersionString, + ... + }, + "versions": { + [VersionString]: Manifest, + ... + } +} +``` + +Note that depending on the spec type, some additional fields might be present. +For example, packages from `registry.npmjs.org` have additional metadata +appended by the registry. + +##### Example + +```javascript +pacote.packument('pacote').then(pkgJson => { + // fetched package versions metadata from the registry +}) +``` + +#### <a name="extract"></a> `> pacote.extract(spec, destination, [opts])` + +Extracts package data identified by `<spec>` into a directory named +`<destination>`, which will be created if it does not already exist. + +If `opts.digest` is provided and the data it identifies is present in the cache, +`extract` will bypass most of its operations and go straight to extracting the +tarball. + +##### Example + +```javascript +pacote.extract('pacote@1.0.0', './woot', { + digest: 'deadbeef' +}).then(() => { + // Succeeds as long as `pacote@1.0.0` still exists somewhere. Network and + // other operations are bypassed entirely if `digest` is present in the cache. +}) +``` + +#### <a name="tarball"></a> `> pacote.tarball(spec, [opts])` + +Fetches package data identified by `<spec>` and returns the data as a buffer. + +This API has two variants: + +* `pacote.tarball.stream(spec, [opts])` - Same as `pacote.tarball`, except it returns a stream instead of a Promise. +* `pacote.tarball.toFile(spec, dest, [opts])` - Instead of returning data directly, data will be written directly to `dest`, and create any required directories along the way. + +##### Example + +```javascript +pacote.tarball('pacote@1.0.0', { cache: './my-cache' }).then(data => { + // data is the tarball data for pacote@1.0.0 +}) +``` + +#### <a name="tarball-stream"></a> `> pacote.tarball.stream(spec, [opts])` + +Same as `pacote.tarball`, except it returns a stream instead of a Promise. + +##### Example + +```javascript +pacote.tarball.stream('pacote@1.0.0') +.pipe(fs.createWriteStream('./pacote-1.0.0.tgz')) +``` + +#### <a name="tarball-to-file"></a> `> pacote.tarball.toFile(spec, dest, [opts])` + +Like `pacote.tarball`, but instead of returning data directly, data will be +written directly to `dest`, and create any required directories along the way. + +##### Example + +```javascript +pacote.tarball.toFile('pacote@1.0.0', './pacote-1.0.0.tgz') +.then(() => /* pacote tarball written directly to ./pacote-1.0.0.tgz */) +``` + +#### <a name="prefetch"></a> `> pacote.prefetch(spec, [opts])` + +##### THIS API IS DEPRECATED. USE `pacote.tarball()` INSTEAD + +Fetches package data identified by `<spec>`, usually for the purpose of warming +up the local package cache (with `opts.cache`). It does not return anything. + +##### Example + +```javascript +pacote.prefetch('pacote@1.0.0', { cache: './my-cache' }).then(() => { + // ./my-cache now has both the manifest and tarball for `pacote@1.0.0`. +}) +``` + +#### <a name="clearMemoized"></a> `> pacote.clearMemoized()` + +This utility function can be used to force pacote to release its references +to any memoized data in its various internal caches. It might help free +some memory. + +```javascript +pacote.manifest(...).then(() => pacote.clearMemoized) + +``` + +#### <a name="options"></a> `> options` + +`pacote` accepts [the options for +`npm-registry-fetch`](https://npm.im/npm-registry-fetch#fetch-options) as-is, +with a couple of additional `pacote-specific` ones: + +##### <a name="dirPacker"></a> `opts.dirPacker` + +* Type: Function +* Default: Uses [`npm-packlist`](https://npm.im/npm-packlist) and [`tar`](https://npm.im/tar) to make a tarball. + +Expects a function that takes a single argument, `dir`, and returns a +`ReadableStream` that outputs packaged tarball data. Used when creating tarballs +for package specs that are not already packaged, such as git and directory +dependencies. The default `opts.dirPacker` does not execute `prepare` scripts, +even though npm itself does. + +##### <a name="opts-enjoy-by"></a> `opts.enjoy-by` + +* Alias: `opts.enjoyBy`, `opts.before` +* Type: Date-able +* Default: undefined + +If passed in, will be used while resolving to filter the versions for **registry +dependencies** such that versions published **after** `opts.enjoy-by` are not +considered -- as if they'd never been published. + +##### <a name="opts-include-deprecated"></a> `opts.include-deprecated` + +* Alias: `opts.includeDeprecated` +* Type: Boolean +* Default: false + +If false, deprecated versions will be skipped when selecting from registry range +specifiers. If true, deprecations do not affect version selection. + +##### <a name="opts-full-metadata"></a> `opts.full-metadata` + +* Type: Boolean +* Default: false + +If `true`, the full packument will be fetched when doing metadata requests. By +defaul, `pacote` only fetches the summarized packuments, also called "corgis". + +##### <a name="opts-tag"></a> `opts.tag` + +* Alias: `opts.defaultTag` +* Type: String +* Default: `'latest'` + +Package version resolution tag. When processing registry spec ranges, this +option is used to determine what dist-tag to treat as "latest". For more details +about how `pacote` selects versions and how `tag` is involved, see [the +documentation for `npm-pick-manifest`](https://npm.im/npm-pick-manifest). + +##### <a name="opts-resolved"></a> `opts.resolved` + +* Type: String +* Default: null + +When fetching tarballs, this option can be passed in to skip registry metadata +lookups when downloading tarballs. If the string is a `file:` URL, pacote will +try to read the referenced local file before attempting to do any further +lookups. This option does not bypass integrity checks when `opts.integrity` is +passed in. + +##### <a name="opts-where"></a> `opts.where` + +* Type: String +* Default: null + +Passed as an argument to [`npm-package-arg`](https://npm.im/npm-package-arg) +when resolving `spec` arguments. Used to determine what path to resolve local +path specs relatively from. diff --git a/node_modules/pacote/extract.js b/node_modules/libcipm/node_modules/pacote/extract.js index 6ed0b18aa..6ed0b18aa 100644 --- a/node_modules/pacote/extract.js +++ b/node_modules/libcipm/node_modules/pacote/extract.js diff --git a/node_modules/pacote/index.js b/node_modules/libcipm/node_modules/pacote/index.js index a0ed98759..a0ed98759 100644 --- a/node_modules/pacote/index.js +++ b/node_modules/libcipm/node_modules/pacote/index.js diff --git a/node_modules/pacote/lib/extract-stream.js b/node_modules/libcipm/node_modules/pacote/lib/extract-stream.js index d967b9f89..d967b9f89 100644 --- a/node_modules/pacote/lib/extract-stream.js +++ b/node_modules/libcipm/node_modules/pacote/lib/extract-stream.js diff --git a/node_modules/pacote/lib/fetch.js b/node_modules/libcipm/node_modules/pacote/lib/fetch.js index 36fb6b6d3..36fb6b6d3 100644 --- a/node_modules/pacote/lib/fetch.js +++ b/node_modules/libcipm/node_modules/pacote/lib/fetch.js diff --git a/node_modules/pacote/lib/fetchers/alias.js b/node_modules/libcipm/node_modules/pacote/lib/fetchers/alias.js index f22cbb1d7..f22cbb1d7 100644 --- a/node_modules/pacote/lib/fetchers/alias.js +++ b/node_modules/libcipm/node_modules/pacote/lib/fetchers/alias.js diff --git a/node_modules/pacote/lib/fetchers/directory.js b/node_modules/libcipm/node_modules/pacote/lib/fetchers/directory.js index fc9c46cd3..fc9c46cd3 100644 --- a/node_modules/pacote/lib/fetchers/directory.js +++ b/node_modules/libcipm/node_modules/pacote/lib/fetchers/directory.js diff --git a/node_modules/pacote/lib/fetchers/file.js b/node_modules/libcipm/node_modules/pacote/lib/fetchers/file.js index a58e32913..a58e32913 100644 --- a/node_modules/pacote/lib/fetchers/file.js +++ b/node_modules/libcipm/node_modules/pacote/lib/fetchers/file.js diff --git a/node_modules/pacote/lib/fetchers/git.js b/node_modules/libcipm/node_modules/pacote/lib/fetchers/git.js index a1579d1f9..a1579d1f9 100644 --- a/node_modules/pacote/lib/fetchers/git.js +++ b/node_modules/libcipm/node_modules/pacote/lib/fetchers/git.js diff --git a/node_modules/pacote/lib/fetchers/hosted.js b/node_modules/libcipm/node_modules/pacote/lib/fetchers/hosted.js index d41793c81..d41793c81 100644 --- a/node_modules/pacote/lib/fetchers/hosted.js +++ b/node_modules/libcipm/node_modules/pacote/lib/fetchers/hosted.js diff --git a/node_modules/pacote/lib/fetchers/range.js b/node_modules/libcipm/node_modules/pacote/lib/fetchers/range.js index 9f172e986..9f172e986 100644 --- a/node_modules/pacote/lib/fetchers/range.js +++ b/node_modules/libcipm/node_modules/pacote/lib/fetchers/range.js diff --git a/node_modules/pacote/lib/fetchers/registry/index.js b/node_modules/libcipm/node_modules/pacote/lib/fetchers/registry/index.js index 2cca7040b..2cca7040b 100644 --- a/node_modules/pacote/lib/fetchers/registry/index.js +++ b/node_modules/libcipm/node_modules/pacote/lib/fetchers/registry/index.js diff --git a/node_modules/pacote/lib/fetchers/registry/manifest.js b/node_modules/libcipm/node_modules/pacote/lib/fetchers/registry/manifest.js index 00deb13af..00deb13af 100644 --- a/node_modules/pacote/lib/fetchers/registry/manifest.js +++ b/node_modules/libcipm/node_modules/pacote/lib/fetchers/registry/manifest.js diff --git a/node_modules/pacote/lib/fetchers/registry/packument.js b/node_modules/libcipm/node_modules/pacote/lib/fetchers/registry/packument.js index f5286c803..f5286c803 100644 --- a/node_modules/pacote/lib/fetchers/registry/packument.js +++ b/node_modules/libcipm/node_modules/pacote/lib/fetchers/registry/packument.js diff --git a/node_modules/pacote/lib/fetchers/registry/tarball.js b/node_modules/libcipm/node_modules/pacote/lib/fetchers/registry/tarball.js index 134153280..134153280 100644 --- a/node_modules/pacote/lib/fetchers/registry/tarball.js +++ b/node_modules/libcipm/node_modules/pacote/lib/fetchers/registry/tarball.js diff --git a/node_modules/pacote/lib/fetchers/remote.js b/node_modules/libcipm/node_modules/pacote/lib/fetchers/remote.js index 8941f9938..8941f9938 100644 --- a/node_modules/pacote/lib/fetchers/remote.js +++ b/node_modules/libcipm/node_modules/pacote/lib/fetchers/remote.js diff --git a/node_modules/pacote/lib/fetchers/tag.js b/node_modules/libcipm/node_modules/pacote/lib/fetchers/tag.js index 9f172e986..9f172e986 100644 --- a/node_modules/pacote/lib/fetchers/tag.js +++ b/node_modules/libcipm/node_modules/pacote/lib/fetchers/tag.js diff --git a/node_modules/pacote/lib/fetchers/version.js b/node_modules/libcipm/node_modules/pacote/lib/fetchers/version.js index 9f172e986..9f172e986 100644 --- a/node_modules/pacote/lib/fetchers/version.js +++ b/node_modules/libcipm/node_modules/pacote/lib/fetchers/version.js diff --git a/node_modules/pacote/lib/finalize-manifest.js b/node_modules/libcipm/node_modules/pacote/lib/finalize-manifest.js index 80b9cda73..80b9cda73 100644 --- a/node_modules/pacote/lib/finalize-manifest.js +++ b/node_modules/libcipm/node_modules/pacote/lib/finalize-manifest.js diff --git a/node_modules/pacote/lib/util/cache-key.js b/node_modules/libcipm/node_modules/pacote/lib/util/cache-key.js index 157e60b0d..157e60b0d 100644 --- a/node_modules/pacote/lib/util/cache-key.js +++ b/node_modules/libcipm/node_modules/pacote/lib/util/cache-key.js diff --git a/node_modules/pacote/lib/util/finished.js b/node_modules/libcipm/node_modules/pacote/lib/util/finished.js index 6dadc8b5b..6dadc8b5b 100644 --- a/node_modules/pacote/lib/util/finished.js +++ b/node_modules/libcipm/node_modules/pacote/lib/util/finished.js diff --git a/node_modules/pacote/lib/util/git.js b/node_modules/libcipm/node_modules/pacote/lib/util/git.js index 7642eb2c8..7642eb2c8 100644 --- a/node_modules/pacote/lib/util/git.js +++ b/node_modules/libcipm/node_modules/pacote/lib/util/git.js diff --git a/node_modules/pacote/lib/util/opt-check.js b/node_modules/libcipm/node_modules/pacote/lib/util/opt-check.js index 8b6b472f8..8b6b472f8 100644 --- a/node_modules/pacote/lib/util/opt-check.js +++ b/node_modules/libcipm/node_modules/pacote/lib/util/opt-check.js diff --git a/node_modules/pacote/lib/util/pack-dir.js b/node_modules/libcipm/node_modules/pacote/lib/util/pack-dir.js index 157a9a82f..157a9a82f 100644 --- a/node_modules/pacote/lib/util/pack-dir.js +++ b/node_modules/libcipm/node_modules/pacote/lib/util/pack-dir.js diff --git a/node_modules/pacote/lib/util/proclog.js b/node_modules/libcipm/node_modules/pacote/lib/util/proclog.js index e4a2bf8ac..e4a2bf8ac 100644 --- a/node_modules/pacote/lib/util/proclog.js +++ b/node_modules/libcipm/node_modules/pacote/lib/util/proclog.js diff --git a/node_modules/pacote/lib/util/read-json.js b/node_modules/libcipm/node_modules/pacote/lib/util/read-json.js index 32fffbc53..32fffbc53 100644 --- a/node_modules/pacote/lib/util/read-json.js +++ b/node_modules/libcipm/node_modules/pacote/lib/util/read-json.js diff --git a/node_modules/pacote/lib/with-tarball-stream.js b/node_modules/libcipm/node_modules/pacote/lib/with-tarball-stream.js index 0d84696d6..0d84696d6 100644 --- a/node_modules/pacote/lib/with-tarball-stream.js +++ b/node_modules/libcipm/node_modules/pacote/lib/with-tarball-stream.js diff --git a/node_modules/pacote/manifest.js b/node_modules/libcipm/node_modules/pacote/manifest.js index 6a89ff76b..6a89ff76b 100644 --- a/node_modules/pacote/manifest.js +++ b/node_modules/libcipm/node_modules/pacote/manifest.js diff --git a/node_modules/libcipm/node_modules/pacote/package.json b/node_modules/libcipm/node_modules/pacote/package.json new file mode 100644 index 000000000..72a152141 --- /dev/null +++ b/node_modules/libcipm/node_modules/pacote/package.json @@ -0,0 +1,121 @@ +{ + "_from": "pacote@^9.1.0", + "_id": "pacote@9.5.12", + "_inBundle": false, + "_integrity": "sha512-BUIj/4kKbwWg4RtnBncXPJd15piFSVNpTzY0rysSr3VnMowTYgkGKcaHrbReepAkjTr8lH2CVWRi58Spg2CicQ==", + "_location": "/libcipm/pacote", + "_phantomChildren": {}, + "_requested": { + "type": "range", + "registry": true, + "raw": "pacote@^9.1.0", + "name": "pacote", + "escapedName": "pacote", + "rawSpec": "^9.1.0", + "saveSpec": null, + "fetchSpec": "^9.1.0" + }, + "_requiredBy": [ + "/libcipm" + ], + "_resolved": "https://registry.npmjs.org/pacote/-/pacote-9.5.12.tgz", + "_shasum": "1e11dd7a8d736bcc36b375a9804d41bb0377bf66", + "_spec": "pacote@^9.1.0", + "_where": "/Users/claudiahdz/npm/cli/node_modules/libcipm", + "author": { + "name": "Kat Marchán", + "email": "kzm@sykosomatic.org" + }, + "bugs": { + "url": "https://github.com/npm/pacote/issues" + }, + "bundleDependencies": false, + "contributors": [ + { + "name": "Charlotte Spencer", + "email": "charlottelaspencer@gmail.com" + }, + { + "name": "Rebecca Turner", + "email": "me@re-becca.org" + } + ], + "dependencies": { + "bluebird": "^3.5.3", + "cacache": "^12.0.2", + "chownr": "^1.1.2", + "figgy-pudding": "^3.5.1", + "get-stream": "^4.1.0", + "glob": "^7.1.3", + "infer-owner": "^1.0.4", + "lru-cache": "^5.1.1", + "make-fetch-happen": "^5.0.0", + "minimatch": "^3.0.4", + "minipass": "^2.3.5", + "mississippi": "^3.0.0", + "mkdirp": "^0.5.1", + "normalize-package-data": "^2.4.0", + "npm-normalize-package-bin": "^1.0.0", + "npm-package-arg": "^6.1.0", + "npm-packlist": "^1.1.12", + "npm-pick-manifest": "^3.0.0", + "npm-registry-fetch": "^4.0.0", + "osenv": "^0.1.5", + "promise-inflight": "^1.0.1", + "promise-retry": "^1.1.1", + "protoduck": "^5.0.1", + "rimraf": "^2.6.2", + "safe-buffer": "^5.1.2", + "semver": "^5.6.0", + "ssri": "^6.0.1", + "tar": "^4.4.10", + "unique-filename": "^1.1.1", + "which": "^1.3.1" + }, + "deprecated": false, + "description": "JavaScript package downloader", + "devDependencies": { + "nock": "^10.0.3", + "npmlog": "^4.1.2", + "nyc": "^14.1.1", + "require-inject": "^1.4.3", + "standard": "^12.0.1", + "standard-version": "^4.4.0", + "tacks": "^1.2.7", + "tap": "^12.7.0", + "tar-stream": "^1.6.2", + "weallbehave": "^1.2.0", + "weallcontribute": "^1.0.7" + }, + "files": [ + "*.js", + "lib" + ], + "homepage": "https://github.com/npm/pacote#readme", + "keywords": [ + "packages", + "npm", + "git" + ], + "license": "MIT", + "main": "index.js", + "name": "pacote", + "publishConfig": { + "tag": "v9-legacy" + }, + "repository": { + "type": "git", + "url": "git+https://github.com/npm/pacote.git" + }, + "scripts": { + "postrelease": "npm publish && git push --follow-tags", + "prerelease": "npm t", + "pretest": "standard", + "release": "standard-version -s", + "test": "nyc --all -- tap -J test/*.js", + "test-docker": "docker run -it --rm --name pacotest -v \"$PWD\":/tmp -w /tmp node:latest npm test", + "update-coc": "weallbehave -o . && git add CODE_OF_CONDUCT.md && git commit -m 'docs(coc): updated CODE_OF_CONDUCT.md'", + "update-contrib": "weallcontribute -o . && git add CONTRIBUTING.md && git commit -m 'docs(contributing): updated CONTRIBUTING.md'" + }, + "version": "9.5.12" +} diff --git a/node_modules/pacote/packument.js b/node_modules/libcipm/node_modules/pacote/packument.js index 0606b266f..0606b266f 100644 --- a/node_modules/pacote/packument.js +++ b/node_modules/libcipm/node_modules/pacote/packument.js diff --git a/node_modules/pacote/prefetch.js b/node_modules/libcipm/node_modules/pacote/prefetch.js index 9e6b5af12..9e6b5af12 100644 --- a/node_modules/pacote/prefetch.js +++ b/node_modules/libcipm/node_modules/pacote/prefetch.js diff --git a/node_modules/pacote/tarball.js b/node_modules/libcipm/node_modules/pacote/tarball.js index e0ad52ab3..e0ad52ab3 100644 --- a/node_modules/pacote/tarball.js +++ b/node_modules/libcipm/node_modules/pacote/tarball.js diff --git a/node_modules/pacote/node_modules/ssri/CHANGELOG.md b/node_modules/libcipm/node_modules/ssri/CHANGELOG.md index d4c589790..d4c589790 100644 --- a/node_modules/pacote/node_modules/ssri/CHANGELOG.md +++ b/node_modules/libcipm/node_modules/ssri/CHANGELOG.md diff --git a/node_modules/pacote/node_modules/ssri/LICENSE.md b/node_modules/libcipm/node_modules/ssri/LICENSE.md index 8d28acf86..8d28acf86 100644 --- a/node_modules/pacote/node_modules/ssri/LICENSE.md +++ b/node_modules/libcipm/node_modules/ssri/LICENSE.md diff --git a/node_modules/pacote/node_modules/ssri/README.md b/node_modules/libcipm/node_modules/ssri/README.md index c250961bd..c250961bd 100644 --- a/node_modules/pacote/node_modules/ssri/README.md +++ b/node_modules/libcipm/node_modules/ssri/README.md diff --git a/node_modules/pacote/node_modules/ssri/index.js b/node_modules/libcipm/node_modules/ssri/index.js index e102892b0..e102892b0 100644 --- a/node_modules/pacote/node_modules/ssri/index.js +++ b/node_modules/libcipm/node_modules/ssri/index.js diff --git a/node_modules/libcipm/node_modules/ssri/package.json b/node_modules/libcipm/node_modules/ssri/package.json new file mode 100644 index 000000000..07bf71768 --- /dev/null +++ b/node_modules/libcipm/node_modules/ssri/package.json @@ -0,0 +1,90 @@ +{ + "_from": "ssri@^6.0.1", + "_id": "ssri@6.0.1", + "_inBundle": false, + "_integrity": "sha512-3Wge10hNcT1Kur4PDFwEieXSCMCJs/7WvSACcrMYrNp+b8kDL1/0wJch5Ni2WrtwEa2IO8OsVfeKIciKCDx/QA==", + "_location": "/libcipm/ssri", + "_phantomChildren": {}, + "_requested": { + "type": "range", + "registry": true, + "raw": "ssri@^6.0.1", + "name": "ssri", + "escapedName": "ssri", + "rawSpec": "^6.0.1", + "saveSpec": null, + "fetchSpec": "^6.0.1" + }, + "_requiredBy": [ + "/libcipm/cacache", + "/libcipm/pacote" + ], + "_resolved": "https://registry.npmjs.org/ssri/-/ssri-6.0.1.tgz", + "_shasum": "2a3c41b28dd45b62b63676ecb74001265ae9edd8", + "_spec": "ssri@^6.0.1", + "_where": "/Users/claudiahdz/npm/cli/node_modules/libcipm/node_modules/pacote", + "author": { + "name": "Kat Marchán", + "email": "kzm@sykosomatic.org" + }, + "bugs": { + "url": "https://github.com/zkat/ssri/issues" + }, + "bundleDependencies": false, + "config": { + "nyc": { + "exclude": [ + "node_modules/**", + "test/**" + ] + } + }, + "dependencies": { + "figgy-pudding": "^3.5.1" + }, + "deprecated": false, + "description": "Standard Subresource Integrity library -- parses, serializes, generates, and verifies integrity metadata according to the SRI spec.", + "devDependencies": { + "nyc": "^11.4.1", + "standard": "^10.0.3", + "standard-version": "^4.3.0", + "tap": "^11.1.0", + "weallbehave": "^1.2.0", + "weallcontribute": "^1.0.8" + }, + "files": [ + "*.js" + ], + "homepage": "https://github.com/zkat/ssri#readme", + "keywords": [ + "w3c", + "web", + "security", + "integrity", + "checksum", + "hashing", + "subresource integrity", + "sri", + "sri hash", + "sri string", + "sri generator", + "html" + ], + "license": "ISC", + "main": "index.js", + "name": "ssri", + "repository": { + "type": "git", + "url": "git+https://github.com/zkat/ssri.git" + }, + "scripts": { + "postrelease": "npm publish && git push --follow-tags", + "prerelease": "npm t", + "pretest": "standard", + "release": "standard-version -s", + "test": "tap -J --coverage test/*.js", + "update-coc": "weallbehave -o . && git add CODE_OF_CONDUCT.md && git commit -m 'docs(coc): updated CODE_OF_CONDUCT.md'", + "update-contrib": "weallcontribute -o . && git add CONTRIBUTING.md && git commit -m 'docs(contributing): updated CONTRIBUTING.md'" + }, + "version": "6.0.1" +} diff --git a/node_modules/pacote/node_modules/tar/LICENSE b/node_modules/libcipm/node_modules/tar/LICENSE index 19129e315..19129e315 100644 --- a/node_modules/pacote/node_modules/tar/LICENSE +++ b/node_modules/libcipm/node_modules/tar/LICENSE diff --git a/node_modules/pacote/node_modules/tar/README.md b/node_modules/libcipm/node_modules/tar/README.md index 034e4865c..034e4865c 100644 --- a/node_modules/pacote/node_modules/tar/README.md +++ b/node_modules/libcipm/node_modules/tar/README.md diff --git a/node_modules/pacote/node_modules/tar/index.js b/node_modules/libcipm/node_modules/tar/index.js index c9ae06e79..c9ae06e79 100644 --- a/node_modules/pacote/node_modules/tar/index.js +++ b/node_modules/libcipm/node_modules/tar/index.js diff --git a/node_modules/pacote/node_modules/tar/lib/buffer.js b/node_modules/libcipm/node_modules/tar/lib/buffer.js index 7876d5b3e..7876d5b3e 100644 --- a/node_modules/pacote/node_modules/tar/lib/buffer.js +++ b/node_modules/libcipm/node_modules/tar/lib/buffer.js diff --git a/node_modules/pacote/node_modules/tar/lib/create.js b/node_modules/libcipm/node_modules/tar/lib/create.js index a37aa52e6..a37aa52e6 100644 --- a/node_modules/pacote/node_modules/tar/lib/create.js +++ b/node_modules/libcipm/node_modules/tar/lib/create.js diff --git a/node_modules/pacote/node_modules/tar/lib/extract.js b/node_modules/libcipm/node_modules/tar/lib/extract.js index cbb458a0a..cbb458a0a 100644 --- a/node_modules/pacote/node_modules/tar/lib/extract.js +++ b/node_modules/libcipm/node_modules/tar/lib/extract.js diff --git a/node_modules/pacote/node_modules/tar/lib/header.js b/node_modules/libcipm/node_modules/tar/lib/header.js index d29c3b990..d29c3b990 100644 --- a/node_modules/pacote/node_modules/tar/lib/header.js +++ b/node_modules/libcipm/node_modules/tar/lib/header.js diff --git a/node_modules/pacote/node_modules/tar/lib/high-level-opt.js b/node_modules/libcipm/node_modules/tar/lib/high-level-opt.js index 7333db915..7333db915 100644 --- a/node_modules/pacote/node_modules/tar/lib/high-level-opt.js +++ b/node_modules/libcipm/node_modules/tar/lib/high-level-opt.js diff --git a/node_modules/pacote/node_modules/tar/lib/large-numbers.js b/node_modules/libcipm/node_modules/tar/lib/large-numbers.js index 3e5c99255..3e5c99255 100644 --- a/node_modules/pacote/node_modules/tar/lib/large-numbers.js +++ b/node_modules/libcipm/node_modules/tar/lib/large-numbers.js diff --git a/node_modules/pacote/node_modules/tar/lib/list.js b/node_modules/libcipm/node_modules/tar/lib/list.js index 250ebe001..250ebe001 100644 --- a/node_modules/pacote/node_modules/tar/lib/list.js +++ b/node_modules/libcipm/node_modules/tar/lib/list.js diff --git a/node_modules/pacote/node_modules/tar/lib/mkdir.js b/node_modules/libcipm/node_modules/tar/lib/mkdir.js index c6a154c24..c6a154c24 100644 --- a/node_modules/pacote/node_modules/tar/lib/mkdir.js +++ b/node_modules/libcipm/node_modules/tar/lib/mkdir.js diff --git a/node_modules/pacote/node_modules/tar/lib/mode-fix.js b/node_modules/libcipm/node_modules/tar/lib/mode-fix.js index 3363a3b15..3363a3b15 100644 --- a/node_modules/pacote/node_modules/tar/lib/mode-fix.js +++ b/node_modules/libcipm/node_modules/tar/lib/mode-fix.js diff --git a/node_modules/pacote/node_modules/tar/lib/pack.js b/node_modules/libcipm/node_modules/tar/lib/pack.js index 857cea910..857cea910 100644 --- a/node_modules/pacote/node_modules/tar/lib/pack.js +++ b/node_modules/libcipm/node_modules/tar/lib/pack.js diff --git a/node_modules/pacote/node_modules/tar/lib/parse.js b/node_modules/libcipm/node_modules/tar/lib/parse.js index 43d4383dd..43d4383dd 100644 --- a/node_modules/pacote/node_modules/tar/lib/parse.js +++ b/node_modules/libcipm/node_modules/tar/lib/parse.js diff --git a/node_modules/pacote/node_modules/tar/lib/pax.js b/node_modules/libcipm/node_modules/tar/lib/pax.js index 9d7e4aba5..9d7e4aba5 100644 --- a/node_modules/pacote/node_modules/tar/lib/pax.js +++ b/node_modules/libcipm/node_modules/tar/lib/pax.js diff --git a/node_modules/pacote/node_modules/tar/lib/read-entry.js b/node_modules/libcipm/node_modules/tar/lib/read-entry.js index 8acee94ba..8acee94ba 100644 --- a/node_modules/pacote/node_modules/tar/lib/read-entry.js +++ b/node_modules/libcipm/node_modules/tar/lib/read-entry.js diff --git a/node_modules/pacote/node_modules/tar/lib/replace.js b/node_modules/libcipm/node_modules/tar/lib/replace.js index 571cee94a..571cee94a 100644 --- a/node_modules/pacote/node_modules/tar/lib/replace.js +++ b/node_modules/libcipm/node_modules/tar/lib/replace.js diff --git a/node_modules/pacote/node_modules/tar/lib/types.js b/node_modules/libcipm/node_modules/tar/lib/types.js index df425652b..df425652b 100644 --- a/node_modules/pacote/node_modules/tar/lib/types.js +++ b/node_modules/libcipm/node_modules/tar/lib/types.js diff --git a/node_modules/pacote/node_modules/tar/lib/unpack.js b/node_modules/libcipm/node_modules/tar/lib/unpack.js index fc765096e..fc765096e 100644 --- a/node_modules/pacote/node_modules/tar/lib/unpack.js +++ b/node_modules/libcipm/node_modules/tar/lib/unpack.js diff --git a/node_modules/pacote/node_modules/tar/lib/update.js b/node_modules/libcipm/node_modules/tar/lib/update.js index 16c3e93ed..16c3e93ed 100644 --- a/node_modules/pacote/node_modules/tar/lib/update.js +++ b/node_modules/libcipm/node_modules/tar/lib/update.js diff --git a/node_modules/pacote/node_modules/tar/lib/warn-mixin.js b/node_modules/libcipm/node_modules/tar/lib/warn-mixin.js index 94a4b9b99..94a4b9b99 100644 --- a/node_modules/pacote/node_modules/tar/lib/warn-mixin.js +++ b/node_modules/libcipm/node_modules/tar/lib/warn-mixin.js diff --git a/node_modules/pacote/node_modules/tar/lib/winchars.js b/node_modules/libcipm/node_modules/tar/lib/winchars.js index cf6ea0606..cf6ea0606 100644 --- a/node_modules/pacote/node_modules/tar/lib/winchars.js +++ b/node_modules/libcipm/node_modules/tar/lib/winchars.js diff --git a/node_modules/pacote/node_modules/tar/lib/write-entry.js b/node_modules/libcipm/node_modules/tar/lib/write-entry.js index 0c019006f..0c019006f 100644 --- a/node_modules/pacote/node_modules/tar/lib/write-entry.js +++ b/node_modules/libcipm/node_modules/tar/lib/write-entry.js diff --git a/node_modules/libcipm/node_modules/tar/package.json b/node_modules/libcipm/node_modules/tar/package.json new file mode 100644 index 000000000..7b73405f9 --- /dev/null +++ b/node_modules/libcipm/node_modules/tar/package.json @@ -0,0 +1,82 @@ +{ + "_from": "tar@^4.4.10", + "_id": "tar@4.4.13", + "_inBundle": false, + "_integrity": "sha512-w2VwSrBoHa5BsSyH+KxEqeQBAllHhccyMFVHtGtdMpF4W7IRWfZjFiQceJPChOeTsSDVUpER2T8FA93pr0L+QA==", + "_location": "/libcipm/tar", + "_phantomChildren": {}, + "_requested": { + "type": "range", + "registry": true, + "raw": "tar@^4.4.10", + "name": "tar", + "escapedName": "tar", + "rawSpec": "^4.4.10", + "saveSpec": null, + "fetchSpec": "^4.4.10" + }, + "_requiredBy": [ + "/libcipm/pacote" + ], + "_resolved": "https://registry.npmjs.org/tar/-/tar-4.4.13.tgz", + "_shasum": "43b364bc52888d555298637b10d60790254ab525", + "_spec": "tar@^4.4.10", + "_where": "/Users/claudiahdz/npm/cli/node_modules/libcipm/node_modules/pacote", + "author": { + "name": "Isaac Z. Schlueter", + "email": "i@izs.me", + "url": "http://blog.izs.me/" + }, + "bugs": { + "url": "https://github.com/npm/node-tar/issues" + }, + "bundleDependencies": false, + "dependencies": { + "chownr": "^1.1.1", + "fs-minipass": "^1.2.5", + "minipass": "^2.8.6", + "minizlib": "^1.2.1", + "mkdirp": "^0.5.0", + "safe-buffer": "^5.1.2", + "yallist": "^3.0.3" + }, + "deprecated": false, + "description": "tar for node", + "devDependencies": { + "chmodr": "^1.2.0", + "end-of-stream": "^1.4.1", + "events-to-array": "^1.1.2", + "mutate-fs": "^2.1.1", + "rimraf": "^2.6.3", + "tap": "^14.6.5", + "tar-fs": "^1.16.3", + "tar-stream": "^1.6.2" + }, + "engines": { + "node": ">=4.5" + }, + "files": [ + "index.js", + "lib/" + ], + "homepage": "https://github.com/npm/node-tar#readme", + "license": "ISC", + "name": "tar", + "repository": { + "type": "git", + "url": "git+https://github.com/npm/node-tar.git" + }, + "scripts": { + "bench": "for i in benchmarks/*/*.js; do echo $i; for j in {1..5}; do node $i || break; done; done", + "genparse": "node scripts/generate-parse-fixtures.js", + "postpublish": "git push origin --follow-tags", + "postversion": "npm publish", + "preversion": "npm test", + "test": "tap" + }, + "tap": { + "coverage-map": "map.js", + "check-coverage": true + }, + "version": "4.4.13" +} diff --git a/node_modules/pacote/node_modules/which/CHANGELOG.md b/node_modules/libcipm/node_modules/which/CHANGELOG.md index 3d83d2694..3d83d2694 100644 --- a/node_modules/pacote/node_modules/which/CHANGELOG.md +++ b/node_modules/libcipm/node_modules/which/CHANGELOG.md diff --git a/node_modules/pacote/node_modules/which/LICENSE b/node_modules/libcipm/node_modules/which/LICENSE index 19129e315..19129e315 100644 --- a/node_modules/pacote/node_modules/which/LICENSE +++ b/node_modules/libcipm/node_modules/which/LICENSE diff --git a/node_modules/pacote/node_modules/which/README.md b/node_modules/libcipm/node_modules/which/README.md index 8c0b0cbf7..8c0b0cbf7 100644 --- a/node_modules/pacote/node_modules/which/README.md +++ b/node_modules/libcipm/node_modules/which/README.md diff --git a/node_modules/pacote/node_modules/which/bin/which b/node_modules/libcipm/node_modules/which/bin/which index 7cee3729e..7cee3729e 100755 --- a/node_modules/pacote/node_modules/which/bin/which +++ b/node_modules/libcipm/node_modules/which/bin/which diff --git a/node_modules/libcipm/node_modules/which/package.json b/node_modules/libcipm/node_modules/which/package.json new file mode 100644 index 000000000..46e540a3e --- /dev/null +++ b/node_modules/libcipm/node_modules/which/package.json @@ -0,0 +1,65 @@ +{ + "_from": "which@^1.3.1", + "_id": "which@1.3.1", + "_inBundle": false, + "_integrity": "sha512-HxJdYWq1MTIQbJ3nw0cqssHoTNU267KlrDuGZ1WYlxDStUtKUhOaJmh112/TZmHxxUfuJqPXSOm7tDyas0OSIQ==", + "_location": "/libcipm/which", + "_phantomChildren": {}, + "_requested": { + "type": "range", + "registry": true, + "raw": "which@^1.3.1", + "name": "which", + "escapedName": "which", + "rawSpec": "^1.3.1", + "saveSpec": null, + "fetchSpec": "^1.3.1" + }, + "_requiredBy": [ + "/libcipm/pacote" + ], + "_resolved": "https://registry.npmjs.org/which/-/which-1.3.1.tgz", + "_shasum": "a45043d54f5805316da8d62f9f50918d3da70b0a", + "_spec": "which@^1.3.1", + "_where": "/Users/claudiahdz/npm/cli/node_modules/libcipm/node_modules/pacote", + "author": { + "name": "Isaac Z. Schlueter", + "email": "i@izs.me", + "url": "http://blog.izs.me" + }, + "bin": { + "which": "bin/which" + }, + "bugs": { + "url": "https://github.com/isaacs/node-which/issues" + }, + "bundleDependencies": false, + "dependencies": { + "isexe": "^2.0.0" + }, + "deprecated": false, + "description": "Like which(1) unix command. Find the first instance of an executable in the PATH.", + "devDependencies": { + "mkdirp": "^0.5.0", + "rimraf": "^2.6.2", + "tap": "^12.0.1" + }, + "files": [ + "which.js", + "bin/which" + ], + "homepage": "https://github.com/isaacs/node-which#readme", + "license": "ISC", + "main": "which.js", + "name": "which", + "repository": { + "type": "git", + "url": "git://github.com/isaacs/node-which.git" + }, + "scripts": { + "changelog": "bash gen-changelog.sh", + "postversion": "npm run changelog && git add CHANGELOG.md && git commit -m 'update changelog - '${npm_package_version}", + "test": "tap test/*.js --cov" + }, + "version": "1.3.1" +} diff --git a/node_modules/pacote/node_modules/which/which.js b/node_modules/libcipm/node_modules/which/which.js index 4347f91a1..4347f91a1 100644 --- a/node_modules/pacote/node_modules/which/which.js +++ b/node_modules/libcipm/node_modules/which/which.js diff --git a/node_modules/libnpm/node_modules/.bin/which b/node_modules/libnpm/node_modules/.bin/which new file mode 120000 index 000000000..f62471c85 --- /dev/null +++ b/node_modules/libnpm/node_modules/.bin/which @@ -0,0 +1 @@ +../which/bin/which
\ No newline at end of file diff --git a/node_modules/libnpm/node_modules/cacache/CHANGELOG.md b/node_modules/libnpm/node_modules/cacache/CHANGELOG.md new file mode 100644 index 000000000..f67fbc8b4 --- /dev/null +++ b/node_modules/libnpm/node_modules/cacache/CHANGELOG.md @@ -0,0 +1,657 @@ +# Changelog + +All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines. + +### [12.0.3](https://github.com/npm/cacache/compare/v12.0.2...v12.0.3) (2019-08-19) + + +### Bug Fixes + +* do not chown if not running as root ([2d80af9](https://github.com/npm/cacache/commit/2d80af9)) + + + +### [12.0.2](https://github.com/npm/cacache/compare/v12.0.1...v12.0.2) (2019-07-19) + + + +### [12.0.1](https://github.com/npm/cacache/compare/v12.0.0...v12.0.1) (2019-07-19) + +* **deps** Abstracted out `lib/util/infer-owner.js` to + [@npmcli/infer-owner](https://www.npmjs.com/package/@npmcli/infer-owner) + so that it could be more easily used in other parts of the npm CLI. + + +## [12.0.0](https://github.com/npm/cacache/compare/v11.3.3...v12.0.0) (2019-07-15) + + +### Features + +* infer uid/gid instead of accepting as options ([ac84d14](https://github.com/npm/cacache/commit/ac84d14)) +* **i18n:** add another error message ([676cb32](https://github.com/npm/cacache/commit/676cb32)) + + +### BREAKING CHANGES + +* the uid gid options are no longer respected or +necessary. As of this change, cacache will always match the cache +contents to the ownership of the cache directory (or its parent +directory), regardless of what the caller passes in. + +Reasoning: + +The number one reason to use a uid or gid option was to keep root-owned +files from causing problems in the cache. In npm's case, this meant +that CLI's ./lib/command.js had to work out the appropriate uid and gid, +then pass it to the libnpmcommand module, which had to in turn pass the +uid and gid to npm-registry-fetch, which then passed it to +make-fetch-happen, which passed it to cacache. (For package fetching, +pacote would be in that mix as well.) + +Added to that, `cacache.rm()` will actually _write_ a file into the +cache index, but has no way to accept an option so that its call to +entry-index.js will write the index with the appropriate uid/gid. +Little ownership bugs were all over the place, and tricky to trace +through. (Why should make-fetch-happen even care about accepting or +passing uids and gids? It's an http library.) + +This change allows us to keep the cache from having mixed ownership in +any situation. + +Of course, this _does_ mean that if you have a root-owned but +user-writable folder (for example, `/tmp`), then the cache will try to +chown everything to root. + +The solution is for the user to create a folder, make it user-owned, and +use that, rather than relying on cacache to create the root cache folder. + +If we decide to restore the uid/gid opts, and use ownership inferrence +only when uid/gid are unset, then take care to also make rm take an +option object, and pass it through to entry-index.js. + + + +### [11.3.3](https://github.com/npm/cacache/compare/v11.3.2...v11.3.3) (2019-06-17) + + +### Bug Fixes + +* **audit:** npm audit fix ([200a6d5](https://github.com/npm/cacache/commit/200a6d5)) +* **config:** Add ssri config 'error' option ([#146](https://github.com/npm/cacache/issues/146)) ([47de8f5](https://github.com/npm/cacache/commit/47de8f5)) +* **deps:** npm audit fix ([481a7dc](https://github.com/npm/cacache/commit/481a7dc)) +* **standard:** standard --fix ([7799149](https://github.com/npm/cacache/commit/7799149)) +* **write:** avoid another cb never called situation ([5156561](https://github.com/npm/cacache/commit/5156561)) + + + +<a name="11.3.2"></a> +## [11.3.2](https://github.com/npm/cacache/compare/v11.3.1...v11.3.2) (2018-12-21) + + +### Bug Fixes + +* **get:** make sure to handle errors in the .then ([b10bcd0](https://github.com/npm/cacache/commit/b10bcd0)) + + + +<a name="11.3.1"></a> +## [11.3.1](https://github.com/npm/cacache/compare/v11.3.0...v11.3.1) (2018-11-05) + + +### Bug Fixes + +* **get:** export hasContent.sync properly ([d76c920](https://github.com/npm/cacache/commit/d76c920)) + + + +<a name="11.3.0"></a> +# [11.3.0](https://github.com/npm/cacache/compare/v11.2.0...v11.3.0) (2018-11-05) + + +### Features + +* **get:** add sync API for reading ([db1e094](https://github.com/npm/cacache/commit/db1e094)) + + + +<a name="11.2.0"></a> +# [11.2.0](https://github.com/npm/cacache/compare/v11.1.0...v11.2.0) (2018-08-08) + + +### Features + +* **read:** add sync support to other internal read.js fns ([fe638b6](https://github.com/npm/cacache/commit/fe638b6)) + + + +<a name="11.1.0"></a> +# [11.1.0](https://github.com/npm/cacache/compare/v11.0.3...v11.1.0) (2018-08-01) + + +### Features + +* **read:** add sync support for low-level content read ([b43af83](https://github.com/npm/cacache/commit/b43af83)) + + + +<a name="11.0.3"></a> +## [11.0.3](https://github.com/npm/cacache/compare/v11.0.2...v11.0.3) (2018-08-01) + + +### Bug Fixes + +* **config:** add ssri config options ([#136](https://github.com/npm/cacache/issues/136)) ([10d5d9a](https://github.com/npm/cacache/commit/10d5d9a)) +* **perf:** refactor content.read to avoid lstats ([c5ac10e](https://github.com/npm/cacache/commit/c5ac10e)) +* **test:** oops when removing safe-buffer ([1950490](https://github.com/npm/cacache/commit/1950490)) + + + +<a name="11.0.2"></a> +## [11.0.2](https://github.com/npm/cacache/compare/v11.0.1...v11.0.2) (2018-05-07) + + +### Bug Fixes + +* **verify:** size param no longer lost in a verify ([#131](https://github.com/npm/cacache/issues/131)) ([c614a19](https://github.com/npm/cacache/commit/c614a19)), closes [#130](https://github.com/npm/cacache/issues/130) + + + +<a name="11.0.1"></a> +## [11.0.1](https://github.com/npm/cacache/compare/v11.0.0...v11.0.1) (2018-04-10) + + + +<a name="11.0.0"></a> +# [11.0.0](https://github.com/npm/cacache/compare/v10.0.4...v11.0.0) (2018-04-09) + + +### Features + +* **opts:** use figgy-pudding for opts ([#128](https://github.com/npm/cacache/issues/128)) ([33d4eed](https://github.com/npm/cacache/commit/33d4eed)) + + +### meta + +* drop support for node@4 ([529f347](https://github.com/npm/cacache/commit/529f347)) + + +### BREAKING CHANGES + +* node@4 is no longer supported + + + +<a name="10.0.4"></a> +## [10.0.4](https://github.com/npm/cacache/compare/v10.0.3...v10.0.4) (2018-02-16) + + + +<a name="10.0.3"></a> +## [10.0.3](https://github.com/npm/cacache/compare/v10.0.2...v10.0.3) (2018-02-16) + + +### Bug Fixes + +* **content:** rethrow aggregate errors as ENOENT ([fa918f5](https://github.com/npm/cacache/commit/fa918f5)) + + + +<a name="10.0.2"></a> +## [10.0.2](https://github.com/npm/cacache/compare/v10.0.1...v10.0.2) (2018-01-07) + + +### Bug Fixes + +* **ls:** deleted entries could cause a premature stream EOF ([347dc36](https://github.com/npm/cacache/commit/347dc36)) + + + +<a name="10.0.1"></a> +## [10.0.1](https://github.com/npm/cacache/compare/v10.0.0...v10.0.1) (2017-11-15) + + +### Bug Fixes + +* **move-file:** actually use the fallback to `move-concurrently` (#110) ([073fbe1](https://github.com/npm/cacache/commit/073fbe1)) + + + +<a name="10.0.0"></a> +# [10.0.0](https://github.com/npm/cacache/compare/v9.3.0...v10.0.0) (2017-10-23) + + +### Features + +* **license:** relicense to ISC (#111) ([fdbb4e5](https://github.com/npm/cacache/commit/fdbb4e5)) + + +### Performance Improvements + +* more copyFile benchmarks ([63787bb](https://github.com/npm/cacache/commit/63787bb)) + + +### BREAKING CHANGES + +* **license:** the license has been changed from CC0-1.0 to ISC. + + + +<a name="9.3.0"></a> +# [9.3.0](https://github.com/npm/cacache/compare/v9.2.9...v9.3.0) (2017-10-07) + + +### Features + +* **copy:** added cacache.get.copy api for fast copies (#107) ([067b5f6](https://github.com/npm/cacache/commit/067b5f6)) + + + +<a name="9.2.9"></a> +## [9.2.9](https://github.com/npm/cacache/compare/v9.2.8...v9.2.9) (2017-06-17) + + + +<a name="9.2.8"></a> +## [9.2.8](https://github.com/npm/cacache/compare/v9.2.7...v9.2.8) (2017-06-05) + + +### Bug Fixes + +* **ssri:** bump ssri for bugfix ([c3232ea](https://github.com/npm/cacache/commit/c3232ea)) + + + +<a name="9.2.7"></a> +## [9.2.7](https://github.com/npm/cacache/compare/v9.2.6...v9.2.7) (2017-06-05) + + +### Bug Fixes + +* **content:** make verified content completely read-only (#96) ([4131196](https://github.com/npm/cacache/commit/4131196)) + + + +<a name="9.2.6"></a> +## [9.2.6](https://github.com/npm/cacache/compare/v9.2.5...v9.2.6) (2017-05-31) + + +### Bug Fixes + +* **node:** update ssri to prevent old node 4 crash ([5209ffe](https://github.com/npm/cacache/commit/5209ffe)) + + + +<a name="9.2.5"></a> +## [9.2.5](https://github.com/npm/cacache/compare/v9.2.4...v9.2.5) (2017-05-25) + + +### Bug Fixes + +* **deps:** fix lockfile issues and bump ssri ([84e1d7e](https://github.com/npm/cacache/commit/84e1d7e)) + + + +<a name="9.2.4"></a> +## [9.2.4](https://github.com/npm/cacache/compare/v9.2.3...v9.2.4) (2017-05-24) + + +### Bug Fixes + +* **deps:** bumping deps ([bbccb12](https://github.com/npm/cacache/commit/bbccb12)) + + + +<a name="9.2.3"></a> +## [9.2.3](https://github.com/npm/cacache/compare/v9.2.2...v9.2.3) (2017-05-24) + + +### Bug Fixes + +* **rm:** stop crashing if content is missing on rm ([ac90bc0](https://github.com/npm/cacache/commit/ac90bc0)) + + + +<a name="9.2.2"></a> +## [9.2.2](https://github.com/npm/cacache/compare/v9.2.1...v9.2.2) (2017-05-14) + + +### Bug Fixes + +* **i18n:** lets pretend this didn't happen ([519b4ee](https://github.com/npm/cacache/commit/519b4ee)) + + + +<a name="9.2.1"></a> +## [9.2.1](https://github.com/npm/cacache/compare/v9.2.0...v9.2.1) (2017-05-14) + + +### Bug Fixes + +* **docs:** fixing translation messup ([bb9e4f9](https://github.com/npm/cacache/commit/bb9e4f9)) + + + +<a name="9.2.0"></a> +# [9.2.0](https://github.com/npm/cacache/compare/v9.1.0...v9.2.0) (2017-05-14) + + +### Features + +* **i18n:** add Spanish translation for API ([531f9a4](https://github.com/npm/cacache/commit/531f9a4)) + + + +<a name="9.1.0"></a> +# [9.1.0](https://github.com/npm/cacache/compare/v9.0.0...v9.1.0) (2017-05-14) + + +### Features + +* **i18n:** Add Spanish translation and i18n setup (#91) ([323b90c](https://github.com/npm/cacache/commit/323b90c)) + + + +<a name="9.0.0"></a> +# [9.0.0](https://github.com/npm/cacache/compare/v8.0.0...v9.0.0) (2017-04-28) + + +### Bug Fixes + +* **memoization:** actually use the LRU ([0e55dc9](https://github.com/npm/cacache/commit/0e55dc9)) + + +### Features + +* **memoization:** memoizers can be injected through opts.memoize (#90) ([e5614c7](https://github.com/npm/cacache/commit/e5614c7)) + + +### BREAKING CHANGES + +* **memoization:** If you were passing an object to opts.memoize, it will now be used as an injected memoization object. If you were only passing booleans and other non-objects through that option, no changes are needed. + + + +<a name="8.0.0"></a> +# [8.0.0](https://github.com/npm/cacache/compare/v7.1.0...v8.0.0) (2017-04-22) + + +### Features + +* **read:** change hasContent to return {sri, size} (#88) ([bad6c49](https://github.com/npm/cacache/commit/bad6c49)), closes [#87](https://github.com/npm/cacache/issues/87) + + +### BREAKING CHANGES + +* **read:** hasContent now returns an object with `{sri, size}` instead of `sri`. Use `result.sri` anywhere that needed the old return value. + + + +<a name="7.1.0"></a> +# [7.1.0](https://github.com/npm/cacache/compare/v7.0.5...v7.1.0) (2017-04-20) + + +### Features + +* **size:** handle content size info (#49) ([91230af](https://github.com/npm/cacache/commit/91230af)) + + + +<a name="7.0.5"></a> +## [7.0.5](https://github.com/npm/cacache/compare/v7.0.4...v7.0.5) (2017-04-18) + + +### Bug Fixes + +* **integrity:** new ssri with fixed integrity stream ([6d13e8e](https://github.com/npm/cacache/commit/6d13e8e)) +* **write:** wrap stuff in promises to improve errors ([3624fc5](https://github.com/npm/cacache/commit/3624fc5)) + + + +<a name="7.0.4"></a> +## [7.0.4](https://github.com/npm/cacache/compare/v7.0.3...v7.0.4) (2017-04-15) + + +### Bug Fixes + +* **fix-owner:** throw away ENOENTs on chownr ([d49bbcd](https://github.com/npm/cacache/commit/d49bbcd)) + + + +<a name="7.0.3"></a> +## [7.0.3](https://github.com/npm/cacache/compare/v7.0.2...v7.0.3) (2017-04-05) + + +### Bug Fixes + +* **read:** fixing error message for integrity verification failures ([9d4f0a5](https://github.com/npm/cacache/commit/9d4f0a5)) + + + +<a name="7.0.2"></a> +## [7.0.2](https://github.com/npm/cacache/compare/v7.0.1...v7.0.2) (2017-04-03) + + +### Bug Fixes + +* **integrity:** use EINTEGRITY error code and update ssri ([8dc2e62](https://github.com/npm/cacache/commit/8dc2e62)) + + + +<a name="7.0.1"></a> +## [7.0.1](https://github.com/npm/cacache/compare/v7.0.0...v7.0.1) (2017-04-03) + + +### Bug Fixes + +* **docs:** fix header name conflict in readme ([afcd456](https://github.com/npm/cacache/commit/afcd456)) + + + +<a name="7.0.0"></a> +# [7.0.0](https://github.com/npm/cacache/compare/v6.3.0...v7.0.0) (2017-04-03) + + +### Bug Fixes + +* **test:** fix content.write tests when running in docker ([d2e9b6a](https://github.com/npm/cacache/commit/d2e9b6a)) + + +### Features + +* **integrity:** subresource integrity support (#78) ([b1e731f](https://github.com/npm/cacache/commit/b1e731f)) + + +### BREAKING CHANGES + +* **integrity:** The entire API has been overhauled to use SRI hashes instead of digest/hashAlgorithm pairs. SRI hashes follow the Subresource Integrity standard and support strings and objects compatible with [`ssri`](https://npm.im/ssri). + +* This change bumps the index version, which will invalidate all previous index entries. Content entries will remain intact, and existing caches will automatically reuse any content from before this breaking change. + +* `cacache.get.info()`, `cacache.ls()`, and `cacache.ls.stream()` will now return objects that looks like this: + +``` +{ + key: String, + integrity: '<algorithm>-<base64hash>', + path: ContentPath, + time: Date<ms>, + metadata: Any +} +``` + +* `opts.digest` and `opts.hashAlgorithm` are obsolete for any API calls that used them. + +* Anywhere `opts.digest` was accepted, `opts.integrity` is now an option. Any valid SRI hash is accepted here -- multiple hash entries will be resolved according to the standard: first, the "strongest" hash algorithm will be picked, and then each of the entries for that algorithm will be matched against the content. Content will be validated if *any* of the entries match (so, a single integrity string can be used for multiple "versions" of the same document/data). + +* `put.byDigest()`, `put.stream.byDigest`, `get.byDigest()` and `get.stream.byDigest()` now expect an SRI instead of a `digest` + `opts.hashAlgorithm` pairing. + +* `get.hasContent()` now expects an integrity hash instead of a digest. If content exists, it will return the specific single integrity hash that was found in the cache. + +* `verify()` has learned to handle integrity-based caches, and forgotten how to handle old-style cache indices due to the format change. + +* `cacache.rm.content()` now expects an integrity hash instead of a hex digest. + + + +<a name="6.3.0"></a> +# [6.3.0](https://github.com/npm/cacache/compare/v6.2.0...v6.3.0) (2017-04-01) + + +### Bug Fixes + +* **fixOwner:** ignore EEXIST race condition from mkdirp ([4670e9b](https://github.com/npm/cacache/commit/4670e9b)) +* **index:** ignore index removal races when inserting ([b9d2fa2](https://github.com/npm/cacache/commit/b9d2fa2)) +* **memo:** use lru-cache for better mem management (#75) ([d8ac5aa](https://github.com/npm/cacache/commit/d8ac5aa)) + + +### Features + +* **dependencies:** Switch to move-concurrently (#77) ([dc6482d](https://github.com/npm/cacache/commit/dc6482d)) + + + +<a name="6.2.0"></a> +# [6.2.0](https://github.com/npm/cacache/compare/v6.1.2...v6.2.0) (2017-03-15) + + +### Bug Fixes + +* **index:** additional bucket entry verification with checksum (#72) ([f8e0f25](https://github.com/npm/cacache/commit/f8e0f25)) +* **verify:** return fixOwner.chownr promise ([6818521](https://github.com/npm/cacache/commit/6818521)) + + +### Features + +* **tmp:** safe tmp dir creation/management util (#73) ([c42da71](https://github.com/npm/cacache/commit/c42da71)) + + + +<a name="6.1.2"></a> +## [6.1.2](https://github.com/npm/cacache/compare/v6.1.1...v6.1.2) (2017-03-13) + + +### Bug Fixes + +* **index:** set default hashAlgorithm ([d6eb2f0](https://github.com/npm/cacache/commit/d6eb2f0)) + + + +<a name="6.1.1"></a> +## [6.1.1](https://github.com/npm/cacache/compare/v6.1.0...v6.1.1) (2017-03-13) + + +### Bug Fixes + +* **coverage:** bumping coverage for verify (#71) ([0b7faf6](https://github.com/npm/cacache/commit/0b7faf6)) +* **deps:** glob should have been a regular dep :< ([0640bc4](https://github.com/npm/cacache/commit/0640bc4)) + + + +<a name="6.1.0"></a> +# [6.1.0](https://github.com/npm/cacache/compare/v6.0.2...v6.1.0) (2017-03-12) + + +### Bug Fixes + +* **coverage:** more coverage for content reads (#70) ([ef4f70a](https://github.com/npm/cacache/commit/ef4f70a)) +* **tests:** use safe-buffer because omfg (#69) ([6ab8132](https://github.com/npm/cacache/commit/6ab8132)) + + +### Features + +* **rm:** limited rm.all and fixed bugs (#66) ([d5d25ba](https://github.com/npm/cacache/commit/d5d25ba)), closes [#66](https://github.com/npm/cacache/issues/66) +* **verify:** tested, working cache verifier/gc (#68) ([45ad77a](https://github.com/npm/cacache/commit/45ad77a)) + + + +<a name="6.0.2"></a> +## [6.0.2](https://github.com/npm/cacache/compare/v6.0.1...v6.0.2) (2017-03-11) + + +### Bug Fixes + +* **index:** segment cache items with another subbucket (#64) ([c3644e5](https://github.com/npm/cacache/commit/c3644e5)) + + + +<a name="6.0.1"></a> +## [6.0.1](https://github.com/npm/cacache/compare/v6.0.0...v6.0.1) (2017-03-05) + + +### Bug Fixes + +* **docs:** Missed spots in README ([8ffb7fa](https://github.com/npm/cacache/commit/8ffb7fa)) + + + +<a name="6.0.0"></a> +# [6.0.0](https://github.com/npm/cacache/compare/v5.0.3...v6.0.0) (2017-03-05) + + +### Bug Fixes + +* **api:** keep memo cache mostly-internal ([2f72d0a](https://github.com/npm/cacache/commit/2f72d0a)) +* **content:** use the rest of the string, not the whole string ([fa8f3c3](https://github.com/npm/cacache/commit/fa8f3c3)) +* **deps:** removed `format-number@2.0.2` ([1187791](https://github.com/npm/cacache/commit/1187791)) +* **deps:** removed inflight@1.0.6 ([0d1819c](https://github.com/npm/cacache/commit/0d1819c)) +* **deps:** rimraf@2.6.1 ([9efab6b](https://github.com/npm/cacache/commit/9efab6b)) +* **deps:** standard@9.0.0 ([4202cba](https://github.com/npm/cacache/commit/4202cba)) +* **deps:** tap@10.3.0 ([aa03088](https://github.com/npm/cacache/commit/aa03088)) +* **deps:** weallcontribute@1.0.8 ([ad4f4dc](https://github.com/npm/cacache/commit/ad4f4dc)) +* **docs:** add security note to hashKey ([03f81ba](https://github.com/npm/cacache/commit/03f81ba)) +* **hashes:** change default hashAlgorithm to sha512 ([ea00ba6](https://github.com/npm/cacache/commit/ea00ba6)) +* **hashes:** missed a spot for hashAlgorithm defaults ([45997d8](https://github.com/npm/cacache/commit/45997d8)) +* **index:** add length header before JSON for verification ([fb8cb4d](https://github.com/npm/cacache/commit/fb8cb4d)) +* **index:** change index filenames to sha1s of keys ([bbc5fca](https://github.com/npm/cacache/commit/bbc5fca)) +* **index:** who cares about race conditions anyway ([b1d3888](https://github.com/npm/cacache/commit/b1d3888)) +* **perf:** bulk-read get+read for massive speed ([d26cdf9](https://github.com/npm/cacache/commit/d26cdf9)) +* **perf:** use bulk file reads for index reads ([79a8891](https://github.com/npm/cacache/commit/79a8891)) +* **put-stream:** remove tmp file on stream insert error ([65f6632](https://github.com/npm/cacache/commit/65f6632)) +* **put-stream:** robustified and predictibilized ([daf9e08](https://github.com/npm/cacache/commit/daf9e08)) +* **put-stream:** use new promise API for moves ([1d36013](https://github.com/npm/cacache/commit/1d36013)) +* **readme:** updated to reflect new default hashAlgo ([c60a2fa](https://github.com/npm/cacache/commit/c60a2fa)) +* **verify:** tiny typo fix ([db22d05](https://github.com/npm/cacache/commit/db22d05)) + + +### Features + +* **api:** converted external api ([7bf032f](https://github.com/npm/cacache/commit/7bf032f)) +* **cacache:** exported clearMemoized() utility ([8d2c5b6](https://github.com/npm/cacache/commit/8d2c5b6)) +* **cache:** add versioning to content and index ([31bc549](https://github.com/npm/cacache/commit/31bc549)) +* **content:** collate content files into subdirs ([c094d9f](https://github.com/npm/cacache/commit/c094d9f)) +* **deps:** `@npmcorp/move@1.0.0` ([bdd00bf](https://github.com/npm/cacache/commit/bdd00bf)) +* **deps:** `bluebird@3.4.7` ([3a17aff](https://github.com/npm/cacache/commit/3a17aff)) +* **deps:** `promise-inflight@1.0.1` ([a004fe6](https://github.com/npm/cacache/commit/a004fe6)) +* **get:** added memoization support for get ([c77d794](https://github.com/npm/cacache/commit/c77d794)) +* **get:** export hasContent ([2956ec3](https://github.com/npm/cacache/commit/2956ec3)) +* **index:** add hashAlgorithm and format insert ret val ([b639746](https://github.com/npm/cacache/commit/b639746)) +* **index:** collate index files into subdirs ([e8402a5](https://github.com/npm/cacache/commit/e8402a5)) +* **index:** promisify entry index ([cda3335](https://github.com/npm/cacache/commit/cda3335)) +* **memo:** added memoization lib ([da07b92](https://github.com/npm/cacache/commit/da07b92)) +* **memo:** export memoization api ([954b1b3](https://github.com/npm/cacache/commit/954b1b3)) +* **move-file:** add move fallback for weird errors ([5cf4616](https://github.com/npm/cacache/commit/5cf4616)) +* **perf:** bulk content write api ([51b536e](https://github.com/npm/cacache/commit/51b536e)) +* **put:** added memoization support to put ([b613a70](https://github.com/npm/cacache/commit/b613a70)) +* **read:** switched to promises ([a869362](https://github.com/npm/cacache/commit/a869362)) +* **rm:** added memoization support to rm ([4205cf0](https://github.com/npm/cacache/commit/4205cf0)) +* **rm:** switched to promises ([a000d24](https://github.com/npm/cacache/commit/a000d24)) +* **util:** promise-inflight ownership fix requests ([9517cd7](https://github.com/npm/cacache/commit/9517cd7)) +* **util:** use promises for api ([ae204bb](https://github.com/npm/cacache/commit/ae204bb)) +* **verify:** converted to Promises ([f0b3974](https://github.com/npm/cacache/commit/f0b3974)) + + +### BREAKING CHANGES + +* cache: index/content directories are now versioned. Previous caches are no longer compatible and cannot be migrated. +* util: fix-owner now uses Promises instead of callbacks +* index: Previously-generated index entries are no longer compatible and the index must be regenerated. +* index: The index format has changed and previous caches are no longer compatible. Existing caches will need to be regenerated. +* hashes: Default hashAlgorithm changed from sha1 to sha512. If you +rely on the prior setting, pass `opts.hashAlgorithm` in explicitly. +* content: Previously-generated content directories are no longer compatible +and must be regenerated. +* verify: API is now promise-based +* read: Switches to a Promise-based API and removes callback stuff +* rm: Switches to a Promise-based API and removes callback stuff +* index: this changes the API to work off promises instead of callbacks +* api: this means we are going all in on promises now diff --git a/node_modules/libnpm/node_modules/cacache/LICENSE.md b/node_modules/libnpm/node_modules/cacache/LICENSE.md new file mode 100644 index 000000000..8d28acf86 --- /dev/null +++ b/node_modules/libnpm/node_modules/cacache/LICENSE.md @@ -0,0 +1,16 @@ +ISC License + +Copyright (c) npm, Inc. + +Permission to use, copy, modify, and/or distribute this software for +any purpose with or without fee is hereby granted, provided that the +above copyright notice and this permission notice appear in all copies. + +THE SOFTWARE IS PROVIDED "AS IS" AND THE COPYRIGHT HOLDER DISCLAIMS +ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE +COPYRIGHT HOLDER BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR +CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS +OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE +USE OR PERFORMANCE OF THIS SOFTWARE. diff --git a/node_modules/libnpm/node_modules/cacache/README.es.md b/node_modules/libnpm/node_modules/cacache/README.es.md new file mode 100644 index 000000000..55007e20d --- /dev/null +++ b/node_modules/libnpm/node_modules/cacache/README.es.md @@ -0,0 +1,628 @@ +# cacache [](https://npm.im/cacache) [](https://npm.im/cacache) [](https://travis-ci.org/zkat/cacache) [](https://ci.appveyor.com/project/zkat/cacache) [](https://coveralls.io/github/zkat/cacache?branch=latest) + +[`cacache`](https://github.com/zkat/cacache) es una librería de Node.js para +manejar caches locales en disco, con acceso tanto con claves únicas como +direcciones de contenido (hashes/hacheos). Es súper rápida, excelente con el +acceso concurrente, y jamás te dará datos incorrectos, aún si se corrompen o +manipulan directamente los ficheros del cache. + +El propósito original era reemplazar el caché local de +[npm](https://npm.im/npm), pero se puede usar por su propia cuenta. + +_Traducciones: [English](README.md)_ + +## Instalación + +`$ npm install --save cacache` + +## Índice + +* [Ejemplo](#ejemplo) +* [Características](#características) +* [Cómo Contribuir](#cómo-contribuir) +* [API](#api) + * [Usando el API en español](#localized-api) + * Leer + * [`ls`](#ls) + * [`ls.flujo`](#ls-stream) + * [`saca`](#get-data) + * [`saca.flujo`](#get-stream) + * [`saca.info`](#get-info) + * [`saca.tieneDatos`](#get-hasContent) + * Escribir + * [`mete`](#put-data) + * [`mete.flujo`](#put-stream) + * [opciones para `mete*`](#put-options) + * [`rm.todo`](#rm-all) + * [`rm.entrada`](#rm-entry) + * [`rm.datos`](#rm-content) + * Utilidades + * [`ponLenguaje`](#set-locale) + * [`limpiaMemoizado`](#clear-memoized) + * [`tmp.hazdir`](#tmp-mkdir) + * [`tmp.conTmp`](#with-tmp) + * Integridad + * [Subresource Integrity](#integrity) + * [`verifica`](#verify) + * [`verifica.ultimaVez`](#verify-last-run) + +### Ejemplo + +```javascript +const cacache = require('cacache/es') +const fs = require('fs') + +const tarbol = '/ruta/a/mi-tar.tgz' +const rutaCache = '/tmp/my-toy-cache' +const clave = 'mi-clave-única-1234' + +// ¡Añádelo al caché! Usa `rutaCache` como raíz del caché. +cacache.mete(rutaCache, clave, '10293801983029384').then(integrity => { + console.log(`Saved content to ${rutaCache}.`) +}) + +const destino = '/tmp/mytar.tgz' + +// Copia el contenido del caché a otro fichero, pero esta vez con flujos. +cacache.saca.flujo( + rutaCache, clave +).pipe( + fs.createWriteStream(destino) +).on('finish', () => { + console.log('extracción completada') +}) + +// La misma cosa, pero accesando el contenido directamente, sin tocar el índice. +cacache.saca.porHacheo(rutaCache, integridad).then(datos => { + fs.writeFile(destino, datos, err => { + console.log('datos del tarbol sacados basado en su sha512, y escrito a otro fichero') + }) +}) +``` + +### Características + +* Extracción por clave o por dirección de contenido (shasum, etc) +* Usa el estándard de web, [Subresource Integrity](#integrity) +* Compatible con multiples algoritmos - usa sha1, sha512, etc, en el mismo caché sin problema +* Entradas con contenido idéntico comparten ficheros +* Tolerancia de fallas (inmune a corrupción, ficheros parciales, carreras de proceso, etc) +* Verificación completa de datos cuando (escribiendo y leyendo) +* Concurrencia rápida, segura y "lockless" +* Compatible con `stream`s (flujos) +* Compatible con `Promise`s (promesas) +* Bastante rápida -- acceso, incluyendo verificación, en microsegundos +* Almacenaje de metadatos arbitrarios +* Colección de basura y verificación adicional fuera de banda +* Cobertura rigurosa de pruebas +* Probablente hay un "Bloom filter" por ahí en algún lado. Eso le mola a la gente, ¿Verdad? 🤔 + +### Cómo Contribuir + +El equipo de cacache felizmente acepta contribuciones de código y otras maneras de participación. ¡Hay muchas formas diferentes de contribuir! La [Guía de Colaboradores](CONTRIBUTING.md) (en inglés) tiene toda la información que necesitas para cualquier tipo de contribución: todo desde cómo reportar errores hasta cómo someter parches con nuevas características. Con todo y eso, no se preocupe por si lo que haces está exáctamente correcto: no hay ningún problema en hacer preguntas si algo no está claro, o no lo encuentras. + +El equipo de cacache tiene miembros hispanohablantes: es completamente aceptable crear `issues` y `pull requests` en español/castellano. + +Todos los participantes en este proyecto deben obedecer el [Código de Conducta](CODE_OF_CONDUCT.md) (en inglés), y en general actuar de forma amable y respetuosa mientras participan en esta comunidad. + +Por favor refiérase al [Historial de Cambios](CHANGELOG.md) (en inglés) para detalles sobre cambios importantes incluídos en cada versión. + +Finalmente, cacache tiene un sistema de localización de lenguaje. Si te interesa añadir lenguajes o mejorar los que existen, mira en el directorio `./locales` para comenzar. + +Happy hacking! + +### API + +#### <a name="localized-api"></a> Usando el API en español + +cacache incluye una traducción completa de su API al castellano, con las mismas +características. Para usar el API como está documentado en este documento, usa +`require('cacache/es')` + +cacache también tiene otros lenguajes: encuéntralos bajo `./locales`, y podrás +usar el API en ese lenguaje con `require('cacache/<lenguaje>')` + +#### <a name="ls"></a> `> cacache.ls(cache) -> Promise<Object>` + +Enumera todas las entradas en el caché, dentro de un solo objeto. Cada entrada +en el objeto tendrá como clave la clave única usada para el índice, el valor +siendo un objeto de [`saca.info`](#get-info). + +##### Ejemplo + +```javascript +cacache.ls(rutaCache).then(console.log) +// Salida +{ + 'my-thing': { + key: 'my-thing', + integrity: 'sha512-BaSe64/EnCoDED+HAsh==' + path: '.testcache/content/deadbeef', // unido con `rutaCache` + time: 12345698490, + size: 4023948, + metadata: { + name: 'blah', + version: '1.2.3', + description: 'this was once a package but now it is my-thing' + } + }, + 'other-thing': { + key: 'other-thing', + integrity: 'sha1-ANothER+hasH=', + path: '.testcache/content/bada55', + time: 11992309289, + size: 111112 + } +} +``` + +#### <a name="ls-stream"></a> `> cacache.ls.flujo(cache) -> Readable` + +Enumera todas las entradas en el caché, emitiendo un objeto de +[`saca.info`](#get-info) por cada evento de `data` en el flujo. + +##### Ejemplo + +```javascript +cacache.ls.flujo(rutaCache).on('data', console.log) +// Salida +{ + key: 'my-thing', + integrity: 'sha512-BaSe64HaSh', + path: '.testcache/content/deadbeef', // unido con `rutaCache` + time: 12345698490, + size: 13423, + metadata: { + name: 'blah', + version: '1.2.3', + description: 'this was once a package but now it is my-thing' + } +} + +{ + key: 'other-thing', + integrity: 'whirlpool-WoWSoMuchSupport', + path: '.testcache/content/bada55', + time: 11992309289, + size: 498023984029 +} + +{ + ... +} +``` + +#### <a name="get-data"></a> `> cacache.saca(cache, clave, [ops]) -> Promise({data, metadata, integrity})` + +Devuelve un objeto con los datos, hacheo de integridad y metadatos identificados +por la `clave`. La propiedad `data` de este objeto será una instancia de +`Buffer` con los datos almacenados en el caché. to do with it! cacache just +won't care. + +`integrity` es un `string` de [Subresource Integrity](#integrity). Dígase, un +`string` que puede ser usado para verificar a la `data`, que tiene como formato +`<algoritmo>-<hacheo-integridad-base64>`. + +So no existe ninguna entrada identificada por `clave`, o se los datos +almacenados localmente fallan verificación, el `Promise` fallará. + +Una sub-función, `saca.porHacheo`, tiene casi el mismo comportamiento, excepto +que busca entradas usando el hacheo de integridad, sin tocar el índice general. +Esta versión *sólo* devuelve `data`, sin ningún objeto conteniéndola. + +##### Nota + +Esta función lee la entrada completa a la memoria antes de devolverla. Si estás +almacenando datos Muy Grandes, es posible que [`saca.flujo`](#get-stream) sea +una mejor solución. + +##### Ejemplo + +```javascript +// Busca por clave +cache.saca(rutaCache, 'my-thing').then(console.log) +// Salida: +{ + metadata: { + thingName: 'my' + }, + integrity: 'sha512-BaSe64HaSh', + data: Buffer#<deadbeef>, + size: 9320 +} + +// Busca por hacheo +cache.saca.porHacheo(rutaCache, 'sha512-BaSe64HaSh').then(console.log) +// Salida: +Buffer#<deadbeef> +``` + +#### <a name="get-stream"></a> `> cacache.saca.flujo(cache, clave, [ops]) -> Readable` + +Devuelve un [Readable +Stream](https://nodejs.org/api/stream.html#stream_readable_streams) de los datos +almacenados bajo `clave`. + +So no existe ninguna entrada identificada por `clave`, o se los datos +almacenados localmente fallan verificación, el `Promise` fallará. + +`metadata` y `integrity` serán emitidos como eventos antes de que el flujo +cierre. + +Una sub-función, `saca.flujo.porHacheo`, tiene casi el mismo comportamiento, +excepto que busca entradas usando el hacheo de integridad, sin tocar el índice +general. Esta versión no emite eventos de `metadata` o `integrity`. + +##### Ejemplo + +```javascript +// Busca por clave +cache.saca.flujo( + rutaCache, 'my-thing' +).on('metadata', metadata => { + console.log('metadata:', metadata) +}).on('integrity', integrity => { + console.log('integrity:', integrity) +}).pipe( + fs.createWriteStream('./x.tgz') +) +// Salidas: +metadata: { ... } +integrity: 'sha512-SoMeDIGest+64==' + +// Busca por hacheo +cache.saca.flujo.porHacheo( + rutaCache, 'sha512-SoMeDIGest+64==' +).pipe( + fs.createWriteStream('./x.tgz') +) +``` + +#### <a name="get-info"></a> `> cacache.saca.info(cache, clave) -> Promise` + +Busca la `clave` en el índice del caché, devolviendo información sobre la +entrada si existe. + +##### Campos + +* `key` - Clave de la entrada. Igual al argumento `clave`. +* `integrity` - [hacheo de Subresource Integrity](#integrity) del contenido al que se refiere esta entrada. +* `path` - Dirección del fichero de datos almacenados, unida al argumento `cache`. +* `time` - Hora de creación de la entrada +* `metadata` - Metadatos asignados a esta entrada por el usuario + +##### Ejemplo + +```javascript +cacache.saca.info(rutaCache, 'my-thing').then(console.log) + +// Salida +{ + key: 'my-thing', + integrity: 'sha256-MUSTVERIFY+ALL/THINGS==' + path: '.testcache/content/deadbeef', + time: 12345698490, + size: 849234, + metadata: { + name: 'blah', + version: '1.2.3', + description: 'this was once a package but now it is my-thing' + } +} +``` + +#### <a name="get-hasContent"></a> `> cacache.saca.tieneDatos(cache, integrity) -> Promise` + +Busca un [hacheo Subresource Integrity](#integrity) en el caché. Si existe el +contenido asociado con `integrity`, devuelve un objeto con dos campos: el hacheo +_específico_ que se usó para la búsqueda, `sri`, y el tamaño total del +contenido, `size`. Si no existe ningún contenido asociado con `integrity`, +devuelve `false`. + +##### Ejemplo + +```javascript +cacache.saca.tieneDatos(rutaCache, 'sha256-MUSTVERIFY+ALL/THINGS==').then(console.log) + +// Salida +{ + sri: { + source: 'sha256-MUSTVERIFY+ALL/THINGS==', + algorithm: 'sha256', + digest: 'MUSTVERIFY+ALL/THINGS==', + options: [] + }, + size: 9001 +} + +cacache.saca.tieneDatos(rutaCache, 'sha521-NOT+IN/CACHE==').then(console.log) + +// Salida +false +``` + +#### <a name="put-data"></a> `> cacache.mete(cache, clave, datos, [ops]) -> Promise` + +Inserta `datos` en el caché. El `Promise` devuelto se resuelve con un hacheo +(generado conforme a [`ops.algorithms`](#optsalgorithms)) después que la entrada +haya sido escrita en completo. + +##### Ejemplo + +```javascript +fetch( + 'https://registry.npmjs.org/cacache/-/cacache-1.0.0.tgz' +).then(datos => { + return cacache.mete(rutaCache, 'registry.npmjs.org|cacache@1.0.0', datos) +}).then(integridad => { + console.log('el hacheo de integridad es', integridad) +}) +``` + +#### <a name="put-stream"></a> `> cacache.mete.flujo(cache, clave, [ops]) -> Writable` + +Devuelve un [Writable +Stream](https://nodejs.org/api/stream.html#stream_writable_streams) que inserta +al caché los datos escritos a él. Emite un evento `integrity` con el hacheo del +contenido escrito, cuando completa. + +##### Ejemplo + +```javascript +request.get( + 'https://registry.npmjs.org/cacache/-/cacache-1.0.0.tgz' +).pipe( + cacache.mete.flujo( + rutaCache, 'registry.npmjs.org|cacache@1.0.0' + ).on('integrity', d => console.log(`integrity digest is ${d}`)) +) +``` + +#### <a name="put-options"></a> `> opciones para cacache.mete` + +La funciones `cacache.mete` tienen un número de opciones en común. + +##### `ops.metadata` + +Metadatos del usuario que se almacenarán con la entrada. + +##### `ops.size` + +El tamaño declarado de los datos que se van a insertar. Si es proveído, cacache +verificará que los datos escritos sean de ese tamaño, o si no, fallará con un +error con código `EBADSIZE`. + +##### `ops.integrity` + +El hacheo de integridad de los datos siendo escritos. + +Si es proveído, y los datos escritos no le corresponden, la operación fallará +con un error con código `EINTEGRITY`. + +`ops.algorithms` no tiene ningún efecto si esta opción está presente. + +##### `ops.algorithms` + +Por Defecto: `['sha512']` + +Algoritmos que se deben usar cuando se calcule el hacheo de [subresource +integrity](#integrity) para los datos insertados. Puede usar cualquier algoritmo +enumerado en `crypto.getHashes()`. + +Por el momento, sólo se acepta un algoritmo (dígase, un array con exáctamente un +valor). No tiene ningún efecto si `ops.integrity` también ha sido proveido. + +##### `ops.uid`/`ops.gid` + +Si están presentes, cacache hará todo lo posible para asegurarse que todos los +ficheros creados en el proceso de sus operaciones en el caché usen esta +combinación en particular. + +##### `ops.memoize` + +Por Defecto: `null` + +Si es verdad, cacache tratará de memoizar los datos de la entrada en memoria. La +próxima vez que el proceso corriente trate de accesar los datos o entrada, +cacache buscará en memoria antes de buscar en disco. + +Si `ops.memoize` es un objeto regular o un objeto como `Map` (es decir, un +objeto con métodos `get()` y `set()`), este objeto en sí sera usado en vez del +caché de memoria global. Esto permite tener lógica específica a tu aplicación +encuanto al almacenaje en memoria de tus datos. + +Si quieres asegurarte que los datos se lean del disco en vez de memoria, usa +`memoize: false` cuando uses funciones de `cacache.saca`. + +#### <a name="rm-all"></a> `> cacache.rm.todo(cache) -> Promise` + +Borra el caché completo, incluyendo ficheros temporeros, ficheros de datos, y el +índice del caché. + +##### Ejemplo + +```javascript +cacache.rm.todo(rutaCache).then(() => { + console.log('THE APOCALYPSE IS UPON US 😱') +}) +``` + +#### <a name="rm-entry"></a> `> cacache.rm.entrada(cache, clave) -> Promise` + +Alias: `cacache.rm` + +Borra la entrada `clave` del índuce. El contenido asociado con esta entrada +seguirá siendo accesible por hacheo usando +[`saca.flujo.porHacheo`](#get-stream). + +Para borrar el contenido en sí, usa [`rm.datos`](#rm-content). Si quieres hacer +esto de manera más segura (pues ficheros de contenido pueden ser usados por +multiples entradas), usa [`verifica`](#verify) para borrar huérfanos. + +##### Ejemplo + +```javascript +cacache.rm.entrada(rutaCache, 'my-thing').then(() => { + console.log('I did not like it anyway') +}) +``` + +#### <a name="rm-content"></a> `> cacache.rm.datos(cache, integrity) -> Promise` + +Borra el contenido identificado por `integrity`. Cualquier entrada que se +refiera a este contenido quedarán huérfanas y se invalidarán si se tratan de +accesar, al menos que contenido idéntico sea añadido bajo `integrity`. + +##### Ejemplo + +```javascript +cacache.rm.datos(rutaCache, 'sha512-SoMeDIGest/IN+BaSE64==').then(() => { + console.log('los datos para `mi-cosa` se borraron') +}) +``` + +#### <a name="set-locale"></a> `> cacache.ponLenguaje(locale)` + +Configura el lenguaje usado para mensajes y errores de cacache. La lista de +lenguajes disponibles está en el directorio `./locales` del proyecto. + +_Te interesa añadir más lenguajes? [Somete un PR](CONTRIBUTING.md)!_ + +#### <a name="clear-memoized"></a> `> cacache.limpiaMemoizado()` + +Completamente reinicializa el caché de memoria interno. Si estás usando tu +propio objecto con `ops.memoize`, debes hacer esto de manera específica a él. + +#### <a name="tmp-mkdir"></a> `> tmp.hazdir(cache, ops) -> Promise<Path>` + +Alias: `tmp.mkdir` + +Devuelve un directorio único dentro del directorio `tmp` del caché. + +Una vez tengas el directorio, es responsabilidad tuya asegurarte que todos los +ficheros escrito a él sean creados usando los permisos y `uid`/`gid` concordante +con el caché. Si no, puedes pedirle a cacache que lo haga llamando a +[`cacache.tmp.fix()`](#tmp-fix). Esta función arreglará todos los permisos en el +directorio tmp. + +Si quieres que cacache limpie el directorio automáticamente cuando termines, usa +[`cacache.tmp.conTmp()`](#with-tpm). + +##### Ejemplo + +```javascript +cacache.tmp.mkdir(cache).then(dir => { + fs.writeFile(path.join(dir, 'blablabla'), Buffer#<1234>, ...) +}) +``` + +#### <a name="with-tmp"></a> `> tmp.conTmp(cache, ops, cb) -> Promise` + +Crea un directorio temporero con [`tmp.mkdir()`](#tmp-mkdir) y ejecuta `cb` con +él como primer argumento. El directorio creado será removido automáticamente +cuando el valor devolvido por `cb()` se resuelva. + +Las mismas advertencias aplican en cuanto a manejando permisos para los ficheros +dentro del directorio. + +##### Ejemplo + +```javascript +cacache.tmp.conTmp(cache, dir => { + return fs.writeFileAsync(path.join(dir, 'blablabla'), Buffer#<1234>, ...) +}).then(() => { + // `dir` no longer exists +}) +``` + +#### <a name="integrity"></a> Hacheos de Subresource Integrity + +cacache usa strings que siguen la especificación de [Subresource Integrity +spec](https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity). + +Es decir, donde quiera cacache espera un argumento o opción `integrity`, ese +string debería usar el formato `<algoritmo>-<hacheo-base64>`. + +Una variación importante sobre los hacheos que cacache acepta es que acepta el +nombre de cualquier algoritmo aceptado por el proceso de Node.js donde se usa. +Puedes usar `crypto.getHashes()` para ver cuales están disponibles. + +##### Generando tus propios hacheos + +Si tienes un `shasum`, en general va a estar en formato de string hexadecimal +(es decir, un `sha1` se vería como algo así: +`5f5513f8822fdbe5145af33b64d8d970dcf95c6e`). + +Para ser compatible con cacache, necesitas convertir esto a su equivalente en +subresource integrity. Por ejemplo, el hacheo correspondiente al ejemplo +anterior sería: `sha1-X1UT+IIv2+UUWvM7ZNjZcNz5XG4=`. + +Puedes usar código así para generarlo por tu cuenta: + +```javascript +const crypto = require('crypto') +const algoritmo = 'sha512' +const datos = 'foobarbaz' + +const integrity = ( + algorithm + + '-' + + crypto.createHash(algoritmo).update(datos).digest('base64') +) +``` + +También puedes usar [`ssri`](https://npm.im/ssri) para deferir el trabajo a otra +librería que garantiza que todo esté correcto, pues maneja probablemente todas +las operaciones que tendrías que hacer con SRIs, incluyendo convirtiendo entre +hexadecimal y el formato SRI. + +#### <a name="verify"></a> `> cacache.verifica(cache, ops) -> Promise` + +Examina y arregla tu caché: + +* Limpia entradas inválidas, huérfanas y corrompidas +* Te deja filtrar cuales entradas retener, con tu propio filtro +* Reclama cualquier ficheros de contenido sin referencias en el índice +* Verifica integridad de todos los ficheros de contenido y remueve los malos +* Arregla permisos del caché +* Remieve el directorio `tmp` en el caché, y todo su contenido. + +Cuando termine, devuelve un objeto con varias estadísticas sobre el proceso de +verificación, por ejemplo la cantidad de espacio de disco reclamado, el número +de entradas válidas, número de entradas removidas, etc. + +##### Opciones + +* `ops.uid` - uid para asignarle al caché y su contenido +* `ops.gid` - gid para asignarle al caché y su contenido +* `ops.filter` - recibe una entrada como argumento. Devuelve falso para removerla. Nota: es posible que esta función sea invocada con la misma entrada más de una vez. + +##### Example + +```sh +echo somegarbage >> $RUTACACHE/content/deadbeef +``` + +```javascript +cacache.verifica(rutaCache).then(stats => { + // deadbeef collected, because of invalid checksum. + console.log('cache is much nicer now! stats:', stats) +}) +``` + +#### <a name="verify-last-run"></a> `> cacache.verifica.ultimaVez(cache) -> Promise` + +Alias: `últimaVez` + +Devuelve un `Date` que representa la última vez que `cacache.verifica` fue +ejecutada en `cache`. + +##### Example + +```javascript +cacache.verifica(rutaCache).then(() => { + cacache.verifica.ultimaVez(rutaCache).then(última => { + console.log('La última vez que se usó cacache.verifica() fue ' + última) + }) +}) +``` diff --git a/node_modules/libnpm/node_modules/cacache/README.md b/node_modules/libnpm/node_modules/cacache/README.md new file mode 100644 index 000000000..7f8ec5eec --- /dev/null +++ b/node_modules/libnpm/node_modules/cacache/README.md @@ -0,0 +1,641 @@ +# cacache [](https://npm.im/cacache) [](https://npm.im/cacache) [](https://travis-ci.org/npm/cacache) [](https://ci.appveyor.com/project/npm/cacache) [](https://coveralls.io/github/npm/cacache?branch=latest) + +[`cacache`](https://github.com/npm/cacache) is a Node.js library for managing +local key and content address caches. It's really fast, really good at +concurrency, and it will never give you corrupted data, even if cache files +get corrupted or manipulated. + +On systems that support user and group settings on files, cacache will +match the `uid` and `gid` values to the folder where the cache lives, even +when running as `root`. + +It was written to be used as [npm](https://npm.im)'s local cache, but can +just as easily be used on its own. + +_Translations: [español](README.es.md)_ + +## Install + +`$ npm install --save cacache` + +## Table of Contents + +* [Example](#example) +* [Features](#features) +* [Contributing](#contributing) +* [API](#api) + * [Using localized APIs](#localized-api) + * Reading + * [`ls`](#ls) + * [`ls.stream`](#ls-stream) + * [`get`](#get-data) + * [`get.stream`](#get-stream) + * [`get.info`](#get-info) + * [`get.hasContent`](#get-hasContent) + * Writing + * [`put`](#put-data) + * [`put.stream`](#put-stream) + * [`put*` opts](#put-options) + * [`rm.all`](#rm-all) + * [`rm.entry`](#rm-entry) + * [`rm.content`](#rm-content) + * Utilities + * [`setLocale`](#set-locale) + * [`clearMemoized`](#clear-memoized) + * [`tmp.mkdir`](#tmp-mkdir) + * [`tmp.withTmp`](#with-tmp) + * Integrity + * [Subresource Integrity](#integrity) + * [`verify`](#verify) + * [`verify.lastRun`](#verify-last-run) + +### Example + +```javascript +const cacache = require('cacache/en') +const fs = require('fs') + +const tarball = '/path/to/mytar.tgz' +const cachePath = '/tmp/my-toy-cache' +const key = 'my-unique-key-1234' + +// Cache it! Use `cachePath` as the root of the content cache +cacache.put(cachePath, key, '10293801983029384').then(integrity => { + console.log(`Saved content to ${cachePath}.`) +}) + +const destination = '/tmp/mytar.tgz' + +// Copy the contents out of the cache and into their destination! +// But this time, use stream instead! +cacache.get.stream( + cachePath, key +).pipe( + fs.createWriteStream(destination) +).on('finish', () => { + console.log('done extracting!') +}) + +// The same thing, but skip the key index. +cacache.get.byDigest(cachePath, integrityHash).then(data => { + fs.writeFile(destination, data, err => { + console.log('tarball data fetched based on its sha512sum and written out!') + }) +}) +``` + +### Features + +* Extraction by key or by content address (shasum, etc) +* [Subresource Integrity](#integrity) web standard support +* Multi-hash support - safely host sha1, sha512, etc, in a single cache +* Automatic content deduplication +* Fault tolerance (immune to corruption, partial writes, process races, etc) +* Consistency guarantees on read and write (full data verification) +* Lockless, high-concurrency cache access +* Streaming support +* Promise support +* Pretty darn fast -- sub-millisecond reads and writes including verification +* Arbitrary metadata storage +* Garbage collection and additional offline verification +* Thorough test coverage +* There's probably a bloom filter in there somewhere. Those are cool, right? 🤔 + +### Contributing + +The cacache team enthusiastically welcomes contributions and project participation! There's a bunch of things you can do if you want to contribute! The [Contributor Guide](CONTRIBUTING.md) has all the information you need for everything from reporting bugs to contributing entire new features. Please don't hesitate to jump in if you'd like to, or even ask us questions if something isn't clear. + +All participants and maintainers in this project are expected to follow [Code of Conduct](CODE_OF_CONDUCT.md), and just generally be excellent to each other. + +Please refer to the [Changelog](CHANGELOG.md) for project history details, too. + +Happy hacking! + +### API + +#### <a name="localized-api"></a> Using localized APIs + +cacache includes a complete API in English, with the same features as other +translations. To use the English API as documented in this README, use +`require('cacache/en')`. This is also currently the default if you do +`require('cacache')`, but may change in the future. + +cacache also supports other languages! You can find the list of currently +supported ones by looking in `./locales` in the source directory. You can use +the API in that language with `require('cacache/<lang>')`. + +Want to add support for a new language? Please go ahead! You should be able to +copy `./locales/en.js` and `./locales/en.json` and fill them in. Translating the +`README.md` is a bit more work, but also appreciated if you get around to it. 👍🏼 + +#### <a name="ls"></a> `> cacache.ls(cache) -> Promise<Object>` + +Lists info for all entries currently in the cache as a single large object. Each +entry in the object will be keyed by the unique index key, with corresponding +[`get.info`](#get-info) objects as the values. + +##### Example + +```javascript +cacache.ls(cachePath).then(console.log) +// Output +{ + 'my-thing': { + key: 'my-thing', + integrity: 'sha512-BaSe64/EnCoDED+HAsh==' + path: '.testcache/content/deadbeef', // joined with `cachePath` + time: 12345698490, + size: 4023948, + metadata: { + name: 'blah', + version: '1.2.3', + description: 'this was once a package but now it is my-thing' + } + }, + 'other-thing': { + key: 'other-thing', + integrity: 'sha1-ANothER+hasH=', + path: '.testcache/content/bada55', + time: 11992309289, + size: 111112 + } +} +``` + +#### <a name="ls-stream"></a> `> cacache.ls.stream(cache) -> Readable` + +Lists info for all entries currently in the cache as a single large object. + +This works just like [`ls`](#ls), except [`get.info`](#get-info) entries are +returned as `'data'` events on the returned stream. + +##### Example + +```javascript +cacache.ls.stream(cachePath).on('data', console.log) +// Output +{ + key: 'my-thing', + integrity: 'sha512-BaSe64HaSh', + path: '.testcache/content/deadbeef', // joined with `cachePath` + time: 12345698490, + size: 13423, + metadata: { + name: 'blah', + version: '1.2.3', + description: 'this was once a package but now it is my-thing' + } +} + +{ + key: 'other-thing', + integrity: 'whirlpool-WoWSoMuchSupport', + path: '.testcache/content/bada55', + time: 11992309289, + size: 498023984029 +} + +{ + ... +} +``` + +#### <a name="get-data"></a> `> cacache.get(cache, key, [opts]) -> Promise({data, metadata, integrity})` + +Returns an object with the cached data, digest, and metadata identified by +`key`. The `data` property of this object will be a `Buffer` instance that +presumably holds some data that means something to you. I'm sure you know what +to do with it! cacache just won't care. + +`integrity` is a [Subresource +Integrity](#integrity) +string. That is, a string that can be used to verify `data`, which looks like +`<hash-algorithm>-<base64-integrity-hash>`. + +If there is no content identified by `key`, or if the locally-stored data does +not pass the validity checksum, the promise will be rejected. + +A sub-function, `get.byDigest` may be used for identical behavior, except lookup +will happen by integrity hash, bypassing the index entirely. This version of the +function *only* returns `data` itself, without any wrapper. + +##### Note + +This function loads the entire cache entry into memory before returning it. If +you're dealing with Very Large data, consider using [`get.stream`](#get-stream) +instead. + +##### Example + +```javascript +// Look up by key +cache.get(cachePath, 'my-thing').then(console.log) +// Output: +{ + metadata: { + thingName: 'my' + }, + integrity: 'sha512-BaSe64HaSh', + data: Buffer#<deadbeef>, + size: 9320 +} + +// Look up by digest +cache.get.byDigest(cachePath, 'sha512-BaSe64HaSh').then(console.log) +// Output: +Buffer#<deadbeef> +``` + +#### <a name="get-stream"></a> `> cacache.get.stream(cache, key, [opts]) -> Readable` + +Returns a [Readable Stream](https://nodejs.org/api/stream.html#stream_readable_streams) of the cached data identified by `key`. + +If there is no content identified by `key`, or if the locally-stored data does +not pass the validity checksum, an error will be emitted. + +`metadata` and `integrity` events will be emitted before the stream closes, if +you need to collect that extra data about the cached entry. + +A sub-function, `get.stream.byDigest` may be used for identical behavior, +except lookup will happen by integrity hash, bypassing the index entirely. This +version does not emit the `metadata` and `integrity` events at all. + +##### Example + +```javascript +// Look up by key +cache.get.stream( + cachePath, 'my-thing' +).on('metadata', metadata => { + console.log('metadata:', metadata) +}).on('integrity', integrity => { + console.log('integrity:', integrity) +}).pipe( + fs.createWriteStream('./x.tgz') +) +// Outputs: +metadata: { ... } +integrity: 'sha512-SoMeDIGest+64==' + +// Look up by digest +cache.get.stream.byDigest( + cachePath, 'sha512-SoMeDIGest+64==' +).pipe( + fs.createWriteStream('./x.tgz') +) +``` + +#### <a name="get-info"></a> `> cacache.get.info(cache, key) -> Promise` + +Looks up `key` in the cache index, returning information about the entry if +one exists. + +##### Fields + +* `key` - Key the entry was looked up under. Matches the `key` argument. +* `integrity` - [Subresource Integrity hash](#integrity) for the content this entry refers to. +* `path` - Filesystem path where content is stored, joined with `cache` argument. +* `time` - Timestamp the entry was first added on. +* `metadata` - User-assigned metadata associated with the entry/content. + +##### Example + +```javascript +cacache.get.info(cachePath, 'my-thing').then(console.log) + +// Output +{ + key: 'my-thing', + integrity: 'sha256-MUSTVERIFY+ALL/THINGS==' + path: '.testcache/content/deadbeef', + time: 12345698490, + size: 849234, + metadata: { + name: 'blah', + version: '1.2.3', + description: 'this was once a package but now it is my-thing' + } +} +``` + +#### <a name="get-hasContent"></a> `> cacache.get.hasContent(cache, integrity) -> Promise` + +Looks up a [Subresource Integrity hash](#integrity) in the cache. If content +exists for this `integrity`, it will return an object, with the specific single integrity hash +that was found in `sri` key, and the size of the found content as `size`. If no content exists for this integrity, it will return `false`. + +##### Example + +```javascript +cacache.get.hasContent(cachePath, 'sha256-MUSTVERIFY+ALL/THINGS==').then(console.log) + +// Output +{ + sri: { + source: 'sha256-MUSTVERIFY+ALL/THINGS==', + algorithm: 'sha256', + digest: 'MUSTVERIFY+ALL/THINGS==', + options: [] + }, + size: 9001 +} + +cacache.get.hasContent(cachePath, 'sha521-NOT+IN/CACHE==').then(console.log) + +// Output +false +``` + +#### <a name="put-data"></a> `> cacache.put(cache, key, data, [opts]) -> Promise` + +Inserts data passed to it into the cache. The returned Promise resolves with a +digest (generated according to [`opts.algorithms`](#optsalgorithms)) after the +cache entry has been successfully written. + +##### Example + +```javascript +fetch( + 'https://registry.npmjs.org/cacache/-/cacache-1.0.0.tgz' +).then(data => { + return cacache.put(cachePath, 'registry.npmjs.org|cacache@1.0.0', data) +}).then(integrity => { + console.log('integrity hash is', integrity) +}) +``` + +#### <a name="put-stream"></a> `> cacache.put.stream(cache, key, [opts]) -> Writable` + +Returns a [Writable +Stream](https://nodejs.org/api/stream.html#stream_writable_streams) that inserts +data written to it into the cache. Emits an `integrity` event with the digest of +written contents when it succeeds. + +##### Example + +```javascript +request.get( + 'https://registry.npmjs.org/cacache/-/cacache-1.0.0.tgz' +).pipe( + cacache.put.stream( + cachePath, 'registry.npmjs.org|cacache@1.0.0' + ).on('integrity', d => console.log(`integrity digest is ${d}`)) +) +``` + +#### <a name="put-options"></a> `> cacache.put options` + +`cacache.put` functions have a number of options in common. + +##### `opts.metadata` + +Arbitrary metadata to be attached to the inserted key. + +##### `opts.size` + +If provided, the data stream will be verified to check that enough data was +passed through. If there's more or less data than expected, insertion will fail +with an `EBADSIZE` error. + +##### `opts.integrity` + +If present, the pre-calculated digest for the inserted content. If this option +if provided and does not match the post-insertion digest, insertion will fail +with an `EINTEGRITY` error. + +`algorithms` has no effect if this option is present. + +##### `opts.algorithms` + +Default: ['sha512'] + +Hashing algorithms to use when calculating the [subresource integrity +digest](#integrity) +for inserted data. Can use any algorithm listed in `crypto.getHashes()` or +`'omakase'`/`'お任せします'` to pick a random hash algorithm on each insertion. You +may also use any anagram of `'modnar'` to use this feature. + +Currently only supports one algorithm at a time (i.e., an array length of +exactly `1`). Has no effect if `opts.integrity` is present. + +##### `opts.memoize` + +Default: null + +If provided, cacache will memoize the given cache insertion in memory, bypassing +any filesystem checks for that key or digest in future cache fetches. Nothing +will be written to the in-memory cache unless this option is explicitly truthy. + +If `opts.memoize` is an object or a `Map`-like (that is, an object with `get` +and `set` methods), it will be written to instead of the global memoization +cache. + +Reading from disk data can be forced by explicitly passing `memoize: false` to +the reader functions, but their default will be to read from memory. + +#### <a name="rm-all"></a> `> cacache.rm.all(cache) -> Promise` + +Clears the entire cache. Mainly by blowing away the cache directory itself. + +##### Example + +```javascript +cacache.rm.all(cachePath).then(() => { + console.log('THE APOCALYPSE IS UPON US 😱') +}) +``` + +#### <a name="rm-entry"></a> `> cacache.rm.entry(cache, key) -> Promise` + +Alias: `cacache.rm` + +Removes the index entry for `key`. Content will still be accessible if +requested directly by content address ([`get.stream.byDigest`](#get-stream)). + +To remove the content itself (which might still be used by other entries), use +[`rm.content`](#rm-content). Or, to safely vacuum any unused content, use +[`verify`](#verify). + +##### Example + +```javascript +cacache.rm.entry(cachePath, 'my-thing').then(() => { + console.log('I did not like it anyway') +}) +``` + +#### <a name="rm-content"></a> `> cacache.rm.content(cache, integrity) -> Promise` + +Removes the content identified by `integrity`. Any index entries referring to it +will not be usable again until the content is re-added to the cache with an +identical digest. + +##### Example + +```javascript +cacache.rm.content(cachePath, 'sha512-SoMeDIGest/IN+BaSE64==').then(() => { + console.log('data for my-thing is gone!') +}) +``` + +#### <a name="set-locale"></a> `> cacache.setLocale(locale)` + +Configure the language/locale used for messages and errors coming from cacache. +The list of available locales is in the `./locales` directory in the project +root. + +_Interested in contributing more languages! [Submit a PR](CONTRIBUTING.md)!_ + +#### <a name="clear-memoized"></a> `> cacache.clearMemoized()` + +Completely resets the in-memory entry cache. + +#### <a name="tmp-mkdir"></a> `> tmp.mkdir(cache, opts) -> Promise<Path>` + +Returns a unique temporary directory inside the cache's `tmp` dir. This +directory will use the same safe user assignment that all the other stuff use. + +Once the directory is made, it's the user's responsibility that all files +within are given the appropriate `gid`/`uid` ownership settings to match +the rest of the cache. If not, you can ask cacache to do it for you by +calling [`tmp.fix()`](#tmp-fix), which will fix all tmp directory +permissions. + +If you want automatic cleanup of this directory, use +[`tmp.withTmp()`](#with-tpm) + +##### Example + +```javascript +cacache.tmp.mkdir(cache).then(dir => { + fs.writeFile(path.join(dir, 'blablabla'), Buffer#<1234>, ...) +}) +``` + +#### <a name="tmp-fix"></a> `> tmp.fix(cache) -> Promise` + +Sets the `uid` and `gid` properties on all files and folders within the tmp +folder to match the rest of the cache. + +Use this after manually writing files into [`tmp.mkdir`](#tmp-mkdir) or +[`tmp.withTmp`](#with-tmp). + +##### Example + +```javascript +cacache.tmp.mkdir(cache).then(dir => { + writeFile(path.join(dir, 'file'), someData).then(() => { + // make sure we didn't just put a root-owned file in the cache + cacache.tmp.fix().then(() => { + // all uids and gids match now + }) + }) +}) +``` + +#### <a name="with-tmp"></a> `> tmp.withTmp(cache, opts, cb) -> Promise` + +Creates a temporary directory with [`tmp.mkdir()`](#tmp-mkdir) and calls `cb` +with it. The created temporary directory will be removed when the return value +of `cb()` resolves -- that is, if you return a Promise from `cb()`, the tmp +directory will be automatically deleted once that promise completes. + +The same caveats apply when it comes to managing permissions for the tmp dir's +contents. + +##### Example + +```javascript +cacache.tmp.withTmp(cache, dir => { + return fs.writeFileAsync(path.join(dir, 'blablabla'), Buffer#<1234>, ...) +}).then(() => { + // `dir` no longer exists +}) +``` + +#### <a name="integrity"></a> Subresource Integrity Digests + +For content verification and addressing, cacache uses strings following the +[Subresource +Integrity spec](https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity). +That is, any time cacache expects an `integrity` argument or option, it +should be in the format `<hashAlgorithm>-<base64-hash>`. + +One deviation from the current spec is that cacache will support any hash +algorithms supported by the underlying Node.js process. You can use +`crypto.getHashes()` to see which ones you can use. + +##### Generating Digests Yourself + +If you have an existing content shasum, they are generally formatted as a +hexadecimal string (that is, a sha1 would look like: +`5f5513f8822fdbe5145af33b64d8d970dcf95c6e`). In order to be compatible with +cacache, you'll need to convert this to an equivalent subresource integrity +string. For this example, the corresponding hash would be: +`sha1-X1UT+IIv2+UUWvM7ZNjZcNz5XG4=`. + +If you want to generate an integrity string yourself for existing data, you can +use something like this: + +```javascript +const crypto = require('crypto') +const hashAlgorithm = 'sha512' +const data = 'foobarbaz' + +const integrity = ( + hashAlgorithm + + '-' + + crypto.createHash(hashAlgorithm).update(data).digest('base64') +) +``` + +You can also use [`ssri`](https://npm.im/ssri) to have a richer set of functionality +around SRI strings, including generation, parsing, and translating from existing +hex-formatted strings. + +#### <a name="verify"></a> `> cacache.verify(cache, opts) -> Promise` + +Checks out and fixes up your cache: + +* Cleans up corrupted or invalid index entries. +* Custom entry filtering options. +* Garbage collects any content entries not referenced by the index. +* Checks integrity for all content entries and removes invalid content. +* Fixes cache ownership. +* Removes the `tmp` directory in the cache and all its contents. + +When it's done, it'll return an object with various stats about the verification +process, including amount of storage reclaimed, number of valid entries, number +of entries removed, etc. + +##### Options + +* `opts.filter` - receives a formatted entry. Return false to remove it. + Note: might be called more than once on the same entry. + +##### Example + +```sh +echo somegarbage >> $CACHEPATH/content/deadbeef +``` + +```javascript +cacache.verify(cachePath).then(stats => { + // deadbeef collected, because of invalid checksum. + console.log('cache is much nicer now! stats:', stats) +}) +``` + +#### <a name="verify-last-run"></a> `> cacache.verify.lastRun(cache) -> Promise` + +Returns a `Date` representing the last time `cacache.verify` was run on `cache`. + +##### Example + +```javascript +cacache.verify(cachePath).then(() => { + cacache.verify.lastRun(cachePath).then(lastTime => { + console.log('cacache.verify was last called on' + lastTime) + }) +}) +``` diff --git a/node_modules/libnpm/node_modules/cacache/en.js b/node_modules/libnpm/node_modules/cacache/en.js new file mode 100644 index 000000000..a3db581c9 --- /dev/null +++ b/node_modules/libnpm/node_modules/cacache/en.js @@ -0,0 +1,3 @@ +'use strict' + +module.exports = require('./locales/en.js') diff --git a/node_modules/libnpm/node_modules/cacache/es.js b/node_modules/libnpm/node_modules/cacache/es.js new file mode 100644 index 000000000..6282363c3 --- /dev/null +++ b/node_modules/libnpm/node_modules/cacache/es.js @@ -0,0 +1,3 @@ +'use strict' + +module.exports = require('./locales/es.js') diff --git a/node_modules/libnpm/node_modules/cacache/get.js b/node_modules/libnpm/node_modules/cacache/get.js new file mode 100644 index 000000000..008cb83a9 --- /dev/null +++ b/node_modules/libnpm/node_modules/cacache/get.js @@ -0,0 +1,247 @@ +'use strict' + +const BB = require('bluebird') + +const figgyPudding = require('figgy-pudding') +const fs = require('fs') +const index = require('./lib/entry-index') +const memo = require('./lib/memoization') +const pipe = require('mississippi').pipe +const pipeline = require('mississippi').pipeline +const read = require('./lib/content/read') +const through = require('mississippi').through + +const GetOpts = figgyPudding({ + integrity: {}, + memoize: {}, + size: {} +}) + +module.exports = function get (cache, key, opts) { + return getData(false, cache, key, opts) +} +module.exports.byDigest = function getByDigest (cache, digest, opts) { + return getData(true, cache, digest, opts) +} +function getData (byDigest, cache, key, opts) { + opts = GetOpts(opts) + const memoized = ( + byDigest + ? memo.get.byDigest(cache, key, opts) + : memo.get(cache, key, opts) + ) + if (memoized && opts.memoize !== false) { + return BB.resolve(byDigest ? memoized : { + metadata: memoized.entry.metadata, + data: memoized.data, + integrity: memoized.entry.integrity, + size: memoized.entry.size + }) + } + return ( + byDigest ? BB.resolve(null) : index.find(cache, key, opts) + ).then(entry => { + if (!entry && !byDigest) { + throw new index.NotFoundError(cache, key) + } + return read(cache, byDigest ? key : entry.integrity, { + integrity: opts.integrity, + size: opts.size + }).then(data => byDigest ? data : { + metadata: entry.metadata, + data: data, + size: entry.size, + integrity: entry.integrity + }).then(res => { + if (opts.memoize && byDigest) { + memo.put.byDigest(cache, key, res, opts) + } else if (opts.memoize) { + memo.put(cache, entry, res.data, opts) + } + return res + }) + }) +} + +module.exports.sync = function get (cache, key, opts) { + return getDataSync(false, cache, key, opts) +} +module.exports.sync.byDigest = function getByDigest (cache, digest, opts) { + return getDataSync(true, cache, digest, opts) +} +function getDataSync (byDigest, cache, key, opts) { + opts = GetOpts(opts) + const memoized = ( + byDigest + ? memo.get.byDigest(cache, key, opts) + : memo.get(cache, key, opts) + ) + if (memoized && opts.memoize !== false) { + return byDigest ? memoized : { + metadata: memoized.entry.metadata, + data: memoized.data, + integrity: memoized.entry.integrity, + size: memoized.entry.size + } + } + const entry = !byDigest && index.find.sync(cache, key, opts) + if (!entry && !byDigest) { + throw new index.NotFoundError(cache, key) + } + const data = read.sync( + cache, + byDigest ? key : entry.integrity, + { + integrity: opts.integrity, + size: opts.size + } + ) + const res = byDigest + ? data + : { + metadata: entry.metadata, + data: data, + size: entry.size, + integrity: entry.integrity + } + if (opts.memoize && byDigest) { + memo.put.byDigest(cache, key, res, opts) + } else if (opts.memoize) { + memo.put(cache, entry, res.data, opts) + } + return res +} + +module.exports.stream = getStream +function getStream (cache, key, opts) { + opts = GetOpts(opts) + let stream = through() + const memoized = memo.get(cache, key, opts) + if (memoized && opts.memoize !== false) { + stream.on('newListener', function (ev, cb) { + ev === 'metadata' && cb(memoized.entry.metadata) + ev === 'integrity' && cb(memoized.entry.integrity) + ev === 'size' && cb(memoized.entry.size) + }) + stream.write(memoized.data, () => stream.end()) + return stream + } + index.find(cache, key).then(entry => { + if (!entry) { + return stream.emit( + 'error', new index.NotFoundError(cache, key) + ) + } + let memoStream + if (opts.memoize) { + let memoData = [] + let memoLength = 0 + memoStream = through((c, en, cb) => { + memoData && memoData.push(c) + memoLength += c.length + cb(null, c, en) + }, cb => { + memoData && memo.put(cache, entry, Buffer.concat(memoData, memoLength), opts) + cb() + }) + } else { + memoStream = through() + } + stream.emit('metadata', entry.metadata) + stream.emit('integrity', entry.integrity) + stream.emit('size', entry.size) + stream.on('newListener', function (ev, cb) { + ev === 'metadata' && cb(entry.metadata) + ev === 'integrity' && cb(entry.integrity) + ev === 'size' && cb(entry.size) + }) + pipe( + read.readStream(cache, entry.integrity, opts.concat({ + size: opts.size == null ? entry.size : opts.size + })), + memoStream, + stream + ) + }).catch(err => stream.emit('error', err)) + return stream +} + +module.exports.stream.byDigest = getStreamDigest +function getStreamDigest (cache, integrity, opts) { + opts = GetOpts(opts) + const memoized = memo.get.byDigest(cache, integrity, opts) + if (memoized && opts.memoize !== false) { + const stream = through() + stream.write(memoized, () => stream.end()) + return stream + } else { + let stream = read.readStream(cache, integrity, opts) + if (opts.memoize) { + let memoData = [] + let memoLength = 0 + const memoStream = through((c, en, cb) => { + memoData && memoData.push(c) + memoLength += c.length + cb(null, c, en) + }, cb => { + memoData && memo.put.byDigest( + cache, + integrity, + Buffer.concat(memoData, memoLength), + opts + ) + cb() + }) + stream = pipeline(stream, memoStream) + } + return stream + } +} + +module.exports.info = info +function info (cache, key, opts) { + opts = GetOpts(opts) + const memoized = memo.get(cache, key, opts) + if (memoized && opts.memoize !== false) { + return BB.resolve(memoized.entry) + } else { + return index.find(cache, key) + } +} + +module.exports.hasContent = read.hasContent + +module.exports.copy = function cp (cache, key, dest, opts) { + return copy(false, cache, key, dest, opts) +} +module.exports.copy.byDigest = function cpDigest (cache, digest, dest, opts) { + return copy(true, cache, digest, dest, opts) +} +function copy (byDigest, cache, key, dest, opts) { + opts = GetOpts(opts) + if (read.copy) { + return ( + byDigest ? BB.resolve(null) : index.find(cache, key, opts) + ).then(entry => { + if (!entry && !byDigest) { + throw new index.NotFoundError(cache, key) + } + return read.copy( + cache, byDigest ? key : entry.integrity, dest, opts + ).then(() => byDigest ? key : { + metadata: entry.metadata, + size: entry.size, + integrity: entry.integrity + }) + }) + } else { + return getData(byDigest, cache, key, opts).then(res => { + return fs.writeFileAsync(dest, byDigest ? res : res.data) + .then(() => byDigest ? key : { + metadata: res.metadata, + size: res.size, + integrity: res.integrity + }) + }) + } +} diff --git a/node_modules/libnpm/node_modules/cacache/index.js b/node_modules/libnpm/node_modules/cacache/index.js new file mode 100644 index 000000000..a3db581c9 --- /dev/null +++ b/node_modules/libnpm/node_modules/cacache/index.js @@ -0,0 +1,3 @@ +'use strict' + +module.exports = require('./locales/en.js') diff --git a/node_modules/libnpm/node_modules/cacache/lib/content/path.js b/node_modules/libnpm/node_modules/cacache/lib/content/path.js new file mode 100644 index 000000000..c67c28061 --- /dev/null +++ b/node_modules/libnpm/node_modules/cacache/lib/content/path.js @@ -0,0 +1,26 @@ +'use strict' + +const contentVer = require('../../package.json')['cache-version'].content +const hashToSegments = require('../util/hash-to-segments') +const path = require('path') +const ssri = require('ssri') + +// Current format of content file path: +// +// sha512-BaSE64Hex= -> +// ~/.my-cache/content-v2/sha512/ba/da/55deadbeefc0ffee +// +module.exports = contentPath +function contentPath (cache, integrity) { + const sri = ssri.parse(integrity, { single: true }) + // contentPath is the *strongest* algo given + return path.join.apply(path, [ + contentDir(cache), + sri.algorithm + ].concat(hashToSegments(sri.hexDigest()))) +} + +module.exports._contentDir = contentDir +function contentDir (cache) { + return path.join(cache, `content-v${contentVer}`) +} diff --git a/node_modules/libnpm/node_modules/cacache/lib/content/read.js b/node_modules/libnpm/node_modules/cacache/lib/content/read.js new file mode 100644 index 000000000..7929524f8 --- /dev/null +++ b/node_modules/libnpm/node_modules/cacache/lib/content/read.js @@ -0,0 +1,195 @@ +'use strict' + +const BB = require('bluebird') + +const contentPath = require('./path') +const figgyPudding = require('figgy-pudding') +const fs = require('graceful-fs') +const PassThrough = require('stream').PassThrough +const pipe = BB.promisify(require('mississippi').pipe) +const ssri = require('ssri') +const Y = require('../util/y.js') + +const lstatAsync = BB.promisify(fs.lstat) +const readFileAsync = BB.promisify(fs.readFile) + +const ReadOpts = figgyPudding({ + size: {} +}) + +module.exports = read +function read (cache, integrity, opts) { + opts = ReadOpts(opts) + return withContentSri(cache, integrity, (cpath, sri) => { + return readFileAsync(cpath, null).then(data => { + if (typeof opts.size === 'number' && opts.size !== data.length) { + throw sizeError(opts.size, data.length) + } else if (ssri.checkData(data, sri)) { + return data + } else { + throw integrityError(sri, cpath) + } + }) + }) +} + +module.exports.sync = readSync +function readSync (cache, integrity, opts) { + opts = ReadOpts(opts) + return withContentSriSync(cache, integrity, (cpath, sri) => { + const data = fs.readFileSync(cpath) + if (typeof opts.size === 'number' && opts.size !== data.length) { + throw sizeError(opts.size, data.length) + } else if (ssri.checkData(data, sri)) { + return data + } else { + throw integrityError(sri, cpath) + } + }) +} + +module.exports.stream = readStream +module.exports.readStream = readStream +function readStream (cache, integrity, opts) { + opts = ReadOpts(opts) + const stream = new PassThrough() + withContentSri(cache, integrity, (cpath, sri) => { + return lstatAsync(cpath).then(stat => ({ cpath, sri, stat })) + }).then(({ cpath, sri, stat }) => { + return pipe( + fs.createReadStream(cpath), + ssri.integrityStream({ + integrity: sri, + size: opts.size + }), + stream + ) + }).catch(err => { + stream.emit('error', err) + }) + return stream +} + +let copyFileAsync +if (fs.copyFile) { + module.exports.copy = copy + module.exports.copy.sync = copySync + copyFileAsync = BB.promisify(fs.copyFile) +} + +function copy (cache, integrity, dest, opts) { + opts = ReadOpts(opts) + return withContentSri(cache, integrity, (cpath, sri) => { + return copyFileAsync(cpath, dest) + }) +} + +function copySync (cache, integrity, dest, opts) { + opts = ReadOpts(opts) + return withContentSriSync(cache, integrity, (cpath, sri) => { + return fs.copyFileSync(cpath, dest) + }) +} + +module.exports.hasContent = hasContent +function hasContent (cache, integrity) { + if (!integrity) { return BB.resolve(false) } + return withContentSri(cache, integrity, (cpath, sri) => { + return lstatAsync(cpath).then(stat => ({ size: stat.size, sri, stat })) + }).catch(err => { + if (err.code === 'ENOENT') { return false } + if (err.code === 'EPERM') { + if (process.platform !== 'win32') { + throw err + } else { + return false + } + } + }) +} + +module.exports.hasContent.sync = hasContentSync +function hasContentSync (cache, integrity) { + if (!integrity) { return false } + return withContentSriSync(cache, integrity, (cpath, sri) => { + try { + const stat = fs.lstatSync(cpath) + return { size: stat.size, sri, stat } + } catch (err) { + if (err.code === 'ENOENT') { return false } + if (err.code === 'EPERM') { + if (process.platform !== 'win32') { + throw err + } else { + return false + } + } + } + }) +} + +function withContentSri (cache, integrity, fn) { + return BB.try(() => { + const sri = ssri.parse(integrity) + // If `integrity` has multiple entries, pick the first digest + // with available local data. + const algo = sri.pickAlgorithm() + const digests = sri[algo] + if (digests.length <= 1) { + const cpath = contentPath(cache, digests[0]) + return fn(cpath, digests[0]) + } else { + return BB.any(sri[sri.pickAlgorithm()].map(meta => { + return withContentSri(cache, meta, fn) + }, { concurrency: 1 })) + .catch(err => { + if ([].some.call(err, e => e.code === 'ENOENT')) { + throw Object.assign( + new Error('No matching content found for ' + sri.toString()), + { code: 'ENOENT' } + ) + } else { + throw err[0] + } + }) + } + }) +} + +function withContentSriSync (cache, integrity, fn) { + const sri = ssri.parse(integrity) + // If `integrity` has multiple entries, pick the first digest + // with available local data. + const algo = sri.pickAlgorithm() + const digests = sri[algo] + if (digests.length <= 1) { + const cpath = contentPath(cache, digests[0]) + return fn(cpath, digests[0]) + } else { + let lastErr = null + for (const meta of sri[sri.pickAlgorithm()]) { + try { + return withContentSriSync(cache, meta, fn) + } catch (err) { + lastErr = err + } + } + if (lastErr) { throw lastErr } + } +} + +function sizeError (expected, found) { + var err = new Error(Y`Bad data size: expected inserted data to be ${expected} bytes, but got ${found} instead`) + err.expected = expected + err.found = found + err.code = 'EBADSIZE' + return err +} + +function integrityError (sri, path) { + var err = new Error(Y`Integrity verification failed for ${sri} (${path})`) + err.code = 'EINTEGRITY' + err.sri = sri + err.path = path + return err +} diff --git a/node_modules/libnpm/node_modules/cacache/lib/content/rm.js b/node_modules/libnpm/node_modules/cacache/lib/content/rm.js new file mode 100644 index 000000000..12cf15823 --- /dev/null +++ b/node_modules/libnpm/node_modules/cacache/lib/content/rm.js @@ -0,0 +1,21 @@ +'use strict' + +const BB = require('bluebird') + +const contentPath = require('./path') +const hasContent = require('./read').hasContent +const rimraf = BB.promisify(require('rimraf')) + +module.exports = rm +function rm (cache, integrity) { + return hasContent(cache, integrity).then(content => { + if (content) { + const sri = content.sri + if (sri) { + return rimraf(contentPath(cache, sri)).then(() => true) + } + } else { + return false + } + }) +} diff --git a/node_modules/libnpm/node_modules/cacache/lib/content/write.js b/node_modules/libnpm/node_modules/cacache/lib/content/write.js new file mode 100644 index 000000000..4d96a3cff --- /dev/null +++ b/node_modules/libnpm/node_modules/cacache/lib/content/write.js @@ -0,0 +1,164 @@ +'use strict' + +const BB = require('bluebird') + +const contentPath = require('./path') +const fixOwner = require('../util/fix-owner') +const fs = require('graceful-fs') +const moveFile = require('../util/move-file') +const PassThrough = require('stream').PassThrough +const path = require('path') +const pipe = BB.promisify(require('mississippi').pipe) +const rimraf = BB.promisify(require('rimraf')) +const ssri = require('ssri') +const to = require('mississippi').to +const uniqueFilename = require('unique-filename') +const Y = require('../util/y.js') + +const writeFileAsync = BB.promisify(fs.writeFile) + +module.exports = write +function write (cache, data, opts) { + opts = opts || {} + if (opts.algorithms && opts.algorithms.length > 1) { + throw new Error( + Y`opts.algorithms only supports a single algorithm for now` + ) + } + if (typeof opts.size === 'number' && data.length !== opts.size) { + return BB.reject(sizeError(opts.size, data.length)) + } + const sri = ssri.fromData(data, { + algorithms: opts.algorithms + }) + if (opts.integrity && !ssri.checkData(data, opts.integrity, opts)) { + return BB.reject(checksumError(opts.integrity, sri)) + } + return BB.using(makeTmp(cache, opts), tmp => ( + writeFileAsync( + tmp.target, data, { flag: 'wx' } + ).then(() => ( + moveToDestination(tmp, cache, sri, opts) + )) + )).then(() => ({ integrity: sri, size: data.length })) +} + +module.exports.stream = writeStream +function writeStream (cache, opts) { + opts = opts || {} + const inputStream = new PassThrough() + let inputErr = false + function errCheck () { + if (inputErr) { throw inputErr } + } + + let allDone + const ret = to((c, n, cb) => { + if (!allDone) { + allDone = handleContent(inputStream, cache, opts, errCheck) + } + inputStream.write(c, n, cb) + }, cb => { + inputStream.end(() => { + if (!allDone) { + const e = new Error(Y`Cache input stream was empty`) + e.code = 'ENODATA' + return ret.emit('error', e) + } + allDone.then(res => { + res.integrity && ret.emit('integrity', res.integrity) + res.size !== null && ret.emit('size', res.size) + cb() + }, e => { + ret.emit('error', e) + }) + }) + }) + ret.once('error', e => { + inputErr = e + }) + return ret +} + +function handleContent (inputStream, cache, opts, errCheck) { + return BB.using(makeTmp(cache, opts), tmp => { + errCheck() + return pipeToTmp( + inputStream, cache, tmp.target, opts, errCheck + ).then(res => { + return moveToDestination( + tmp, cache, res.integrity, opts, errCheck + ).then(() => res) + }) + }) +} + +function pipeToTmp (inputStream, cache, tmpTarget, opts, errCheck) { + return BB.resolve().then(() => { + let integrity + let size + const hashStream = ssri.integrityStream({ + integrity: opts.integrity, + algorithms: opts.algorithms, + size: opts.size + }).on('integrity', s => { + integrity = s + }).on('size', s => { + size = s + }) + const outStream = fs.createWriteStream(tmpTarget, { + flags: 'wx' + }) + errCheck() + return pipe(inputStream, hashStream, outStream).then(() => { + return { integrity, size } + }).catch(err => { + return rimraf(tmpTarget).then(() => { throw err }) + }) + }) +} + +function makeTmp (cache, opts) { + const tmpTarget = uniqueFilename(path.join(cache, 'tmp'), opts.tmpPrefix) + return fixOwner.mkdirfix( + cache, path.dirname(tmpTarget) + ).then(() => ({ + target: tmpTarget, + moved: false + })).disposer(tmp => (!tmp.moved && rimraf(tmp.target))) +} + +function moveToDestination (tmp, cache, sri, opts, errCheck) { + errCheck && errCheck() + const destination = contentPath(cache, sri) + const destDir = path.dirname(destination) + + return fixOwner.mkdirfix( + cache, destDir + ).then(() => { + errCheck && errCheck() + return moveFile(tmp.target, destination) + }).then(() => { + errCheck && errCheck() + tmp.moved = true + return fixOwner.chownr(cache, destination) + }) +} + +function sizeError (expected, found) { + var err = new Error(Y`Bad data size: expected inserted data to be ${expected} bytes, but got ${found} instead`) + err.expected = expected + err.found = found + err.code = 'EBADSIZE' + return err +} + +function checksumError (expected, found) { + var err = new Error(Y`Integrity check failed: + Wanted: ${expected} + Found: ${found}`) + err.code = 'EINTEGRITY' + err.expected = expected + err.found = found + return err +} diff --git a/node_modules/libnpm/node_modules/cacache/lib/entry-index.js b/node_modules/libnpm/node_modules/cacache/lib/entry-index.js new file mode 100644 index 000000000..dee1824b1 --- /dev/null +++ b/node_modules/libnpm/node_modules/cacache/lib/entry-index.js @@ -0,0 +1,288 @@ +'use strict' + +const BB = require('bluebird') + +const contentPath = require('./content/path') +const crypto = require('crypto') +const figgyPudding = require('figgy-pudding') +const fixOwner = require('./util/fix-owner') +const fs = require('graceful-fs') +const hashToSegments = require('./util/hash-to-segments') +const ms = require('mississippi') +const path = require('path') +const ssri = require('ssri') +const Y = require('./util/y.js') + +const indexV = require('../package.json')['cache-version'].index + +const appendFileAsync = BB.promisify(fs.appendFile) +const readFileAsync = BB.promisify(fs.readFile) +const readdirAsync = BB.promisify(fs.readdir) +const concat = ms.concat +const from = ms.from + +module.exports.NotFoundError = class NotFoundError extends Error { + constructor (cache, key) { + super(Y`No cache entry for \`${key}\` found in \`${cache}\``) + this.code = 'ENOENT' + this.cache = cache + this.key = key + } +} + +const IndexOpts = figgyPudding({ + metadata: {}, + size: {} +}) + +module.exports.insert = insert +function insert (cache, key, integrity, opts) { + opts = IndexOpts(opts) + const bucket = bucketPath(cache, key) + const entry = { + key, + integrity: integrity && ssri.stringify(integrity), + time: Date.now(), + size: opts.size, + metadata: opts.metadata + } + return fixOwner.mkdirfix( + cache, path.dirname(bucket) + ).then(() => { + const stringified = JSON.stringify(entry) + // NOTE - Cleverness ahoy! + // + // This works because it's tremendously unlikely for an entry to corrupt + // another while still preserving the string length of the JSON in + // question. So, we just slap the length in there and verify it on read. + // + // Thanks to @isaacs for the whiteboarding session that ended up with this. + return appendFileAsync( + bucket, `\n${hashEntry(stringified)}\t${stringified}` + ) + }).then( + () => fixOwner.chownr(cache, bucket) + ).catch({ code: 'ENOENT' }, () => { + // There's a class of race conditions that happen when things get deleted + // during fixOwner, or between the two mkdirfix/chownr calls. + // + // It's perfectly fine to just not bother in those cases and lie + // that the index entry was written. Because it's a cache. + }).then(() => { + return formatEntry(cache, entry) + }) +} + +module.exports.insert.sync = insertSync +function insertSync (cache, key, integrity, opts) { + opts = IndexOpts(opts) + const bucket = bucketPath(cache, key) + const entry = { + key, + integrity: integrity && ssri.stringify(integrity), + time: Date.now(), + size: opts.size, + metadata: opts.metadata + } + fixOwner.mkdirfix.sync(cache, path.dirname(bucket)) + const stringified = JSON.stringify(entry) + fs.appendFileSync( + bucket, `\n${hashEntry(stringified)}\t${stringified}` + ) + try { + fixOwner.chownr.sync(cache, bucket) + } catch (err) { + if (err.code !== 'ENOENT') { + throw err + } + } + return formatEntry(cache, entry) +} + +module.exports.find = find +function find (cache, key) { + const bucket = bucketPath(cache, key) + return bucketEntries(bucket).then(entries => { + return entries.reduce((latest, next) => { + if (next && next.key === key) { + return formatEntry(cache, next) + } else { + return latest + } + }, null) + }).catch(err => { + if (err.code === 'ENOENT') { + return null + } else { + throw err + } + }) +} + +module.exports.find.sync = findSync +function findSync (cache, key) { + const bucket = bucketPath(cache, key) + try { + return bucketEntriesSync(bucket).reduce((latest, next) => { + if (next && next.key === key) { + return formatEntry(cache, next) + } else { + return latest + } + }, null) + } catch (err) { + if (err.code === 'ENOENT') { + return null + } else { + throw err + } + } +} + +module.exports.delete = del +function del (cache, key, opts) { + return insert(cache, key, null, opts) +} + +module.exports.delete.sync = delSync +function delSync (cache, key, opts) { + return insertSync(cache, key, null, opts) +} + +module.exports.lsStream = lsStream +function lsStream (cache) { + const indexDir = bucketDir(cache) + const stream = from.obj() + + // "/cachename/*" + readdirOrEmpty(indexDir).map(bucket => { + const bucketPath = path.join(indexDir, bucket) + + // "/cachename/<bucket 0xFF>/*" + return readdirOrEmpty(bucketPath).map(subbucket => { + const subbucketPath = path.join(bucketPath, subbucket) + + // "/cachename/<bucket 0xFF>/<bucket 0xFF>/*" + return readdirOrEmpty(subbucketPath).map(entry => { + const getKeyToEntry = bucketEntries( + path.join(subbucketPath, entry) + ).reduce((acc, entry) => { + acc.set(entry.key, entry) + return acc + }, new Map()) + + return getKeyToEntry.then(reduced => { + for (let entry of reduced.values()) { + const formatted = formatEntry(cache, entry) + formatted && stream.push(formatted) + } + }).catch({ code: 'ENOENT' }, nop) + }) + }) + }).then(() => { + stream.push(null) + }, err => { + stream.emit('error', err) + }) + + return stream +} + +module.exports.ls = ls +function ls (cache) { + return BB.fromNode(cb => { + lsStream(cache).on('error', cb).pipe(concat(entries => { + cb(null, entries.reduce((acc, xs) => { + acc[xs.key] = xs + return acc + }, {})) + })) + }) +} + +function bucketEntries (bucket, filter) { + return readFileAsync( + bucket, 'utf8' + ).then(data => _bucketEntries(data, filter)) +} + +function bucketEntriesSync (bucket, filter) { + const data = fs.readFileSync(bucket, 'utf8') + return _bucketEntries(data, filter) +} + +function _bucketEntries (data, filter) { + let entries = [] + data.split('\n').forEach(entry => { + if (!entry) { return } + const pieces = entry.split('\t') + if (!pieces[1] || hashEntry(pieces[1]) !== pieces[0]) { + // Hash is no good! Corruption or malice? Doesn't matter! + // EJECT EJECT + return + } + let obj + try { + obj = JSON.parse(pieces[1]) + } catch (e) { + // Entry is corrupted! + return + } + if (obj) { + entries.push(obj) + } + }) + return entries +} + +module.exports._bucketDir = bucketDir +function bucketDir (cache) { + return path.join(cache, `index-v${indexV}`) +} + +module.exports._bucketPath = bucketPath +function bucketPath (cache, key) { + const hashed = hashKey(key) + return path.join.apply(path, [bucketDir(cache)].concat( + hashToSegments(hashed) + )) +} + +module.exports._hashKey = hashKey +function hashKey (key) { + return hash(key, 'sha256') +} + +module.exports._hashEntry = hashEntry +function hashEntry (str) { + return hash(str, 'sha1') +} + +function hash (str, digest) { + return crypto + .createHash(digest) + .update(str) + .digest('hex') +} + +function formatEntry (cache, entry) { + // Treat null digests as deletions. They'll shadow any previous entries. + if (!entry.integrity) { return null } + return { + key: entry.key, + integrity: entry.integrity, + path: contentPath(cache, entry.integrity), + size: entry.size, + time: entry.time, + metadata: entry.metadata + } +} + +function readdirOrEmpty (dir) { + return readdirAsync(dir) + .catch({ code: 'ENOENT' }, () => []) + .catch({ code: 'ENOTDIR' }, () => []) +} + +function nop () { +} diff --git a/node_modules/libnpm/node_modules/cacache/lib/memoization.js b/node_modules/libnpm/node_modules/cacache/lib/memoization.js new file mode 100644 index 000000000..92179c7ac --- /dev/null +++ b/node_modules/libnpm/node_modules/cacache/lib/memoization.js @@ -0,0 +1,69 @@ +'use strict' + +const LRU = require('lru-cache') + +const MAX_SIZE = 50 * 1024 * 1024 // 50MB +const MAX_AGE = 3 * 60 * 1000 + +let MEMOIZED = new LRU({ + max: MAX_SIZE, + maxAge: MAX_AGE, + length: (entry, key) => { + if (key.startsWith('key:')) { + return entry.data.length + } else if (key.startsWith('digest:')) { + return entry.length + } + } +}) + +module.exports.clearMemoized = clearMemoized +function clearMemoized () { + const old = {} + MEMOIZED.forEach((v, k) => { + old[k] = v + }) + MEMOIZED.reset() + return old +} + +module.exports.put = put +function put (cache, entry, data, opts) { + pickMem(opts).set(`key:${cache}:${entry.key}`, { entry, data }) + putDigest(cache, entry.integrity, data, opts) +} + +module.exports.put.byDigest = putDigest +function putDigest (cache, integrity, data, opts) { + pickMem(opts).set(`digest:${cache}:${integrity}`, data) +} + +module.exports.get = get +function get (cache, key, opts) { + return pickMem(opts).get(`key:${cache}:${key}`) +} + +module.exports.get.byDigest = getDigest +function getDigest (cache, integrity, opts) { + return pickMem(opts).get(`digest:${cache}:${integrity}`) +} + +class ObjProxy { + constructor (obj) { + this.obj = obj + } + get (key) { return this.obj[key] } + set (key, val) { this.obj[key] = val } +} + +function pickMem (opts) { + if (!opts || !opts.memoize) { + return MEMOIZED + } else if (opts.memoize.get && opts.memoize.set) { + return opts.memoize + } else if (typeof opts.memoize === 'object') { + return new ObjProxy(opts.memoize) + } else { + return MEMOIZED + } +} diff --git a/node_modules/libnpm/node_modules/cacache/lib/util/fix-owner.js b/node_modules/libnpm/node_modules/cacache/lib/util/fix-owner.js new file mode 100644 index 000000000..f5c33db5f --- /dev/null +++ b/node_modules/libnpm/node_modules/cacache/lib/util/fix-owner.js @@ -0,0 +1,128 @@ +'use strict' + +const BB = require('bluebird') + +const chownr = BB.promisify(require('chownr')) +const mkdirp = BB.promisify(require('mkdirp')) +const inflight = require('promise-inflight') +const inferOwner = require('infer-owner') + +// Memoize getuid()/getgid() calls. +// patch process.setuid/setgid to invalidate cached value on change +const self = { uid: null, gid: null } +const getSelf = () => { + if (typeof self.uid !== 'number') { + self.uid = process.getuid() + const setuid = process.setuid + process.setuid = (uid) => { + self.uid = null + process.setuid = setuid + return process.setuid(uid) + } + } + if (typeof self.gid !== 'number') { + self.gid = process.getgid() + const setgid = process.setgid + process.setgid = (gid) => { + self.gid = null + process.setgid = setgid + return process.setgid(gid) + } + } +} + +module.exports.chownr = fixOwner +function fixOwner (cache, filepath) { + if (!process.getuid) { + // This platform doesn't need ownership fixing + return BB.resolve() + } + + getSelf() + if (self.uid !== 0) { + // almost certainly can't chown anyway + return BB.resolve() + } + + return BB.resolve(inferOwner(cache)).then(owner => { + const { uid, gid } = owner + + // No need to override if it's already what we used. + if (self.uid === uid && self.gid === gid) { + return + } + + return inflight( + 'fixOwner: fixing ownership on ' + filepath, + () => chownr( + filepath, + typeof uid === 'number' ? uid : self.uid, + typeof gid === 'number' ? gid : self.gid + ).catch({ code: 'ENOENT' }, () => null) + ) + }) +} + +module.exports.chownr.sync = fixOwnerSync +function fixOwnerSync (cache, filepath) { + if (!process.getuid) { + // This platform doesn't need ownership fixing + return + } + const { uid, gid } = inferOwner.sync(cache) + getSelf() + if (self.uid === uid && self.gid === gid) { + // No need to override if it's already what we used. + return + } + try { + chownr.sync( + filepath, + typeof uid === 'number' ? uid : self.uid, + typeof gid === 'number' ? gid : self.gid + ) + } catch (err) { + // only catch ENOENT, any other error is a problem. + if (err.code === 'ENOENT') { + return null + } + throw err + } +} + +module.exports.mkdirfix = mkdirfix +function mkdirfix (cache, p, cb) { + // we have to infer the owner _before_ making the directory, even though + // we aren't going to use the results, since the cache itself might not + // exist yet. If we mkdirp it, then our current uid/gid will be assumed + // to be correct if it creates the cache folder in the process. + return BB.resolve(inferOwner(cache)).then(() => { + return mkdirp(p).then(made => { + if (made) { + return fixOwner(cache, made).then(() => made) + } + }).catch({ code: 'EEXIST' }, () => { + // There's a race in mkdirp! + return fixOwner(cache, p).then(() => null) + }) + }) +} + +module.exports.mkdirfix.sync = mkdirfixSync +function mkdirfixSync (cache, p) { + try { + inferOwner.sync(cache) + const made = mkdirp.sync(p) + if (made) { + fixOwnerSync(cache, made) + return made + } + } catch (err) { + if (err.code === 'EEXIST') { + fixOwnerSync(cache, p) + return null + } else { + throw err + } + } +} diff --git a/node_modules/libnpm/node_modules/cacache/lib/util/hash-to-segments.js b/node_modules/libnpm/node_modules/cacache/lib/util/hash-to-segments.js new file mode 100644 index 000000000..192be2a6d --- /dev/null +++ b/node_modules/libnpm/node_modules/cacache/lib/util/hash-to-segments.js @@ -0,0 +1,11 @@ +'use strict' + +module.exports = hashToSegments + +function hashToSegments (hash) { + return [ + hash.slice(0, 2), + hash.slice(2, 4), + hash.slice(4) + ] +} diff --git a/node_modules/libnpm/node_modules/cacache/lib/util/move-file.js b/node_modules/libnpm/node_modules/cacache/lib/util/move-file.js new file mode 100644 index 000000000..b43744b3d --- /dev/null +++ b/node_modules/libnpm/node_modules/cacache/lib/util/move-file.js @@ -0,0 +1,51 @@ +'use strict' + +const fs = require('graceful-fs') +const BB = require('bluebird') +const chmod = BB.promisify(fs.chmod) +const unlink = BB.promisify(fs.unlink) +let move +let pinflight + +module.exports = moveFile +function moveFile (src, dest) { + // This isn't quite an fs.rename -- the assumption is that + // if `dest` already exists, and we get certain errors while + // trying to move it, we should just not bother. + // + // In the case of cache corruption, users will receive an + // EINTEGRITY error elsewhere, and can remove the offending + // content their own way. + // + // Note that, as the name suggests, this strictly only supports file moves. + return BB.fromNode(cb => { + fs.link(src, dest, err => { + if (err) { + if (err.code === 'EEXIST' || err.code === 'EBUSY') { + // file already exists, so whatever + } else if (err.code === 'EPERM' && process.platform === 'win32') { + // file handle stayed open even past graceful-fs limits + } else { + return cb(err) + } + } + return cb() + }) + }).then(() => { + // content should never change for any reason, so make it read-only + return BB.join(unlink(src), process.platform !== 'win32' && chmod(dest, '0444')) + }).catch(() => { + if (!pinflight) { pinflight = require('promise-inflight') } + return pinflight('cacache-move-file:' + dest, () => { + return BB.promisify(fs.stat)(dest).catch(err => { + if (err.code !== 'ENOENT') { + // Something else is wrong here. Bail bail bail + throw err + } + // file doesn't already exist! let's try a rename -> copy fallback + if (!move) { move = require('move-concurrently') } + return move(src, dest, { BB, fs }) + }) + }) + }) +} diff --git a/node_modules/libnpm/node_modules/cacache/lib/util/tmp.js b/node_modules/libnpm/node_modules/cacache/lib/util/tmp.js new file mode 100644 index 000000000..78494b8ea --- /dev/null +++ b/node_modules/libnpm/node_modules/cacache/lib/util/tmp.js @@ -0,0 +1,37 @@ +'use strict' + +const BB = require('bluebird') + +const figgyPudding = require('figgy-pudding') +const fixOwner = require('./fix-owner') +const path = require('path') +const rimraf = BB.promisify(require('rimraf')) +const uniqueFilename = require('unique-filename') + +const TmpOpts = figgyPudding({ + tmpPrefix: {} +}) + +module.exports.mkdir = mktmpdir +function mktmpdir (cache, opts) { + opts = TmpOpts(opts) + const tmpTarget = uniqueFilename(path.join(cache, 'tmp'), opts.tmpPrefix) + return fixOwner.mkdirfix(cache, tmpTarget).then(() => { + return tmpTarget + }) +} + +module.exports.withTmp = withTmp +function withTmp (cache, opts, cb) { + if (!cb) { + cb = opts + opts = null + } + opts = TmpOpts(opts) + return BB.using(mktmpdir(cache, opts).disposer(rimraf), cb) +} + +module.exports.fix = fixtmpdir +function fixtmpdir (cache) { + return fixOwner(cache, path.join(cache, 'tmp')) +} diff --git a/node_modules/libnpm/node_modules/cacache/lib/util/y.js b/node_modules/libnpm/node_modules/cacache/lib/util/y.js new file mode 100644 index 000000000..d62bedacb --- /dev/null +++ b/node_modules/libnpm/node_modules/cacache/lib/util/y.js @@ -0,0 +1,25 @@ +'use strict' + +const path = require('path') +const y18n = require('y18n')({ + directory: path.join(__dirname, '../../locales'), + locale: 'en', + updateFiles: process.env.CACACHE_UPDATE_LOCALE_FILES === 'true' +}) + +module.exports = yTag +function yTag (parts) { + let str = '' + parts.forEach((part, i) => { + const arg = arguments[i + 1] + str += part + if (arg) { + str += '%s' + } + }) + return y18n.__.apply(null, [str].concat([].slice.call(arguments, 1))) +} + +module.exports.setLocale = locale => { + y18n.setLocale(locale) +} diff --git a/node_modules/libnpm/node_modules/cacache/lib/verify.js b/node_modules/libnpm/node_modules/cacache/lib/verify.js new file mode 100644 index 000000000..617d38db1 --- /dev/null +++ b/node_modules/libnpm/node_modules/cacache/lib/verify.js @@ -0,0 +1,227 @@ +'use strict' + +const BB = require('bluebird') + +const contentPath = require('./content/path') +const figgyPudding = require('figgy-pudding') +const finished = BB.promisify(require('mississippi').finished) +const fixOwner = require('./util/fix-owner') +const fs = require('graceful-fs') +const glob = BB.promisify(require('glob')) +const index = require('./entry-index') +const path = require('path') +const rimraf = BB.promisify(require('rimraf')) +const ssri = require('ssri') + +BB.promisifyAll(fs) + +const VerifyOpts = figgyPudding({ + concurrency: { + default: 20 + }, + filter: {}, + log: { + default: { silly () {} } + } +}) + +module.exports = verify +function verify (cache, opts) { + opts = VerifyOpts(opts) + opts.log.silly('verify', 'verifying cache at', cache) + return BB.reduce([ + markStartTime, + fixPerms, + garbageCollect, + rebuildIndex, + cleanTmp, + writeVerifile, + markEndTime + ], (stats, step, i) => { + const label = step.name || `step #${i}` + const start = new Date() + return BB.resolve(step(cache, opts)).then(s => { + s && Object.keys(s).forEach(k => { + stats[k] = s[k] + }) + const end = new Date() + if (!stats.runTime) { stats.runTime = {} } + stats.runTime[label] = end - start + return stats + }) + }, {}).tap(stats => { + stats.runTime.total = stats.endTime - stats.startTime + opts.log.silly('verify', 'verification finished for', cache, 'in', `${stats.runTime.total}ms`) + }) +} + +function markStartTime (cache, opts) { + return { startTime: new Date() } +} + +function markEndTime (cache, opts) { + return { endTime: new Date() } +} + +function fixPerms (cache, opts) { + opts.log.silly('verify', 'fixing cache permissions') + return fixOwner.mkdirfix(cache, cache).then(() => { + // TODO - fix file permissions too + return fixOwner.chownr(cache, cache) + }).then(() => null) +} + +// Implements a naive mark-and-sweep tracing garbage collector. +// +// The algorithm is basically as follows: +// 1. Read (and filter) all index entries ("pointers") +// 2. Mark each integrity value as "live" +// 3. Read entire filesystem tree in `content-vX/` dir +// 4. If content is live, verify its checksum and delete it if it fails +// 5. If content is not marked as live, rimraf it. +// +function garbageCollect (cache, opts) { + opts.log.silly('verify', 'garbage collecting content') + const indexStream = index.lsStream(cache) + const liveContent = new Set() + indexStream.on('data', entry => { + if (opts.filter && !opts.filter(entry)) { return } + liveContent.add(entry.integrity.toString()) + }) + return finished(indexStream).then(() => { + const contentDir = contentPath._contentDir(cache) + return glob(path.join(contentDir, '**'), { + follow: false, + nodir: true, + nosort: true + }).then(files => { + return BB.resolve({ + verifiedContent: 0, + reclaimedCount: 0, + reclaimedSize: 0, + badContentCount: 0, + keptSize: 0 + }).tap((stats) => BB.map(files, (f) => { + const split = f.split(/[/\\]/) + const digest = split.slice(split.length - 3).join('') + const algo = split[split.length - 4] + const integrity = ssri.fromHex(digest, algo) + if (liveContent.has(integrity.toString())) { + return verifyContent(f, integrity).then(info => { + if (!info.valid) { + stats.reclaimedCount++ + stats.badContentCount++ + stats.reclaimedSize += info.size + } else { + stats.verifiedContent++ + stats.keptSize += info.size + } + return stats + }) + } else { + // No entries refer to this content. We can delete. + stats.reclaimedCount++ + return fs.statAsync(f).then(s => { + return rimraf(f).then(() => { + stats.reclaimedSize += s.size + return stats + }) + }) + } + }, { concurrency: opts.concurrency })) + }) + }) +} + +function verifyContent (filepath, sri) { + return fs.statAsync(filepath).then(stat => { + const contentInfo = { + size: stat.size, + valid: true + } + return ssri.checkStream( + fs.createReadStream(filepath), + sri + ).catch(err => { + if (err.code !== 'EINTEGRITY') { throw err } + return rimraf(filepath).then(() => { + contentInfo.valid = false + }) + }).then(() => contentInfo) + }).catch({ code: 'ENOENT' }, () => ({ size: 0, valid: false })) +} + +function rebuildIndex (cache, opts) { + opts.log.silly('verify', 'rebuilding index') + return index.ls(cache).then(entries => { + const stats = { + missingContent: 0, + rejectedEntries: 0, + totalEntries: 0 + } + const buckets = {} + for (let k in entries) { + if (entries.hasOwnProperty(k)) { + const hashed = index._hashKey(k) + const entry = entries[k] + const excluded = opts.filter && !opts.filter(entry) + excluded && stats.rejectedEntries++ + if (buckets[hashed] && !excluded) { + buckets[hashed].push(entry) + } else if (buckets[hashed] && excluded) { + // skip + } else if (excluded) { + buckets[hashed] = [] + buckets[hashed]._path = index._bucketPath(cache, k) + } else { + buckets[hashed] = [entry] + buckets[hashed]._path = index._bucketPath(cache, k) + } + } + } + return BB.map(Object.keys(buckets), key => { + return rebuildBucket(cache, buckets[key], stats, opts) + }, { concurrency: opts.concurrency }).then(() => stats) + }) +} + +function rebuildBucket (cache, bucket, stats, opts) { + return fs.truncateAsync(bucket._path).then(() => { + // This needs to be serialized because cacache explicitly + // lets very racy bucket conflicts clobber each other. + return BB.mapSeries(bucket, entry => { + const content = contentPath(cache, entry.integrity) + return fs.statAsync(content).then(() => { + return index.insert(cache, entry.key, entry.integrity, { + metadata: entry.metadata, + size: entry.size + }).then(() => { stats.totalEntries++ }) + }).catch({ code: 'ENOENT' }, () => { + stats.rejectedEntries++ + stats.missingContent++ + }) + }) + }) +} + +function cleanTmp (cache, opts) { + opts.log.silly('verify', 'cleaning tmp directory') + return rimraf(path.join(cache, 'tmp')) +} + +function writeVerifile (cache, opts) { + const verifile = path.join(cache, '_lastverified') + opts.log.silly('verify', 'writing verifile to ' + verifile) + try { + return fs.writeFileAsync(verifile, '' + (+(new Date()))) + } finally { + fixOwner.chownr.sync(cache, verifile) + } +} + +module.exports.lastRun = lastRun +function lastRun (cache) { + return fs.readFileAsync( + path.join(cache, '_lastverified'), 'utf8' + ).then(data => new Date(+data)) +} diff --git a/node_modules/libnpm/node_modules/cacache/locales/en.js b/node_modules/libnpm/node_modules/cacache/locales/en.js new file mode 100644 index 000000000..1715fdb53 --- /dev/null +++ b/node_modules/libnpm/node_modules/cacache/locales/en.js @@ -0,0 +1,47 @@ +'use strict' + +const ls = require('../ls.js') +const get = require('../get.js') +const put = require('../put.js') +const rm = require('../rm.js') +const verify = require('../verify.js') +const setLocale = require('../lib/util/y.js').setLocale +const clearMemoized = require('../lib/memoization.js').clearMemoized +const tmp = require('../lib/util/tmp.js') + +setLocale('en') + +const x = module.exports + +x.ls = cache => ls(cache) +x.ls.stream = cache => ls.stream(cache) + +x.get = (cache, key, opts) => get(cache, key, opts) +x.get.byDigest = (cache, hash, opts) => get.byDigest(cache, hash, opts) +x.get.sync = (cache, key, opts) => get.sync(cache, key, opts) +x.get.sync.byDigest = (cache, key, opts) => get.sync.byDigest(cache, key, opts) +x.get.stream = (cache, key, opts) => get.stream(cache, key, opts) +x.get.stream.byDigest = (cache, hash, opts) => get.stream.byDigest(cache, hash, opts) +x.get.copy = (cache, key, dest, opts) => get.copy(cache, key, dest, opts) +x.get.copy.byDigest = (cache, hash, dest, opts) => get.copy.byDigest(cache, hash, dest, opts) +x.get.info = (cache, key) => get.info(cache, key) +x.get.hasContent = (cache, hash) => get.hasContent(cache, hash) +x.get.hasContent.sync = (cache, hash) => get.hasContent.sync(cache, hash) + +x.put = (cache, key, data, opts) => put(cache, key, data, opts) +x.put.stream = (cache, key, opts) => put.stream(cache, key, opts) + +x.rm = (cache, key) => rm.entry(cache, key) +x.rm.all = cache => rm.all(cache) +x.rm.entry = x.rm +x.rm.content = (cache, hash) => rm.content(cache, hash) + +x.setLocale = lang => setLocale(lang) +x.clearMemoized = () => clearMemoized() + +x.tmp = {} +x.tmp.mkdir = (cache, opts) => tmp.mkdir(cache, opts) +x.tmp.withTmp = (cache, opts, cb) => tmp.withTmp(cache, opts, cb) + +x.verify = (cache, opts) => verify(cache, opts) +x.verify.lastRun = cache => verify.lastRun(cache) diff --git a/node_modules/libnpm/node_modules/cacache/locales/en.json b/node_modules/libnpm/node_modules/cacache/locales/en.json new file mode 100644 index 000000000..4f1452884 --- /dev/null +++ b/node_modules/libnpm/node_modules/cacache/locales/en.json @@ -0,0 +1,7 @@ +{ + "No cache entry for `%s` found in `%s`": "No cache entry for %s found in %s", + "Integrity verification failed for %s (%s)": "Integrity verification failed for %s (%s)", + "Bad data size: expected inserted data to be %s bytes, but got %s instead": "Bad data size: expected inserted data to be %s bytes, but got %s instead", + "Cache input stream was empty": "Cache input stream was empty", + "Integrity check failed:\n Wanted: %s\n Found: %s": "Integrity check failed:\n Wanted: %s\n Found: %s" +}
\ No newline at end of file diff --git a/node_modules/libnpm/node_modules/cacache/locales/es.js b/node_modules/libnpm/node_modules/cacache/locales/es.js new file mode 100644 index 000000000..ac4e4cfe7 --- /dev/null +++ b/node_modules/libnpm/node_modules/cacache/locales/es.js @@ -0,0 +1,49 @@ +'use strict' + +const ls = require('../ls.js') +const get = require('../get.js') +const put = require('../put.js') +const rm = require('../rm.js') +const verify = require('../verify.js') +const setLocale = require('../lib/util/y.js').setLocale +const clearMemoized = require('../lib/memoization.js').clearMemoized +const tmp = require('../lib/util/tmp.js') + +setLocale('es') + +const x = module.exports + +x.ls = cache => ls(cache) +x.ls.flujo = cache => ls.stream(cache) + +x.saca = (cache, clave, ops) => get(cache, clave, ops) +x.saca.porHacheo = (cache, hacheo, ops) => get.byDigest(cache, hacheo, ops) +x.saca.sinc = (cache, clave, ops) => get.sync(cache, clave, ops) +x.saca.sinc.porHacheo = (cache, hacheo, ops) => get.sync.byDigest(cache, hacheo, ops) +x.saca.flujo = (cache, clave, ops) => get.stream(cache, clave, ops) +x.saca.flujo.porHacheo = (cache, hacheo, ops) => get.stream.byDigest(cache, hacheo, ops) +x.sava.copia = (cache, clave, destino, opts) => get.copy(cache, clave, destino, opts) +x.sava.copia.porHacheo = (cache, hacheo, destino, opts) => get.copy.byDigest(cache, hacheo, destino, opts) +x.saca.info = (cache, clave) => get.info(cache, clave) +x.saca.tieneDatos = (cache, hacheo) => get.hasContent(cache, hacheo) +x.saca.tieneDatos.sinc = (cache, hacheo) => get.hasContent.sync(cache, hacheo) + +x.mete = (cache, clave, datos, ops) => put(cache, clave, datos, ops) +x.mete.flujo = (cache, clave, ops) => put.stream(cache, clave, ops) + +x.rm = (cache, clave) => rm.entry(cache, clave) +x.rm.todo = cache => rm.all(cache) +x.rm.entrada = x.rm +x.rm.datos = (cache, hacheo) => rm.content(cache, hacheo) + +x.ponLenguaje = lang => setLocale(lang) +x.limpiaMemoizado = () => clearMemoized() + +x.tmp = {} +x.tmp.mkdir = (cache, ops) => tmp.mkdir(cache, ops) +x.tmp.hazdir = x.tmp.mkdir +x.tmp.conTmp = (cache, ops, cb) => tmp.withTmp(cache, ops, cb) + +x.verifica = (cache, ops) => verify(cache, ops) +x.verifica.ultimaVez = cache => verify.lastRun(cache) +x.verifica.últimaVez = x.verifica.ultimaVez diff --git a/node_modules/libnpm/node_modules/cacache/locales/es.json b/node_modules/libnpm/node_modules/cacache/locales/es.json new file mode 100644 index 000000000..a91d76225 --- /dev/null +++ b/node_modules/libnpm/node_modules/cacache/locales/es.json @@ -0,0 +1,6 @@ +{ + "No cache entry for `%s` found in `%s`": "No existe ninguna entrada para «%s» en «%s»", + "Integrity verification failed for %s (%s)": "Verificación de integridad falló para «%s» (%s)", + "Bad data size: expected inserted data to be %s bytes, but got %s instead": "Tamaño incorrecto de datos: los datos insertados debieron haber sido %s octetos, pero fueron %s", + "Cache input stream was empty": "El stream de entrada al caché estaba vacío" +} diff --git a/node_modules/libnpm/node_modules/cacache/ls.js b/node_modules/libnpm/node_modules/cacache/ls.js new file mode 100644 index 000000000..9f49b388a --- /dev/null +++ b/node_modules/libnpm/node_modules/cacache/ls.js @@ -0,0 +1,6 @@ +'use strict' + +var index = require('./lib/entry-index') + +module.exports = index.ls +module.exports.stream = index.lsStream diff --git a/node_modules/pacote/node_modules/cacache/package.json b/node_modules/libnpm/node_modules/cacache/package.json index 8f0e2b114..c5802ac60 100644 --- a/node_modules/pacote/node_modules/cacache/package.json +++ b/node_modules/libnpm/node_modules/cacache/package.json @@ -3,7 +3,7 @@ "_id": "cacache@12.0.3", "_inBundle": false, "_integrity": "sha512-kqdmfXEGFepesTuROHMs3MpFLWrPkSSpRqOw80RCflZXy/khxaArvFrQ7uJxSUduzAufc6G0g1VUCOZXxWavPw==", - "_location": "/pacote/cacache", + "_location": "/libnpm/cacache", "_phantomChildren": {}, "_requested": { "type": "range", @@ -16,12 +16,12 @@ "fetchSpec": "^12.0.2" }, "_requiredBy": [ - "/pacote" + "/libnpm/pacote" ], "_resolved": "https://registry.npmjs.org/cacache/-/cacache-12.0.3.tgz", "_shasum": "be99abba4e1bf5df461cd5a2c1071fc432573390", "_spec": "cacache@^12.0.2", - "_where": "/Users/claudiahdz/npm/cli/node_modules/pacote", + "_where": "/Users/claudiahdz/npm/cli/node_modules/libnpm/node_modules/pacote", "author": { "name": "Kat Marchán", "email": "kzm@sykosomatic.org" diff --git a/node_modules/libnpm/node_modules/cacache/put.js b/node_modules/libnpm/node_modules/cacache/put.js new file mode 100644 index 000000000..a40063930 --- /dev/null +++ b/node_modules/libnpm/node_modules/cacache/put.js @@ -0,0 +1,86 @@ +'use strict' + +const figgyPudding = require('figgy-pudding') +const index = require('./lib/entry-index') +const memo = require('./lib/memoization') +const write = require('./lib/content/write') +const to = require('mississippi').to + +const PutOpts = figgyPudding({ + algorithms: { + default: ['sha512'] + }, + integrity: {}, + memoize: {}, + metadata: {}, + pickAlgorithm: {}, + size: {}, + tmpPrefix: {}, + single: {}, + sep: {}, + error: {}, + strict: {} +}) + +module.exports = putData +function putData (cache, key, data, opts) { + opts = PutOpts(opts) + return write(cache, data, opts).then(res => { + return index.insert( + cache, key, res.integrity, opts.concat({ size: res.size }) + ).then(entry => { + if (opts.memoize) { + memo.put(cache, entry, data, opts) + } + return res.integrity + }) + }) +} + +module.exports.stream = putStream +function putStream (cache, key, opts) { + opts = PutOpts(opts) + let integrity + let size + const contentStream = write.stream( + cache, opts + ).on('integrity', int => { + integrity = int + }).on('size', s => { + size = s + }) + let memoData + let memoTotal = 0 + const stream = to((chunk, enc, cb) => { + contentStream.write(chunk, enc, () => { + if (opts.memoize) { + if (!memoData) { memoData = [] } + memoData.push(chunk) + memoTotal += chunk.length + } + cb() + }) + }, cb => { + contentStream.end(() => { + index.insert(cache, key, integrity, opts.concat({ size })).then(entry => { + if (opts.memoize) { + memo.put(cache, entry, Buffer.concat(memoData, memoTotal), opts) + } + stream.emit('integrity', integrity) + cb() + }) + }) + }) + let erred = false + stream.once('error', err => { + if (erred) { return } + erred = true + contentStream.emit('error', err) + }) + contentStream.once('error', err => { + if (erred) { return } + erred = true + stream.emit('error', err) + }) + return stream +} diff --git a/node_modules/libnpm/node_modules/cacache/rm.js b/node_modules/libnpm/node_modules/cacache/rm.js new file mode 100644 index 000000000..e71a1d27b --- /dev/null +++ b/node_modules/libnpm/node_modules/cacache/rm.js @@ -0,0 +1,28 @@ +'use strict' + +const BB = require('bluebird') + +const index = require('./lib/entry-index') +const memo = require('./lib/memoization') +const path = require('path') +const rimraf = BB.promisify(require('rimraf')) +const rmContent = require('./lib/content/rm') + +module.exports = entry +module.exports.entry = entry +function entry (cache, key) { + memo.clearMemoized() + return index.delete(cache, key) +} + +module.exports.content = content +function content (cache, integrity) { + memo.clearMemoized() + return rmContent(cache, integrity) +} + +module.exports.all = all +function all (cache) { + memo.clearMemoized() + return rimraf(path.join(cache, '*(content-*|index-*)')) +} diff --git a/node_modules/libnpm/node_modules/cacache/verify.js b/node_modules/libnpm/node_modules/cacache/verify.js new file mode 100644 index 000000000..db7763d7a --- /dev/null +++ b/node_modules/libnpm/node_modules/cacache/verify.js @@ -0,0 +1,3 @@ +'use strict' + +module.exports = require('./lib/verify') diff --git a/node_modules/libnpm/node_modules/fs-minipass/LICENSE b/node_modules/libnpm/node_modules/fs-minipass/LICENSE new file mode 100644 index 000000000..19129e315 --- /dev/null +++ b/node_modules/libnpm/node_modules/fs-minipass/LICENSE @@ -0,0 +1,15 @@ +The ISC License + +Copyright (c) Isaac Z. Schlueter and Contributors + +Permission to use, copy, modify, and/or distribute this software for any +purpose with or without fee is hereby granted, provided that the above +copyright notice and this permission notice appear in all copies. + +THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR +IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. diff --git a/node_modules/libnpm/node_modules/fs-minipass/README.md b/node_modules/libnpm/node_modules/fs-minipass/README.md new file mode 100644 index 000000000..1e61241cf --- /dev/null +++ b/node_modules/libnpm/node_modules/fs-minipass/README.md @@ -0,0 +1,70 @@ +# fs-minipass + +Filesystem streams based on [minipass](http://npm.im/minipass). + +4 classes are exported: + +- ReadStream +- ReadStreamSync +- WriteStream +- WriteStreamSync + +When using `ReadStreamSync`, all of the data is made available +immediately upon consuming the stream. Nothing is buffered in memory +when the stream is constructed. If the stream is piped to a writer, +then it will synchronously `read()` and emit data into the writer as +fast as the writer can consume it. (That is, it will respect +backpressure.) If you call `stream.read()` then it will read the +entire file and return the contents. + +When using `WriteStreamSync`, every write is flushed to the file +synchronously. If your writes all come in a single tick, then it'll +write it all out in a single tick. It's as synchronous as you are. + +The async versions work much like their node builtin counterparts, +with the exception of introducing significantly less Stream machinery +overhead. + +## USAGE + +It's just streams, you pipe them or read() them or write() to them. + +```js +const fsm = require('fs-minipass') +const readStream = new fsm.ReadStream('file.txt') +const writeStream = new fsm.WriteStream('output.txt') +writeStream.write('some file header or whatever\n') +readStream.pipe(writeStream) +``` + +## ReadStream(path, options) + +Path string is required, but somewhat irrelevant if an open file +descriptor is passed in as an option. + +Options: + +- `fd` Pass in a numeric file descriptor, if the file is already open. +- `readSize` The size of reads to do, defaults to 16MB +- `size` The size of the file, if known. Prevents zero-byte read() + call at the end. +- `autoClose` Set to `false` to prevent the file descriptor from being + closed when the file is done being read. + +## WriteStream(path, options) + +Path string is required, but somewhat irrelevant if an open file +descriptor is passed in as an option. + +Options: + +- `fd` Pass in a numeric file descriptor, if the file is already open. +- `mode` The mode to create the file with. Defaults to `0o666`. +- `start` The position in the file to start reading. If not + specified, then the file will start writing at position zero, and be + truncated by default. +- `autoClose` Set to `false` to prevent the file descriptor from being + closed when the stream is ended. +- `flags` Flags to use when opening the file. Irrelevant if `fd` is + passed in, since file won't be opened in that case. Defaults to + `'a'` if a `pos` is specified, or `'w'` otherwise. diff --git a/node_modules/libnpm/node_modules/fs-minipass/index.js b/node_modules/libnpm/node_modules/fs-minipass/index.js new file mode 100644 index 000000000..cd585a83c --- /dev/null +++ b/node_modules/libnpm/node_modules/fs-minipass/index.js @@ -0,0 +1,387 @@ +'use strict' +const MiniPass = require('minipass') +const EE = require('events').EventEmitter +const fs = require('fs') + +// for writev +const binding = process.binding('fs') +const writeBuffers = binding.writeBuffers +/* istanbul ignore next */ +const FSReqWrap = binding.FSReqWrap || binding.FSReqCallback + +const _autoClose = Symbol('_autoClose') +const _close = Symbol('_close') +const _ended = Symbol('_ended') +const _fd = Symbol('_fd') +const _finished = Symbol('_finished') +const _flags = Symbol('_flags') +const _flush = Symbol('_flush') +const _handleChunk = Symbol('_handleChunk') +const _makeBuf = Symbol('_makeBuf') +const _mode = Symbol('_mode') +const _needDrain = Symbol('_needDrain') +const _onerror = Symbol('_onerror') +const _onopen = Symbol('_onopen') +const _onread = Symbol('_onread') +const _onwrite = Symbol('_onwrite') +const _open = Symbol('_open') +const _path = Symbol('_path') +const _pos = Symbol('_pos') +const _queue = Symbol('_queue') +const _read = Symbol('_read') +const _readSize = Symbol('_readSize') +const _reading = Symbol('_reading') +const _remain = Symbol('_remain') +const _size = Symbol('_size') +const _write = Symbol('_write') +const _writing = Symbol('_writing') +const _defaultFlag = Symbol('_defaultFlag') + +class ReadStream extends MiniPass { + constructor (path, opt) { + opt = opt || {} + super(opt) + + this.writable = false + + if (typeof path !== 'string') + throw new TypeError('path must be a string') + + this[_fd] = typeof opt.fd === 'number' ? opt.fd : null + this[_path] = path + this[_readSize] = opt.readSize || 16*1024*1024 + this[_reading] = false + this[_size] = typeof opt.size === 'number' ? opt.size : Infinity + this[_remain] = this[_size] + this[_autoClose] = typeof opt.autoClose === 'boolean' ? + opt.autoClose : true + + if (typeof this[_fd] === 'number') + this[_read]() + else + this[_open]() + } + + get fd () { return this[_fd] } + get path () { return this[_path] } + + write () { + throw new TypeError('this is a readable stream') + } + + end () { + throw new TypeError('this is a readable stream') + } + + [_open] () { + fs.open(this[_path], 'r', (er, fd) => this[_onopen](er, fd)) + } + + [_onopen] (er, fd) { + if (er) + this[_onerror](er) + else { + this[_fd] = fd + this.emit('open', fd) + this[_read]() + } + } + + [_makeBuf] () { + return Buffer.allocUnsafe(Math.min(this[_readSize], this[_remain])) + } + + [_read] () { + if (!this[_reading]) { + this[_reading] = true + const buf = this[_makeBuf]() + /* istanbul ignore if */ + if (buf.length === 0) return process.nextTick(() => this[_onread](null, 0, buf)) + fs.read(this[_fd], buf, 0, buf.length, null, (er, br, buf) => + this[_onread](er, br, buf)) + } + } + + [_onread] (er, br, buf) { + this[_reading] = false + if (er) + this[_onerror](er) + else if (this[_handleChunk](br, buf)) + this[_read]() + } + + [_close] () { + if (this[_autoClose] && typeof this[_fd] === 'number') { + fs.close(this[_fd], _ => this.emit('close')) + this[_fd] = null + } + } + + [_onerror] (er) { + this[_reading] = true + this[_close]() + this.emit('error', er) + } + + [_handleChunk] (br, buf) { + let ret = false + // no effect if infinite + this[_remain] -= br + if (br > 0) + ret = super.write(br < buf.length ? buf.slice(0, br) : buf) + + if (br === 0 || this[_remain] <= 0) { + ret = false + this[_close]() + super.end() + } + + return ret + } + + emit (ev, data) { + switch (ev) { + case 'prefinish': + case 'finish': + break + + case 'drain': + if (typeof this[_fd] === 'number') + this[_read]() + break + + default: + return super.emit(ev, data) + } + } +} + +class ReadStreamSync extends ReadStream { + [_open] () { + let threw = true + try { + this[_onopen](null, fs.openSync(this[_path], 'r')) + threw = false + } finally { + if (threw) + this[_close]() + } + } + + [_read] () { + let threw = true + try { + if (!this[_reading]) { + this[_reading] = true + do { + const buf = this[_makeBuf]() + /* istanbul ignore next */ + const br = buf.length === 0 ? 0 : fs.readSync(this[_fd], buf, 0, buf.length, null) + if (!this[_handleChunk](br, buf)) + break + } while (true) + this[_reading] = false + } + threw = false + } finally { + if (threw) + this[_close]() + } + } + + [_close] () { + if (this[_autoClose] && typeof this[_fd] === 'number') { + try { + fs.closeSync(this[_fd]) + } catch (er) {} + this[_fd] = null + this.emit('close') + } + } +} + +class WriteStream extends EE { + constructor (path, opt) { + opt = opt || {} + super(opt) + this.readable = false + this[_writing] = false + this[_ended] = false + this[_needDrain] = false + this[_queue] = [] + this[_path] = path + this[_fd] = typeof opt.fd === 'number' ? opt.fd : null + this[_mode] = opt.mode === undefined ? 0o666 : opt.mode + this[_pos] = typeof opt.start === 'number' ? opt.start : null + this[_autoClose] = typeof opt.autoClose === 'boolean' ? + opt.autoClose : true + + // truncating makes no sense when writing into the middle + const defaultFlag = this[_pos] !== null ? 'r+' : 'w' + this[_defaultFlag] = opt.flags === undefined + this[_flags] = this[_defaultFlag] ? defaultFlag : opt.flags + + if (this[_fd] === null) + this[_open]() + } + + get fd () { return this[_fd] } + get path () { return this[_path] } + + [_onerror] (er) { + this[_close]() + this[_writing] = true + this.emit('error', er) + } + + [_open] () { + fs.open(this[_path], this[_flags], this[_mode], + (er, fd) => this[_onopen](er, fd)) + } + + [_onopen] (er, fd) { + if (this[_defaultFlag] && + this[_flags] === 'r+' && + er && er.code === 'ENOENT') { + this[_flags] = 'w' + this[_open]() + } else if (er) + this[_onerror](er) + else { + this[_fd] = fd + this.emit('open', fd) + this[_flush]() + } + } + + end (buf, enc) { + if (buf) + this.write(buf, enc) + + this[_ended] = true + + // synthetic after-write logic, where drain/finish live + if (!this[_writing] && !this[_queue].length && + typeof this[_fd] === 'number') + this[_onwrite](null, 0) + } + + write (buf, enc) { + if (typeof buf === 'string') + buf = new Buffer(buf, enc) + + if (this[_ended]) { + this.emit('error', new Error('write() after end()')) + return false + } + + if (this[_fd] === null || this[_writing] || this[_queue].length) { + this[_queue].push(buf) + this[_needDrain] = true + return false + } + + this[_writing] = true + this[_write](buf) + return true + } + + [_write] (buf) { + fs.write(this[_fd], buf, 0, buf.length, this[_pos], (er, bw) => + this[_onwrite](er, bw)) + } + + [_onwrite] (er, bw) { + if (er) + this[_onerror](er) + else { + if (this[_pos] !== null) + this[_pos] += bw + if (this[_queue].length) + this[_flush]() + else { + this[_writing] = false + + if (this[_ended] && !this[_finished]) { + this[_finished] = true + this[_close]() + this.emit('finish') + } else if (this[_needDrain]) { + this[_needDrain] = false + this.emit('drain') + } + } + } + } + + [_flush] () { + if (this[_queue].length === 0) { + if (this[_ended]) + this[_onwrite](null, 0) + } else if (this[_queue].length === 1) + this[_write](this[_queue].pop()) + else { + const iovec = this[_queue] + this[_queue] = [] + writev(this[_fd], iovec, this[_pos], + (er, bw) => this[_onwrite](er, bw)) + } + } + + [_close] () { + if (this[_autoClose] && typeof this[_fd] === 'number') { + fs.close(this[_fd], _ => this.emit('close')) + this[_fd] = null + } + } +} + +class WriteStreamSync extends WriteStream { + [_open] () { + let fd + try { + fd = fs.openSync(this[_path], this[_flags], this[_mode]) + } catch (er) { + if (this[_defaultFlag] && + this[_flags] === 'r+' && + er && er.code === 'ENOENT') { + this[_flags] = 'w' + return this[_open]() + } else + throw er + } + this[_onopen](null, fd) + } + + [_close] () { + if (this[_autoClose] && typeof this[_fd] === 'number') { + try { + fs.closeSync(this[_fd]) + } catch (er) {} + this[_fd] = null + this.emit('close') + } + } + + [_write] (buf) { + try { + this[_onwrite](null, + fs.writeSync(this[_fd], buf, 0, buf.length, this[_pos])) + } catch (er) { + this[_onwrite](er, 0) + } + } +} + +const writev = (fd, iovec, pos, cb) => { + const done = (er, bw) => cb(er, bw, iovec) + const req = new FSReqWrap() + req.oncomplete = done + binding.writeBuffers(fd, iovec, pos, req) +} + +exports.ReadStream = ReadStream +exports.ReadStreamSync = ReadStreamSync + +exports.WriteStream = WriteStream +exports.WriteStreamSync = WriteStreamSync diff --git a/node_modules/pacote/node_modules/fs-minipass/package.json b/node_modules/libnpm/node_modules/fs-minipass/package.json index 8fbc81c81..81341b369 100644 --- a/node_modules/pacote/node_modules/fs-minipass/package.json +++ b/node_modules/libnpm/node_modules/fs-minipass/package.json @@ -3,7 +3,7 @@ "_id": "fs-minipass@1.2.7", "_inBundle": false, "_integrity": "sha512-GWSSJGFy4e9GUeCcbIkED+bgAoFyj7XF1mV8rma3QW4NIqX9Kyx79N/PF61H5udOV3aY1IaMLs6pGbH71nlCTA==", - "_location": "/pacote/fs-minipass", + "_location": "/libnpm/fs-minipass", "_phantomChildren": {}, "_requested": { "type": "range", @@ -16,12 +16,12 @@ "fetchSpec": "^1.2.5" }, "_requiredBy": [ - "/pacote/tar" + "/libnpm/tar" ], "_resolved": "https://registry.npmjs.org/fs-minipass/-/fs-minipass-1.2.7.tgz", "_shasum": "ccff8570841e7fe4265693da88936c55aed7f7c7", "_spec": "fs-minipass@^1.2.5", - "_where": "/Users/claudiahdz/npm/cli/node_modules/pacote/node_modules/tar", + "_where": "/Users/claudiahdz/npm/cli/node_modules/libnpm/node_modules/tar", "author": { "name": "Isaac Z. Schlueter", "email": "i@izs.me", diff --git a/node_modules/libnpm/node_modules/minipass/LICENSE b/node_modules/libnpm/node_modules/minipass/LICENSE new file mode 100644 index 000000000..20a476254 --- /dev/null +++ b/node_modules/libnpm/node_modules/minipass/LICENSE @@ -0,0 +1,15 @@ +The ISC License + +Copyright (c) npm, Inc. and Contributors + +Permission to use, copy, modify, and/or distribute this software for any +purpose with or without fee is hereby granted, provided that the above +copyright notice and this permission notice appear in all copies. + +THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR +IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. diff --git a/node_modules/libnpm/node_modules/minipass/README.md b/node_modules/libnpm/node_modules/minipass/README.md new file mode 100644 index 000000000..c989beea0 --- /dev/null +++ b/node_modules/libnpm/node_modules/minipass/README.md @@ -0,0 +1,606 @@ +# minipass + +A _very_ minimal implementation of a [PassThrough +stream](https://nodejs.org/api/stream.html#stream_class_stream_passthrough) + +[It's very +fast](https://docs.google.com/spreadsheets/d/1oObKSrVwLX_7Ut4Z6g3fZW-AX1j1-k6w-cDsrkaSbHM/edit#gid=0) +for objects, strings, and buffers. + +Supports pipe()ing (including multi-pipe() and backpressure +transmission), buffering data until either a `data` event handler or +`pipe()` is added (so you don't lose the first chunk), and most other +cases where PassThrough is a good idea. + +There is a `read()` method, but it's much more efficient to consume +data from this stream via `'data'` events or by calling `pipe()` into +some other stream. Calling `read()` requires the buffer to be +flattened in some cases, which requires copying memory. + +There is also no `unpipe()` method. Once you start piping, there is +no stopping it! + +If you set `objectMode: true` in the options, then whatever is written +will be emitted. Otherwise, it'll do a minimal amount of Buffer +copying to ensure proper Streams semantics when `read(n)` is called. + +`objectMode` can also be set by doing `stream.objectMode = true`, or by +writing any non-string/non-buffer data. `objectMode` cannot be set to +false once it is set. + +This is not a `through` or `through2` stream. It doesn't transform +the data, it just passes it right through. If you want to transform +the data, extend the class, and override the `write()` method. Once +you're done transforming the data however you want, call +`super.write()` with the transform output. + +For some examples of streams that extend Minipass in various ways, check +out: + +- [minizlib](http://npm.im/minizlib) +- [fs-minipass](http://npm.im/fs-minipass) +- [tar](http://npm.im/tar) +- [minipass-collect](http://npm.im/minipass-collect) +- [minipass-flush](http://npm.im/minipass-flush) +- [minipass-pipeline](http://npm.im/minipass-pipeline) +- [tap](http://npm.im/tap) +- [tap-parser](http://npm.im/tap) +- [treport](http://npm.im/tap) + +## Differences from Node.js Streams + +There are several things that make Minipass streams different from (and in +some ways superior to) Node.js core streams. + +Please read these caveats if you are familiar with noode-core streams and +intend to use Minipass streams in your programs. + +### Timing + +Minipass streams are designed to support synchronous use-cases. Thus, data +is emitted as soon as it is available, always. It is buffered until read, +but no longer. Another way to look at it is that Minipass streams are +exactly as synchronous as the logic that writes into them. + +This can be surprising if your code relies on `PassThrough.write()` always +providing data on the next tick rather than the current one, or being able +to call `resume()` and not have the entire buffer disappear immediately. + +However, without this synchronicity guarantee, there would be no way for +Minipass to achieve the speeds it does, or support the synchronous use +cases that it does. Simply put, waiting takes time. + +This non-deferring approach makes Minipass streams much easier to reason +about, especially in the context of Promises and other flow-control +mechanisms. + +### No High/Low Water Marks + +Node.js core streams will optimistically fill up a buffer, returning `true` +on all writes until the limit is hit, even if the data has nowhere to go. +Then, they will not attempt to draw more data in until the buffer size dips +below a minimum value. + +Minipass streams are much simpler. The `write()` method will return `true` +if the data has somewhere to go (which is to say, given the timing +guarantees, that the data is already there by the time `write()` returns). + +If the data has nowhere to go, then `write()` returns false, and the data +sits in a buffer, to be drained out immediately as soon as anyone consumes +it. + +### Hazards of Buffering (or: Why Minipass Is So Fast) + +Since data written to a Minipass stream is immediately written all the way +through the pipeline, and `write()` always returns true/false based on +whether the data was fully flushed, backpressure is communicated +immediately to the upstream caller. This minimizes buffering. + +Consider this case: + +```js +const {PassThrough} = require('stream') +const p1 = new PassThrough({ highWaterMark: 1024 }) +const p2 = new PassThrough({ highWaterMark: 1024 }) +const p3 = new PassThrough({ highWaterMark: 1024 }) +const p4 = new PassThrough({ highWaterMark: 1024 }) + +p1.pipe(p2).pipe(p3).pipe(p4) +p4.on('data', () => console.log('made it through')) + +// this returns false and buffers, then writes to p2 on next tick (1) +// p2 returns false and buffers, pausing p1, then writes to p3 on next tick (2) +// p3 returns false and buffers, pausing p2, then writes to p4 on next tick (3) +// p4 returns false and buffers, pausing p3, then emits 'data' and 'drain' +// on next tick (4) +// p3 sees p4's 'drain' event, and calls resume(), emitting 'resume' and +// 'drain' on next tick (5) +// p2 sees p3's 'drain', calls resume(), emits 'resume' and 'drain' on next tick (6) +// p1 sees p2's 'drain', calls resume(), emits 'resume' and 'drain' on next +// tick (7) + +p1.write(Buffer.alloc(2048)) // returns false +``` + +Along the way, the data was buffered and deferred at each stage, and +multiple event deferrals happened, for an unblocked pipeline where it was +perfectly safe to write all the way through! + +Furthermore, setting a `highWaterMark` of `1024` might lead someone reading +the code to think an advisory maximum of 1KiB is being set for the +pipeline. However, the actual advisory buffering level is the _sum_ of +`highWaterMark` values, since each one has its own bucket. + +Consider the Minipass case: + +```js +const m1 = new Minipass() +const m2 = new Minipass() +const m3 = new Minipass() +const m4 = new Minipass() + +m1.pipe(m2).pipe(m3).pipe(m4) +m4.on('data', () => console.log('made it through')) + +// m1 is flowing, so it writes the data to m2 immediately +// m2 is flowing, so it writes the data to m3 immediately +// m3 is flowing, so it writes the data to m4 immediately +// m4 is flowing, so it fires the 'data' event immediately, returns true +// m4's write returned true, so m3 is still flowing, returns true +// m3's write returned true, so m2 is still flowing, returns true +// m2's write returned true, so m1 is still flowing, returns true +// No event deferrals or buffering along the way! + +m1.write(Buffer.alloc(2048)) // returns true +``` + +It is extremely unlikely that you _don't_ want to buffer any data written, +or _ever_ buffer data that can be flushed all the way through. Neither +node-core streams nor Minipass ever fail to buffer written data, but +node-core streams do a lot of unnecessary buffering and pausing. + +As always, the faster implementation is the one that does less stuff and +waits less time to do it. + +### Immediately emit `end` for empty streams (when not paused) + +If a stream is not paused, and `end()` is called before writing any data +into it, then it will emit `end` immediately. + +If you have logic that occurs on the `end` event which you don't want to +potentially happen immediately (for example, closing file descriptors, +moving on to the next entry in an archive parse stream, etc.) then be sure +to call `stream.pause()` on creation, and then `stream.resume()` once you +are ready to respond to the `end` event. + +### Emit `end` When Asked + +One hazard of immediately emitting `'end'` is that you may not yet have had +a chance to add a listener. In order to avoid this hazard, Minipass +streams safely re-emit the `'end'` event if a new listener is added after +`'end'` has been emitted. + +Ie, if you do `stream.on('end', someFunction)`, and the stream has already +emitted `end`, then it will call the handler right away. (You can think of +this somewhat like attaching a new `.then(fn)` to a previously-resolved +Promise.) + +To prevent calling handlers multiple times who would not expect multiple +ends to occur, all listeners are removed from the `'end'` event whenever it +is emitted. + +### Impact of "immediate flow" on Tee-streams + +A "tee stream" is a stream piping to multiple destinations: + +```js +const tee = new Minipass() +t.pipe(dest1) +t.pipe(dest2) +t.write('foo') // goes to both destinations +``` + +Since Minipass streams _immediately_ process any pending data through the +pipeline when a new pipe destination is added, this can have surprising +effects, especially when a stream comes in from some other function and may +or may not have data in its buffer. + +```js +// WARNING! WILL LOSE DATA! +const src = new Minipass() +src.write('foo') +src.pipe(dest1) // 'foo' chunk flows to dest1 immediately, and is gone +src.pipe(dest2) // gets nothing! +``` + +The solution is to create a dedicated tee-stream junction that pipes to +both locations, and then pipe to _that_ instead. + +```js +// Safe example: tee to both places +const src = new Minipass() +src.write('foo') +const tee = new Minipass() +tee.pipe(dest1) +tee.pipe(dest2) +stream.pipe(tee) // tee gets 'foo', pipes to both locations +``` + +The same caveat applies to `on('data')` event listeners. The first one +added will _immediately_ receive all of the data, leaving nothing for the +second: + +```js +// WARNING! WILL LOSE DATA! +const src = new Minipass() +src.write('foo') +src.on('data', handler1) // receives 'foo' right away +src.on('data', handler2) // nothing to see here! +``` + +Using a dedicated tee-stream can be used in this case as well: + +```js +// Safe example: tee to both data handlers +const src = new Minipass() +src.write('foo') +const tee = new Minipass() +tee.on('data', handler1) +tee.on('data', handler2) +src.pipe(tee) +``` + +## USAGE + +It's a stream! Use it like a stream and it'll most likely do what you want. + +```js +const Minipass = require('minipass') +const mp = new Minipass(options) // optional: { encoding, objectMode } +mp.write('foo') +mp.pipe(someOtherStream) +mp.end('bar') +``` + +### OPTIONS + +* `encoding` How would you like the data coming _out_ of the stream to be + encoded? Accepts any values that can be passed to `Buffer.toString()`. +* `objectMode` Emit data exactly as it comes in. This will be flipped on + by default if you write() something other than a string or Buffer at any + point. Setting `objectMode: true` will prevent setting any encoding + value. + +### API + +Implements the user-facing portions of Node.js's `Readable` and `Writable` +streams. + +### Methods + +* `write(chunk, [encoding], [callback])` - Put data in. (Note that, in the + base Minipass class, the same data will come out.) Returns `false` if + the stream will buffer the next write, or true if it's still in + "flowing" mode. +* `end([chunk, [encoding]], [callback])` - Signal that you have no more + data to write. This will queue an `end` event to be fired when all the + data has been consumed. +* `setEncoding(encoding)` - Set the encoding for data coming of the + stream. This can only be done once. +* `pause()` - No more data for a while, please. This also prevents `end` + from being emitted for empty streams until the stream is resumed. +* `resume()` - Resume the stream. If there's data in the buffer, it is + all discarded. Any buffered events are immediately emitted. +* `pipe(dest)` - Send all output to the stream provided. There is no way + to unpipe. When data is emitted, it is immediately written to any and + all pipe destinations. +* `on(ev, fn)`, `emit(ev, fn)` - Minipass streams are EventEmitters. + Some events are given special treatment, however. (See below under + "events".) +* `promise()` - Returns a Promise that resolves when the stream emits + `end`, or rejects if the stream emits `error`. +* `collect()` - Return a Promise that resolves on `end` with an array + containing each chunk of data that was emitted, or rejects if the + stream emits `error`. Note that this consumes the stream data. +* `concat()` - Same as `collect()`, but concatenates the data into a + single Buffer object. Will reject the returned promise if the stream is + in objectMode, or if it goes into objectMode by the end of the data. +* `read(n)` - Consume `n` bytes of data out of the buffer. If `n` is not + provided, then consume all of it. If `n` bytes are not available, then + it returns null. **Note** consuming streams in this way is less + efficient, and can lead to unnecessary Buffer copying. +* `destroy([er])` - Destroy the stream. If an error is provided, then an + `'error'` event is emitted. If the stream has a `close()` method, and + has not emitted a `'close'` event yet, then `stream.close()` will be + called. Any Promises returned by `.promise()`, `.collect()` or + `.concat()` will be rejected. After being destroyed, writing to the + stream will emit an error. No more data will be emitted if the stream is + destroyed, even if it was previously buffered. + +### Properties + +* `bufferLength` Read-only. Total number of bytes buffered, or in the case + of objectMode, the total number of objects. +* `encoding` The encoding that has been set. (Setting this is equivalent + to calling `setEncoding(enc)` and has the same prohibition against + setting multiple times.) +* `flowing` Read-only. Boolean indicating whether a chunk written to the + stream will be immediately emitted. +* `emittedEnd` Read-only. Boolean indicating whether the end-ish events + (ie, `end`, `prefinish`, `finish`) have been emitted. Note that + listening on any end-ish event will immediateyl re-emit it if it has + already been emitted. +* `writable` Whether the stream is writable. Default `true`. Set to + `false` when `end()` +* `readable` Whether the stream is readable. Default `true`. +* `buffer` A [yallist](http://npm.im/yallist) linked list of chunks written + to the stream that have not yet been emitted. (It's probably a bad idea + to mess with this.) +* `pipes` A [yallist](http://npm.im/yallist) linked list of streams that + this stream is piping into. (It's probably a bad idea to mess with + this.) +* `destroyed` A getter that indicates whether the stream was destroyed. +* `paused` True if the stream has been explicitly paused, otherwise false. +* `objectMode` Indicates whether the stream is in `objectMode`. Once set + to `true`, it cannot be set to `false`. + +### Events + +* `data` Emitted when there's data to read. Argument is the data to read. + This is never emitted while not flowing. If a listener is attached, that + will resume the stream. +* `end` Emitted when there's no more data to read. This will be emitted + immediately for empty streams when `end()` is called. If a listener is + attached, and `end` was already emitted, then it will be emitted again. + All listeners are removed when `end` is emitted. +* `prefinish` An end-ish event that follows the same logic as `end` and is + emitted in the same conditions where `end` is emitted. Emitted after + `'end'`. +* `finish` An end-ish event that follows the same logic as `end` and is + emitted in the same conditions where `end` is emitted. Emitted after + `'prefinish'`. +* `close` An indication that an underlying resource has been released. + Minipass does not emit this event, but will defer it until after `end` + has been emitted, since it throws off some stream libraries otherwise. +* `drain` Emitted when the internal buffer empties, and it is again + suitable to `write()` into the stream. +* `readable` Emitted when data is buffered and ready to be read by a + consumer. +* `resume` Emitted when stream changes state from buffering to flowing + mode. (Ie, when `resume` is called, `pipe` is called, or a `data` event + listener is added.) + +### Static Methods + +* `Minipass.isStream(stream)` Returns `true` if the argument is a stream, + and false otherwise. To be considered a stream, the object must be + either an instance of Minipass, or an EventEmitter that has either a + `pipe()` method, or both `write()` and `end()` methods. (Pretty much any + stream in node-land will return `true` for this.) + +## EXAMPLES + +Here are some examples of things you can do with Minipass streams. + +### simple "are you done yet" promise + +```js +mp.promise().then(() => { + // stream is finished +}, er => { + // stream emitted an error +}) +``` + +### collecting + +```js +mp.collect().then(all => { + // all is an array of all the data emitted + // encoding is supported in this case, so + // so the result will be a collection of strings if + // an encoding is specified, or buffers/objects if not. + // + // In an async function, you may do + // const data = await stream.collect() +}) +``` + +### collecting into a single blob + +This is a bit slower because it concatenates the data into one chunk for +you, but if you're going to do it yourself anyway, it's convenient this +way: + +```js +mp.concat().then(onebigchunk => { + // onebigchunk is a string if the stream + // had an encoding set, or a buffer otherwise. +}) +``` + +### iteration + +You can iterate over streams synchronously or asynchronously in +platforms that support it. + +Synchronous iteration will end when the currently available data is +consumed, even if the `end` event has not been reached. In string and +buffer mode, the data is concatenated, so unless multiple writes are +occurring in the same tick as the `read()`, sync iteration loops will +generally only have a single iteration. + +To consume chunks in this way exactly as they have been written, with +no flattening, create the stream with the `{ objectMode: true }` +option. + +```js +const mp = new Minipass({ objectMode: true }) +mp.write('a') +mp.write('b') +for (let letter of mp) { + console.log(letter) // a, b +} +mp.write('c') +mp.write('d') +for (let letter of mp) { + console.log(letter) // c, d +} +mp.write('e') +mp.end() +for (let letter of mp) { + console.log(letter) // e +} +for (let letter of mp) { + console.log(letter) // nothing +} +``` + +Asynchronous iteration will continue until the end event is reached, +consuming all of the data. + +```js +const mp = new Minipass({ encoding: 'utf8' }) + +// some source of some data +let i = 5 +const inter = setInterval(() => { + if (i --> 0) + mp.write(Buffer.from('foo\n', 'utf8')) + else { + mp.end() + clearInterval(inter) + } +}, 100) + +// consume the data with asynchronous iteration +async function consume () { + for await (let chunk of mp) { + console.log(chunk) + } + return 'ok' +} + +consume().then(res => console.log(res)) +// logs `foo\n` 5 times, and then `ok` +``` + +### subclass that `console.log()`s everything written into it + +```js +class Logger extends Minipass { + write (chunk, encoding, callback) { + console.log('WRITE', chunk, encoding) + return super.write(chunk, encoding, callback) + } + end (chunk, encoding, callback) { + console.log('END', chunk, encoding) + return super.end(chunk, encoding, callback) + } +} + +someSource.pipe(new Logger()).pipe(someDest) +``` + +### same thing, but using an inline anonymous class + +```js +// js classes are fun +someSource + .pipe(new (class extends Minipass { + emit (ev, ...data) { + // let's also log events, because debugging some weird thing + console.log('EMIT', ev) + return super.emit(ev, ...data) + } + write (chunk, encoding, callback) { + console.log('WRITE', chunk, encoding) + return super.write(chunk, encoding, callback) + } + end (chunk, encoding, callback) { + console.log('END', chunk, encoding) + return super.end(chunk, encoding, callback) + } + })) + .pipe(someDest) +``` + +### subclass that defers 'end' for some reason + +```js +class SlowEnd extends Minipass { + emit (ev, ...args) { + if (ev === 'end') { + console.log('going to end, hold on a sec') + setTimeout(() => { + console.log('ok, ready to end now') + super.emit('end', ...args) + }, 100) + } else { + return super.emit(ev, ...args) + } + } +} +``` + +### transform that creates newline-delimited JSON + +```js +class NDJSONEncode extends Minipass { + write (obj, cb) { + try { + // JSON.stringify can throw, emit an error on that + return super.write(JSON.stringify(obj) + '\n', 'utf8', cb) + } catch (er) { + this.emit('error', er) + } + } + end (obj, cb) { + if (typeof obj === 'function') { + cb = obj + obj = undefined + } + if (obj !== undefined) { + this.write(obj) + } + return super.end(cb) + } +} +``` + +### transform that parses newline-delimited JSON + +```js +class NDJSONDecode extends Minipass { + constructor (options) { + // always be in object mode, as far as Minipass is concerned + super({ objectMode: true }) + this._jsonBuffer = '' + } + write (chunk, encoding, cb) { + if (typeof chunk === 'string' && + typeof encoding === 'string' && + encoding !== 'utf8') { + chunk = Buffer.from(chunk, encoding).toString() + } else if (Buffer.isBuffer(chunk)) + chunk = chunk.toString() + } + if (typeof encoding === 'function') { + cb = encoding + } + const jsonData = (this._jsonBuffer + chunk).split('\n') + this._jsonBuffer = jsonData.pop() + for (let i = 0; i < jsonData.length; i++) { + let parsed + try { + super.write(parsed) + } catch (er) { + this.emit('error', er) + continue + } + } + if (cb) + cb() + } +} +``` diff --git a/node_modules/libnpm/node_modules/minipass/index.js b/node_modules/libnpm/node_modules/minipass/index.js new file mode 100644 index 000000000..c072352d4 --- /dev/null +++ b/node_modules/libnpm/node_modules/minipass/index.js @@ -0,0 +1,537 @@ +'use strict' +const EE = require('events') +const Yallist = require('yallist') +const SD = require('string_decoder').StringDecoder + +const EOF = Symbol('EOF') +const MAYBE_EMIT_END = Symbol('maybeEmitEnd') +const EMITTED_END = Symbol('emittedEnd') +const EMITTING_END = Symbol('emittingEnd') +const CLOSED = Symbol('closed') +const READ = Symbol('read') +const FLUSH = Symbol('flush') +const FLUSHCHUNK = Symbol('flushChunk') +const ENCODING = Symbol('encoding') +const DECODER = Symbol('decoder') +const FLOWING = Symbol('flowing') +const PAUSED = Symbol('paused') +const RESUME = Symbol('resume') +const BUFFERLENGTH = Symbol('bufferLength') +const BUFFERPUSH = Symbol('bufferPush') +const BUFFERSHIFT = Symbol('bufferShift') +const OBJECTMODE = Symbol('objectMode') +const DESTROYED = Symbol('destroyed') + +// TODO remove when Node v8 support drops +const doIter = global._MP_NO_ITERATOR_SYMBOLS_ !== '1' +const ASYNCITERATOR = doIter && Symbol.asyncIterator + || Symbol('asyncIterator not implemented') +const ITERATOR = doIter && Symbol.iterator + || Symbol('iterator not implemented') + +// Buffer in node 4.x < 4.5.0 doesn't have working Buffer.from +// or Buffer.alloc, and Buffer in node 10 deprecated the ctor. +// .M, this is fine .\^/M.. +const B = Buffer.alloc ? Buffer + : /* istanbul ignore next */ require('safe-buffer').Buffer + +// events that mean 'the stream is over' +// these are treated specially, and re-emitted +// if they are listened for after emitting. +const isEndish = ev => + ev === 'end' || + ev === 'finish' || + ev === 'prefinish' + +const isArrayBuffer = b => b instanceof ArrayBuffer || + typeof b === 'object' && + b.constructor && + b.constructor.name === 'ArrayBuffer' && + b.byteLength >= 0 + +const isArrayBufferView = b => !B.isBuffer(b) && ArrayBuffer.isView(b) + +module.exports = class Minipass extends EE { + constructor (options) { + super() + this[FLOWING] = false + // whether we're explicitly paused + this[PAUSED] = false + this.pipes = new Yallist() + this.buffer = new Yallist() + this[OBJECTMODE] = options && options.objectMode || false + if (this[OBJECTMODE]) + this[ENCODING] = null + else + this[ENCODING] = options && options.encoding || null + if (this[ENCODING] === 'buffer') + this[ENCODING] = null + this[DECODER] = this[ENCODING] ? new SD(this[ENCODING]) : null + this[EOF] = false + this[EMITTED_END] = false + this[EMITTING_END] = false + this[CLOSED] = false + this.writable = true + this.readable = true + this[BUFFERLENGTH] = 0 + this[DESTROYED] = false + } + + get bufferLength () { return this[BUFFERLENGTH] } + + get encoding () { return this[ENCODING] } + set encoding (enc) { + if (this[OBJECTMODE]) + throw new Error('cannot set encoding in objectMode') + + if (this[ENCODING] && enc !== this[ENCODING] && + (this[DECODER] && this[DECODER].lastNeed || this[BUFFERLENGTH])) + throw new Error('cannot change encoding') + + if (this[ENCODING] !== enc) { + this[DECODER] = enc ? new SD(enc) : null + if (this.buffer.length) + this.buffer = this.buffer.map(chunk => this[DECODER].write(chunk)) + } + + this[ENCODING] = enc + } + + setEncoding (enc) { + this.encoding = enc + } + + get objectMode () { return this[OBJECTMODE] } + set objectMode (ॐ ) { this[OBJECTMODE] = this[OBJECTMODE] || !!ॐ } + + write (chunk, encoding, cb) { + if (this[EOF]) + throw new Error('write after end') + + if (this[DESTROYED]) { + this.emit('error', Object.assign( + new Error('Cannot call write after a stream was destroyed'), + { code: 'ERR_STREAM_DESTROYED' } + )) + return true + } + + if (typeof encoding === 'function') + cb = encoding, encoding = 'utf8' + + if (!encoding) + encoding = 'utf8' + + // convert array buffers and typed array views into buffers + // at some point in the future, we may want to do the opposite! + // leave strings and buffers as-is + // anything else switches us into object mode + if (!this[OBJECTMODE] && !B.isBuffer(chunk)) { + if (isArrayBufferView(chunk)) + chunk = B.from(chunk.buffer, chunk.byteOffset, chunk.byteLength) + else if (isArrayBuffer(chunk)) + chunk = B.from(chunk) + else if (typeof chunk !== 'string') + // use the setter so we throw if we have encoding set + this.objectMode = true + } + + // this ensures at this point that the chunk is a buffer or string + // don't buffer it up or send it to the decoder + if (!this.objectMode && !chunk.length) { + const ret = this.flowing + if (this[BUFFERLENGTH] !== 0) + this.emit('readable') + if (cb) + cb() + return ret + } + + // fast-path writing strings of same encoding to a stream with + // an empty buffer, skipping the buffer/decoder dance + if (typeof chunk === 'string' && !this[OBJECTMODE] && + // unless it is a string already ready for us to use + !(encoding === this[ENCODING] && !this[DECODER].lastNeed)) { + chunk = B.from(chunk, encoding) + } + + if (B.isBuffer(chunk) && this[ENCODING]) + chunk = this[DECODER].write(chunk) + + try { + return this.flowing + ? (this.emit('data', chunk), this.flowing) + : (this[BUFFERPUSH](chunk), false) + } finally { + if (this[BUFFERLENGTH] !== 0) + this.emit('readable') + if (cb) + cb() + } + } + + read (n) { + if (this[DESTROYED]) + return null + + try { + if (this[BUFFERLENGTH] === 0 || n === 0 || n > this[BUFFERLENGTH]) + return null + + if (this[OBJECTMODE]) + n = null + + if (this.buffer.length > 1 && !this[OBJECTMODE]) { + if (this.encoding) + this.buffer = new Yallist([ + Array.from(this.buffer).join('') + ]) + else + this.buffer = new Yallist([ + B.concat(Array.from(this.buffer), this[BUFFERLENGTH]) + ]) + } + + return this[READ](n || null, this.buffer.head.value) + } finally { + this[MAYBE_EMIT_END]() + } + } + + [READ] (n, chunk) { + if (n === chunk.length || n === null) + this[BUFFERSHIFT]() + else { + this.buffer.head.value = chunk.slice(n) + chunk = chunk.slice(0, n) + this[BUFFERLENGTH] -= n + } + + this.emit('data', chunk) + + if (!this.buffer.length && !this[EOF]) + this.emit('drain') + + return chunk + } + + end (chunk, encoding, cb) { + if (typeof chunk === 'function') + cb = chunk, chunk = null + if (typeof encoding === 'function') + cb = encoding, encoding = 'utf8' + if (chunk) + this.write(chunk, encoding) + if (cb) + this.once('end', cb) + this[EOF] = true + this.writable = false + + // if we haven't written anything, then go ahead and emit, + // even if we're not reading. + // we'll re-emit if a new 'end' listener is added anyway. + // This makes MP more suitable to write-only use cases. + if (this.flowing || !this[PAUSED]) + this[MAYBE_EMIT_END]() + return this + } + + // don't let the internal resume be overwritten + [RESUME] () { + if (this[DESTROYED]) + return + + this[PAUSED] = false + this[FLOWING] = true + this.emit('resume') + if (this.buffer.length) + this[FLUSH]() + else if (this[EOF]) + this[MAYBE_EMIT_END]() + else + this.emit('drain') + } + + resume () { + return this[RESUME]() + } + + pause () { + this[FLOWING] = false + this[PAUSED] = true + } + + get destroyed () { + return this[DESTROYED] + } + + get flowing () { + return this[FLOWING] + } + + get paused () { + return this[PAUSED] + } + + [BUFFERPUSH] (chunk) { + if (this[OBJECTMODE]) + this[BUFFERLENGTH] += 1 + else + this[BUFFERLENGTH] += chunk.length + return this.buffer.push(chunk) + } + + [BUFFERSHIFT] () { + if (this.buffer.length) { + if (this[OBJECTMODE]) + this[BUFFERLENGTH] -= 1 + else + this[BUFFERLENGTH] -= this.buffer.head.value.length + } + return this.buffer.shift() + } + + [FLUSH] () { + do {} while (this[FLUSHCHUNK](this[BUFFERSHIFT]())) + + if (!this.buffer.length && !this[EOF]) + this.emit('drain') + } + + [FLUSHCHUNK] (chunk) { + return chunk ? (this.emit('data', chunk), this.flowing) : false + } + + pipe (dest, opts) { + if (this[DESTROYED]) + return + + const ended = this[EMITTED_END] + opts = opts || {} + if (dest === process.stdout || dest === process.stderr) + opts.end = false + else + opts.end = opts.end !== false + + const p = { dest: dest, opts: opts, ondrain: _ => this[RESUME]() } + this.pipes.push(p) + + dest.on('drain', p.ondrain) + this[RESUME]() + // piping an ended stream ends immediately + if (ended && p.opts.end) + p.dest.end() + return dest + } + + addListener (ev, fn) { + return this.on(ev, fn) + } + + on (ev, fn) { + try { + return super.on(ev, fn) + } finally { + if (ev === 'data' && !this.pipes.length && !this.flowing) + this[RESUME]() + else if (isEndish(ev) && this[EMITTED_END]) { + super.emit(ev) + this.removeAllListeners(ev) + } + } + } + + get emittedEnd () { + return this[EMITTED_END] + } + + [MAYBE_EMIT_END] () { + if (!this[EMITTING_END] && + !this[EMITTED_END] && + !this[DESTROYED] && + this.buffer.length === 0 && + this[EOF]) { + this[EMITTING_END] = true + this.emit('end') + this.emit('prefinish') + this.emit('finish') + if (this[CLOSED]) + this.emit('close') + this[EMITTING_END] = false + } + } + + emit (ev, data) { + // error and close are only events allowed after calling destroy() + if (ev !== 'error' && ev !== 'close' && ev !== DESTROYED && this[DESTROYED]) + return + else if (ev === 'data') { + if (!data) + return + + if (this.pipes.length) + this.pipes.forEach(p => + p.dest.write(data) === false && this.pause()) + } else if (ev === 'end') { + // only actual end gets this treatment + if (this[EMITTED_END] === true) + return + + this[EMITTED_END] = true + this.readable = false + + if (this[DECODER]) { + data = this[DECODER].end() + if (data) { + this.pipes.forEach(p => p.dest.write(data)) + super.emit('data', data) + } + } + + this.pipes.forEach(p => { + p.dest.removeListener('drain', p.ondrain) + if (p.opts.end) + p.dest.end() + }) + } else if (ev === 'close') { + this[CLOSED] = true + // don't emit close before 'end' and 'finish' + if (!this[EMITTED_END] && !this[DESTROYED]) + return + } + + // TODO: replace with a spread operator when Node v4 support drops + const args = new Array(arguments.length) + args[0] = ev + args[1] = data + if (arguments.length > 2) { + for (let i = 2; i < arguments.length; i++) { + args[i] = arguments[i] + } + } + + try { + return super.emit.apply(this, args) + } finally { + if (!isEndish(ev)) + this[MAYBE_EMIT_END]() + else + this.removeAllListeners(ev) + } + } + + // const all = await stream.collect() + collect () { + const buf = [] + buf.dataLength = 0 + this.on('data', c => { + buf.push(c) + buf.dataLength += c.length + }) + return this.promise().then(() => buf) + } + + // const data = await stream.concat() + concat () { + return this[OBJECTMODE] + ? Promise.reject(new Error('cannot concat in objectMode')) + : this.collect().then(buf => + this[OBJECTMODE] + ? Promise.reject(new Error('cannot concat in objectMode')) + : this[ENCODING] ? buf.join('') : B.concat(buf, buf.dataLength)) + } + + // stream.promise().then(() => done, er => emitted error) + promise () { + return new Promise((resolve, reject) => { + this.on(DESTROYED, () => reject(new Error('stream destroyed'))) + this.on('end', () => resolve()) + this.on('error', er => reject(er)) + }) + } + + // for await (let chunk of stream) + [ASYNCITERATOR] () { + const next = () => { + const res = this.read() + if (res !== null) + return Promise.resolve({ done: false, value: res }) + + if (this[EOF]) + return Promise.resolve({ done: true }) + + let resolve = null + let reject = null + const onerr = er => { + this.removeListener('data', ondata) + this.removeListener('end', onend) + reject(er) + } + const ondata = value => { + this.removeListener('error', onerr) + this.removeListener('end', onend) + this.pause() + resolve({ value: value, done: !!this[EOF] }) + } + const onend = () => { + this.removeListener('error', onerr) + this.removeListener('data', ondata) + resolve({ done: true }) + } + const ondestroy = () => onerr(new Error('stream destroyed')) + return new Promise((res, rej) => { + reject = rej + resolve = res + this.once(DESTROYED, ondestroy) + this.once('error', onerr) + this.once('end', onend) + this.once('data', ondata) + }) + } + + return { next } + } + + // for (let chunk of stream) + [ITERATOR] () { + const next = () => { + const value = this.read() + const done = value === null + return { value, done } + } + return { next } + } + + destroy (er) { + if (this[DESTROYED]) { + if (er) + this.emit('error', er) + else + this.emit(DESTROYED) + return this + } + + this[DESTROYED] = true + + // throw away all buffered data, it's never coming out + this.buffer = new Yallist() + this[BUFFERLENGTH] = 0 + + if (typeof this.close === 'function' && !this[CLOSED]) + this.close() + + if (er) + this.emit('error', er) + else // if no error to emit, still reject pending promises + this.emit(DESTROYED) + + return this + } + + static isStream (s) { + return !!s && (s instanceof Minipass || s instanceof EE && ( + typeof s.pipe === 'function' || // readable + (typeof s.write === 'function' && typeof s.end === 'function') // writable + )) + } +} diff --git a/node_modules/libnpm/node_modules/minipass/package.json b/node_modules/libnpm/node_modules/minipass/package.json new file mode 100644 index 000000000..01232fb59 --- /dev/null +++ b/node_modules/libnpm/node_modules/minipass/package.json @@ -0,0 +1,73 @@ +{ + "_from": "minipass@^2.3.5", + "_id": "minipass@2.9.0", + "_inBundle": false, + "_integrity": "sha512-wxfUjg9WebH+CUDX/CdbRlh5SmfZiy/hpkxaRI16Y9W56Pa75sWgd/rvFilSgrauD9NyFymP/+JFV3KwzIsJeg==", + "_location": "/libnpm/minipass", + "_phantomChildren": {}, + "_requested": { + "type": "range", + "registry": true, + "raw": "minipass@^2.3.5", + "name": "minipass", + "escapedName": "minipass", + "rawSpec": "^2.3.5", + "saveSpec": null, + "fetchSpec": "^2.3.5" + }, + "_requiredBy": [ + "/libnpm/fs-minipass", + "/libnpm/minizlib", + "/libnpm/pacote", + "/libnpm/tar" + ], + "_resolved": "https://registry.npmjs.org/minipass/-/minipass-2.9.0.tgz", + "_shasum": "e713762e7d3e32fed803115cf93e04bca9fcc9a6", + "_spec": "minipass@^2.3.5", + "_where": "/Users/claudiahdz/npm/cli/node_modules/libnpm/node_modules/pacote", + "author": { + "name": "Isaac Z. Schlueter", + "email": "i@izs.me", + "url": "http://blog.izs.me/" + }, + "bugs": { + "url": "https://github.com/isaacs/minipass/issues" + }, + "bundleDependencies": false, + "dependencies": { + "safe-buffer": "^5.1.2", + "yallist": "^3.0.0" + }, + "deprecated": false, + "description": "minimal implementation of a PassThrough stream", + "devDependencies": { + "end-of-stream": "^1.4.0", + "tap": "^14.6.5", + "through2": "^2.0.3" + }, + "files": [ + "index.js" + ], + "homepage": "https://github.com/isaacs/minipass#readme", + "keywords": [ + "passthrough", + "stream" + ], + "license": "ISC", + "main": "index.js", + "name": "minipass", + "repository": { + "type": "git", + "url": "git+https://github.com/isaacs/minipass.git" + }, + "scripts": { + "postpublish": "git push origin --follow-tags", + "postversion": "npm publish", + "preversion": "npm test", + "test": "tap" + }, + "tap": { + "check-coverage": true + }, + "version": "2.9.0" +} diff --git a/node_modules/libnpm/node_modules/minizlib/LICENSE b/node_modules/libnpm/node_modules/minizlib/LICENSE new file mode 100644 index 000000000..ffce7383f --- /dev/null +++ b/node_modules/libnpm/node_modules/minizlib/LICENSE @@ -0,0 +1,26 @@ +Minizlib was created by Isaac Z. Schlueter. +It is a derivative work of the Node.js project. + +""" +Copyright Isaac Z. Schlueter and Contributors +Copyright Node.js contributors. All rights reserved. +Copyright Joyent, Inc. and other Node contributors. All rights reserved. + +Permission is hereby granted, free of charge, to any person obtaining a +copy of this software and associated documentation files (the "Software"), +to deal in the Software without restriction, including without limitation +the rights to use, copy, modify, merge, publish, distribute, sublicense, +and/or sell copies of the Software, and to permit persons to whom the +Software is furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in +all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS +OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. +IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY +CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, +TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE +SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. +""" diff --git a/node_modules/libnpm/node_modules/minizlib/README.md b/node_modules/libnpm/node_modules/minizlib/README.md new file mode 100644 index 000000000..4097b8522 --- /dev/null +++ b/node_modules/libnpm/node_modules/minizlib/README.md @@ -0,0 +1,53 @@ +# minizlib + +A fast zlib stream built on [minipass](http://npm.im/minipass) and +Node.js's zlib binding. + +This module was created to serve the needs of +[node-tar](http://npm.im/tar) and +[minipass-fetch](http://npm.im/minipass-fetch). + +Brotli is supported in versions of node with a Brotli binding. + +## How does this differ from the streams in `require('zlib')`? + +First, there are no convenience methods to compress or decompress a +buffer. If you want those, use the built-in `zlib` module. This is +only streams. That being said, Minipass streams to make it fairly easy to +use as one-liners: `new zlib.Deflate().end(data).read()` will return the +deflate compressed result. + +This module compresses and decompresses the data as fast as you feed +it in. It is synchronous, and runs on the main process thread. Zlib +and Brotli operations can be high CPU, but they're very fast, and doing it +this way means much less bookkeeping and artificial deferral. + +Node's built in zlib streams are built on top of `stream.Transform`. +They do the maximally safe thing with respect to consistent +asynchrony, buffering, and backpressure. + +See [Minipass](http://npm.im/minipass) for more on the differences between +Node.js core streams and Minipass streams, and the convenience methods +provided by that class. + +## Classes + +- Deflate +- Inflate +- Gzip +- Gunzip +- DeflateRaw +- InflateRaw +- Unzip +- BrotliCompress (Node v10 and higher) +- BrotliDecompress (Node v10 and higher) + +## USAGE + +```js +const zlib = require('minizlib') +const input = sourceOfCompressedData() +const decode = new zlib.BrotliDecompress() +const output = whereToWriteTheDecodedData() +input.pipe(decode).pipe(output) +``` diff --git a/node_modules/libnpm/node_modules/minizlib/constants.js b/node_modules/libnpm/node_modules/minizlib/constants.js new file mode 100644 index 000000000..641ebc731 --- /dev/null +++ b/node_modules/libnpm/node_modules/minizlib/constants.js @@ -0,0 +1,115 @@ +// Update with any zlib constants that are added or changed in the future. +// Node v6 didn't export this, so we just hard code the version and rely +// on all the other hard-coded values from zlib v4736. When node v6 +// support drops, we can just export the realZlibConstants object. +const realZlibConstants = require('zlib').constants || + /* istanbul ignore next */ { ZLIB_VERNUM: 4736 } + +module.exports = Object.freeze(Object.assign(Object.create(null), { + Z_NO_FLUSH: 0, + Z_PARTIAL_FLUSH: 1, + Z_SYNC_FLUSH: 2, + Z_FULL_FLUSH: 3, + Z_FINISH: 4, + Z_BLOCK: 5, + Z_OK: 0, + Z_STREAM_END: 1, + Z_NEED_DICT: 2, + Z_ERRNO: -1, + Z_STREAM_ERROR: -2, + Z_DATA_ERROR: -3, + Z_MEM_ERROR: -4, + Z_BUF_ERROR: -5, + Z_VERSION_ERROR: -6, + Z_NO_COMPRESSION: 0, + Z_BEST_SPEED: 1, + Z_BEST_COMPRESSION: 9, + Z_DEFAULT_COMPRESSION: -1, + Z_FILTERED: 1, + Z_HUFFMAN_ONLY: 2, + Z_RLE: 3, + Z_FIXED: 4, + Z_DEFAULT_STRATEGY: 0, + DEFLATE: 1, + INFLATE: 2, + GZIP: 3, + GUNZIP: 4, + DEFLATERAW: 5, + INFLATERAW: 6, + UNZIP: 7, + BROTLI_DECODE: 8, + BROTLI_ENCODE: 9, + Z_MIN_WINDOWBITS: 8, + Z_MAX_WINDOWBITS: 15, + Z_DEFAULT_WINDOWBITS: 15, + Z_MIN_CHUNK: 64, + Z_MAX_CHUNK: Infinity, + Z_DEFAULT_CHUNK: 16384, + Z_MIN_MEMLEVEL: 1, + Z_MAX_MEMLEVEL: 9, + Z_DEFAULT_MEMLEVEL: 8, + Z_MIN_LEVEL: -1, + Z_MAX_LEVEL: 9, + Z_DEFAULT_LEVEL: -1, + BROTLI_OPERATION_PROCESS: 0, + BROTLI_OPERATION_FLUSH: 1, + BROTLI_OPERATION_FINISH: 2, + BROTLI_OPERATION_EMIT_METADATA: 3, + BROTLI_MODE_GENERIC: 0, + BROTLI_MODE_TEXT: 1, + BROTLI_MODE_FONT: 2, + BROTLI_DEFAULT_MODE: 0, + BROTLI_MIN_QUALITY: 0, + BROTLI_MAX_QUALITY: 11, + BROTLI_DEFAULT_QUALITY: 11, + BROTLI_MIN_WINDOW_BITS: 10, + BROTLI_MAX_WINDOW_BITS: 24, + BROTLI_LARGE_MAX_WINDOW_BITS: 30, + BROTLI_DEFAULT_WINDOW: 22, + BROTLI_MIN_INPUT_BLOCK_BITS: 16, + BROTLI_MAX_INPUT_BLOCK_BITS: 24, + BROTLI_PARAM_MODE: 0, + BROTLI_PARAM_QUALITY: 1, + BROTLI_PARAM_LGWIN: 2, + BROTLI_PARAM_LGBLOCK: 3, + BROTLI_PARAM_DISABLE_LITERAL_CONTEXT_MODELING: 4, + BROTLI_PARAM_SIZE_HINT: 5, + BROTLI_PARAM_LARGE_WINDOW: 6, + BROTLI_PARAM_NPOSTFIX: 7, + BROTLI_PARAM_NDIRECT: 8, + BROTLI_DECODER_RESULT_ERROR: 0, + BROTLI_DECODER_RESULT_SUCCESS: 1, + BROTLI_DECODER_RESULT_NEEDS_MORE_INPUT: 2, + BROTLI_DECODER_RESULT_NEEDS_MORE_OUTPUT: 3, + BROTLI_DECODER_PARAM_DISABLE_RING_BUFFER_REALLOCATION: 0, + BROTLI_DECODER_PARAM_LARGE_WINDOW: 1, + BROTLI_DECODER_NO_ERROR: 0, + BROTLI_DECODER_SUCCESS: 1, + BROTLI_DECODER_NEEDS_MORE_INPUT: 2, + BROTLI_DECODER_NEEDS_MORE_OUTPUT: 3, + BROTLI_DECODER_ERROR_FORMAT_EXUBERANT_NIBBLE: -1, + BROTLI_DECODER_ERROR_FORMAT_RESERVED: -2, + BROTLI_DECODER_ERROR_FORMAT_EXUBERANT_META_NIBBLE: -3, + BROTLI_DECODER_ERROR_FORMAT_SIMPLE_HUFFMAN_ALPHABET: -4, + BROTLI_DECODER_ERROR_FORMAT_SIMPLE_HUFFMAN_SAME: -5, + BROTLI_DECODER_ERROR_FORMAT_CL_SPACE: -6, + BROTLI_DECODER_ERROR_FORMAT_HUFFMAN_SPACE: -7, + BROTLI_DECODER_ERROR_FORMAT_CONTEXT_MAP_REPEAT: -8, + BROTLI_DECODER_ERROR_FORMAT_BLOCK_LENGTH_1: -9, + BROTLI_DECODER_ERROR_FORMAT_BLOCK_LENGTH_2: -10, + BROTLI_DECODER_ERROR_FORMAT_TRANSFORM: -11, + BROTLI_DECODER_ERROR_FORMAT_DICTIONARY: -12, + BROTLI_DECODER_ERROR_FORMAT_WINDOW_BITS: -13, + BROTLI_DECODER_ERROR_FORMAT_PADDING_1: -14, + BROTLI_DECODER_ERROR_FORMAT_PADDING_2: -15, + BROTLI_DECODER_ERROR_FORMAT_DISTANCE: -16, + BROTLI_DECODER_ERROR_DICTIONARY_NOT_SET: -19, + BROTLI_DECODER_ERROR_INVALID_ARGUMENTS: -20, + BROTLI_DECODER_ERROR_ALLOC_CONTEXT_MODES: -21, + BROTLI_DECODER_ERROR_ALLOC_TREE_GROUPS: -22, + BROTLI_DECODER_ERROR_ALLOC_CONTEXT_MAP: -25, + BROTLI_DECODER_ERROR_ALLOC_RING_BUFFER_1: -26, + BROTLI_DECODER_ERROR_ALLOC_RING_BUFFER_2: -27, + BROTLI_DECODER_ERROR_ALLOC_BLOCK_TYPE_TREES: -30, + BROTLI_DECODER_ERROR_UNREACHABLE: -31, +}, realZlibConstants)) diff --git a/node_modules/libnpm/node_modules/minizlib/index.js b/node_modules/libnpm/node_modules/minizlib/index.js new file mode 100644 index 000000000..295047b9c --- /dev/null +++ b/node_modules/libnpm/node_modules/minizlib/index.js @@ -0,0 +1,320 @@ +'use strict' + +const assert = require('assert') +const Buffer = require('buffer').Buffer +const realZlib = require('zlib') + +const constants = exports.constants = require('./constants.js') +const Minipass = require('minipass') + +const OriginalBufferConcat = Buffer.concat + +class ZlibError extends Error { + constructor (err) { + super('zlib: ' + err.message) + this.code = err.code + this.errno = err.errno + /* istanbul ignore if */ + if (!this.code) + this.code = 'ZLIB_ERROR' + + this.message = 'zlib: ' + err.message + Error.captureStackTrace(this, this.constructor) + } + + get name () { + return 'ZlibError' + } +} + +// the Zlib class they all inherit from +// This thing manages the queue of requests, and returns +// true or false if there is anything in the queue when +// you call the .write() method. +const _opts = Symbol('opts') +const _flushFlag = Symbol('flushFlag') +const _finishFlushFlag = Symbol('finishFlushFlag') +const _fullFlushFlag = Symbol('fullFlushFlag') +const _handle = Symbol('handle') +const _onError = Symbol('onError') +const _sawError = Symbol('sawError') +const _level = Symbol('level') +const _strategy = Symbol('strategy') +const _ended = Symbol('ended') +const _defaultFullFlush = Symbol('_defaultFullFlush') + +class ZlibBase extends Minipass { + constructor (opts, mode) { + if (!opts || typeof opts !== 'object') + throw new TypeError('invalid options for ZlibBase constructor') + + super(opts) + this[_ended] = false + this[_opts] = opts + + this[_flushFlag] = opts.flush + this[_finishFlushFlag] = opts.finishFlush + // this will throw if any options are invalid for the class selected + try { + this[_handle] = new realZlib[mode](opts) + } catch (er) { + // make sure that all errors get decorated properly + throw new ZlibError(er) + } + + this[_onError] = (err) => { + this[_sawError] = true + // there is no way to cleanly recover. + // continuing only obscures problems. + this.close() + this.emit('error', err) + } + + this[_handle].on('error', er => this[_onError](new ZlibError(er))) + this.once('end', () => this.close) + } + + close () { + if (this[_handle]) { + this[_handle].close() + this[_handle] = null + this.emit('close') + } + } + + reset () { + if (!this[_sawError]) { + assert(this[_handle], 'zlib binding closed') + return this[_handle].reset() + } + } + + flush (flushFlag) { + if (this.ended) + return + + if (typeof flushFlag !== 'number') + flushFlag = this[_fullFlushFlag] + this.write(Object.assign(Buffer.alloc(0), { [_flushFlag]: flushFlag })) + } + + end (chunk, encoding, cb) { + if (chunk) + this.write(chunk, encoding) + this.flush(this[_finishFlushFlag]) + this[_ended] = true + return super.end(null, null, cb) + } + + get ended () { + return this[_ended] + } + + write (chunk, encoding, cb) { + // process the chunk using the sync process + // then super.write() all the outputted chunks + if (typeof encoding === 'function') + cb = encoding, encoding = 'utf8' + + if (typeof chunk === 'string') + chunk = Buffer.from(chunk, encoding) + + if (this[_sawError]) + return + assert(this[_handle], 'zlib binding closed') + + // _processChunk tries to .close() the native handle after it's done, so we + // intercept that by temporarily making it a no-op. + const nativeHandle = this[_handle]._handle + const originalNativeClose = nativeHandle.close + nativeHandle.close = () => {} + const originalClose = this[_handle].close + this[_handle].close = () => {} + // It also calls `Buffer.concat()` at the end, which may be convenient + // for some, but which we are not interested in as it slows us down. + Buffer.concat = (args) => args + let result + try { + const flushFlag = typeof chunk[_flushFlag] === 'number' + ? chunk[_flushFlag] : this[_flushFlag] + result = this[_handle]._processChunk(chunk, flushFlag) + // if we don't throw, reset it back how it was + Buffer.concat = OriginalBufferConcat + } catch (err) { + // or if we do, put Buffer.concat() back before we emit error + // Error events call into user code, which may call Buffer.concat() + Buffer.concat = OriginalBufferConcat + this[_onError](new ZlibError(err)) + } finally { + if (this[_handle]) { + // Core zlib resets `_handle` to null after attempting to close the + // native handle. Our no-op handler prevented actual closure, but we + // need to restore the `._handle` property. + this[_handle]._handle = nativeHandle + nativeHandle.close = originalNativeClose + this[_handle].close = originalClose + // `_processChunk()` adds an 'error' listener. If we don't remove it + // after each call, these handlers start piling up. + this[_handle].removeAllListeners('error') + } + } + + let writeReturn + if (result) { + if (Array.isArray(result) && result.length > 0) { + // The first buffer is always `handle._outBuffer`, which would be + // re-used for later invocations; so, we always have to copy that one. + writeReturn = super.write(Buffer.from(result[0])) + for (let i = 1; i < result.length; i++) { + writeReturn = super.write(result[i]) + } + } else { + writeReturn = super.write(Buffer.from(result)) + } + } + + if (cb) + cb() + return writeReturn + } +} + +class Zlib extends ZlibBase { + constructor (opts, mode) { + opts = opts || {} + + opts.flush = opts.flush || constants.Z_NO_FLUSH + opts.finishFlush = opts.finishFlush || constants.Z_FINISH + super(opts, mode) + + this[_fullFlushFlag] = constants.Z_FULL_FLUSH + this[_level] = opts.level + this[_strategy] = opts.strategy + } + + params (level, strategy) { + if (this[_sawError]) + return + + if (!this[_handle]) + throw new Error('cannot switch params when binding is closed') + + // no way to test this without also not supporting params at all + /* istanbul ignore if */ + if (!this[_handle].params) + throw new Error('not supported in this implementation') + + if (this[_level] !== level || this[_strategy] !== strategy) { + this.flush(constants.Z_SYNC_FLUSH) + assert(this[_handle], 'zlib binding closed') + // .params() calls .flush(), but the latter is always async in the + // core zlib. We override .flush() temporarily to intercept that and + // flush synchronously. + const origFlush = this[_handle].flush + this[_handle].flush = (flushFlag, cb) => { + this.flush(flushFlag) + cb() + } + try { + this[_handle].params(level, strategy) + } finally { + this[_handle].flush = origFlush + } + /* istanbul ignore else */ + if (this[_handle]) { + this[_level] = level + this[_strategy] = strategy + } + } + } +} + +// minimal 2-byte header +class Deflate extends Zlib { + constructor (opts) { + super(opts, 'Deflate') + } +} + +class Inflate extends Zlib { + constructor (opts) { + super(opts, 'Inflate') + } +} + +// gzip - bigger header, same deflate compression +class Gzip extends Zlib { + constructor (opts) { + super(opts, 'Gzip') + } +} + +class Gunzip extends Zlib { + constructor (opts) { + super(opts, 'Gunzip') + } +} + +// raw - no header +class DeflateRaw extends Zlib { + constructor (opts) { + super(opts, 'DeflateRaw') + } +} + +class InflateRaw extends Zlib { + constructor (opts) { + super(opts, 'InflateRaw') + } +} + +// auto-detect header. +class Unzip extends Zlib { + constructor (opts) { + super(opts, 'Unzip') + } +} + +class Brotli extends ZlibBase { + constructor (opts, mode) { + opts = opts || {} + + opts.flush = opts.flush || constants.BROTLI_OPERATION_PROCESS + opts.finishFlush = opts.finishFlush || constants.BROTLI_OPERATION_FINISH + + super(opts, mode) + + this[_fullFlushFlag] = constants.BROTLI_OPERATION_FLUSH + } +} + +class BrotliCompress extends Brotli { + constructor (opts) { + super(opts, 'BrotliCompress') + } +} + +class BrotliDecompress extends Brotli { + constructor (opts) { + super(opts, 'BrotliDecompress') + } +} + +exports.Deflate = Deflate +exports.Inflate = Inflate +exports.Gzip = Gzip +exports.Gunzip = Gunzip +exports.DeflateRaw = DeflateRaw +exports.InflateRaw = InflateRaw +exports.Unzip = Unzip +/* istanbul ignore else */ +if (typeof realZlib.BrotliCompress === 'function') { + exports.BrotliCompress = BrotliCompress + exports.BrotliDecompress = BrotliDecompress +} else { + exports.BrotliCompress = exports.BrotliDecompress = class { + constructor () { + throw new Error('Brotli is not supported in this version of Node.js') + } + } +} diff --git a/node_modules/pacote/node_modules/minizlib/package.json b/node_modules/libnpm/node_modules/minizlib/package.json index 354447bd1..d46c0a64b 100644 --- a/node_modules/pacote/node_modules/minizlib/package.json +++ b/node_modules/libnpm/node_modules/minizlib/package.json @@ -3,7 +3,7 @@ "_id": "minizlib@1.3.3", "_inBundle": false, "_integrity": "sha512-6ZYMOEnmVsdCeTJVE0W9ZD+pVnE8h9Hma/iOwwRDsdQoePpoX56/8B6z3P9VNwppJuBKNRuFDRNRqRWexT9G9Q==", - "_location": "/pacote/minizlib", + "_location": "/libnpm/minizlib", "_phantomChildren": {}, "_requested": { "type": "range", @@ -16,12 +16,12 @@ "fetchSpec": "^1.2.1" }, "_requiredBy": [ - "/pacote/tar" + "/libnpm/tar" ], "_resolved": "https://registry.npmjs.org/minizlib/-/minizlib-1.3.3.tgz", "_shasum": "2290de96818a34c29551c8a8d301216bd65a861d", "_spec": "minizlib@^1.2.1", - "_where": "/Users/claudiahdz/npm/cli/node_modules/pacote/node_modules/tar", + "_where": "/Users/claudiahdz/npm/cli/node_modules/libnpm/node_modules/tar", "author": { "name": "Isaac Z. Schlueter", "email": "i@izs.me", diff --git a/node_modules/libnpm/node_modules/npm-pick-manifest/CHANGELOG.md b/node_modules/libnpm/node_modules/npm-pick-manifest/CHANGELOG.md new file mode 100644 index 000000000..c594ba140 --- /dev/null +++ b/node_modules/libnpm/node_modules/npm-pick-manifest/CHANGELOG.md @@ -0,0 +1,167 @@ +# Change Log + +All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines. + +<a name="3.0.2"></a> +## [3.0.2](https://github.com/npm/npm-pick-manifest/compare/v3.0.1...v3.0.2) (2019-08-30) + + + +<a name="3.0.1"></a> +## [3.0.1](https://github.com/npm/npm-pick-manifest/compare/v3.0.0...v3.0.1) (2019-08-28) + + +### Bug Fixes + +* throw 403 for forbidden major/minor versions ([003286e](https://github.com/npm/npm-pick-manifest/commit/003286e)), closes [#2](https://github.com/npm/npm-pick-manifest/issues/2) + + + +<a name="3.0.0"></a> +# [3.0.0](https://github.com/npm/npm-pick-manifest/compare/v2.2.3...v3.0.0) (2019-08-20) + + +### Features + +* throw forbidden error when package is blocked by policy ([ad2a962](https://github.com/npm/npm-pick-manifest/commit/ad2a962)), closes [#1](https://github.com/npm/npm-pick-manifest/issues/1) + + +### BREAKING CHANGES + +* This adds a new error code when package versions are +blocked. + +PR-URL: https://github.com/npm/npm-pick-manifest/pull/1 +Credit: @claudiahdz + + + +<a name="2.2.3"></a> +## [2.2.3](https://github.com/npm/npm-pick-manifest/compare/v2.2.2...v2.2.3) (2018-10-31) + + +### Bug Fixes + +* **enjoyBy:** rework semantics for enjoyBy again ([5e89b62](https://github.com/npm/npm-pick-manifest/commit/5e89b62)) + + + +<a name="2.2.2"></a> +## [2.2.2](https://github.com/npm/npm-pick-manifest/compare/v2.2.1...v2.2.2) (2018-10-31) + + +### Bug Fixes + +* **enjoyBy:** rework semantics for enjoyBy ([5684f45](https://github.com/npm/npm-pick-manifest/commit/5684f45)) + + + +<a name="2.2.1"></a> +## [2.2.1](https://github.com/npm/npm-pick-manifest/compare/v2.2.0...v2.2.1) (2018-10-30) + + + +<a name="2.2.0"></a> +# [2.2.0](https://github.com/npm/npm-pick-manifest/compare/v2.1.0...v2.2.0) (2018-10-30) + + +### Bug Fixes + +* **audit:** npm audit fix --force ([d5ae6c4](https://github.com/npm/npm-pick-manifest/commit/d5ae6c4)) + + +### Features + +* **enjoyBy:** add opts.enjoyBy option to filter versions by date ([0b8a790](https://github.com/npm/npm-pick-manifest/commit/0b8a790)) + + + +<a name="2.1.0"></a> +# [2.1.0](https://github.com/npm/npm-pick-manifest/compare/v2.0.1...v2.1.0) (2017-10-18) + + +### Features + +* **selection:** allow manually disabling deprecation skipping ([0d239d3](https://github.com/npm/npm-pick-manifest/commit/0d239d3)) + + + +<a name="2.0.1"></a> +## [2.0.1](https://github.com/npm/npm-pick-manifest/compare/v2.0.0...v2.0.1) (2017-10-18) + + + +<a name="2.0.0"></a> +# [2.0.0](https://github.com/npm/npm-pick-manifest/compare/v1.0.4...v2.0.0) (2017-10-03) + + +### Bug Fixes + +* **license:** relicense project according to npm policy (#3) ([ed743a0](https://github.com/npm/npm-pick-manifest/commit/ed743a0)) + + +### Features + +* **selection:** Avoid matching deprecated packages if possible ([3fc6c3a](https://github.com/npm/npm-pick-manifest/commit/3fc6c3a)) + + +### BREAKING CHANGES + +* **selection:** deprecated versions may be skipped now +* **license:** This moves the license from CC0 to ISC and properly documents the copyright as belonging to npm, Inc. + + + +<a name="1.0.4"></a> +## [1.0.4](https://github.com/npm/npm-pick-manifest/compare/v1.0.3...v1.0.4) (2017-06-29) + + +### Bug Fixes + +* **npa:** bump npa version for bugfixes ([7cdaca7](https://github.com/npm/npm-pick-manifest/commit/7cdaca7)) +* **semver:** use loose semver parsing for *all* ops ([bbc0daa](https://github.com/npm/npm-pick-manifest/commit/bbc0daa)) + + + +<a name="1.0.3"></a> +## [1.0.3](https://github.com/npm/npm-pick-manifest/compare/v1.0.2...v1.0.3) (2017-05-04) + + +### Bug Fixes + +* **semver:** use semver.clean() instead ([f4133b5](https://github.com/npm/npm-pick-manifest/commit/f4133b5)) + + + +<a name="1.0.2"></a> +## [1.0.2](https://github.com/npm/npm-pick-manifest/compare/v1.0.1...v1.0.2) (2017-05-04) + + +### Bug Fixes + +* **picker:** spaces in `wanted` prevented match ([97a7d0a](https://github.com/npm/npm-pick-manifest/commit/97a7d0a)) + + + +<a name="1.0.1"></a> +## [1.0.1](https://github.com/npm/npm-pick-manifest/compare/v1.0.0...v1.0.1) (2017-04-24) + + +### Bug Fixes + +* **deps:** forgot to add semver ([1876f4f](https://github.com/npm/npm-pick-manifest/commit/1876f4f)) + + + +<a name="1.0.0"></a> +# 1.0.0 (2017-04-24) + + +### Features + +* **api:** initial implementation. ([b086912](https://github.com/npm/npm-pick-manifest/commit/b086912)) + + +### BREAKING CHANGES + +* **api:** ex nihilo diff --git a/node_modules/libnpm/node_modules/npm-pick-manifest/LICENSE.md b/node_modules/libnpm/node_modules/npm-pick-manifest/LICENSE.md new file mode 100644 index 000000000..8d28acf86 --- /dev/null +++ b/node_modules/libnpm/node_modules/npm-pick-manifest/LICENSE.md @@ -0,0 +1,16 @@ +ISC License + +Copyright (c) npm, Inc. + +Permission to use, copy, modify, and/or distribute this software for +any purpose with or without fee is hereby granted, provided that the +above copyright notice and this permission notice appear in all copies. + +THE SOFTWARE IS PROVIDED "AS IS" AND THE COPYRIGHT HOLDER DISCLAIMS +ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE +COPYRIGHT HOLDER BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR +CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS +OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE +USE OR PERFORMANCE OF THIS SOFTWARE. diff --git a/node_modules/libnpm/node_modules/npm-pick-manifest/README.md b/node_modules/libnpm/node_modules/npm-pick-manifest/README.md new file mode 100644 index 000000000..d32d47af1 --- /dev/null +++ b/node_modules/libnpm/node_modules/npm-pick-manifest/README.md @@ -0,0 +1,84 @@ +# npm-pick-manifest [](https://npm.im/npm-pick-manifest) [](https://npm.im/npm-pick-manifest) [](https://travis-ci.org/npm/npm-pick-manifest) [](https://ci.appveyor.com/project/npm/npm-pick-manifest) [](https://coveralls.io/github/npm/npm-pick-manifest?branch=latest) + +[`npm-pick-manifest`](https://github.com/npm/npm-pick-manifest) is a standalone +implementation of [npm](https://npmjs.com)'s semver range resolution algorithm. + +## Install + +`$ npm install --save npm-pick-manifest` + +## Table of Contents + +* [Example](#example) +* [Features](#features) +* [Contributing](#contributing) +* [API](#api) + * [`pickManifest()`](#pick-manifest) + +### Example + +```javascript +const pickManifest = require('npm-pick-manifest') + +fetch('https://registry.npmjs.org/npm-pick-manifest').then(res => { + return res.json() +}).then(packument => { + return pickManifest(packument, '^1.0.0') +}) // get same manifest as npm would get if you `npm i npm-pick-manifest@^1.0.0` +``` + +### Features + +* Uses npm's exact semver resolution algorithm +* Supports ranges, tags, and versions + +### Contributing + +The npm-pick-manifest team enthusiastically welcomes contributions and project participation! +There's a bunch of things you can do if you want to contribute! The [Contributor +Guide](CONTRIBUTING.md) has all the information you need for everything from +reporting bugs to contributing entire new features. Please don't hesitate to +jump in if you'd like to, or even ask us questions if something isn't clear. + +### API + +#### <a name="pick-manifest"></a> `> pickManifest(packument, selector, [opts]) -> manifest` + +Returns the manifest that matches `selector`, or throws an error. + +Packuments are anything returned by metadata URLs from the npm registry. That +is, they're objects with the following shape (only fields used by +`npm-pick-manifest` included): + +```javascript +{ + name: 'some-package', + 'dist-tags': { + foo: '1.0.1' + }, + versions: { + '1.0.0': { version: '1.0.0' }, + '1.0.1': { version: '1.0.1' }, + '1.0.2': { version: '1.0.2' }, + '2.0.0': { version: '2.0.0' } + } +} +``` + +The algorithm will follow npm's algorithm for semver resolution, and only `tag`, +`range`, and `version` selectors are supported. + +The function will throw `ETARGET` if there was no matching manifest, and +`ENOVERSIONS` if the packument object has no valid versions in `versions`. + +If `opts.defaultTag` is provided, it will be used instead of `latest`. That is, +if that tag matches the selector, it will be used, even if a higher available +version matches the range. + +If `opts.enjoyBy` is provided, it should be something that can be passed to `new +Date(x)`, such as a `Date` object or a timestamp string. It will be used to +filter the selected versions such that only versions less than or equal to +`enjoyBy` are considered. + +If `opts.includeDeprecated` passed in as true, deprecated versions will be +selected. By default, deprecated versions other than `defaultTag` are ignored. diff --git a/node_modules/libnpm/node_modules/npm-pick-manifest/index.js b/node_modules/libnpm/node_modules/npm-pick-manifest/index.js new file mode 100644 index 000000000..9eb2d82d1 --- /dev/null +++ b/node_modules/libnpm/node_modules/npm-pick-manifest/index.js @@ -0,0 +1,136 @@ +'use strict' + +const figgyPudding = require('figgy-pudding') +const npa = require('npm-package-arg') +const semver = require('semver') + +const PickerOpts = figgyPudding({ + defaultTag: { default: 'latest' }, + enjoyBy: {}, + includeDeprecated: { default: false } +}) + +module.exports = pickManifest +function pickManifest (packument, wanted, opts) { + opts = PickerOpts(opts) + const time = opts.enjoyBy && packument.time && +(new Date(opts.enjoyBy)) + const spec = npa.resolve(packument.name, wanted) + const type = spec.type + if (type === 'version' || type === 'range') { + wanted = semver.clean(wanted, true) || wanted + } + const distTags = packument['dist-tags'] || {} + const versions = Object.keys(packument.versions || {}).filter(v => { + return semver.valid(v, true) + }) + const policyRestrictions = packument.policyRestrictions + const restrictedVersions = policyRestrictions + ? Object.keys(policyRestrictions.versions) : [] + + function enjoyableBy (v) { + return !time || ( + packument.time[v] && time >= +(new Date(packument.time[v])) + ) + } + + let err + + if (!versions.length && !restrictedVersions.length) { + err = new Error(`No valid versions available for ${packument.name}`) + err.code = 'ENOVERSIONS' + err.name = packument.name + err.type = type + err.wanted = wanted + throw err + } + + let target + + if (type === 'tag' && enjoyableBy(distTags[wanted])) { + target = distTags[wanted] + } else if (type === 'version') { + target = wanted + } else if (type !== 'range' && enjoyableBy(distTags[wanted])) { + throw new Error('Only tag, version, and range are supported') + } + + const tagVersion = distTags[opts.defaultTag] + + if ( + !target && + tagVersion && + packument.versions[tagVersion] && + enjoyableBy(tagVersion) && + semver.satisfies(tagVersion, wanted, true) + ) { + target = tagVersion + } + + if (!target && !opts.includeDeprecated) { + const undeprecated = versions.filter(v => !packument.versions[v].deprecated && enjoyableBy(v) + ) + target = semver.maxSatisfying(undeprecated, wanted, true) + } + if (!target) { + const stillFresh = versions.filter(enjoyableBy) + target = semver.maxSatisfying(stillFresh, wanted, true) + } + + if (!target && wanted === '*' && enjoyableBy(tagVersion)) { + // This specific corner is meant for the case where + // someone is using `*` as a selector, but all versions + // are pre-releases, which don't match ranges at all. + target = tagVersion + } + + if ( + !target && + time && + type === 'tag' && + distTags[wanted] && + !enjoyableBy(distTags[wanted]) + ) { + const stillFresh = versions.filter(v => + enjoyableBy(v) && semver.lte(v, distTags[wanted], true) + ).sort(semver.rcompare) + target = stillFresh[0] + } + + if (!target && restrictedVersions) { + target = semver.maxSatisfying(restrictedVersions, wanted, true) + } + + const manifest = ( + target && + packument.versions[target] + ) + if (!manifest) { + // Check if target is forbidden + const isForbidden = target && policyRestrictions && policyRestrictions.versions[target] + const pckg = `${packument.name}@${wanted}${ + opts.enjoyBy + ? ` with an Enjoy By date of ${ + new Date(opts.enjoyBy).toLocaleString() + }. Maybe try a different date?` + : '' + }` + + if (isForbidden) { + err = new Error(`Could not download ${pckg} due to policy violations.\n${policyRestrictions.message}\n`) + err.code = 'E403' + } else { + err = new Error(`No matching version found for ${pckg}.`) + err.code = 'ETARGET' + } + + err.name = packument.name + err.type = type + err.wanted = wanted + err.versions = versions + err.distTags = distTags + err.defaultTag = opts.defaultTag + throw err + } else { + return manifest + } +} diff --git a/node_modules/pacote/node_modules/npm-pick-manifest/package.json b/node_modules/libnpm/node_modules/npm-pick-manifest/package.json index 146982059..04e291703 100644 --- a/node_modules/pacote/node_modules/npm-pick-manifest/package.json +++ b/node_modules/libnpm/node_modules/npm-pick-manifest/package.json @@ -3,7 +3,7 @@ "_id": "npm-pick-manifest@3.0.2", "_inBundle": false, "_integrity": "sha512-wNprTNg+X5nf+tDi+hbjdHhM4bX+mKqv6XmPh7B5eG+QY9VARfQPfCEH013H5GqfNj6ee8Ij2fg8yk0mzps1Vw==", - "_location": "/pacote/npm-pick-manifest", + "_location": "/libnpm/npm-pick-manifest", "_phantomChildren": {}, "_requested": { "type": "range", @@ -16,12 +16,12 @@ "fetchSpec": "^3.0.0" }, "_requiredBy": [ - "/pacote" + "/libnpm/pacote" ], "_resolved": "https://registry.npmjs.org/npm-pick-manifest/-/npm-pick-manifest-3.0.2.tgz", "_shasum": "f4d9e5fd4be2153e5f4e5f9b7be8dc419a99abb7", "_spec": "npm-pick-manifest@^3.0.0", - "_where": "/Users/mperrotte/npminc/cli/node_modules/pacote", + "_where": "/Users/claudiahdz/npm/cli/node_modules/libnpm/node_modules/pacote", "author": { "name": "Kat Marchán", "email": "kzm@sykosomatic.org" diff --git a/node_modules/libnpm/node_modules/pacote/CHANGELOG.md b/node_modules/libnpm/node_modules/pacote/CHANGELOG.md new file mode 100644 index 000000000..b632c4eb4 --- /dev/null +++ b/node_modules/libnpm/node_modules/pacote/CHANGELOG.md @@ -0,0 +1,1417 @@ +# Change Log + +All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines. + +<a name="9.5.12"></a> +## [9.5.12](https://github.com/npm/pacote/compare/v9.5.11...v9.5.12) (2020-01-06) + + +### Bug Fixes + +* **git:** Do not drop uid/gid when executing in root-owned directory ([d2f4176](https://github.com/npm/pacote/commit/d2f4176)) + + + +<a name="9.5.11"></a> +## [9.5.11](https://github.com/npm/pacote/compare/v9.5.10...v9.5.11) (2019-12-09) + + +### Bug Fixes + +* sanitize and normalize package bin field ([6f229f7](https://github.com/npm/pacote/commit/6f229f7)) + + + +<a name="9.5.10"></a> +## [9.5.10](https://github.com/npm/pacote/compare/v9.5.9...v9.5.10) (2019-12-04) + + +### Bug Fixes + +* Do not drop perms in git when not root ([5f33040](https://github.com/npm/pacote/commit/5f33040)), closes [#23](https://github.com/npm/pacote/issues/23) + + + +<a name="9.5.9"></a> +## [9.5.9](https://github.com/npm/pacote/compare/v9.5.8...v9.5.9) (2019-10-29) + + +### Bug Fixes + +* include peerDependenciesMeta in manifest ([7a400d3](https://github.com/npm/pacote/commit/7a400d3)), closes [/github.com/npm/cli/pull/224#issuecomment-547666807](https://github.com//github.com/npm/cli/pull/224/issues/issuecomment-547666807) + + + +<a name="9.5.8"></a> +## [9.5.8](https://github.com/npm/pacote/compare/v9.5.7...v9.5.8) (2019-08-20) + + + +<a name="9.5.7"></a> +## [9.5.7](https://github.com/npm/pacote/compare/v9.5.6...v9.5.7) (2019-08-19) + + +### Bug Fixes + +* do not try to chown if not running as root ([bbc5da3](https://github.com/npm/pacote/commit/bbc5da3)) + + + +<a name="9.5.6"></a> +## [9.5.6](https://github.com/npm/pacote/compare/v9.5.5...v9.5.6) (2019-08-15) + + +### Bug Fixes + +* **extract:** chown properly when more than one directory is made ([5161828](https://github.com/npm/pacote/commit/5161828)) + + + +<a name="9.5.5"></a> +## [9.5.5](https://github.com/npm/pacote/compare/v9.5.4...v9.5.5) (2019-08-12) + + +### Bug Fixes + +* don't pass uid/gid to cacache ([0a0c73c](https://github.com/npm/pacote/commit/0a0c73c)) +* Infer owner of all unpacked files ([f12e7ef](https://github.com/npm/pacote/commit/f12e7ef)) +* invalid arg detection in extract() ([b4dc363](https://github.com/npm/pacote/commit/b4dc363)), closes [#5](https://github.com/npm/pacote/issues/5) [#6](https://github.com/npm/pacote/issues/6) + + + +<a name="9.5.4"></a> +## [9.5.4](https://github.com/npm/pacote/compare/v9.5.3...v9.5.4) (2019-07-16) + + +### Bug Fixes + +* **git:** ensure stream failures are reported ([7f07b5d](https://github.com/npm/pacote/commit/7f07b5d)), closes [#1](https://github.com/npm/pacote/issues/1) + + + +<a name="9.5.3"></a> +## [9.5.3](https://github.com/npm/pacote/compare/v9.5.2...v9.5.3) (2019-07-16) + + + +<a name="9.5.2"></a> +## [9.5.2](https://github.com/npm/pacote/compare/v9.5.1...v9.5.2) (2019-07-12) + + +### Bug Fixes + +* always pass uid/gid to cacache.put ([3d08925](https://github.com/npm/pacote/commit/3d08925)) + + + +<a name="9.5.1"></a> +## [9.5.1](https://github.com/npm/pacote/compare/v9.5.0...v9.5.1) (2019-06-17) + + +### Bug Fixes + +* **audit:** npm audit fix ([127a28b](https://github.com/npm/pacote/commit/127a28b)) +* **errors:** Fix "TypeError: err.code.match is not a function" error ([#170](https://github.com/npm/pacote/issues/170)) ([92f5e4c](https://github.com/zkat/pacote/commit/92f5e4c)) +* **git:** limit retry times, avoid unlimited retries ([#172](https://github.com/npm/pacote/issues/172)) ([8bbd051](https://github.com/zkat/pacote/commit/8bbd051)) + + + +<a name="9.5.0"></a> +# [9.5.0](https://github.com/npm/pacote/compare/v9.4.1...v9.5.0) (2019-02-18) + + +### Features + +* **enjoy-by:** add `before` as an alias to enjoy-by ([75d62b7](https://github.com/npm/pacote/commit/75d62b7)) + + + +<a name="9.4.1"></a> +## [9.4.1](https://github.com/npm/pacote/compare/v9.4.0...v9.4.1) (2019-01-24) + + +### Bug Fixes + +* **directory, finalize-manifest:** strip byte order marker from JSON ([723ad63](https://github.com/npm/pacote/commit/723ad63)) + + + +<a name="9.4.0"></a> +# [9.4.0](https://github.com/npm/pacote/compare/v9.3.0...v9.4.0) (2019-01-14) + + +### Features + +* **registry:** fall back to fullfat if something might be wrong with corgis ([0e71d6b](https://github.com/npm/pacote/commit/0e71d6b)) + + + +<a name="9.3.0"></a> +# [9.3.0](https://github.com/npm/pacote/compare/v9.2.3...v9.3.0) (2018-12-21) + + +### Bug Fixes + +* **git, file:** properly catch otherwise unhandled errors ([89d4897](https://github.com/npm/pacote/commit/89d4897)) +* **test:** set umask opt to fix extract-stream 'accepts dmode/fmode/umask opts' ([e51de83](https://github.com/npm/pacote/commit/e51de83)) + + +### Features + +* **git:** accept git path option ([#164](https://github.com/npm/pacote/issues/164)) ([f06c8c5](https://github.com/zkat/pacote/commit/f06c8c5)) + + + +<a name="9.2.3"></a> +## [9.2.3](https://github.com/npm/pacote/compare/v9.2.2...v9.2.3) (2018-10-31) + + + +<a name="9.2.2"></a> +## [9.2.2](https://github.com/npm/pacote/compare/v9.2.1...v9.2.2) (2018-10-31) + + + +<a name="9.2.1"></a> +## [9.2.1](https://github.com/npm/pacote/compare/v9.2.0...v9.2.1) (2018-10-31) + + + +<a name="9.2.0"></a> +# [9.2.0](https://github.com/npm/pacote/compare/v9.1.1...v9.2.0) (2018-10-30) + + +### Features + +* **enjoyBy:** add opts.enjoy-by option ([7df399c](https://github.com/npm/pacote/commit/7df399c)) + + + +<a name="9.1.1"></a> +## [9.1.1](https://github.com/npm/pacote/compare/v9.1.0...v9.1.1) (2018-10-26) + + +### Bug Fixes + +* **deps:** bump protoduck to remove CC0-1.0 license in dep ([3d9d9a6](https://github.com/npm/pacote/commit/3d9d9a6)) +* **git:** Fix temp directory permissions for git fetcher ([#159](https://github.com/npm/pacote/issues/159)) ([97c3aeb](https://github.com/zkat/pacote/commit/97c3aeb)) +* **packument:** group together all registry specs in silly log ([2333a17](https://github.com/npm/pacote/commit/2333a17)) +* **standard:** standard --fix ([0ecb188](https://github.com/npm/pacote/commit/0ecb188)) + + + +<a name="9.1.0"></a> +# [9.1.0](https://github.com/npm/pacote/compare/v9.0.0...v9.1.0) (2018-08-15) + + +### Bug Fixes + +* **docs:** tweaking ToC ([1eeb8a0](https://github.com/npm/pacote/commit/1eeb8a0)) +* **packument:** take accept header into account when memoizing ([3c637e8](https://github.com/npm/pacote/commit/3c637e8)) + + +### Features + +* **aliases:** add support for registry alias specs ([b173f26](https://github.com/npm/pacote/commit/b173f26)) +* **packument:** add packument api ([97888d9](https://github.com/npm/pacote/commit/97888d9)) + + + +<a name="9.0.0"></a> +# [9.0.0](https://github.com/npm/pacote/compare/v8.1.6...v9.0.0) (2018-07-31) + + +### Bug Fixes + +* **travis:** idk why travis was failing ([ab593c9](https://github.com/npm/pacote/commit/ab593c9)) + + +### Features + +* **config:** convert to use figgy-pudding ([0b5bb82](https://github.com/npm/pacote/commit/0b5bb82)) +* **log:** use process.emit-style logging by default ([29ff8b3](https://github.com/npm/pacote/commit/29ff8b3)) +* **registry:** switch to npm-registry-fetch ([c43d6b0](https://github.com/npm/pacote/commit/c43d6b0)) + + +### BREAKING CHANGES + +* **log:** pacote will start emitting events on the process object by default now, instead of doing silent logging +* **registry:** config has changed significantly, especially +for auth and registry-related configs. Refer to README.md +for available options. + + + +<a name="8.1.6"></a> +## [8.1.6](https://github.com/npm/pacote/compare/v8.1.5...v8.1.6) (2018-05-24) + + + +<a name="8.1.5"></a> +## [8.1.5](https://github.com/npm/pacote/compare/v8.1.4...v8.1.5) (2018-05-22) + + + +<a name="8.1.4"></a> +## [8.1.4](https://github.com/npm/pacote/compare/v8.1.3...v8.1.4) (2018-05-22) + + + +<a name="8.1.3"></a> +## [8.1.3](https://github.com/npm/pacote/compare/v8.1.2...v8.1.3) (2018-05-20) + + +### Bug Fixes + +* **deps:** try reverting tar ([574ecff](https://github.com/npm/pacote/commit/574ecff)) +* **extract-stream:** address "write after end" issue ([#151](https://github.com/npm/pacote/issues/151)) ([50ed408](https://github.com/zkat/pacote/commit/50ed408)), closes [#142](https://github.com/zkat/pacote/issues/142) + + + +<a name="8.1.2"></a> +## [8.1.2](https://github.com/npm/pacote/compare/v8.1.1...v8.1.2) (2018-05-16) + + +### Bug Fixes + +* **extract-stream:** nudge things to stop write-after-end heisenbug, hopefully ([a398715](https://github.com/npm/pacote/commit/a398715)) + + + +<a name="8.1.1"></a> +## [8.1.1](https://github.com/npm/pacote/compare/v8.1.0...v8.1.1) (2018-04-24) + + +### Bug Fixes + +* **tarball:** Remove promise handler error ([#148](https://github.com/npm/pacote/issues/148)) ([47da3f6](https://github.com/zkat/pacote/commit/47da3f6)), closes [#145](https://github.com/zkat/pacote/issues/145) + + + +<a name="8.1.0"></a> +# [8.1.0](https://github.com/npm/pacote/compare/v8.0.0...v8.1.0) (2018-04-18) + + +### Bug Fixes + +* **git:** workaround for mississippi.finished intermitent failures ([#144](https://github.com/npm/pacote/issues/144)) ([788fd13](https://github.com/zkat/pacote/commit/788fd13)), closes [#143](https://github.com/zkat/pacote/issues/143) + + +### Features + +* **tarball:** calculate shasum when missing, not just integrity ([#149](https://github.com/npm/pacote/issues/149)) ([ccc6e90](https://github.com/zkat/pacote/commit/ccc6e90)) + + + +<a name="8.0.0"></a> +# [8.0.0](https://github.com/npm/pacote/compare/v7.6.1...v8.0.0) (2018-04-12) + + +### Bug Fixes + +* **git:** make full clones do a full mirror ([85b269b](https://github.com/npm/pacote/commit/85b269b)) + + +### deps + +* bump deps ([6737bf6](https://github.com/npm/pacote/commit/6737bf6)) + + +### meta + +* drop support for node@4 ([11478ff](https://github.com/npm/pacote/commit/11478ff)) + + +### BREAKING CHANGES + +* some dependencies were upgraded to versions that do not +support node@4. +* node@4 is no longer supported + + + +<a name="7.6.1"></a> +## [7.6.1](https://github.com/npm/pacote/compare/v7.6.0...v7.6.1) (2018-03-08) + + +### Bug Fixes + +* **standard:** update to new standard rules ([bb52d02](https://github.com/npm/pacote/commit/bb52d02)) + + + +<a name="7.6.0"></a> +# [7.6.0](https://github.com/npm/pacote/compare/v7.5.3...v7.6.0) (2018-03-08) + + +### Features + +* **git:** added retry logic for all git operations. ([#136](https://github.com/npm/pacote/issues/136)) ([425c58d](https://github.com/zkat/pacote/commit/425c58d)) + + + +<a name="7.5.3"></a> +## [7.5.3](https://github.com/npm/pacote/compare/v7.5.2...v7.5.3) (2018-03-02) + + +### Bug Fixes + +* **tarball:** stop dropping stream errors on the floor ([3db03c2](https://github.com/npm/pacote/commit/3db03c2)) + + + +<a name="7.5.2"></a> +## [7.5.2](https://github.com/npm/pacote/compare/v7.5.1...v7.5.2) (2018-03-02) + + +### Bug Fixes + +* **console:** remove spurious debugging console.log :< ([5b8b509](https://github.com/npm/pacote/commit/5b8b509)) + + + +<a name="7.5.1"></a> +## [7.5.1](https://github.com/npm/pacote/compare/v7.5.0...v7.5.1) (2018-03-01) + + +### Bug Fixes + +* **tarball:** catch errors thrown from stream handler ([bdd6628](https://github.com/npm/pacote/commit/bdd6628)) + + + +<a name="7.5.0"></a> +# [7.5.0](https://github.com/npm/pacote/compare/v7.4.2...v7.5.0) (2018-03-01) + + +### Features + +* **logging:** let users know when file: resolved packages fail integrity check ([0fb8037](https://github.com/npm/pacote/commit/0fb8037)) + + + +<a name="7.4.2"></a> +## [7.4.2](https://github.com/npm/pacote/compare/v7.4.1...v7.4.2) (2018-02-23) + + +### Bug Fixes + +* **deps:** move mkdirp and rimraf to dependencies ([#140](https://github.com/npm/pacote/issues/140)) ([bba20c8](https://github.com/zkat/pacote/commit/bba20c8)), closes [#128](https://github.com/zkat/pacote/issues/128) + + + +<a name="7.4.1"></a> +## [7.4.1](https://github.com/npm/pacote/compare/v7.4.0...v7.4.1) (2018-02-23) + + +### Bug Fixes + +* **tarball:** fix spurious errors from tarball.stream() ([0286ba5](https://github.com/npm/pacote/commit/0286ba5)) + + + +<a name="7.4.0"></a> +# [7.4.0](https://github.com/npm/pacote/compare/v7.3.3...v7.4.0) (2018-02-17) + + +### Features + +* **tarball:** support file: opts.resolved shortcut ([a6cf279](https://github.com/npm/pacote/commit/a6cf279)) + + + +<a name="7.3.3"></a> +## [7.3.3](https://github.com/npm/pacote/compare/v7.3.2...v7.3.3) (2018-02-15) + + +### Bug Fixes + +* **tarball:** another attempt at fixing opts.resolved ([aff3b6a](https://github.com/npm/pacote/commit/aff3b6a)) + + + +<a name="7.3.2"></a> +## [7.3.2](https://github.com/npm/pacote/compare/v7.3.1...v7.3.2) (2018-02-15) + + +### Bug Fixes + +* **tarball:** opts.resolved impl was triggering extra registry lookups ([0a4729d](https://github.com/npm/pacote/commit/0a4729d)) + + + +<a name="7.3.1"></a> +## [7.3.1](https://github.com/npm/pacote/compare/v7.3.0...v7.3.1) (2018-02-14) + + +### Bug Fixes + +* **tarball:** stop using mississippi.pipe() in tarball.js and extract.js ([f5c1da9](https://github.com/npm/pacote/commit/f5c1da9)) + + + +<a name="7.3.0"></a> +# [7.3.0](https://github.com/npm/pacote/compare/v7.2.0...v7.3.0) (2018-02-07) + + +### Bug Fixes + +* **git:** fix resolution of prerelease versions ([#130](https://github.com/npm/pacote/issues/130)) ([83be46b](https://github.com/zkat/pacote/commit/83be46b)), closes [#129](https://github.com/zkat/pacote/issues/129) + + +### Features + +* **extract:** append _resolved and _integrity automatically ([#134](https://github.com/npm/pacote/issues/134)) ([6886b65](https://github.com/zkat/pacote/commit/6886b65)) + + + +<a name="7.2.0"></a> +# [7.2.0](https://github.com/npm/pacote/compare/v7.1.1...v7.2.0) (2018-01-19) + + +### Features + +* **resolved:** tarball shortcut when opts.resolved is provided ([46a2f58](https://github.com/npm/pacote/commit/46a2f58)) + + + +<a name="7.1.1"></a> +## [7.1.1](https://github.com/npm/pacote/compare/v7.1.0...v7.1.1) (2018-01-08) + + +### Bug Fixes + +* **publish:** a spurious file was included in the previous release ([296741a](https://github.com/npm/pacote/commit/296741a)) + + + +<a name="7.1.0"></a> +# [7.1.0](https://github.com/npm/pacote/compare/v7.0.2...v7.1.0) (2018-01-07) + + +### Bug Fixes + +* **security:** deep-update debug due to vulnerabilities ([ff16da7](https://github.com/npm/pacote/commit/ff16da7)) + + +### Features + +* **resolved:** add opts.resolved for cache stuff ([#131](https://github.com/npm/pacote/issues/131)) ([149a4b5](https://github.com/zkat/pacote/commit/149a4b5)) + + + +<a name="7.0.2"></a> +## [7.0.2](https://github.com/npm/pacote/compare/v7.0.1...v7.0.2) (2017-11-28) + + +### Bug Fixes + +* **git:** only resolvedRefs can be shallow-cloned ([899720f](https://github.com/npm/pacote/commit/899720f)) + + + +<a name="7.0.1"></a> +## [7.0.1](https://github.com/npm/pacote/compare/v7.0.0...v7.0.1) (2017-11-15) + + +### Bug Fixes + +* **git:** use resolved ref if available when doing a full clone (#125) ([46ca45a](https://github.com/npm/pacote/commit/46ca45a)), closes [#125](https://github.com/zkat/pacote/issues/125) +* **move:** bump cacache for some cross-platform move fixes ([eebdcda](https://github.com/npm/pacote/commit/eebdcda)) +* **test:** missed a spot converting tests to promises ([c43caed](https://github.com/npm/pacote/commit/c43caed)) + + + +<a name="7.0.0"></a> +# [7.0.0](https://github.com/npm/pacote/compare/v6.1.0...v7.0.0) (2017-11-15) + + +### Bug Fixes + +* **docs:** You totally should use pacote now (#126) ([d49a9b5](https://github.com/npm/pacote/commit/d49a9b5)) +* **git:** stop generating integrity for git ([d45363b](https://github.com/npm/pacote/commit/d45363b)) +* **integrity:** stop defaulting to sha1 hashes ([62f8cdf](https://github.com/npm/pacote/commit/62f8cdf)) +* **license:** relicense to MIT for OSI-compat ([ba6b3e0](https://github.com/npm/pacote/commit/ba6b3e0)) + + +### Features + +* **tarball:** add externall pacote.tarball() api ([e30bd49](https://github.com/npm/pacote/commit/e30bd49)) + + +### prefetch + +* deprecate pacote.prefetch ([e47e521](https://github.com/npm/pacote/commit/e47e521)) + + +### BREAKING CHANGES + +* **license:** The license has changed from CC0-1.0 to MIT, which is less permissive and also OSI-approved. +* pacote.prefetch is deprecated in favor of pacote.tarball + + + +<a name="6.1.0"></a> +# [6.1.0](https://github.com/npm/pacote/compare/v6.0.4...v6.1.0) (2017-10-19) + + +### Bug Fixes + +* **git:** use actual default git branch instead of assuming master (#122) ([79ce949](https://github.com/npm/pacote/commit/79ce949)) +* **npa:** ensure spec is a valid npa instance ([1757b2b](https://github.com/npm/pacote/commit/1757b2b)) + + +### Features + +* **selection:** add opts.includeDeprecated (#123) ([2001549](https://github.com/npm/pacote/commit/2001549)) + + + +<a name="6.0.4"></a> +## [6.0.4](https://github.com/npm/pacote/compare/v6.0.3...v6.0.4) (2017-10-05) + + +### Bug Fixes + +* **file:** include integrity hash for streamed tarballs too ([030cee7](https://github.com/npm/pacote/commit/030cee7)) + + + +<a name="6.0.3"></a> +## [6.0.3](https://github.com/npm/pacote/compare/v6.0.2...v6.0.3) (2017-10-05) + + +### Bug Fixes + +* **extract:** clean up mode/fmode/dmode tests ([f915045](https://github.com/npm/pacote/commit/f915045)) +* **file:** make sure file tarballs are written to cache and have integrity data ([dae391a](https://github.com/npm/pacote/commit/dae391a)) +* **git:** version resolution regression from #115 (#119) ([9a68205](https://github.com/npm/pacote/commit/9a68205)) + + + +<a name="6.0.2"></a> +## [6.0.2](https://github.com/npm/pacote/compare/v6.0.1...v6.0.2) (2017-09-06) + + +### Bug Fixes + +* **extract:** preserve executable perms on extracted files ([19b3dfd](https://github.com/npm/pacote/commit/19b3dfd)) + + +### Performance Improvements + +* replace some calls to .match() with .starts/endsWith() (#115) ([192a02f](https://github.com/npm/pacote/commit/192a02f)) + + + +<a name="6.0.1"></a> +## [6.0.1](https://github.com/npm/pacote/compare/v6.0.0...v6.0.1) (2017-08-22) + + +### Bug Fixes + +* **finalize:** insist on getting a package.json ([f72ee91](https://github.com/npm/pacote/commit/f72ee91)) + + + +<a name="6.0.0"></a> +# [6.0.0](https://github.com/npm/pacote/compare/v5.0.1...v6.0.0) (2017-08-19) + + +### Bug Fixes + +* **tar:** bring back the .gitignore -> .npmignore logic (#113) ([0dd518e](https://github.com/npm/pacote/commit/0dd518e)) + + +### BREAKING CHANGES + +* **tar:** this reverts a previous change to disable this feature. + + + +<a name="5.0.1"></a> +## [5.0.1](https://github.com/npm/pacote/compare/v5.0.0...v5.0.1) (2017-08-17) + + +### Bug Fixes + +* **tar:** chown directories on extract as well ([2fa4598](https://github.com/npm/pacote/commit/2fa4598)) + + + +<a name="5.0.0"></a> +# [5.0.0](https://github.com/npm/pacote/compare/v4.0.0...v5.0.0) (2017-08-16) + + +### Bug Fixes + +* **registry:** Pass maxSockets options down (#110) ([3f05b79](https://github.com/npm/pacote/commit/3f05b79)) + + +### Features + +* **deps:** replace tar-fs/tar-stream with tar[@3](https://github.com/3) ([28c80a9](https://github.com/npm/pacote/commit/28c80a9)) +* **tar:** switch to tarv3 ([53899c7](https://github.com/npm/pacote/commit/53899c7)) + + +### BREAKING CHANGES + +* **tar:** this changes the underlying tar library, and thus may introduce some subtle low-level incompatibility. Also: + +* The tarball packer built into pacote works much closer to how the one npm injects does. +* Special characters on Windows will now be escaped the way tar(1) usually does: by replacing them with the `0xf000` masked character on the way out. +* Directories won't be chowned. + + + +<a name="4.0.0"></a> +# [4.0.0](https://github.com/npm/pacote/compare/v3.0.0...v4.0.0) (2017-06-29) + + +### Bug Fixes + +* **extract:** revert uid/gid change ([41852e0](https://github.com/npm/pacote/commit/41852e0)) + + +### BREAKING CHANGES + +* **extract:** behavior for setting uid/gid on extracted contents was restored to what it was in pacote@2 + + + +<a name="3.0.0"></a> +# [3.0.0](https://github.com/npm/pacote/compare/v2.7.38...v3.0.0) (2017-06-29) + + +### Bug Fixes + +* **extract:** always extract as current user gid/uid ([6fc01a5](https://github.com/npm/pacote/commit/6fc01a5)) + + +### BREAKING CHANGES + +* **extract:** pacote will no longer set ownership of extracted +contents -- uid/gid will *only* be used for the cache and other internal +details. + + + +<a name="2.7.38"></a> +## [2.7.38](https://github.com/npm/pacote/compare/v2.7.37...v2.7.38) (2017-06-29) + + +### Bug Fixes + +* **manifest:** bump npm-pick-manifest for loose semver fix ([b3d45ef](https://github.com/npm/pacote/commit/b3d45ef)) + + + +<a name="2.7.37"></a> +## [2.7.37](https://github.com/npm/pacote/compare/v2.7.36...v2.7.37) (2017-06-29) + + +### Bug Fixes + +* **deps:** bump deps for fixes ([f156655](https://github.com/npm/pacote/commit/f156655)) + + + +<a name="2.7.36"></a> +## [2.7.36](https://github.com/npm/pacote/compare/v2.7.35...v2.7.36) (2017-06-10) + + +### Bug Fixes + +* **deps:** update tar-fs with the special characters patch (#102) ([ed43aa3](https://github.com/npm/pacote/commit/ed43aa3)) + + + +<a name="2.7.35"></a> +## [2.7.35](https://github.com/npm/pacote/compare/v2.7.34...v2.7.35) (2017-06-09) + + +### Bug Fixes + +* **registry:** only print one 199 warning (#100) ([b395138](https://github.com/npm/pacote/commit/b395138)) + + + +<a name="2.7.34"></a> +## [2.7.34](https://github.com/npm/pacote/compare/v2.7.33...v2.7.34) (2017-06-09) + + +### Bug Fixes + +* **git:** whitelist specific shallow-cloneable hosts ([b210cc8](https://github.com/npm/pacote/commit/b210cc8)) + + + +<a name="2.7.33"></a> +## [2.7.33](https://github.com/npm/pacote/compare/v2.7.32...v2.7.33) (2017-06-08) + + +### Bug Fixes + +* **git:** better error reporting when ls-remote fails ([10aae8f](https://github.com/npm/pacote/commit/10aae8f)) + + + +<a name="2.7.32"></a> +## [2.7.32](https://github.com/npm/pacote/compare/v2.7.31...v2.7.32) (2017-06-07) + + +### Bug Fixes + +* **registry:** print both 111 and 199 warnings ([2f8c201](https://github.com/npm/pacote/commit/2f8c201)) + + + +<a name="2.7.31"></a> +## [2.7.31](https://github.com/npm/pacote/compare/v2.7.30...v2.7.31) (2017-06-06) + + +### Bug Fixes + +* **extract:** always return a bluebird promise ([06ca91d](https://github.com/npm/pacote/commit/06ca91d)) +* **registry:** bump make-fetch-happen for local cache header issue fix ([868615c](https://github.com/npm/pacote/commit/868615c)) + + + +<a name="2.7.30"></a> +## [2.7.30](https://github.com/npm/pacote/compare/v2.7.29...v2.7.30) (2017-06-05) + + +### Bug Fixes + +* **ssri:** bump ssri for bugfix ([70a859c](https://github.com/npm/pacote/commit/70a859c)) + + + +<a name="2.7.29"></a> +## [2.7.29](https://github.com/npm/pacote/compare/v2.7.28...v2.7.29) (2017-06-05) + + +### Bug Fixes + +* **registry:** use cert instead of certfile opt ([a45880d](https://github.com/npm/pacote/commit/a45880d)) + + + +<a name="2.7.28"></a> +## [2.7.28](https://github.com/npm/pacote/compare/v2.7.27...v2.7.28) (2017-06-05) + + +### Bug Fixes + +* **git:** limit ls-remote output to heads/tags (#97) ([c1e3dcd](https://github.com/npm/pacote/commit/c1e3dcd)) +* **proxy:** send certificate authority, key and other options (#95) ([c4b6128](https://github.com/npm/pacote/commit/c4b6128)) +* **registry:** add support for global auth and _auth token (#96) ([7919fb7](https://github.com/npm/pacote/commit/7919fb7)) +* **registry:** emit npm-session header (#98) ([9816b18](https://github.com/npm/pacote/commit/9816b18)) + + + +<a name="2.7.27"></a> +## [2.7.27](https://github.com/npm/pacote/compare/v2.7.26...v2.7.27) (2017-06-01) + + +### Bug Fixes + +* **git:** fix semver range detection. oops ([76d9233](https://github.com/npm/pacote/commit/76d9233)) + + + +<a name="2.7.26"></a> +## [2.7.26](https://github.com/npm/pacote/compare/v2.7.25...v2.7.26) (2017-06-01) + + +### Bug Fixes + +* **git:** hash was not being replaced/appended correctly ([6fcbed5](https://github.com/npm/pacote/commit/6fcbed5)) + + + +<a name="2.7.25"></a> +## [2.7.25](https://github.com/npm/pacote/compare/v2.7.24...v2.7.25) (2017-05-31) + + +### Bug Fixes + +* **git:** git deps were getting _resolved without shasums ([96f0675](https://github.com/npm/pacote/commit/96f0675)) + + + +<a name="2.7.24"></a> +## [2.7.24](https://github.com/npm/pacote/compare/v2.7.23...v2.7.24) (2017-05-31) + + +### Bug Fixes + +* **deps:** update dep versions with new patches ([dc2e4ff](https://github.com/npm/pacote/commit/dc2e4ff)) + + + +<a name="2.7.23"></a> +## [2.7.23](https://github.com/npm/pacote/compare/v2.7.22...v2.7.23) (2017-05-31) + + +### Bug Fixes + +* **git:** fix ls-remote command and throw away ^{} junk ([62ba84d](https://github.com/npm/pacote/commit/62ba84d)) +* **git:** use the parsed git committish from npa ([77a676a](https://github.com/npm/pacote/commit/77a676a)) + + + +<a name="2.7.22"></a> +## [2.7.22](https://github.com/npm/pacote/compare/v2.7.21...v2.7.22) (2017-05-31) + + +### Bug Fixes + +* **git:** accept shortened git hashes (#91) ([4466388](https://github.com/npm/pacote/commit/4466388)) + + + +<a name="2.7.21"></a> +## [2.7.21](https://github.com/npm/pacote/compare/v2.7.20...v2.7.21) (2017-05-25) + + +### Bug Fixes + +* **registry:** stop URIEncoding username/password ([011c9a2](https://github.com/npm/pacote/commit/011c9a2)) + + + +<a name="2.7.20"></a> +## [2.7.20](https://github.com/npm/pacote/compare/v2.7.19...v2.7.20) (2017-05-25) + + +### Bug Fixes + +* **registry:** encode username and password for auth ([c48b651](https://github.com/npm/pacote/commit/c48b651)) + + + +<a name="2.7.19"></a> +## [2.7.19](https://github.com/npm/pacote/compare/v2.7.18...v2.7.19) (2017-05-25) + + +### Bug Fixes + +* **registry:** respect alwaysAuth ([150788a](https://github.com/npm/pacote/commit/150788a)) + + + +<a name="2.7.18"></a> +## [2.7.18](https://github.com/npm/pacote/compare/v2.7.17...v2.7.18) (2017-05-25) + + +### Bug Fixes + +* **cache:** pass uid/gid settings through to mfh ([d8845df](https://github.com/npm/pacote/commit/d8845df)) +* **deps:** update m-f-h for cache opts fix ([faab6cd](https://github.com/npm/pacote/commit/faab6cd)) + + + +<a name="2.7.17"></a> +## [2.7.17](https://github.com/npm/pacote/compare/v2.7.16...v2.7.17) (2017-05-25) + + +### Bug Fixes + +* **deps:** bump cacache ([34bd656](https://github.com/npm/pacote/commit/34bd656)) + + + +<a name="2.7.16"></a> +## [2.7.16](https://github.com/npm/pacote/compare/v2.7.15...v2.7.16) (2017-05-24) + + +### Bug Fixes + +* **deps:** pull in various fixes from deps ([4354703](https://github.com/npm/pacote/commit/4354703)) + + + +<a name="2.7.15"></a> +## [2.7.15](https://github.com/npm/pacote/compare/v2.7.14...v2.7.15) (2017-05-24) + + +### Bug Fixes + +* **proxy:** bump m-f-h with more patches ([26d4170](https://github.com/npm/pacote/commit/26d4170)) + + + +<a name="2.7.14"></a> +## [2.7.14](https://github.com/npm/pacote/compare/v2.7.13...v2.7.14) (2017-05-24) + + +### Bug Fixes + +* **proxy:** pull in new m-f-h with fixed http proxies ([d6a14e0](https://github.com/npm/pacote/commit/d6a14e0)) + + + +<a name="2.7.13"></a> +## [2.7.13](https://github.com/npm/pacote/compare/v2.7.12...v2.7.13) (2017-05-23) + + +### Bug Fixes + +* **deps:** bump dep versions to fix http redirect issues ([b23a9fa](https://github.com/npm/pacote/commit/b23a9fa)) + + + +<a name="2.7.12"></a> +## [2.7.12](https://github.com/npm/pacote/compare/v2.7.11...v2.7.12) (2017-05-16) + + +### Bug Fixes + +* **fetch:** fix default userAgent ([4b9d344](https://github.com/npm/pacote/commit/4b9d344)) +* **registry:** log failed requests too ([0f23f06](https://github.com/npm/pacote/commit/0f23f06)) +* **remote:** send a useful pkg id header for remote tarballs ([ac13356](https://github.com/npm/pacote/commit/ac13356)) + + + +<a name="2.7.11"></a> +## [2.7.11](https://github.com/npm/pacote/compare/v2.7.10...v2.7.11) (2017-05-12) + + +### Bug Fixes + +* **fetch:** make it play nicer with bundlers ([67cd713](https://github.com/npm/pacote/commit/67cd713)) + + + +<a name="2.7.10"></a> +## [2.7.10](https://github.com/npm/pacote/compare/v2.7.9...v2.7.10) (2017-05-12) + + +### Bug Fixes + +* **logging:** shhhhhhh ([e7ea56e](https://github.com/npm/pacote/commit/e7ea56e)) +* **manifest:** _resolved is the only main field we do not overwrite ([4c12421](https://github.com/npm/pacote/commit/4c12421)) + + + +<a name="2.7.9"></a> +## [2.7.9](https://github.com/npm/pacote/compare/v2.7.8...v2.7.9) (2017-05-09) + + +### Bug Fixes + +* **git:** Resolve to ref git specs w/o committishes (#88) ([cb885f5](https://github.com/npm/pacote/commit/cb885f5)), closes [#88](https://github.com/zkat/pacote/issues/88) + + + +<a name="2.7.8"></a> +## [2.7.8](https://github.com/npm/pacote/compare/v2.7.7...v2.7.8) (2017-05-07) + + +### Bug Fixes + +* **git:** integrity hash was not always emitted ([97ed9e1](https://github.com/npm/pacote/commit/97ed9e1)) + + + +<a name="2.7.7"></a> +## [2.7.7](https://github.com/npm/pacote/compare/v2.7.6...v2.7.7) (2017-05-06) + + +### Bug Fixes + +* **auth:** redirects no longer send auth to different host ([82e78c5](https://github.com/npm/pacote/commit/82e78c5)) + + + +<a name="2.7.6"></a> +## [2.7.6](https://github.com/npm/pacote/compare/v2.7.5...v2.7.6) (2017-05-05) + + +### Bug Fixes + +* **git:** only use longpaths on win32 because old gits ([32846fc](https://github.com/npm/pacote/commit/32846fc)) + + + +<a name="2.7.5"></a> +## [2.7.5](https://github.com/npm/pacote/compare/v2.7.4...v2.7.5) (2017-05-04) + + +### Bug Fixes + +* **registry-key:** Use pathname instead of path in registryKey (#85) ([5339831](https://github.com/npm/pacote/commit/5339831)) + + + +<a name="2.7.4"></a> +## [2.7.4](https://github.com/npm/pacote/compare/v2.7.3...v2.7.4) (2017-05-04) + + +### Bug Fixes + +* **pick-manifest:** fix =1.2.3 semver range requests ([dd6911c](https://github.com/npm/pacote/commit/dd6911c)) + + + +<a name="2.7.3"></a> +## [2.7.3](https://github.com/npm/pacote/compare/v2.7.2...v2.7.3) (2017-05-04) + + +### Bug Fixes + +* **pick-manifest:** spaces in requested version are now trimmed out ([6422b28](https://github.com/npm/pacote/commit/6422b28)) + + + +<a name="2.7.2"></a> +## [2.7.2](https://github.com/npm/pacote/compare/v2.7.1...v2.7.2) (2017-05-04) + + +### Bug Fixes + +* **extract:** missing or corrupted content properly re-fetched again ([46f60c2](https://github.com/npm/pacote/commit/46f60c2)) + + + +<a name="2.7.1"></a> +## [2.7.1](https://github.com/npm/pacote/compare/v2.7.0...v2.7.1) (2017-05-01) + + +### Bug Fixes + +* **logging:** log specs correctly on extract ([4b5bab0](https://github.com/npm/pacote/commit/4b5bab0)) +* **manifest:** obey opts.preferOnline when fetching from memoized ([26928a7](https://github.com/npm/pacote/commit/26928a7)) + + + +<a name="2.7.0"></a> +# [2.7.0](https://github.com/npm/pacote/compare/v2.6.0...v2.7.0) (2017-04-29) + + +### Bug Fixes + +* **registry:** stop using integrity hashes for metadata. again. ([4595ab2](https://github.com/npm/pacote/commit/4595ab2)) + + +### Features + +* **manifest:** include _shasum for legacy compat ([b3a7eed](https://github.com/npm/pacote/commit/b3a7eed)) + + + +<a name="2.6.0"></a> +# [2.6.0](https://github.com/npm/pacote/compare/v2.5.0...v2.6.0) (2017-04-29) + + +### Features + +* **manifest:** annotate manifests with _from ([e45e968](https://github.com/npm/pacote/commit/e45e968)) + + + +<a name="2.5.0"></a> +# [2.5.0](https://github.com/npm/pacote/compare/v2.4.0...v2.5.0) (2017-04-28) + + +### Bug Fixes + +* **registry:** JSON text is not a valid header value ([78951ea](https://github.com/npm/pacote/commit/78951ea)) + + +### Features + +* **memoization:** allow injection and control of memoizers ([d8a2be7](https://github.com/npm/pacote/commit/d8a2be7)) + + + +<a name="2.4.0"></a> +# [2.4.0](https://github.com/npm/pacote/compare/v2.3.2...v2.4.0) (2017-04-27) + + +### Bug Fixes + +* **tests:** nicer error message on registry 404 ([e8e71c8](https://github.com/npm/pacote/commit/e8e71c8)) + + +### Features + +* **auth:** added basic auth and always-auth support ([548aeb5](https://github.com/npm/pacote/commit/548aeb5)) +* **proxy:** proxy support for registry and remote deps ([3766bbb](https://github.com/npm/pacote/commit/3766bbb)) + + + +<a name="2.3.2"></a> +## [2.3.2](https://github.com/npm/pacote/compare/v2.3.1...v2.3.2) (2017-04-26) + + +### Bug Fixes + +* **deps:** reduce deps size with m-f-h upgrade ([ba75461](https://github.com/npm/pacote/commit/ba75461)) + + + +<a name="2.3.1"></a> +## [2.3.1](https://github.com/npm/pacote/compare/v2.3.0...v2.3.1) (2017-04-26) + + +### Bug Fixes + +* **git:** another attempt at fixing EPERM b.s. ([e445bef](https://github.com/npm/pacote/commit/e445bef)) + + + +<a name="2.3.0"></a> +# [2.3.0](https://github.com/npm/pacote/compare/v2.2.2...v2.3.0) (2017-04-26) + + +### Bug Fixes + +* **git:** had ENOTSUP error on windows ([ee17c35](https://github.com/npm/pacote/commit/ee17c35)) +* **memoization:** actually memoize package metadata ([e2078c0](https://github.com/npm/pacote/commit/e2078c0)) + + +### Features + +* **memoization:** better packument memoization + pacote.clearMemoized() ([eb1bd4f](https://github.com/npm/pacote/commit/eb1bd4f)) + + + +<a name="2.2.2"></a> +## [2.2.2](https://github.com/npm/pacote/compare/v2.2.1...v2.2.2) (2017-04-24) + + +### Bug Fixes + +* **prefetch:** pull in new cacache + fix prefetch hasContent call ([9f476b8](https://github.com/npm/pacote/commit/9f476b8)) + + + +<a name="2.2.1"></a> +## [2.2.1](https://github.com/npm/pacote/compare/v2.2.0...v2.2.1) (2017-04-23) + + +### Bug Fixes + +* **finalize:** pass on engines/cpu/os ([0a73c78](https://github.com/npm/pacote/commit/0a73c78)) + + + +<a name="2.2.0"></a> +# [2.2.0](https://github.com/npm/pacote/compare/v2.1.2...v2.2.0) (2017-04-22) + + +### Bug Fixes + +* **git:** fix shortcut fallback order again ([5759d40](https://github.com/npm/pacote/commit/5759d40)) +* **registry:** fix infinite manifetch loop ([6c6a62b](https://github.com/npm/pacote/commit/6c6a62b)) + + +### Features + +* **manifest:** opts.fullMetadata to get unfiltered manifests ([ff2945b](https://github.com/npm/pacote/commit/ff2945b)) + + + +<a name="2.1.2"></a> +## [2.1.2](https://github.com/npm/pacote/compare/v2.1.1...v2.1.2) (2017-04-20) + + + +<a name="2.1.1"></a> +## [2.1.1](https://github.com/npm/pacote/compare/v2.1.0...v2.1.1) (2017-04-19) + + +### Bug Fixes + +* **git:** use sshurl instead of ssh for ssh clones ([ff20803](https://github.com/npm/pacote/commit/ff20803)) +* **notice:** only log npm-notice if the packument came from network ([eeeb411](https://github.com/npm/pacote/commit/eeeb411)) +* **registry:** improve 404 error messages ([6a5cbdb](https://github.com/npm/pacote/commit/6a5cbdb)) + + + +<a name="2.1.0"></a> +# [2.1.0](https://github.com/npm/pacote/compare/v2.0.5...v2.1.0) (2017-04-18) + + +### Bug Fixes + +* **cache:** bump deps for cache fixes ([9596434](https://github.com/npm/pacote/commit/9596434)) + + +### Features + +* **warn:** http warning headers now logged ([f22ce1d](https://github.com/npm/pacote/commit/f22ce1d)) + + + +<a name="2.0.5"></a> +## [2.0.5](https://github.com/npm/pacote/compare/v2.0.4...v2.0.5) (2017-04-18) + + +### Bug Fixes + +* **file:** oops, the type for these is file ([e7a3d35](https://github.com/npm/pacote/commit/e7a3d35)) + + + +<a name="2.0.4"></a> +## [2.0.4](https://github.com/npm/pacote/compare/v2.0.3...v2.0.4) (2017-04-18) + + +### Bug Fixes + +* **deps:** remove normalize-git-url ([12d464a](https://github.com/npm/pacote/commit/12d464a)) +* **git:** Correctly read in the HEAD ref after cloning ([dbe1b15](https://github.com/npm/pacote/commit/dbe1b15)) +* **git:** The full clone path doesn't have _resolved set ([ddce561](https://github.com/npm/pacote/commit/ddce561)) +* **manifest:** no _from ever ([15087c4](https://github.com/npm/pacote/commit/15087c4)) + + + +<a name="2.0.3"></a> +## [2.0.3](https://github.com/npm/pacote/compare/v2.0.2...v2.0.3) (2017-04-15) + + +### Bug Fixes + +* **manifest:** meh just shove _from in there ([4396f09](https://github.com/npm/pacote/commit/4396f09)) +* **registry:** include CI header ([86ad911](https://github.com/npm/pacote/commit/86ad911)) +* **registry:** include npm-scope header ([574cd93](https://github.com/npm/pacote/commit/574cd93)) +* **registry:** make sure to send referer header ([2d3aaac](https://github.com/npm/pacote/commit/2d3aaac)) + + + +<a name="2.0.2"></a> +## [2.0.2](https://github.com/npm/pacote/compare/v2.0.1...v2.0.2) (2017-04-15) + + +### Bug Fixes + +* **directory:** fix default pack-dir and write a test for it ([9d9266f](https://github.com/npm/pacote/commit/9d9266f)) +* **extract:** brainfart with extractByManifest fixed. lol. ([a1367fb](https://github.com/npm/pacote/commit/a1367fb)) + + + +<a name="2.0.1"></a> +## [2.0.1](https://github.com/npm/pacote/compare/v2.0.0...v2.0.1) (2017-04-15) + + +### Bug Fixes + +* **tarball:** missed the local->tarball rename ([ac42dc4](https://github.com/npm/pacote/commit/ac42dc4)) + + + +<a name="2.0.0"></a> +# [2.0.0](https://github.com/npm/pacote/compare/v1.0.0...v2.0.0) (2017-04-15) + + +### Bug Fixes + +* **api:** use npa[@5](https://github.com/5) for spec parsing (#78) ([3f56298](https://github.com/npm/pacote/commit/3f56298)) +* **deprecated:** remove underscore from manifest._deprecated ([9f4af93](https://github.com/npm/pacote/commit/9f4af93)) +* **directory:** add _resolved to directory manifests ([1d305db](https://github.com/npm/pacote/commit/1d305db)) +* **directory:** return null instead of throwing ([d35630d](https://github.com/npm/pacote/commit/d35630d)) +* **finalize:** don't try to cache manifests we can't get a good key for ([8ab1758](https://github.com/npm/pacote/commit/8ab1758)) +* **finalize:** refactored finalize-manifest code + add _integrity=false sentinel ([657b7fa](https://github.com/npm/pacote/commit/657b7fa)) +* **git:** cleaner handling of git tarball streams when caching ([11acd0a](https://github.com/npm/pacote/commit/11acd0a)) +* **git:** emit manifests from git tarball handler ([b139d4b](https://github.com/npm/pacote/commit/b139d4b)) +* **git:** fix .git exclusion, set mtime = 0 to make tarballs idempotent ([9a9fa1b](https://github.com/npm/pacote/commit/9a9fa1b)) +* **git:** fix fallback order and only fall back on hosted shortcuts ([551cb33](https://github.com/npm/pacote/commit/551cb33)) +* **git:** fix filling-out of git manifests ([95e807c](https://github.com/npm/pacote/commit/95e807c)) +* **git:** got dir packer option working with git ([7669b3e](https://github.com/npm/pacote/commit/7669b3e)) +* **headers:** nudge around some headers to make things behave ([db1e0a1](https://github.com/npm/pacote/commit/db1e0a1)) +* **manifest:** get rid of resolved-with-non-error warning ([d4d4917](https://github.com/npm/pacote/commit/d4d4917)) +* **manifest:** stop using digest for manifests ([4ddd2f5](https://github.com/npm/pacote/commit/4ddd2f5)) +* **opts:** bring opt-check up to date ([564419e](https://github.com/npm/pacote/commit/564419e)) +* **opts:** rename refreshCache to preferOnline cause much clearer ([94171d6](https://github.com/npm/pacote/commit/94171d6)) +* **prefetch:** fall back to the _integrity in the manifest if none calculated ([083ac79](https://github.com/npm/pacote/commit/083ac79)) +* **prefetch:** if there's no stream, just skip (for directory) ([714de91](https://github.com/npm/pacote/commit/714de91)) +* **registry:** fix error handling for registry tarballs ([e69539f](https://github.com/npm/pacote/commit/e69539f)) +* **registry:** nudging logging stuff around a bit ([61d62cc](https://github.com/npm/pacote/commit/61d62cc)) +* **registry:** only send auth info if tarball is hosted on the same registry ([1de5a2b](https://github.com/npm/pacote/commit/1de5a2b)) +* **registry:** redirect tarball urls to provided registry port+protocol if same host ([f50167e](https://github.com/npm/pacote/commit/f50167e)) +* **registry:** support memoizing packuments ([e7fff31](https://github.com/npm/pacote/commit/e7fff31)) +* **registry:** treat registry cache as "private" -- bumps m-f-h ([6fa1503](https://github.com/npm/pacote/commit/6fa1503)) + + +### Features + +* **directory:** implement local dir packing ([017d989](https://github.com/npm/pacote/commit/017d989)) +* **fetch:** bump make-fetch-happen for new restarts ([cf90716](https://github.com/npm/pacote/commit/cf90716)) +* **git:** support pulling in git submodules ([5825d33](https://github.com/npm/pacote/commit/5825d33)) +* **integrity:** replace http client (#72) ([189cdd2](https://github.com/npm/pacote/commit/189cdd2)) +* **prefetch:** return cache-related info on prefetch ([623b7f3](https://github.com/npm/pacote/commit/623b7f3)) +* **registry:** allow injection of request agents ([805e5ae](https://github.com/npm/pacote/commit/805e5ae)) +* **registry:** fast request pooling ([321f84b](https://github.com/npm/pacote/commit/321f84b)) +* **registry:** registry requests now follow cache spec more closely, respect Age, etc ([9e47098](https://github.com/npm/pacote/commit/9e47098)) + + +### BREAKING CHANGES + +* **api:** spec objects can no longer be realize-package-specifier objects. Pass a string or generate npa@>=5 spec objects to pass in. +* **integrity:** This PR replaces a pretty fundamental chunk of pacote. + +* Caching now follows standard-ish cache rules for http-related requests. + +* manifest() no longer includes the `_shasum` field. It's been replaced by `_integrity`, which is a Subresource Integrity hash string containing equivalent data. These strings can be parsed and managed using https://npm.im/ssri. + +* Any functions that accepted `opts.digest` and/or `opts.hashAlgorithm` now expect `opts.integrity` instead. + +* Packuments and finalized manifests are now cached using sha512. Tarballs can start using that hash (or any other more secure hash) once registries start supporting them: `packument.dist.integrity` will be prioritized over `packument.shasum`. + +* If opts.offline is used, a `ENOCACHE` error will be returned. + + + +<a name="1.0.0"></a> +# [1.0.0](https://github.com/npm/pacote/compare/v0.1.1...v1.0.0) (2017-03-17) + + +### Bug Fixes + +* **extract-stream:** adapt to tar-fs api ([aa21308](https://github.com/npm/pacote/commit/aa21308)) +* add 'use strict' to all .js files (#26) ([021bd59](https://github.com/npm/pacote/commit/021bd59)) +* **cache:** this is really a user error, so just throw ([5c9c0fa](https://github.com/npm/pacote/commit/5c9c0fa)) +* **deps:** cacache[@5](https://github.com/5).0.3 ([37cddc5](https://github.com/npm/pacote/commit/37cddc5)) +* **deps:** tar-fs[@1](https://github.com/1).15.1 ([e0d853a](https://github.com/npm/pacote/commit/e0d853a)) +* **docs:** correct fixtures table (#57) ([23d2eb4](https://github.com/npm/pacote/commit/23d2eb4)) +* **extract:** correctly detect digest cache misses ([ec6672b](https://github.com/npm/pacote/commit/ec6672b)) +* **extract:** fixed race condition ([14fd2a8](https://github.com/npm/pacote/commit/14fd2a8)) +* **finalize-manifest:** use digest to uniquify cached manifests ([931a9cb](https://github.com/npm/pacote/commit/931a9cb)) +* **http:** Fixed cache-related race condition ([b70a4b1](https://github.com/npm/pacote/commit/b70a4b1)) +* **manifest:** dir manifests should throw ENOPACKAGEJSON ([b06882d](https://github.com/npm/pacote/commit/b06882d)) +* **manifest:** ETARGET when no packages match ([ea2127d](https://github.com/npm/pacote/commit/ea2127d)) +* **manifest:** local manifest fn should return a promise ([c700622](https://github.com/npm/pacote/commit/c700622)) +* **manifest:** retry registry manifests once on ETARGET (#66) ([3b99adc](https://github.com/npm/pacote/commit/3b99adc)) +* **prefetch:** hashAlgorithm is required for hasContent ([f03d51c](https://github.com/npm/pacote/commit/f03d51c)) +* **request:** report cache write errors on end ([c102b86](https://github.com/npm/pacote/commit/c102b86)) + + +### Features + +* **api:** support pre-realized specifiers as specs (#62) ([1d5bf39](https://github.com/npm/pacote/commit/1d5bf39)) +* **cache:** grabbing info and hasContent ([a559711](https://github.com/npm/pacote/commit/a559711)) +* **deps:** minimatch[@3](https://github.com/3).0.3 ([2bb8cd5](https://github.com/npm/pacote/commit/2bb8cd5)) +* **deps:** normalize-package-data[@2](https://github.com/2).3.5 ([4250e0d](https://github.com/npm/pacote/commit/4250e0d)) +* **directory:** directory dep support (#68) ([6d5307a](https://github.com/npm/pacote/commit/6d5307a)) +* **git:** baseline git support (#69) ([6d7eaf5](https://github.com/npm/pacote/commit/6d7eaf5)) +* **handlers:** added remote tarball support (#64) ([add1808](https://github.com/npm/pacote/commit/add1808)) +* **local:** local tarball support (#67) ([e50d625](https://github.com/npm/pacote/commit/e50d625)) +* **manifest:** handle deprecation notice (#60) ([db82dae](https://github.com/npm/pacote/commit/db82dae)) +* **manifest:** standardize manifest format ([3dd9a72](https://github.com/npm/pacote/commit/3dd9a72)) +* **manifest:** switch to cacache for caching ([8ba7249](https://github.com/npm/pacote/commit/8ba7249)) +* **prefetch:** added tarball prefetch support ([26c34ce](https://github.com/npm/pacote/commit/26c34ce)) +* **request:** accept maxSockets opt ([3987807](https://github.com/npm/pacote/commit/3987807)) +* **scopes:** new scopeTargets option (#59) ([b5db7ae](https://github.com/npm/pacote/commit/b5db7ae)) + + +### Performance Improvements + +* **finalize-manifest:** cache finalized manifests ([fa3c430](https://github.com/npm/pacote/commit/fa3c430)) + + +### BREAKING CHANGES + +* **manifest:** Toplevel APIs now return Promises instead of using callbacks. diff --git a/node_modules/libnpm/node_modules/pacote/LICENSE b/node_modules/libnpm/node_modules/pacote/LICENSE new file mode 100644 index 000000000..841ef53a2 --- /dev/null +++ b/node_modules/libnpm/node_modules/pacote/LICENSE @@ -0,0 +1,21 @@ +The MIT License (MIT) +Copyright (c) Kat Marchán, npm, Inc., and Contributors + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. +IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, +DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR +OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE +OR OTHER DEALINGS IN THE SOFTWARE. + diff --git a/node_modules/libnpm/node_modules/pacote/README.md b/node_modules/libnpm/node_modules/pacote/README.md new file mode 100644 index 000000000..f29d330d8 --- /dev/null +++ b/node_modules/libnpm/node_modules/pacote/README.md @@ -0,0 +1,288 @@ +# pacote [](https://npm.im/pacote) [](https://npm.im/pacote) [](https://travis-ci.org/npm/pacote) [](https://ci.appveyor.com/project/npm/pacote) [](https://coveralls.io/github/npm/pacote?branch=latest) + +[`pacote`](https://github.com/npm/pacote) is a Node.js library for downloading +[npm](https://npmjs.org)-compatible packages. It supports all package specifier +syntax that `npm install` and its ilk support. It transparently caches anything +needed to reduce excess operations, using [`cacache`](https://npm.im/cacache). + +## Install + +`$ npm install --save pacote` + +## Table of Contents + +* [Example](#example) +* [Features](#features) +* [Contributing](#contributing) +* [API](#api) + * [`manifest`](#manifest) + * [`packument`](#packument) + * [`extract`](#extract) + * [`tarball`](#tarball) + * [`tarball.stream`](#tarball-stream) + * [`tarball.toFile`](#tarball-to-file) + * ~~[`prefetch`](#prefetch)~~ (deprecated) + * [`clearMemoized`](#clearMemoized) + * [`options`](#options) + +### Example + +```javascript +const pacote = require('pacote') + +pacote.manifest('pacote@^1').then(pkg => { + console.log('package manifest for registry pkg:', pkg) + // { "name": "pacote", "version": "1.0.0", ... } +}) + +pacote.extract('http://hi.com/pkg.tgz', './here').then(() => { + console.log('remote tarball contents extracted to ./here') +}) +``` + +### Features + +* Handles all package types [npm](https://npm.im/npm) does +* [high-performance, reliable, verified local cache](https://npm.im/cacache) +* offline mode +* authentication support (private git, private npm registries, etc) +* github, gitlab, and bitbucket-aware +* semver range support for git dependencies + +### Contributing + +The pacote team enthusiastically welcomes contributions and project participation! There's a bunch of things you can do if you want to contribute! The [Contributor Guide](CONTRIBUTING.md) has all the information you need for everything from reporting bugs to contributing entire new features. Please don't hesitate to jump in if you'd like to, or even ask us questions if something isn't clear. + +### API + +#### <a name="manifest"></a> `> pacote.manifest(spec, [opts])` + +Fetches the *manifest* for a package. Manifest objects are similar and based +on the `package.json` for that package, but with pre-processed and limited +fields. The object has the following shape: + +```javascript +{ + "name": PkgName, + "version": SemverString, + "dependencies": { PkgName: SemverString }, + "optionalDependencies": { PkgName: SemverString }, + "devDependencies": { PkgName: SemverString }, + "peerDependencies": { PkgName: SemverString }, + "bundleDependencies": false || [PkgName], + "bin": { BinName: Path }, + "_resolved": TarballSource, // different for each package type + "_integrity": SubresourceIntegrityHash, + "_shrinkwrap": null || ShrinkwrapJsonObj +} +``` + +Note that depending on the spec type, some additional fields might be present. +For example, packages from `registry.npmjs.org` have additional metadata +appended by the registry. + +##### Example + +```javascript +pacote.manifest('pacote@1.0.0').then(pkgJson => { + // fetched `package.json` data from the registry +}) +``` + +#### <a name="packument"></a> `> pacote.packument(spec, [opts])` + +Fetches the *packument* for a package. Packument objects are general metadata +about a project corresponding to registry metadata, and include version and +`dist-tag` information about a package's available versions, rather than a +specific version. It may include additional metadata not usually available +through the individual package metadata objects. + +It generally looks something like this: + +```javascript +{ + "name": PkgName, + "dist-tags": { + 'latest': VersionString, + [TagName]: VersionString, + ... + }, + "versions": { + [VersionString]: Manifest, + ... + } +} +``` + +Note that depending on the spec type, some additional fields might be present. +For example, packages from `registry.npmjs.org` have additional metadata +appended by the registry. + +##### Example + +```javascript +pacote.packument('pacote').then(pkgJson => { + // fetched package versions metadata from the registry +}) +``` + +#### <a name="extract"></a> `> pacote.extract(spec, destination, [opts])` + +Extracts package data identified by `<spec>` into a directory named +`<destination>`, which will be created if it does not already exist. + +If `opts.digest` is provided and the data it identifies is present in the cache, +`extract` will bypass most of its operations and go straight to extracting the +tarball. + +##### Example + +```javascript +pacote.extract('pacote@1.0.0', './woot', { + digest: 'deadbeef' +}).then(() => { + // Succeeds as long as `pacote@1.0.0` still exists somewhere. Network and + // other operations are bypassed entirely if `digest` is present in the cache. +}) +``` + +#### <a name="tarball"></a> `> pacote.tarball(spec, [opts])` + +Fetches package data identified by `<spec>` and returns the data as a buffer. + +This API has two variants: + +* `pacote.tarball.stream(spec, [opts])` - Same as `pacote.tarball`, except it returns a stream instead of a Promise. +* `pacote.tarball.toFile(spec, dest, [opts])` - Instead of returning data directly, data will be written directly to `dest`, and create any required directories along the way. + +##### Example + +```javascript +pacote.tarball('pacote@1.0.0', { cache: './my-cache' }).then(data => { + // data is the tarball data for pacote@1.0.0 +}) +``` + +#### <a name="tarball-stream"></a> `> pacote.tarball.stream(spec, [opts])` + +Same as `pacote.tarball`, except it returns a stream instead of a Promise. + +##### Example + +```javascript +pacote.tarball.stream('pacote@1.0.0') +.pipe(fs.createWriteStream('./pacote-1.0.0.tgz')) +``` + +#### <a name="tarball-to-file"></a> `> pacote.tarball.toFile(spec, dest, [opts])` + +Like `pacote.tarball`, but instead of returning data directly, data will be +written directly to `dest`, and create any required directories along the way. + +##### Example + +```javascript +pacote.tarball.toFile('pacote@1.0.0', './pacote-1.0.0.tgz') +.then(() => /* pacote tarball written directly to ./pacote-1.0.0.tgz */) +``` + +#### <a name="prefetch"></a> `> pacote.prefetch(spec, [opts])` + +##### THIS API IS DEPRECATED. USE `pacote.tarball()` INSTEAD + +Fetches package data identified by `<spec>`, usually for the purpose of warming +up the local package cache (with `opts.cache`). It does not return anything. + +##### Example + +```javascript +pacote.prefetch('pacote@1.0.0', { cache: './my-cache' }).then(() => { + // ./my-cache now has both the manifest and tarball for `pacote@1.0.0`. +}) +``` + +#### <a name="clearMemoized"></a> `> pacote.clearMemoized()` + +This utility function can be used to force pacote to release its references +to any memoized data in its various internal caches. It might help free +some memory. + +```javascript +pacote.manifest(...).then(() => pacote.clearMemoized) + +``` + +#### <a name="options"></a> `> options` + +`pacote` accepts [the options for +`npm-registry-fetch`](https://npm.im/npm-registry-fetch#fetch-options) as-is, +with a couple of additional `pacote-specific` ones: + +##### <a name="dirPacker"></a> `opts.dirPacker` + +* Type: Function +* Default: Uses [`npm-packlist`](https://npm.im/npm-packlist) and [`tar`](https://npm.im/tar) to make a tarball. + +Expects a function that takes a single argument, `dir`, and returns a +`ReadableStream` that outputs packaged tarball data. Used when creating tarballs +for package specs that are not already packaged, such as git and directory +dependencies. The default `opts.dirPacker` does not execute `prepare` scripts, +even though npm itself does. + +##### <a name="opts-enjoy-by"></a> `opts.enjoy-by` + +* Alias: `opts.enjoyBy`, `opts.before` +* Type: Date-able +* Default: undefined + +If passed in, will be used while resolving to filter the versions for **registry +dependencies** such that versions published **after** `opts.enjoy-by` are not +considered -- as if they'd never been published. + +##### <a name="opts-include-deprecated"></a> `opts.include-deprecated` + +* Alias: `opts.includeDeprecated` +* Type: Boolean +* Default: false + +If false, deprecated versions will be skipped when selecting from registry range +specifiers. If true, deprecations do not affect version selection. + +##### <a name="opts-full-metadata"></a> `opts.full-metadata` + +* Type: Boolean +* Default: false + +If `true`, the full packument will be fetched when doing metadata requests. By +defaul, `pacote` only fetches the summarized packuments, also called "corgis". + +##### <a name="opts-tag"></a> `opts.tag` + +* Alias: `opts.defaultTag` +* Type: String +* Default: `'latest'` + +Package version resolution tag. When processing registry spec ranges, this +option is used to determine what dist-tag to treat as "latest". For more details +about how `pacote` selects versions and how `tag` is involved, see [the +documentation for `npm-pick-manifest`](https://npm.im/npm-pick-manifest). + +##### <a name="opts-resolved"></a> `opts.resolved` + +* Type: String +* Default: null + +When fetching tarballs, this option can be passed in to skip registry metadata +lookups when downloading tarballs. If the string is a `file:` URL, pacote will +try to read the referenced local file before attempting to do any further +lookups. This option does not bypass integrity checks when `opts.integrity` is +passed in. + +##### <a name="opts-where"></a> `opts.where` + +* Type: String +* Default: null + +Passed as an argument to [`npm-package-arg`](https://npm.im/npm-package-arg) +when resolving `spec` arguments. Used to determine what path to resolve local +path specs relatively from. diff --git a/node_modules/libnpm/node_modules/pacote/extract.js b/node_modules/libnpm/node_modules/pacote/extract.js new file mode 100644 index 000000000..6ed0b18aa --- /dev/null +++ b/node_modules/libnpm/node_modules/pacote/extract.js @@ -0,0 +1,99 @@ +'use strict' + +const BB = require('bluebird') + +const extractStream = require('./lib/extract-stream.js') +const fs = require('fs') +const mkdirp = BB.promisify(require('mkdirp')) +const npa = require('npm-package-arg') +const optCheck = require('./lib/util/opt-check.js') +const path = require('path') +const rimraf = BB.promisify(require('rimraf')) +const withTarballStream = require('./lib/with-tarball-stream.js') +const inferOwner = require('infer-owner') +const chown = BB.promisify(require('chownr')) + +const truncateAsync = BB.promisify(fs.truncate) +const readFileAsync = BB.promisify(fs.readFile) +const appendFileAsync = BB.promisify(fs.appendFile) + +// you used to call me on my... +const selfOwner = process.getuid ? { + uid: process.getuid(), + gid: process.getgid() +} : { + uid: undefined, + gid: undefined +} + +module.exports = extract +function extract (spec, dest, opts) { + opts = optCheck(opts) + spec = npa(spec, opts.where) + if (spec.type === 'git' && !opts.cache) { + throw new TypeError('Extracting git packages requires a cache folder') + } + if (typeof dest !== 'string') { + throw new TypeError('Extract requires a destination') + } + const startTime = Date.now() + return inferOwner(dest).then(({ uid, gid }) => { + opts = opts.concat({ uid, gid }) + return withTarballStream(spec, opts, stream => { + return tryExtract(spec, stream, dest, opts) + }) + .then(() => { + if (!opts.resolved) { + const pjson = path.join(dest, 'package.json') + return readFileAsync(pjson, 'utf8') + .then(str => truncateAsync(pjson) + .then(() => appendFileAsync(pjson, str.replace( + /}\s*$/, + `\n,"_resolved": ${ + JSON.stringify(opts.resolved || '') + }\n,"_integrity": ${ + JSON.stringify(opts.integrity || '') + }\n,"_from": ${ + JSON.stringify(spec.toString()) + }\n}` + )))) + } + }) + .then(() => opts.log.silly( + 'extract', + `${spec} extracted to ${dest} (${Date.now() - startTime}ms)` + )) + }) +} + +function tryExtract (spec, tarStream, dest, opts) { + return new BB((resolve, reject) => { + tarStream.on('error', reject) + + rimraf(dest) + .then(() => mkdirp(dest)) + .then((made) => { + // respect the current ownership of unpack targets + // but don't try to chown if we're not root. + if (selfOwner.uid === 0 && + typeof selfOwner.gid === 'number' && + selfOwner.uid !== opts.uid && selfOwner.gid !== opts.gid) { + return chown(made || dest, opts.uid, opts.gid) + } + }) + .then(() => { + const xtractor = extractStream(spec, dest, opts) + xtractor.on('error', reject) + xtractor.on('close', resolve) + tarStream.pipe(xtractor) + }) + .catch(reject) + }) + .catch(err => { + if (err.code === 'EINTEGRITY') { + err.message = `Verification failed while extracting ${spec}:\n${err.message}` + } + + throw err + }) +} diff --git a/node_modules/libnpm/node_modules/pacote/index.js b/node_modules/libnpm/node_modules/pacote/index.js new file mode 100644 index 000000000..a0ed98759 --- /dev/null +++ b/node_modules/libnpm/node_modules/pacote/index.js @@ -0,0 +1,10 @@ +'use strict' + +module.exports = { + extract: require('./extract'), + manifest: require('./manifest'), + packument: require('./packument'), + prefetch: require('./prefetch'), + tarball: require('./tarball'), + clearMemoized: require('./lib/fetch').clearMemoized +} diff --git a/node_modules/libnpm/node_modules/pacote/lib/extract-stream.js b/node_modules/libnpm/node_modules/pacote/lib/extract-stream.js new file mode 100644 index 000000000..d967b9f89 --- /dev/null +++ b/node_modules/libnpm/node_modules/pacote/lib/extract-stream.js @@ -0,0 +1,89 @@ +'use strict' + +const Minipass = require('minipass') +const path = require('path') +const tar = require('tar') + +module.exports = extractStream +module.exports._computeMode = computeMode + +class Transformer extends Minipass { + constructor (spec, opts) { + super() + this.spec = spec + this.opts = opts + this.str = '' + } + write (data) { + this.str += data + return true + } + end () { + const replaced = this.str.replace( + /}\s*$/, + `\n,"_resolved": ${ + JSON.stringify(this.opts.resolved || '') + }\n,"_integrity": ${ + JSON.stringify(this.opts.integrity || '') + }\n,"_from": ${ + JSON.stringify(this.spec.toString()) + }\n}` + ) + super.write(replaced) + return super.end() + } +} + +function computeMode (fileMode, optMode, umask) { + return (fileMode | optMode) & ~(umask || 0) +} + +function pkgJsonTransform (spec, opts) { + return entry => { + if (entry.path === 'package.json') { + const transformed = new Transformer(spec, opts) + return transformed + } + } +} + +function extractStream (spec, dest, opts) { + opts = opts || {} + const sawIgnores = new Set() + return tar.x({ + cwd: dest, + filter: (name, entry) => !entry.header.type.match(/^.*link$/i), + strip: 1, + onwarn: msg => opts.log && opts.log.warn('tar', msg), + uid: opts.uid, + gid: opts.gid, + umask: opts.umask, + transform: opts.resolved && pkgJsonTransform(spec, opts), + onentry (entry) { + if (entry.type.toLowerCase() === 'file') { + entry.mode = computeMode(entry.mode, opts.fmode, opts.umask) + } else if (entry.type.toLowerCase() === 'directory') { + entry.mode = computeMode(entry.mode, opts.dmode, opts.umask) + } else { + entry.mode = computeMode(entry.mode, 0, opts.umask) + } + + // Note: This mirrors logic in the fs read operations that are + // employed during tarball creation, in the fstream-npm module. + // It is duplicated here to handle tarballs that are created + // using other means, such as system tar or git archive. + if (entry.type.toLowerCase() === 'file') { + const base = path.basename(entry.path) + if (base === '.npmignore') { + sawIgnores.add(entry.path) + } else if (base === '.gitignore') { + const npmignore = entry.path.replace(/\.gitignore$/, '.npmignore') + if (!sawIgnores.has(npmignore)) { + // Rename, may be clobbered later. + entry.path = npmignore + } + } + } + } + }) +} diff --git a/node_modules/libnpm/node_modules/pacote/lib/fetch.js b/node_modules/libnpm/node_modules/pacote/lib/fetch.js new file mode 100644 index 000000000..36fb6b6d3 --- /dev/null +++ b/node_modules/libnpm/node_modules/pacote/lib/fetch.js @@ -0,0 +1,82 @@ +'use strict' + +const duck = require('protoduck') + +const Fetcher = duck.define(['spec', 'opts', 'manifest'], { + packument: ['spec', 'opts'], + manifest: ['spec', 'opts'], + tarball: ['spec', 'opts'], + fromManifest: ['manifest', 'spec', 'opts'], + clearMemoized () {} +}, { name: 'Fetcher' }) +module.exports = Fetcher + +module.exports.packument = packument +function packument (spec, opts) { + const fetcher = getFetcher(spec.type) + return fetcher.packument(spec, opts) +} + +module.exports.manifest = manifest +function manifest (spec, opts) { + const fetcher = getFetcher(spec.type) + return fetcher.manifest(spec, opts) +} + +module.exports.tarball = tarball +function tarball (spec, opts) { + return getFetcher(spec.type).tarball(spec, opts) +} + +module.exports.fromManifest = fromManifest +function fromManifest (manifest, spec, opts) { + return getFetcher(spec.type).fromManifest(manifest, spec, opts) +} + +const fetchers = {} + +module.exports.clearMemoized = clearMemoized +function clearMemoized () { + Object.keys(fetchers).forEach(k => { + fetchers[k].clearMemoized() + }) +} + +function getFetcher (type) { + if (!fetchers[type]) { + // This is spelled out both to prevent sketchy stuff and to make life + // easier for bundlers/preprocessors. + switch (type) { + case 'alias': + fetchers[type] = require('./fetchers/alias') + break + case 'directory': + fetchers[type] = require('./fetchers/directory') + break + case 'file': + fetchers[type] = require('./fetchers/file') + break + case 'git': + fetchers[type] = require('./fetchers/git') + break + case 'hosted': + fetchers[type] = require('./fetchers/hosted') + break + case 'range': + fetchers[type] = require('./fetchers/range') + break + case 'remote': + fetchers[type] = require('./fetchers/remote') + break + case 'tag': + fetchers[type] = require('./fetchers/tag') + break + case 'version': + fetchers[type] = require('./fetchers/version') + break + default: + throw new Error(`Invalid dependency type requested: ${type}`) + } + } + return fetchers[type] +} diff --git a/node_modules/libnpm/node_modules/pacote/lib/fetchers/alias.js b/node_modules/libnpm/node_modules/pacote/lib/fetchers/alias.js new file mode 100644 index 000000000..f22cbb1d7 --- /dev/null +++ b/node_modules/libnpm/node_modules/pacote/lib/fetchers/alias.js @@ -0,0 +1,24 @@ +'use strict' + +const Fetcher = require('../fetch') +const fetchRegistry = require('./registry') + +const fetchRemote = module.exports = Object.create(null) + +Fetcher.impl(fetchRemote, { + packument (spec, opts) { + return fetchRegistry.packument(spec.subSpec, opts) + }, + + manifest (spec, opts) { + return fetchRegistry.manifest(spec.subSpec, opts) + }, + + tarball (spec, opts) { + return fetchRegistry.tarball(spec.subSpec, opts) + }, + + fromManifest (manifest, spec, opts) { + return fetchRegistry.fromManifest(manifest, spec.subSpec, opts) + } +}) diff --git a/node_modules/libnpm/node_modules/pacote/lib/fetchers/directory.js b/node_modules/libnpm/node_modules/pacote/lib/fetchers/directory.js new file mode 100644 index 000000000..fc9c46cd3 --- /dev/null +++ b/node_modules/libnpm/node_modules/pacote/lib/fetchers/directory.js @@ -0,0 +1,89 @@ +'use strict' + +const BB = require('bluebird') + +const Fetcher = require('../fetch') +const glob = BB.promisify(require('glob')) +const packDir = require('../util/pack-dir') +const readJson = require('../util/read-json') +const path = require('path') +const pipe = BB.promisify(require('mississippi').pipe) +const through = require('mississippi').through +const normalizePackageBin = require('npm-normalize-package-bin') + +const readFileAsync = BB.promisify(require('fs').readFile) + +const fetchDirectory = module.exports = Object.create(null) + +Fetcher.impl(fetchDirectory, { + packument (spec, opts) { + return this.manifest(spec, opts).then(manifest => { + return Object.assign({}, manifest, { + 'dist-tags': { + 'latest': manifest.version + }, + time: { + [manifest.version]: (new Date()).toISOString() + }, + versions: { + [manifest.version]: manifest + } + }) + }) + }, + // `directory` manifests come from the actual manifest/lockfile data. + manifest (spec, opts) { + const pkgPath = path.join(spec.fetchSpec, 'package.json') + const srPath = path.join(spec.fetchSpec, 'npm-shrinkwrap.json') + return BB.join( + readFileAsync(pkgPath).then(readJson).catch({ code: 'ENOENT' }, err => { + err.code = 'ENOPACKAGEJSON' + throw err + }), + readFileAsync(srPath).then(readJson).catch({ code: 'ENOENT' }, () => null), + (pkg, sr) => { + pkg._shrinkwrap = sr + pkg._hasShrinkwrap = !!sr + pkg._resolved = spec.fetchSpec + pkg._integrity = false // Don't auto-calculate integrity + pkg._shasum = false // Don't auto-calculate shasum either + return pkg + } + ).then(pkg => { + if (!pkg.bin && pkg.directories && pkg.directories.bin) { + const dirBin = pkg.directories.bin + return glob(path.join(spec.fetchSpec, dirBin, '/**'), { nodir: true }).then(matches => { + matches.forEach(filePath => { + const relative = path.relative(spec.fetchSpec, filePath) + if (relative && relative[0] !== '.') { + if (!pkg.bin) { pkg.bin = {} } + pkg.bin[path.basename(relative)] = relative + } + }) + }).then(() => pkg) + } else { + return pkg + } + }).then(pkg => normalizePackageBin(pkg)) + }, + + // As of npm@5, the npm installer doesn't pack + install directories: it just + // creates symlinks. This code is here because `npm pack` still needs the + // ability to create a tarball from a local directory. + tarball (spec, opts) { + const stream = through() + this.manifest(spec, opts).then(mani => { + return pipe(this.fromManifest(mani, spec, opts), stream) + }).catch(err => stream.emit('error', err)) + return stream + }, + + // `directory` tarballs are generated in a very similar way to git tarballs. + fromManifest (manifest, spec, opts) { + const stream = through() + packDir(manifest, manifest._resolved, manifest._resolved, stream, opts).catch(err => { + stream.emit('error', err) + }) + return stream + } +}) diff --git a/node_modules/libnpm/node_modules/pacote/lib/fetchers/file.js b/node_modules/libnpm/node_modules/pacote/lib/fetchers/file.js new file mode 100644 index 000000000..a58e32913 --- /dev/null +++ b/node_modules/libnpm/node_modules/pacote/lib/fetchers/file.js @@ -0,0 +1,78 @@ +'use strict' + +const BB = require('bluebird') + +const cacache = require('cacache') +const Fetcher = require('../fetch') +const fs = require('fs') +const pipe = BB.promisify(require('mississippi').pipe) +const through = require('mississippi').through + +const readFileAsync = BB.promisify(fs.readFile) +const statAsync = BB.promisify(fs.stat) + +const MAX_BULK_SIZE = 2 * 1024 * 1024 // 2MB + +// `file` packages refer to local tarball files. +const fetchFile = module.exports = Object.create(null) + +Fetcher.impl(fetchFile, { + packument (spec, opts) { + return BB.reject(new Error('Not implemented yet')) + }, + + manifest (spec, opts) { + // We can't do much here. `finalizeManifest` will take care of + // calling `tarball` to fill out all the necessary details. + return BB.resolve(null) + }, + + // All the heavy lifting for `file` packages is done here. + // They're never cached. We just read straight out of the file. + // TODO - maybe they *should* be cached? + tarball (spec, opts) { + const src = spec._resolved || spec.fetchSpec + const stream = through() + statAsync(src).then(stat => { + if (spec._resolved) { stream.emit('manifest', spec) } + if (stat.size <= MAX_BULK_SIZE) { + // YAY LET'S DO THING IN BULK + return readFileAsync(src).then(data => { + if (opts.cache) { + return cacache.put( + opts.cache, `pacote:tarball:file:${src}`, data, { + integrity: opts.integrity + } + ).then(integrity => ({ data, integrity })) + } else { + return { data } + } + }).then(info => { + if (info.integrity) { stream.emit('integrity', info.integrity) } + stream.write(info.data, () => { + stream.end() + }) + }) + } else { + let integrity + const cacheWriter = !opts.cache + ? BB.resolve(null) + : (pipe( + fs.createReadStream(src), + cacache.put.stream(opts.cache, `pacote:tarball:${src}`, { + integrity: opts.integrity + }).on('integrity', d => { integrity = d }) + )) + return cacheWriter.then(() => { + if (integrity) { stream.emit('integrity', integrity) } + return pipe(fs.createReadStream(src), stream) + }) + } + }).catch(err => stream.emit('error', err)) + return stream + }, + + fromManifest (manifest, spec, opts) { + return this.tarball(manifest || spec, opts) + } +}) diff --git a/node_modules/libnpm/node_modules/pacote/lib/fetchers/git.js b/node_modules/libnpm/node_modules/pacote/lib/fetchers/git.js new file mode 100644 index 000000000..a1579d1f9 --- /dev/null +++ b/node_modules/libnpm/node_modules/pacote/lib/fetchers/git.js @@ -0,0 +1,178 @@ +'use strict' + +const BB = require('bluebird') + +const cacache = require('cacache') +const cacheKey = require('../util/cache-key') +const Fetcher = require('../fetch') +const git = require('../util/git') +const mkdirp = BB.promisify(require('mkdirp')) +const pickManifest = require('npm-pick-manifest') +const optCheck = require('../util/opt-check') +const osenv = require('osenv') +const packDir = require('../util/pack-dir') +const PassThrough = require('stream').PassThrough +const path = require('path') +const pipe = BB.promisify(require('mississippi').pipe) +const rimraf = BB.promisify(require('rimraf')) +const uniqueFilename = require('unique-filename') + +// `git` dependencies are fetched from git repositories and packed up. +const fetchGit = module.exports = Object.create(null) + +Fetcher.impl(fetchGit, { + packument (spec, opts) { + return BB.reject(new Error('Not implemented yet.')) + }, + + manifest (spec, opts) { + opts = optCheck(opts) + if (spec.hosted && spec.hosted.getDefaultRepresentation() === 'shortcut') { + return hostedManifest(spec, opts) + } else { + // If it's not a shortcut, don't do fallbacks. + return plainManifest(spec.fetchSpec, spec, opts) + } + }, + + tarball (spec, opts) { + opts = optCheck(opts) + const stream = new PassThrough() + this.manifest(spec, opts).then(manifest => { + stream.emit('manifest', manifest) + return pipe( + this.fromManifest( + manifest, spec, opts + ).on('integrity', i => stream.emit('integrity', i)), stream + ) + }).catch(err => stream.emit('error', err)) + return stream + }, + + fromManifest (manifest, spec, opts) { + opts = optCheck(opts) + let streamError + const stream = new PassThrough().on('error', e => { streamError = e }) + const cacheName = manifest._uniqueResolved || manifest._resolved || '' + const cacheStream = ( + opts.cache && + cacache.get.stream( + opts.cache, cacheKey('packed-dir', cacheName), opts + ).on('integrity', i => stream.emit('integrity', i)) + ) + cacheStream.pipe(stream) + cacheStream.on('error', err => { + if (err.code !== 'ENOENT') { + return stream.emit('error', err) + } else { + stream.emit('reset') + return withTmp(opts, tmp => { + if (streamError) { throw streamError } + return cloneRepo( + spec, manifest._repo, manifest._ref, manifest._rawRef, tmp, opts + ).then(HEAD => { + if (streamError) { throw streamError } + manifest._resolved = spec.saveSpec.replace(/(:?#.*)?$/, `#${HEAD}`) + manifest._uniqueResolved = manifest._resolved + return packDir(manifest, manifest._uniqueResolved, tmp, stream, opts) + }) + }).catch(err => stream.emit('error', err)) + } + }) + return stream + } +}) + +function hostedManifest (spec, opts) { + return BB.resolve(null).then(() => { + if (!spec.hosted.git()) { + throw new Error(`No git url for ${spec}`) + } + return plainManifest(spec.hosted.git(), spec, opts) + }).catch(err => { + if (!spec.hosted.https()) { + throw err + } + return plainManifest(spec.hosted.https(), spec, opts) + }).catch(err => { + if (!spec.hosted.sshurl()) { + throw err + } + return plainManifest(spec.hosted.sshurl(), spec, opts) + }) +} + +function plainManifest (repo, spec, opts) { + const rawRef = spec.gitCommittish || spec.gitRange + return resolve( + repo, spec, spec.name, opts + ).then(ref => { + if (ref) { + const resolved = spec.saveSpec.replace(/(?:#.*)?$/, `#${ref.sha}`) + return { + _repo: repo, + _resolved: resolved, + _spec: spec, + _ref: ref, + _rawRef: spec.gitCommittish || spec.gitRange, + _uniqueResolved: resolved, + _integrity: false, + _shasum: false + } + } else { + // We're SOL and need a full clone :( + // + // If we're confident enough that `rawRef` is a commit SHA, + // then we can at least get `finalize-manifest` to cache its result. + const resolved = spec.saveSpec.replace(/(?:#.*)?$/, rawRef ? `#${rawRef}` : '') + return { + _repo: repo, + _rawRef: rawRef, + _resolved: rawRef && rawRef.match(/^[a-f0-9]{40}$/) && resolved, + _uniqueResolved: rawRef && rawRef.match(/^[a-f0-9]{40}$/) && resolved, + _integrity: false, + _shasum: false + } + } + }) +} + +function resolve (url, spec, name, opts) { + const isSemver = !!spec.gitRange + return git.revs(url, opts).then(remoteRefs => { + return isSemver + ? pickManifest({ + versions: remoteRefs.versions, + 'dist-tags': remoteRefs['dist-tags'], + name: name + }, spec.gitRange, opts) + : remoteRefs + ? BB.resolve( + remoteRefs.refs[spec.gitCommittish] || remoteRefs.refs[remoteRefs.shas[spec.gitCommittish]] + ) + : null + }) +} + +function withTmp (opts, cb) { + if (opts.cache) { + // cacache has a special facility for working in a tmp dir + return cacache.tmp.withTmp(opts.cache, { tmpPrefix: 'git-clone' }, cb) + } else { + const tmpDir = path.join(osenv.tmpdir(), 'pacote-git-tmp') + const tmpName = uniqueFilename(tmpDir, 'git-clone') + const tmp = mkdirp(tmpName).then(() => tmpName).disposer(rimraf) + return BB.using(tmp, cb) + } +} + +// Only certain whitelisted hosted gits support shadow cloning +const SHALLOW_HOSTS = new Set(['github', 'gist', 'gitlab', 'bitbucket']) +function cloneRepo (spec, repo, resolvedRef, rawRef, tmp, opts) { + const ref = resolvedRef ? resolvedRef.ref : rawRef + if (resolvedRef && spec.hosted && SHALLOW_HOSTS.has(spec.hosted.type)) { + return git.shallow(repo, ref, tmp, opts) + } else { + return git.clone(repo, ref, tmp, opts) + } +} diff --git a/node_modules/libnpm/node_modules/pacote/lib/fetchers/hosted.js b/node_modules/libnpm/node_modules/pacote/lib/fetchers/hosted.js new file mode 100644 index 000000000..d41793c81 --- /dev/null +++ b/node_modules/libnpm/node_modules/pacote/lib/fetchers/hosted.js @@ -0,0 +1,3 @@ +'use strict' + +module.exports = require('./git') diff --git a/node_modules/libnpm/node_modules/pacote/lib/fetchers/range.js b/node_modules/libnpm/node_modules/pacote/lib/fetchers/range.js new file mode 100644 index 000000000..9f172e986 --- /dev/null +++ b/node_modules/libnpm/node_modules/pacote/lib/fetchers/range.js @@ -0,0 +1,3 @@ +'use strict' + +module.exports = require('./registry') diff --git a/node_modules/libnpm/node_modules/pacote/lib/fetchers/registry/index.js b/node_modules/libnpm/node_modules/pacote/lib/fetchers/registry/index.js new file mode 100644 index 000000000..2cca7040b --- /dev/null +++ b/node_modules/libnpm/node_modules/pacote/lib/fetchers/registry/index.js @@ -0,0 +1,32 @@ +'use strict' + +const cacache = require('cacache') +const Fetcher = require('../../fetch') +const regManifest = require('./manifest') +const regPackument = require('./packument') +const regTarball = require('./tarball') + +const fetchRegistry = module.exports = Object.create(null) + +Fetcher.impl(fetchRegistry, { + packument (spec, opts) { + return regPackument(spec, opts) + }, + + manifest (spec, opts) { + return regManifest(spec, opts) + }, + + tarball (spec, opts) { + return regTarball(spec, opts) + }, + + fromManifest (manifest, spec, opts) { + return regTarball.fromManifest(manifest, spec, opts) + }, + + clearMemoized () { + cacache.clearMemoized() + regPackument.clearMemoized() + } +}) diff --git a/node_modules/libnpm/node_modules/pacote/lib/fetchers/registry/manifest.js b/node_modules/libnpm/node_modules/pacote/lib/fetchers/registry/manifest.js new file mode 100644 index 000000000..00deb13af --- /dev/null +++ b/node_modules/libnpm/node_modules/pacote/lib/fetchers/registry/manifest.js @@ -0,0 +1,81 @@ +'use strict' + +const fetch = require('npm-registry-fetch') +const fetchPackument = require('./packument') +const optCheck = require('../../util/opt-check') +const pickManifest = require('npm-pick-manifest') +const ssri = require('ssri') + +module.exports = manifest +function manifest (spec, opts) { + opts = optCheck(opts) + + return getManifest(spec, opts).then(manifest => { + return annotateManifest(spec, manifest, opts) + }) +} + +function getManifest (spec, opts) { + opts = opts.concat({ + fullMetadata: opts.enjoyBy ? true : opts.fullMetadata + }) + return fetchPackument(spec, opts).then(packument => { + try { + return pickManifest(packument, spec.fetchSpec, { + defaultTag: opts.defaultTag, + enjoyBy: opts.enjoyBy, + includeDeprecated: opts.includeDeprecated + }) + } catch (err) { + if ((err.code === 'ETARGET' || err.code === 'E403') && packument._cached && !opts.offline) { + opts.log.silly( + 'registry:manifest', + `no matching version for ${spec.name}@${spec.fetchSpec} in the cache. Forcing revalidation.` + ) + opts = opts.concat({ + preferOffline: false, + preferOnline: true + }) + return fetchPackument(spec, opts.concat({ + // Fetch full metadata in case ETARGET was due to corgi delay + fullMetadata: true + })).then(packument => { + return pickManifest(packument, spec.fetchSpec, { + defaultTag: opts.defaultTag, + enjoyBy: opts.enjoyBy + }) + }) + } else { + throw err + } + } + }) +} + +function annotateManifest (spec, manifest, opts) { + const shasum = manifest.dist && manifest.dist.shasum + manifest._integrity = manifest.dist && manifest.dist.integrity + manifest._shasum = shasum + if (!manifest._integrity && shasum) { + // Use legacy dist.shasum field if available. + manifest._integrity = ssri.fromHex(shasum, 'sha1').toString() + } + manifest._resolved = ( + manifest.dist && manifest.dist.tarball + ) + if (!manifest._resolved) { + const registry = fetch.pickRegistry(spec, opts) + const uri = registry.replace(/\/?$/, '/') + spec.escapedName + + const err = new Error( + `Manifest for ${manifest.name}@${manifest.version} from ${uri} is missing a tarball url (pkg.dist.tarball). Guessing a default.` + ) + err.code = 'ENOTARBALL' + err.manifest = manifest + if (!manifest._warnings) { manifest._warnings = [] } + manifest._warnings.push(err.message) + manifest._resolved = + `${registry}/${manifest.name}/-/${manifest.name}-${manifest.version}.tgz` + } + return manifest +} diff --git a/node_modules/libnpm/node_modules/pacote/lib/fetchers/registry/packument.js b/node_modules/libnpm/node_modules/pacote/lib/fetchers/registry/packument.js new file mode 100644 index 000000000..f5286c803 --- /dev/null +++ b/node_modules/libnpm/node_modules/pacote/lib/fetchers/registry/packument.js @@ -0,0 +1,92 @@ +'use strict' + +const BB = require('bluebird') + +const fetch = require('npm-registry-fetch') +const LRU = require('lru-cache') +const optCheck = require('../../util/opt-check') + +// Corgis are cute. 🐕🐶 +const CORGI_DOC = 'application/vnd.npm.install-v1+json; q=1.0, application/json; q=0.8, */*' +const JSON_DOC = 'application/json' + +module.exports = packument +function packument (spec, opts) { + opts = optCheck(opts) + + const registry = fetch.pickRegistry(spec, opts) + const uri = registry.replace(/\/?$/, '/') + spec.escapedName + + return fetchPackument(uri, registry, spec, opts) +} + +const MEMO = new LRU({ + length: m => m._contentLength, + max: 200 * 1024 * 1024, // 200MB + maxAge: 30 * 1000 // 30s +}) + +module.exports.clearMemoized = clearMemoized +function clearMemoized () { + MEMO.reset() +} + +function fetchPackument (uri, registry, spec, opts) { + const mem = pickMem(opts) + const accept = opts.fullMetadata ? JSON_DOC : CORGI_DOC + const memoKey = `${uri}~(${accept})` + if (mem && !opts.preferOnline && mem.has(memoKey)) { + return BB.resolve(mem.get(memoKey)) + } + + return fetch(uri, opts.concat({ + headers: { + 'pacote-req-type': 'packument', + 'pacote-pkg-id': `registry:${spec.name}`, + accept + }, + spec + }, opts, { + // Force integrity to null: we never check integrity hashes for manifests + integrity: null + })).then(res => res.json().then(packument => { + packument._cached = res.headers.has('x-local-cache') + packument._contentLength = +res.headers.get('content-length') + // NOTE - we need to call pickMem again because proxy + // objects get reused! + const mem = pickMem(opts) + if (mem) { + mem.set(memoKey, packument) + } + return packument + })).catch(err => { + if (err.code === 'E404' && !opts.fullMetadata) { + return fetchPackument(uri, registry, spec, opts.concat({ + fullMetadata: true + })) + } else { + throw err + } + }) +} + +class ObjProxy { + get (key) { return this.obj[key] } + set (key, val) { this.obj[key] = val } +} + +// This object is used synchronously and immediately, so +// we can safely reuse it instead of consing up new ones +const PROX = new ObjProxy() +function pickMem (opts) { + if (!opts || !opts.memoize) { + return MEMO + } else if (opts.memoize.get && opts.memoize.set) { + return opts.memoize + } else if (typeof opts.memoize === 'object') { + PROX.obj = opts.memoize + return PROX + } else { + return null + } +} diff --git a/node_modules/libnpm/node_modules/pacote/lib/fetchers/registry/tarball.js b/node_modules/libnpm/node_modules/pacote/lib/fetchers/registry/tarball.js new file mode 100644 index 000000000..134153280 --- /dev/null +++ b/node_modules/libnpm/node_modules/pacote/lib/fetchers/registry/tarball.js @@ -0,0 +1,102 @@ +'use strict' + +const BB = require('bluebird') + +const fetch = require('npm-registry-fetch') +const manifest = require('./manifest') +const optCheck = require('../../util/opt-check') +const PassThrough = require('stream').PassThrough +const ssri = require('ssri') +const url = require('url') + +module.exports = tarball +function tarball (spec, opts) { + opts = optCheck(opts) + const registry = fetch.pickRegistry(spec, opts) + const stream = new PassThrough() + let mani + if ( + opts.resolved && + // spec.type === 'version' && + opts.resolved.indexOf(registry) === 0 + ) { + // fakeChild is a shortcut to avoid looking up a manifest! + mani = BB.resolve({ + name: spec.name, + version: spec.fetchSpec, + _integrity: opts.integrity, + _resolved: opts.resolved, + _fakeChild: true + }) + } else { + // We can't trust opts.resolved if it's going to a separate host. + mani = manifest(spec, opts) + } + + mani.then(mani => { + !mani._fakeChild && stream.emit('manifest', mani) + const fetchStream = fromManifest(mani, spec, opts).on( + 'integrity', i => stream.emit('integrity', i) + ) + fetchStream.on('error', err => stream.emit('error', err)) + fetchStream.pipe(stream) + return null + }).catch(err => stream.emit('error', err)) + return stream +} + +module.exports.fromManifest = fromManifest +function fromManifest (manifest, spec, opts) { + opts = optCheck(opts) + if (spec.scope) { opts = opts.concat({ scope: spec.scope }) } + const stream = new PassThrough() + const registry = fetch.pickRegistry(spec, opts) + const uri = getTarballUrl(spec, registry, manifest, opts) + fetch(uri, opts.concat({ + headers: { + 'pacote-req-type': 'tarball', + 'pacote-pkg-id': `registry:${manifest.name}@${uri}` + }, + integrity: manifest._integrity, + algorithms: [ + manifest._integrity + ? ssri.parse(manifest._integrity).pickAlgorithm() + : 'sha1' + ], + spec + }, opts)) + .then(res => { + const hash = res.headers.get('x-local-cache-hash') + if (hash) { + stream.emit('integrity', decodeURIComponent(hash)) + } + res.body.on('error', err => stream.emit('error', err)) + res.body.pipe(stream) + return null + }) + .catch(err => stream.emit('error', err)) + return stream +} + +function getTarballUrl (spec, registry, mani, opts) { + const reg = url.parse(registry) + const tarball = url.parse(mani._resolved) + // https://github.com/npm/npm/pull/9471 + // + // TL;DR: Some alternative registries host tarballs on http and packuments + // on https, and vice-versa. There's also a case where people who can't use + // SSL to access the npm registry, for example, might use + // `--registry=http://registry.npmjs.org/`. In this case, we need to + // rewrite `tarball` to match the protocol. + // + if (reg.hostname === tarball.hostname && reg.protocol !== tarball.protocol) { + tarball.protocol = reg.protocol + // Ports might be same host different protocol! + if (reg.port !== tarball.port) { + delete tarball.host + tarball.port = reg.port + } + delete tarball.href + } + return url.format(tarball) +} diff --git a/node_modules/libnpm/node_modules/pacote/lib/fetchers/remote.js b/node_modules/libnpm/node_modules/pacote/lib/fetchers/remote.js new file mode 100644 index 000000000..8941f9938 --- /dev/null +++ b/node_modules/libnpm/node_modules/pacote/lib/fetchers/remote.js @@ -0,0 +1,34 @@ +'use strict' + +const BB = require('bluebird') + +const Fetcher = require('../fetch') +const fetchRegistry = require('./registry') + +const fetchRemote = module.exports = Object.create(null) + +Fetcher.impl(fetchRemote, { + packument (spec, opts) { + return BB.reject(new Error('Not implemented yet')) + }, + + manifest (spec, opts) { + // We can't get the manifest for a remote tarball until + // we extract the tarball itself. + // `finalize-manifest` takes care of this process of extracting + // a manifest based on ./tarball.js + return BB.resolve(null) + }, + + tarball (spec, opts) { + const uri = spec._resolved || spec.fetchSpec + return fetchRegistry.fromManifest({ + _resolved: uri, + _integrity: opts.integrity + }, spec, opts) + }, + + fromManifest (manifest, spec, opts) { + return this.tarball(manifest || spec, opts) + } +}) diff --git a/node_modules/libnpm/node_modules/pacote/lib/fetchers/tag.js b/node_modules/libnpm/node_modules/pacote/lib/fetchers/tag.js new file mode 100644 index 000000000..9f172e986 --- /dev/null +++ b/node_modules/libnpm/node_modules/pacote/lib/fetchers/tag.js @@ -0,0 +1,3 @@ +'use strict' + +module.exports = require('./registry') diff --git a/node_modules/libnpm/node_modules/pacote/lib/fetchers/version.js b/node_modules/libnpm/node_modules/pacote/lib/fetchers/version.js new file mode 100644 index 000000000..9f172e986 --- /dev/null +++ b/node_modules/libnpm/node_modules/pacote/lib/fetchers/version.js @@ -0,0 +1,3 @@ +'use strict' + +module.exports = require('./registry') diff --git a/node_modules/libnpm/node_modules/pacote/lib/finalize-manifest.js b/node_modules/libnpm/node_modules/pacote/lib/finalize-manifest.js new file mode 100644 index 000000000..80b9cda73 --- /dev/null +++ b/node_modules/libnpm/node_modules/pacote/lib/finalize-manifest.js @@ -0,0 +1,248 @@ +'use strict' + +const BB = require('bluebird') + +const cacache = require('cacache') +const cacheKey = require('./util/cache-key') +const fetchFromManifest = require('./fetch').fromManifest +const finished = require('./util/finished') +const minimatch = require('minimatch') +const normalize = require('normalize-package-data') +const optCheck = require('./util/opt-check') +const path = require('path') +const pipe = BB.promisify(require('mississippi').pipe) +const ssri = require('ssri') +const tar = require('tar') +const readJson = require('./util/read-json') +const normalizePackageBin = require('npm-normalize-package-bin') + +// `finalizeManifest` takes as input the various kinds of manifests that +// manifest handlers ('lib/fetchers/*.js#manifest()') return, and makes sure +// they are: +// +// * filled out with any required data that the handler couldn't fill in +// * formatted consistently +// * cached so we don't have to repeat this work more than necessary +// +// The biggest thing this package might do is do a full tarball extraction in +// order to find missing bits of metadata required by the npm installer. For +// example, it will fill in `_shrinkwrap`, `_integrity`, and other details that +// the plain manifest handlers would require a tarball to fill out. If a +// handler returns everything necessary, this process is skipped. +// +// If we get to the tarball phase, the corresponding tarball handler for the +// requested type will be invoked and the entire tarball will be read from the +// stream. +// +module.exports = finalizeManifest +function finalizeManifest (pkg, spec, opts) { + const key = finalKey(pkg, spec) + opts = optCheck(opts) + + const cachedManifest = (opts.cache && key && !opts.preferOnline && !opts.fullMetadata && !opts.enjoyBy) + ? cacache.get.info(opts.cache, key, opts) + : BB.resolve(null) + + return cachedManifest.then(cached => { + if (cached && cached.metadata && cached.metadata.manifest) { + return new Manifest(cached.metadata.manifest) + } else { + return tarballedProps(pkg, spec, opts).then(props => { + return pkg && pkg.name + ? new Manifest(pkg, props, opts.fullMetadata) + : new Manifest(props, null, opts.fullMetadata) + }).then(manifest => { + const cacheKey = key || finalKey(manifest, spec) + if (!opts.cache || !cacheKey) { + return manifest + } else { + return cacache.put( + opts.cache, cacheKey, '.', { + metadata: { + id: manifest._id, + manifest, + type: 'finalized-manifest' + } + } + ).then(() => manifest) + } + }) + } + }) +} + +module.exports.Manifest = Manifest +function Manifest (pkg, fromTarball, fullMetadata) { + fromTarball = fromTarball || {} + if (fullMetadata) { + Object.assign(this, pkg) + } + this.name = pkg.name + this.version = pkg.version + this.engines = pkg.engines || fromTarball.engines + this.cpu = pkg.cpu || fromTarball.cpu + this.os = pkg.os || fromTarball.os + this.dependencies = pkg.dependencies || {} + this.optionalDependencies = pkg.optionalDependencies || {} + this.peerDependenciesMeta = pkg.peerDependenciesMeta || {} + this.devDependencies = pkg.devDependencies || {} + const bundled = ( + pkg.bundledDependencies || + pkg.bundleDependencies || + false + ) + this.bundleDependencies = bundled + this.peerDependencies = pkg.peerDependencies || {} + this.deprecated = pkg.deprecated || false + + // These depend entirely on each handler + this._resolved = pkg._resolved + + // Not all handlers (or registries) provide these out of the box, + // and if they don't, we need to extract and read the tarball ourselves. + // These are details required by the installer. + this._integrity = pkg._integrity || fromTarball._integrity || null + this._shasum = pkg._shasum || fromTarball._shasum || null + this._shrinkwrap = pkg._shrinkwrap || fromTarball._shrinkwrap || null + this.bin = pkg.bin || fromTarball.bin || null + + // turn arrays and strings into a legit object, strip out bad stuff + normalizePackageBin(this) + + this._id = null + + // TODO - freezing and inextensibility pending npm changes. See test suite. + // Object.preventExtensions(this) + normalize(this) + + // I don't want this why did you give it to me. Go away. 🔥🔥🔥🔥 + delete this.readme + + // Object.freeze(this) +} + +// Some things aren't filled in by standard manifest fetching. +// If this function needs to do its work, it will grab the +// package tarball, extract it, and take whatever it needs +// from the stream. +function tarballedProps (pkg, spec, opts) { + const needsShrinkwrap = (!pkg || ( + pkg._hasShrinkwrap !== false && + !pkg._shrinkwrap + )) + const needsBin = !!(!pkg || ( + !pkg.bin && + pkg.directories && + pkg.directories.bin + )) + const needsIntegrity = !pkg || (!pkg._integrity && pkg._integrity !== false) + const needsShasum = !pkg || (!pkg._shasum && pkg._shasum !== false) + const needsHash = needsIntegrity || needsShasum + const needsManifest = !pkg || !pkg.name + const needsExtract = needsShrinkwrap || needsBin || needsManifest + if (!needsShrinkwrap && !needsBin && !needsHash && !needsManifest) { + return BB.resolve({}) + } else { + opts = optCheck(opts) + const tarStream = fetchFromManifest(pkg, spec, opts) + const extracted = needsExtract && new tar.Parse() + return BB.join( + needsShrinkwrap && jsonFromStream('npm-shrinkwrap.json', extracted), + needsManifest && jsonFromStream('package.json', extracted), + needsBin && getPaths(extracted), + needsHash && ssri.fromStream(tarStream, { algorithms: ['sha1', 'sha512'] }), + needsExtract && pipe(tarStream, extracted), + (sr, mani, paths, hash) => { + if (needsManifest && !mani) { + const err = new Error(`Non-registry package missing package.json: ${spec}.`) + err.code = 'ENOPACKAGEJSON' + throw err + } + const extraProps = mani || {} + delete extraProps._resolved + // drain out the rest of the tarball + tarStream.resume() + // if we have directories.bin, we need to collect any matching files + // to add to bin + if (paths && paths.length) { + const dirBin = mani + ? (mani && mani.directories && mani.directories.bin) + : (pkg && pkg.directories && pkg.directories.bin) + if (dirBin) { + extraProps.bin = {} + paths.forEach(filePath => { + if (minimatch(filePath, dirBin + '/**')) { + const relative = path.relative(dirBin, filePath) + if (relative && relative[0] !== '.') { + extraProps.bin[path.basename(relative)] = path.join(dirBin, relative) + } + } + }) + } + } + return Object.assign(extraProps, { + _shrinkwrap: sr, + _resolved: (mani && mani._resolved) || + (pkg && pkg._resolved) || + spec.fetchSpec, + _integrity: needsIntegrity && hash && hash.sha512 && hash.sha512[0].toString(), + _shasum: needsShasum && hash && hash.sha1 && hash.sha1[0].hexDigest() + }) + } + ) + } +} + +function jsonFromStream (filename, dataStream) { + return BB.fromNode(cb => { + dataStream.on('error', cb) + dataStream.on('close', cb) + dataStream.on('entry', entry => { + const filePath = entry.header.path.replace(/[^/]+\//, '') + if (filePath !== filename) { + entry.resume() + } else { + let data = '' + entry.on('error', cb) + finished(entry).then(() => { + try { + cb(null, readJson(data)) + } catch (err) { + cb(err) + } + }, err => { + cb(err) + }) + entry.on('data', d => { data += d }) + } + }) + }) +} + +function getPaths (dataStream) { + return BB.fromNode(cb => { + let paths = [] + dataStream.on('error', cb) + dataStream.on('close', () => cb(null, paths)) + dataStream.on('entry', function handler (entry) { + const filePath = entry.header.path.replace(/[^/]+\//, '') + entry.resume() + paths.push(filePath) + }) + }) +} + +function finalKey (pkg, spec) { + if (pkg && pkg._uniqueResolved) { + // git packages have a unique, identifiable id, but no tar sha + return cacheKey(`${spec.type}-manifest`, pkg._uniqueResolved) + } else { + return ( + pkg && pkg._integrity && + cacheKey( + `${spec.type}-manifest`, + `${pkg._resolved}:${ssri.stringify(pkg._integrity)}` + ) + ) + } +} diff --git a/node_modules/libnpm/node_modules/pacote/lib/util/cache-key.js b/node_modules/libnpm/node_modules/pacote/lib/util/cache-key.js new file mode 100644 index 000000000..157e60b0d --- /dev/null +++ b/node_modules/libnpm/node_modules/pacote/lib/util/cache-key.js @@ -0,0 +1,6 @@ +'use strict' + +module.exports = cacheKey +function cacheKey (type, identifier) { + return ['pacote', type, identifier].join(':') +} diff --git a/node_modules/libnpm/node_modules/pacote/lib/util/finished.js b/node_modules/libnpm/node_modules/pacote/lib/util/finished.js new file mode 100644 index 000000000..6dadc8b5b --- /dev/null +++ b/node_modules/libnpm/node_modules/pacote/lib/util/finished.js @@ -0,0 +1,17 @@ +'use strict' + +const BB = require('bluebird') + +module.exports = function (child, hasExitCode = false) { + return BB.fromNode(function (cb) { + child.on('error', cb) + child.on(hasExitCode ? 'close' : 'end', function (exitCode) { + if (exitCode === undefined || exitCode === 0) { + cb() + } else { + let err = new Error('exited with error code: ' + exitCode) + cb(err) + } + }) + }) +} diff --git a/node_modules/libnpm/node_modules/pacote/lib/util/git.js b/node_modules/libnpm/node_modules/pacote/lib/util/git.js new file mode 100644 index 000000000..7642eb2c8 --- /dev/null +++ b/node_modules/libnpm/node_modules/pacote/lib/util/git.js @@ -0,0 +1,292 @@ +'use strict' + +const BB = require('bluebird') + +const cp = require('child_process') +const execFileAsync = BB.promisify(cp.execFile, { + multiArgs: true +}) +const finished = require('./finished') +const LRU = require('lru-cache') +const optCheck = require('./opt-check') +const osenv = require('osenv') +const path = require('path') +const pinflight = require('promise-inflight') +const promiseRetry = require('promise-retry') +const uniqueFilename = require('unique-filename') +const which = BB.promisify(require('which')) +const semver = require('semver') +const inferOwner = require('infer-owner') + +const GOOD_ENV_VARS = new Set([ + 'GIT_ASKPASS', + 'GIT_EXEC_PATH', + 'GIT_PROXY_COMMAND', + 'GIT_SSH', + 'GIT_SSH_COMMAND', + 'GIT_SSL_CAINFO', + 'GIT_SSL_NO_VERIFY' +]) + +const GIT_TRANSIENT_ERRORS = [ + 'remote error: Internal Server Error', + 'The remote end hung up unexpectedly', + 'Connection timed out', + 'Operation timed out', + 'Failed to connect to .* Timed out', + 'Connection reset by peer', + 'SSL_ERROR_SYSCALL', + 'The requested URL returned error: 503' +].join('|') + +const GIT_TRANSIENT_ERROR_RE = new RegExp(GIT_TRANSIENT_ERRORS) + +const GIT_TRANSIENT_ERROR_MAX_RETRY_NUMBER = 3 + +function shouldRetry (error, number) { + return GIT_TRANSIENT_ERROR_RE.test(error) && (number < GIT_TRANSIENT_ERROR_MAX_RETRY_NUMBER) +} + +const GIT_ = 'GIT_' +let GITENV +function gitEnv () { + if (GITENV) { return GITENV } + const tmpDir = path.join(osenv.tmpdir(), 'pacote-git-template-tmp') + const tmpName = uniqueFilename(tmpDir, 'git-clone') + GITENV = { + GIT_ASKPASS: 'echo', + GIT_TEMPLATE_DIR: tmpName + } + Object.keys(process.env).forEach(k => { + if (GOOD_ENV_VARS.has(k) || !k.startsWith(GIT_)) { + GITENV[k] = process.env[k] + } + }) + return GITENV +} + +let GITPATH +try { + GITPATH = which.sync('git') +} catch (e) {} + +module.exports.clone = fullClone +function fullClone (repo, committish, target, opts) { + opts = optCheck(opts) + const gitArgs = ['clone', '--mirror', '-q', repo, path.join(target, '.git')] + if (process.platform === 'win32') { + gitArgs.push('--config', 'core.longpaths=true') + } + return execGit(gitArgs, { cwd: target }, opts).then(() => { + return execGit(['init'], { cwd: target }, opts) + }).then(() => { + return execGit(['checkout', committish || 'HEAD'], { cwd: target }, opts) + }).then(() => { + return updateSubmodules(target, opts) + }).then(() => headSha(target, opts)) +} + +module.exports.shallow = shallowClone +function shallowClone (repo, branch, target, opts) { + opts = optCheck(opts) + const gitArgs = ['clone', '--depth=1', '-q'] + if (branch) { + gitArgs.push('-b', branch) + } + gitArgs.push(repo, target) + if (process.platform === 'win32') { + gitArgs.push('--config', 'core.longpaths=true') + } + return execGit(gitArgs, { + cwd: target + }, opts).then(() => { + return updateSubmodules(target, opts) + }).then(() => headSha(target, opts)) +} + +function updateSubmodules (localRepo, opts) { + const gitArgs = ['submodule', 'update', '-q', '--init', '--recursive'] + return execGit(gitArgs, { + cwd: localRepo + }, opts) +} + +function headSha (repo, opts) { + opts = optCheck(opts) + return execGit(['rev-parse', '--revs-only', 'HEAD'], { cwd: repo }, opts).spread(stdout => { + return stdout.trim() + }) +} + +const CARET_BRACES = '^{}' +const REVS = new LRU({ + max: 100, + maxAge: 5 * 60 * 1000 +}) +module.exports.revs = revs +function revs (repo, opts) { + opts = optCheck(opts) + const cached = REVS.get(repo) + if (cached) { + return BB.resolve(cached) + } + return pinflight(`ls-remote:${repo}`, () => { + return spawnGit(['ls-remote', '-h', '-t', repo], { + env: gitEnv() + }, opts).then((stdout) => { + return stdout.split('\n').reduce((revs, line) => { + const split = line.split(/\s+/, 2) + if (split.length < 2) { return revs } + const sha = split[0].trim() + const ref = split[1].trim().match(/(?:refs\/[^/]+\/)?(.*)/)[1] + if (!ref) { return revs } // ??? + if (ref.endsWith(CARET_BRACES)) { return revs } // refs/tags/x^{} crap + const type = refType(line) + const doc = { sha, ref, type } + + revs.refs[ref] = doc + // We can check out shallow clones on specific SHAs if we have a ref + if (revs.shas[sha]) { + revs.shas[sha].push(ref) + } else { + revs.shas[sha] = [ref] + } + + if (type === 'tag') { + const match = ref.match(/v?(\d+\.\d+\.\d+(?:[-+].+)?)$/) + if (match && semver.valid(match[1], true)) { + revs.versions[semver.clean(match[1], true)] = doc + } + } + + return revs + }, { versions: {}, 'dist-tags': {}, refs: {}, shas: {} }) + }, err => { + err.message = `Error while executing:\n${GITPATH} ls-remote -h -t ${repo}\n\n${err.stderr}\n${err.message}` + throw err + }).then(revs => { + if (revs.refs.HEAD) { + const HEAD = revs.refs.HEAD + Object.keys(revs.versions).forEach(v => { + if (v.sha === HEAD.sha) { + revs['dist-tags'].HEAD = v + if (!revs.refs.latest) { + revs['dist-tags'].latest = revs.refs.HEAD + } + } + }) + } + REVS.set(repo, revs) + return revs + }) + }) +} + +// infer the owner from the cwd git is operating in, if not the +// process cwd, but only if we're root. +// See: https://github.com/npm/cli/issues/624 +module.exports._cwdOwner = cwdOwner +function cwdOwner (gitOpts, opts) { + const isRoot = process.getuid && process.getuid() === 0 + if (!isRoot || !gitOpts.cwd) { return Promise.resolve() } + + return BB.resolve(inferOwner(gitOpts.cwd).then(owner => { + gitOpts.uid = owner.uid + gitOpts.gid = owner.gid + })) +} + +module.exports._exec = execGit +function execGit (gitArgs, gitOpts, opts) { + opts = optCheck(opts) + return BB.resolve(cwdOwner(gitOpts, opts).then(() => checkGit(opts).then(gitPath => { + return promiseRetry((retry, number) => { + if (number !== 1) { + opts.log.silly('pacote', 'Retrying git command: ' + gitArgs.join(' ') + ' attempt # ' + number) + } + return execFileAsync(gitPath, gitArgs, mkOpts(gitOpts, opts)).catch((err) => { + if (shouldRetry(err, number)) { + retry(err) + } else { + throw err + } + }) + }, opts.retry != null ? opts.retry : { + retries: opts['fetch-retries'], + factor: opts['fetch-retry-factor'], + maxTimeout: opts['fetch-retry-maxtimeout'], + minTimeout: opts['fetch-retry-mintimeout'] + }) + }))) +} + +module.exports._spawn = spawnGit +function spawnGit (gitArgs, gitOpts, opts) { + opts = optCheck(opts) + return BB.resolve(cwdOwner(gitOpts, opts).then(() => checkGit(opts).then(gitPath => { + return promiseRetry((retry, number) => { + if (number !== 1) { + opts.log.silly('pacote', 'Retrying git command: ' + gitArgs.join(' ') + ' attempt # ' + number) + } + const child = cp.spawn(gitPath, gitArgs, mkOpts(gitOpts, opts)) + + let stdout = '' + let stderr = '' + child.stdout.on('data', d => { stdout += d }) + child.stderr.on('data', d => { stderr += d }) + + return finished(child, true).catch(err => { + if (shouldRetry(stderr, number)) { + retry(err) + } else { + err.stderr = stderr + throw err + } + }).then(() => { + return stdout + }) + }, opts.retry) + }))) +} + +module.exports._mkOpts = mkOpts +function mkOpts (_gitOpts, opts) { + const gitOpts = { + env: gitEnv() + } + const isRoot = process.getuid && process.getuid() === 0 + // don't change child process uid/gid if not root + if (+opts.uid && !isNaN(opts.uid) && isRoot) { + gitOpts.uid = +opts.uid + } + if (+opts.gid && !isNaN(opts.gid) && isRoot) { + gitOpts.gid = +opts.gid + } + Object.assign(gitOpts, _gitOpts) + return gitOpts +} + +function checkGit (opts) { + if (opts.git) { + return BB.resolve(opts.git) + } else if (!GITPATH) { + const err = new Error('No git binary found in $PATH') + err.code = 'ENOGIT' + return BB.reject(err) + } else { + return BB.resolve(GITPATH) + } +} + +const REFS_TAGS = 'refs/tags/' +const REFS_HEADS = 'refs/heads/' +const HEAD = 'HEAD' +function refType (ref) { + return ref.indexOf(REFS_TAGS) !== -1 + ? 'tag' + : ref.indexOf(REFS_HEADS) !== -1 + ? 'branch' + : ref.endsWith(HEAD) + ? 'head' + : 'other' +} diff --git a/node_modules/libnpm/node_modules/pacote/lib/util/opt-check.js b/node_modules/libnpm/node_modules/pacote/lib/util/opt-check.js new file mode 100644 index 000000000..8b6b472f8 --- /dev/null +++ b/node_modules/libnpm/node_modules/pacote/lib/util/opt-check.js @@ -0,0 +1,48 @@ +'use strict' + +const figgyPudding = require('figgy-pudding') +const logger = require('./proclog.js') + +const AUTH_REGEX = /^(?:.*:)?(token|_authToken|username|_password|password|email|always-auth|_auth|otp)$/ +const SCOPE_REGISTRY_REGEX = /@.*:registry$/gi +module.exports = figgyPudding({ + annotate: {}, + cache: {}, + defaultTag: 'tag', + dirPacker: {}, + dmode: {}, + 'enjoy-by': 'enjoyBy', + enjoyBy: {}, + before: 'enjoyBy', + fmode: {}, + 'fetch-retries': { default: 2 }, + 'fetch-retry-factor': { default: 10 }, + 'fetch-retry-maxtimeout': { default: 60000 }, + 'fetch-retry-mintimeout': { default: 10000 }, + fullMetadata: 'full-metadata', + 'full-metadata': { default: false }, + gid: {}, + git: {}, + includeDeprecated: { default: true }, + 'include-deprecated': 'includeDeprecated', + integrity: {}, + log: { default: logger }, + memoize: {}, + offline: {}, + preferOffline: 'prefer-offline', + 'prefer-offline': {}, + preferOnline: 'prefer-online', + 'prefer-online': {}, + registry: { default: 'https://registry.npmjs.org/' }, + resolved: {}, + retry: {}, + scope: {}, + tag: { default: 'latest' }, + uid: {}, + umask: {}, + where: {} +}, { + other (key) { + return key.match(AUTH_REGEX) || key.match(SCOPE_REGISTRY_REGEX) + } +}) diff --git a/node_modules/libnpm/node_modules/pacote/lib/util/pack-dir.js b/node_modules/libnpm/node_modules/pacote/lib/util/pack-dir.js new file mode 100644 index 000000000..157a9a82f --- /dev/null +++ b/node_modules/libnpm/node_modules/pacote/lib/util/pack-dir.js @@ -0,0 +1,44 @@ +'use strict' + +const BB = require('bluebird') + +const cacache = require('cacache') +const cacheKey = require('./cache-key') +const optCheck = require('./opt-check') +const packlist = require('npm-packlist') +const pipe = BB.promisify(require('mississippi').pipe) +const tar = require('tar') + +module.exports = packDir +function packDir (manifest, label, dir, target, opts) { + opts = optCheck(opts) + + const packer = opts.dirPacker + ? BB.resolve(opts.dirPacker(manifest, dir)) + : mkPacker(dir) + + if (!opts.cache) { + return packer.then(packer => pipe(packer, target)) + } else { + const cacher = cacache.put.stream( + opts.cache, cacheKey('packed-dir', label), opts + ).on('integrity', i => { + target.emit('integrity', i) + }) + return packer.then(packer => BB.all([ + pipe(packer, cacher), + pipe(packer, target) + ])) + } +} + +function mkPacker (dir) { + return packlist({ path: dir }).then(files => { + return tar.c({ + cwd: dir, + gzip: true, + portable: true, + prefix: 'package/' + }, files) + }) +} diff --git a/node_modules/libnpm/node_modules/pacote/lib/util/proclog.js b/node_modules/libnpm/node_modules/pacote/lib/util/proclog.js new file mode 100644 index 000000000..e4a2bf8ac --- /dev/null +++ b/node_modules/libnpm/node_modules/pacote/lib/util/proclog.js @@ -0,0 +1,23 @@ +'use strict' + +const LEVELS = [ + 'notice', + 'error', + 'warn', + 'info', + 'verbose', + 'http', + 'silly', + 'pause', + 'resume' +] + +const logger = {} +for (const level of LEVELS) { + logger[level] = log(level) +} +module.exports = logger + +function log (level) { + return (category, ...args) => process.emit('log', level, category, ...args) +} diff --git a/node_modules/libnpm/node_modules/pacote/lib/util/read-json.js b/node_modules/libnpm/node_modules/pacote/lib/util/read-json.js new file mode 100644 index 000000000..32fffbc53 --- /dev/null +++ b/node_modules/libnpm/node_modules/pacote/lib/util/read-json.js @@ -0,0 +1,15 @@ +'use strict' + +module.exports = function (content) { + // Code also yanked from read-package-json. + function stripBOM (content) { + content = content.toString() + // Remove byte order marker. This catches EF BB BF (the UTF-8 BOM) + // because the buffer-to-string conversion in `fs.readFileSync()` + // translates it to FEFF, the UTF-16 BOM. + if (content.charCodeAt(0) === 0xFEFF) return content.slice(1) + return content + } + + return JSON.parse(stripBOM(content)) +} diff --git a/node_modules/libnpm/node_modules/pacote/lib/with-tarball-stream.js b/node_modules/libnpm/node_modules/pacote/lib/with-tarball-stream.js new file mode 100644 index 000000000..0d84696d6 --- /dev/null +++ b/node_modules/libnpm/node_modules/pacote/lib/with-tarball-stream.js @@ -0,0 +1,135 @@ +'use strict' + +const BB = require('bluebird') + +const cacache = require('cacache') +const fetch = require('./fetch.js') +const fs = require('fs') +const npa = require('npm-package-arg') +const optCheck = require('./util/opt-check.js') +const path = require('path') +const ssri = require('ssri') +const retry = require('promise-retry') + +const statAsync = BB.promisify(fs.stat) + +const RETRIABLE_ERRORS = new Set(['ENOENT', 'EINTEGRITY', 'Z_DATA_ERROR']) + +module.exports = withTarballStream +function withTarballStream (spec, opts, streamHandler) { + opts = optCheck(opts) + spec = npa(spec, opts.where) + + // First, we check for a file: resolved shortcut + const tryFile = ( + !opts.preferOnline && + opts.integrity && + opts.resolved && + opts.resolved.startsWith('file:') + ) + ? BB.try(() => { + // NOTE - this is a special shortcut! Packages installed as files do not + // have a `resolved` field -- this specific case only occurs when you have, + // say, a git dependency or a registry dependency that you've packaged into + // a local file, and put that file: spec in the `resolved` field. + opts.log.silly('pacote', `trying ${spec} by local file: ${opts.resolved}`) + const file = path.resolve(opts.where || '.', opts.resolved.substr(5)) + return statAsync(file) + .then(() => { + const verifier = ssri.integrityStream({ integrity: opts.integrity }) + const stream = fs.createReadStream(file) + .on('error', err => verifier.emit('error', err)) + .pipe(verifier) + return streamHandler(stream) + }) + .catch(err => { + if (err.code === 'EINTEGRITY') { + opts.log.warn('pacote', `EINTEGRITY while extracting ${spec} from ${file}.You will have to recreate the file.`) + opts.log.verbose('pacote', `EINTEGRITY for ${spec}: ${err.message}`) + } + throw err + }) + }) + : BB.reject(Object.assign(new Error('no file!'), { code: 'ENOENT' })) + + const tryDigest = tryFile + .catch(err => { + if ( + opts.preferOnline || + !opts.cache || + !opts.integrity || + !RETRIABLE_ERRORS.has(err.code) + ) { + throw err + } else { + opts.log.silly('tarball', `trying ${spec} by hash: ${opts.integrity}`) + const stream = cacache.get.stream.byDigest( + opts.cache, opts.integrity, opts + ) + stream.once('error', err => stream.on('newListener', (ev, l) => { + if (ev === 'error') { l(err) } + })) + return streamHandler(stream) + .catch(err => { + if (err.code === 'EINTEGRITY' || err.code === 'Z_DATA_ERROR') { + opts.log.warn('tarball', `cached data for ${spec} (${opts.integrity}) seems to be corrupted. Refreshing cache.`) + return cleanUpCached(opts.cache, opts.integrity, opts) + .then(() => { throw err }) + } else { + throw err + } + }) + } + }) + + const trySpec = tryDigest + .catch(err => { + if (!RETRIABLE_ERRORS.has(err.code)) { + // If it's not one of our retriable errors, bail out and give up. + throw err + } else { + opts.log.silly( + 'tarball', + `no local data for ${spec}. Extracting by manifest.` + ) + return BB.resolve(retry((tryAgain, attemptNum) => { + const tardata = fetch.tarball(spec, opts) + if (!opts.resolved) { + tardata.on('manifest', m => { + opts = opts.concat({ resolved: m._resolved }) + }) + tardata.on('integrity', i => { + opts = opts.concat({ integrity: i }) + }) + } + return BB.try(() => streamHandler(tardata)) + .catch(err => { + // Retry once if we have a cache, to clear up any weird conditions. + // Don't retry network errors, though -- make-fetch-happen has already + // taken care of making sure we're all set on that front. + if (opts.cache && err.code && !String(err.code).match(/^E\d{3}$/)) { + if (err.code === 'EINTEGRITY' || err.code === 'Z_DATA_ERROR') { + opts.log.warn('tarball', `tarball data for ${spec} (${opts.integrity}) seems to be corrupted. Trying one more time.`) + } + return cleanUpCached(opts.cache, err.sri, opts) + .then(() => tryAgain(err)) + } else { + throw err + } + }) + }, { retries: 1 })) + } + }) + + return trySpec + .catch(err => { + if (err.code === 'EINTEGRITY') { + err.message = `Verification failed while extracting ${spec}:\n${err.message}` + } + throw err + }) +} + +function cleanUpCached (cachePath, integrity, opts) { + return cacache.rm.content(cachePath, integrity, opts) +} diff --git a/node_modules/libnpm/node_modules/pacote/manifest.js b/node_modules/libnpm/node_modules/pacote/manifest.js new file mode 100644 index 000000000..6a89ff76b --- /dev/null +++ b/node_modules/libnpm/node_modules/pacote/manifest.js @@ -0,0 +1,38 @@ +'use strict' + +const fetchManifest = require('./lib/fetch').manifest +const finalizeManifest = require('./lib/finalize-manifest') +const optCheck = require('./lib/util/opt-check') +const pinflight = require('promise-inflight') +const npa = require('npm-package-arg') + +module.exports = manifest +function manifest (spec, opts) { + opts = optCheck(opts) + spec = npa(spec, opts.where) + + const label = [ + spec.name, + spec.saveSpec || spec.fetchSpec, + spec.type, + opts.cache, + opts.registry, + opts.scope + ].join(':') + return pinflight(label, () => { + const startTime = Date.now() + return fetchManifest(spec, opts).then(rawManifest => { + return finalizeManifest(rawManifest, spec, opts) + }).then(manifest => { + if (opts.annotate) { + manifest._from = spec.saveSpec || spec.raw + manifest._requested = spec + manifest._spec = spec.raw + manifest._where = opts.where + } + const elapsedTime = Date.now() - startTime + opts.log.silly('pacote', `${spec.type} manifest for ${spec.name}@${spec.saveSpec || spec.fetchSpec} fetched in ${elapsedTime}ms`) + return manifest + }) + }) +} diff --git a/node_modules/libnpm/node_modules/pacote/package.json b/node_modules/libnpm/node_modules/pacote/package.json new file mode 100644 index 000000000..1fadafb5a --- /dev/null +++ b/node_modules/libnpm/node_modules/pacote/package.json @@ -0,0 +1,121 @@ +{ + "_from": "pacote@^9.5.3", + "_id": "pacote@9.5.12", + "_inBundle": false, + "_integrity": "sha512-BUIj/4kKbwWg4RtnBncXPJd15piFSVNpTzY0rysSr3VnMowTYgkGKcaHrbReepAkjTr8lH2CVWRi58Spg2CicQ==", + "_location": "/libnpm/pacote", + "_phantomChildren": {}, + "_requested": { + "type": "range", + "registry": true, + "raw": "pacote@^9.5.3", + "name": "pacote", + "escapedName": "pacote", + "rawSpec": "^9.5.3", + "saveSpec": null, + "fetchSpec": "^9.5.3" + }, + "_requiredBy": [ + "/libnpm" + ], + "_resolved": "https://registry.npmjs.org/pacote/-/pacote-9.5.12.tgz", + "_shasum": "1e11dd7a8d736bcc36b375a9804d41bb0377bf66", + "_spec": "pacote@^9.5.3", + "_where": "/Users/claudiahdz/npm/cli/node_modules/libnpm", + "author": { + "name": "Kat Marchán", + "email": "kzm@sykosomatic.org" + }, + "bugs": { + "url": "https://github.com/npm/pacote/issues" + }, + "bundleDependencies": false, + "contributors": [ + { + "name": "Charlotte Spencer", + "email": "charlottelaspencer@gmail.com" + }, + { + "name": "Rebecca Turner", + "email": "me@re-becca.org" + } + ], + "dependencies": { + "bluebird": "^3.5.3", + "cacache": "^12.0.2", + "chownr": "^1.1.2", + "figgy-pudding": "^3.5.1", + "get-stream": "^4.1.0", + "glob": "^7.1.3", + "infer-owner": "^1.0.4", + "lru-cache": "^5.1.1", + "make-fetch-happen": "^5.0.0", + "minimatch": "^3.0.4", + "minipass": "^2.3.5", + "mississippi": "^3.0.0", + "mkdirp": "^0.5.1", + "normalize-package-data": "^2.4.0", + "npm-normalize-package-bin": "^1.0.0", + "npm-package-arg": "^6.1.0", + "npm-packlist": "^1.1.12", + "npm-pick-manifest": "^3.0.0", + "npm-registry-fetch": "^4.0.0", + "osenv": "^0.1.5", + "promise-inflight": "^1.0.1", + "promise-retry": "^1.1.1", + "protoduck": "^5.0.1", + "rimraf": "^2.6.2", + "safe-buffer": "^5.1.2", + "semver": "^5.6.0", + "ssri": "^6.0.1", + "tar": "^4.4.10", + "unique-filename": "^1.1.1", + "which": "^1.3.1" + }, + "deprecated": false, + "description": "JavaScript package downloader", + "devDependencies": { + "nock": "^10.0.3", + "npmlog": "^4.1.2", + "nyc": "^14.1.1", + "require-inject": "^1.4.3", + "standard": "^12.0.1", + "standard-version": "^4.4.0", + "tacks": "^1.2.7", + "tap": "^12.7.0", + "tar-stream": "^1.6.2", + "weallbehave": "^1.2.0", + "weallcontribute": "^1.0.7" + }, + "files": [ + "*.js", + "lib" + ], + "homepage": "https://github.com/npm/pacote#readme", + "keywords": [ + "packages", + "npm", + "git" + ], + "license": "MIT", + "main": "index.js", + "name": "pacote", + "publishConfig": { + "tag": "v9-legacy" + }, + "repository": { + "type": "git", + "url": "git+https://github.com/npm/pacote.git" + }, + "scripts": { + "postrelease": "npm publish && git push --follow-tags", + "prerelease": "npm t", + "pretest": "standard", + "release": "standard-version -s", + "test": "nyc --all -- tap -J test/*.js", + "test-docker": "docker run -it --rm --name pacotest -v \"$PWD\":/tmp -w /tmp node:latest npm test", + "update-coc": "weallbehave -o . && git add CODE_OF_CONDUCT.md && git commit -m 'docs(coc): updated CODE_OF_CONDUCT.md'", + "update-contrib": "weallcontribute -o . && git add CONTRIBUTING.md && git commit -m 'docs(contributing): updated CONTRIBUTING.md'" + }, + "version": "9.5.12" +} diff --git a/node_modules/libnpm/node_modules/pacote/packument.js b/node_modules/libnpm/node_modules/pacote/packument.js new file mode 100644 index 000000000..0606b266f --- /dev/null +++ b/node_modules/libnpm/node_modules/pacote/packument.js @@ -0,0 +1,29 @@ +'use strict' + +const fetchPackument = require('./lib/fetch').packument +const optCheck = require('./lib/util/opt-check') +const pinflight = require('promise-inflight') +const npa = require('npm-package-arg') + +module.exports = packument +function packument (spec, opts) { + opts = optCheck(opts) + spec = npa(spec, opts.where) + + const label = [ + spec.name, + spec.saveSpec || spec.fetchSpec, + spec.type, + opts.cache, + opts.registry, + opts.scope + ].join(':') + const startTime = Date.now() + return pinflight(label, () => { + return fetchPackument(spec, opts) + }).then(p => { + const elapsedTime = Date.now() - startTime + opts.log.silly('pacote', `${spec.registry ? 'registry' : spec.type} packument for ${spec.name}@${spec.saveSpec || spec.fetchSpec} fetched in ${elapsedTime}ms`) + return p + }) +} diff --git a/node_modules/libnpm/node_modules/pacote/prefetch.js b/node_modules/libnpm/node_modules/pacote/prefetch.js new file mode 100644 index 000000000..9e6b5af12 --- /dev/null +++ b/node_modules/libnpm/node_modules/pacote/prefetch.js @@ -0,0 +1,64 @@ +'use strict' + +const BB = require('bluebird') + +const cacache = require('cacache') +const finished = BB.promisify(require('mississippi').finished) +const optCheck = require('./lib/util/opt-check') +const npa = require('npm-package-arg') + +module.exports = prefetch +function prefetch (spec, opts) { + opts = optCheck(opts) + spec = npa(spec, opts.where) + opts.log.warn('prefetch', 'pacote.prefetch() is deprecated. Please use pacote.tarball() instead.') + const startTime = Date.now() + if (!opts.cache) { + opts.log.info('prefetch', 'skipping prefetch: no cache provided') + return BB.resolve({ spec }) + } + if (opts.integrity && !opts.preferOnline) { + opts.log.silly('prefetch', 'checking if', opts.integrity, 'is already cached') + return cacache.get.hasContent(opts.cache, opts.integrity).then(info => { + if (info) { + opts.log.silly('prefetch', `content already exists for ${spec} (${Date.now() - startTime}ms)`) + return { + spec, + integrity: info.integrity, + size: info.size, + byDigest: true + } + } else { + return prefetchByManifest(startTime, spec, opts) + } + }) + } else { + opts.log.silly('prefetch', `no integrity hash provided for ${spec} - fetching by manifest`) + return prefetchByManifest(startTime, spec, opts) + } +} + +let fetch +function prefetchByManifest (start, spec, opts) { + let manifest + let integrity + return BB.resolve().then(() => { + if (!fetch) { + fetch = require('./lib/fetch') + } + const stream = fetch.tarball(spec, opts) + if (!stream) { return } + stream.on('data', function () {}) + stream.on('manifest', m => { manifest = m }) + stream.on('integrity', i => { integrity = i }) + return finished(stream) + }).then(() => { + opts.log.silly('prefetch', `${spec} done in ${Date.now() - start}ms`) + return { + manifest, + spec, + integrity: integrity || (manifest && manifest._integrity), + byDigest: false + } + }) +} diff --git a/node_modules/libnpm/node_modules/pacote/tarball.js b/node_modules/libnpm/node_modules/pacote/tarball.js new file mode 100644 index 000000000..e0ad52ab3 --- /dev/null +++ b/node_modules/libnpm/node_modules/pacote/tarball.js @@ -0,0 +1,67 @@ +'use strict' + +const BB = require('bluebird') + +const fs = require('fs') +const getStream = require('get-stream') +const mkdirp = BB.promisify(require('mkdirp')) +const npa = require('npm-package-arg') +const optCheck = require('./lib/util/opt-check.js') +const PassThrough = require('stream').PassThrough +const path = require('path') +const rimraf = BB.promisify(require('rimraf')) +const withTarballStream = require('./lib/with-tarball-stream.js') + +module.exports = tarball +function tarball (spec, opts) { + opts = optCheck(opts) + spec = npa(spec, opts.where) + return withTarballStream(spec, opts, stream => getStream.buffer(stream)) +} + +module.exports.stream = tarballStream +function tarballStream (spec, opts) { + opts = optCheck(opts) + spec = npa(spec, opts.where) + const output = new PassThrough() + let hasTouchedOutput = false + let lastError = null + withTarballStream(spec, opts, stream => { + if (hasTouchedOutput && lastError) { + throw lastError + } else if (hasTouchedOutput) { + throw new Error('abort, abort!') + } else { + return new BB((resolve, reject) => { + stream.on('error', reject) + output.on('error', reject) + output.on('error', () => { hasTouchedOutput = true }) + output.on('finish', resolve) + stream.pipe(output) + stream.once('data', () => { hasTouchedOutput = true }) + }).catch(err => { + lastError = err + throw err + }) + } + }) + .catch(err => output.emit('error', err)) + return output +} + +module.exports.toFile = tarballToFile +function tarballToFile (spec, dest, opts) { + opts = optCheck(opts) + spec = npa(spec, opts.where) + return mkdirp(path.dirname(dest)) + .then(() => withTarballStream(spec, opts, stream => { + return rimraf(dest) + .then(() => new BB((resolve, reject) => { + const writer = fs.createWriteStream(dest) + stream.on('error', reject) + writer.on('error', reject) + writer.on('close', resolve) + stream.pipe(writer) + })) + })) +} diff --git a/node_modules/libnpm/node_modules/ssri/CHANGELOG.md b/node_modules/libnpm/node_modules/ssri/CHANGELOG.md new file mode 100644 index 000000000..d4c589790 --- /dev/null +++ b/node_modules/libnpm/node_modules/ssri/CHANGELOG.md @@ -0,0 +1,286 @@ +# Change Log + +All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines. + +<a name="6.0.1"></a> +## [6.0.1](https://github.com/zkat/ssri/compare/v6.0.0...v6.0.1) (2018-08-27) + + +### Bug Fixes + +* **opts:** use figgy-pudding to specify consumed opts ([cf86553](https://github.com/zkat/ssri/commit/cf86553)) + + + +<a name="6.0.0"></a> +# [6.0.0](https://github.com/zkat/ssri/compare/v5.3.0...v6.0.0) (2018-04-09) + + +### Bug Fixes + +* **docs:** minor typo ([b71ef17](https://github.com/zkat/ssri/commit/b71ef17)) + + +### meta + +* drop support for node@4 ([d9bf359](https://github.com/zkat/ssri/commit/d9bf359)) + + +### BREAKING CHANGES + +* node@4 is no longer supported + + + +<a name="5.3.0"></a> +# [5.3.0](https://github.com/zkat/ssri/compare/v5.2.4...v5.3.0) (2018-03-13) + + +### Features + +* **checkData:** optionally throw when checkData fails ([bf26b84](https://github.com/zkat/ssri/commit/bf26b84)) + + + +<a name="5.2.4"></a> +## [5.2.4](https://github.com/zkat/ssri/compare/v5.2.3...v5.2.4) (2018-02-16) + + + +<a name="5.2.3"></a> +## [5.2.3](https://github.com/zkat/ssri/compare/v5.2.2...v5.2.3) (2018-02-16) + + +### Bug Fixes + +* **hashes:** filter hash priority list by available hashes ([2fa30b8](https://github.com/zkat/ssri/commit/2fa30b8)) +* **integrityStream:** dedupe algorithms to generate ([d56c654](https://github.com/zkat/ssri/commit/d56c654)) + + + +<a name="5.2.2"></a> +## [5.2.2](https://github.com/zkat/ssri/compare/v5.2.1...v5.2.2) (2018-02-14) + + +### Bug Fixes + +* **security:** tweak strict SRI regex ([#10](https://github.com/zkat/ssri/issues/10)) ([d0ebcdc](https://github.com/zkat/ssri/commit/d0ebcdc)) + + + +<a name="5.2.1"></a> +## [5.2.1](https://github.com/zkat/ssri/compare/v5.2.0...v5.2.1) (2018-02-06) + + + +<a name="5.2.0"></a> +# [5.2.0](https://github.com/zkat/ssri/compare/v5.1.0...v5.2.0) (2018-02-06) + + +### Features + +* **match:** add integrity.match() ([3c49cc4](https://github.com/zkat/ssri/commit/3c49cc4)) + + + +<a name="5.1.0"></a> +# [5.1.0](https://github.com/zkat/ssri/compare/v5.0.0...v5.1.0) (2018-01-18) + + +### Bug Fixes + +* **checkStream:** integrityStream now takes opts.integrity algos into account ([d262910](https://github.com/zkat/ssri/commit/d262910)) + + +### Features + +* **sha3:** do some guesswork about upcoming sha3 ([7fdd9df](https://github.com/zkat/ssri/commit/7fdd9df)) + + + +<a name="5.0.0"></a> +# [5.0.0](https://github.com/zkat/ssri/compare/v4.1.6...v5.0.0) (2017-10-23) + + +### Features + +* **license:** relicense to ISC (#9) ([c82983a](https://github.com/zkat/ssri/commit/c82983a)) + + +### BREAKING CHANGES + +* **license:** the license has been changed from CC0-1.0 to ISC. + + + +<a name="4.1.6"></a> +## [4.1.6](https://github.com/zkat/ssri/compare/v4.1.5...v4.1.6) (2017-06-07) + + +### Bug Fixes + +* **checkStream:** make sure to pass all opts through ([0b1bcbe](https://github.com/zkat/ssri/commit/0b1bcbe)) + + + +<a name="4.1.5"></a> +## [4.1.5](https://github.com/zkat/ssri/compare/v4.1.4...v4.1.5) (2017-06-05) + + +### Bug Fixes + +* **integrityStream:** stop crashing if opts.algorithms and opts.integrity have an algo mismatch ([fb1293e](https://github.com/zkat/ssri/commit/fb1293e)) + + + +<a name="4.1.4"></a> +## [4.1.4](https://github.com/zkat/ssri/compare/v4.1.3...v4.1.4) (2017-05-31) + + +### Bug Fixes + +* **node:** older versions of node[@4](https://github.com/4) do not support base64buffer string parsing ([513df4e](https://github.com/zkat/ssri/commit/513df4e)) + + + +<a name="4.1.3"></a> +## [4.1.3](https://github.com/zkat/ssri/compare/v4.1.2...v4.1.3) (2017-05-24) + + +### Bug Fixes + +* **check:** handle various bad hash corner cases better ([c2c262b](https://github.com/zkat/ssri/commit/c2c262b)) + + + +<a name="4.1.2"></a> +## [4.1.2](https://github.com/zkat/ssri/compare/v4.1.1...v4.1.2) (2017-04-18) + + +### Bug Fixes + +* **stream:** _flush can be called multiple times. use on("end") ([b1c4805](https://github.com/zkat/ssri/commit/b1c4805)) + + + +<a name="4.1.1"></a> +## [4.1.1](https://github.com/zkat/ssri/compare/v4.1.0...v4.1.1) (2017-04-12) + + +### Bug Fixes + +* **pickAlgorithm:** error if pickAlgorithm() is used in an empty Integrity ([fab470e](https://github.com/zkat/ssri/commit/fab470e)) + + + +<a name="4.1.0"></a> +# [4.1.0](https://github.com/zkat/ssri/compare/v4.0.0...v4.1.0) (2017-04-07) + + +### Features + +* adding ssri.create for a crypto style interface (#2) ([96f52ad](https://github.com/zkat/ssri/commit/96f52ad)) + + + +<a name="4.0.0"></a> +# [4.0.0](https://github.com/zkat/ssri/compare/v3.0.2...v4.0.0) (2017-04-03) + + +### Bug Fixes + +* **integrity:** should have changed the error code before. oops ([8381afa](https://github.com/zkat/ssri/commit/8381afa)) + + +### BREAKING CHANGES + +* **integrity:** EBADCHECKSUM -> EINTEGRITY for verification errors + + + +<a name="3.0.2"></a> +## [3.0.2](https://github.com/zkat/ssri/compare/v3.0.1...v3.0.2) (2017-04-03) + + + +<a name="3.0.1"></a> +## [3.0.1](https://github.com/zkat/ssri/compare/v3.0.0...v3.0.1) (2017-04-03) + + +### Bug Fixes + +* **package.json:** really should have these in the keywords because search ([a6ac6d0](https://github.com/zkat/ssri/commit/a6ac6d0)) + + + +<a name="3.0.0"></a> +# [3.0.0](https://github.com/zkat/ssri/compare/v2.0.0...v3.0.0) (2017-04-03) + + +### Bug Fixes + +* **hashes:** IntegrityMetadata -> Hash ([d04aa1f](https://github.com/zkat/ssri/commit/d04aa1f)) + + +### Features + +* **check:** return IntegrityMetadata on check success ([2301e74](https://github.com/zkat/ssri/commit/2301e74)) +* **fromHex:** ssri.fromHex to make it easier to generate them from hex valus ([049b89e](https://github.com/zkat/ssri/commit/049b89e)) +* **hex:** utility function for getting hex version of digest ([a9f021c](https://github.com/zkat/ssri/commit/a9f021c)) +* **hexDigest:** added hexDigest method to Integrity objects too ([85208ba](https://github.com/zkat/ssri/commit/85208ba)) +* **integrity:** add .isIntegrity and .isIntegrityMetadata ([1b29e6f](https://github.com/zkat/ssri/commit/1b29e6f)) +* **integrityStream:** new stream that can both generate and check streamed data ([fd23e1b](https://github.com/zkat/ssri/commit/fd23e1b)) +* **parse:** allow parsing straight into a single IntegrityMetadata object ([c8ddf48](https://github.com/zkat/ssri/commit/c8ddf48)) +* **pickAlgorithm:** Intergrity#pickAlgorithm() added ([b97a796](https://github.com/zkat/ssri/commit/b97a796)) +* **size:** calculate and update stream sizes ([02ed1ad](https://github.com/zkat/ssri/commit/02ed1ad)) + + +### BREAKING CHANGES + +* **hashes:** `.isIntegrityMetadata` is now `.isHash`. Also, any references to `IntegrityMetadata` now refer to `Hash`. +* **integrityStream:** createCheckerStream has been removed and replaced with a general-purpose integrityStream. + +To convert existing createCheckerStream code, move the `sri` argument into `opts.integrity` in integrityStream. All other options should be the same. +* **check:** `checkData`, `checkStream`, and `createCheckerStream` now yield a whole IntegrityMetadata instance representing the first successful hash match. + + + +<a name="2.0.0"></a> +# [2.0.0](https://github.com/zkat/ssri/compare/v1.0.0...v2.0.0) (2017-03-24) + + +### Bug Fixes + +* **strict-mode:** make regexes more rigid ([122a32c](https://github.com/zkat/ssri/commit/122a32c)) + + +### Features + +* **api:** added serialize alias for unparse ([999b421](https://github.com/zkat/ssri/commit/999b421)) +* **concat:** add Integrity#concat() ([cae12c7](https://github.com/zkat/ssri/commit/cae12c7)) +* **pickAlgo:** pick the strongest algorithm provided, by default ([58c18f7](https://github.com/zkat/ssri/commit/58c18f7)) +* **strict-mode:** strict SRI support ([3f0b64c](https://github.com/zkat/ssri/commit/3f0b64c)) +* **stringify:** replaced unparse/serialize with stringify ([4acad30](https://github.com/zkat/ssri/commit/4acad30)) +* **verification:** add opts.pickAlgorithm ([f72e658](https://github.com/zkat/ssri/commit/f72e658)) + + +### BREAKING CHANGES + +* **pickAlgo:** ssri will prioritize specific hashes now +* **stringify:** serialize and unparse have been removed. Use ssri.stringify instead. +* **strict-mode:** functions that accepted an optional `sep` argument now expect `opts.sep`. + + + +<a name="1.0.0"></a> +# 1.0.0 (2017-03-23) + + +### Features + +* **api:** implemented initial api ([4fbb16b](https://github.com/zkat/ssri/commit/4fbb16b)) + + +### BREAKING CHANGES + +* **api:** Initial API established. diff --git a/node_modules/libnpm/node_modules/ssri/LICENSE.md b/node_modules/libnpm/node_modules/ssri/LICENSE.md new file mode 100644 index 000000000..8d28acf86 --- /dev/null +++ b/node_modules/libnpm/node_modules/ssri/LICENSE.md @@ -0,0 +1,16 @@ +ISC License + +Copyright (c) npm, Inc. + +Permission to use, copy, modify, and/or distribute this software for +any purpose with or without fee is hereby granted, provided that the +above copyright notice and this permission notice appear in all copies. + +THE SOFTWARE IS PROVIDED "AS IS" AND THE COPYRIGHT HOLDER DISCLAIMS +ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE +COPYRIGHT HOLDER BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR +CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS +OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE +USE OR PERFORMANCE OF THIS SOFTWARE. diff --git a/node_modules/libnpm/node_modules/ssri/README.md b/node_modules/libnpm/node_modules/ssri/README.md new file mode 100644 index 000000000..c250961bd --- /dev/null +++ b/node_modules/libnpm/node_modules/ssri/README.md @@ -0,0 +1,488 @@ +# ssri [](https://npm.im/ssri) [](https://npm.im/ssri) [](https://travis-ci.org/zkat/ssri) [](https://ci.appveyor.com/project/zkat/ssri) [](https://coveralls.io/github/zkat/ssri?branch=latest) + +[`ssri`](https://github.com/zkat/ssri), short for Standard Subresource +Integrity, is a Node.js utility for parsing, manipulating, serializing, +generating, and verifying [Subresource +Integrity](https://w3c.github.io/webappsec/specs/subresourceintegrity/) hashes. + +## Install + +`$ npm install --save ssri` + +## Table of Contents + +* [Example](#example) +* [Features](#features) +* [Contributing](#contributing) +* [API](#api) + * Parsing & Serializing + * [`parse`](#parse) + * [`stringify`](#stringify) + * [`Integrity#concat`](#integrity-concat) + * [`Integrity#toString`](#integrity-to-string) + * [`Integrity#toJSON`](#integrity-to-json) + * [`Integrity#match`](#integrity-match) + * [`Integrity#pickAlgorithm`](#integrity-pick-algorithm) + * [`Integrity#hexDigest`](#integrity-hex-digest) + * Integrity Generation + * [`fromHex`](#from-hex) + * [`fromData`](#from-data) + * [`fromStream`](#from-stream) + * [`create`](#create) + * Integrity Verification + * [`checkData`](#check-data) + * [`checkStream`](#check-stream) + * [`integrityStream`](#integrity-stream) + +### Example + +```javascript +const ssri = require('ssri') + +const integrity = 'sha512-9KhgCRIx/AmzC8xqYJTZRrnO8OW2Pxyl2DIMZSBOr0oDvtEFyht3xpp71j/r/pAe1DM+JI/A+line3jUBgzQ7A==?foo' + +// Parsing and serializing +const parsed = ssri.parse(integrity) +ssri.stringify(parsed) // === integrity (works on non-Integrity objects) +parsed.toString() // === integrity + +// Async stream functions +ssri.checkStream(fs.createReadStream('./my-file'), integrity).then(...) +ssri.fromStream(fs.createReadStream('./my-file')).then(sri => { + sri.toString() === integrity +}) +fs.createReadStream('./my-file').pipe(ssri.createCheckerStream(sri)) + +// Sync data functions +ssri.fromData(fs.readFileSync('./my-file')) // === parsed +ssri.checkData(fs.readFileSync('./my-file'), integrity) // => 'sha512' +``` + +### Features + +* Parses and stringifies SRI strings. +* Generates SRI strings from raw data or Streams. +* Strict standard compliance. +* `?foo` metadata option support. +* Multiple entries for the same algorithm. +* Object-based integrity hash manipulation. +* Small footprint: no dependencies, concise implementation. +* Full test coverage. +* Customizable algorithm picker. + +### Contributing + +The ssri team enthusiastically welcomes contributions and project participation! +There's a bunch of things you can do if you want to contribute! The [Contributor +Guide](CONTRIBUTING.md) has all the information you need for everything from +reporting bugs to contributing entire new features. Please don't hesitate to +jump in if you'd like to, or even ask us questions if something isn't clear. + +### API + +#### <a name="parse"></a> `> ssri.parse(sri, [opts]) -> Integrity` + +Parses `sri` into an `Integrity` data structure. `sri` can be an integrity +string, an `Hash`-like with `digest` and `algorithm` fields and an optional +`options` field, or an `Integrity`-like object. The resulting object will be an +`Integrity` instance that has this shape: + +```javascript +{ + 'sha1': [{algorithm: 'sha1', digest: 'deadbeef', options: []}], + 'sha512': [ + {algorithm: 'sha512', digest: 'c0ffee', options: []}, + {algorithm: 'sha512', digest: 'bad1dea', options: ['foo']} + ], +} +``` + +If `opts.single` is truthy, a single `Hash` object will be returned. That is, a +single object that looks like `{algorithm, digest, options}`, as opposed to a +larger object with multiple of these. + +If `opts.strict` is truthy, the resulting object will be filtered such that +it strictly follows the Subresource Integrity spec, throwing away any entries +with any invalid components. This also means a restricted set of algorithms +will be used -- the spec limits them to `sha256`, `sha384`, and `sha512`. + +Strict mode is recommended if the integrity strings are intended for use in +browsers, or in other situations where strict adherence to the spec is needed. + +##### Example + +```javascript +ssri.parse('sha512-9KhgCRIx/AmzC8xqYJTZRrnO8OW2Pxyl2DIMZSBOr0oDvtEFyht3xpp71j/r/pAe1DM+JI/A+line3jUBgzQ7A==?foo') // -> Integrity object +``` + +#### <a name="stringify"></a> `> ssri.stringify(sri, [opts]) -> String` + +This function is identical to [`Integrity#toString()`](#integrity-to-string), +except it can be used on _any_ object that [`parse`](#parse) can handle -- that +is, a string, an `Hash`-like, or an `Integrity`-like. + +The `opts.sep` option defines the string to use when joining multiple entries +together. To be spec-compliant, this _must_ be whitespace. The default is a +single space (`' '`). + +If `opts.strict` is true, the integrity string will be created using strict +parsing rules. See [`ssri.parse`](#parse). + +##### Example + +```javascript +// Useful for cleaning up input SRI strings: +ssri.stringify('\n\rsha512-foo\n\t\tsha384-bar') +// -> 'sha512-foo sha384-bar' + +// Hash-like: only a single entry. +ssri.stringify({ + algorithm: 'sha512', + digest:'9KhgCRIx/AmzC8xqYJTZRrnO8OW2Pxyl2DIMZSBOr0oDvtEFyht3xpp71j/r/pAe1DM+JI/A+line3jUBgzQ7A==', + options: ['foo'] +}) +// -> +// 'sha512-9KhgCRIx/AmzC8xqYJTZRrnO8OW2Pxyl2DIMZSBOr0oDvtEFyht3xpp71j/r/pAe1DM+JI/A+line3jUBgzQ7A==?foo' + +// Integrity-like: full multi-entry syntax. Similar to output of `ssri.parse` +ssri.stringify({ + 'sha512': [ + { + algorithm: 'sha512', + digest:'9KhgCRIx/AmzC8xqYJTZRrnO8OW2Pxyl2DIMZSBOr0oDvtEFyht3xpp71j/r/pAe1DM+JI/A+line3jUBgzQ7A==', + options: ['foo'] + } + ] +}) +// -> +// 'sha512-9KhgCRIx/AmzC8xqYJTZRrnO8OW2Pxyl2DIMZSBOr0oDvtEFyht3xpp71j/r/pAe1DM+JI/A+line3jUBgzQ7A==?foo' +``` + +#### <a name="integrity-concat"></a> `> Integrity#concat(otherIntegrity, [opts]) -> Integrity` + +Concatenates an `Integrity` object with another IntegrityLike, or an integrity +string. + +This is functionally equivalent to concatenating the string format of both +integrity arguments, and calling [`ssri.parse`](#ssri-parse) on the new string. + +If `opts.strict` is true, the new `Integrity` will be created using strict +parsing rules. See [`ssri.parse`](#parse). + +##### Example + +```javascript +// This will combine the integrity checks for two different versions of +// your index.js file so you can use a single integrity string and serve +// either of these to clients, from a single `<script>` tag. +const desktopIntegrity = ssri.fromData(fs.readFileSync('./index.desktop.js')) +const mobileIntegrity = ssri.fromData(fs.readFileSync('./index.mobile.js')) + +// Note that browsers (and ssri) will succeed as long as ONE of the entries +// for the *prioritized* algorithm succeeds. That is, in order for this fallback +// to work, both desktop and mobile *must* use the same `algorithm` values. +desktopIntegrity.concat(mobileIntegrity) +``` + +#### <a name="integrity-to-string"></a> `> Integrity#toString([opts]) -> String` + +Returns the string representation of an `Integrity` object. All hash entries +will be concatenated in the string by `opts.sep`, which defaults to `' '`. + +If you want to serialize an object that didn't come from an `ssri` function, +use [`ssri.stringify()`](#stringify). + +If `opts.strict` is true, the integrity string will be created using strict +parsing rules. See [`ssri.parse`](#parse). + +##### Example + +```javascript +const integrity = 'sha512-9KhgCRIx/AmzC8xqYJTZRrnO8OW2Pxyl2DIMZSBOr0oDvtEFyht3xpp71j/r/pAe1DM+JI/A+line3jUBgzQ7A==?foo' + +ssri.parse(integrity).toString() === integrity +``` + +#### <a name="integrity-to-json"></a> `> Integrity#toJSON() -> String` + +Returns the string representation of an `Integrity` object. All hash entries +will be concatenated in the string by `' '`. + +This is a convenience method so you can pass an `Integrity` object directly to `JSON.stringify`. +For more info check out [toJSON() behavior on mdn](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/JSON/stringify#toJSON%28%29_behavior). + +##### Example + +```javascript +const integrity = '"sha512-9KhgCRIx/AmzC8xqYJTZRrnO8OW2Pxyl2DIMZSBOr0oDvtEFyht3xpp71j/r/pAe1DM+JI/A+line3jUBgzQ7A==?foo"' + +JSON.stringify(ssri.parse(integrity)) === integrity +``` + +#### <a name="integrity-match"></a> `> Integrity#match(sri, [opts]) -> Hash | false` + +Returns the matching (truthy) hash if `Integrity` matches the argument passed as +`sri`, which can be anything that [`parse`](#parse) will accept. `opts` will be +passed through to `parse` and [`pickAlgorithm()`](#integrity-pick-algorithm). + +##### Example + +```javascript +const integrity = 'sha512-9KhgCRIx/AmzC8xqYJTZRrnO8OW2Pxyl2DIMZSBOr0oDvtEFyht3xpp71j/r/pAe1DM+JI/A+line3jUBgzQ7A==' + +ssri.parse(integrity).match(integrity) +// Hash { +// digest: '9KhgCRIx/AmzC8xqYJTZRrnO8OW2Pxyl2DIMZSBOr0oDvtEFyht3xpp71j/r/pAe1DM+JI/A+line3jUBgzQ7A==' +// algorithm: 'sha512' +// } + +ssri.parse(integrity).match('sha1-deadbeef') +// false +``` + +#### <a name="integrity-pick-algorithm"></a> `> Integrity#pickAlgorithm([opts]) -> String` + +Returns the "best" algorithm from those available in the integrity object. + +If `opts.pickAlgorithm` is provided, it will be passed two algorithms as +arguments. ssri will prioritize whichever of the two algorithms is returned by +this function. Note that the function may be called multiple times, and it +**must** return one of the two algorithms provided. By default, ssri will make +a best-effort to pick the strongest/most reliable of the given algorithms. It +may intentionally deprioritize algorithms with known vulnerabilities. + +##### Example + +```javascript +ssri.parse('sha1-WEakDigEST sha512-yzd8ELD1piyANiWnmdnpCL5F52f10UfUdEkHywVZeqTt0ymgrxR63Qz0GB7TKPoeeZQmWCaz7T1').pickAlgorithm() // sha512 +``` + +#### <a name="integrity-hex-digest"></a> `> Integrity#hexDigest() -> String` + +`Integrity` is assumed to be either a single-hash `Integrity` instance, or a +`Hash` instance. Returns its `digest`, converted to a hex representation of the +base64 data. + +##### Example + +```javascript +ssri.parse('sha1-deadbeef').hexDigest() // '75e69d6de79f' +``` + +#### <a name="from-hex"></a> `> ssri.fromHex(hexDigest, algorithm, [opts]) -> Integrity` + +Creates an `Integrity` object with a single entry, based on a hex-formatted +hash. This is a utility function to help convert existing shasums to the +Integrity format, and is roughly equivalent to something like: + +```javascript +algorithm + '-' + Buffer.from(hexDigest, 'hex').toString('base64') +``` + +`opts.options` may optionally be passed in: it must be an array of option +strings that will be added to all generated integrity hashes generated by +`fromData`. This is a loosely-specified feature of SRIs, and currently has no +specified semantics besides being `?`-separated. Use at your own risk, and +probably avoid if your integrity strings are meant to be used with browsers. + +If `opts.strict` is true, the integrity object will be created using strict +parsing rules. See [`ssri.parse`](#parse). + +If `opts.single` is true, a single `Hash` object will be returned. + +##### Example + +```javascript +ssri.fromHex('75e69d6de79f', 'sha1').toString() // 'sha1-deadbeef' +``` + +#### <a name="from-data"></a> `> ssri.fromData(data, [opts]) -> Integrity` + +Creates an `Integrity` object from either string or `Buffer` data, calculating +all the requested hashes and adding any specified options to the object. + +`opts.algorithms` determines which algorithms to generate hashes for. All +results will be included in a single `Integrity` object. The default value for +`opts.algorithms` is `['sha512']`. All algorithm strings must be hashes listed +in `crypto.getHashes()` for the host Node.js platform. + +`opts.options` may optionally be passed in: it must be an array of option +strings that will be added to all generated integrity hashes generated by +`fromData`. This is a loosely-specified feature of SRIs, and currently has no +specified semantics besides being `?`-separated. Use at your own risk, and +probably avoid if your integrity strings are meant to be used with browsers. + +If `opts.strict` is true, the integrity object will be created using strict +parsing rules. See [`ssri.parse`](#parse). + +##### Example + +```javascript +const integrityObj = ssri.fromData('foobarbaz', { + algorithms: ['sha256', 'sha384', 'sha512'] +}) +integrity.toString('\n') +// -> +// sha256-l981iLWj8kurw4UbNy8Lpxqdzd7UOxS50Glhv8FwfZ0= +// sha384-irnCxQ0CfQhYGlVAUdwTPC9bF3+YWLxlaDGM4xbYminxpbXEq+D+2GCEBTxcjES9 +// sha512-yzd8ELD1piyANiWnmdnpCL5F52f10UfUdEkHywVZeqTt0ymgrxR63Qz0GB7TKPoeeZQmWCaz7T1+9vBnypkYWg== +``` + +#### <a name="from-stream"></a> `> ssri.fromStream(stream, [opts]) -> Promise<Integrity>` + +Returns a Promise of an Integrity object calculated by reading data from +a given `stream`. + +It accepts both `opts.algorithms` and `opts.options`, which are documented as +part of [`ssri.fromData`](#from-data). + +Additionally, `opts.Promise` may be passed in to inject a Promise library of +choice. By default, ssri will use Node's built-in Promises. + +If `opts.strict` is true, the integrity object will be created using strict +parsing rules. See [`ssri.parse`](#parse). + +##### Example + +```javascript +ssri.fromStream(fs.createReadStream('index.js'), { + algorithms: ['sha1', 'sha512'] +}).then(integrity => { + return ssri.checkStream(fs.createReadStream('index.js'), integrity) +}) // succeeds +``` + +#### <a name="create"></a> `> ssri.create([opts]) -> <Hash>` + +Returns a Hash object with `update(<Buffer or string>[,enc])` and `digest()` methods. + + +The Hash object provides the same methods as [crypto class Hash](https://nodejs.org/dist/latest-v6.x/docs/api/crypto.html#crypto_class_hash). +`digest()` accepts no arguments and returns an Integrity object calculated by reading data from +calls to update. + +It accepts both `opts.algorithms` and `opts.options`, which are documented as +part of [`ssri.fromData`](#from-data). + +If `opts.strict` is true, the integrity object will be created using strict +parsing rules. See [`ssri.parse`](#parse). + +##### Example + +```javascript +const integrity = ssri.create().update('foobarbaz').digest() +integrity.toString() +// -> +// sha512-yzd8ELD1piyANiWnmdnpCL5F52f10UfUdEkHywVZeqTt0ymgrxR63Qz0GB7TKPoeeZQmWCaz7T1+9vBnypkYWg== +``` + +#### <a name="check-data"></a> `> ssri.checkData(data, sri, [opts]) -> Hash|false` + +Verifies `data` integrity against an `sri` argument. `data` may be either a +`String` or a `Buffer`, and `sri` can be any subresource integrity +representation that [`ssri.parse`](#parse) can handle. + +If verification succeeds, `checkData` will return the name of the algorithm that +was used for verification (a truthy value). Otherwise, it will return `false`. + +If `opts.pickAlgorithm` is provided, it will be used by +[`Integrity#pickAlgorithm`](#integrity-pick-algorithm) when deciding which of +the available digests to match against. + +If `opts.error` is true, and verification fails, `checkData` will throw either +an `EBADSIZE` or an `EINTEGRITY` error, instead of just returning false. + +##### Example + +```javascript +const data = fs.readFileSync('index.js') +ssri.checkData(data, ssri.fromData(data)) // -> 'sha512' +ssri.checkData(data, 'sha256-l981iLWj8kurw4UbNy8Lpxqdzd7UOxS50Glhv8FwfZ0') +ssri.checkData(data, 'sha1-BaDDigEST') // -> false +ssri.checkData(data, 'sha1-BaDDigEST', {error: true}) // -> Error! EINTEGRITY +``` + +#### <a name="check-stream"></a> `> ssri.checkStream(stream, sri, [opts]) -> Promise<Hash>` + +Verifies the contents of `stream` against an `sri` argument. `stream` will be +consumed in its entirety by this process. `sri` can be any subresource integrity +representation that [`ssri.parse`](#parse) can handle. + +`checkStream` will return a Promise that either resolves to the +`Hash` that succeeded verification, or, if the verification fails +or an error happens with `stream`, the Promise will be rejected. + +If the Promise is rejected because verification failed, the returned error will +have `err.code` as `EINTEGRITY`. + +If `opts.size` is given, it will be matched against the stream size. An error +with `err.code` `EBADSIZE` will be returned by a rejection if the expected size +and actual size fail to match. + +If `opts.pickAlgorithm` is provided, it will be used by +[`Integrity#pickAlgorithm`](#integrity-pick-algorithm) when deciding which of +the available digests to match against. + +##### Example + +```javascript +const integrity = ssri.fromData(fs.readFileSync('index.js')) + +ssri.checkStream( + fs.createReadStream('index.js'), + integrity +) +// -> +// Promise<{ +// algorithm: 'sha512', +// digest: 'sha512-yzd8ELD1piyANiWnmdnpCL5F52f10UfUdEkHywVZeqTt0ymgrxR63Qz0GB7TKPoeeZQmWCaz7T1' +// }> + +ssri.checkStream( + fs.createReadStream('index.js'), + 'sha256-l981iLWj8kurw4UbNy8Lpxqdzd7UOxS50Glhv8FwfZ0' +) // -> Promise<Hash> + +ssri.checkStream( + fs.createReadStream('index.js'), + 'sha1-BaDDigEST' +) // -> Promise<Error<{code: 'EINTEGRITY'}>> +``` + +#### <a name="integrity-stream"></a> `> integrityStream([opts]) -> IntegrityStream` + +Returns a `Transform` stream that data can be piped through in order to generate +and optionally check data integrity for piped data. When the stream completes +successfully, it emits `size` and `integrity` events, containing the total +number of bytes processed and a calculated `Integrity` instance based on stream +data, respectively. + +If `opts.algorithms` is passed in, the listed algorithms will be calculated when +generating the final `Integrity` instance. The default is `['sha512']`. + +If `opts.single` is passed in, a single `Hash` instance will be returned. + +If `opts.integrity` is passed in, it should be an `integrity` value understood +by [`parse`](#parse) that the stream will check the data against. If +verification succeeds, the integrity stream will emit a `verified` event whose +value is a single `Hash` object that is the one that succeeded verification. If +verification fails, the stream will error with an `EINTEGRITY` error code. + +If `opts.size` is given, it will be matched against the stream size. An error +with `err.code` `EBADSIZE` will be emitted by the stream if the expected size +and actual size fail to match. + +If `opts.pickAlgorithm` is provided, it will be passed two algorithms as +arguments. ssri will prioritize whichever of the two algorithms is returned by +this function. Note that the function may be called multiple times, and it +**must** return one of the two algorithms provided. By default, ssri will make +a best-effort to pick the strongest/most reliable of the given algorithms. It +may intentionally deprioritize algorithms with known vulnerabilities. + +##### Example + +```javascript +const integrity = ssri.fromData(fs.readFileSync('index.js')) +fs.createReadStream('index.js') +.pipe(ssri.integrityStream({integrity})) +``` diff --git a/node_modules/libnpm/node_modules/ssri/index.js b/node_modules/libnpm/node_modules/ssri/index.js new file mode 100644 index 000000000..e102892b0 --- /dev/null +++ b/node_modules/libnpm/node_modules/ssri/index.js @@ -0,0 +1,395 @@ +'use strict' + +const crypto = require('crypto') +const figgyPudding = require('figgy-pudding') +const Transform = require('stream').Transform + +const SPEC_ALGORITHMS = ['sha256', 'sha384', 'sha512'] + +const BASE64_REGEX = /^[a-z0-9+/]+(?:=?=?)$/i +const SRI_REGEX = /^([^-]+)-([^?]+)([?\S*]*)$/ +const STRICT_SRI_REGEX = /^([^-]+)-([A-Za-z0-9+/=]{44,88})(\?[\x21-\x7E]*)*$/ +const VCHAR_REGEX = /^[\x21-\x7E]+$/ + +const SsriOpts = figgyPudding({ + algorithms: {default: ['sha512']}, + error: {default: false}, + integrity: {}, + options: {default: []}, + pickAlgorithm: {default: () => getPrioritizedHash}, + Promise: {default: () => Promise}, + sep: {default: ' '}, + single: {default: false}, + size: {}, + strict: {default: false} +}) + +class Hash { + get isHash () { return true } + constructor (hash, opts) { + opts = SsriOpts(opts) + const strict = !!opts.strict + this.source = hash.trim() + // 3.1. Integrity metadata (called "Hash" by ssri) + // https://w3c.github.io/webappsec-subresource-integrity/#integrity-metadata-description + const match = this.source.match( + strict + ? STRICT_SRI_REGEX + : SRI_REGEX + ) + if (!match) { return } + if (strict && !SPEC_ALGORITHMS.some(a => a === match[1])) { return } + this.algorithm = match[1] + this.digest = match[2] + + const rawOpts = match[3] + this.options = rawOpts ? rawOpts.slice(1).split('?') : [] + } + hexDigest () { + return this.digest && Buffer.from(this.digest, 'base64').toString('hex') + } + toJSON () { + return this.toString() + } + toString (opts) { + opts = SsriOpts(opts) + if (opts.strict) { + // Strict mode enforces the standard as close to the foot of the + // letter as it can. + if (!( + // The spec has very restricted productions for algorithms. + // https://www.w3.org/TR/CSP2/#source-list-syntax + SPEC_ALGORITHMS.some(x => x === this.algorithm) && + // Usually, if someone insists on using a "different" base64, we + // leave it as-is, since there's multiple standards, and the + // specified is not a URL-safe variant. + // https://www.w3.org/TR/CSP2/#base64_value + this.digest.match(BASE64_REGEX) && + // Option syntax is strictly visual chars. + // https://w3c.github.io/webappsec-subresource-integrity/#grammardef-option-expression + // https://tools.ietf.org/html/rfc5234#appendix-B.1 + (this.options || []).every(opt => opt.match(VCHAR_REGEX)) + )) { + return '' + } + } + const options = this.options && this.options.length + ? `?${this.options.join('?')}` + : '' + return `${this.algorithm}-${this.digest}${options}` + } +} + +class Integrity { + get isIntegrity () { return true } + toJSON () { + return this.toString() + } + toString (opts) { + opts = SsriOpts(opts) + let sep = opts.sep || ' ' + if (opts.strict) { + // Entries must be separated by whitespace, according to spec. + sep = sep.replace(/\S+/g, ' ') + } + return Object.keys(this).map(k => { + return this[k].map(hash => { + return Hash.prototype.toString.call(hash, opts) + }).filter(x => x.length).join(sep) + }).filter(x => x.length).join(sep) + } + concat (integrity, opts) { + opts = SsriOpts(opts) + const other = typeof integrity === 'string' + ? integrity + : stringify(integrity, opts) + return parse(`${this.toString(opts)} ${other}`, opts) + } + hexDigest () { + return parse(this, {single: true}).hexDigest() + } + match (integrity, opts) { + opts = SsriOpts(opts) + const other = parse(integrity, opts) + const algo = other.pickAlgorithm(opts) + return ( + this[algo] && + other[algo] && + this[algo].find(hash => + other[algo].find(otherhash => + hash.digest === otherhash.digest + ) + ) + ) || false + } + pickAlgorithm (opts) { + opts = SsriOpts(opts) + const pickAlgorithm = opts.pickAlgorithm + const keys = Object.keys(this) + if (!keys.length) { + throw new Error(`No algorithms available for ${ + JSON.stringify(this.toString()) + }`) + } + return keys.reduce((acc, algo) => { + return pickAlgorithm(acc, algo) || acc + }) + } +} + +module.exports.parse = parse +function parse (sri, opts) { + opts = SsriOpts(opts) + if (typeof sri === 'string') { + return _parse(sri, opts) + } else if (sri.algorithm && sri.digest) { + const fullSri = new Integrity() + fullSri[sri.algorithm] = [sri] + return _parse(stringify(fullSri, opts), opts) + } else { + return _parse(stringify(sri, opts), opts) + } +} + +function _parse (integrity, opts) { + // 3.4.3. Parse metadata + // https://w3c.github.io/webappsec-subresource-integrity/#parse-metadata + if (opts.single) { + return new Hash(integrity, opts) + } + return integrity.trim().split(/\s+/).reduce((acc, string) => { + const hash = new Hash(string, opts) + if (hash.algorithm && hash.digest) { + const algo = hash.algorithm + if (!acc[algo]) { acc[algo] = [] } + acc[algo].push(hash) + } + return acc + }, new Integrity()) +} + +module.exports.stringify = stringify +function stringify (obj, opts) { + opts = SsriOpts(opts) + if (obj.algorithm && obj.digest) { + return Hash.prototype.toString.call(obj, opts) + } else if (typeof obj === 'string') { + return stringify(parse(obj, opts), opts) + } else { + return Integrity.prototype.toString.call(obj, opts) + } +} + +module.exports.fromHex = fromHex +function fromHex (hexDigest, algorithm, opts) { + opts = SsriOpts(opts) + const optString = opts.options && opts.options.length + ? `?${opts.options.join('?')}` + : '' + return parse( + `${algorithm}-${ + Buffer.from(hexDigest, 'hex').toString('base64') + }${optString}`, opts + ) +} + +module.exports.fromData = fromData +function fromData (data, opts) { + opts = SsriOpts(opts) + const algorithms = opts.algorithms + const optString = opts.options && opts.options.length + ? `?${opts.options.join('?')}` + : '' + return algorithms.reduce((acc, algo) => { + const digest = crypto.createHash(algo).update(data).digest('base64') + const hash = new Hash( + `${algo}-${digest}${optString}`, + opts + ) + if (hash.algorithm && hash.digest) { + const algo = hash.algorithm + if (!acc[algo]) { acc[algo] = [] } + acc[algo].push(hash) + } + return acc + }, new Integrity()) +} + +module.exports.fromStream = fromStream +function fromStream (stream, opts) { + opts = SsriOpts(opts) + const P = opts.Promise || Promise + const istream = integrityStream(opts) + return new P((resolve, reject) => { + stream.pipe(istream) + stream.on('error', reject) + istream.on('error', reject) + let sri + istream.on('integrity', s => { sri = s }) + istream.on('end', () => resolve(sri)) + istream.on('data', () => {}) + }) +} + +module.exports.checkData = checkData +function checkData (data, sri, opts) { + opts = SsriOpts(opts) + sri = parse(sri, opts) + if (!Object.keys(sri).length) { + if (opts.error) { + throw Object.assign( + new Error('No valid integrity hashes to check against'), { + code: 'EINTEGRITY' + } + ) + } else { + return false + } + } + const algorithm = sri.pickAlgorithm(opts) + const digest = crypto.createHash(algorithm).update(data).digest('base64') + const newSri = parse({algorithm, digest}) + const match = newSri.match(sri, opts) + if (match || !opts.error) { + return match + } else if (typeof opts.size === 'number' && (data.length !== opts.size)) { + const err = new Error(`data size mismatch when checking ${sri}.\n Wanted: ${opts.size}\n Found: ${data.length}`) + err.code = 'EBADSIZE' + err.found = data.length + err.expected = opts.size + err.sri = sri + throw err + } else { + const err = new Error(`Integrity checksum failed when using ${algorithm}: Wanted ${sri}, but got ${newSri}. (${data.length} bytes)`) + err.code = 'EINTEGRITY' + err.found = newSri + err.expected = sri + err.algorithm = algorithm + err.sri = sri + throw err + } +} + +module.exports.checkStream = checkStream +function checkStream (stream, sri, opts) { + opts = SsriOpts(opts) + const P = opts.Promise || Promise + const checker = integrityStream(opts.concat({ + integrity: sri + })) + return new P((resolve, reject) => { + stream.pipe(checker) + stream.on('error', reject) + checker.on('error', reject) + let sri + checker.on('verified', s => { sri = s }) + checker.on('end', () => resolve(sri)) + checker.on('data', () => {}) + }) +} + +module.exports.integrityStream = integrityStream +function integrityStream (opts) { + opts = SsriOpts(opts) + // For verification + const sri = opts.integrity && parse(opts.integrity, opts) + const goodSri = sri && Object.keys(sri).length + const algorithm = goodSri && sri.pickAlgorithm(opts) + const digests = goodSri && sri[algorithm] + // Calculating stream + const algorithms = Array.from( + new Set(opts.algorithms.concat(algorithm ? [algorithm] : [])) + ) + const hashes = algorithms.map(crypto.createHash) + let streamSize = 0 + const stream = new Transform({ + transform (chunk, enc, cb) { + streamSize += chunk.length + hashes.forEach(h => h.update(chunk, enc)) + cb(null, chunk, enc) + } + }).on('end', () => { + const optString = (opts.options && opts.options.length) + ? `?${opts.options.join('?')}` + : '' + const newSri = parse(hashes.map((h, i) => { + return `${algorithms[i]}-${h.digest('base64')}${optString}` + }).join(' '), opts) + // Integrity verification mode + const match = goodSri && newSri.match(sri, opts) + if (typeof opts.size === 'number' && streamSize !== opts.size) { + const err = new Error(`stream size mismatch when checking ${sri}.\n Wanted: ${opts.size}\n Found: ${streamSize}`) + err.code = 'EBADSIZE' + err.found = streamSize + err.expected = opts.size + err.sri = sri + stream.emit('error', err) + } else if (opts.integrity && !match) { + const err = new Error(`${sri} integrity checksum failed when using ${algorithm}: wanted ${digests} but got ${newSri}. (${streamSize} bytes)`) + err.code = 'EINTEGRITY' + err.found = newSri + err.expected = digests + err.algorithm = algorithm + err.sri = sri + stream.emit('error', err) + } else { + stream.emit('size', streamSize) + stream.emit('integrity', newSri) + match && stream.emit('verified', match) + } + }) + return stream +} + +module.exports.create = createIntegrity +function createIntegrity (opts) { + opts = SsriOpts(opts) + const algorithms = opts.algorithms + const optString = opts.options.length + ? `?${opts.options.join('?')}` + : '' + + const hashes = algorithms.map(crypto.createHash) + + return { + update: function (chunk, enc) { + hashes.forEach(h => h.update(chunk, enc)) + return this + }, + digest: function (enc) { + const integrity = algorithms.reduce((acc, algo) => { + const digest = hashes.shift().digest('base64') + const hash = new Hash( + `${algo}-${digest}${optString}`, + opts + ) + if (hash.algorithm && hash.digest) { + const algo = hash.algorithm + if (!acc[algo]) { acc[algo] = [] } + acc[algo].push(hash) + } + return acc + }, new Integrity()) + + return integrity + } + } +} + +const NODE_HASHES = new Set(crypto.getHashes()) + +// This is a Best Effort™ at a reasonable priority for hash algos +const DEFAULT_PRIORITY = [ + 'md5', 'whirlpool', 'sha1', 'sha224', 'sha256', 'sha384', 'sha512', + // TODO - it's unclear _which_ of these Node will actually use as its name + // for the algorithm, so we guesswork it based on the OpenSSL names. + 'sha3', + 'sha3-256', 'sha3-384', 'sha3-512', + 'sha3_256', 'sha3_384', 'sha3_512' +].filter(algo => NODE_HASHES.has(algo)) + +function getPrioritizedHash (algo1, algo2) { + return DEFAULT_PRIORITY.indexOf(algo1.toLowerCase()) >= DEFAULT_PRIORITY.indexOf(algo2.toLowerCase()) + ? algo1 + : algo2 +} diff --git a/node_modules/pacote/node_modules/ssri/package.json b/node_modules/libnpm/node_modules/ssri/package.json index ae98fced2..97c0ade2e 100644 --- a/node_modules/pacote/node_modules/ssri/package.json +++ b/node_modules/libnpm/node_modules/ssri/package.json @@ -3,7 +3,7 @@ "_id": "ssri@6.0.1", "_inBundle": false, "_integrity": "sha512-3Wge10hNcT1Kur4PDFwEieXSCMCJs/7WvSACcrMYrNp+b8kDL1/0wJch5Ni2WrtwEa2IO8OsVfeKIciKCDx/QA==", - "_location": "/pacote/ssri", + "_location": "/libnpm/ssri", "_phantomChildren": {}, "_requested": { "type": "range", @@ -16,12 +16,13 @@ "fetchSpec": "^6.0.1" }, "_requiredBy": [ - "/pacote" + "/libnpm/cacache", + "/libnpm/pacote" ], "_resolved": "https://registry.npmjs.org/ssri/-/ssri-6.0.1.tgz", "_shasum": "2a3c41b28dd45b62b63676ecb74001265ae9edd8", "_spec": "ssri@^6.0.1", - "_where": "/Users/claudiahdz/npm/cli/node_modules/pacote", + "_where": "/Users/claudiahdz/npm/cli/node_modules/libnpm/node_modules/pacote", "author": { "name": "Kat Marchán", "email": "kzm@sykosomatic.org" diff --git a/node_modules/libnpm/node_modules/tar/LICENSE b/node_modules/libnpm/node_modules/tar/LICENSE new file mode 100644 index 000000000..19129e315 --- /dev/null +++ b/node_modules/libnpm/node_modules/tar/LICENSE @@ -0,0 +1,15 @@ +The ISC License + +Copyright (c) Isaac Z. Schlueter and Contributors + +Permission to use, copy, modify, and/or distribute this software for any +purpose with or without fee is hereby granted, provided that the above +copyright notice and this permission notice appear in all copies. + +THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR +IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. diff --git a/node_modules/libnpm/node_modules/tar/README.md b/node_modules/libnpm/node_modules/tar/README.md new file mode 100644 index 000000000..034e4865c --- /dev/null +++ b/node_modules/libnpm/node_modules/tar/README.md @@ -0,0 +1,954 @@ +# node-tar + +[](https://travis-ci.org/npm/node-tar) + +[Fast](./benchmarks) and full-featured Tar for Node.js + +The API is designed to mimic the behavior of `tar(1)` on unix systems. +If you are familiar with how tar works, most of this will hopefully be +straightforward for you. If not, then hopefully this module can teach +you useful unix skills that may come in handy someday :) + +## Background + +A "tar file" or "tarball" is an archive of file system entries +(directories, files, links, etc.) The name comes from "tape archive". +If you run `man tar` on almost any Unix command line, you'll learn +quite a bit about what it can do, and its history. + +Tar has 5 main top-level commands: + +* `c` Create an archive +* `r` Replace entries within an archive +* `u` Update entries within an archive (ie, replace if they're newer) +* `t` List out the contents of an archive +* `x` Extract an archive to disk + +The other flags and options modify how this top level function works. + +## High-Level API + +These 5 functions are the high-level API. All of them have a +single-character name (for unix nerds familiar with `tar(1)`) as well +as a long name (for everyone else). + +All the high-level functions take the following arguments, all three +of which are optional and may be omitted. + +1. `options` - An optional object specifying various options +2. `paths` - An array of paths to add or extract +3. `callback` - Called when the command is completed, if async. (If + sync or no file specified, providing a callback throws a + `TypeError`.) + +If the command is sync (ie, if `options.sync=true`), then the +callback is not allowed, since the action will be completed immediately. + +If a `file` argument is specified, and the command is async, then a +`Promise` is returned. In this case, if async, a callback may be +provided which is called when the command is completed. + +If a `file` option is not specified, then a stream is returned. For +`create`, this is a readable stream of the generated archive. For +`list` and `extract` this is a writable stream that an archive should +be written into. If a file is not specified, then a callback is not +allowed, because you're already getting a stream to work with. + +`replace` and `update` only work on existing archives, and so require +a `file` argument. + +Sync commands without a file argument return a stream that acts on its +input immediately in the same tick. For readable streams, this means +that all of the data is immediately available by calling +`stream.read()`. For writable streams, it will be acted upon as soon +as it is provided, but this can be at any time. + +### Warnings + +Some things cause tar to emit a warning, but should usually not cause +the entire operation to fail. There are three ways to handle +warnings: + +1. **Ignore them** (default) Invalid entries won't be put in the + archive, and invalid entries won't be unpacked. This is usually + fine, but can hide failures that you might care about. +2. **Notice them** Add an `onwarn` function to the options, or listen + to the `'warn'` event on any tar stream. The function will get + called as `onwarn(message, data)`. Handle as appropriate. +3. **Explode them.** Set `strict: true` in the options object, and + `warn` messages will be emitted as `'error'` events instead. If + there's no `error` handler, this causes the program to crash. If + used with a promise-returning/callback-taking method, then it'll + send the error to the promise/callback. + +### Examples + +The API mimics the `tar(1)` command line functionality, with aliases +for more human-readable option and function names. The goal is that +if you know how to use `tar(1)` in Unix, then you know how to use +`require('tar')` in JavaScript. + +To replicate `tar czf my-tarball.tgz files and folders`, you'd do: + +```js +tar.c( + { + gzip: <true|gzip options>, + file: 'my-tarball.tgz' + }, + ['some', 'files', 'and', 'folders'] +).then(_ => { .. tarball has been created .. }) +``` + +To replicate `tar cz files and folders > my-tarball.tgz`, you'd do: + +```js +tar.c( // or tar.create + { + gzip: <true|gzip options> + }, + ['some', 'files', 'and', 'folders'] +).pipe(fs.createWriteStream('my-tarball.tgz')) +``` + +To replicate `tar xf my-tarball.tgz` you'd do: + +```js +tar.x( // or tar.extract( + { + file: 'my-tarball.tgz' + } +).then(_=> { .. tarball has been dumped in cwd .. }) +``` + +To replicate `cat my-tarball.tgz | tar x -C some-dir --strip=1`: + +```js +fs.createReadStream('my-tarball.tgz').pipe( + tar.x({ + strip: 1, + C: 'some-dir' // alias for cwd:'some-dir', also ok + }) +) +``` + +To replicate `tar tf my-tarball.tgz`, do this: + +```js +tar.t({ + file: 'my-tarball.tgz', + onentry: entry => { .. do whatever with it .. } +}) +``` + +To replicate `cat my-tarball.tgz | tar t` do: + +```js +fs.createReadStream('my-tarball.tgz') + .pipe(tar.t()) + .on('entry', entry => { .. do whatever with it .. }) +``` + +To do anything synchronous, add `sync: true` to the options. Note +that sync functions don't take a callback and don't return a promise. +When the function returns, it's already done. Sync methods without a +file argument return a sync stream, which flushes immediately. But, +of course, it still won't be done until you `.end()` it. + +To filter entries, add `filter: <function>` to the options. +Tar-creating methods call the filter with `filter(path, stat)`. +Tar-reading methods (including extraction) call the filter with +`filter(path, entry)`. The filter is called in the `this`-context of +the `Pack` or `Unpack` stream object. + +The arguments list to `tar t` and `tar x` specify a list of filenames +to extract or list, so they're equivalent to a filter that tests if +the file is in the list. + +For those who _aren't_ fans of tar's single-character command names: + +``` +tar.c === tar.create +tar.r === tar.replace (appends to archive, file is required) +tar.u === tar.update (appends if newer, file is required) +tar.x === tar.extract +tar.t === tar.list +``` + +Keep reading for all the command descriptions and options, as well as +the low-level API that they are built on. + +### tar.c(options, fileList, callback) [alias: tar.create] + +Create a tarball archive. + +The `fileList` is an array of paths to add to the tarball. Adding a +directory also adds its children recursively. + +An entry in `fileList` that starts with an `@` symbol is a tar archive +whose entries will be added. To add a file that starts with `@`, +prepend it with `./`. + +The following options are supported: + +- `file` Write the tarball archive to the specified filename. If this + is specified, then the callback will be fired when the file has been + written, and a promise will be returned that resolves when the file + is written. If a filename is not specified, then a Readable Stream + will be returned which will emit the file data. [Alias: `f`] +- `sync` Act synchronously. If this is set, then any provided file + will be fully written after the call to `tar.c`. If this is set, + and a file is not provided, then the resulting stream will already + have the data ready to `read` or `emit('data')` as soon as you + request it. +- `onwarn` A function that will get called with `(message, data)` for + any warnings encountered. +- `strict` Treat warnings as crash-worthy errors. Default false. +- `cwd` The current working directory for creating the archive. + Defaults to `process.cwd()`. [Alias: `C`] +- `prefix` A path portion to prefix onto the entries in the archive. +- `gzip` Set to any truthy value to create a gzipped archive, or an + object with settings for `zlib.Gzip()` [Alias: `z`] +- `filter` A function that gets called with `(path, stat)` for each + entry being added. Return `true` to add the entry to the archive, + or `false` to omit it. +- `portable` Omit metadata that is system-specific: `ctime`, `atime`, + `uid`, `gid`, `uname`, `gname`, `dev`, `ino`, and `nlink`. Note + that `mtime` is still included, because this is necessary other + time-based operations. +- `preservePaths` Allow absolute paths. By default, `/` is stripped + from absolute paths. [Alias: `P`] +- `mode` The mode to set on the created file archive +- `noDirRecurse` Do not recursively archive the contents of + directories. [Alias: `n`] +- `follow` Set to true to pack the targets of symbolic links. Without + this option, symbolic links are archived as such. [Alias: `L`, `h`] +- `noPax` Suppress pax extended headers. Note that this means that + long paths and linkpaths will be truncated, and large or negative + numeric values may be interpreted incorrectly. +- `noMtime` Set to true to omit writing `mtime` values for entries. + Note that this prevents using other mtime-based features like + `tar.update` or the `keepNewer` option with the resulting tar archive. + [Alias: `m`, `no-mtime`] +- `mtime` Set to a `Date` object to force a specific `mtime` for + everything added to the archive. Overridden by `noMtime`. + + +The following options are mostly internal, but can be modified in some +advanced use cases, such as re-using caches between runs. + +- `linkCache` A Map object containing the device and inode value for + any file whose nlink is > 1, to identify hard links. +- `statCache` A Map object that caches calls `lstat`. +- `readdirCache` A Map object that caches calls to `readdir`. +- `jobs` A number specifying how many concurrent jobs to run. + Defaults to 4. +- `maxReadSize` The maximum buffer size for `fs.read()` operations. + Defaults to 16 MB. + +### tar.x(options, fileList, callback) [alias: tar.extract] + +Extract a tarball archive. + +The `fileList` is an array of paths to extract from the tarball. If +no paths are provided, then all the entries are extracted. + +If the archive is gzipped, then tar will detect this and unzip it. + +Note that all directories that are created will be forced to be +writable, readable, and listable by their owner, to avoid cases where +a directory prevents extraction of child entries by virtue of its +mode. + +Most extraction errors will cause a `warn` event to be emitted. If +the `cwd` is missing, or not a directory, then the extraction will +fail completely. + +The following options are supported: + +- `cwd` Extract files relative to the specified directory. Defaults + to `process.cwd()`. If provided, this must exist and must be a + directory. [Alias: `C`] +- `file` The archive file to extract. If not specified, then a + Writable stream is returned where the archive data should be + written. [Alias: `f`] +- `sync` Create files and directories synchronously. +- `strict` Treat warnings as crash-worthy errors. Default false. +- `filter` A function that gets called with `(path, entry)` for each + entry being unpacked. Return `true` to unpack the entry from the + archive, or `false` to skip it. +- `newer` Set to true to keep the existing file on disk if it's newer + than the file in the archive. [Alias: `keep-newer`, + `keep-newer-files`] +- `keep` Do not overwrite existing files. In particular, if a file + appears more than once in an archive, later copies will not + overwrite earlier copies. [Alias: `k`, `keep-existing`] +- `preservePaths` Allow absolute paths, paths containing `..`, and + extracting through symbolic links. By default, `/` is stripped from + absolute paths, `..` paths are not extracted, and any file whose + location would be modified by a symbolic link is not extracted. + [Alias: `P`] +- `unlink` Unlink files before creating them. Without this option, + tar overwrites existing files, which preserves existing hardlinks. + With this option, existing hardlinks will be broken, as will any + symlink that would affect the location of an extracted file. [Alias: + `U`] +- `strip` Remove the specified number of leading path elements. + Pathnames with fewer elements will be silently skipped. Note that + the pathname is edited after applying the filter, but before + security checks. [Alias: `strip-components`, `stripComponents`] +- `onwarn` A function that will get called with `(message, data)` for + any warnings encountered. +- `preserveOwner` If true, tar will set the `uid` and `gid` of + extracted entries to the `uid` and `gid` fields in the archive. + This defaults to true when run as root, and false otherwise. If + false, then files and directories will be set with the owner and + group of the user running the process. This is similar to `-p` in + `tar(1)`, but ACLs and other system-specific data is never unpacked + in this implementation, and modes are set by default already. + [Alias: `p`] +- `uid` Set to a number to force ownership of all extracted files and + folders, and all implicitly created directories, to be owned by the + specified user id, regardless of the `uid` field in the archive. + Cannot be used along with `preserveOwner`. Requires also setting a + `gid` option. +- `gid` Set to a number to force ownership of all extracted files and + folders, and all implicitly created directories, to be owned by the + specified group id, regardless of the `gid` field in the archive. + Cannot be used along with `preserveOwner`. Requires also setting a + `uid` option. +- `noMtime` Set to true to omit writing `mtime` value for extracted + entries. [Alias: `m`, `no-mtime`] +- `transform` Provide a function that takes an `entry` object, and + returns a stream, or any falsey value. If a stream is provided, + then that stream's data will be written instead of the contents of + the archive entry. If a falsey value is provided, then the entry is + written to disk as normal. (To exclude items from extraction, use + the `filter` option described above.) +- `onentry` A function that gets called with `(entry)` for each entry + that passes the filter. + +The following options are mostly internal, but can be modified in some +advanced use cases, such as re-using caches between runs. + +- `maxReadSize` The maximum buffer size for `fs.read()` operations. + Defaults to 16 MB. +- `umask` Filter the modes of entries like `process.umask()`. +- `dmode` Default mode for directories +- `fmode` Default mode for files +- `dirCache` A Map object of which directories exist. +- `maxMetaEntrySize` The maximum size of meta entries that is + supported. Defaults to 1 MB. + +Note that using an asynchronous stream type with the `transform` +option will cause undefined behavior in sync extractions. +[MiniPass](http://npm.im/minipass)-based streams are designed for this +use case. + +### tar.t(options, fileList, callback) [alias: tar.list] + +List the contents of a tarball archive. + +The `fileList` is an array of paths to list from the tarball. If +no paths are provided, then all the entries are listed. + +If the archive is gzipped, then tar will detect this and unzip it. + +Returns an event emitter that emits `entry` events with +`tar.ReadEntry` objects. However, they don't emit `'data'` or `'end'` +events. (If you want to get actual readable entries, use the +`tar.Parse` class instead.) + +The following options are supported: + +- `cwd` Extract files relative to the specified directory. Defaults + to `process.cwd()`. [Alias: `C`] +- `file` The archive file to list. If not specified, then a + Writable stream is returned where the archive data should be + written. [Alias: `f`] +- `sync` Read the specified file synchronously. (This has no effect + when a file option isn't specified, because entries are emitted as + fast as they are parsed from the stream anyway.) +- `strict` Treat warnings as crash-worthy errors. Default false. +- `filter` A function that gets called with `(path, entry)` for each + entry being listed. Return `true` to emit the entry from the + archive, or `false` to skip it. +- `onentry` A function that gets called with `(entry)` for each entry + that passes the filter. This is important for when both `file` and + `sync` are set, because it will be called synchronously. +- `maxReadSize` The maximum buffer size for `fs.read()` operations. + Defaults to 16 MB. +- `noResume` By default, `entry` streams are resumed immediately after + the call to `onentry`. Set `noResume: true` to suppress this + behavior. Note that by opting into this, the stream will never + complete until the entry data is consumed. + +### tar.u(options, fileList, callback) [alias: tar.update] + +Add files to an archive if they are newer than the entry already in +the tarball archive. + +The `fileList` is an array of paths to add to the tarball. Adding a +directory also adds its children recursively. + +An entry in `fileList` that starts with an `@` symbol is a tar archive +whose entries will be added. To add a file that starts with `@`, +prepend it with `./`. + +The following options are supported: + +- `file` Required. Write the tarball archive to the specified + filename. [Alias: `f`] +- `sync` Act synchronously. If this is set, then any provided file + will be fully written after the call to `tar.c`. +- `onwarn` A function that will get called with `(message, data)` for + any warnings encountered. +- `strict` Treat warnings as crash-worthy errors. Default false. +- `cwd` The current working directory for adding entries to the + archive. Defaults to `process.cwd()`. [Alias: `C`] +- `prefix` A path portion to prefix onto the entries in the archive. +- `gzip` Set to any truthy value to create a gzipped archive, or an + object with settings for `zlib.Gzip()` [Alias: `z`] +- `filter` A function that gets called with `(path, stat)` for each + entry being added. Return `true` to add the entry to the archive, + or `false` to omit it. +- `portable` Omit metadata that is system-specific: `ctime`, `atime`, + `uid`, `gid`, `uname`, `gname`, `dev`, `ino`, and `nlink`. Note + that `mtime` is still included, because this is necessary other + time-based operations. +- `preservePaths` Allow absolute paths. By default, `/` is stripped + from absolute paths. [Alias: `P`] +- `maxReadSize` The maximum buffer size for `fs.read()` operations. + Defaults to 16 MB. +- `noDirRecurse` Do not recursively archive the contents of + directories. [Alias: `n`] +- `follow` Set to true to pack the targets of symbolic links. Without + this option, symbolic links are archived as such. [Alias: `L`, `h`] +- `noPax` Suppress pax extended headers. Note that this means that + long paths and linkpaths will be truncated, and large or negative + numeric values may be interpreted incorrectly. +- `noMtime` Set to true to omit writing `mtime` values for entries. + Note that this prevents using other mtime-based features like + `tar.update` or the `keepNewer` option with the resulting tar archive. + [Alias: `m`, `no-mtime`] +- `mtime` Set to a `Date` object to force a specific `mtime` for + everything added to the archive. Overridden by `noMtime`. + +### tar.r(options, fileList, callback) [alias: tar.replace] + +Add files to an existing archive. Because later entries override +earlier entries, this effectively replaces any existing entries. + +The `fileList` is an array of paths to add to the tarball. Adding a +directory also adds its children recursively. + +An entry in `fileList` that starts with an `@` symbol is a tar archive +whose entries will be added. To add a file that starts with `@`, +prepend it with `./`. + +The following options are supported: + +- `file` Required. Write the tarball archive to the specified + filename. [Alias: `f`] +- `sync` Act synchronously. If this is set, then any provided file + will be fully written after the call to `tar.c`. +- `onwarn` A function that will get called with `(message, data)` for + any warnings encountered. +- `strict` Treat warnings as crash-worthy errors. Default false. +- `cwd` The current working directory for adding entries to the + archive. Defaults to `process.cwd()`. [Alias: `C`] +- `prefix` A path portion to prefix onto the entries in the archive. +- `gzip` Set to any truthy value to create a gzipped archive, or an + object with settings for `zlib.Gzip()` [Alias: `z`] +- `filter` A function that gets called with `(path, stat)` for each + entry being added. Return `true` to add the entry to the archive, + or `false` to omit it. +- `portable` Omit metadata that is system-specific: `ctime`, `atime`, + `uid`, `gid`, `uname`, `gname`, `dev`, `ino`, and `nlink`. Note + that `mtime` is still included, because this is necessary other + time-based operations. +- `preservePaths` Allow absolute paths. By default, `/` is stripped + from absolute paths. [Alias: `P`] +- `maxReadSize` The maximum buffer size for `fs.read()` operations. + Defaults to 16 MB. +- `noDirRecurse` Do not recursively archive the contents of + directories. [Alias: `n`] +- `follow` Set to true to pack the targets of symbolic links. Without + this option, symbolic links are archived as such. [Alias: `L`, `h`] +- `noPax` Suppress pax extended headers. Note that this means that + long paths and linkpaths will be truncated, and large or negative + numeric values may be interpreted incorrectly. +- `noMtime` Set to true to omit writing `mtime` values for entries. + Note that this prevents using other mtime-based features like + `tar.update` or the `keepNewer` option with the resulting tar archive. + [Alias: `m`, `no-mtime`] +- `mtime` Set to a `Date` object to force a specific `mtime` for + everything added to the archive. Overridden by `noMtime`. + + +## Low-Level API + +### class tar.Pack + +A readable tar stream. + +Has all the standard readable stream interface stuff. `'data'` and +`'end'` events, `read()` method, `pause()` and `resume()`, etc. + +#### constructor(options) + +The following options are supported: + +- `onwarn` A function that will get called with `(message, data)` for + any warnings encountered. +- `strict` Treat warnings as crash-worthy errors. Default false. +- `cwd` The current working directory for creating the archive. + Defaults to `process.cwd()`. +- `prefix` A path portion to prefix onto the entries in the archive. +- `gzip` Set to any truthy value to create a gzipped archive, or an + object with settings for `zlib.Gzip()` +- `filter` A function that gets called with `(path, stat)` for each + entry being added. Return `true` to add the entry to the archive, + or `false` to omit it. +- `portable` Omit metadata that is system-specific: `ctime`, `atime`, + `uid`, `gid`, `uname`, `gname`, `dev`, `ino`, and `nlink`. Note + that `mtime` is still included, because this is necessary other + time-based operations. +- `preservePaths` Allow absolute paths. By default, `/` is stripped + from absolute paths. +- `linkCache` A Map object containing the device and inode value for + any file whose nlink is > 1, to identify hard links. +- `statCache` A Map object that caches calls `lstat`. +- `readdirCache` A Map object that caches calls to `readdir`. +- `jobs` A number specifying how many concurrent jobs to run. + Defaults to 4. +- `maxReadSize` The maximum buffer size for `fs.read()` operations. + Defaults to 16 MB. +- `noDirRecurse` Do not recursively archive the contents of + directories. +- `follow` Set to true to pack the targets of symbolic links. Without + this option, symbolic links are archived as such. +- `noPax` Suppress pax extended headers. Note that this means that + long paths and linkpaths will be truncated, and large or negative + numeric values may be interpreted incorrectly. +- `noMtime` Set to true to omit writing `mtime` values for entries. + Note that this prevents using other mtime-based features like + `tar.update` or the `keepNewer` option with the resulting tar archive. +- `mtime` Set to a `Date` object to force a specific `mtime` for + everything added to the archive. Overridden by `noMtime`. + +#### add(path) + +Adds an entry to the archive. Returns the Pack stream. + +#### write(path) + +Adds an entry to the archive. Returns true if flushed. + +#### end() + +Finishes the archive. + +### class tar.Pack.Sync + +Synchronous version of `tar.Pack`. + +### class tar.Unpack + +A writable stream that unpacks a tar archive onto the file system. + +All the normal writable stream stuff is supported. `write()` and +`end()` methods, `'drain'` events, etc. + +Note that all directories that are created will be forced to be +writable, readable, and listable by their owner, to avoid cases where +a directory prevents extraction of child entries by virtue of its +mode. + +`'close'` is emitted when it's done writing stuff to the file system. + +Most unpack errors will cause a `warn` event to be emitted. If the +`cwd` is missing, or not a directory, then an error will be emitted. + +#### constructor(options) + +- `cwd` Extract files relative to the specified directory. Defaults + to `process.cwd()`. If provided, this must exist and must be a + directory. +- `filter` A function that gets called with `(path, entry)` for each + entry being unpacked. Return `true` to unpack the entry from the + archive, or `false` to skip it. +- `newer` Set to true to keep the existing file on disk if it's newer + than the file in the archive. +- `keep` Do not overwrite existing files. In particular, if a file + appears more than once in an archive, later copies will not + overwrite earlier copies. +- `preservePaths` Allow absolute paths, paths containing `..`, and + extracting through symbolic links. By default, `/` is stripped from + absolute paths, `..` paths are not extracted, and any file whose + location would be modified by a symbolic link is not extracted. +- `unlink` Unlink files before creating them. Without this option, + tar overwrites existing files, which preserves existing hardlinks. + With this option, existing hardlinks will be broken, as will any + symlink that would affect the location of an extracted file. +- `strip` Remove the specified number of leading path elements. + Pathnames with fewer elements will be silently skipped. Note that + the pathname is edited after applying the filter, but before + security checks. +- `onwarn` A function that will get called with `(message, data)` for + any warnings encountered. +- `umask` Filter the modes of entries like `process.umask()`. +- `dmode` Default mode for directories +- `fmode` Default mode for files +- `dirCache` A Map object of which directories exist. +- `maxMetaEntrySize` The maximum size of meta entries that is + supported. Defaults to 1 MB. +- `preserveOwner` If true, tar will set the `uid` and `gid` of + extracted entries to the `uid` and `gid` fields in the archive. + This defaults to true when run as root, and false otherwise. If + false, then files and directories will be set with the owner and + group of the user running the process. This is similar to `-p` in + `tar(1)`, but ACLs and other system-specific data is never unpacked + in this implementation, and modes are set by default already. +- `win32` True if on a windows platform. Causes behavior where + filenames containing `<|>?` chars are converted to + windows-compatible values while being unpacked. +- `uid` Set to a number to force ownership of all extracted files and + folders, and all implicitly created directories, to be owned by the + specified user id, regardless of the `uid` field in the archive. + Cannot be used along with `preserveOwner`. Requires also setting a + `gid` option. +- `gid` Set to a number to force ownership of all extracted files and + folders, and all implicitly created directories, to be owned by the + specified group id, regardless of the `gid` field in the archive. + Cannot be used along with `preserveOwner`. Requires also setting a + `uid` option. +- `noMtime` Set to true to omit writing `mtime` value for extracted + entries. +- `transform` Provide a function that takes an `entry` object, and + returns a stream, or any falsey value. If a stream is provided, + then that stream's data will be written instead of the contents of + the archive entry. If a falsey value is provided, then the entry is + written to disk as normal. (To exclude items from extraction, use + the `filter` option described above.) +- `strict` Treat warnings as crash-worthy errors. Default false. +- `onentry` A function that gets called with `(entry)` for each entry + that passes the filter. +- `onwarn` A function that will get called with `(message, data)` for + any warnings encountered. + +### class tar.Unpack.Sync + +Synchronous version of `tar.Unpack`. + +Note that using an asynchronous stream type with the `transform` +option will cause undefined behavior in sync unpack streams. +[MiniPass](http://npm.im/minipass)-based streams are designed for this +use case. + +### class tar.Parse + +A writable stream that parses a tar archive stream. All the standard +writable stream stuff is supported. + +If the archive is gzipped, then tar will detect this and unzip it. + +Emits `'entry'` events with `tar.ReadEntry` objects, which are +themselves readable streams that you can pipe wherever. + +Each `entry` will not emit until the one before it is flushed through, +so make sure to either consume the data (with `on('data', ...)` or +`.pipe(...)`) or throw it away with `.resume()` to keep the stream +flowing. + +#### constructor(options) + +Returns an event emitter that emits `entry` events with +`tar.ReadEntry` objects. + +The following options are supported: + +- `strict` Treat warnings as crash-worthy errors. Default false. +- `filter` A function that gets called with `(path, entry)` for each + entry being listed. Return `true` to emit the entry from the + archive, or `false` to skip it. +- `onentry` A function that gets called with `(entry)` for each entry + that passes the filter. +- `onwarn` A function that will get called with `(message, data)` for + any warnings encountered. + +#### abort(message, error) + +Stop all parsing activities. This is called when there are zlib +errors. It also emits a warning with the message and error provided. + +### class tar.ReadEntry extends [MiniPass](http://npm.im/minipass) + +A representation of an entry that is being read out of a tar archive. + +It has the following fields: + +- `extended` The extended metadata object provided to the constructor. +- `globalExtended` The global extended metadata object provided to the + constructor. +- `remain` The number of bytes remaining to be written into the + stream. +- `blockRemain` The number of 512-byte blocks remaining to be written + into the stream. +- `ignore` Whether this entry should be ignored. +- `meta` True if this represents metadata about the next entry, false + if it represents a filesystem object. +- All the fields from the header, extended header, and global extended + header are added to the ReadEntry object. So it has `path`, `type`, + `size, `mode`, and so on. + +#### constructor(header, extended, globalExtended) + +Create a new ReadEntry object with the specified header, extended +header, and global extended header values. + +### class tar.WriteEntry extends [MiniPass](http://npm.im/minipass) + +A representation of an entry that is being written from the file +system into a tar archive. + +Emits data for the Header, and for the Pax Extended Header if one is +required, as well as any body data. + +Creating a WriteEntry for a directory does not also create +WriteEntry objects for all of the directory contents. + +It has the following fields: + +- `path` The path field that will be written to the archive. By + default, this is also the path from the cwd to the file system + object. +- `portable` Omit metadata that is system-specific: `ctime`, `atime`, + `uid`, `gid`, `uname`, `gname`, `dev`, `ino`, and `nlink`. Note + that `mtime` is still included, because this is necessary other + time-based operations. +- `myuid` If supported, the uid of the user running the current + process. +- `myuser` The `env.USER` string if set, or `''`. Set as the entry + `uname` field if the file's `uid` matches `this.myuid`. +- `maxReadSize` The maximum buffer size for `fs.read()` operations. + Defaults to 1 MB. +- `linkCache` A Map object containing the device and inode value for + any file whose nlink is > 1, to identify hard links. +- `statCache` A Map object that caches calls `lstat`. +- `preservePaths` Allow absolute paths. By default, `/` is stripped + from absolute paths. +- `cwd` The current working directory for creating the archive. + Defaults to `process.cwd()`. +- `absolute` The absolute path to the entry on the filesystem. By + default, this is `path.resolve(this.cwd, this.path)`, but it can be + overridden explicitly. +- `strict` Treat warnings as crash-worthy errors. Default false. +- `win32` True if on a windows platform. Causes behavior where paths + replace `\` with `/` and filenames containing the windows-compatible + forms of `<|>?:` characters are converted to actual `<|>?:` characters + in the archive. +- `noPax` Suppress pax extended headers. Note that this means that + long paths and linkpaths will be truncated, and large or negative + numeric values may be interpreted incorrectly. +- `noMtime` Set to true to omit writing `mtime` values for entries. + Note that this prevents using other mtime-based features like + `tar.update` or the `keepNewer` option with the resulting tar archive. + + +#### constructor(path, options) + +`path` is the path of the entry as it is written in the archive. + +The following options are supported: + +- `portable` Omit metadata that is system-specific: `ctime`, `atime`, + `uid`, `gid`, `uname`, `gname`, `dev`, `ino`, and `nlink`. Note + that `mtime` is still included, because this is necessary other + time-based operations. +- `maxReadSize` The maximum buffer size for `fs.read()` operations. + Defaults to 1 MB. +- `linkCache` A Map object containing the device and inode value for + any file whose nlink is > 1, to identify hard links. +- `statCache` A Map object that caches calls `lstat`. +- `preservePaths` Allow absolute paths. By default, `/` is stripped + from absolute paths. +- `cwd` The current working directory for creating the archive. + Defaults to `process.cwd()`. +- `absolute` The absolute path to the entry on the filesystem. By + default, this is `path.resolve(this.cwd, this.path)`, but it can be + overridden explicitly. +- `strict` Treat warnings as crash-worthy errors. Default false. +- `win32` True if on a windows platform. Causes behavior where paths + replace `\` with `/`. +- `onwarn` A function that will get called with `(message, data)` for + any warnings encountered. +- `noMtime` Set to true to omit writing `mtime` values for entries. + Note that this prevents using other mtime-based features like + `tar.update` or the `keepNewer` option with the resulting tar archive. +- `umask` Set to restrict the modes on the entries in the archive, + somewhat like how umask works on file creation. Defaults to + `process.umask()` on unix systems, or `0o22` on Windows. + +#### warn(message, data) + +If strict, emit an error with the provided message. + +Othewise, emit a `'warn'` event with the provided message and data. + +### class tar.WriteEntry.Sync + +Synchronous version of tar.WriteEntry + +### class tar.WriteEntry.Tar + +A version of tar.WriteEntry that gets its data from a tar.ReadEntry +instead of from the filesystem. + +#### constructor(readEntry, options) + +`readEntry` is the entry being read out of another archive. + +The following options are supported: + +- `portable` Omit metadata that is system-specific: `ctime`, `atime`, + `uid`, `gid`, `uname`, `gname`, `dev`, `ino`, and `nlink`. Note + that `mtime` is still included, because this is necessary other + time-based operations. +- `preservePaths` Allow absolute paths. By default, `/` is stripped + from absolute paths. +- `strict` Treat warnings as crash-worthy errors. Default false. +- `onwarn` A function that will get called with `(message, data)` for + any warnings encountered. +- `noMtime` Set to true to omit writing `mtime` values for entries. + Note that this prevents using other mtime-based features like + `tar.update` or the `keepNewer` option with the resulting tar archive. + +### class tar.Header + +A class for reading and writing header blocks. + +It has the following fields: + +- `nullBlock` True if decoding a block which is entirely composed of + `0x00` null bytes. (Useful because tar files are terminated by + at least 2 null blocks.) +- `cksumValid` True if the checksum in the header is valid, false + otherwise. +- `needPax` True if the values, as encoded, will require a Pax + extended header. +- `path` The path of the entry. +- `mode` The 4 lowest-order octal digits of the file mode. That is, + read/write/execute permissions for world, group, and owner, and the + setuid, setgid, and sticky bits. +- `uid` Numeric user id of the file owner +- `gid` Numeric group id of the file owner +- `size` Size of the file in bytes +- `mtime` Modified time of the file +- `cksum` The checksum of the header. This is generated by adding all + the bytes of the header block, treating the checksum field itself as + all ascii space characters (that is, `0x20`). +- `type` The human-readable name of the type of entry this represents, + or the alphanumeric key if unknown. +- `typeKey` The alphanumeric key for the type of entry this header + represents. +- `linkpath` The target of Link and SymbolicLink entries. +- `uname` Human-readable user name of the file owner +- `gname` Human-readable group name of the file owner +- `devmaj` The major portion of the device number. Always `0` for + files, directories, and links. +- `devmin` The minor portion of the device number. Always `0` for + files, directories, and links. +- `atime` File access time. +- `ctime` File change time. + +#### constructor(data, [offset=0]) + +`data` is optional. It is either a Buffer that should be interpreted +as a tar Header starting at the specified offset and continuing for +512 bytes, or a data object of keys and values to set on the header +object, and eventually encode as a tar Header. + +#### decode(block, offset) + +Decode the provided buffer starting at the specified offset. + +Buffer length must be greater than 512 bytes. + +#### set(data) + +Set the fields in the data object. + +#### encode(buffer, offset) + +Encode the header fields into the buffer at the specified offset. + +Returns `this.needPax` to indicate whether a Pax Extended Header is +required to properly encode the specified data. + +### class tar.Pax + +An object representing a set of key-value pairs in an Pax extended +header entry. + +It has the following fields. Where the same name is used, they have +the same semantics as the tar.Header field of the same name. + +- `global` True if this represents a global extended header, or false + if it is for a single entry. +- `atime` +- `charset` +- `comment` +- `ctime` +- `gid` +- `gname` +- `linkpath` +- `mtime` +- `path` +- `size` +- `uid` +- `uname` +- `dev` +- `ino` +- `nlink` + +#### constructor(object, global) + +Set the fields set in the object. `global` is a boolean that defaults +to false. + +#### encode() + +Return a Buffer containing the header and body for the Pax extended +header entry, or `null` if there is nothing to encode. + +#### encodeBody() + +Return a string representing the body of the pax extended header +entry. + +#### encodeField(fieldName) + +Return a string representing the key/value encoding for the specified +fieldName, or `''` if the field is unset. + +### tar.Pax.parse(string, extended, global) + +Return a new Pax object created by parsing the contents of the string +provided. + +If the `extended` object is set, then also add the fields from that +object. (This is necessary because multiple metadata entries can +occur in sequence.) + +### tar.types + +A translation table for the `type` field in tar headers. + +#### tar.types.name.get(code) + +Get the human-readable name for a given alphanumeric code. + +#### tar.types.code.get(name) + +Get the alphanumeric code for a given human-readable name. diff --git a/node_modules/libnpm/node_modules/tar/index.js b/node_modules/libnpm/node_modules/tar/index.js new file mode 100644 index 000000000..c9ae06e79 --- /dev/null +++ b/node_modules/libnpm/node_modules/tar/index.js @@ -0,0 +1,18 @@ +'use strict' + +// high-level commands +exports.c = exports.create = require('./lib/create.js') +exports.r = exports.replace = require('./lib/replace.js') +exports.t = exports.list = require('./lib/list.js') +exports.u = exports.update = require('./lib/update.js') +exports.x = exports.extract = require('./lib/extract.js') + +// classes +exports.Pack = require('./lib/pack.js') +exports.Unpack = require('./lib/unpack.js') +exports.Parse = require('./lib/parse.js') +exports.ReadEntry = require('./lib/read-entry.js') +exports.WriteEntry = require('./lib/write-entry.js') +exports.Header = require('./lib/header.js') +exports.Pax = require('./lib/pax.js') +exports.types = require('./lib/types.js') diff --git a/node_modules/libnpm/node_modules/tar/lib/buffer.js b/node_modules/libnpm/node_modules/tar/lib/buffer.js new file mode 100644 index 000000000..7876d5b3e --- /dev/null +++ b/node_modules/libnpm/node_modules/tar/lib/buffer.js @@ -0,0 +1,11 @@ +'use strict' + +// Buffer in node 4.x < 4.5.0 doesn't have working Buffer.from +// or Buffer.alloc, and Buffer in node 10 deprecated the ctor. +// .M, this is fine .\^/M.. +let B = Buffer +/* istanbul ignore next */ +if (!B.alloc) { + B = require('safe-buffer').Buffer +} +module.exports = B diff --git a/node_modules/libnpm/node_modules/tar/lib/create.js b/node_modules/libnpm/node_modules/tar/lib/create.js new file mode 100644 index 000000000..a37aa52e6 --- /dev/null +++ b/node_modules/libnpm/node_modules/tar/lib/create.js @@ -0,0 +1,105 @@ +'use strict' + +// tar -c +const hlo = require('./high-level-opt.js') + +const Pack = require('./pack.js') +const fs = require('fs') +const fsm = require('fs-minipass') +const t = require('./list.js') +const path = require('path') + +const c = module.exports = (opt_, files, cb) => { + if (typeof files === 'function') + cb = files + + if (Array.isArray(opt_)) + files = opt_, opt_ = {} + + if (!files || !Array.isArray(files) || !files.length) + throw new TypeError('no files or directories specified') + + files = Array.from(files) + + const opt = hlo(opt_) + + if (opt.sync && typeof cb === 'function') + throw new TypeError('callback not supported for sync tar functions') + + if (!opt.file && typeof cb === 'function') + throw new TypeError('callback only supported with file option') + + return opt.file && opt.sync ? createFileSync(opt, files) + : opt.file ? createFile(opt, files, cb) + : opt.sync ? createSync(opt, files) + : create(opt, files) +} + +const createFileSync = (opt, files) => { + const p = new Pack.Sync(opt) + const stream = new fsm.WriteStreamSync(opt.file, { + mode: opt.mode || 0o666 + }) + p.pipe(stream) + addFilesSync(p, files) +} + +const createFile = (opt, files, cb) => { + const p = new Pack(opt) + const stream = new fsm.WriteStream(opt.file, { + mode: opt.mode || 0o666 + }) + p.pipe(stream) + + const promise = new Promise((res, rej) => { + stream.on('error', rej) + stream.on('close', res) + p.on('error', rej) + }) + + addFilesAsync(p, files) + + return cb ? promise.then(cb, cb) : promise +} + +const addFilesSync = (p, files) => { + files.forEach(file => { + if (file.charAt(0) === '@') + t({ + file: path.resolve(p.cwd, file.substr(1)), + sync: true, + noResume: true, + onentry: entry => p.add(entry) + }) + else + p.add(file) + }) + p.end() +} + +const addFilesAsync = (p, files) => { + while (files.length) { + const file = files.shift() + if (file.charAt(0) === '@') + return t({ + file: path.resolve(p.cwd, file.substr(1)), + noResume: true, + onentry: entry => p.add(entry) + }).then(_ => addFilesAsync(p, files)) + else + p.add(file) + } + p.end() +} + +const createSync = (opt, files) => { + const p = new Pack.Sync(opt) + addFilesSync(p, files) + return p +} + +const create = (opt, files) => { + const p = new Pack(opt) + addFilesAsync(p, files) + return p +} diff --git a/node_modules/libnpm/node_modules/tar/lib/extract.js b/node_modules/libnpm/node_modules/tar/lib/extract.js new file mode 100644 index 000000000..cbb458a0a --- /dev/null +++ b/node_modules/libnpm/node_modules/tar/lib/extract.js @@ -0,0 +1,112 @@ +'use strict' + +// tar -x +const hlo = require('./high-level-opt.js') +const Unpack = require('./unpack.js') +const fs = require('fs') +const fsm = require('fs-minipass') +const path = require('path') + +const x = module.exports = (opt_, files, cb) => { + if (typeof opt_ === 'function') + cb = opt_, files = null, opt_ = {} + else if (Array.isArray(opt_)) + files = opt_, opt_ = {} + + if (typeof files === 'function') + cb = files, files = null + + if (!files) + files = [] + else + files = Array.from(files) + + const opt = hlo(opt_) + + if (opt.sync && typeof cb === 'function') + throw new TypeError('callback not supported for sync tar functions') + + if (!opt.file && typeof cb === 'function') + throw new TypeError('callback only supported with file option') + + if (files.length) + filesFilter(opt, files) + + return opt.file && opt.sync ? extractFileSync(opt) + : opt.file ? extractFile(opt, cb) + : opt.sync ? extractSync(opt) + : extract(opt) +} + +// construct a filter that limits the file entries listed +// include child entries if a dir is included +const filesFilter = (opt, files) => { + const map = new Map(files.map(f => [f.replace(/\/+$/, ''), true])) + const filter = opt.filter + + const mapHas = (file, r) => { + const root = r || path.parse(file).root || '.' + const ret = file === root ? false + : map.has(file) ? map.get(file) + : mapHas(path.dirname(file), root) + + map.set(file, ret) + return ret + } + + opt.filter = filter + ? (file, entry) => filter(file, entry) && mapHas(file.replace(/\/+$/, '')) + : file => mapHas(file.replace(/\/+$/, '')) +} + +const extractFileSync = opt => { + const u = new Unpack.Sync(opt) + + const file = opt.file + let threw = true + let fd + const stat = fs.statSync(file) + // This trades a zero-byte read() syscall for a stat + // However, it will usually result in less memory allocation + const readSize = opt.maxReadSize || 16*1024*1024 + const stream = new fsm.ReadStreamSync(file, { + readSize: readSize, + size: stat.size + }) + stream.pipe(u) +} + +const extractFile = (opt, cb) => { + const u = new Unpack(opt) + const readSize = opt.maxReadSize || 16*1024*1024 + + const file = opt.file + const p = new Promise((resolve, reject) => { + u.on('error', reject) + u.on('close', resolve) + + // This trades a zero-byte read() syscall for a stat + // However, it will usually result in less memory allocation + fs.stat(file, (er, stat) => { + if (er) + reject(er) + else { + const stream = new fsm.ReadStream(file, { + readSize: readSize, + size: stat.size + }) + stream.on('error', reject) + stream.pipe(u) + } + }) + }) + return cb ? p.then(cb, cb) : p +} + +const extractSync = opt => { + return new Unpack.Sync(opt) +} + +const extract = opt => { + return new Unpack(opt) +} diff --git a/node_modules/libnpm/node_modules/tar/lib/header.js b/node_modules/libnpm/node_modules/tar/lib/header.js new file mode 100644 index 000000000..d29c3b990 --- /dev/null +++ b/node_modules/libnpm/node_modules/tar/lib/header.js @@ -0,0 +1,289 @@ +'use strict' +// parse a 512-byte header block to a data object, or vice-versa +// encode returns `true` if a pax extended header is needed, because +// the data could not be faithfully encoded in a simple header. +// (Also, check header.needPax to see if it needs a pax header.) + +const Buffer = require('./buffer.js') +const types = require('./types.js') +const pathModule = require('path').posix +const large = require('./large-numbers.js') + +const SLURP = Symbol('slurp') +const TYPE = Symbol('type') + +class Header { + constructor (data, off, ex, gex) { + this.cksumValid = false + this.needPax = false + this.nullBlock = false + + this.block = null + this.path = null + this.mode = null + this.uid = null + this.gid = null + this.size = null + this.mtime = null + this.cksum = null + this[TYPE] = '0' + this.linkpath = null + this.uname = null + this.gname = null + this.devmaj = 0 + this.devmin = 0 + this.atime = null + this.ctime = null + + if (Buffer.isBuffer(data)) + this.decode(data, off || 0, ex, gex) + else if (data) + this.set(data) + } + + decode (buf, off, ex, gex) { + if (!off) + off = 0 + + if (!buf || !(buf.length >= off + 512)) + throw new Error('need 512 bytes for header') + + this.path = decString(buf, off, 100) + this.mode = decNumber(buf, off + 100, 8) + this.uid = decNumber(buf, off + 108, 8) + this.gid = decNumber(buf, off + 116, 8) + this.size = decNumber(buf, off + 124, 12) + this.mtime = decDate(buf, off + 136, 12) + this.cksum = decNumber(buf, off + 148, 12) + + // if we have extended or global extended headers, apply them now + // See https://github.com/npm/node-tar/pull/187 + this[SLURP](ex) + this[SLURP](gex, true) + + // old tar versions marked dirs as a file with a trailing / + this[TYPE] = decString(buf, off + 156, 1) + if (this[TYPE] === '') + this[TYPE] = '0' + if (this[TYPE] === '0' && this.path.substr(-1) === '/') + this[TYPE] = '5' + + // tar implementations sometimes incorrectly put the stat(dir).size + // as the size in the tarball, even though Directory entries are + // not able to have any body at all. In the very rare chance that + // it actually DOES have a body, we weren't going to do anything with + // it anyway, and it'll just be a warning about an invalid header. + if (this[TYPE] === '5') + this.size = 0 + + this.linkpath = decString(buf, off + 157, 100) + if (buf.slice(off + 257, off + 265).toString() === 'ustar\u000000') { + this.uname = decString(buf, off + 265, 32) + this.gname = decString(buf, off + 297, 32) + this.devmaj = decNumber(buf, off + 329, 8) + this.devmin = decNumber(buf, off + 337, 8) + if (buf[off + 475] !== 0) { + // definitely a prefix, definitely >130 chars. + const prefix = decString(buf, off + 345, 155) + this.path = prefix + '/' + this.path + } else { + const prefix = decString(buf, off + 345, 130) + if (prefix) + this.path = prefix + '/' + this.path + this.atime = decDate(buf, off + 476, 12) + this.ctime = decDate(buf, off + 488, 12) + } + } + + let sum = 8 * 0x20 + for (let i = off; i < off + 148; i++) { + sum += buf[i] + } + for (let i = off + 156; i < off + 512; i++) { + sum += buf[i] + } + this.cksumValid = sum === this.cksum + if (this.cksum === null && sum === 8 * 0x20) + this.nullBlock = true + } + + [SLURP] (ex, global) { + for (let k in ex) { + // we slurp in everything except for the path attribute in + // a global extended header, because that's weird. + if (ex[k] !== null && ex[k] !== undefined && + !(global && k === 'path')) + this[k] = ex[k] + } + } + + encode (buf, off) { + if (!buf) { + buf = this.block = Buffer.alloc(512) + off = 0 + } + + if (!off) + off = 0 + + if (!(buf.length >= off + 512)) + throw new Error('need 512 bytes for header') + + const prefixSize = this.ctime || this.atime ? 130 : 155 + const split = splitPrefix(this.path || '', prefixSize) + const path = split[0] + const prefix = split[1] + this.needPax = split[2] + + this.needPax = encString(buf, off, 100, path) || this.needPax + this.needPax = encNumber(buf, off + 100, 8, this.mode) || this.needPax + this.needPax = encNumber(buf, off + 108, 8, this.uid) || this.needPax + this.needPax = encNumber(buf, off + 116, 8, this.gid) || this.needPax + this.needPax = encNumber(buf, off + 124, 12, this.size) || this.needPax + this.needPax = encDate(buf, off + 136, 12, this.mtime) || this.needPax + buf[off + 156] = this[TYPE].charCodeAt(0) + this.needPax = encString(buf, off + 157, 100, this.linkpath) || this.needPax + buf.write('ustar\u000000', off + 257, 8) + this.needPax = encString(buf, off + 265, 32, this.uname) || this.needPax + this.needPax = encString(buf, off + 297, 32, this.gname) || this.needPax + this.needPax = encNumber(buf, off + 329, 8, this.devmaj) || this.needPax + this.needPax = encNumber(buf, off + 337, 8, this.devmin) || this.needPax + this.needPax = encString(buf, off + 345, prefixSize, prefix) || this.needPax + if (buf[off + 475] !== 0) + this.needPax = encString(buf, off + 345, 155, prefix) || this.needPax + else { + this.needPax = encString(buf, off + 345, 130, prefix) || this.needPax + this.needPax = encDate(buf, off + 476, 12, this.atime) || this.needPax + this.needPax = encDate(buf, off + 488, 12, this.ctime) || this.needPax + } + + let sum = 8 * 0x20 + for (let i = off; i < off + 148; i++) { + sum += buf[i] + } + for (let i = off + 156; i < off + 512; i++) { + sum += buf[i] + } + this.cksum = sum + encNumber(buf, off + 148, 8, this.cksum) + this.cksumValid = true + + return this.needPax + } + + set (data) { + for (let i in data) { + if (data[i] !== null && data[i] !== undefined) + this[i] = data[i] + } + } + + get type () { + return types.name.get(this[TYPE]) || this[TYPE] + } + + get typeKey () { + return this[TYPE] + } + + set type (type) { + if (types.code.has(type)) + this[TYPE] = types.code.get(type) + else + this[TYPE] = type + } +} + +const splitPrefix = (p, prefixSize) => { + const pathSize = 100 + let pp = p + let prefix = '' + let ret + const root = pathModule.parse(p).root || '.' + + if (Buffer.byteLength(pp) < pathSize) + ret = [pp, prefix, false] + else { + // first set prefix to the dir, and path to the base + prefix = pathModule.dirname(pp) + pp = pathModule.basename(pp) + + do { + // both fit! + if (Buffer.byteLength(pp) <= pathSize && + Buffer.byteLength(prefix) <= prefixSize) + ret = [pp, prefix, false] + + // prefix fits in prefix, but path doesn't fit in path + else if (Buffer.byteLength(pp) > pathSize && + Buffer.byteLength(prefix) <= prefixSize) + ret = [pp.substr(0, pathSize - 1), prefix, true] + + else { + // make path take a bit from prefix + pp = pathModule.join(pathModule.basename(prefix), pp) + prefix = pathModule.dirname(prefix) + } + } while (prefix !== root && !ret) + + // at this point, found no resolution, just truncate + if (!ret) + ret = [p.substr(0, pathSize - 1), '', true] + } + return ret +} + +const decString = (buf, off, size) => + buf.slice(off, off + size).toString('utf8').replace(/\0.*/, '') + +const decDate = (buf, off, size) => + numToDate(decNumber(buf, off, size)) + +const numToDate = num => num === null ? null : new Date(num * 1000) + +const decNumber = (buf, off, size) => + buf[off] & 0x80 ? large.parse(buf.slice(off, off + size)) + : decSmallNumber(buf, off, size) + +const nanNull = value => isNaN(value) ? null : value + +const decSmallNumber = (buf, off, size) => + nanNull(parseInt( + buf.slice(off, off + size) + .toString('utf8').replace(/\0.*$/, '').trim(), 8)) + +// the maximum encodable as a null-terminated octal, by field size +const MAXNUM = { + 12: 0o77777777777, + 8 : 0o7777777 +} + +const encNumber = (buf, off, size, number) => + number === null ? false : + number > MAXNUM[size] || number < 0 + ? (large.encode(number, buf.slice(off, off + size)), true) + : (encSmallNumber(buf, off, size, number), false) + +const encSmallNumber = (buf, off, size, number) => + buf.write(octalString(number, size), off, size, 'ascii') + +const octalString = (number, size) => + padOctal(Math.floor(number).toString(8), size) + +const padOctal = (string, size) => + (string.length === size - 1 ? string + : new Array(size - string.length - 1).join('0') + string + ' ') + '\0' + +const encDate = (buf, off, size, date) => + date === null ? false : + encNumber(buf, off, size, date.getTime() / 1000) + +// enough to fill the longest string we've got +const NULLS = new Array(156).join('\0') +// pad with nulls, return true if it's longer or non-ascii +const encString = (buf, off, size, string) => + string === null ? false : + (buf.write(string + NULLS, off, size, 'utf8'), + string.length !== Buffer.byteLength(string) || string.length > size) + +module.exports = Header diff --git a/node_modules/libnpm/node_modules/tar/lib/high-level-opt.js b/node_modules/libnpm/node_modules/tar/lib/high-level-opt.js new file mode 100644 index 000000000..7333db915 --- /dev/null +++ b/node_modules/libnpm/node_modules/tar/lib/high-level-opt.js @@ -0,0 +1,29 @@ +'use strict' + +// turn tar(1) style args like `C` into the more verbose things like `cwd` + +const argmap = new Map([ + ['C', 'cwd'], + ['f', 'file'], + ['z', 'gzip'], + ['P', 'preservePaths'], + ['U', 'unlink'], + ['strip-components', 'strip'], + ['stripComponents', 'strip'], + ['keep-newer', 'newer'], + ['keepNewer', 'newer'], + ['keep-newer-files', 'newer'], + ['keepNewerFiles', 'newer'], + ['k', 'keep'], + ['keep-existing', 'keep'], + ['keepExisting', 'keep'], + ['m', 'noMtime'], + ['no-mtime', 'noMtime'], + ['p', 'preserveOwner'], + ['L', 'follow'], + ['h', 'follow'] +]) + +const parse = module.exports = opt => opt ? Object.keys(opt).map(k => [ + argmap.has(k) ? argmap.get(k) : k, opt[k] +]).reduce((set, kv) => (set[kv[0]] = kv[1], set), Object.create(null)) : {} diff --git a/node_modules/libnpm/node_modules/tar/lib/large-numbers.js b/node_modules/libnpm/node_modules/tar/lib/large-numbers.js new file mode 100644 index 000000000..3e5c99255 --- /dev/null +++ b/node_modules/libnpm/node_modules/tar/lib/large-numbers.js @@ -0,0 +1,97 @@ +'use strict' +// Tar can encode large and negative numbers using a leading byte of +// 0xff for negative, and 0x80 for positive. + +const encode = exports.encode = (num, buf) => { + if (!Number.isSafeInteger(num)) + // The number is so large that javascript cannot represent it with integer + // precision. + throw TypeError('cannot encode number outside of javascript safe integer range') + else if (num < 0) + encodeNegative(num, buf) + else + encodePositive(num, buf) + return buf +} + +const encodePositive = (num, buf) => { + buf[0] = 0x80 + + for (var i = buf.length; i > 1; i--) { + buf[i-1] = num & 0xff + num = Math.floor(num / 0x100) + } +} + +const encodeNegative = (num, buf) => { + buf[0] = 0xff + var flipped = false + num = num * -1 + for (var i = buf.length; i > 1; i--) { + var byte = num & 0xff + num = Math.floor(num / 0x100) + if (flipped) + buf[i-1] = onesComp(byte) + else if (byte === 0) + buf[i-1] = 0 + else { + flipped = true + buf[i-1] = twosComp(byte) + } + } +} + +const parse = exports.parse = (buf) => { + var post = buf[buf.length - 1] + var pre = buf[0] + var value; + if (pre === 0x80) + value = pos(buf.slice(1, buf.length)) + else if (pre === 0xff) + value = twos(buf) + else + throw TypeError('invalid base256 encoding') + + if (!Number.isSafeInteger(value)) + // The number is so large that javascript cannot represent it with integer + // precision. + throw TypeError('parsed number outside of javascript safe integer range') + + return value +} + +const twos = (buf) => { + var len = buf.length + var sum = 0 + var flipped = false + for (var i = len - 1; i > -1; i--) { + var byte = buf[i] + var f + if (flipped) + f = onesComp(byte) + else if (byte === 0) + f = byte + else { + flipped = true + f = twosComp(byte) + } + if (f !== 0) + sum -= f * Math.pow(256, len - i - 1) + } + return sum +} + +const pos = (buf) => { + var len = buf.length + var sum = 0 + for (var i = len - 1; i > -1; i--) { + var byte = buf[i] + if (byte !== 0) + sum += byte * Math.pow(256, len - i - 1) + } + return sum +} + +const onesComp = byte => (0xff ^ byte) & 0xff + +const twosComp = byte => ((0xff ^ byte) + 1) & 0xff diff --git a/node_modules/libnpm/node_modules/tar/lib/list.js b/node_modules/libnpm/node_modules/tar/lib/list.js new file mode 100644 index 000000000..250ebe001 --- /dev/null +++ b/node_modules/libnpm/node_modules/tar/lib/list.js @@ -0,0 +1,130 @@ +'use strict' + +const Buffer = require('./buffer.js') + +// XXX: This shares a lot in common with extract.js +// maybe some DRY opportunity here? + +// tar -t +const hlo = require('./high-level-opt.js') +const Parser = require('./parse.js') +const fs = require('fs') +const fsm = require('fs-minipass') +const path = require('path') + +const t = module.exports = (opt_, files, cb) => { + if (typeof opt_ === 'function') + cb = opt_, files = null, opt_ = {} + else if (Array.isArray(opt_)) + files = opt_, opt_ = {} + + if (typeof files === 'function') + cb = files, files = null + + if (!files) + files = [] + else + files = Array.from(files) + + const opt = hlo(opt_) + + if (opt.sync && typeof cb === 'function') + throw new TypeError('callback not supported for sync tar functions') + + if (!opt.file && typeof cb === 'function') + throw new TypeError('callback only supported with file option') + + if (files.length) + filesFilter(opt, files) + + if (!opt.noResume) + onentryFunction(opt) + + return opt.file && opt.sync ? listFileSync(opt) + : opt.file ? listFile(opt, cb) + : list(opt) +} + +const onentryFunction = opt => { + const onentry = opt.onentry + opt.onentry = onentry ? e => { + onentry(e) + e.resume() + } : e => e.resume() +} + +// construct a filter that limits the file entries listed +// include child entries if a dir is included +const filesFilter = (opt, files) => { + const map = new Map(files.map(f => [f.replace(/\/+$/, ''), true])) + const filter = opt.filter + + const mapHas = (file, r) => { + const root = r || path.parse(file).root || '.' + const ret = file === root ? false + : map.has(file) ? map.get(file) + : mapHas(path.dirname(file), root) + + map.set(file, ret) + return ret + } + + opt.filter = filter + ? (file, entry) => filter(file, entry) && mapHas(file.replace(/\/+$/, '')) + : file => mapHas(file.replace(/\/+$/, '')) +} + +const listFileSync = opt => { + const p = list(opt) + const file = opt.file + let threw = true + let fd + try { + const stat = fs.statSync(file) + const readSize = opt.maxReadSize || 16*1024*1024 + if (stat.size < readSize) { + p.end(fs.readFileSync(file)) + } else { + let pos = 0 + const buf = Buffer.allocUnsafe(readSize) + fd = fs.openSync(file, 'r') + while (pos < stat.size) { + let bytesRead = fs.readSync(fd, buf, 0, readSize, pos) + pos += bytesRead + p.write(buf.slice(0, bytesRead)) + } + p.end() + } + threw = false + } finally { + if (threw && fd) + try { fs.closeSync(fd) } catch (er) {} + } +} + +const listFile = (opt, cb) => { + const parse = new Parser(opt) + const readSize = opt.maxReadSize || 16*1024*1024 + + const file = opt.file + const p = new Promise((resolve, reject) => { + parse.on('error', reject) + parse.on('end', resolve) + + fs.stat(file, (er, stat) => { + if (er) + reject(er) + else { + const stream = new fsm.ReadStream(file, { + readSize: readSize, + size: stat.size + }) + stream.on('error', reject) + stream.pipe(parse) + } + }) + }) + return cb ? p.then(cb, cb) : p +} + +const list = opt => new Parser(opt) diff --git a/node_modules/libnpm/node_modules/tar/lib/mkdir.js b/node_modules/libnpm/node_modules/tar/lib/mkdir.js new file mode 100644 index 000000000..c6a154c24 --- /dev/null +++ b/node_modules/libnpm/node_modules/tar/lib/mkdir.js @@ -0,0 +1,206 @@ +'use strict' +// wrapper around mkdirp for tar's needs. + +// TODO: This should probably be a class, not functionally +// passing around state in a gazillion args. + +const mkdirp = require('mkdirp') +const fs = require('fs') +const path = require('path') +const chownr = require('chownr') + +class SymlinkError extends Error { + constructor (symlink, path) { + super('Cannot extract through symbolic link') + this.path = path + this.symlink = symlink + } + + get name () { + return 'SylinkError' + } +} + +class CwdError extends Error { + constructor (path, code) { + super(code + ': Cannot cd into \'' + path + '\'') + this.path = path + this.code = code + } + + get name () { + return 'CwdError' + } +} + +const mkdir = module.exports = (dir, opt, cb) => { + // if there's any overlap between mask and mode, + // then we'll need an explicit chmod + const umask = opt.umask + const mode = opt.mode | 0o0700 + const needChmod = (mode & umask) !== 0 + + const uid = opt.uid + const gid = opt.gid + const doChown = typeof uid === 'number' && + typeof gid === 'number' && + ( uid !== opt.processUid || gid !== opt.processGid ) + + const preserve = opt.preserve + const unlink = opt.unlink + const cache = opt.cache + const cwd = opt.cwd + + const done = (er, created) => { + if (er) + cb(er) + else { + cache.set(dir, true) + if (created && doChown) + chownr(created, uid, gid, er => done(er)) + else if (needChmod) + fs.chmod(dir, mode, cb) + else + cb() + } + } + + if (cache && cache.get(dir) === true) + return done() + + if (dir === cwd) + return fs.stat(dir, (er, st) => { + if (er || !st.isDirectory()) + er = new CwdError(dir, er && er.code || 'ENOTDIR') + done(er) + }) + + if (preserve) + return mkdirp(dir, mode, done) + + const sub = path.relative(cwd, dir) + const parts = sub.split(/\/|\\/) + mkdir_(cwd, parts, mode, cache, unlink, cwd, null, done) +} + +const mkdir_ = (base, parts, mode, cache, unlink, cwd, created, cb) => { + if (!parts.length) + return cb(null, created) + const p = parts.shift() + const part = base + '/' + p + if (cache.get(part)) + return mkdir_(part, parts, mode, cache, unlink, cwd, created, cb) + fs.mkdir(part, mode, onmkdir(part, parts, mode, cache, unlink, cwd, created, cb)) +} + +const onmkdir = (part, parts, mode, cache, unlink, cwd, created, cb) => er => { + if (er) { + if (er.path && path.dirname(er.path) === cwd && + (er.code === 'ENOTDIR' || er.code === 'ENOENT')) + return cb(new CwdError(cwd, er.code)) + + fs.lstat(part, (statEr, st) => { + if (statEr) + cb(statEr) + else if (st.isDirectory()) + mkdir_(part, parts, mode, cache, unlink, cwd, created, cb) + else if (unlink) + fs.unlink(part, er => { + if (er) + return cb(er) + fs.mkdir(part, mode, onmkdir(part, parts, mode, cache, unlink, cwd, created, cb)) + }) + else if (st.isSymbolicLink()) + return cb(new SymlinkError(part, part + '/' + parts.join('/'))) + else + cb(er) + }) + } else { + created = created || part + mkdir_(part, parts, mode, cache, unlink, cwd, created, cb) + } +} + +const mkdirSync = module.exports.sync = (dir, opt) => { + // if there's any overlap between mask and mode, + // then we'll need an explicit chmod + const umask = opt.umask + const mode = opt.mode | 0o0700 + const needChmod = (mode & umask) !== 0 + + const uid = opt.uid + const gid = opt.gid + const doChown = typeof uid === 'number' && + typeof gid === 'number' && + ( uid !== opt.processUid || gid !== opt.processGid ) + + const preserve = opt.preserve + const unlink = opt.unlink + const cache = opt.cache + const cwd = opt.cwd + + const done = (created) => { + cache.set(dir, true) + if (created && doChown) + chownr.sync(created, uid, gid) + if (needChmod) + fs.chmodSync(dir, mode) + } + + if (cache && cache.get(dir) === true) + return done() + + if (dir === cwd) { + let ok = false + let code = 'ENOTDIR' + try { + ok = fs.statSync(dir).isDirectory() + } catch (er) { + code = er.code + } finally { + if (!ok) + throw new CwdError(dir, code) + } + done() + return + } + + if (preserve) + return done(mkdirp.sync(dir, mode)) + + const sub = path.relative(cwd, dir) + const parts = sub.split(/\/|\\/) + let created = null + for (let p = parts.shift(), part = cwd; + p && (part += '/' + p); + p = parts.shift()) { + + if (cache.get(part)) + continue + + try { + fs.mkdirSync(part, mode) + created = created || part + cache.set(part, true) + } catch (er) { + if (er.path && path.dirname(er.path) === cwd && + (er.code === 'ENOTDIR' || er.code === 'ENOENT')) + return new CwdError(cwd, er.code) + + const st = fs.lstatSync(part) + if (st.isDirectory()) { + cache.set(part, true) + continue + } else if (unlink) { + fs.unlinkSync(part) + fs.mkdirSync(part, mode) + created = created || part + cache.set(part, true) + continue + } else if (st.isSymbolicLink()) + return new SymlinkError(part, part + '/' + parts.join('/')) + } + } + + return done(created) +} diff --git a/node_modules/libnpm/node_modules/tar/lib/mode-fix.js b/node_modules/libnpm/node_modules/tar/lib/mode-fix.js new file mode 100644 index 000000000..3363a3b15 --- /dev/null +++ b/node_modules/libnpm/node_modules/tar/lib/mode-fix.js @@ -0,0 +1,14 @@ +'use strict' +module.exports = (mode, isDir) => { + mode &= 0o7777 + // if dirs are readable, then they should be listable + if (isDir) { + if (mode & 0o400) + mode |= 0o100 + if (mode & 0o40) + mode |= 0o10 + if (mode & 0o4) + mode |= 0o1 + } + return mode +} diff --git a/node_modules/libnpm/node_modules/tar/lib/pack.js b/node_modules/libnpm/node_modules/tar/lib/pack.js new file mode 100644 index 000000000..857cea910 --- /dev/null +++ b/node_modules/libnpm/node_modules/tar/lib/pack.js @@ -0,0 +1,404 @@ +'use strict' + +const Buffer = require('./buffer.js') + +// A readable tar stream creator +// Technically, this is a transform stream that you write paths into, +// and tar format comes out of. +// The `add()` method is like `write()` but returns this, +// and end() return `this` as well, so you can +// do `new Pack(opt).add('files').add('dir').end().pipe(output) +// You could also do something like: +// streamOfPaths().pipe(new Pack()).pipe(new fs.WriteStream('out.tar')) + +class PackJob { + constructor (path, absolute) { + this.path = path || './' + this.absolute = absolute + this.entry = null + this.stat = null + this.readdir = null + this.pending = false + this.ignore = false + this.piped = false + } +} + +const MiniPass = require('minipass') +const zlib = require('minizlib') +const ReadEntry = require('./read-entry.js') +const WriteEntry = require('./write-entry.js') +const WriteEntrySync = WriteEntry.Sync +const WriteEntryTar = WriteEntry.Tar +const Yallist = require('yallist') +const EOF = Buffer.alloc(1024) +const ONSTAT = Symbol('onStat') +const ENDED = Symbol('ended') +const QUEUE = Symbol('queue') +const CURRENT = Symbol('current') +const PROCESS = Symbol('process') +const PROCESSING = Symbol('processing') +const PROCESSJOB = Symbol('processJob') +const JOBS = Symbol('jobs') +const JOBDONE = Symbol('jobDone') +const ADDFSENTRY = Symbol('addFSEntry') +const ADDTARENTRY = Symbol('addTarEntry') +const STAT = Symbol('stat') +const READDIR = Symbol('readdir') +const ONREADDIR = Symbol('onreaddir') +const PIPE = Symbol('pipe') +const ENTRY = Symbol('entry') +const ENTRYOPT = Symbol('entryOpt') +const WRITEENTRYCLASS = Symbol('writeEntryClass') +const WRITE = Symbol('write') +const ONDRAIN = Symbol('ondrain') + +const fs = require('fs') +const path = require('path') +const warner = require('./warn-mixin.js') + +const Pack = warner(class Pack extends MiniPass { + constructor (opt) { + super(opt) + opt = opt || Object.create(null) + this.opt = opt + this.cwd = opt.cwd || process.cwd() + this.maxReadSize = opt.maxReadSize + this.preservePaths = !!opt.preservePaths + this.strict = !!opt.strict + this.noPax = !!opt.noPax + this.prefix = (opt.prefix || '').replace(/(\\|\/)+$/, '') + this.linkCache = opt.linkCache || new Map() + this.statCache = opt.statCache || new Map() + this.readdirCache = opt.readdirCache || new Map() + + this[WRITEENTRYCLASS] = WriteEntry + if (typeof opt.onwarn === 'function') + this.on('warn', opt.onwarn) + + this.zip = null + if (opt.gzip) { + if (typeof opt.gzip !== 'object') + opt.gzip = {} + this.zip = new zlib.Gzip(opt.gzip) + this.zip.on('data', chunk => super.write(chunk)) + this.zip.on('end', _ => super.end()) + this.zip.on('drain', _ => this[ONDRAIN]()) + this.on('resume', _ => this.zip.resume()) + } else + this.on('drain', this[ONDRAIN]) + + this.portable = !!opt.portable + this.noDirRecurse = !!opt.noDirRecurse + this.follow = !!opt.follow + this.noMtime = !!opt.noMtime + this.mtime = opt.mtime || null + + this.filter = typeof opt.filter === 'function' ? opt.filter : _ => true + + this[QUEUE] = new Yallist + this[JOBS] = 0 + this.jobs = +opt.jobs || 4 + this[PROCESSING] = false + this[ENDED] = false + } + + [WRITE] (chunk) { + return super.write(chunk) + } + + add (path) { + this.write(path) + return this + } + + end (path) { + if (path) + this.write(path) + this[ENDED] = true + this[PROCESS]() + return this + } + + write (path) { + if (this[ENDED]) + throw new Error('write after end') + + if (path instanceof ReadEntry) + this[ADDTARENTRY](path) + else + this[ADDFSENTRY](path) + return this.flowing + } + + [ADDTARENTRY] (p) { + const absolute = path.resolve(this.cwd, p.path) + if (this.prefix) + p.path = this.prefix + '/' + p.path.replace(/^\.(\/+|$)/, '') + + // in this case, we don't have to wait for the stat + if (!this.filter(p.path, p)) + p.resume() + else { + const job = new PackJob(p.path, absolute, false) + job.entry = new WriteEntryTar(p, this[ENTRYOPT](job)) + job.entry.on('end', _ => this[JOBDONE](job)) + this[JOBS] += 1 + this[QUEUE].push(job) + } + + this[PROCESS]() + } + + [ADDFSENTRY] (p) { + const absolute = path.resolve(this.cwd, p) + if (this.prefix) + p = this.prefix + '/' + p.replace(/^\.(\/+|$)/, '') + + this[QUEUE].push(new PackJob(p, absolute)) + this[PROCESS]() + } + + [STAT] (job) { + job.pending = true + this[JOBS] += 1 + const stat = this.follow ? 'stat' : 'lstat' + fs[stat](job.absolute, (er, stat) => { + job.pending = false + this[JOBS] -= 1 + if (er) + this.emit('error', er) + else + this[ONSTAT](job, stat) + }) + } + + [ONSTAT] (job, stat) { + this.statCache.set(job.absolute, stat) + job.stat = stat + + // now we have the stat, we can filter it. + if (!this.filter(job.path, stat)) + job.ignore = true + + this[PROCESS]() + } + + [READDIR] (job) { + job.pending = true + this[JOBS] += 1 + fs.readdir(job.absolute, (er, entries) => { + job.pending = false + this[JOBS] -= 1 + if (er) + return this.emit('error', er) + this[ONREADDIR](job, entries) + }) + } + + [ONREADDIR] (job, entries) { + this.readdirCache.set(job.absolute, entries) + job.readdir = entries + this[PROCESS]() + } + + [PROCESS] () { + if (this[PROCESSING]) + return + + this[PROCESSING] = true + for (let w = this[QUEUE].head; + w !== null && this[JOBS] < this.jobs; + w = w.next) { + this[PROCESSJOB](w.value) + if (w.value.ignore) { + const p = w.next + this[QUEUE].removeNode(w) + w.next = p + } + } + + this[PROCESSING] = false + + if (this[ENDED] && !this[QUEUE].length && this[JOBS] === 0) { + if (this.zip) + this.zip.end(EOF) + else { + super.write(EOF) + super.end() + } + } + } + + get [CURRENT] () { + return this[QUEUE] && this[QUEUE].head && this[QUEUE].head.value + } + + [JOBDONE] (job) { + this[QUEUE].shift() + this[JOBS] -= 1 + this[PROCESS]() + } + + [PROCESSJOB] (job) { + if (job.pending) + return + + if (job.entry) { + if (job === this[CURRENT] && !job.piped) + this[PIPE](job) + return + } + + if (!job.stat) { + if (this.statCache.has(job.absolute)) + this[ONSTAT](job, this.statCache.get(job.absolute)) + else + this[STAT](job) + } + if (!job.stat) + return + + // filtered out! + if (job.ignore) + return + + if (!this.noDirRecurse && job.stat.isDirectory() && !job.readdir) { + if (this.readdirCache.has(job.absolute)) + this[ONREADDIR](job, this.readdirCache.get(job.absolute)) + else + this[READDIR](job) + if (!job.readdir) + return + } + + // we know it doesn't have an entry, because that got checked above + job.entry = this[ENTRY](job) + if (!job.entry) { + job.ignore = true + return + } + + if (job === this[CURRENT] && !job.piped) + this[PIPE](job) + } + + [ENTRYOPT] (job) { + return { + onwarn: (msg, data) => { + this.warn(msg, data) + }, + noPax: this.noPax, + cwd: this.cwd, + absolute: job.absolute, + preservePaths: this.preservePaths, + maxReadSize: this.maxReadSize, + strict: this.strict, + portable: this.portable, + linkCache: this.linkCache, + statCache: this.statCache, + noMtime: this.noMtime, + mtime: this.mtime + } + } + + [ENTRY] (job) { + this[JOBS] += 1 + try { + return new this[WRITEENTRYCLASS](job.path, this[ENTRYOPT](job)) + .on('end', () => this[JOBDONE](job)) + .on('error', er => this.emit('error', er)) + } catch (er) { + this.emit('error', er) + } + } + + [ONDRAIN] () { + if (this[CURRENT] && this[CURRENT].entry) + this[CURRENT].entry.resume() + } + + // like .pipe() but using super, because our write() is special + [PIPE] (job) { + job.piped = true + + if (job.readdir) + job.readdir.forEach(entry => { + const p = this.prefix ? + job.path.slice(this.prefix.length + 1) || './' + : job.path + + const base = p === './' ? '' : p.replace(/\/*$/, '/') + this[ADDFSENTRY](base + entry) + }) + + const source = job.entry + const zip = this.zip + + if (zip) + source.on('data', chunk => { + if (!zip.write(chunk)) + source.pause() + }) + else + source.on('data', chunk => { + if (!super.write(chunk)) + source.pause() + }) + } + + pause () { + if (this.zip) + this.zip.pause() + return super.pause() + } +}) + +class PackSync extends Pack { + constructor (opt) { + super(opt) + this[WRITEENTRYCLASS] = WriteEntrySync + } + + // pause/resume are no-ops in sync streams. + pause () {} + resume () {} + + [STAT] (job) { + const stat = this.follow ? 'statSync' : 'lstatSync' + this[ONSTAT](job, fs[stat](job.absolute)) + } + + [READDIR] (job, stat) { + this[ONREADDIR](job, fs.readdirSync(job.absolute)) + } + + // gotta get it all in this tick + [PIPE] (job) { + const source = job.entry + const zip = this.zip + + if (job.readdir) + job.readdir.forEach(entry => { + const p = this.prefix ? + job.path.slice(this.prefix.length + 1) || './' + : job.path + + const base = p === './' ? '' : p.replace(/\/*$/, '/') + this[ADDFSENTRY](base + entry) + }) + + if (zip) + source.on('data', chunk => { + zip.write(chunk) + }) + else + source.on('data', chunk => { + super[WRITE](chunk) + }) + } +} + +Pack.Sync = PackSync + +module.exports = Pack diff --git a/node_modules/libnpm/node_modules/tar/lib/parse.js b/node_modules/libnpm/node_modules/tar/lib/parse.js new file mode 100644 index 000000000..43d4383dd --- /dev/null +++ b/node_modules/libnpm/node_modules/tar/lib/parse.js @@ -0,0 +1,428 @@ +'use strict' + +// this[BUFFER] is the remainder of a chunk if we're waiting for +// the full 512 bytes of a header to come in. We will Buffer.concat() +// it to the next write(), which is a mem copy, but a small one. +// +// this[QUEUE] is a Yallist of entries that haven't been emitted +// yet this can only get filled up if the user keeps write()ing after +// a write() returns false, or does a write() with more than one entry +// +// We don't buffer chunks, we always parse them and either create an +// entry, or push it into the active entry. The ReadEntry class knows +// to throw data away if .ignore=true +// +// Shift entry off the buffer when it emits 'end', and emit 'entry' for +// the next one in the list. +// +// At any time, we're pushing body chunks into the entry at WRITEENTRY, +// and waiting for 'end' on the entry at READENTRY +// +// ignored entries get .resume() called on them straight away + +const warner = require('./warn-mixin.js') +const path = require('path') +const Header = require('./header.js') +const EE = require('events') +const Yallist = require('yallist') +const maxMetaEntrySize = 1024 * 1024 +const Entry = require('./read-entry.js') +const Pax = require('./pax.js') +const zlib = require('minizlib') +const Buffer = require('./buffer.js') + +const gzipHeader = Buffer.from([0x1f, 0x8b]) +const STATE = Symbol('state') +const WRITEENTRY = Symbol('writeEntry') +const READENTRY = Symbol('readEntry') +const NEXTENTRY = Symbol('nextEntry') +const PROCESSENTRY = Symbol('processEntry') +const EX = Symbol('extendedHeader') +const GEX = Symbol('globalExtendedHeader') +const META = Symbol('meta') +const EMITMETA = Symbol('emitMeta') +const BUFFER = Symbol('buffer') +const QUEUE = Symbol('queue') +const ENDED = Symbol('ended') +const EMITTEDEND = Symbol('emittedEnd') +const EMIT = Symbol('emit') +const UNZIP = Symbol('unzip') +const CONSUMECHUNK = Symbol('consumeChunk') +const CONSUMECHUNKSUB = Symbol('consumeChunkSub') +const CONSUMEBODY = Symbol('consumeBody') +const CONSUMEMETA = Symbol('consumeMeta') +const CONSUMEHEADER = Symbol('consumeHeader') +const CONSUMING = Symbol('consuming') +const BUFFERCONCAT = Symbol('bufferConcat') +const MAYBEEND = Symbol('maybeEnd') +const WRITING = Symbol('writing') +const ABORTED = Symbol('aborted') +const DONE = Symbol('onDone') + +const noop = _ => true + +module.exports = warner(class Parser extends EE { + constructor (opt) { + opt = opt || {} + super(opt) + + if (opt.ondone) + this.on(DONE, opt.ondone) + else + this.on(DONE, _ => { + this.emit('prefinish') + this.emit('finish') + this.emit('end') + this.emit('close') + }) + + this.strict = !!opt.strict + this.maxMetaEntrySize = opt.maxMetaEntrySize || maxMetaEntrySize + this.filter = typeof opt.filter === 'function' ? opt.filter : noop + + // have to set this so that streams are ok piping into it + this.writable = true + this.readable = false + + this[QUEUE] = new Yallist() + this[BUFFER] = null + this[READENTRY] = null + this[WRITEENTRY] = null + this[STATE] = 'begin' + this[META] = '' + this[EX] = null + this[GEX] = null + this[ENDED] = false + this[UNZIP] = null + this[ABORTED] = false + if (typeof opt.onwarn === 'function') + this.on('warn', opt.onwarn) + if (typeof opt.onentry === 'function') + this.on('entry', opt.onentry) + } + + [CONSUMEHEADER] (chunk, position) { + let header + try { + header = new Header(chunk, position, this[EX], this[GEX]) + } catch (er) { + return this.warn('invalid entry', er) + } + + if (header.nullBlock) + this[EMIT]('nullBlock') + else if (!header.cksumValid) + this.warn('invalid entry', header) + else if (!header.path) + this.warn('invalid: path is required', header) + else { + const type = header.type + if (/^(Symbolic)?Link$/.test(type) && !header.linkpath) + this.warn('invalid: linkpath required', header) + else if (!/^(Symbolic)?Link$/.test(type) && header.linkpath) + this.warn('invalid: linkpath forbidden', header) + else { + const entry = this[WRITEENTRY] = new Entry(header, this[EX], this[GEX]) + + if (entry.meta) { + if (entry.size > this.maxMetaEntrySize) { + entry.ignore = true + this[EMIT]('ignoredEntry', entry) + this[STATE] = 'ignore' + } else if (entry.size > 0) { + this[META] = '' + entry.on('data', c => this[META] += c) + this[STATE] = 'meta' + } + } else { + + this[EX] = null + entry.ignore = entry.ignore || !this.filter(entry.path, entry) + if (entry.ignore) { + this[EMIT]('ignoredEntry', entry) + this[STATE] = entry.remain ? 'ignore' : 'begin' + } else { + if (entry.remain) + this[STATE] = 'body' + else { + this[STATE] = 'begin' + entry.end() + } + + if (!this[READENTRY]) { + this[QUEUE].push(entry) + this[NEXTENTRY]() + } else + this[QUEUE].push(entry) + } + } + } + } + } + + [PROCESSENTRY] (entry) { + let go = true + + if (!entry) { + this[READENTRY] = null + go = false + } else if (Array.isArray(entry)) + this.emit.apply(this, entry) + else { + this[READENTRY] = entry + this.emit('entry', entry) + if (!entry.emittedEnd) { + entry.on('end', _ => this[NEXTENTRY]()) + go = false + } + } + + return go + } + + [NEXTENTRY] () { + do {} while (this[PROCESSENTRY](this[QUEUE].shift())) + + if (!this[QUEUE].length) { + // At this point, there's nothing in the queue, but we may have an + // entry which is being consumed (readEntry). + // If we don't, then we definitely can handle more data. + // If we do, and either it's flowing, or it has never had any data + // written to it, then it needs more. + // The only other possibility is that it has returned false from a + // write() call, so we wait for the next drain to continue. + const re = this[READENTRY] + const drainNow = !re || re.flowing || re.size === re.remain + if (drainNow) { + if (!this[WRITING]) + this.emit('drain') + } else + re.once('drain', _ => this.emit('drain')) + } + } + + [CONSUMEBODY] (chunk, position) { + // write up to but no more than writeEntry.blockRemain + const entry = this[WRITEENTRY] + const br = entry.blockRemain + const c = (br >= chunk.length && position === 0) ? chunk + : chunk.slice(position, position + br) + + entry.write(c) + + if (!entry.blockRemain) { + this[STATE] = 'begin' + this[WRITEENTRY] = null + entry.end() + } + + return c.length + } + + [CONSUMEMETA] (chunk, position) { + const entry = this[WRITEENTRY] + const ret = this[CONSUMEBODY](chunk, position) + + // if we finished, then the entry is reset + if (!this[WRITEENTRY]) + this[EMITMETA](entry) + + return ret + } + + [EMIT] (ev, data, extra) { + if (!this[QUEUE].length && !this[READENTRY]) + this.emit(ev, data, extra) + else + this[QUEUE].push([ev, data, extra]) + } + + [EMITMETA] (entry) { + this[EMIT]('meta', this[META]) + switch (entry.type) { + case 'ExtendedHeader': + case 'OldExtendedHeader': + this[EX] = Pax.parse(this[META], this[EX], false) + break + + case 'GlobalExtendedHeader': + this[GEX] = Pax.parse(this[META], this[GEX], true) + break + + case 'NextFileHasLongPath': + case 'OldGnuLongPath': + this[EX] = this[EX] || Object.create(null) + this[EX].path = this[META].replace(/\0.*/, '') + break + + case 'NextFileHasLongLinkpath': + this[EX] = this[EX] || Object.create(null) + this[EX].linkpath = this[META].replace(/\0.*/, '') + break + + /* istanbul ignore next */ + default: throw new Error('unknown meta: ' + entry.type) + } + } + + abort (msg, error) { + this[ABORTED] = true + this.warn(msg, error) + this.emit('abort', error) + this.emit('error', error) + } + + write (chunk) { + if (this[ABORTED]) + return + + // first write, might be gzipped + if (this[UNZIP] === null && chunk) { + if (this[BUFFER]) { + chunk = Buffer.concat([this[BUFFER], chunk]) + this[BUFFER] = null + } + if (chunk.length < gzipHeader.length) { + this[BUFFER] = chunk + return true + } + for (let i = 0; this[UNZIP] === null && i < gzipHeader.length; i++) { + if (chunk[i] !== gzipHeader[i]) + this[UNZIP] = false + } + if (this[UNZIP] === null) { + const ended = this[ENDED] + this[ENDED] = false + this[UNZIP] = new zlib.Unzip() + this[UNZIP].on('data', chunk => this[CONSUMECHUNK](chunk)) + this[UNZIP].on('error', er => + this.abort(er.message, er)) + this[UNZIP].on('end', _ => { + this[ENDED] = true + this[CONSUMECHUNK]() + }) + this[WRITING] = true + const ret = this[UNZIP][ended ? 'end' : 'write' ](chunk) + this[WRITING] = false + return ret + } + } + + this[WRITING] = true + if (this[UNZIP]) + this[UNZIP].write(chunk) + else + this[CONSUMECHUNK](chunk) + this[WRITING] = false + + // return false if there's a queue, or if the current entry isn't flowing + const ret = + this[QUEUE].length ? false : + this[READENTRY] ? this[READENTRY].flowing : + true + + // if we have no queue, then that means a clogged READENTRY + if (!ret && !this[QUEUE].length) + this[READENTRY].once('drain', _ => this.emit('drain')) + + return ret + } + + [BUFFERCONCAT] (c) { + if (c && !this[ABORTED]) + this[BUFFER] = this[BUFFER] ? Buffer.concat([this[BUFFER], c]) : c + } + + [MAYBEEND] () { + if (this[ENDED] && + !this[EMITTEDEND] && + !this[ABORTED] && + !this[CONSUMING]) { + this[EMITTEDEND] = true + const entry = this[WRITEENTRY] + if (entry && entry.blockRemain) { + const have = this[BUFFER] ? this[BUFFER].length : 0 + this.warn('Truncated input (needed ' + entry.blockRemain + + ' more bytes, only ' + have + ' available)', entry) + if (this[BUFFER]) + entry.write(this[BUFFER]) + entry.end() + } + this[EMIT](DONE) + } + } + + [CONSUMECHUNK] (chunk) { + if (this[CONSUMING]) { + this[BUFFERCONCAT](chunk) + } else if (!chunk && !this[BUFFER]) { + this[MAYBEEND]() + } else { + this[CONSUMING] = true + if (this[BUFFER]) { + this[BUFFERCONCAT](chunk) + const c = this[BUFFER] + this[BUFFER] = null + this[CONSUMECHUNKSUB](c) + } else { + this[CONSUMECHUNKSUB](chunk) + } + + while (this[BUFFER] && this[BUFFER].length >= 512 && !this[ABORTED]) { + const c = this[BUFFER] + this[BUFFER] = null + this[CONSUMECHUNKSUB](c) + } + this[CONSUMING] = false + } + + if (!this[BUFFER] || this[ENDED]) + this[MAYBEEND]() + } + + [CONSUMECHUNKSUB] (chunk) { + // we know that we are in CONSUMING mode, so anything written goes into + // the buffer. Advance the position and put any remainder in the buffer. + let position = 0 + let length = chunk.length + while (position + 512 <= length && !this[ABORTED]) { + switch (this[STATE]) { + case 'begin': + this[CONSUMEHEADER](chunk, position) + position += 512 + break + + case 'ignore': + case 'body': + position += this[CONSUMEBODY](chunk, position) + break + + case 'meta': + position += this[CONSUMEMETA](chunk, position) + break + + /* istanbul ignore next */ + default: + throw new Error('invalid state: ' + this[STATE]) + } + } + + if (position < length) { + if (this[BUFFER]) + this[BUFFER] = Buffer.concat([chunk.slice(position), this[BUFFER]]) + else + this[BUFFER] = chunk.slice(position) + } + } + + end (chunk) { + if (!this[ABORTED]) { + if (this[UNZIP]) + this[UNZIP].end(chunk) + else { + this[ENDED] = true + this.write(chunk) + } + } + } +}) diff --git a/node_modules/libnpm/node_modules/tar/lib/pax.js b/node_modules/libnpm/node_modules/tar/lib/pax.js new file mode 100644 index 000000000..9d7e4aba5 --- /dev/null +++ b/node_modules/libnpm/node_modules/tar/lib/pax.js @@ -0,0 +1,146 @@ +'use strict' +const Buffer = require('./buffer.js') +const Header = require('./header.js') +const path = require('path') + +class Pax { + constructor (obj, global) { + this.atime = obj.atime || null + this.charset = obj.charset || null + this.comment = obj.comment || null + this.ctime = obj.ctime || null + this.gid = obj.gid || null + this.gname = obj.gname || null + this.linkpath = obj.linkpath || null + this.mtime = obj.mtime || null + this.path = obj.path || null + this.size = obj.size || null + this.uid = obj.uid || null + this.uname = obj.uname || null + this.dev = obj.dev || null + this.ino = obj.ino || null + this.nlink = obj.nlink || null + this.global = global || false + } + + encode () { + const body = this.encodeBody() + if (body === '') + return null + + const bodyLen = Buffer.byteLength(body) + // round up to 512 bytes + // add 512 for header + const bufLen = 512 * Math.ceil(1 + bodyLen / 512) + const buf = Buffer.allocUnsafe(bufLen) + + // 0-fill the header section, it might not hit every field + for (let i = 0; i < 512; i++) { + buf[i] = 0 + } + + new Header({ + // XXX split the path + // then the path should be PaxHeader + basename, but less than 99, + // prepend with the dirname + path: ('PaxHeader/' + path.basename(this.path)).slice(0, 99), + mode: this.mode || 0o644, + uid: this.uid || null, + gid: this.gid || null, + size: bodyLen, + mtime: this.mtime || null, + type: this.global ? 'GlobalExtendedHeader' : 'ExtendedHeader', + linkpath: '', + uname: this.uname || '', + gname: this.gname || '', + devmaj: 0, + devmin: 0, + atime: this.atime || null, + ctime: this.ctime || null + }).encode(buf) + + buf.write(body, 512, bodyLen, 'utf8') + + // null pad after the body + for (let i = bodyLen + 512; i < buf.length; i++) { + buf[i] = 0 + } + + return buf + } + + encodeBody () { + return ( + this.encodeField('path') + + this.encodeField('ctime') + + this.encodeField('atime') + + this.encodeField('dev') + + this.encodeField('ino') + + this.encodeField('nlink') + + this.encodeField('charset') + + this.encodeField('comment') + + this.encodeField('gid') + + this.encodeField('gname') + + this.encodeField('linkpath') + + this.encodeField('mtime') + + this.encodeField('size') + + this.encodeField('uid') + + this.encodeField('uname') + ) + } + + encodeField (field) { + if (this[field] === null || this[field] === undefined) + return '' + const v = this[field] instanceof Date ? this[field].getTime() / 1000 + : this[field] + const s = ' ' + + (field === 'dev' || field === 'ino' || field === 'nlink' + ? 'SCHILY.' : '') + + field + '=' + v + '\n' + const byteLen = Buffer.byteLength(s) + // the digits includes the length of the digits in ascii base-10 + // so if it's 9 characters, then adding 1 for the 9 makes it 10 + // which makes it 11 chars. + let digits = Math.floor(Math.log(byteLen) / Math.log(10)) + 1 + if (byteLen + digits >= Math.pow(10, digits)) + digits += 1 + const len = digits + byteLen + return len + s + } +} + +Pax.parse = (string, ex, g) => new Pax(merge(parseKV(string), ex), g) + +const merge = (a, b) => + b ? Object.keys(a).reduce((s, k) => (s[k] = a[k], s), b) : a + +const parseKV = string => + string + .replace(/\n$/, '') + .split('\n') + .reduce(parseKVLine, Object.create(null)) + +const parseKVLine = (set, line) => { + const n = parseInt(line, 10) + + // XXX Values with \n in them will fail this. + // Refactor to not be a naive line-by-line parse. + if (n !== Buffer.byteLength(line) + 1) + return set + + line = line.substr((n + ' ').length) + const kv = line.split('=') + const k = kv.shift().replace(/^SCHILY\.(dev|ino|nlink)/, '$1') + if (!k) + return set + + const v = kv.join('=') + set[k] = /^([A-Z]+\.)?([mac]|birth|creation)time$/.test(k) + ? new Date(v * 1000) + : /^[0-9]+$/.test(v) ? +v + : v + return set +} + +module.exports = Pax diff --git a/node_modules/libnpm/node_modules/tar/lib/read-entry.js b/node_modules/libnpm/node_modules/tar/lib/read-entry.js new file mode 100644 index 000000000..8acee94ba --- /dev/null +++ b/node_modules/libnpm/node_modules/tar/lib/read-entry.js @@ -0,0 +1,98 @@ +'use strict' +const types = require('./types.js') +const MiniPass = require('minipass') + +const SLURP = Symbol('slurp') +module.exports = class ReadEntry extends MiniPass { + constructor (header, ex, gex) { + super() + // read entries always start life paused. this is to avoid the + // situation where Minipass's auto-ending empty streams results + // in an entry ending before we're ready for it. + this.pause() + this.extended = ex + this.globalExtended = gex + this.header = header + this.startBlockSize = 512 * Math.ceil(header.size / 512) + this.blockRemain = this.startBlockSize + this.remain = header.size + this.type = header.type + this.meta = false + this.ignore = false + switch (this.type) { + case 'File': + case 'OldFile': + case 'Link': + case 'SymbolicLink': + case 'CharacterDevice': + case 'BlockDevice': + case 'Directory': + case 'FIFO': + case 'ContiguousFile': + case 'GNUDumpDir': + break + + case 'NextFileHasLongLinkpath': + case 'NextFileHasLongPath': + case 'OldGnuLongPath': + case 'GlobalExtendedHeader': + case 'ExtendedHeader': + case 'OldExtendedHeader': + this.meta = true + break + + // NOTE: gnutar and bsdtar treat unrecognized types as 'File' + // it may be worth doing the same, but with a warning. + default: + this.ignore = true + } + + this.path = header.path + this.mode = header.mode + if (this.mode) + this.mode = this.mode & 0o7777 + this.uid = header.uid + this.gid = header.gid + this.uname = header.uname + this.gname = header.gname + this.size = header.size + this.mtime = header.mtime + this.atime = header.atime + this.ctime = header.ctime + this.linkpath = header.linkpath + this.uname = header.uname + this.gname = header.gname + + if (ex) this[SLURP](ex) + if (gex) this[SLURP](gex, true) + } + + write (data) { + const writeLen = data.length + if (writeLen > this.blockRemain) + throw new Error('writing more to entry than is appropriate') + + const r = this.remain + const br = this.blockRemain + this.remain = Math.max(0, r - writeLen) + this.blockRemain = Math.max(0, br - writeLen) + if (this.ignore) + return true + + if (r >= writeLen) + return super.write(data) + + // r < writeLen + return super.write(data.slice(0, r)) + } + + [SLURP] (ex, global) { + for (let k in ex) { + // we slurp in everything except for the path attribute in + // a global extended header, because that's weird. + if (ex[k] !== null && ex[k] !== undefined && + !(global && k === 'path')) + this[k] = ex[k] + } + } +} diff --git a/node_modules/libnpm/node_modules/tar/lib/replace.js b/node_modules/libnpm/node_modules/tar/lib/replace.js new file mode 100644 index 000000000..571cee94a --- /dev/null +++ b/node_modules/libnpm/node_modules/tar/lib/replace.js @@ -0,0 +1,220 @@ +'use strict' +const Buffer = require('./buffer.js') + +// tar -r +const hlo = require('./high-level-opt.js') +const Pack = require('./pack.js') +const Parse = require('./parse.js') +const fs = require('fs') +const fsm = require('fs-minipass') +const t = require('./list.js') +const path = require('path') + +// starting at the head of the file, read a Header +// If the checksum is invalid, that's our position to start writing +// If it is, jump forward by the specified size (round up to 512) +// and try again. +// Write the new Pack stream starting there. + +const Header = require('./header.js') + +const r = module.exports = (opt_, files, cb) => { + const opt = hlo(opt_) + + if (!opt.file) + throw new TypeError('file is required') + + if (opt.gzip) + throw new TypeError('cannot append to compressed archives') + + if (!files || !Array.isArray(files) || !files.length) + throw new TypeError('no files or directories specified') + + files = Array.from(files) + + return opt.sync ? replaceSync(opt, files) + : replace(opt, files, cb) +} + +const replaceSync = (opt, files) => { + const p = new Pack.Sync(opt) + + let threw = true + let fd + let position + + try { + try { + fd = fs.openSync(opt.file, 'r+') + } catch (er) { + if (er.code === 'ENOENT') + fd = fs.openSync(opt.file, 'w+') + else + throw er + } + + const st = fs.fstatSync(fd) + const headBuf = Buffer.alloc(512) + + POSITION: for (position = 0; position < st.size; position += 512) { + for (let bufPos = 0, bytes = 0; bufPos < 512; bufPos += bytes) { + bytes = fs.readSync( + fd, headBuf, bufPos, headBuf.length - bufPos, position + bufPos + ) + + if (position === 0 && headBuf[0] === 0x1f && headBuf[1] === 0x8b) + throw new Error('cannot append to compressed archives') + + if (!bytes) + break POSITION + } + + let h = new Header(headBuf) + if (!h.cksumValid) + break + let entryBlockSize = 512 * Math.ceil(h.size / 512) + if (position + entryBlockSize + 512 > st.size) + break + // the 512 for the header we just parsed will be added as well + // also jump ahead all the blocks for the body + position += entryBlockSize + if (opt.mtimeCache) + opt.mtimeCache.set(h.path, h.mtime) + } + threw = false + + streamSync(opt, p, position, fd, files) + } finally { + if (threw) + try { fs.closeSync(fd) } catch (er) {} + } +} + +const streamSync = (opt, p, position, fd, files) => { + const stream = new fsm.WriteStreamSync(opt.file, { + fd: fd, + start: position + }) + p.pipe(stream) + addFilesSync(p, files) +} + +const replace = (opt, files, cb) => { + files = Array.from(files) + const p = new Pack(opt) + + const getPos = (fd, size, cb_) => { + const cb = (er, pos) => { + if (er) + fs.close(fd, _ => cb_(er)) + else + cb_(null, pos) + } + + let position = 0 + if (size === 0) + return cb(null, 0) + + let bufPos = 0 + const headBuf = Buffer.alloc(512) + const onread = (er, bytes) => { + if (er) + return cb(er) + bufPos += bytes + if (bufPos < 512 && bytes) + return fs.read( + fd, headBuf, bufPos, headBuf.length - bufPos, + position + bufPos, onread + ) + + if (position === 0 && headBuf[0] === 0x1f && headBuf[1] === 0x8b) + return cb(new Error('cannot append to compressed archives')) + + // truncated header + if (bufPos < 512) + return cb(null, position) + + const h = new Header(headBuf) + if (!h.cksumValid) + return cb(null, position) + + const entryBlockSize = 512 * Math.ceil(h.size / 512) + if (position + entryBlockSize + 512 > size) + return cb(null, position) + + position += entryBlockSize + 512 + if (position >= size) + return cb(null, position) + + if (opt.mtimeCache) + opt.mtimeCache.set(h.path, h.mtime) + bufPos = 0 + fs.read(fd, headBuf, 0, 512, position, onread) + } + fs.read(fd, headBuf, 0, 512, position, onread) + } + + const promise = new Promise((resolve, reject) => { + p.on('error', reject) + let flag = 'r+' + const onopen = (er, fd) => { + if (er && er.code === 'ENOENT' && flag === 'r+') { + flag = 'w+' + return fs.open(opt.file, flag, onopen) + } + + if (er) + return reject(er) + + fs.fstat(fd, (er, st) => { + if (er) + return reject(er) + getPos(fd, st.size, (er, position) => { + if (er) + return reject(er) + const stream = new fsm.WriteStream(opt.file, { + fd: fd, + start: position + }) + p.pipe(stream) + stream.on('error', reject) + stream.on('close', resolve) + addFilesAsync(p, files) + }) + }) + } + fs.open(opt.file, flag, onopen) + }) + + return cb ? promise.then(cb, cb) : promise +} + +const addFilesSync = (p, files) => { + files.forEach(file => { + if (file.charAt(0) === '@') + t({ + file: path.resolve(p.cwd, file.substr(1)), + sync: true, + noResume: true, + onentry: entry => p.add(entry) + }) + else + p.add(file) + }) + p.end() +} + +const addFilesAsync = (p, files) => { + while (files.length) { + const file = files.shift() + if (file.charAt(0) === '@') + return t({ + file: path.resolve(p.cwd, file.substr(1)), + noResume: true, + onentry: entry => p.add(entry) + }).then(_ => addFilesAsync(p, files)) + else + p.add(file) + } + p.end() +} diff --git a/node_modules/libnpm/node_modules/tar/lib/types.js b/node_modules/libnpm/node_modules/tar/lib/types.js new file mode 100644 index 000000000..df425652b --- /dev/null +++ b/node_modules/libnpm/node_modules/tar/lib/types.js @@ -0,0 +1,44 @@ +'use strict' +// map types from key to human-friendly name +exports.name = new Map([ + ['0', 'File'], + // same as File + ['', 'OldFile'], + ['1', 'Link'], + ['2', 'SymbolicLink'], + // Devices and FIFOs aren't fully supported + // they are parsed, but skipped when unpacking + ['3', 'CharacterDevice'], + ['4', 'BlockDevice'], + ['5', 'Directory'], + ['6', 'FIFO'], + // same as File + ['7', 'ContiguousFile'], + // pax headers + ['g', 'GlobalExtendedHeader'], + ['x', 'ExtendedHeader'], + // vendor-specific stuff + // skip + ['A', 'SolarisACL'], + // like 5, but with data, which should be skipped + ['D', 'GNUDumpDir'], + // metadata only, skip + ['I', 'Inode'], + // data = link path of next file + ['K', 'NextFileHasLongLinkpath'], + // data = path of next file + ['L', 'NextFileHasLongPath'], + // skip + ['M', 'ContinuationFile'], + // like L + ['N', 'OldGnuLongPath'], + // skip + ['S', 'SparseFile'], + // skip + ['V', 'TapeVolumeHeader'], + // like x + ['X', 'OldExtendedHeader'] +]) + +// map the other direction +exports.code = new Map(Array.from(exports.name).map(kv => [kv[1], kv[0]])) diff --git a/node_modules/libnpm/node_modules/tar/lib/unpack.js b/node_modules/libnpm/node_modules/tar/lib/unpack.js new file mode 100644 index 000000000..fc765096e --- /dev/null +++ b/node_modules/libnpm/node_modules/tar/lib/unpack.js @@ -0,0 +1,621 @@ +'use strict' + +const assert = require('assert') +const EE = require('events').EventEmitter +const Parser = require('./parse.js') +const fs = require('fs') +const fsm = require('fs-minipass') +const path = require('path') +const mkdir = require('./mkdir.js') +const mkdirSync = mkdir.sync +const wc = require('./winchars.js') + +const ONENTRY = Symbol('onEntry') +const CHECKFS = Symbol('checkFs') +const ISREUSABLE = Symbol('isReusable') +const MAKEFS = Symbol('makeFs') +const FILE = Symbol('file') +const DIRECTORY = Symbol('directory') +const LINK = Symbol('link') +const SYMLINK = Symbol('symlink') +const HARDLINK = Symbol('hardlink') +const UNSUPPORTED = Symbol('unsupported') +const UNKNOWN = Symbol('unknown') +const CHECKPATH = Symbol('checkPath') +const MKDIR = Symbol('mkdir') +const ONERROR = Symbol('onError') +const PENDING = Symbol('pending') +const PEND = Symbol('pend') +const UNPEND = Symbol('unpend') +const ENDED = Symbol('ended') +const MAYBECLOSE = Symbol('maybeClose') +const SKIP = Symbol('skip') +const DOCHOWN = Symbol('doChown') +const UID = Symbol('uid') +const GID = Symbol('gid') +const crypto = require('crypto') + +// Unlinks on Windows are not atomic. +// +// This means that if you have a file entry, followed by another +// file entry with an identical name, and you cannot re-use the file +// (because it's a hardlink, or because unlink:true is set, or it's +// Windows, which does not have useful nlink values), then the unlink +// will be committed to the disk AFTER the new file has been written +// over the old one, deleting the new file. +// +// To work around this, on Windows systems, we rename the file and then +// delete the renamed file. It's a sloppy kludge, but frankly, I do not +// know of a better way to do this, given windows' non-atomic unlink +// semantics. +// +// See: https://github.com/npm/node-tar/issues/183 +/* istanbul ignore next */ +const unlinkFile = (path, cb) => { + if (process.platform !== 'win32') + return fs.unlink(path, cb) + + const name = path + '.DELETE.' + crypto.randomBytes(16).toString('hex') + fs.rename(path, name, er => { + if (er) + return cb(er) + fs.unlink(name, cb) + }) +} + +/* istanbul ignore next */ +const unlinkFileSync = path => { + if (process.platform !== 'win32') + return fs.unlinkSync(path) + + const name = path + '.DELETE.' + crypto.randomBytes(16).toString('hex') + fs.renameSync(path, name) + fs.unlinkSync(name) +} + +// this.gid, entry.gid, this.processUid +const uint32 = (a, b, c) => + a === a >>> 0 ? a + : b === b >>> 0 ? b + : c + +class Unpack extends Parser { + constructor (opt) { + if (!opt) + opt = {} + + opt.ondone = _ => { + this[ENDED] = true + this[MAYBECLOSE]() + } + + super(opt) + + this.transform = typeof opt.transform === 'function' ? opt.transform : null + + this.writable = true + this.readable = false + + this[PENDING] = 0 + this[ENDED] = false + + this.dirCache = opt.dirCache || new Map() + + if (typeof opt.uid === 'number' || typeof opt.gid === 'number') { + // need both or neither + if (typeof opt.uid !== 'number' || typeof opt.gid !== 'number') + throw new TypeError('cannot set owner without number uid and gid') + if (opt.preserveOwner) + throw new TypeError( + 'cannot preserve owner in archive and also set owner explicitly') + this.uid = opt.uid + this.gid = opt.gid + this.setOwner = true + } else { + this.uid = null + this.gid = null + this.setOwner = false + } + + // default true for root + if (opt.preserveOwner === undefined && typeof opt.uid !== 'number') + this.preserveOwner = process.getuid && process.getuid() === 0 + else + this.preserveOwner = !!opt.preserveOwner + + this.processUid = (this.preserveOwner || this.setOwner) && process.getuid ? + process.getuid() : null + this.processGid = (this.preserveOwner || this.setOwner) && process.getgid ? + process.getgid() : null + + // mostly just for testing, but useful in some cases. + // Forcibly trigger a chown on every entry, no matter what + this.forceChown = opt.forceChown === true + + // turn ><?| in filenames into 0xf000-higher encoded forms + this.win32 = !!opt.win32 || process.platform === 'win32' + + // do not unpack over files that are newer than what's in the archive + this.newer = !!opt.newer + + // do not unpack over ANY files + this.keep = !!opt.keep + + // do not set mtime/atime of extracted entries + this.noMtime = !!opt.noMtime + + // allow .., absolute path entries, and unpacking through symlinks + // without this, warn and skip .., relativize absolutes, and error + // on symlinks in extraction path + this.preservePaths = !!opt.preservePaths + + // unlink files and links before writing. This breaks existing hard + // links, and removes symlink directories rather than erroring + this.unlink = !!opt.unlink + + this.cwd = path.resolve(opt.cwd || process.cwd()) + this.strip = +opt.strip || 0 + this.processUmask = process.umask() + this.umask = typeof opt.umask === 'number' ? opt.umask : this.processUmask + // default mode for dirs created as parents + this.dmode = opt.dmode || (0o0777 & (~this.umask)) + this.fmode = opt.fmode || (0o0666 & (~this.umask)) + this.on('entry', entry => this[ONENTRY](entry)) + } + + [MAYBECLOSE] () { + if (this[ENDED] && this[PENDING] === 0) { + this.emit('prefinish') + this.emit('finish') + this.emit('end') + this.emit('close') + } + } + + [CHECKPATH] (entry) { + if (this.strip) { + const parts = entry.path.split(/\/|\\/) + if (parts.length < this.strip) + return false + entry.path = parts.slice(this.strip).join('/') + + if (entry.type === 'Link') { + const linkparts = entry.linkpath.split(/\/|\\/) + if (linkparts.length >= this.strip) + entry.linkpath = linkparts.slice(this.strip).join('/') + } + } + + if (!this.preservePaths) { + const p = entry.path + if (p.match(/(^|\/|\\)\.\.(\\|\/|$)/)) { + this.warn('path contains \'..\'', p) + return false + } + + // absolutes on posix are also absolutes on win32 + // so we only need to test this one to get both + if (path.win32.isAbsolute(p)) { + const parsed = path.win32.parse(p) + this.warn('stripping ' + parsed.root + ' from absolute path', p) + entry.path = p.substr(parsed.root.length) + } + } + + // only encode : chars that aren't drive letter indicators + if (this.win32) { + const parsed = path.win32.parse(entry.path) + entry.path = parsed.root === '' ? wc.encode(entry.path) + : parsed.root + wc.encode(entry.path.substr(parsed.root.length)) + } + + if (path.isAbsolute(entry.path)) + entry.absolute = entry.path + else + entry.absolute = path.resolve(this.cwd, entry.path) + + return true + } + + [ONENTRY] (entry) { + if (!this[CHECKPATH](entry)) + return entry.resume() + + assert.equal(typeof entry.absolute, 'string') + + switch (entry.type) { + case 'Directory': + case 'GNUDumpDir': + if (entry.mode) + entry.mode = entry.mode | 0o700 + + case 'File': + case 'OldFile': + case 'ContiguousFile': + case 'Link': + case 'SymbolicLink': + return this[CHECKFS](entry) + + case 'CharacterDevice': + case 'BlockDevice': + case 'FIFO': + return this[UNSUPPORTED](entry) + } + } + + [ONERROR] (er, entry) { + // Cwd has to exist, or else nothing works. That's serious. + // Other errors are warnings, which raise the error in strict + // mode, but otherwise continue on. + if (er.name === 'CwdError') + this.emit('error', er) + else { + this.warn(er.message, er) + this[UNPEND]() + entry.resume() + } + } + + [MKDIR] (dir, mode, cb) { + mkdir(dir, { + uid: this.uid, + gid: this.gid, + processUid: this.processUid, + processGid: this.processGid, + umask: this.processUmask, + preserve: this.preservePaths, + unlink: this.unlink, + cache: this.dirCache, + cwd: this.cwd, + mode: mode + }, cb) + } + + [DOCHOWN] (entry) { + // in preserve owner mode, chown if the entry doesn't match process + // in set owner mode, chown if setting doesn't match process + return this.forceChown || + this.preserveOwner && + ( typeof entry.uid === 'number' && entry.uid !== this.processUid || + typeof entry.gid === 'number' && entry.gid !== this.processGid ) + || + ( typeof this.uid === 'number' && this.uid !== this.processUid || + typeof this.gid === 'number' && this.gid !== this.processGid ) + } + + [UID] (entry) { + return uint32(this.uid, entry.uid, this.processUid) + } + + [GID] (entry) { + return uint32(this.gid, entry.gid, this.processGid) + } + + [FILE] (entry) { + const mode = entry.mode & 0o7777 || this.fmode + const stream = new fsm.WriteStream(entry.absolute, { + mode: mode, + autoClose: false + }) + stream.on('error', er => this[ONERROR](er, entry)) + + let actions = 1 + const done = er => { + if (er) + return this[ONERROR](er, entry) + + if (--actions === 0) + fs.close(stream.fd, _ => this[UNPEND]()) + } + + stream.on('finish', _ => { + // if futimes fails, try utimes + // if utimes fails, fail with the original error + // same for fchown/chown + const abs = entry.absolute + const fd = stream.fd + + if (entry.mtime && !this.noMtime) { + actions++ + const atime = entry.atime || new Date() + const mtime = entry.mtime + fs.futimes(fd, atime, mtime, er => + er ? fs.utimes(abs, atime, mtime, er2 => done(er2 && er)) + : done()) + } + + if (this[DOCHOWN](entry)) { + actions++ + const uid = this[UID](entry) + const gid = this[GID](entry) + fs.fchown(fd, uid, gid, er => + er ? fs.chown(abs, uid, gid, er2 => done(er2 && er)) + : done()) + } + + done() + }) + + const tx = this.transform ? this.transform(entry) || entry : entry + if (tx !== entry) { + tx.on('error', er => this[ONERROR](er, entry)) + entry.pipe(tx) + } + tx.pipe(stream) + } + + [DIRECTORY] (entry) { + const mode = entry.mode & 0o7777 || this.dmode + this[MKDIR](entry.absolute, mode, er => { + if (er) + return this[ONERROR](er, entry) + + let actions = 1 + const done = _ => { + if (--actions === 0) { + this[UNPEND]() + entry.resume() + } + } + + if (entry.mtime && !this.noMtime) { + actions++ + fs.utimes(entry.absolute, entry.atime || new Date(), entry.mtime, done) + } + + if (this[DOCHOWN](entry)) { + actions++ + fs.chown(entry.absolute, this[UID](entry), this[GID](entry), done) + } + + done() + }) + } + + [UNSUPPORTED] (entry) { + this.warn('unsupported entry type: ' + entry.type, entry) + entry.resume() + } + + [SYMLINK] (entry) { + this[LINK](entry, entry.linkpath, 'symlink') + } + + [HARDLINK] (entry) { + this[LINK](entry, path.resolve(this.cwd, entry.linkpath), 'link') + } + + [PEND] () { + this[PENDING]++ + } + + [UNPEND] () { + this[PENDING]-- + this[MAYBECLOSE]() + } + + [SKIP] (entry) { + this[UNPEND]() + entry.resume() + } + + // Check if we can reuse an existing filesystem entry safely and + // overwrite it, rather than unlinking and recreating + // Windows doesn't report a useful nlink, so we just never reuse entries + [ISREUSABLE] (entry, st) { + return entry.type === 'File' && + !this.unlink && + st.isFile() && + st.nlink <= 1 && + process.platform !== 'win32' + } + + // check if a thing is there, and if so, try to clobber it + [CHECKFS] (entry) { + this[PEND]() + this[MKDIR](path.dirname(entry.absolute), this.dmode, er => { + if (er) + return this[ONERROR](er, entry) + fs.lstat(entry.absolute, (er, st) => { + if (st && (this.keep || this.newer && st.mtime > entry.mtime)) + this[SKIP](entry) + else if (er || this[ISREUSABLE](entry, st)) + this[MAKEFS](null, entry) + else if (st.isDirectory()) { + if (entry.type === 'Directory') { + if (!entry.mode || (st.mode & 0o7777) === entry.mode) + this[MAKEFS](null, entry) + else + fs.chmod(entry.absolute, entry.mode, er => this[MAKEFS](er, entry)) + } else + fs.rmdir(entry.absolute, er => this[MAKEFS](er, entry)) + } else + unlinkFile(entry.absolute, er => this[MAKEFS](er, entry)) + }) + }) + } + + [MAKEFS] (er, entry) { + if (er) + return this[ONERROR](er, entry) + + switch (entry.type) { + case 'File': + case 'OldFile': + case 'ContiguousFile': + return this[FILE](entry) + + case 'Link': + return this[HARDLINK](entry) + + case 'SymbolicLink': + return this[SYMLINK](entry) + + case 'Directory': + case 'GNUDumpDir': + return this[DIRECTORY](entry) + } + } + + [LINK] (entry, linkpath, link) { + // XXX: get the type ('file' or 'dir') for windows + fs[link](linkpath, entry.absolute, er => { + if (er) + return this[ONERROR](er, entry) + this[UNPEND]() + entry.resume() + }) + } +} + +class UnpackSync extends Unpack { + constructor (opt) { + super(opt) + } + + [CHECKFS] (entry) { + const er = this[MKDIR](path.dirname(entry.absolute), this.dmode) + if (er) + return this[ONERROR](er, entry) + try { + const st = fs.lstatSync(entry.absolute) + if (this.keep || this.newer && st.mtime > entry.mtime) + return this[SKIP](entry) + else if (this[ISREUSABLE](entry, st)) + return this[MAKEFS](null, entry) + else { + try { + if (st.isDirectory()) { + if (entry.type === 'Directory') { + if (entry.mode && (st.mode & 0o7777) !== entry.mode) + fs.chmodSync(entry.absolute, entry.mode) + } else + fs.rmdirSync(entry.absolute) + } else + unlinkFileSync(entry.absolute) + return this[MAKEFS](null, entry) + } catch (er) { + return this[ONERROR](er, entry) + } + } + } catch (er) { + return this[MAKEFS](null, entry) + } + } + + [FILE] (entry) { + const mode = entry.mode & 0o7777 || this.fmode + + const oner = er => { + try { fs.closeSync(fd) } catch (_) {} + if (er) + this[ONERROR](er, entry) + } + + let stream + let fd + try { + fd = fs.openSync(entry.absolute, 'w', mode) + } catch (er) { + return oner(er) + } + const tx = this.transform ? this.transform(entry) || entry : entry + if (tx !== entry) { + tx.on('error', er => this[ONERROR](er, entry)) + entry.pipe(tx) + } + + tx.on('data', chunk => { + try { + fs.writeSync(fd, chunk, 0, chunk.length) + } catch (er) { + oner(er) + } + }) + + tx.on('end', _ => { + let er = null + // try both, falling futimes back to utimes + // if either fails, handle the first error + if (entry.mtime && !this.noMtime) { + const atime = entry.atime || new Date() + const mtime = entry.mtime + try { + fs.futimesSync(fd, atime, mtime) + } catch (futimeser) { + try { + fs.utimesSync(entry.absolute, atime, mtime) + } catch (utimeser) { + er = futimeser + } + } + } + + if (this[DOCHOWN](entry)) { + const uid = this[UID](entry) + const gid = this[GID](entry) + + try { + fs.fchownSync(fd, uid, gid) + } catch (fchowner) { + try { + fs.chownSync(entry.absolute, uid, gid) + } catch (chowner) { + er = er || fchowner + } + } + } + + oner(er) + }) + } + + [DIRECTORY] (entry) { + const mode = entry.mode & 0o7777 || this.dmode + const er = this[MKDIR](entry.absolute, mode) + if (er) + return this[ONERROR](er, entry) + if (entry.mtime && !this.noMtime) { + try { + fs.utimesSync(entry.absolute, entry.atime || new Date(), entry.mtime) + } catch (er) {} + } + if (this[DOCHOWN](entry)) { + try { + fs.chownSync(entry.absolute, this[UID](entry), this[GID](entry)) + } catch (er) {} + } + entry.resume() + } + + [MKDIR] (dir, mode) { + try { + return mkdir.sync(dir, { + uid: this.uid, + gid: this.gid, + processUid: this.processUid, + processGid: this.processGid, + umask: this.processUmask, + preserve: this.preservePaths, + unlink: this.unlink, + cache: this.dirCache, + cwd: this.cwd, + mode: mode + }) + } catch (er) { + return er + } + } + + [LINK] (entry, linkpath, link) { + try { + fs[link + 'Sync'](linkpath, entry.absolute) + entry.resume() + } catch (er) { + return this[ONERROR](er, entry) + } + } +} + +Unpack.Sync = UnpackSync +module.exports = Unpack diff --git a/node_modules/libnpm/node_modules/tar/lib/update.js b/node_modules/libnpm/node_modules/tar/lib/update.js new file mode 100644 index 000000000..16c3e93ed --- /dev/null +++ b/node_modules/libnpm/node_modules/tar/lib/update.js @@ -0,0 +1,36 @@ +'use strict' + +// tar -u + +const hlo = require('./high-level-opt.js') +const r = require('./replace.js') +// just call tar.r with the filter and mtimeCache + +const u = module.exports = (opt_, files, cb) => { + const opt = hlo(opt_) + + if (!opt.file) + throw new TypeError('file is required') + + if (opt.gzip) + throw new TypeError('cannot append to compressed archives') + + if (!files || !Array.isArray(files) || !files.length) + throw new TypeError('no files or directories specified') + + files = Array.from(files) + + mtimeFilter(opt) + return r(opt, files, cb) +} + +const mtimeFilter = opt => { + const filter = opt.filter + + if (!opt.mtimeCache) + opt.mtimeCache = new Map() + + opt.filter = filter ? (path, stat) => + filter(path, stat) && !(opt.mtimeCache.get(path) > stat.mtime) + : (path, stat) => !(opt.mtimeCache.get(path) > stat.mtime) +} diff --git a/node_modules/libnpm/node_modules/tar/lib/warn-mixin.js b/node_modules/libnpm/node_modules/tar/lib/warn-mixin.js new file mode 100644 index 000000000..94a4b9b99 --- /dev/null +++ b/node_modules/libnpm/node_modules/tar/lib/warn-mixin.js @@ -0,0 +1,14 @@ +'use strict' +module.exports = Base => class extends Base { + warn (msg, data) { + if (!this.strict) + this.emit('warn', msg, data) + else if (data instanceof Error) + this.emit('error', data) + else { + const er = new Error(msg) + er.data = data + this.emit('error', er) + } + } +} diff --git a/node_modules/libnpm/node_modules/tar/lib/winchars.js b/node_modules/libnpm/node_modules/tar/lib/winchars.js new file mode 100644 index 000000000..cf6ea0606 --- /dev/null +++ b/node_modules/libnpm/node_modules/tar/lib/winchars.js @@ -0,0 +1,23 @@ +'use strict' + +// When writing files on Windows, translate the characters to their +// 0xf000 higher-encoded versions. + +const raw = [ + '|', + '<', + '>', + '?', + ':' +] + +const win = raw.map(char => + String.fromCharCode(0xf000 + char.charCodeAt(0))) + +const toWin = new Map(raw.map((char, i) => [char, win[i]])) +const toRaw = new Map(win.map((char, i) => [char, raw[i]])) + +module.exports = { + encode: s => raw.reduce((s, c) => s.split(c).join(toWin.get(c)), s), + decode: s => win.reduce((s, c) => s.split(c).join(toRaw.get(c)), s) +} diff --git a/node_modules/libnpm/node_modules/tar/lib/write-entry.js b/node_modules/libnpm/node_modules/tar/lib/write-entry.js new file mode 100644 index 000000000..0c019006f --- /dev/null +++ b/node_modules/libnpm/node_modules/tar/lib/write-entry.js @@ -0,0 +1,422 @@ +'use strict' +const Buffer = require('./buffer.js') +const MiniPass = require('minipass') +const Pax = require('./pax.js') +const Header = require('./header.js') +const ReadEntry = require('./read-entry.js') +const fs = require('fs') +const path = require('path') + +const types = require('./types.js') +const maxReadSize = 16 * 1024 * 1024 +const PROCESS = Symbol('process') +const FILE = Symbol('file') +const DIRECTORY = Symbol('directory') +const SYMLINK = Symbol('symlink') +const HARDLINK = Symbol('hardlink') +const HEADER = Symbol('header') +const READ = Symbol('read') +const LSTAT = Symbol('lstat') +const ONLSTAT = Symbol('onlstat') +const ONREAD = Symbol('onread') +const ONREADLINK = Symbol('onreadlink') +const OPENFILE = Symbol('openfile') +const ONOPENFILE = Symbol('onopenfile') +const CLOSE = Symbol('close') +const MODE = Symbol('mode') +const warner = require('./warn-mixin.js') +const winchars = require('./winchars.js') + +const modeFix = require('./mode-fix.js') + +const WriteEntry = warner(class WriteEntry extends MiniPass { + constructor (p, opt) { + opt = opt || {} + super(opt) + if (typeof p !== 'string') + throw new TypeError('path is required') + this.path = p + // suppress atime, ctime, uid, gid, uname, gname + this.portable = !!opt.portable + // until node has builtin pwnam functions, this'll have to do + this.myuid = process.getuid && process.getuid() + this.myuser = process.env.USER || '' + this.maxReadSize = opt.maxReadSize || maxReadSize + this.linkCache = opt.linkCache || new Map() + this.statCache = opt.statCache || new Map() + this.preservePaths = !!opt.preservePaths + this.cwd = opt.cwd || process.cwd() + this.strict = !!opt.strict + this.noPax = !!opt.noPax + this.noMtime = !!opt.noMtime + this.mtime = opt.mtime || null + + if (typeof opt.onwarn === 'function') + this.on('warn', opt.onwarn) + + if (!this.preservePaths && path.win32.isAbsolute(p)) { + // absolutes on posix are also absolutes on win32 + // so we only need to test this one to get both + const parsed = path.win32.parse(p) + this.warn('stripping ' + parsed.root + ' from absolute path', p) + this.path = p.substr(parsed.root.length) + } + + this.win32 = !!opt.win32 || process.platform === 'win32' + if (this.win32) { + this.path = winchars.decode(this.path.replace(/\\/g, '/')) + p = p.replace(/\\/g, '/') + } + + this.absolute = opt.absolute || path.resolve(this.cwd, p) + + if (this.path === '') + this.path = './' + + if (this.statCache.has(this.absolute)) + this[ONLSTAT](this.statCache.get(this.absolute)) + else + this[LSTAT]() + } + + [LSTAT] () { + fs.lstat(this.absolute, (er, stat) => { + if (er) + return this.emit('error', er) + this[ONLSTAT](stat) + }) + } + + [ONLSTAT] (stat) { + this.statCache.set(this.absolute, stat) + this.stat = stat + if (!stat.isFile()) + stat.size = 0 + this.type = getType(stat) + this.emit('stat', stat) + this[PROCESS]() + } + + [PROCESS] () { + switch (this.type) { + case 'File': return this[FILE]() + case 'Directory': return this[DIRECTORY]() + case 'SymbolicLink': return this[SYMLINK]() + // unsupported types are ignored. + default: return this.end() + } + } + + [MODE] (mode) { + return modeFix(mode, this.type === 'Directory') + } + + [HEADER] () { + if (this.type === 'Directory' && this.portable) + this.noMtime = true + + this.header = new Header({ + path: this.path, + linkpath: this.linkpath, + // only the permissions and setuid/setgid/sticky bitflags + // not the higher-order bits that specify file type + mode: this[MODE](this.stat.mode), + uid: this.portable ? null : this.stat.uid, + gid: this.portable ? null : this.stat.gid, + size: this.stat.size, + mtime: this.noMtime ? null : this.mtime || this.stat.mtime, + type: this.type, + uname: this.portable ? null : + this.stat.uid === this.myuid ? this.myuser : '', + atime: this.portable ? null : this.stat.atime, + ctime: this.portable ? null : this.stat.ctime + }) + + if (this.header.encode() && !this.noPax) + this.write(new Pax({ + atime: this.portable ? null : this.header.atime, + ctime: this.portable ? null : this.header.ctime, + gid: this.portable ? null : this.header.gid, + mtime: this.noMtime ? null : this.mtime || this.header.mtime, + path: this.path, + linkpath: this.linkpath, + size: this.header.size, + uid: this.portable ? null : this.header.uid, + uname: this.portable ? null : this.header.uname, + dev: this.portable ? null : this.stat.dev, + ino: this.portable ? null : this.stat.ino, + nlink: this.portable ? null : this.stat.nlink + }).encode()) + this.write(this.header.block) + } + + [DIRECTORY] () { + if (this.path.substr(-1) !== '/') + this.path += '/' + this.stat.size = 0 + this[HEADER]() + this.end() + } + + [SYMLINK] () { + fs.readlink(this.absolute, (er, linkpath) => { + if (er) + return this.emit('error', er) + this[ONREADLINK](linkpath) + }) + } + + [ONREADLINK] (linkpath) { + this.linkpath = linkpath + this[HEADER]() + this.end() + } + + [HARDLINK] (linkpath) { + this.type = 'Link' + this.linkpath = path.relative(this.cwd, linkpath) + this.stat.size = 0 + this[HEADER]() + this.end() + } + + [FILE] () { + if (this.stat.nlink > 1) { + const linkKey = this.stat.dev + ':' + this.stat.ino + if (this.linkCache.has(linkKey)) { + const linkpath = this.linkCache.get(linkKey) + if (linkpath.indexOf(this.cwd) === 0) + return this[HARDLINK](linkpath) + } + this.linkCache.set(linkKey, this.absolute) + } + + this[HEADER]() + if (this.stat.size === 0) + return this.end() + + this[OPENFILE]() + } + + [OPENFILE] () { + fs.open(this.absolute, 'r', (er, fd) => { + if (er) + return this.emit('error', er) + this[ONOPENFILE](fd) + }) + } + + [ONOPENFILE] (fd) { + const blockLen = 512 * Math.ceil(this.stat.size / 512) + const bufLen = Math.min(blockLen, this.maxReadSize) + const buf = Buffer.allocUnsafe(bufLen) + this[READ](fd, buf, 0, buf.length, 0, this.stat.size, blockLen) + } + + [READ] (fd, buf, offset, length, pos, remain, blockRemain) { + fs.read(fd, buf, offset, length, pos, (er, bytesRead) => { + if (er) + return this[CLOSE](fd, _ => this.emit('error', er)) + this[ONREAD](fd, buf, offset, length, pos, remain, blockRemain, bytesRead) + }) + } + + [CLOSE] (fd, cb) { + fs.close(fd, cb) + } + + [ONREAD] (fd, buf, offset, length, pos, remain, blockRemain, bytesRead) { + if (bytesRead <= 0 && remain > 0) { + const er = new Error('encountered unexpected EOF') + er.path = this.absolute + er.syscall = 'read' + er.code = 'EOF' + this[CLOSE](fd, _ => _) + return this.emit('error', er) + } + + if (bytesRead > remain) { + const er = new Error('did not encounter expected EOF') + er.path = this.absolute + er.syscall = 'read' + er.code = 'EOF' + this[CLOSE](fd, _ => _) + return this.emit('error', er) + } + + // null out the rest of the buffer, if we could fit the block padding + if (bytesRead === remain) { + for (let i = bytesRead; i < length && bytesRead < blockRemain; i++) { + buf[i + offset] = 0 + bytesRead ++ + remain ++ + } + } + + const writeBuf = offset === 0 && bytesRead === buf.length ? + buf : buf.slice(offset, offset + bytesRead) + remain -= bytesRead + blockRemain -= bytesRead + pos += bytesRead + offset += bytesRead + + this.write(writeBuf) + + if (!remain) { + if (blockRemain) + this.write(Buffer.alloc(blockRemain)) + this.end() + this[CLOSE](fd, _ => _) + return + } + + if (offset >= length) { + buf = Buffer.allocUnsafe(length) + offset = 0 + } + length = buf.length - offset + this[READ](fd, buf, offset, length, pos, remain, blockRemain) + } +}) + +class WriteEntrySync extends WriteEntry { + constructor (path, opt) { + super(path, opt) + } + + [LSTAT] () { + this[ONLSTAT](fs.lstatSync(this.absolute)) + } + + [SYMLINK] () { + this[ONREADLINK](fs.readlinkSync(this.absolute)) + } + + [OPENFILE] () { + this[ONOPENFILE](fs.openSync(this.absolute, 'r')) + } + + [READ] (fd, buf, offset, length, pos, remain, blockRemain) { + let threw = true + try { + const bytesRead = fs.readSync(fd, buf, offset, length, pos) + this[ONREAD](fd, buf, offset, length, pos, remain, blockRemain, bytesRead) + threw = false + } finally { + if (threw) + try { this[CLOSE](fd) } catch (er) {} + } + } + + [CLOSE] (fd) { + fs.closeSync(fd) + } +} + +const WriteEntryTar = warner(class WriteEntryTar extends MiniPass { + constructor (readEntry, opt) { + opt = opt || {} + super(opt) + this.preservePaths = !!opt.preservePaths + this.portable = !!opt.portable + this.strict = !!opt.strict + this.noPax = !!opt.noPax + this.noMtime = !!opt.noMtime + + this.readEntry = readEntry + this.type = readEntry.type + if (this.type === 'Directory' && this.portable) + this.noMtime = true + + this.path = readEntry.path + this.mode = this[MODE](readEntry.mode) + this.uid = this.portable ? null : readEntry.uid + this.gid = this.portable ? null : readEntry.gid + this.uname = this.portable ? null : readEntry.uname + this.gname = this.portable ? null : readEntry.gname + this.size = readEntry.size + this.mtime = this.noMtime ? null : opt.mtime || readEntry.mtime + this.atime = this.portable ? null : readEntry.atime + this.ctime = this.portable ? null : readEntry.ctime + this.linkpath = readEntry.linkpath + + if (typeof opt.onwarn === 'function') + this.on('warn', opt.onwarn) + + if (path.isAbsolute(this.path) && !this.preservePaths) { + const parsed = path.parse(this.path) + this.warn( + 'stripping ' + parsed.root + ' from absolute path', + this.path + ) + this.path = this.path.substr(parsed.root.length) + } + + this.remain = readEntry.size + this.blockRemain = readEntry.startBlockSize + + this.header = new Header({ + path: this.path, + linkpath: this.linkpath, + // only the permissions and setuid/setgid/sticky bitflags + // not the higher-order bits that specify file type + mode: this.mode, + uid: this.portable ? null : this.uid, + gid: this.portable ? null : this.gid, + size: this.size, + mtime: this.noMtime ? null : this.mtime, + type: this.type, + uname: this.portable ? null : this.uname, + atime: this.portable ? null : this.atime, + ctime: this.portable ? null : this.ctime + }) + + if (this.header.encode() && !this.noPax) + super.write(new Pax({ + atime: this.portable ? null : this.atime, + ctime: this.portable ? null : this.ctime, + gid: this.portable ? null : this.gid, + mtime: this.noMtime ? null : this.mtime, + path: this.path, + linkpath: this.linkpath, + size: this.size, + uid: this.portable ? null : this.uid, + uname: this.portable ? null : this.uname, + dev: this.portable ? null : this.readEntry.dev, + ino: this.portable ? null : this.readEntry.ino, + nlink: this.portable ? null : this.readEntry.nlink + }).encode()) + + super.write(this.header.block) + readEntry.pipe(this) + } + + [MODE] (mode) { + return modeFix(mode, this.type === 'Directory') + } + + write (data) { + const writeLen = data.length + if (writeLen > this.blockRemain) + throw new Error('writing more to entry than is appropriate') + this.blockRemain -= writeLen + return super.write(data) + } + + end () { + if (this.blockRemain) + this.write(Buffer.alloc(this.blockRemain)) + return super.end() + } +}) + +WriteEntry.Sync = WriteEntrySync +WriteEntry.Tar = WriteEntryTar + +const getType = stat => + stat.isFile() ? 'File' + : stat.isDirectory() ? 'Directory' + : stat.isSymbolicLink() ? 'SymbolicLink' + : 'Unsupported' + +module.exports = WriteEntry diff --git a/node_modules/pacote/node_modules/tar/package.json b/node_modules/libnpm/node_modules/tar/package.json index a06234e72..b642cc2d1 100644 --- a/node_modules/pacote/node_modules/tar/package.json +++ b/node_modules/libnpm/node_modules/tar/package.json @@ -3,7 +3,7 @@ "_id": "tar@4.4.13", "_inBundle": false, "_integrity": "sha512-w2VwSrBoHa5BsSyH+KxEqeQBAllHhccyMFVHtGtdMpF4W7IRWfZjFiQceJPChOeTsSDVUpER2T8FA93pr0L+QA==", - "_location": "/pacote/tar", + "_location": "/libnpm/tar", "_phantomChildren": {}, "_requested": { "type": "range", @@ -16,12 +16,12 @@ "fetchSpec": "^4.4.10" }, "_requiredBy": [ - "/pacote" + "/libnpm/pacote" ], "_resolved": "https://registry.npmjs.org/tar/-/tar-4.4.13.tgz", "_shasum": "43b364bc52888d555298637b10d60790254ab525", "_spec": "tar@^4.4.10", - "_where": "/Users/claudiahdz/npm/cli/node_modules/pacote", + "_where": "/Users/claudiahdz/npm/cli/node_modules/libnpm/node_modules/pacote", "author": { "name": "Isaac Z. Schlueter", "email": "i@izs.me", diff --git a/node_modules/libnpm/node_modules/which/CHANGELOG.md b/node_modules/libnpm/node_modules/which/CHANGELOG.md new file mode 100644 index 000000000..3d83d2694 --- /dev/null +++ b/node_modules/libnpm/node_modules/which/CHANGELOG.md @@ -0,0 +1,152 @@ +# Changes + + +## 1.3.1 + +* update deps +* update travis + +## v1.3.0 + +* Add nothrow option to which.sync +* update tap + +## v1.2.14 + +* appveyor: drop node 5 and 0.x +* travis-ci: add node 6, drop 0.x + +## v1.2.13 + +* test: Pass missing option to pass on windows +* update tap +* update isexe to 2.0.0 +* neveragain.tech pledge request + +## v1.2.12 + +* Removed unused require + +## v1.2.11 + +* Prevent changelog script from being included in package + +## v1.2.10 + +* Use env.PATH only, not env.Path + +## v1.2.9 + +* fix for paths starting with ../ +* Remove unused `is-absolute` module + +## v1.2.8 + +* bullet items in changelog that contain (but don't start with) # + +## v1.2.7 + +* strip 'update changelog' changelog entries out of changelog + +## v1.2.6 + +* make the changelog bulleted + +## v1.2.5 + +* make a changelog, and keep it up to date +* don't include tests in package +* Properly handle relative-path executables +* appveyor +* Attach error code to Not Found error +* Make tests pass on Windows + +## v1.2.4 + +* Fix typo + +## v1.2.3 + +* update isexe, fix regression in pathExt handling + +## v1.2.2 + +* update deps, use isexe module, test windows + +## v1.2.1 + +* Sometimes windows PATH entries are quoted +* Fixed a bug in the check for group and user mode bits. This bug was introduced during refactoring for supporting strict mode. +* doc cli + +## v1.2.0 + +* Add support for opt.all and -as cli flags +* test the bin +* update travis +* Allow checking for multiple programs in bin/which +* tap 2 + +## v1.1.2 + +* travis +* Refactored and fixed undefined error on Windows +* Support strict mode + +## v1.1.1 + +* test +g exes against secondary groups, if available +* Use windows exe semantics on cygwin & msys +* cwd should be first in path on win32, not last +* Handle lower-case 'env.Path' on Windows +* Update docs +* use single-quotes + +## v1.1.0 + +* Add tests, depend on is-absolute + +## v1.0.9 + +* which.js: root is allowed to execute files owned by anyone + +## v1.0.8 + +* don't use graceful-fs + +## v1.0.7 + +* add license to package.json + +## v1.0.6 + +* isc license + +## 1.0.5 + +* Awful typo + +## 1.0.4 + +* Test for path absoluteness properly +* win: Allow '' as a pathext if cmd has a . in it + +## 1.0.3 + +* Remove references to execPath +* Make `which.sync()` work on Windows by honoring the PATHEXT variable. +* Make `isExe()` always return true on Windows. +* MIT + +## 1.0.2 + +* Only files can be exes + +## 1.0.1 + +* Respect the PATHEXT env for win32 support +* should 0755 the bin +* binary +* guts +* package +* 1st diff --git a/node_modules/libnpm/node_modules/which/LICENSE b/node_modules/libnpm/node_modules/which/LICENSE new file mode 100644 index 000000000..19129e315 --- /dev/null +++ b/node_modules/libnpm/node_modules/which/LICENSE @@ -0,0 +1,15 @@ +The ISC License + +Copyright (c) Isaac Z. Schlueter and Contributors + +Permission to use, copy, modify, and/or distribute this software for any +purpose with or without fee is hereby granted, provided that the above +copyright notice and this permission notice appear in all copies. + +THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR +IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. diff --git a/node_modules/libnpm/node_modules/which/README.md b/node_modules/libnpm/node_modules/which/README.md new file mode 100644 index 000000000..8c0b0cbf7 --- /dev/null +++ b/node_modules/libnpm/node_modules/which/README.md @@ -0,0 +1,51 @@ +# which + +Like the unix `which` utility. + +Finds the first instance of a specified executable in the PATH +environment variable. Does not cache the results, so `hash -r` is not +needed when the PATH changes. + +## USAGE + +```javascript +var which = require('which') + +// async usage +which('node', function (er, resolvedPath) { + // er is returned if no "node" is found on the PATH + // if it is found, then the absolute path to the exec is returned +}) + +// sync usage +// throws if not found +var resolved = which.sync('node') + +// if nothrow option is used, returns null if not found +resolved = which.sync('node', {nothrow: true}) + +// Pass options to override the PATH and PATHEXT environment vars. +which('node', { path: someOtherPath }, function (er, resolved) { + if (er) + throw er + console.log('found at %j', resolved) +}) +``` + +## CLI USAGE + +Same as the BSD `which(1)` binary. + +``` +usage: which [-as] program ... +``` + +## OPTIONS + +You may pass an options object as the second argument. + +- `path`: Use instead of the `PATH` environment variable. +- `pathExt`: Use instead of the `PATHEXT` environment variable. +- `all`: Return all matches, instead of just the first one. Note that + this means the function returns an array of strings instead of a + single string. diff --git a/node_modules/libnpm/node_modules/which/bin/which b/node_modules/libnpm/node_modules/which/bin/which new file mode 100755 index 000000000..7cee3729e --- /dev/null +++ b/node_modules/libnpm/node_modules/which/bin/which @@ -0,0 +1,52 @@ +#!/usr/bin/env node +var which = require("../") +if (process.argv.length < 3) + usage() + +function usage () { + console.error('usage: which [-as] program ...') + process.exit(1) +} + +var all = false +var silent = false +var dashdash = false +var args = process.argv.slice(2).filter(function (arg) { + if (dashdash || !/^-/.test(arg)) + return true + + if (arg === '--') { + dashdash = true + return false + } + + var flags = arg.substr(1).split('') + for (var f = 0; f < flags.length; f++) { + var flag = flags[f] + switch (flag) { + case 's': + silent = true + break + case 'a': + all = true + break + default: + console.error('which: illegal option -- ' + flag) + usage() + } + } + return false +}) + +process.exit(args.reduce(function (pv, current) { + try { + var f = which.sync(current, { all: all }) + if (all) + f = f.join('\n') + if (!silent) + console.log(f) + return pv; + } catch (e) { + return 1; + } +}, 0)) diff --git a/node_modules/pacote/node_modules/which/package.json b/node_modules/libnpm/node_modules/which/package.json index b2d5b490a..288074cc9 100644 --- a/node_modules/pacote/node_modules/which/package.json +++ b/node_modules/libnpm/node_modules/which/package.json @@ -3,7 +3,7 @@ "_id": "which@1.3.1", "_inBundle": false, "_integrity": "sha512-HxJdYWq1MTIQbJ3nw0cqssHoTNU267KlrDuGZ1WYlxDStUtKUhOaJmh112/TZmHxxUfuJqPXSOm7tDyas0OSIQ==", - "_location": "/pacote/which", + "_location": "/libnpm/which", "_phantomChildren": {}, "_requested": { "type": "range", @@ -16,12 +16,12 @@ "fetchSpec": "^1.3.1" }, "_requiredBy": [ - "/pacote" + "/libnpm/pacote" ], "_resolved": "https://registry.npmjs.org/which/-/which-1.3.1.tgz", "_shasum": "a45043d54f5805316da8d62f9f50918d3da70b0a", "_spec": "which@^1.3.1", - "_where": "/Users/claudiahdz/npm/cli/node_modules/pacote", + "_where": "/Users/claudiahdz/npm/cli/node_modules/libnpm/node_modules/pacote", "author": { "name": "Isaac Z. Schlueter", "email": "i@izs.me", diff --git a/node_modules/libnpm/node_modules/which/which.js b/node_modules/libnpm/node_modules/which/which.js new file mode 100644 index 000000000..4347f91a1 --- /dev/null +++ b/node_modules/libnpm/node_modules/which/which.js @@ -0,0 +1,135 @@ +module.exports = which +which.sync = whichSync + +var isWindows = process.platform === 'win32' || + process.env.OSTYPE === 'cygwin' || + process.env.OSTYPE === 'msys' + +var path = require('path') +var COLON = isWindows ? ';' : ':' +var isexe = require('isexe') + +function getNotFoundError (cmd) { + var er = new Error('not found: ' + cmd) + er.code = 'ENOENT' + + return er +} + +function getPathInfo (cmd, opt) { + var colon = opt.colon || COLON + var pathEnv = opt.path || process.env.PATH || '' + var pathExt = [''] + + pathEnv = pathEnv.split(colon) + + var pathExtExe = '' + if (isWindows) { + pathEnv.unshift(process.cwd()) + pathExtExe = (opt.pathExt || process.env.PATHEXT || '.EXE;.CMD;.BAT;.COM') + pathExt = pathExtExe.split(colon) + + + // Always test the cmd itself first. isexe will check to make sure + // it's found in the pathExt set. + if (cmd.indexOf('.') !== -1 && pathExt[0] !== '') + pathExt.unshift('') + } + + // If it has a slash, then we don't bother searching the pathenv. + // just check the file itself, and that's it. + if (cmd.match(/\//) || isWindows && cmd.match(/\\/)) + pathEnv = [''] + + return { + env: pathEnv, + ext: pathExt, + extExe: pathExtExe + } +} + +function which (cmd, opt, cb) { + if (typeof opt === 'function') { + cb = opt + opt = {} + } + + var info = getPathInfo(cmd, opt) + var pathEnv = info.env + var pathExt = info.ext + var pathExtExe = info.extExe + var found = [] + + ;(function F (i, l) { + if (i === l) { + if (opt.all && found.length) + return cb(null, found) + else + return cb(getNotFoundError(cmd)) + } + + var pathPart = pathEnv[i] + if (pathPart.charAt(0) === '"' && pathPart.slice(-1) === '"') + pathPart = pathPart.slice(1, -1) + + var p = path.join(pathPart, cmd) + if (!pathPart && (/^\.[\\\/]/).test(cmd)) { + p = cmd.slice(0, 2) + p + } + ;(function E (ii, ll) { + if (ii === ll) return F(i + 1, l) + var ext = pathExt[ii] + isexe(p + ext, { pathExt: pathExtExe }, function (er, is) { + if (!er && is) { + if (opt.all) + found.push(p + ext) + else + return cb(null, p + ext) + } + return E(ii + 1, ll) + }) + })(0, pathExt.length) + })(0, pathEnv.length) +} + +function whichSync (cmd, opt) { + opt = opt || {} + + var info = getPathInfo(cmd, opt) + var pathEnv = info.env + var pathExt = info.ext + var pathExtExe = info.extExe + var found = [] + + for (var i = 0, l = pathEnv.length; i < l; i ++) { + var pathPart = pathEnv[i] + if (pathPart.charAt(0) === '"' && pathPart.slice(-1) === '"') + pathPart = pathPart.slice(1, -1) + + var p = path.join(pathPart, cmd) + if (!pathPart && /^\.[\\\/]/.test(cmd)) { + p = cmd.slice(0, 2) + p + } + for (var j = 0, ll = pathExt.length; j < ll; j ++) { + var cur = p + pathExt[j] + var is + try { + is = isexe.sync(cur, { pathExt: pathExtExe }) + if (is) { + if (opt.all) + found.push(cur) + else + return cur + } + } catch (ex) {} + } + } + + if (opt.all && found.length) + return found + + if (opt.nothrow) + return null + + throw getNotFoundError(cmd) +} diff --git a/node_modules/pacote/LICENSE b/node_modules/pacote/LICENSE index 841ef53a2..a03cd0ed0 100644 --- a/node_modules/pacote/LICENSE +++ b/node_modules/pacote/LICENSE @@ -1,21 +1,15 @@ -The MIT License (MIT) -Copyright (c) Kat Marchán, npm, Inc., and Contributors +The ISC License -Permission is hereby granted, free of charge, to any person obtaining a copy -of this software and associated documentation files (the "Software"), to deal -in the Software without restriction, including without limitation the rights -to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -copies of the Software, and to permit persons to whom the Software is -furnished to do so, subject to the following conditions: +Copyright (c) Isaac Z. Schlueter, Kat Marchán, npm, Inc., and Contributors -The above copyright notice and this permission notice shall be included in all -copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, -EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. -IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, -DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR -OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE -OR OTHER DEALINGS IN THE SOFTWARE. +Permission to use, copy, modify, and/or distribute this software for any +purpose with or without fee is hereby granted, provided that the above +copyright notice and this permission notice appear in all copies. +THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR +IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. diff --git a/node_modules/pacote/README.md b/node_modules/pacote/README.md index f29d330d8..96f1c16c7 100644 --- a/node_modules/pacote/README.md +++ b/node_modules/pacote/README.md @@ -1,288 +1,232 @@ -# pacote [](https://npm.im/pacote) [](https://npm.im/pacote) [](https://travis-ci.org/npm/pacote) [](https://ci.appveyor.com/project/npm/pacote) [](https://coveralls.io/github/npm/pacote?branch=latest) +# pacote -[`pacote`](https://github.com/npm/pacote) is a Node.js library for downloading -[npm](https://npmjs.org)-compatible packages. It supports all package specifier -syntax that `npm install` and its ilk support. It transparently caches anything -needed to reduce excess operations, using [`cacache`](https://npm.im/cacache). +JavaScript Package Handler -## Install +## USAGE -`$ npm install --save pacote` - -## Table of Contents - -* [Example](#example) -* [Features](#features) -* [Contributing](#contributing) -* [API](#api) - * [`manifest`](#manifest) - * [`packument`](#packument) - * [`extract`](#extract) - * [`tarball`](#tarball) - * [`tarball.stream`](#tarball-stream) - * [`tarball.toFile`](#tarball-to-file) - * ~~[`prefetch`](#prefetch)~~ (deprecated) - * [`clearMemoized`](#clearMemoized) - * [`options`](#options) - -### Example - -```javascript +```js const pacote = require('pacote') -pacote.manifest('pacote@^1').then(pkg => { - console.log('package manifest for registry pkg:', pkg) - // { "name": "pacote", "version": "1.0.0", ... } -}) +// get a package manifest +pacote.manifest('foo@1.x').then(manifest => console.log('got it', manifest)) -pacote.extract('http://hi.com/pkg.tgz', './here').then(() => { - console.log('remote tarball contents extracted to ./here') -}) -``` +// extract a package into a folder +pacote.extract('github:npm/cli', 'some/path', options) + .then(({from, resolved, integrity}) => { + console.log('extracted!', from, resolved, integrity) + }) -### Features - -* Handles all package types [npm](https://npm.im/npm) does -* [high-performance, reliable, verified local cache](https://npm.im/cacache) -* offline mode -* authentication support (private git, private npm registries, etc) -* github, gitlab, and bitbucket-aware -* semver range support for git dependencies - -### Contributing - -The pacote team enthusiastically welcomes contributions and project participation! There's a bunch of things you can do if you want to contribute! The [Contributor Guide](CONTRIBUTING.md) has all the information you need for everything from reporting bugs to contributing entire new features. Please don't hesitate to jump in if you'd like to, or even ask us questions if something isn't clear. - -### API - -#### <a name="manifest"></a> `> pacote.manifest(spec, [opts])` - -Fetches the *manifest* for a package. Manifest objects are similar and based -on the `package.json` for that package, but with pre-processed and limited -fields. The object has the following shape: - -```javascript -{ - "name": PkgName, - "version": SemverString, - "dependencies": { PkgName: SemverString }, - "optionalDependencies": { PkgName: SemverString }, - "devDependencies": { PkgName: SemverString }, - "peerDependencies": { PkgName: SemverString }, - "bundleDependencies": false || [PkgName], - "bin": { BinName: Path }, - "_resolved": TarballSource, // different for each package type - "_integrity": SubresourceIntegrityHash, - "_shrinkwrap": null || ShrinkwrapJsonObj -} -``` - -Note that depending on the spec type, some additional fields might be present. -For example, packages from `registry.npmjs.org` have additional metadata -appended by the registry. - -##### Example - -```javascript -pacote.manifest('pacote@1.0.0').then(pkgJson => { - // fetched `package.json` data from the registry +pacote.tarball('https://server.com/package.tgz').then(data => { + console.log('got ' + data.length + ' bytes of tarball data') }) ``` -#### <a name="packument"></a> `> pacote.packument(spec, [opts])` - -Fetches the *packument* for a package. Packument objects are general metadata -about a project corresponding to registry metadata, and include version and -`dist-tag` information about a package's available versions, rather than a -specific version. It may include additional metadata not usually available -through the individual package metadata objects. - -It generally looks something like this: - -```javascript -{ - "name": PkgName, - "dist-tags": { - 'latest': VersionString, - [TagName]: VersionString, - ... - }, - "versions": { - [VersionString]: Manifest, - ... - } -} -``` +Anything that you can do to with kind of package, you can do to any kind of +package. Data that isn't relevant (like a packument for a tarball) will be +simulated. -Note that depending on the spec type, some additional fields might be present. -For example, packages from `registry.npmjs.org` have additional metadata -appended by the registry. +## CLI -##### Example +This module exports a command line interface that can do most of what is +described below. Run `pacote -h` to learn more. -```javascript -pacote.packument('pacote').then(pkgJson => { - // fetched package versions metadata from the registry -}) ``` +Pacote - The JavaScript Package Handler, v10.1.1 -#### <a name="extract"></a> `> pacote.extract(spec, destination, [opts])` +Usage: -Extracts package data identified by `<spec>` into a directory named -`<destination>`, which will be created if it does not already exist. + pacote resolve <spec> + Resolve a specifier and output the fully resolved target + Returns integrity and from if '--long' flag is set. -If `opts.digest` is provided and the data it identifies is present in the cache, -`extract` will bypass most of its operations and go straight to extracting the -tarball. + pacote manifest <spec> + Fetch a manifest and print to stdout -##### Example + pacote packument <spec> + Fetch a full packument and print to stdout -```javascript -pacote.extract('pacote@1.0.0', './woot', { - digest: 'deadbeef' -}).then(() => { - // Succeeds as long as `pacote@1.0.0` still exists somewhere. Network and - // other operations are bypassed entirely if `digest` is present in the cache. -}) -``` - -#### <a name="tarball"></a> `> pacote.tarball(spec, [opts])` - -Fetches package data identified by `<spec>` and returns the data as a buffer. + pacote tarball <spec> [<filename>] + Fetch a package tarball and save to <filename> + If <filename> is missing or '-', the tarball will be streamed to stdout. -This API has two variants: + pacote extract <spec> <folder> + Extract a package to the destination folder. -* `pacote.tarball.stream(spec, [opts])` - Same as `pacote.tarball`, except it returns a stream instead of a Promise. -* `pacote.tarball.toFile(spec, dest, [opts])` - Instead of returning data directly, data will be written directly to `dest`, and create any required directories along the way. +Configuration values all match the names of configs passed to npm, or +options passed to Pacote. Additional flags for this executable: -##### Example + --long Print an object from 'resolve', including integrity and spec. + --json Print result objects as JSON rather than node's default. + (This is the default if stdout is not a TTY.) + --help -h Print this helpful text. -```javascript -pacote.tarball('pacote@1.0.0', { cache: './my-cache' }).then(data => { - // data is the tarball data for pacote@1.0.0 -}) +For example '--cache=/path/to/folder' will use that folder as the cache. ``` -#### <a name="tarball-stream"></a> `> pacote.tarball.stream(spec, [opts])` - -Same as `pacote.tarball`, except it returns a stream instead of a Promise. - -##### Example +## API + +The `spec` refers to any kind of package specifier that npm can install. +If you can pass it to the npm CLI, you can pass it to pacote. (In fact, +that's exactly what the npm CLI does.) + +See below for valid `opts` values. + +* `pacote.resolve(spec, opts)` Resolve a specifier like `foo@latest` or + `github:user/project` all the way to a tarball url, tarball file, or git + repo with commit hash. + +* `pacote.extract(spec, dest, opts)` Extract a package's tarball into a + destination folder. Returns a promise that resolves to the + `{from,resolved,integrity}` of the extracted package. + +* `pacote.manifest(spec, opts)` Fetch (or simulate) a package's manifest + (basically, the `package.json` file, plus a bit of metadata). + See below for more on manifests and packuments. Returns a Promise that + resolves to the manifest object. + +* `pacote.packument(spec, opts)` Fetch (or simulate) a package's packument + (basically, the top-level package document listing all the manifests that + the registry returns). See below for more on manifests and packuments. + Returns a Promise that resolves to the packument object. + +* `pacote.tarball(spec, opts)` Get a package tarball data as a buffer in + memory. Returns a Promise that resolves to the tarball data Buffer, with + `from`, `resolved`, and `integrity` fields attached. + +* `pacote.tarball.file(spec, dest, opts)` Save a package tarball data to + a file on disk. Returns a Promise that resolves to + `{from,integrity,resolved}` of the fetched tarball. + +* `pacote.tarball.stream(spec, streamHandler, opts)` Fetch a tarball and + make the stream available to the `streamHandler` function. + + This is mostly an internal function, but it is exposed because it does + provide some functionality that may be difficult to achieve otherwise. + + The `streamHandler` function MUST return a Promise that resolves when + the stream (and all associated work) is ended, or rejects if the stream + has an error. + + The `streamHandler` function MAY be called multiple times, as Pacote + retries requests in some scenarios, such as cache corruption or + retriable network failures. + +### Options + +* `cache` Where to store cache entries and temp files. Passed to + [`cacache`](http://npm.im/cacache). Defaults to the same cache directory + that npm will use by default, based on platform and environment. +* `where` Base folder for resolving relative `file:` dependencies. +* `resolved` Shortcut for looking up resolved values. Should be specified + if known. +* `integrity` Expected integrity of fetched package tarball. If specified, + tarballs with mismatched integrity values will raise an `EINTEGRITY` + error. +* `umask` Permission mode mask for extracted files and directories. + Defaults to `0o22`. See "Extracted File Modes" below. +* `fmode` Minimum permission mode for extracted files. Defaults to + `0o666`. See "Extracted File Modes" below. +* `dmode` Minimum permission mode for extracted directories. Defaults to + `0o777`. See "Extracted File Modes" below. +* `log` A logger object with methods for various log levels. Typically, + this will be [`npmlog`](http://npm.im/npmlog) in the npm CLI use case, + but if not specified, the default is a logger that emits `'log'` events + on the `process` object. +* `preferOnline` Prefer to revalidate cache entries, even when it would not + be strictly necessary. Default `false`. +* `before` When picking a manifest from a packument, only consider + packages published before the specified date. Default `null`. +* `defaultTag` The default `dist-tag` to use when choosing a manifest from a + packument. Defaults to `latest`. +* `registry` The npm registry to use by default. Defaults to + `https://registry.npmjs.org/`. + +## Extracted File Modes + +Files are extracted with a mode matching the following formula: -```javascript -pacote.tarball.stream('pacote@1.0.0') -.pipe(fs.createWriteStream('./pacote-1.0.0.tgz')) ``` - -#### <a name="tarball-to-file"></a> `> pacote.tarball.toFile(spec, dest, [opts])` - -Like `pacote.tarball`, but instead of returning data directly, data will be -written directly to `dest`, and create any required directories along the way. - -##### Example - -```javascript -pacote.tarball.toFile('pacote@1.0.0', './pacote-1.0.0.tgz') -.then(() => /* pacote tarball written directly to ./pacote-1.0.0.tgz */) +( (tarball entry mode value) | (minimum mode option) ) ~ (umask) ``` -#### <a name="prefetch"></a> `> pacote.prefetch(spec, [opts])` - -##### THIS API IS DEPRECATED. USE `pacote.tarball()` INSTEAD +This is in order to prevent unreadable files or unlistable directories from +cluttering a project's `node_modules` folder, even if the package tarball +specifies that the file should be inaccessible. -Fetches package data identified by `<spec>`, usually for the purpose of warming -up the local package cache (with `opts.cache`). It does not return anything. +It also prevents files from being group- or world-writable without explicit +opt-in by the user, because all file and directory modes are masked against +the `umask` value. -##### Example +So, a file which is `0o771` in the tarball, using the default `fmode` of +`0o666` and `umask` of `0o22`, will result in a file mode of `0o755`: -```javascript -pacote.prefetch('pacote@1.0.0', { cache: './my-cache' }).then(() => { - // ./my-cache now has both the manifest and tarball for `pacote@1.0.0`. -}) ``` - -#### <a name="clearMemoized"></a> `> pacote.clearMemoized()` - -This utility function can be used to force pacote to release its references -to any memoized data in its various internal caches. It might help free -some memory. - -```javascript -pacote.manifest(...).then(() => pacote.clearMemoized) - +(0o771 | 0o666) => 0o777 +(0o777 ~ 0o22) => 0o755 ``` -#### <a name="options"></a> `> options` - -`pacote` accepts [the options for -`npm-registry-fetch`](https://npm.im/npm-registry-fetch#fetch-options) as-is, -with a couple of additional `pacote-specific` ones: - -##### <a name="dirPacker"></a> `opts.dirPacker` - -* Type: Function -* Default: Uses [`npm-packlist`](https://npm.im/npm-packlist) and [`tar`](https://npm.im/tar) to make a tarball. - -Expects a function that takes a single argument, `dir`, and returns a -`ReadableStream` that outputs packaged tarball data. Used when creating tarballs -for package specs that are not already packaged, such as git and directory -dependencies. The default `opts.dirPacker` does not execute `prepare` scripts, -even though npm itself does. - -##### <a name="opts-enjoy-by"></a> `opts.enjoy-by` - -* Alias: `opts.enjoyBy`, `opts.before` -* Type: Date-able -* Default: undefined - -If passed in, will be used while resolving to filter the versions for **registry -dependencies** such that versions published **after** `opts.enjoy-by` are not -considered -- as if they'd never been published. - -##### <a name="opts-include-deprecated"></a> `opts.include-deprecated` - -* Alias: `opts.includeDeprecated` -* Type: Boolean -* Default: false - -If false, deprecated versions will be skipped when selecting from registry range -specifiers. If true, deprecations do not affect version selection. - -##### <a name="opts-full-metadata"></a> `opts.full-metadata` - -* Type: Boolean -* Default: false - -If `true`, the full packument will be fetched when doing metadata requests. By -defaul, `pacote` only fetches the summarized packuments, also called "corgis". - -##### <a name="opts-tag"></a> `opts.tag` - -* Alias: `opts.defaultTag` -* Type: String -* Default: `'latest'` - -Package version resolution tag. When processing registry spec ranges, this -option is used to determine what dist-tag to treat as "latest". For more details -about how `pacote` selects versions and how `tag` is involved, see [the -documentation for `npm-pick-manifest`](https://npm.im/npm-pick-manifest). - -##### <a name="opts-resolved"></a> `opts.resolved` - -* Type: String -* Default: null - -When fetching tarballs, this option can be passed in to skip registry metadata -lookups when downloading tarballs. If the string is a `file:` URL, pacote will -try to read the referenced local file before attempting to do any further -lookups. This option does not bypass integrity checks when `opts.integrity` is -passed in. - -##### <a name="opts-where"></a> `opts.where` - -* Type: String -* Default: null - -Passed as an argument to [`npm-package-arg`](https://npm.im/npm-package-arg) -when resolving `spec` arguments. Used to determine what path to resolve local -path specs relatively from. +In almost every case, the defaults are appropriate. To respect exactly +what is in the package tarball (even if this makes an unusable system), set +both `dmode` and `fmode` options to `0`. Otherwise, the `umask` config +should be used in most cases where file mode modifications are required, +and this functions more or less the same as the `umask` value in most Unix +systems. + +## Extracted File Ownership + +When running as `root` on Unix systems, all extracted files and folders +will have their owning `uid` and `gid` values set to match the ownership +of the containing folder. + +This prevents `root`-owned files showing up in a project's `node_modules` +folder when a user runs `sudo npm install`. + +## Manifests + +A `manifest` is similar to a `package.json` file. However, it has a few +pieces of extra metadata, and sometimes lacks metadata that is inessential +to package installation. + +In addition to the common `package.json` fields, manifests include: + +* `manifest._resolved` The tarball url or file path where the package + artifact can be found. +* `manifest._from` A normalized form of the spec passed in as an argument. +* `manifest._integrity` The integrity value for the package artifact. +* `manifest.dist` Registry manifests (those included in a packument) have a + `dist` object. Only `tarball` is required, though at least one of + `shasum` or `integrity` is almost always present. + + * `tarball` The url to the associated package artifact. (Copied by + Pacote to `manifest._resolved`.) + * `integrity` The integrity SRI string for the artifact. This may not + be present for older packages on the npm registry. (Copied by Pacote + to `manifest._integrity`.) + * `shasum` Legacy integrity value. Hexadecimal-encoded sha1 hash. + (Converted to an SRI string and copied by Pacote to + `manifest._integrity` when `dist.integrity` is not present.) + * `fileCount` Number of files in the tarball. + * `unpackedSize` Size on disk of the package when unpacked. + * `npm-signature` A signature of the package by the + [`npmregistry`](https://keybase.io/npmregistry) Keybase account. + (Obviously only present for packages published to + `https://registry.npmjs.org`.) + +## Packuments + +A packument is the top-level package document that lists the set of +manifests for available versions for a package. + +When a packument is fetched with `accept: +application/vnd.npm.install-v1+json` in the HTTP headers, only the most +minimum necessary metadata is returned. Additional metadata is returned +when fetched with only `accept: application/json`. + +For Pacote's purposes, the following fields are relevant: + +* `versions` An object where each key is a version, and each value is the + manifest for that version. +* `dist-tags` An object mapping dist-tags to version numbers. This is how + `foo@latest` gets turned into `foo@1.2.3`. +* `time` In the full packument, an object mapping version numbers to + publication times, for the `opts.before` functionality. diff --git a/node_modules/pacote/lib/bin.js b/node_modules/pacote/lib/bin.js new file mode 100755 index 000000000..c0409be1f --- /dev/null +++ b/node_modules/pacote/lib/bin.js @@ -0,0 +1,149 @@ +#!/usr/bin/env node + +const run = conf => { + const pacote = require('../') + switch (conf._[0]) { + case 'resolve': + if (conf.long) + return pacote.manifest(conf._[1], conf).then(mani => ({ + resolved: mani._resolved, + integrity: mani._integrity, + from: mani._from, + })) + case 'manifest': + case 'packument': + return pacote[conf._[0]](conf._[1], conf) + + case 'tarball': + if (!conf._[2] || conf._[2] === '-') { + return pacote.tarball.stream(conf._[1], stream => { + stream.pipe(conf.testStdout || + /* istanbul ignore next */ process.stdout) + // make sure it resolves something falsey + return stream.promise().then(() => {}) + }, conf) + } else + return pacote.tarball.file(conf._[1], conf._[2], conf) + + case 'extract': + return pacote.extract(conf._[1], conf._[2], conf) + + default: /* istanbul ignore next */ { + throw new Error(`bad command: ${conf._[0]}`) + } + } +} + +const version = require('../package.json').version +const usage = () => +`Pacote - The JavaScript Package Handler, v${version} + +Usage: + + pacote resolve <spec> + Resolve a specifier and output the fully resolved target + Returns integrity and from if '--long' flag is set. + + pacote manifest <spec> + Fetch a manifest and print to stdout + + pacote packument <spec> + Fetch a full packument and print to stdout + + pacote tarball <spec> [<filename>] + Fetch a package tarball and save to <filename> + If <filename> is missing or '-', the tarball will be streamed to stdout. + + pacote extract <spec> <folder> + Extract a package to the destination folder. + +Configuration values all match the names of configs passed to npm, or +options passed to Pacote. Additional flags for this executable: + + --long Print an object from 'resolve', including integrity and spec. + --json Print result objects as JSON rather than node's default. + (This is the default if stdout is not a TTY.) + --help -h Print this helpful text. + +For example '--cache=/path/to/folder' will use that folder as the cache. +` + +const shouldJSON = (conf, result) => + conf.json || + !process.stdout.isTTY && + conf.json === undefined && + result && + typeof result === 'object' + +const pretty = (conf, result) => + shouldJSON(conf, result) ? JSON.stringify(result, 0, 2) : result + +let addedLogListener = false +const main = args => { + const conf = parse(args) + if (conf.help || conf.h) + return console.log(usage()) + + if (!addedLogListener) { + process.on('log', console.error) + addedLogListener = true + } + + try { + return run(conf) + .then(result => result && console.log(pretty(conf, result))) + .catch(er => { + console.error(er) + process.exit(1) + }) + } catch (er) { + console.error(er.message) + console.error(usage()) + } +} + +const parseArg = arg => { + const split = arg.slice(2).split('=') + const k = split.shift() + const v = split.join('=') + const no = /^no-/.test(k) && !v + const key = (no ? k.substr(3) : k) + .replace(/^tag$/, 'defaultTag') + .replace(/-([a-z])/g, (_, c) => c.toUpperCase()) + const value = v ? v.replace(/^~/, process.env.HOME) : !no + return { key, value } +} + +const parse = args => { + const conf = { + _: [], + cache: process.env.HOME + '/.npm/_cacache', + } + let dashdash = false + args.forEach(arg => { + if (dashdash) + conf._.push(arg) + else if (arg === '--') + dashdash = true + else if (arg === '-h') + conf.help = true + else if (/^--/.test(arg)) { + const {key, value} = parseArg(arg) + conf[key] = value + } else { + conf._.push(arg) + } + }) + return conf +} + +if (module === require.main) + main(process.argv.slice(2)) +else + module.exports = { + main, + run, + usage, + parseArg, + parse, + } diff --git a/node_modules/pacote/lib/dir.js b/node_modules/pacote/lib/dir.js new file mode 100644 index 000000000..1eb30df9b --- /dev/null +++ b/node_modules/pacote/lib/dir.js @@ -0,0 +1,98 @@ +const Fetcher = require('./fetcher.js') +const FileFetcher = require('./file.js') +const cacache = require('cacache') +const Minipass = require('minipass') +const { promisify } = require('util') +const readPackageJson = require('read-package-json-fast') +const npm = require('./util/npm.js') +const isPackageBin = require('./util/is-package-bin.js') +const packlist = require('npm-packlist') +const tar = require('tar') +const _prepareDir = Symbol('_prepareDir') +const _tarcOpts = Symbol('_tarcOpts') + +const _tarballFromResolved = Symbol.for('pacote.Fetcher._tarballFromResolved') +class DirFetcher extends Fetcher { + constructor (spec, opts) { + super(spec, opts) + // just the fully resolved filename + this.resolved = this.spec.fetchSpec + } + + get types () { + return ['directory'] + } + + [_prepareDir] () { + return this.manifest().then(mani => { + if (!mani.scripts || !mani.scripts.prepare) + return + + // we *only* run prepare. + // pre/post-pack is run by the npm CLI for publish and pack, + // but this function is *also* run when installing git deps + return npm( + this.npmBin, + [].concat(this.npmRunCmd).concat('prepare').concat(this.npmCliConfig), + this.resolved, + 'directory preparation failed' + ) + }) + } + + [_tarballFromResolved] () { + const stream = new Minipass() + stream.resolved = this.resolved + stream.integrity = this.integrity + + // run the prepare script, get the list of files, and tar it up + // pipe to the stream, and proxy errors the chain. + this[_prepareDir]() + .then(() => packlist({ path: this.resolved })) + .then(files => tar.c(this[_tarcOpts](), files) + .on('error', er => stream.emit('error', er)).pipe(stream)) + .catch(er => stream.emit('error', er)) + return stream + } + + [_tarcOpts] () { + return { + cwd: this.resolved, + prefix: 'package/', + portable: true, + gzip: true, + + // ensure that package bins are always executable + // Note that npm-packlist is already filtering out + // anything that is not a regular file, ignored by + // .npmignore or package.json "files", etc. + filter: (path, stat) => { + if (isPackageBin(this.package, path)) + stat.mode |= 0o111 + return true + }, + + // Provide a specific date in the 1980s for the benefit of zip, + // which is confounded by files dated at the Unix epoch 0. + mtime: new Date('1985-10-26T08:15:00.000Z'), + } + } + + manifest () { + if (this.package) + return Promise.resolve(this.package) + + return readPackageJson(this.resolved + '/package.json') + .then(mani => this.package = { + ...mani, + _integrity: this.integrity && String(this.integrity), + _resolved: this.resolved, + _from: this.from, + }) + } + + packument () { + return FileFetcher.prototype.packument.apply(this) + } +} +module.exports = DirFetcher diff --git a/node_modules/pacote/lib/fetcher.js b/node_modules/pacote/lib/fetcher.js new file mode 100644 index 000000000..2901fd583 --- /dev/null +++ b/node_modules/pacote/lib/fetcher.js @@ -0,0 +1,471 @@ +// This is the base class that the other fetcher types in lib +// all descend from. +// It handles the unpacking and retry logic that is shared among +// all of the other Fetcher types. + +const npa = require('npm-package-arg') +const ssri = require('ssri') +const { promisify } = require('util') +const { basename, dirname } = require('path') +const rimraf = promisify(require('rimraf')) +const tar = require('tar') +const procLog = require('./util/proc-log.js') +const retry = require('promise-retry') +const fsm = require('fs-minipass') +const cacache = require('cacache') +const osenv = require('osenv') +const isPackageBin = require('./util/is-package-bin.js') +const getContents = require('@npmcli/installed-package-contents') + +// we only change ownership on unix platforms, and only if uid is 0 +const selfOwner = process.getuid && process.getuid() === 0 ? { + uid: 0, + gid: process.getgid(), +} : null +const chownr = selfOwner ? promisify(require('chownr')) : null +const inferOwner = selfOwner ? require('infer-owner') : null +const mkdirp = require('mkdirp') +const cacheDir = require('./util/cache-dir.js') + +// Private methods. +// Child classes should not have to override these. +// Users should never call them. +const _chown = Symbol('_chown') +const _extract = Symbol('_extract') +const _mkdir = Symbol('_mkdir') +const _empty = Symbol('_empty') +const _toFile = Symbol('_toFile') +const _tarxOptions = Symbol('_tarxOptions') +const _entryMode = Symbol('_entryMode') +const _istream = Symbol('_istream') +const _assertType = Symbol('_assertType') +const _tarballFromCache = Symbol('_tarballFromCache') +const _tarballFromResolved = Symbol.for('pacote.Fetcher._tarballFromResolved') + +class FetcherBase { + constructor (spec, opts) { + if (!opts || typeof opts !== 'object') + throw new TypeError('options object is required') + this.spec = npa(spec, opts.where) + + // a bit redundant because presumably the caller already knows this, + // but it makes it easier to not have to keep track of the requested + // spec when we're dispatching thousands of these at once, and normalizing + // is nice. saveSpec is preferred if set, because it turns stuff like + // x/y#committish into github:x/y#committish. use name@rawSpec for + // registry deps so that we turn xyz and xyz@ -> xyz@ + this.from = this.spec.registry + ? `${this.spec.name}@${this.spec.rawSpec}` : this.spec.saveSpec + + this[_assertType]() + // clone the opts object so that others aren't upset when we mutate it + // by adding/modifying the integrity value. + this.opts = {...opts} + this.cache = opts.cache || cacheDir() + this.resolved = opts.resolved || null + + // default to caching/verifying with sha512, that's what we usually have + // need to change this default, or start overriding it, when sha512 + // is no longer strong enough. + this.defaultIntegrityAlgorithm = opts.defaultIntegrityAlgorithm || 'sha512' + + if (typeof opts.integrity === 'string') + this.opts.integrity = ssri.parse(opts.integrity) + + this.package = null + this.type = this.constructor.name + this.fmode = opts.fmode || 0o666 + this.dmode = opts.dmode || 0o777 + this.umask = opts.umask || 0o022 + this.log = opts.log || procLog + + this.preferOnline = !!opts.preferOnline || !!opts['prefer-online'] + this.preferOffline = !!opts.preferOffline || !!opts['prefer-offline'] + this.offline = !!opts.offline + + this.before = opts.before || opts['enjoy-by'] || opts.before + this.fullMetadata = this.before ? true + : (opts.fullMetadata || opts['full-metadata']) + this.defaultTag = opts.defaultTag || 'latest' + this.registry = opts.registry || 'https://registry.npmjs.org' + + // command to run 'prepare' scripts on directories and git dirs + // To use pacote with yarn, for example, set npmBin to 'yarn' + // and npmRunCmd to [], and npmCliConfig with yarn's equivalents. + this.npmBin = opts.npmBin || 'npm' + this.npmRunCmd = opts.npmRunCmd || 'run' + + // command to install deps for preparing + this.npmInstallCmd = opts.npmInstallCmd || [ + 'install', + '--only=dev', + '--prod', + '--ignore-prepublish', + '--no-progress', + '--no-save', + ] + + // XXX fill more of this in based on what we know from this.opts + // we explicitly DO NOT fill in --tag, though, since we are often + // going to be packing in the context of a publish, which may set + // a dist-tag, but certainly wants to keep defaulting to latest. + this.npmCliConfig = opts.npmCliConfig || [ + `--cache=${this.cache}`, + `--prefer-offline=${!!this.preferOffline}`, + `--prefer-online=${!!this.preferOnline}`, + `--offline=${!!this.offline}`, + `--before=${this.before ? this.before.toISOString() : ''}`, + ] + } + + get integrity () { + return this.opts.integrity || null + } + set integrity (i) { + if (!i) + return + + i = ssri.parse(i) + const current = this.opts.integrity + + // do not ever update an existing hash value, but do + // merge in NEW algos and hashes that we don't already have. + if (current) + current.merge(i) + else + this.opts.integrity = i + } + + get notImplementedError () { + return new Error('not implemented in this fetcher type: ' + this.type) + } + + // override in child classes + // Returns a Promise that resolves to this.resolved string value + resolve () { + return this.resolved ? Promise.resolve(this.resolved) + : Promise.reject(this.notImplementedError) + } + + packument () { + return Promise.reject(this.notImplementedError) + } + + // override in child class + // returns a manifest containing: + // - name + // - version + // - _resolved + // - _integrity + // - plus whatever else was in there (corgi, full metadata, or pj file) + manifest () { + return Promise.reject(this.notImplementedError) + } + + // private, should be overridden. + // Note that they should *not* calculate or check integrity, but *just* + // return the raw tarball data stream. + [_tarballFromResolved] () { + throw this.notImplementedError + } + + // public, should not be overridden + tarball () { + return this.tarballStream(stream => new Promise((res, rej) => { + const buf = [] + stream.on('error', er => rej(er)) + stream.on('end', () => { + const data = Buffer.concat(buf) + data.integrity = this.integrity && String(this.integrity) + data.resolved = this.resolved + data.from = this.from + return res(data) + }) + stream.on('data', d => buf.push(d)) + })) + } + + // private + // Note: cacache will raise a EINTEGRITY error if the integrity doesn't match + [_tarballFromCache] () { + return cacache.get.stream.byDigest(this.cache, this.integrity, this.opts) + } + + [_istream] (stream) { + // everyone will need one of these, either for verifying or calculating + // We always set it, because we have might only have a weak legacy hex + // sha1 in the packument, and this MAY upgrade it to a stronger algo. + // If we had an integrity, and it doesn't match, then this does not + // override that error; the istream will raise the error before it + // gets to the point of re-setting the integrity. + const istream = ssri.integrityStream(this.opts) + istream.on('integrity', i => this.integrity = i) + return stream.on('error', er => istream.emit('error', er)).pipe(istream) + } + + pickIntegrityAlgorithm () { + return this.integrity ? this.integrity.pickAlgorithm(this.opts) + : this.defaultIntegrityAlgorithm + } + + // TODO: check error class, once those are rolled out to our deps + isDataCorruptionError (er) { + return er.code === 'EINTEGRITY' || er.code === 'Z_DATA_ERROR' + } + + // override the types getter + get types () {} + [_assertType] () { + if (this.types && !this.types.includes(this.spec.type)) { + throw new TypeError(`Wrong spec type (${ + this.spec.type + }) for ${ + this.constructor.name + }. Supported types: ${this.types.join(', ')}`) + } + } + + // We allow ENOENTs from cacache, but not anywhere else. + // An ENOENT trying to read a tgz file, for example, is Right Out. + isRetriableError (er) { + // TODO: check error class, once those are rolled out to our deps + return this.isDataCorruptionError(er) || er.code === 'ENOENT' + } + + // Mostly internal, but has some uses + // Pass in a function which returns a promise + // Function will be called 1 or more times with streams that may fail. + // Retries: + // Function MUST handle errors on the stream by rejecting the promise, + // so that retry logic can pick it up and either retry or fail whatever + // promise it was making (ie, failing extraction, etc.) + // + // The return value of this method is a Promise that resolves the same + // as whatever the streamHandler resolves to. + // + // This should never be overridden by child classes, but it is public. + tarballStream (streamHandler) { + // Only short-circuit via cache if we have everything else we'll need, + // and the user has not expressed a preference for checking online. + + const fromCache = ( + !this.preferOnline && + this.integrity && + this.resolved + ) ? streamHandler(this[_tarballFromCache]()).catch(er => { + if (this.isDataCorruptionError(er)) { + this.log.warn('tarball', `cached data for ${ + this.spec + } (${this.integrity}) seems to be corrupted. Refreshing cache.`) + return this.cleanupCached().then(() => { throw er }) + } else { + throw er + } + }) : null + + const fromResolved = er => { + if (er) { + if (!this.isRetriableError(er)) + throw er + this.log.silly('tarball', `no local data for ${ + this.spec + }. Extracting by manifest.`) + } + return this.resolve().then(() => retry(tryAgain => + streamHandler(this[_istream](this[_tarballFromResolved]())) + .catch(er => { + // Most likely data integrity. A cache ENOENT error is unlikely + // here, since we're definitely not reading from the cache, but it + // IS possible that the fetch subsystem accessed the cache, and the + // entry got blown away or something. Try one more time to be sure. + if (this.isRetriableError(er)) { + this.log.warn('tarball', `tarball data for ${ + this.spec + } (${this.integrity}) seems to be corrupted. Trying again.`) + return this.cleanupCached().then(() => tryAgain(er)) + } + throw er + }), { retries: 1, minTimeout: 0, maxTimeout: 0 })) + } + + return fromCache ? fromCache.catch(fromResolved) : fromResolved() + } + + cleanupCached () { + return cacache.rm.content(this.cache, this.integrity, this.opts) + } + + [_chown] (path, uid, gid) { + return selfOwner && (selfOwner.gid !== gid || selfOwner.uid !== uid) + ? chownr(path, uid, gid) + : /* istanbul ignore next - we don't test in root-owned folders */ null + } + + [_empty] (path) { + return getContents({path, depth: 1}).then(contents => Promise.all( + contents.map(entry => rimraf(entry)))) + } + + [_mkdir] (dest) { + // if we're bothering to do owner inference, then do it. + // otherwise just make the dir, and return an empty object. + // always empty the dir dir to start with, but do so + // _after_ inferring the owner, in case there's an existing folder + // there that we would want to preserve which differs from the + // parent folder (rare, but probably happens sometimes). + return !inferOwner + ? this[_empty](dest).then(() => mkdirp(dest)).then(() => ({})) + : inferOwner(dest).then(({uid, gid}) => + this[_empty](dest) + .then(() => mkdirp(dest)) + .then(made => { + // ignore the || dest part in coverage. It's there to handle + // race conditions where the dir may be made by someone else + // after being removed by us. + const dir = made || /* istanbul ignore next */ dest + return this[_chown](dir, uid, gid) + }) + .then(() => ({uid, gid}))) + } + + // extraction is always the same. the only difference is where + // the tarball comes from. + extract (dest) { + return this[_mkdir](dest).then(({uid, gid}) => + this.tarballStream(tarball => this[_extract](dest, tarball, uid, gid))) + } + + [_toFile] (dest) { + return this.tarballStream(str => new Promise((res, rej) => { + const writer = new fsm.WriteStream(dest) + str.on('error', er => writer.emit('error', er)) + writer.on('error', er => rej(er)) + writer.on('close', () => res({ + integrity: this.integrity && String(this.integrity), + resolved: this.resolved, + from: this.from, + })) + str.pipe(writer) + })) + } + + // don't use this[_mkdir] because we don't want to rimraf anything + tarballFile (dest) { + const dir = dirname(dest) + return !inferOwner + ? mkdirp(dir).then(() => this[_toFile](dest)) + : inferOwner(dest).then(({uid, gid}) => + mkdirp(dir).then(made => this[_toFile](dest) + .then(res => this[_chown](made || dir, uid, gid) + .then(() => res)))) + } + + [_extract] (dest, tarball, uid, gid) { + const extractor = tar.x(this[_tarxOptions]({ cwd: dest, uid, gid })) + const p = new Promise((resolve, reject) => { + extractor.on('end', () => { + resolve({ + resolved: this.resolved, + integrity: this.integrity && String(this.integrity), + from: this.from, + }) + }) + + extractor.on('error', er => { + this.log.warn('tar', er.message) + this.log.silly('tar', er) + reject(er) + }) + + tarball.on('error', er => reject(er)) + }) + + tarball.pipe(extractor) + return p + } + + // always ensure that entries are at least as permissive as our configured + // dmode/fmode, but never more permissive than the umask allows. + [_entryMode] (path, mode, type) { + const m = /Directory|GNUDumpDir/.test(type) ? this.dmode + : /File$/.test(type) ? this.fmode + : /* istanbul ignore next - should never happen in a pkg */ 0 + + // make sure package bins are executable + const exe = isPackageBin(this.package, path) ? 0o111 : 0 + return ((mode | m) & ~this.umask) | exe + } + + [_tarxOptions] ({ cwd, uid, gid }) { + const sawIgnores = new Set() + return { + cwd, + filter: (name, entry) => { + if (/Link$/.test(entry.type)) + return false + entry.mode = this[_entryMode](entry.path, entry.mode, entry.type) + // this replicates the npm pack behavior where .gitignore files + // are treated like .npmignore files, but only if a .npmignore + // file is not present. + if (/File$/.test(entry.type)) { + const base = basename(entry.path) + if (base === '.npmignore') + sawIgnores.add(entry.path) + else if (base === '.gitignore') { + // rename, but only if there's not already a .npmignore + const ni = entry.path.replace(/\.gitignore$/, '.npmignore') + if (sawIgnores.has(ni)) + return false + entry.path = ni + } + return true + } + }, + strip: 1, + onwarn: /* istanbul ignore next - we can trust that tar logs */ + (code, msg, data) => { + this.log.warn('tar', code, msg) + this.log.silly('tar', code, msg, data) + }, + uid, + gid, + umask: this.umask, + } + } +} + +module.exports = FetcherBase + +// Child classes +const GitFetcher = require('./git.js') +const RegistryFetcher = require('./registry.js') +const FileFetcher = require('./file.js') +const DirFetcher = require('./dir.js') +const RemoteFetcher = require('./remote.js') + +// Get an appropriate fetcher object from a spec and options +FetcherBase.get = (rawSpec, opts = {}) => { + const spec = npa(rawSpec, opts.where) + switch (spec.type) { + case 'git': + return new GitFetcher(spec, opts) + + case 'remote': + return new RemoteFetcher(spec, opts) + + case 'version': + case 'range': + case 'tag': + case 'alias': + return new RegistryFetcher(spec.subSpec || spec, opts) + + case 'file': + return new FileFetcher(spec, opts) + + case 'directory': + return new DirFetcher(spec, opts) + + default: + throw new TypeError('Unknown spec type: ' + spec.type) + } +} diff --git a/node_modules/pacote/lib/file.js b/node_modules/pacote/lib/file.js new file mode 100644 index 000000000..d5c601aab --- /dev/null +++ b/node_modules/pacote/lib/file.js @@ -0,0 +1,93 @@ +const Fetcher = require('./fetcher.js') +const fsm = require('fs-minipass') +const cacache = require('cacache') +const { promisify } = require('util') +const readPackageJson = require('read-package-json-fast') +const _tarballFromResolved = Symbol.for('pacote.Fetcher._tarballFromResolved') +const _exeBins = Symbol('_exeBins') +const { resolve } = require('path') +const fs = require('fs') + +class FileFetcher extends Fetcher { + constructor (spec, opts) { + super(spec, opts) + // just the fully resolved filename + this.resolved = this.spec.fetchSpec + } + + get types () { + return ['file'] + } + + manifest () { + if (this.package) + return Promise.resolve(this.package) + + // have to unpack the tarball for this. + return cacache.tmp.withTmp(this.cache, this.opts, dir => + this.extract(dir) + .then(() => readPackageJson(dir + '/package.json')) + .then(mani => this.package = { + ...mani, + _integrity: this.integrity && String(this.integrity), + _resolved: this.resolved, + _from: this.from, + })) + } + + [_exeBins] (pkg, dest) { + if (!pkg.bin) + return Promise.resolve() + + return Promise.all(Object.keys(pkg.bin).map(k => new Promise(res => { + const script = resolve(dest, pkg.bin[k]) + // Best effort. Ignore errors here, the only result is that + // a bin script is not executable. But if it's missing or + // something, we just leave it for a later stage to trip over + // when we can provide a more useful contextual error. + fs.stat(script, (er, st) => { + if (er) + return res() + const mode = st.mode | 0o111 + if (mode === st.mode) + return res() + fs.chmod(script, mode, res) + }) + }))) + } + + extract (dest) { + // if we've already loaded the manifest, then the super got it. + // but if not, read the unpacked manifest and chmod properly. + return super.extract(dest) + .then(result => this.package ? result + : readPackageJson(dest + '/package.json').then(pkg => + this[_exeBins](pkg, dest)).then(() => result)) + } + + [_tarballFromResolved] () { + // create a read stream and return it + return new fsm.ReadStream(this.resolved) + } + + packument () { + // simulate based on manifest + return this.manifest().then(mani => ({ + name: mani.name, + 'dist-tags': { + [this.defaultTag]: mani.version + }, + versions: { + [mani.version]: { + ...mani, + dist: { + tarball: `file:${this.resolved}`, + integrity: this.integrity && String(this.integrity), + } + } + } + })) + } +} + +module.exports = FileFetcher diff --git a/node_modules/pacote/lib/git.js b/node_modules/pacote/lib/git.js new file mode 100644 index 000000000..ade670b96 --- /dev/null +++ b/node_modules/pacote/lib/git.js @@ -0,0 +1,271 @@ +const Fetcher = require('./fetcher.js') +const FileFetcher = require('./file.js') +const RemoteFetcher = require('./remote.js') +const DirFetcher = require('./dir.js') +const hashre = /^[a-f0-9]{40}$/ +const git = require('./util/git/') +const pickManifest = require('npm-pick-manifest') +const npa = require('npm-package-arg') +const url = require('url') +const Minipass = require('minipass') +const cacache = require('cacache') +const { promisify } = require('util') +const readPackageJson = require('read-package-json-fast') +const npm = require('./util/npm.js') + +const _resolvedFromRepo = Symbol('_resolvedFromRepo') +const _resolvedFromHosted = Symbol('_resolvedFromHosted') +const _resolvedFromClone = Symbol('_resolvedFromClone') +const _tarballFromResolved = Symbol.for('pacote.Fetcher._tarballFromResolved') +const _addGitSha = Symbol('_addGitSha') +const _clone = Symbol('_clone') +const _cloneHosted = Symbol('_cloneHosted') +const _cloneRepo = Symbol('_cloneRepo') +const _setResolvedWithSha = Symbol('_setResolvedWithSha') +const _prepareDir = Symbol('_prepareDir') + +// get the repository url. prefer ssh, fall back to git:// +// We have to add the git+ back because npa suppresses it. +const repoUrl = (hosted, opts) => + hosted.sshurl && addGitPlus(hosted.sshurl(opts)) || + hosted.https && addGitPlus(hosted.https(opts)) + +const addGitPlus = url => url && `git+${url}` + +class GitFetcher extends Fetcher { + constructor (spec, opts) { + super(spec, opts) + this.resolvedRef = null + if (this.spec.hosted) + this.from = this.spec.hosted.shortcut({ noCommittish: false }) + + // shortcut: avoid full clone when we can go straight to the tgz + // if we have the full sha and it's a hosted git platform + if (this.spec.gitCommittish && hashre.test(this.spec.gitCommittish)) { + this.resolvedSha = this.spec.gitCommittish + // use hosted.tarball() when we shell to RemoteFetcher later + this.resolved = this.spec.hosted + ? repoUrl(this.spec.hosted, { noCommittish: false }) + : this.spec.fetchSpec + '#' + this.spec.gitCommittish + } else + this.resolvedSha = '' + } + + get types () { + return ['git'] + } + + resolve () { + // likely a hosted git repo with a sha, so get the tarball url + // but in general, no reason to resolve() more than necessary! + if (this.resolved) + return super.resolve() + + // fetch the git repo and then look at the current hash + const h = this.spec.hosted + // try to use ssh, fall back to git. + return h ? this[_resolvedFromHosted](h) + : this[_resolvedFromRepo](this.spec.fetchSpec) + } + + // first try https, since that's faster and passphrase-less for + // public repos. Fall back to SSH to support private repos. + // NB: we always store the SSH url in the 'resolved' field. + [_resolvedFromHosted] (hosted) { + return this[_resolvedFromRepo](hosted.https && hosted.https()) + .catch(er => { + const ssh = hosted.sshurl && hosted.sshurl() + if (!ssh) + throw er + return this[_resolvedFromRepo](ssh) + }) + } + + [_resolvedFromRepo] (gitRemote) { + // XXX make this a custom error class + if (!gitRemote) + return Promise.reject(new Error(`No git url for ${this.spec}`)) + const gitRange = this.spec.gitRange + const name = this.spec.name + return git.revs(gitRemote, this.opts).then(remoteRefs => { + return gitRange ? pickManifest({ + versions: remoteRefs.versions, + 'dist-tags': remoteRefs['dist-tags'], + name, + }, gitRange, this.opts) + : this.spec.gitCommittish ? + remoteRefs.refs[this.spec.gitCommittish] || + remoteRefs.refs[remoteRefs.shas[this.spec.gitCommittish]] + : remoteRefs.refs.HEAD // no git committish, get default head + }).then(revDoc => { + // the committish provided isn't in the rev list + // things like HEAD~3 or @yesterday can land here. + if (!revDoc || !revDoc.sha) + return this[_resolvedFromClone]() + + this.resolvedRef = revDoc + this.resolvedSha = revDoc.sha + this[_addGitSha](revDoc.sha) + return this.resolved + }) + } + + [_setResolvedWithSha] (withSha) { + // we haven't cloned, so a tgz download is still faster + // of course, if it's not a known host, we can't do that. + this.resolved = !this.spec.hosted ? withSha + : repoUrl(npa(withSha).hosted, { noCommittish: false }) + } + + // when we get the git sha, we affix it to our spec to build up + // either a git url with a hash, or a tarball download URL + [_addGitSha] (sha) { + if (this.spec.hosted) { + this[_setResolvedWithSha]( + this.spec.hosted.shortcut({ noCommittish: true }) + '#' + sha + ) + } else { + const u = url.format(new url.URL(`#${sha}`, this.spec.rawSpec)) + this[_setResolvedWithSha](url.format(u)) + } + } + + [_resolvedFromClone] () { + // do a full or shallow clone, then look at the HEAD + // kind of wasteful, but no other option, really + return this[_clone](dir => this.resolved) + } + + [_prepareDir] (dir) { + return readPackageJson(dir + '/package.json').then(mani => { + // no need if we aren't going to do any preparation. + const scripts = mani.scripts + if (!scripts || !( + scripts.postinstall || + scripts.build || + scripts.preinstall || + scripts.install || + scripts.prepare)) + return + + // the DirFetcher will do its own preparation to run the prepare scripts + // All we have to do is put the deps in place so that it can succeed. + return npm( + this.npmBin, + [].concat(this.npmInstallCmd).concat(this.npmCliConfig), + dir, + 'git dep preparation failed' + ) + }) + } + + [_tarballFromResolved] () { + const stream = new Minipass() + stream.resolved = this.resolved + stream.integrity = this.integrity + stream.from = this.from + + // check it out and then shell out to the DirFetcher tarball packer + this[_clone](dir => this[_prepareDir](dir) + .then(() => new Promise((res, rej) => { + const df = new DirFetcher(`file:${dir}`, { + ...this.opts, + resolved: null, + integrity: null, + }) + const dirStream = df[_tarballFromResolved]() + dirStream.on('error', rej) + dirStream.on('end', res) + dirStream.pipe(stream) + }))).catch( + /* istanbul ignore next: very unlikely and hard to test */ + er => stream.emit('error', er) + ) + return stream + } + + // clone a git repo into a temp folder (or fetch and unpack if possible) + // handler accepts a directory, and returns a promise that resolves + // when we're done with it, at which point, cacache deletes it + // + // TODO: after cloning, create a tarball of the folder, and add to the cache + // with cacache.put.stream(), using a key that's deterministic based on the + // spec and repo, so that we don't ever clone the same thing multiple times. + [_clone] (handler, tarballOk = true) { + const o = { tmpPrefix: 'git-clone' } + const ref = this.resolvedSha || this.spec.gitCommittish + const h = this.spec.hosted + const resolved = this.resolved + + // can be set manually to false to fall back to actual git clone + tarballOk = tarballOk && + h && resolved === repoUrl(h, { noCommittish: false }) && h.tarball + + return cacache.tmp.withTmp(this.cache, o, tmp => { + // if we're resolved, and have a tarball url, shell out to RemoteFetcher + if (tarballOk) { + const nameat = this.spec.name ? `${this.spec.name}@` : '' + return new RemoteFetcher(h.tarball({ noCommittish: false }), { + ...this.opts, + pkgid: `git:${nameat}${this.resolved}`, + resolved: this.resolved, + integrity: null, // it'll always be different, if we have one + }).extract(tmp).then(() => handler(tmp), er => { + // fall back to ssh download if tarball fails + if (er.constructor.name.match(/^Http/)) + return this[_clone](handler, false) + else + throw er + }) + } + + return ( + h ? this[_cloneHosted](ref, tmp) + : this[_cloneRepo](this.spec.fetchSpec, ref, tmp) + ).then(sha => { + this.resolvedSha = sha + if (!this.resolved) + this[_addGitSha](sha) + }) + .then(() => handler(tmp)) + }) + } + + [_cloneHosted] (ref, tmp) { + const hosted = this.spec.hosted + const https = hosted.https() + return this[_cloneRepo](hosted.https({ noCommittish: true }), ref, tmp) + .catch(er => { + const ssh = hosted.sshurl && hosted.sshurl({ noCommittish: true }) + /* istanbul ignore if - should be covered by the resolve() call */ + if (!ssh) + throw er + return this[_cloneRepo](ssh, ref, tmp) + }) + } + + [_cloneRepo] (repo, ref, tmp) { + return git.clone(repo, ref, tmp, this.spec, this.opts) + } + + manifest () { + if (this.package) + return Promise.resolve(this.package) + + return this.spec.hosted && this.resolved + ? FileFetcher.prototype.manifest.apply(this) + : this[_clone](dir => + readPackageJson(dir + '/package.json') + .then(mani => this.package = { + ...mani, + _integrity: this.integrity && String(this.integrity), + _resolved: this.resolved, + _from: this.from, + })) + } + + packument () { + return FileFetcher.prototype.packument.apply(this) + } +} +module.exports = GitFetcher diff --git a/node_modules/pacote/lib/index.js b/node_modules/pacote/lib/index.js new file mode 100644 index 000000000..546ba960b --- /dev/null +++ b/node_modules/pacote/lib/index.js @@ -0,0 +1,12 @@ +const { get } = require('./fetcher.js') +module.exports = { + resolve: (spec, opts) => get(spec, opts).resolve(), + extract: (spec, dest, opts) => get(spec, opts).extract(dest), + manifest: (spec, opts) => get(spec, opts).manifest(), + tarball: (spec, opts) => get(spec, opts).tarball(), + packument: (spec, opts) => get(spec, opts).packument(), +} +module.exports.tarball.stream = (spec, handler, opts) => + get(spec, opts).tarballStream(handler) +module.exports.tarball.file = (spec, dest, opts) => + get(spec, opts).tarballFile(dest) diff --git a/node_modules/pacote/lib/registry.js b/node_modules/pacote/lib/registry.js new file mode 100644 index 000000000..30dd682dd --- /dev/null +++ b/node_modules/pacote/lib/registry.js @@ -0,0 +1,162 @@ +const Fetcher = require('./fetcher.js') +const RemoteFetcher = require('./remote.js') +const _tarballFromResolved = Symbol.for('pacote.Fetcher._tarballFromResolved') +const pacoteVersion = require('../package.json').version +const npa = require('npm-package-arg') +const pickManifest = require('npm-pick-manifest') +const ssri = require('ssri') +const Minipass = require('minipass') + +// Corgis are cute. 🐕🐶 +const corgiDoc = 'application/vnd.npm.install-v1+json; q=1.0, application/json; q=0.8, */*' +const fullDoc = 'application/json' + +const fetch = require('npm-registry-fetch') + +// TODO: memoize reg requests, so we don't even have to check cache + +const _headers = Symbol('_headers') +class RegistryFetcher extends Fetcher { + constructor (spec, opts) { + super(spec, opts) + + // try to use corgis if available + this.fullMetadata = !!opts.fullMetadata + + // handle case when npm-package-arg guesses wrong. + if (this.spec.type === 'tag' && + this.spec.rawSpec === '' && + this.defaultTag !== 'latest') + this.spec = npa(`${this.spec.name}@${this.defaultTag}`) + this.registry = fetch.pickRegistry(spec, opts) + this.packumentUrl = this.registry.replace(/\/*$/, '/') + + this.spec.escapedName + + // XXX pacote <=9 has some logic to ignore opts.resolved if + // the resolved URL doesn't go to the same registry. + // Consider reproducing that here, to throw away this.resolved + // in that case. + } + + resolve () { + if (this.resolved) + return Promise.resolve(this.resolved) + + // fetching the manifest sets resolved and (usually) integrity + return this.manifest().then(() => { + if (this.resolved) + return this.resolved + + throw Object.assign( + new Error('Invalid package manifest: no `dist.tarball` field'), + { package: this.spec.toString() } + ) + }) + } + + [_headers] () { + return { + // npm will override UA, but ensure that we always send *something* + 'user-agent': this.opts['user-agent'] || + `pacote/${pacoteVersion} node/${process.version}`, + ...(this.opts.headers || {}), + 'pacote-version': pacoteVersion, + 'pacote-req-type': 'packument', + 'pacote-pkg-id': `registry:${this.spec.name}`, + accept: this.fullMetadata ? fullDoc : corgiDoc, + } + } + + packument () { + // npm-registry-fetch the packument + // set the appropriate header for corgis if fullMetadata isn't set + // return the res.json() promise + return fetch(this.packumentUrl, { + ...this.opts, + headers: this[_headers](), + spec: this.spec, + // never check integrity for packuments themselves + integrity: null, + }).then(res => res.json().then(packument => { + packument._cached = res.headers.has('x-local-cache') + packument._contentLength = +res.headers.get('content-length') + return packument + })).catch(er => { + if (er.code === 'E404' && !this.fullMetadata) { + // possible that corgis are not supported by this registry + this.fullMetadata = true + return this.packument() + } + throw er + }) + } + + manifest () { + if (this.package) + return Promise.resolve(this.package) + + return this.packument() + .then(packument => pickManifest(packument, this.spec.fetchSpec, { + ...this.opts, + defaultTag: this.defaultTag, + before: this.before, + }) /* XXX add ETARGET and E403 revalidation of cached packuments here */) + .then(mani => { + // add _resolved and _integrity from dist object + const { dist } = mani + if (dist) { + this.resolved = mani._resolved = dist.tarball + mani._from = this.from + const distIntegrity = dist.integrity ? ssri.parse(dist.integrity) + : dist.shasum ? ssri.fromHex(dist.shasum, 'sha1', {...this.opts}) + : null + if (distIntegrity) { + if (!this.integrity) + this.integrity = distIntegrity + else if (!this.integrity.match(distIntegrity)) { + // only bork if they have algos in common. + // otherwise we end up breaking if we have saved a sha512 + // previously for the tarball, but the manifest only + // provides a sha1, which is possible for older publishes. + // Otherwise, this is almost certainly a case of holding it + // wrong, and will result in weird or insecure behavior + // later on when building package tree. + for (const algo of Object.keys(this.integrity)) { + if (distIntegrity[algo]) { + throw Object.assign(new Error( + `Integrity checksum failed when using ${algo}: `+ + `wanted ${this.integrity} but got ${distIntegrity}.` + ), { code: 'EINTEGRITY' }) + } + } + // made it this far, the integrity is worthwhile. accept it. + // the setter here will take care of merging it into what we + // already had. + this.integrity = distIntegrity + } + } + } + if (this.integrity) + mani._integrity = String(this.integrity) + return this.package = mani + }) + } + + [_tarballFromResolved] () { + // we use a RemoteFetcher to get the actual tarball stream + return new RemoteFetcher(this.resolved, { + ...this.opts, + resolved: this.resolved, + pkgid: `registry:${this.spec.name}@${this.resolved}`, + })[_tarballFromResolved]() + } + + get types () { + return [ + 'tag', + 'version', + 'range', + ] + } +} +module.exports = RegistryFetcher diff --git a/node_modules/pacote/lib/remote.js b/node_modules/pacote/lib/remote.js new file mode 100644 index 000000000..b9cf639b2 --- /dev/null +++ b/node_modules/pacote/lib/remote.js @@ -0,0 +1,71 @@ +const Fetcher = require('./fetcher.js') +const FileFetcher = require('./file.js') +const _tarballFromResolved = Symbol.for('pacote.Fetcher._tarballFromResolved') +const pacoteVersion = require('../package.json').version +const fetch = require('npm-registry-fetch') +const ssri = require('ssri') +const Minipass = require('minipass') + +const _headers = Symbol('_headers') +class RemoteFetcher extends Fetcher { + constructor (spec, opts) { + super(spec, opts) + this.resolved = this.spec.fetchSpec + // nam is a fermented pork sausage that is good to eat + const nameat = this.spec.name ? `${this.spec.name}@` : '' + this.pkgid = opts.pkgid ? opts.pkgid : `remote:${nameat}${this.resolved}` + } + + [_tarballFromResolved] () { + const stream = new Minipass() + const fetchOpts = { + ...this.opts, + headers: this[_headers](), + spec: this.spec, + integrity: this.integrity, + algorithms: [ this.pickIntegrityAlgorithm() ], + } + fetch(this.resolved, fetchOpts).then(res => { + const hash = res.headers.get('x-local-cache-hash') + if (hash) { + this.integrity = decodeURIComponent(hash) + } + + res.body.on('error', + /* istanbul ignore next - exceedingly rare and hard to simulate */ + er => stream.emit('error', er) + ).pipe(stream) + }).catch(er => stream.emit('error', er)) + + return stream + } + + [_headers] () { + return { + // npm will override this, but ensure that we always send *something* + 'user-agent': this.opts['user-agent'] || + `pacote/${pacoteVersion} node/${process.version}`, + ...(this.opts.headers || {}), + 'pacote-version': pacoteVersion, + 'pacote-req-type': 'tarball', + 'pacote-pkg-id': this.pkgid, + ...(this.integrity ? { 'pacote-integrity': String(this.integrity) } + : {}), + } + } + + get types () { + return ['remote'] + } + + // getting a packument and/or manifest is the same as with a file: spec. + // unpack the tarball stream, and then read from the package.json file. + packument () { + return FileFetcher.prototype.packument.apply(this) + } + + manifest () { + return FileFetcher.prototype.manifest.apply(this) + } +} +module.exports = RemoteFetcher diff --git a/node_modules/pacote/lib/util/cache-dir.js b/node_modules/pacote/lib/util/cache-dir.js new file mode 100644 index 000000000..890fe3165 --- /dev/null +++ b/node_modules/pacote/lib/util/cache-dir.js @@ -0,0 +1,12 @@ +const osenv = require('osenv') +const {resolve} = require('path') + +module.exports = (fakePlatform = false) => { + const temp = osenv.tmpdir() + const uidOrPid = process.getuid ? process.getuid() : process.pid + const home = osenv.home() || resolve(temp, 'npm-' + uidOrPid) + const platform = fakePlatform || process.platform + const cacheExtra = platform === 'win32' ? 'npm-cache' : '.npm' + const cacheRoot = (platform === 'win32' && process.env.APPDATA) || home + return resolve(cacheRoot, cacheExtra) +} diff --git a/node_modules/pacote/lib/util/git/clone.js b/node_modules/pacote/lib/util/git/clone.js new file mode 100644 index 000000000..bab91ac72 --- /dev/null +++ b/node_modules/pacote/lib/util/git/clone.js @@ -0,0 +1,138 @@ +// The goal here is to minimize both git workload and +// the number of refs we download over the network. +// +// Every method ends up with the checked out working dir +// at the specified ref, and resolves with the git sha. + +// Only certain whitelisted hosts get shallow cloning. +// Many hosts (including GHE) don't always support it. +// A failed shallow fetch takes a LOT longer than a full +// fetch in most cases, so we skip it entirely. +// Set opts.gitShallow = true/false to force this behavior +// one way or the other. +const shallowHosts = new Set([ + 'github.com', + 'gist.github.com', + 'gitlab.com', + 'bitbucket.com', + 'bitbucket.org', +]) +const { parse } = require('url') + +const revs = require('./revs.js') +const spawn = require('./spawn.js') + +const pickManifest = require('npm-pick-manifest') +const { promisify } = require('util') +const fs = require('fs') +const mkdirp = require('mkdirp') + +module.exports = (repo, ref = 'HEAD', target, spec, opts) => + revs(repo, opts).then(revs => clone( + repo, + revs, + ref, + resolveRef(revs, ref, spec, opts), + target, + opts + )) + +const maybeShallow = (repo, opts) => + opts.gitShallow === false || opts.gitShallow ? opts.gitShallow + : shallowHosts.has(parse(repo).host) + +const isWindows = opts => (opts.fakePlatform || process.platform) === 'win32' + +const clone = (repo, revs, ref, revDoc, target, opts) => + !revDoc ? unresolved(repo, ref, target, opts) + : revDoc.sha === revs.refs.HEAD.sha ? plain(repo, revDoc, target, opts) + : revDoc.type === 'tag' || revDoc.type === 'branch' + ? branch(repo, revDoc, target, opts) + : other(repo, revDoc, target, opts) + +const resolveRef = (revs, ref, spec, opts) => + !revs ? /* istanbul ignore next - will fail anyway, can't pull */ null + : !ref ? revs.refs.HEAD + : spec.gitRange ? pickManifest(revs, spec.gitRange, opts) + : spec.gitCommittish + ? revs.refs[spec.gitCommittish] || + revs.refs[revs.shas[spec.gitCommittish]] || + revs.refs[spec.gitCommittish] + : revs.refs.HEAD + +// pull request or some other kind of advertised ref +const other = (repo, revDoc, target, opts) => { + const shallow = maybeShallow(repo, opts) + + const fetchOrigin = [ 'fetch', 'origin', revDoc.rawRef ] + .concat(shallow ? ['--depth=1'] : []) + + const git = (args) => spawn(args, { cwd: target }, opts) + return mkdirp(target) + .then(() => git(['init'])) + .then(() => isWindows(opts) + ? git(['config', '--local', '--add', 'core.longpaths', 'true']) + : null) + .then(() => git(['remote', 'add', 'origin', repo])) + .then(() => git(fetchOrigin)) + .then(() => git(['checkout', revDoc.sha])) + .then(() => updateSubmodules(target, opts)) + .then(() => revDoc.sha) +} + +// tag or branches. use -b +const branch = (repo, revDoc, target, opts) => { + const args = [ + 'clone', + '-b', + revDoc.ref, + repo, + target, + '--recurse-submodules', + ] + if (maybeShallow(repo, opts)) + args.push('--depth=1') + if (isWindows(opts)) + args.push('--config', 'core.longpaths=true') + return spawn(args, {}, opts).then(() => revDoc.sha) +} + +// just the head. clone it +const plain = (repo, revDoc, target, opts) => { + const args = [ + 'clone', + repo, + target, + '--recurse-submodules' + ] + if (maybeShallow(repo, opts)) + args.push('--depth=1') + if (isWindows(opts)) + args.push('--config', 'core.longpaths=true') + return spawn(args, {}, opts).then(() => revDoc.sha) +} + +const updateSubmodules = (target, opts) => new Promise(res => + fs.stat(target + '/.gitmodules', er => res(er ? null + : spawn([ + 'submodule', + 'update', + '-q', + '--init', + '--recursive' + ], { cwd: target }, opts)))) + +const unresolved = (repo, ref, target, opts) => { + // can't do this one shallowly, because the ref isn't advertised + // but we can avoid checking out the working dir twice, at least + const lp = isWindows(opts) ? ['--config', 'core.longpaths=true'] : [] + const cloneArgs = ['clone', '--mirror', '-q', repo, target + '/.git'] + const git = (args) => spawn(args, { cwd: target }, opts) + return mkdirp(target) + .then(() => git(cloneArgs.concat(lp))) + .then(() => git(['init'])) + .then(() => git(['checkout', ref])) + .then(() => updateSubmodules(target, opts)) + .then(() => git(['rev-parse', '--revs-only', 'HEAD'])) + .then(stdout => stdout.trim()) +} diff --git a/node_modules/pacote/lib/util/git/env.js b/node_modules/pacote/lib/util/git/env.js new file mode 100644 index 000000000..517d1deb7 --- /dev/null +++ b/node_modules/pacote/lib/util/git/env.js @@ -0,0 +1,33 @@ +const uniqueFilename = require('unique-filename') +const { join } = require('path') +const osenv = require('osenv') + +const goodEnvVars = new Set([ + 'GIT_ASKPASS', + 'GIT_EXEC_PATH', + 'GIT_PROXY_COMMAND', + 'GIT_SSH', + 'GIT_SSH_COMMAND', + 'GIT_SSL_CAINFO', + 'GIT_SSL_NO_VERIFY' +]) + +// memoize +let gitEnv + +module.exports = () => { + if (gitEnv) + return gitEnv + + // we set the template dir to an empty folder to give git less to do + const tmpDir = join(osenv.tmpdir(), 'pacote-git-template-tmp') + const tmpName = uniqueFilename(tmpDir, 'git-clone') + return gitEnv = Object.keys(process.env).reduce((gitEnv, k) => { + if (goodEnvVars.has(k) || !k.startsWith('GIT_')) + gitEnv[k] = process.env[k] + return gitEnv + }, { + GIT_ASKPASS: 'echo', + GIT_TEMPLATE_DIR: tmpName + }) +} diff --git a/node_modules/pacote/lib/util/git/index.js b/node_modules/pacote/lib/util/git/index.js new file mode 100644 index 000000000..65c5fadd3 --- /dev/null +++ b/node_modules/pacote/lib/util/git/index.js @@ -0,0 +1,5 @@ +module.exports = { + clone: require('./clone.js'), + revs: require('./revs.js'), + spawn: require('./spawn.js'), +} diff --git a/node_modules/pacote/lib/util/git/lines-to-revs.js b/node_modules/pacote/lib/util/git/lines-to-revs.js new file mode 100644 index 000000000..524e67243 --- /dev/null +++ b/node_modules/pacote/lib/util/git/lines-to-revs.js @@ -0,0 +1,133 @@ +// turn an array of lines from `git ls-remote` into a thing +// vaguely resembling a packument, where docs are a resolved ref + +const semver = require('semver') + +module.exports = lines => finish(lines.reduce(linesToRevsReducer, { + versions: {}, + 'dist-tags': {}, + refs: {}, + shas: {}, +})) + +const finish = revs => distTags(shaList(peelTags(revs))) + +// We can check out shallow clones on specific SHAs if we have a ref +const shaList = revs => { + Object.keys(revs.refs).forEach(ref => { + doc = revs.refs[ref] + if (revs.shas[doc.sha]) + revs.shas[doc.sha].push(ref) + else + revs.shas[doc.sha] = [ref] + }) + return revs +} + + +// Replace any tags with their ^{} counterparts, if those exist +const peelTags = revs => { + Object.keys(revs.refs).filter(ref => ref.endsWith('^{}')).forEach(ref => { + const peeled = revs.refs[ref] + const unpeeled = revs.refs[ref.replace(/\^\{\}$/, '')] + if (unpeeled) { + unpeeled.sha = peeled.sha + delete revs.refs[ref] + } + }) + return revs +} + +const distTags = revs => { + // not entirely sure what situations would result in an + // ichabod repo, but best to be careful in Sleepy Hollow anyway + const HEAD = revs.refs.HEAD || /* istanbul ignore next */ {} + const versions = Object.keys(revs.versions) + versions.forEach(v => { + // simulate a dist-tags with latest pointing at the + // 'latest' branch if one exists and is a version, + // or HEAD if not. + const ver = revs.versions[v] + if (revs.refs.latest && ver.sha === revs.refs.latest.sha) + revs['dist-tags'].latest = v + else if (ver.sha === HEAD.sha) { + revs['dist-tags'].HEAD = v + if (!revs.refs.latest) + revs['dist-tags'].latest = v + } + }) + return revs +} + +const refType = ref => + ref.startsWith('refs/tags/') ? 'tag' + : ref.startsWith('refs/heads/') ? 'branch' + : ref.startsWith('refs/pull/') ? 'pull' + : ref === 'HEAD' ? 'head' + // Could be anything, ignore for now + : /* istanbul ignore next */ 'other' + +// return the doc, or null if we should ignore it. +const lineToRevDoc = line => { + const split = line.trim().split(/\s+/, 2) + if (split.length < 2) + return null + + const sha = split[0].trim() + const rawRef = split[1].trim() + const type = refType(rawRef) + + if (type === 'tag') { + // refs/tags/foo^{} is the 'peeled tag', ie the commit + // that is tagged by refs/tags/foo they resolve to the same + // content, just different objects in git's data structure. + // But, we care about the thing the tag POINTS to, not the tag + // object itself, so we only look at the peeled tag refs, and + // ignore the pointer. + // For now, though, we have to save both, because some tags + // don't have peels, if they were not annotated. + const ref = rawRef.substr('refs/tags/'.length) + return { sha, ref, rawRef, type } + } + + if (type === 'branch') { + const ref = rawRef.substr('refs/heads/'.length) + return { sha, ref, rawRef, type } + } + + if (type === 'pull') { + // NB: merged pull requests installable with #pull/123/merge + // for the merged pr, or #pull/123 for the PR head + const ref = rawRef.substr('refs/'.length).replace(/\/head$/, '') + return { sha, ref, rawRef, type } + } + + if (type === 'head') { + const ref = 'HEAD' + return { sha, ref, rawRef, type } + } + + // at this point, all we can do is leave the ref un-munged + return { sha, ref: rawRef, rawRef, type } +} + +const linesToRevsReducer = (revs, line) => { + const doc = lineToRevDoc(line) + + if (!doc) + return revs + + revs.refs[doc.ref] = doc + revs.refs[doc.rawRef] = doc + + if (doc.type === 'tag') { + // try to pull a semver value out of tags like `release-v1.2.3` + // which is a pretty common pattern. + const match = !doc.ref.endsWith('^{}') && + doc.ref.match(/v?(\d+\.\d+\.\d+(?:[-+].+)?)$/) + if (match && semver.valid(match[1], true)) + revs.versions[semver.clean(match[1], true)] = doc + } + + return revs +} diff --git a/node_modules/pacote/lib/util/git/opts.js b/node_modules/pacote/lib/util/git/opts.js new file mode 100644 index 000000000..c5659d0b8 --- /dev/null +++ b/node_modules/pacote/lib/util/git/opts.js @@ -0,0 +1,16 @@ +const gitEnv = require('./env.js') +module.exports = (_gitOpts = {}, opts = {}) => { + const isRoot = process.getuid && process.getuid() === 0 + const gitOpts = { + env: gitEnv() + } + + if (isRoot && +opts.uid) + gitOpts.uid = +opts.uid + + if (isRoot && +opts.gid) + gitOpts.gid = +opts.gid + + Object.assign(gitOpts, _gitOpts) + return gitOpts +} diff --git a/node_modules/pacote/lib/util/git/revs.js b/node_modules/pacote/lib/util/git/revs.js new file mode 100644 index 000000000..4e4bcf205 --- /dev/null +++ b/node_modules/pacote/lib/util/git/revs.js @@ -0,0 +1,24 @@ +const pinflight = require('promise-inflight') +const spawn = require('./spawn.js') +const LRU = require('lru-cache') + +const revsCache = new LRU({ + max: 100, + maxAge: 5 * 60 * 1000, +}) + +const linesToRevs = require('./lines-to-revs.js') + +module.exports = (repo, opts = {}) => { + if (!opts.noGitRevCache) { + const cached = revsCache.get(repo) + if (cached) + return Promise.resolve(cached) + } + + return pinflight(`ls-remote:${repo}`, () => + spawn(['ls-remote', repo], {}, opts) + .then(stdout => linesToRevs(stdout.trim().split('\n'))) + .then(revs => (revsCache.set(repo, revs), revs)) + ) +} diff --git a/node_modules/pacote/lib/util/git/should-retry.js b/node_modules/pacote/lib/util/git/should-retry.js new file mode 100644 index 000000000..8082bb5d7 --- /dev/null +++ b/node_modules/pacote/lib/util/git/should-retry.js @@ -0,0 +1,17 @@ +const transientErrors = [ + 'remote error: Internal Server Error', + 'The remote end hung up unexpectedly', + 'Connection timed out', + 'Operation timed out', + 'Failed to connect to .* Timed out', + 'Connection reset by peer', + 'SSL_ERROR_SYSCALL', + 'The requested URL returned error: 503' +].join('|') + +const transientErrorRe = new RegExp(transientErrors) + +const maxRetry = 3 + +module.exports = (error, number) => + transientErrorRe.test(error) && (number < maxRetry) diff --git a/node_modules/pacote/lib/util/git/spawn.js b/node_modules/pacote/lib/util/git/spawn.js new file mode 100644 index 000000000..696963be7 --- /dev/null +++ b/node_modules/pacote/lib/util/git/spawn.js @@ -0,0 +1,34 @@ +const spawn = require('../spawn.js') +const promiseRetry = require('promise-retry') +const shouldRetry = require('./should-retry.js') +const whichGit = require('./which.js') +const makeOpts = require('./opts.js') +const procLog = require('../proc-log.js') + +module.exports = (gitArgs, gitOpts, opts = {}) => { + const gitPath = whichGit(opts) + + if (gitPath instanceof Error) + return Promise.reject(gitPath) + + const log = opts.log || procLog + return promiseRetry((retry, number) => { + if (number !== 1) + log.silly('pacote', `Retrying git command: ${ + gitArgs.join(' ')} attempt # ${number}`) + + return spawn(gitPath, gitArgs, makeOpts(gitOpts, opts)) + .catch(er => { + if (shouldRetry(er.stderr, number)) + retry(er) + else + throw er + }) + .then(({stdout}) => stdout) + }, opts.retry !== null && opts.retry !== undefined ? opts.retry : { + retries: opts['fetch-retries'] || 2, + factor: opts['fetch-retry-factor'] || 10, + maxTimeout: opts['fetch-retry-maxtimeout'] || 60000, + minTimeout: opts['fetch-retry-mintimeout'] || 1000, + }) +} diff --git a/node_modules/pacote/lib/util/git/which.js b/node_modules/pacote/lib/util/git/which.js new file mode 100644 index 000000000..9e82d391a --- /dev/null +++ b/node_modules/pacote/lib/util/git/which.js @@ -0,0 +1,11 @@ +const which = require('which') + +let gitPath +try { + gitPath = which.sync('git') +} catch (e) {} + +module.exports = (opts = {}) => + opts.git || + opts.git !== false && gitPath || + Object.assign(new Error('No git binary found in $PATH'), { code: 'ENOGIT' }) diff --git a/node_modules/pacote/lib/util/is-package-bin.js b/node_modules/pacote/lib/util/is-package-bin.js new file mode 100644 index 000000000..35cf06427 --- /dev/null +++ b/node_modules/pacote/lib/util/is-package-bin.js @@ -0,0 +1,24 @@ +// Function to determine whether a path is in the package.bin set. +// Used to prevent issues when people publish a package from a +// windows machine, and then install with --no-bin-links. +// +// Note: this is not possible in remote or file fetchers, since +// we don't have the manifest until AFTER we've unpacked. But the +// main use case is registry fetching with git a distant second, +// so that's an acceptable edge case to not handle. + +const binObj = (name, bin) => + typeof bin === 'string' ? { [name]: bin } : bin + +const hasBin = (pkg, path) => { + const bin = binObj(pkg.name, pkg.bin) + const p = path.replace(/^[^\\\/]*\//, '') + for (const [k, v] of Object.entries(bin)) { + if (v === p) + return true + } + return false +} + +module.exports = (pkg, path) => + pkg && pkg.bin ? hasBin(pkg, path) : false diff --git a/node_modules/pacote/lib/util/npm.js b/node_modules/pacote/lib/util/npm.js new file mode 100644 index 000000000..0bf5093ae --- /dev/null +++ b/node_modules/pacote/lib/util/npm.js @@ -0,0 +1,9 @@ +// run an npm command +const spawn = require('./spawn.js') + +module.exports = (npmBin, npmCommand, cwd, ermsg) => { + const isJS = npmBin.endsWith('.js') + const cmd = isJS ? process.execPath : npmBin + const args = (isJS ? [npmBin] : []).concat(npmCommand) + return spawn(cmd, args, { cwd }, ermsg) +} diff --git a/node_modules/pacote/lib/util/proc-log.js b/node_modules/pacote/lib/util/proc-log.js new file mode 100644 index 000000000..b2bdd9dc9 --- /dev/null +++ b/node_modules/pacote/lib/util/proc-log.js @@ -0,0 +1,21 @@ +// default logger. +// emits 'log' events on the process +const LEVELS = [ + 'notice', + 'error', + 'warn', + 'info', + 'verbose', + 'http', + 'silly', + 'pause', + 'resume' +] + +const log = level => (...args) => process.emit('log', level, ...args) + +const logger = {} +for (const level of LEVELS) { + logger[level] = log(level) +} +module.exports = logger diff --git a/node_modules/pacote/lib/util/spawn.js b/node_modules/pacote/lib/util/spawn.js new file mode 100644 index 000000000..03af72307 --- /dev/null +++ b/node_modules/pacote/lib/util/spawn.js @@ -0,0 +1,36 @@ +const { spawn } = require('child_process') +module.exports = (cmd, args, options, ermsg) => new Promise((res, rej) => { + if (!ermsg) + ermsg = `failed '${[cmd].concat(args).join(' ')}'` + const proc = spawn(cmd, args, options) + const stdout = [] + const stderr = [] + proc.on('error', + /* istanbul ignore next: node 8 just throws from spawn() */ + er => withStdio(rej, er, stdout, stderr)) + if (proc.stdout) { + proc.stdout.on('data', c => stdout.push(c)) + proc.stdout.on('error', er => withStdio(rej, er, stdout, stderr)) + } + if (proc.stderr) { + proc.stderr.on('data', c => stderr.push(c)) + proc.stderr.on('error', er => withStdio(rej, er, stdout, stderr)) + } + proc.on('close', (code, signal) => { + if (code || signal) + return withStdio(rej, Object.assign(new Error(ermsg), { + cmd, + args, + code, + signal, + }), stdout, stderr) + withStdio(res, { cmd, args }, stdout, stderr) + }) +}) + +const withStdio = (resrej, obj, stdout, stderr) => { + return resrej(Object.assign(obj, { + stdout: Buffer.concat(stdout).toString('utf8'), + stderr: Buffer.concat(stderr).toString('utf8'), + })) +} diff --git a/node_modules/pacote/node_modules/.bin/mkdirp b/node_modules/pacote/node_modules/.bin/mkdirp new file mode 120000 index 000000000..017896ceb --- /dev/null +++ b/node_modules/pacote/node_modules/.bin/mkdirp @@ -0,0 +1 @@ +../mkdirp/bin/cmd.js
\ No newline at end of file diff --git a/node_modules/pacote/node_modules/.bin/npm-packlist b/node_modules/pacote/node_modules/.bin/npm-packlist new file mode 120000 index 000000000..b897e4aa5 --- /dev/null +++ b/node_modules/pacote/node_modules/.bin/npm-packlist @@ -0,0 +1 @@ +../npm-packlist/bin/index.js
\ No newline at end of file diff --git a/node_modules/pacote/node_modules/.bin/semver b/node_modules/pacote/node_modules/.bin/semver new file mode 120000 index 000000000..5aaadf42c --- /dev/null +++ b/node_modules/pacote/node_modules/.bin/semver @@ -0,0 +1 @@ +../semver/bin/semver.js
\ No newline at end of file diff --git a/node_modules/pacote/node_modules/glob/LICENSE b/node_modules/pacote/node_modules/glob/LICENSE new file mode 100644 index 000000000..42ca266df --- /dev/null +++ b/node_modules/pacote/node_modules/glob/LICENSE @@ -0,0 +1,21 @@ +The ISC License + +Copyright (c) Isaac Z. Schlueter and Contributors + +Permission to use, copy, modify, and/or distribute this software for any +purpose with or without fee is hereby granted, provided that the above +copyright notice and this permission notice appear in all copies. + +THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR +IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + +## Glob Logo + +Glob's logo created by Tanya Brassie <http://tanyabrassie.com/>, licensed +under a Creative Commons Attribution-ShareAlike 4.0 International License +https://creativecommons.org/licenses/by-sa/4.0/ diff --git a/node_modules/pacote/node_modules/glob/README.md b/node_modules/pacote/node_modules/glob/README.md new file mode 100644 index 000000000..0916a4825 --- /dev/null +++ b/node_modules/pacote/node_modules/glob/README.md @@ -0,0 +1,375 @@ +# Glob + +Match files using the patterns the shell uses, like stars and stuff. + +[](https://travis-ci.org/isaacs/node-glob/) [](https://ci.appveyor.com/project/isaacs/node-glob) [](https://coveralls.io/github/isaacs/node-glob?branch=master) + +This is a glob implementation in JavaScript. It uses the `minimatch` +library to do its matching. + + + +## Usage + +Install with npm + +``` +npm i glob +``` + +```javascript +var glob = require("glob") + +// options is optional +glob("**/*.js", options, function (er, files) { + // files is an array of filenames. + // If the `nonull` option is set, and nothing + // was found, then files is ["**/*.js"] + // er is an error object or null. +}) +``` + +## Glob Primer + +"Globs" are the patterns you type when you do stuff like `ls *.js` on +the command line, or put `build/*` in a `.gitignore` file. + +Before parsing the path part patterns, braced sections are expanded +into a set. Braced sections start with `{` and end with `}`, with any +number of comma-delimited sections within. Braced sections may contain +slash characters, so `a{/b/c,bcd}` would expand into `a/b/c` and `abcd`. + +The following characters have special magic meaning when used in a +path portion: + +* `*` Matches 0 or more characters in a single path portion +* `?` Matches 1 character +* `[...]` Matches a range of characters, similar to a RegExp range. + If the first character of the range is `!` or `^` then it matches + any character not in the range. +* `!(pattern|pattern|pattern)` Matches anything that does not match + any of the patterns provided. +* `?(pattern|pattern|pattern)` Matches zero or one occurrence of the + patterns provided. +* `+(pattern|pattern|pattern)` Matches one or more occurrences of the + patterns provided. +* `*(a|b|c)` Matches zero or more occurrences of the patterns provided +* `@(pattern|pat*|pat?erN)` Matches exactly one of the patterns + provided +* `**` If a "globstar" is alone in a path portion, then it matches + zero or more directories and subdirectories searching for matches. + It does not crawl symlinked directories. + +### Dots + +If a file or directory path portion has a `.` as the first character, +then it will not match any glob pattern unless that pattern's +corresponding path part also has a `.` as its first character. + +For example, the pattern `a/.*/c` would match the file at `a/.b/c`. +However the pattern `a/*/c` would not, because `*` does not start with +a dot character. + +You can make glob treat dots as normal characters by setting +`dot:true` in the options. + +### Basename Matching + +If you set `matchBase:true` in the options, and the pattern has no +slashes in it, then it will seek for any file anywhere in the tree +with a matching basename. For example, `*.js` would match +`test/simple/basic.js`. + +### Empty Sets + +If no matching files are found, then an empty array is returned. This +differs from the shell, where the pattern itself is returned. For +example: + + $ echo a*s*d*f + a*s*d*f + +To get the bash-style behavior, set the `nonull:true` in the options. + +### See Also: + +* `man sh` +* `man bash` (Search for "Pattern Matching") +* `man 3 fnmatch` +* `man 5 gitignore` +* [minimatch documentation](https://github.com/isaacs/minimatch) + +## glob.hasMagic(pattern, [options]) + +Returns `true` if there are any special characters in the pattern, and +`false` otherwise. + +Note that the options affect the results. If `noext:true` is set in +the options object, then `+(a|b)` will not be considered a magic +pattern. If the pattern has a brace expansion, like `a/{b/c,x/y}` +then that is considered magical, unless `nobrace:true` is set in the +options. + +## glob(pattern, [options], cb) + +* `pattern` `{String}` Pattern to be matched +* `options` `{Object}` +* `cb` `{Function}` + * `err` `{Error | null}` + * `matches` `{Array<String>}` filenames found matching the pattern + +Perform an asynchronous glob search. + +## glob.sync(pattern, [options]) + +* `pattern` `{String}` Pattern to be matched +* `options` `{Object}` +* return: `{Array<String>}` filenames found matching the pattern + +Perform a synchronous glob search. + +## Class: glob.Glob + +Create a Glob object by instantiating the `glob.Glob` class. + +```javascript +var Glob = require("glob").Glob +var mg = new Glob(pattern, options, cb) +``` + +It's an EventEmitter, and starts walking the filesystem to find matches +immediately. + +### new glob.Glob(pattern, [options], [cb]) + +* `pattern` `{String}` pattern to search for +* `options` `{Object}` +* `cb` `{Function}` Called when an error occurs, or matches are found + * `err` `{Error | null}` + * `matches` `{Array<String>}` filenames found matching the pattern + +Note that if the `sync` flag is set in the options, then matches will +be immediately available on the `g.found` member. + +### Properties + +* `minimatch` The minimatch object that the glob uses. +* `options` The options object passed in. +* `aborted` Boolean which is set to true when calling `abort()`. There + is no way at this time to continue a glob search after aborting, but + you can re-use the statCache to avoid having to duplicate syscalls. +* `cache` Convenience object. Each field has the following possible + values: + * `false` - Path does not exist + * `true` - Path exists + * `'FILE'` - Path exists, and is not a directory + * `'DIR'` - Path exists, and is a directory + * `[file, entries, ...]` - Path exists, is a directory, and the + array value is the results of `fs.readdir` +* `statCache` Cache of `fs.stat` results, to prevent statting the same + path multiple times. +* `symlinks` A record of which paths are symbolic links, which is + relevant in resolving `**` patterns. +* `realpathCache` An optional object which is passed to `fs.realpath` + to minimize unnecessary syscalls. It is stored on the instantiated + Glob object, and may be re-used. + +### Events + +* `end` When the matching is finished, this is emitted with all the + matches found. If the `nonull` option is set, and no match was found, + then the `matches` list contains the original pattern. The matches + are sorted, unless the `nosort` flag is set. +* `match` Every time a match is found, this is emitted with the specific + thing that matched. It is not deduplicated or resolved to a realpath. +* `error` Emitted when an unexpected error is encountered, or whenever + any fs error occurs if `options.strict` is set. +* `abort` When `abort()` is called, this event is raised. + +### Methods + +* `pause` Temporarily stop the search +* `resume` Resume the search +* `abort` Stop the search forever + +### Options + +All the options that can be passed to Minimatch can also be passed to +Glob to change pattern matching behavior. Also, some have been added, +or have glob-specific ramifications. + +All options are false by default, unless otherwise noted. + +All options are added to the Glob object, as well. + +If you are running many `glob` operations, you can pass a Glob object +as the `options` argument to a subsequent operation to shortcut some +`stat` and `readdir` calls. At the very least, you may pass in shared +`symlinks`, `statCache`, `realpathCache`, and `cache` options, so that +parallel glob operations will be sped up by sharing information about +the filesystem. + +* `cwd` The current working directory in which to search. Defaults + to `process.cwd()`. +* `root` The place where patterns starting with `/` will be mounted + onto. Defaults to `path.resolve(options.cwd, "/")` (`/` on Unix + systems, and `C:\` or some such on Windows.) +* `dot` Include `.dot` files in normal matches and `globstar` matches. + Note that an explicit dot in a portion of the pattern will always + match dot files. +* `nomount` By default, a pattern starting with a forward-slash will be + "mounted" onto the root setting, so that a valid filesystem path is + returned. Set this flag to disable that behavior. +* `mark` Add a `/` character to directory matches. Note that this + requires additional stat calls. +* `nosort` Don't sort the results. +* `stat` Set to true to stat *all* results. This reduces performance + somewhat, and is completely unnecessary, unless `readdir` is presumed + to be an untrustworthy indicator of file existence. +* `silent` When an unusual error is encountered when attempting to + read a directory, a warning will be printed to stderr. Set the + `silent` option to true to suppress these warnings. +* `strict` When an unusual error is encountered when attempting to + read a directory, the process will just continue on in search of + other matches. Set the `strict` option to raise an error in these + cases. +* `cache` See `cache` property above. Pass in a previously generated + cache object to save some fs calls. +* `statCache` A cache of results of filesystem information, to prevent + unnecessary stat calls. While it should not normally be necessary + to set this, you may pass the statCache from one glob() call to the + options object of another, if you know that the filesystem will not + change between calls. (See "Race Conditions" below.) +* `symlinks` A cache of known symbolic links. You may pass in a + previously generated `symlinks` object to save `lstat` calls when + resolving `**` matches. +* `sync` DEPRECATED: use `glob.sync(pattern, opts)` instead. +* `nounique` In some cases, brace-expanded patterns can result in the + same file showing up multiple times in the result set. By default, + this implementation prevents duplicates in the result set. Set this + flag to disable that behavior. +* `nonull` Set to never return an empty set, instead returning a set + containing the pattern itself. This is the default in glob(3). +* `debug` Set to enable debug logging in minimatch and glob. +* `nobrace` Do not expand `{a,b}` and `{1..3}` brace sets. +* `noglobstar` Do not match `**` against multiple filenames. (Ie, + treat it as a normal `*` instead.) +* `noext` Do not match `+(a|b)` "extglob" patterns. +* `nocase` Perform a case-insensitive match. Note: on + case-insensitive filesystems, non-magic patterns will match by + default, since `stat` and `readdir` will not raise errors. +* `matchBase` Perform a basename-only match if the pattern does not + contain any slash characters. That is, `*.js` would be treated as + equivalent to `**/*.js`, matching all js files in all directories. +* `nodir` Do not match directories, only files. (Note: to match + *only* directories, simply put a `/` at the end of the pattern.) +* `ignore` Add a pattern or an array of glob patterns to exclude matches. + Note: `ignore` patterns are *always* in `dot:true` mode, regardless + of any other settings. +* `follow` Follow symlinked directories when expanding `**` patterns. + Note that this can result in a lot of duplicate references in the + presence of cyclic links. +* `realpath` Set to true to call `fs.realpath` on all of the results. + In the case of a symlink that cannot be resolved, the full absolute + path to the matched entry is returned (though it will usually be a + broken symlink) +* `absolute` Set to true to always receive absolute paths for matched + files. Unlike `realpath`, this also affects the values returned in + the `match` event. + +## Comparisons to other fnmatch/glob implementations + +While strict compliance with the existing standards is a worthwhile +goal, some discrepancies exist between node-glob and other +implementations, and are intentional. + +The double-star character `**` is supported by default, unless the +`noglobstar` flag is set. This is supported in the manner of bsdglob +and bash 4.3, where `**` only has special significance if it is the only +thing in a path part. That is, `a/**/b` will match `a/x/y/b`, but +`a/**b` will not. + +Note that symlinked directories are not crawled as part of a `**`, +though their contents may match against subsequent portions of the +pattern. This prevents infinite loops and duplicates and the like. + +If an escaped pattern has no matches, and the `nonull` flag is set, +then glob returns the pattern as-provided, rather than +interpreting the character escapes. For example, +`glob.match([], "\\*a\\?")` will return `"\\*a\\?"` rather than +`"*a?"`. This is akin to setting the `nullglob` option in bash, except +that it does not resolve escaped pattern characters. + +If brace expansion is not disabled, then it is performed before any +other interpretation of the glob pattern. Thus, a pattern like +`+(a|{b),c)}`, which would not be valid in bash or zsh, is expanded +**first** into the set of `+(a|b)` and `+(a|c)`, and those patterns are +checked for validity. Since those two are valid, matching proceeds. + +### Comments and Negation + +Previously, this module let you mark a pattern as a "comment" if it +started with a `#` character, or a "negated" pattern if it started +with a `!` character. + +These options were deprecated in version 5, and removed in version 6. + +To specify things that should not match, use the `ignore` option. + +## Windows + +**Please only use forward-slashes in glob expressions.** + +Though windows uses either `/` or `\` as its path separator, only `/` +characters are used by this glob implementation. You must use +forward-slashes **only** in glob expressions. Back-slashes will always +be interpreted as escape characters, not path separators. + +Results from absolute patterns such as `/foo/*` are mounted onto the +root setting using `path.join`. On windows, this will by default result +in `/foo/*` matching `C:\foo\bar.txt`. + +## Race Conditions + +Glob searching, by its very nature, is susceptible to race conditions, +since it relies on directory walking and such. + +As a result, it is possible that a file that exists when glob looks for +it may have been deleted or modified by the time it returns the result. + +As part of its internal implementation, this program caches all stat +and readdir calls that it makes, in order to cut down on system +overhead. However, this also makes it even more susceptible to races, +especially if the cache or statCache objects are reused between glob +calls. + +Users are thus advised not to use a glob result as a guarantee of +filesystem state in the face of rapid changes. For the vast majority +of operations, this is never a problem. + +## Glob Logo +Glob's logo was created by [Tanya Brassie](http://tanyabrassie.com/). Logo files can be found [here](https://github.com/isaacs/node-glob/tree/master/logo). + +The logo is licensed under a [Creative Commons Attribution-ShareAlike 4.0 International License](https://creativecommons.org/licenses/by-sa/4.0/). + +## Contributing + +Any change to behavior (including bugfixes) must come with a test. + +Patches that fail tests or reduce performance will be rejected. + +``` +# to run tests +npm test + +# to re-generate test fixtures +npm run test-regen + +# to benchmark against bash/zsh +npm run bench + +# to profile javascript +npm run prof +``` + + diff --git a/node_modules/pacote/node_modules/glob/changelog.md b/node_modules/pacote/node_modules/glob/changelog.md new file mode 100644 index 000000000..41636771e --- /dev/null +++ b/node_modules/pacote/node_modules/glob/changelog.md @@ -0,0 +1,67 @@ +## 7.0 + +- Raise error if `options.cwd` is specified, and not a directory + +## 6.0 + +- Remove comment and negation pattern support +- Ignore patterns are always in `dot:true` mode + +## 5.0 + +- Deprecate comment and negation patterns +- Fix regression in `mark` and `nodir` options from making all cache + keys absolute path. +- Abort if `fs.readdir` returns an error that's unexpected +- Don't emit `match` events for ignored items +- Treat ENOTSUP like ENOTDIR in readdir + +## 4.5 + +- Add `options.follow` to always follow directory symlinks in globstar +- Add `options.realpath` to call `fs.realpath` on all results +- Always cache based on absolute path + +## 4.4 + +- Add `options.ignore` +- Fix handling of broken symlinks + +## 4.3 + +- Bump minimatch to 2.x +- Pass all tests on Windows + +## 4.2 + +- Add `glob.hasMagic` function +- Add `options.nodir` flag + +## 4.1 + +- Refactor sync and async implementations for performance +- Throw if callback provided to sync glob function +- Treat symbolic links in globstar results the same as Bash 4.3 + +## 4.0 + +- Use `^` for dependency versions (bumped major because this breaks + older npm versions) +- Ensure callbacks are only ever called once +- switch to ISC license + +## 3.x + +- Rewrite in JavaScript +- Add support for setting root, cwd, and windows support +- Cache many fs calls +- Add globstar support +- emit match events + +## 2.x + +- Use `glob.h` and `fnmatch.h` from NetBSD + +## 1.x + +- `glob.h` static binding. diff --git a/node_modules/pacote/node_modules/glob/common.js b/node_modules/pacote/node_modules/glob/common.js new file mode 100644 index 000000000..66651bb3a --- /dev/null +++ b/node_modules/pacote/node_modules/glob/common.js @@ -0,0 +1,240 @@ +exports.alphasort = alphasort +exports.alphasorti = alphasorti +exports.setopts = setopts +exports.ownProp = ownProp +exports.makeAbs = makeAbs +exports.finish = finish +exports.mark = mark +exports.isIgnored = isIgnored +exports.childrenIgnored = childrenIgnored + +function ownProp (obj, field) { + return Object.prototype.hasOwnProperty.call(obj, field) +} + +var path = require("path") +var minimatch = require("minimatch") +var isAbsolute = require("path-is-absolute") +var Minimatch = minimatch.Minimatch + +function alphasorti (a, b) { + return a.toLowerCase().localeCompare(b.toLowerCase()) +} + +function alphasort (a, b) { + return a.localeCompare(b) +} + +function setupIgnores (self, options) { + self.ignore = options.ignore || [] + + if (!Array.isArray(self.ignore)) + self.ignore = [self.ignore] + + if (self.ignore.length) { + self.ignore = self.ignore.map(ignoreMap) + } +} + +// ignore patterns are always in dot:true mode. +function ignoreMap (pattern) { + var gmatcher = null + if (pattern.slice(-3) === '/**') { + var gpattern = pattern.replace(/(\/\*\*)+$/, '') + gmatcher = new Minimatch(gpattern, { dot: true }) + } + + return { + matcher: new Minimatch(pattern, { dot: true }), + gmatcher: gmatcher + } +} + +function setopts (self, pattern, options) { + if (!options) + options = {} + + // base-matching: just use globstar for that. + if (options.matchBase && -1 === pattern.indexOf("/")) { + if (options.noglobstar) { + throw new Error("base matching requires globstar") + } + pattern = "**/" + pattern + } + + self.silent = !!options.silent + self.pattern = pattern + self.strict = options.strict !== false + self.realpath = !!options.realpath + self.realpathCache = options.realpathCache || Object.create(null) + self.follow = !!options.follow + self.dot = !!options.dot + self.mark = !!options.mark + self.nodir = !!options.nodir + if (self.nodir) + self.mark = true + self.sync = !!options.sync + self.nounique = !!options.nounique + self.nonull = !!options.nonull + self.nosort = !!options.nosort + self.nocase = !!options.nocase + self.stat = !!options.stat + self.noprocess = !!options.noprocess + self.absolute = !!options.absolute + + self.maxLength = options.maxLength || Infinity + self.cache = options.cache || Object.create(null) + self.statCache = options.statCache || Object.create(null) + self.symlinks = options.symlinks || Object.create(null) + + setupIgnores(self, options) + + self.changedCwd = false + var cwd = process.cwd() + if (!ownProp(options, "cwd")) + self.cwd = cwd + else { + self.cwd = path.resolve(options.cwd) + self.changedCwd = self.cwd !== cwd + } + + self.root = options.root || path.resolve(self.cwd, "/") + self.root = path.resolve(self.root) + if (process.platform === "win32") + self.root = self.root.replace(/\\/g, "/") + + // TODO: is an absolute `cwd` supposed to be resolved against `root`? + // e.g. { cwd: '/test', root: __dirname } === path.join(__dirname, '/test') + self.cwdAbs = isAbsolute(self.cwd) ? self.cwd : makeAbs(self, self.cwd) + if (process.platform === "win32") + self.cwdAbs = self.cwdAbs.replace(/\\/g, "/") + self.nomount = !!options.nomount + + // disable comments and negation in Minimatch. + // Note that they are not supported in Glob itself anyway. + options.nonegate = true + options.nocomment = true + + self.minimatch = new Minimatch(pattern, options) + self.options = self.minimatch.options +} + +function finish (self) { + var nou = self.nounique + var all = nou ? [] : Object.create(null) + + for (var i = 0, l = self.matches.length; i < l; i ++) { + var matches = self.matches[i] + if (!matches || Object.keys(matches).length === 0) { + if (self.nonull) { + // do like the shell, and spit out the literal glob + var literal = self.minimatch.globSet[i] + if (nou) + all.push(literal) + else + all[literal] = true + } + } else { + // had matches + var m = Object.keys(matches) + if (nou) + all.push.apply(all, m) + else + m.forEach(function (m) { + all[m] = true + }) + } + } + + if (!nou) + all = Object.keys(all) + + if (!self.nosort) + all = all.sort(self.nocase ? alphasorti : alphasort) + + // at *some* point we statted all of these + if (self.mark) { + for (var i = 0; i < all.length; i++) { + all[i] = self._mark(all[i]) + } + if (self.nodir) { + all = all.filter(function (e) { + var notDir = !(/\/$/.test(e)) + var c = self.cache[e] || self.cache[makeAbs(self, e)] + if (notDir && c) + notDir = c !== 'DIR' && !Array.isArray(c) + return notDir + }) + } + } + + if (self.ignore.length) + all = all.filter(function(m) { + return !isIgnored(self, m) + }) + + self.found = all +} + +function mark (self, p) { + var abs = makeAbs(self, p) + var c = self.cache[abs] + var m = p + if (c) { + var isDir = c === 'DIR' || Array.isArray(c) + var slash = p.slice(-1) === '/' + + if (isDir && !slash) + m += '/' + else if (!isDir && slash) + m = m.slice(0, -1) + + if (m !== p) { + var mabs = makeAbs(self, m) + self.statCache[mabs] = self.statCache[abs] + self.cache[mabs] = self.cache[abs] + } + } + + return m +} + +// lotta situps... +function makeAbs (self, f) { + var abs = f + if (f.charAt(0) === '/') { + abs = path.join(self.root, f) + } else if (isAbsolute(f) || f === '') { + abs = f + } else if (self.changedCwd) { + abs = path.resolve(self.cwd, f) + } else { + abs = path.resolve(f) + } + + if (process.platform === 'win32') + abs = abs.replace(/\\/g, '/') + + return abs +} + + +// Return true, if pattern ends with globstar '**', for the accompanying parent directory. +// Ex:- If node_modules/** is the pattern, add 'node_modules' to ignore list along with it's contents +function isIgnored (self, path) { + if (!self.ignore.length) + return false + + return self.ignore.some(function(item) { + return item.matcher.match(path) || !!(item.gmatcher && item.gmatcher.match(path)) + }) +} + +function childrenIgnored (self, path) { + if (!self.ignore.length) + return false + + return self.ignore.some(function(item) { + return !!(item.gmatcher && item.gmatcher.match(path)) + }) +} diff --git a/node_modules/pacote/node_modules/glob/glob.js b/node_modules/pacote/node_modules/glob/glob.js new file mode 100644 index 000000000..58dec0f6c --- /dev/null +++ b/node_modules/pacote/node_modules/glob/glob.js @@ -0,0 +1,790 @@ +// Approach: +// +// 1. Get the minimatch set +// 2. For each pattern in the set, PROCESS(pattern, false) +// 3. Store matches per-set, then uniq them +// +// PROCESS(pattern, inGlobStar) +// Get the first [n] items from pattern that are all strings +// Join these together. This is PREFIX. +// If there is no more remaining, then stat(PREFIX) and +// add to matches if it succeeds. END. +// +// If inGlobStar and PREFIX is symlink and points to dir +// set ENTRIES = [] +// else readdir(PREFIX) as ENTRIES +// If fail, END +// +// with ENTRIES +// If pattern[n] is GLOBSTAR +// // handle the case where the globstar match is empty +// // by pruning it out, and testing the resulting pattern +// PROCESS(pattern[0..n] + pattern[n+1 .. $], false) +// // handle other cases. +// for ENTRY in ENTRIES (not dotfiles) +// // attach globstar + tail onto the entry +// // Mark that this entry is a globstar match +// PROCESS(pattern[0..n] + ENTRY + pattern[n .. $], true) +// +// else // not globstar +// for ENTRY in ENTRIES (not dotfiles, unless pattern[n] is dot) +// Test ENTRY against pattern[n] +// If fails, continue +// If passes, PROCESS(pattern[0..n] + item + pattern[n+1 .. $]) +// +// Caveat: +// Cache all stats and readdirs results to minimize syscall. Since all +// we ever care about is existence and directory-ness, we can just keep +// `true` for files, and [children,...] for directories, or `false` for +// things that don't exist. + +module.exports = glob + +var fs = require('fs') +var rp = require('fs.realpath') +var minimatch = require('minimatch') +var Minimatch = minimatch.Minimatch +var inherits = require('inherits') +var EE = require('events').EventEmitter +var path = require('path') +var assert = require('assert') +var isAbsolute = require('path-is-absolute') +var globSync = require('./sync.js') +var common = require('./common.js') +var alphasort = common.alphasort +var alphasorti = common.alphasorti +var setopts = common.setopts +var ownProp = common.ownProp +var inflight = require('inflight') +var util = require('util') +var childrenIgnored = common.childrenIgnored +var isIgnored = common.isIgnored + +var once = require('once') + +function glob (pattern, options, cb) { + if (typeof options === 'function') cb = options, options = {} + if (!options) options = {} + + if (options.sync) { + if (cb) + throw new TypeError('callback provided to sync glob') + return globSync(pattern, options) + } + + return new Glob(pattern, options, cb) +} + +glob.sync = globSync +var GlobSync = glob.GlobSync = globSync.GlobSync + +// old api surface +glob.glob = glob + +function extend (origin, add) { + if (add === null || typeof add !== 'object') { + return origin + } + + var keys = Object.keys(add) + var i = keys.length + while (i--) { + origin[keys[i]] = add[keys[i]] + } + return origin +} + +glob.hasMagic = function (pattern, options_) { + var options = extend({}, options_) + options.noprocess = true + + var g = new Glob(pattern, options) + var set = g.minimatch.set + + if (!pattern) + return false + + if (set.length > 1) + return true + + for (var j = 0; j < set[0].length; j++) { + if (typeof set[0][j] !== 'string') + return true + } + + return false +} + +glob.Glob = Glob +inherits(Glob, EE) +function Glob (pattern, options, cb) { + if (typeof options === 'function') { + cb = options + options = null + } + + if (options && options.sync) { + if (cb) + throw new TypeError('callback provided to sync glob') + return new GlobSync(pattern, options) + } + + if (!(this instanceof Glob)) + return new Glob(pattern, options, cb) + + setopts(this, pattern, options) + this._didRealPath = false + + // process each pattern in the minimatch set + var n = this.minimatch.set.length + + // The matches are stored as {<filename>: true,...} so that + // duplicates are automagically pruned. + // Later, we do an Object.keys() on these. + // Keep them as a list so we can fill in when nonull is set. + this.matches = new Array(n) + + if (typeof cb === 'function') { + cb = once(cb) + this.on('error', cb) + this.on('end', function (matches) { + cb(null, matches) + }) + } + + var self = this + this._processing = 0 + + this._emitQueue = [] + this._processQueue = [] + this.paused = false + + if (this.noprocess) + return this + + if (n === 0) + return done() + + var sync = true + for (var i = 0; i < n; i ++) { + this._process(this.minimatch.set[i], i, false, done) + } + sync = false + + function done () { + --self._processing + if (self._processing <= 0) { + if (sync) { + process.nextTick(function () { + self._finish() + }) + } else { + self._finish() + } + } + } +} + +Glob.prototype._finish = function () { + assert(this instanceof Glob) + if (this.aborted) + return + + if (this.realpath && !this._didRealpath) + return this._realpath() + + common.finish(this) + this.emit('end', this.found) +} + +Glob.prototype._realpath = function () { + if (this._didRealpath) + return + + this._didRealpath = true + + var n = this.matches.length + if (n === 0) + return this._finish() + + var self = this + for (var i = 0; i < this.matches.length; i++) + this._realpathSet(i, next) + + function next () { + if (--n === 0) + self._finish() + } +} + +Glob.prototype._realpathSet = function (index, cb) { + var matchset = this.matches[index] + if (!matchset) + return cb() + + var found = Object.keys(matchset) + var self = this + var n = found.length + + if (n === 0) + return cb() + + var set = this.matches[index] = Object.create(null) + found.forEach(function (p, i) { + // If there's a problem with the stat, then it means that + // one or more of the links in the realpath couldn't be + // resolved. just return the abs value in that case. + p = self._makeAbs(p) + rp.realpath(p, self.realpathCache, function (er, real) { + if (!er) + set[real] = true + else if (er.syscall === 'stat') + set[p] = true + else + self.emit('error', er) // srsly wtf right here + + if (--n === 0) { + self.matches[index] = set + cb() + } + }) + }) +} + +Glob.prototype._mark = function (p) { + return common.mark(this, p) +} + +Glob.prototype._makeAbs = function (f) { + return common.makeAbs(this, f) +} + +Glob.prototype.abort = function () { + this.aborted = true + this.emit('abort') +} + +Glob.prototype.pause = function () { + if (!this.paused) { + this.paused = true + this.emit('pause') + } +} + +Glob.prototype.resume = function () { + if (this.paused) { + this.emit('resume') + this.paused = false + if (this._emitQueue.length) { + var eq = this._emitQueue.slice(0) + this._emitQueue.length = 0 + for (var i = 0; i < eq.length; i ++) { + var e = eq[i] + this._emitMatch(e[0], e[1]) + } + } + if (this._processQueue.length) { + var pq = this._processQueue.slice(0) + this._processQueue.length = 0 + for (var i = 0; i < pq.length; i ++) { + var p = pq[i] + this._processing-- + this._process(p[0], p[1], p[2], p[3]) + } + } + } +} + +Glob.prototype._process = function (pattern, index, inGlobStar, cb) { + assert(this instanceof Glob) + assert(typeof cb === 'function') + + if (this.aborted) + return + + this._processing++ + if (this.paused) { + this._processQueue.push([pattern, index, inGlobStar, cb]) + return + } + + //console.error('PROCESS %d', this._processing, pattern) + + // Get the first [n] parts of pattern that are all strings. + var n = 0 + while (typeof pattern[n] === 'string') { + n ++ + } + // now n is the index of the first one that is *not* a string. + + // see if there's anything else + var prefix + switch (n) { + // if not, then this is rather simple + case pattern.length: + this._processSimple(pattern.join('/'), index, cb) + return + + case 0: + // pattern *starts* with some non-trivial item. + // going to readdir(cwd), but not include the prefix in matches. + prefix = null + break + + default: + // pattern has some string bits in the front. + // whatever it starts with, whether that's 'absolute' like /foo/bar, + // or 'relative' like '../baz' + prefix = pattern.slice(0, n).join('/') + break + } + + var remain = pattern.slice(n) + + // get the list of entries. + var read + if (prefix === null) + read = '.' + else if (isAbsolute(prefix) || isAbsolute(pattern.join('/'))) { + if (!prefix || !isAbsolute(prefix)) + prefix = '/' + prefix + read = prefix + } else + read = prefix + + var abs = this._makeAbs(read) + + //if ignored, skip _processing + if (childrenIgnored(this, read)) + return cb() + + var isGlobStar = remain[0] === minimatch.GLOBSTAR + if (isGlobStar) + this._processGlobStar(prefix, read, abs, remain, index, inGlobStar, cb) + else + this._processReaddir(prefix, read, abs, remain, index, inGlobStar, cb) +} + +Glob.prototype._processReaddir = function (prefix, read, abs, remain, index, inGlobStar, cb) { + var self = this + this._readdir(abs, inGlobStar, function (er, entries) { + return self._processReaddir2(prefix, read, abs, remain, index, inGlobStar, entries, cb) + }) +} + +Glob.prototype._processReaddir2 = function (prefix, read, abs, remain, index, inGlobStar, entries, cb) { + + // if the abs isn't a dir, then nothing can match! + if (!entries) + return cb() + + // It will only match dot entries if it starts with a dot, or if + // dot is set. Stuff like @(.foo|.bar) isn't allowed. + var pn = remain[0] + var negate = !!this.minimatch.negate + var rawGlob = pn._glob + var dotOk = this.dot || rawGlob.charAt(0) === '.' + + var matchedEntries = [] + for (var i = 0; i < entries.length; i++) { + var e = entries[i] + if (e.charAt(0) !== '.' || dotOk) { + var m + if (negate && !prefix) { + m = !e.match(pn) + } else { + m = e.match(pn) + } + if (m) + matchedEntries.push(e) + } + } + + //console.error('prd2', prefix, entries, remain[0]._glob, matchedEntries) + + var len = matchedEntries.length + // If there are no matched entries, then nothing matches. + if (len === 0) + return cb() + + // if this is the last remaining pattern bit, then no need for + // an additional stat *unless* the user has specified mark or + // stat explicitly. We know they exist, since readdir returned + // them. + + if (remain.length === 1 && !this.mark && !this.stat) { + if (!this.matches[index]) + this.matches[index] = Object.create(null) + + for (var i = 0; i < len; i ++) { + var e = matchedEntries[i] + if (prefix) { + if (prefix !== '/') + e = prefix + '/' + e + else + e = prefix + e + } + + if (e.charAt(0) === '/' && !this.nomount) { + e = path.join(this.root, e) + } + this._emitMatch(index, e) + } + // This was the last one, and no stats were needed + return cb() + } + + // now test all matched entries as stand-ins for that part + // of the pattern. + remain.shift() + for (var i = 0; i < len; i ++) { + var e = matchedEntries[i] + var newPattern + if (prefix) { + if (prefix !== '/') + e = prefix + '/' + e + else + e = prefix + e + } + this._process([e].concat(remain), index, inGlobStar, cb) + } + cb() +} + +Glob.prototype._emitMatch = function (index, e) { + if (this.aborted) + return + + if (isIgnored(this, e)) + return + + if (this.paused) { + this._emitQueue.push([index, e]) + return + } + + var abs = isAbsolute(e) ? e : this._makeAbs(e) + + if (this.mark) + e = this._mark(e) + + if (this.absolute) + e = abs + + if (this.matches[index][e]) + return + + if (this.nodir) { + var c = this.cache[abs] + if (c === 'DIR' || Array.isArray(c)) + return + } + + this.matches[index][e] = true + + var st = this.statCache[abs] + if (st) + this.emit('stat', e, st) + + this.emit('match', e) +} + +Glob.prototype._readdirInGlobStar = function (abs, cb) { + if (this.aborted) + return + + // follow all symlinked directories forever + // just proceed as if this is a non-globstar situation + if (this.follow) + return this._readdir(abs, false, cb) + + var lstatkey = 'lstat\0' + abs + var self = this + var lstatcb = inflight(lstatkey, lstatcb_) + + if (lstatcb) + fs.lstat(abs, lstatcb) + + function lstatcb_ (er, lstat) { + if (er && er.code === 'ENOENT') + return cb() + + var isSym = lstat && lstat.isSymbolicLink() + self.symlinks[abs] = isSym + + // If it's not a symlink or a dir, then it's definitely a regular file. + // don't bother doing a readdir in that case. + if (!isSym && lstat && !lstat.isDirectory()) { + self.cache[abs] = 'FILE' + cb() + } else + self._readdir(abs, false, cb) + } +} + +Glob.prototype._readdir = function (abs, inGlobStar, cb) { + if (this.aborted) + return + + cb = inflight('readdir\0'+abs+'\0'+inGlobStar, cb) + if (!cb) + return + + //console.error('RD %j %j', +inGlobStar, abs) + if (inGlobStar && !ownProp(this.symlinks, abs)) + return this._readdirInGlobStar(abs, cb) + + if (ownProp(this.cache, abs)) { + var c = this.cache[abs] + if (!c || c === 'FILE') + return cb() + + if (Array.isArray(c)) + return cb(null, c) + } + + var self = this + fs.readdir(abs, readdirCb(this, abs, cb)) +} + +function readdirCb (self, abs, cb) { + return function (er, entries) { + if (er) + self._readdirError(abs, er, cb) + else + self._readdirEntries(abs, entries, cb) + } +} + +Glob.prototype._readdirEntries = function (abs, entries, cb) { + if (this.aborted) + return + + // if we haven't asked to stat everything, then just + // assume that everything in there exists, so we can avoid + // having to stat it a second time. + if (!this.mark && !this.stat) { + for (var i = 0; i < entries.length; i ++) { + var e = entries[i] + if (abs === '/') + e = abs + e + else + e = abs + '/' + e + this.cache[e] = true + } + } + + this.cache[abs] = entries + return cb(null, entries) +} + +Glob.prototype._readdirError = function (f, er, cb) { + if (this.aborted) + return + + // handle errors, and cache the information + switch (er.code) { + case 'ENOTSUP': // https://github.com/isaacs/node-glob/issues/205 + case 'ENOTDIR': // totally normal. means it *does* exist. + var abs = this._makeAbs(f) + this.cache[abs] = 'FILE' + if (abs === this.cwdAbs) { + var error = new Error(er.code + ' invalid cwd ' + this.cwd) + error.path = this.cwd + error.code = er.code + this.emit('error', error) + this.abort() + } + break + + case 'ENOENT': // not terribly unusual + case 'ELOOP': + case 'ENAMETOOLONG': + case 'UNKNOWN': + this.cache[this._makeAbs(f)] = false + break + + default: // some unusual error. Treat as failure. + this.cache[this._makeAbs(f)] = false + if (this.strict) { + this.emit('error', er) + // If the error is handled, then we abort + // if not, we threw out of here + this.abort() + } + if (!this.silent) + console.error('glob error', er) + break + } + + return cb() +} + +Glob.prototype._processGlobStar = function (prefix, read, abs, remain, index, inGlobStar, cb) { + var self = this + this._readdir(abs, inGlobStar, function (er, entries) { + self._processGlobStar2(prefix, read, abs, remain, index, inGlobStar, entries, cb) + }) +} + + +Glob.prototype._processGlobStar2 = function (prefix, read, abs, remain, index, inGlobStar, entries, cb) { + //console.error('pgs2', prefix, remain[0], entries) + + // no entries means not a dir, so it can never have matches + // foo.txt/** doesn't match foo.txt + if (!entries) + return cb() + + // test without the globstar, and with every child both below + // and replacing the globstar. + var remainWithoutGlobStar = remain.slice(1) + var gspref = prefix ? [ prefix ] : [] + var noGlobStar = gspref.concat(remainWithoutGlobStar) + + // the noGlobStar pattern exits the inGlobStar state + this._process(noGlobStar, index, false, cb) + + var isSym = this.symlinks[abs] + var len = entries.length + + // If it's a symlink, and we're in a globstar, then stop + if (isSym && inGlobStar) + return cb() + + for (var i = 0; i < len; i++) { + var e = entries[i] + if (e.charAt(0) === '.' && !this.dot) + continue + + // these two cases enter the inGlobStar state + var instead = gspref.concat(entries[i], remainWithoutGlobStar) + this._process(instead, index, true, cb) + + var below = gspref.concat(entries[i], remain) + this._process(below, index, true, cb) + } + + cb() +} + +Glob.prototype._processSimple = function (prefix, index, cb) { + // XXX review this. Shouldn't it be doing the mounting etc + // before doing stat? kinda weird? + var self = this + this._stat(prefix, function (er, exists) { + self._processSimple2(prefix, index, er, exists, cb) + }) +} +Glob.prototype._processSimple2 = function (prefix, index, er, exists, cb) { + + //console.error('ps2', prefix, exists) + + if (!this.matches[index]) + this.matches[index] = Object.create(null) + + // If it doesn't exist, then just mark the lack of results + if (!exists) + return cb() + + if (prefix && isAbsolute(prefix) && !this.nomount) { + var trail = /[\/\\]$/.test(prefix) + if (prefix.charAt(0) === '/') { + prefix = path.join(this.root, prefix) + } else { + prefix = path.resolve(this.root, prefix) + if (trail) + prefix += '/' + } + } + + if (process.platform === 'win32') + prefix = prefix.replace(/\\/g, '/') + + // Mark this as a match + this._emitMatch(index, prefix) + cb() +} + +// Returns either 'DIR', 'FILE', or false +Glob.prototype._stat = function (f, cb) { + var abs = this._makeAbs(f) + var needDir = f.slice(-1) === '/' + + if (f.length > this.maxLength) + return cb() + + if (!this.stat && ownProp(this.cache, abs)) { + var c = this.cache[abs] + + if (Array.isArray(c)) + c = 'DIR' + + // It exists, but maybe not how we need it + if (!needDir || c === 'DIR') + return cb(null, c) + + if (needDir && c === 'FILE') + return cb() + + // otherwise we have to stat, because maybe c=true + // if we know it exists, but not what it is. + } + + var exists + var stat = this.statCache[abs] + if (stat !== undefined) { + if (stat === false) + return cb(null, stat) + else { + var type = stat.isDirectory() ? 'DIR' : 'FILE' + if (needDir && type === 'FILE') + return cb() + else + return cb(null, type, stat) + } + } + + var self = this + var statcb = inflight('stat\0' + abs, lstatcb_) + if (statcb) + fs.lstat(abs, statcb) + + function lstatcb_ (er, lstat) { + if (lstat && lstat.isSymbolicLink()) { + // If it's a symlink, then treat it as the target, unless + // the target does not exist, then treat it as a file. + return fs.stat(abs, function (er, stat) { + if (er) + self._stat2(f, abs, null, lstat, cb) + else + self._stat2(f, abs, er, stat, cb) + }) + } else { + self._stat2(f, abs, er, lstat, cb) + } + } +} + +Glob.prototype._stat2 = function (f, abs, er, stat, cb) { + if (er && (er.code === 'ENOENT' || er.code === 'ENOTDIR')) { + this.statCache[abs] = false + return cb() + } + + var needDir = f.slice(-1) === '/' + this.statCache[abs] = stat + + if (abs.slice(-1) === '/' && stat && !stat.isDirectory()) + return cb(null, false, stat) + + var c = true + if (stat) + c = stat.isDirectory() ? 'DIR' : 'FILE' + this.cache[abs] = this.cache[abs] || c + + if (needDir && c === 'FILE') + return cb() + + return cb(null, c, stat) +} diff --git a/node_modules/pacote/node_modules/glob/package.json b/node_modules/pacote/node_modules/glob/package.json new file mode 100644 index 000000000..8e02c3583 --- /dev/null +++ b/node_modules/pacote/node_modules/glob/package.json @@ -0,0 +1,79 @@ +{ + "_from": "glob@^7.1.6", + "_id": "glob@7.1.6", + "_inBundle": false, + "_integrity": "sha512-LwaxwyZ72Lk7vZINtNNrywX0ZuLyStrdDtabefZKAY5ZGJhVtgdznluResxNmPitE0SAO+O26sWTHeKSI2wMBA==", + "_location": "/pacote/glob", + "_phantomChildren": {}, + "_requested": { + "type": "range", + "registry": true, + "raw": "glob@^7.1.6", + "name": "glob", + "escapedName": "glob", + "rawSpec": "^7.1.6", + "saveSpec": null, + "fetchSpec": "^7.1.6" + }, + "_requiredBy": [ + "/pacote/npm-packlist" + ], + "_resolved": "https://registry.npmjs.org/glob/-/glob-7.1.6.tgz", + "_shasum": "141f33b81a7c2492e125594307480c46679278a6", + "_spec": "glob@^7.1.6", + "_where": "/Users/claudiahdz/npm/cli/node_modules/pacote/node_modules/npm-packlist", + "author": { + "name": "Isaac Z. Schlueter", + "email": "i@izs.me", + "url": "http://blog.izs.me/" + }, + "bugs": { + "url": "https://github.com/isaacs/node-glob/issues" + }, + "bundleDependencies": false, + "dependencies": { + "fs.realpath": "^1.0.0", + "inflight": "^1.0.4", + "inherits": "2", + "minimatch": "^3.0.4", + "once": "^1.3.0", + "path-is-absolute": "^1.0.0" + }, + "deprecated": false, + "description": "a little globber", + "devDependencies": { + "mkdirp": "0", + "rimraf": "^2.2.8", + "tap": "^12.0.1", + "tick": "0.0.6" + }, + "engines": { + "node": "*" + }, + "files": [ + "glob.js", + "sync.js", + "common.js" + ], + "funding": { + "url": "https://github.com/sponsors/isaacs" + }, + "homepage": "https://github.com/isaacs/node-glob#readme", + "license": "ISC", + "main": "glob.js", + "name": "glob", + "repository": { + "type": "git", + "url": "git://github.com/isaacs/node-glob.git" + }, + "scripts": { + "bench": "bash benchmark.sh", + "benchclean": "node benchclean.js", + "prepublish": "npm run benchclean", + "prof": "bash prof.sh && cat profile.txt", + "profclean": "rm -f v8.log profile.txt", + "test": "tap test/*.js --cov", + "test-regen": "npm run profclean && TEST_REGEN=1 node test/00-setup.js" + }, + "version": "7.1.6" +} diff --git a/node_modules/pacote/node_modules/glob/sync.js b/node_modules/pacote/node_modules/glob/sync.js new file mode 100644 index 000000000..c952134ba --- /dev/null +++ b/node_modules/pacote/node_modules/glob/sync.js @@ -0,0 +1,486 @@ +module.exports = globSync +globSync.GlobSync = GlobSync + +var fs = require('fs') +var rp = require('fs.realpath') +var minimatch = require('minimatch') +var Minimatch = minimatch.Minimatch +var Glob = require('./glob.js').Glob +var util = require('util') +var path = require('path') +var assert = require('assert') +var isAbsolute = require('path-is-absolute') +var common = require('./common.js') +var alphasort = common.alphasort +var alphasorti = common.alphasorti +var setopts = common.setopts +var ownProp = common.ownProp +var childrenIgnored = common.childrenIgnored +var isIgnored = common.isIgnored + +function globSync (pattern, options) { + if (typeof options === 'function' || arguments.length === 3) + throw new TypeError('callback provided to sync glob\n'+ + 'See: https://github.com/isaacs/node-glob/issues/167') + + return new GlobSync(pattern, options).found +} + +function GlobSync (pattern, options) { + if (!pattern) + throw new Error('must provide pattern') + + if (typeof options === 'function' || arguments.length === 3) + throw new TypeError('callback provided to sync glob\n'+ + 'See: https://github.com/isaacs/node-glob/issues/167') + + if (!(this instanceof GlobSync)) + return new GlobSync(pattern, options) + + setopts(this, pattern, options) + + if (this.noprocess) + return this + + var n = this.minimatch.set.length + this.matches = new Array(n) + for (var i = 0; i < n; i ++) { + this._process(this.minimatch.set[i], i, false) + } + this._finish() +} + +GlobSync.prototype._finish = function () { + assert(this instanceof GlobSync) + if (this.realpath) { + var self = this + this.matches.forEach(function (matchset, index) { + var set = self.matches[index] = Object.create(null) + for (var p in matchset) { + try { + p = self._makeAbs(p) + var real = rp.realpathSync(p, self.realpathCache) + set[real] = true + } catch (er) { + if (er.syscall === 'stat') + set[self._makeAbs(p)] = true + else + throw er + } + } + }) + } + common.finish(this) +} + + +GlobSync.prototype._process = function (pattern, index, inGlobStar) { + assert(this instanceof GlobSync) + + // Get the first [n] parts of pattern that are all strings. + var n = 0 + while (typeof pattern[n] === 'string') { + n ++ + } + // now n is the index of the first one that is *not* a string. + + // See if there's anything else + var prefix + switch (n) { + // if not, then this is rather simple + case pattern.length: + this._processSimple(pattern.join('/'), index) + return + + case 0: + // pattern *starts* with some non-trivial item. + // going to readdir(cwd), but not include the prefix in matches. + prefix = null + break + + default: + // pattern has some string bits in the front. + // whatever it starts with, whether that's 'absolute' like /foo/bar, + // or 'relative' like '../baz' + prefix = pattern.slice(0, n).join('/') + break + } + + var remain = pattern.slice(n) + + // get the list of entries. + var read + if (prefix === null) + read = '.' + else if (isAbsolute(prefix) || isAbsolute(pattern.join('/'))) { + if (!prefix || !isAbsolute(prefix)) + prefix = '/' + prefix + read = prefix + } else + read = prefix + + var abs = this._makeAbs(read) + + //if ignored, skip processing + if (childrenIgnored(this, read)) + return + + var isGlobStar = remain[0] === minimatch.GLOBSTAR + if (isGlobStar) + this._processGlobStar(prefix, read, abs, remain, index, inGlobStar) + else + this._processReaddir(prefix, read, abs, remain, index, inGlobStar) +} + + +GlobSync.prototype._processReaddir = function (prefix, read, abs, remain, index, inGlobStar) { + var entries = this._readdir(abs, inGlobStar) + + // if the abs isn't a dir, then nothing can match! + if (!entries) + return + + // It will only match dot entries if it starts with a dot, or if + // dot is set. Stuff like @(.foo|.bar) isn't allowed. + var pn = remain[0] + var negate = !!this.minimatch.negate + var rawGlob = pn._glob + var dotOk = this.dot || rawGlob.charAt(0) === '.' + + var matchedEntries = [] + for (var i = 0; i < entries.length; i++) { + var e = entries[i] + if (e.charAt(0) !== '.' || dotOk) { + var m + if (negate && !prefix) { + m = !e.match(pn) + } else { + m = e.match(pn) + } + if (m) + matchedEntries.push(e) + } + } + + var len = matchedEntries.length + // If there are no matched entries, then nothing matches. + if (len === 0) + return + + // if this is the last remaining pattern bit, then no need for + // an additional stat *unless* the user has specified mark or + // stat explicitly. We know they exist, since readdir returned + // them. + + if (remain.length === 1 && !this.mark && !this.stat) { + if (!this.matches[index]) + this.matches[index] = Object.create(null) + + for (var i = 0; i < len; i ++) { + var e = matchedEntries[i] + if (prefix) { + if (prefix.slice(-1) !== '/') + e = prefix + '/' + e + else + e = prefix + e + } + + if (e.charAt(0) === '/' && !this.nomount) { + e = path.join(this.root, e) + } + this._emitMatch(index, e) + } + // This was the last one, and no stats were needed + return + } + + // now test all matched entries as stand-ins for that part + // of the pattern. + remain.shift() + for (var i = 0; i < len; i ++) { + var e = matchedEntries[i] + var newPattern + if (prefix) + newPattern = [prefix, e] + else + newPattern = [e] + this._process(newPattern.concat(remain), index, inGlobStar) + } +} + + +GlobSync.prototype._emitMatch = function (index, e) { + if (isIgnored(this, e)) + return + + var abs = this._makeAbs(e) + + if (this.mark) + e = this._mark(e) + + if (this.absolute) { + e = abs + } + + if (this.matches[index][e]) + return + + if (this.nodir) { + var c = this.cache[abs] + if (c === 'DIR' || Array.isArray(c)) + return + } + + this.matches[index][e] = true + + if (this.stat) + this._stat(e) +} + + +GlobSync.prototype._readdirInGlobStar = function (abs) { + // follow all symlinked directories forever + // just proceed as if this is a non-globstar situation + if (this.follow) + return this._readdir(abs, false) + + var entries + var lstat + var stat + try { + lstat = fs.lstatSync(abs) + } catch (er) { + if (er.code === 'ENOENT') { + // lstat failed, doesn't exist + return null + } + } + + var isSym = lstat && lstat.isSymbolicLink() + this.symlinks[abs] = isSym + + // If it's not a symlink or a dir, then it's definitely a regular file. + // don't bother doing a readdir in that case. + if (!isSym && lstat && !lstat.isDirectory()) + this.cache[abs] = 'FILE' + else + entries = this._readdir(abs, false) + + return entries +} + +GlobSync.prototype._readdir = function (abs, inGlobStar) { + var entries + + if (inGlobStar && !ownProp(this.symlinks, abs)) + return this._readdirInGlobStar(abs) + + if (ownProp(this.cache, abs)) { + var c = this.cache[abs] + if (!c || c === 'FILE') + return null + + if (Array.isArray(c)) + return c + } + + try { + return this._readdirEntries(abs, fs.readdirSync(abs)) + } catch (er) { + this._readdirError(abs, er) + return null + } +} + +GlobSync.prototype._readdirEntries = function (abs, entries) { + // if we haven't asked to stat everything, then just + // assume that everything in there exists, so we can avoid + // having to stat it a second time. + if (!this.mark && !this.stat) { + for (var i = 0; i < entries.length; i ++) { + var e = entries[i] + if (abs === '/') + e = abs + e + else + e = abs + '/' + e + this.cache[e] = true + } + } + + this.cache[abs] = entries + + // mark and cache dir-ness + return entries +} + +GlobSync.prototype._readdirError = function (f, er) { + // handle errors, and cache the information + switch (er.code) { + case 'ENOTSUP': // https://github.com/isaacs/node-glob/issues/205 + case 'ENOTDIR': // totally normal. means it *does* exist. + var abs = this._makeAbs(f) + this.cache[abs] = 'FILE' + if (abs === this.cwdAbs) { + var error = new Error(er.code + ' invalid cwd ' + this.cwd) + error.path = this.cwd + error.code = er.code + throw error + } + break + + case 'ENOENT': // not terribly unusual + case 'ELOOP': + case 'ENAMETOOLONG': + case 'UNKNOWN': + this.cache[this._makeAbs(f)] = false + break + + default: // some unusual error. Treat as failure. + this.cache[this._makeAbs(f)] = false + if (this.strict) + throw er + if (!this.silent) + console.error('glob error', er) + break + } +} + +GlobSync.prototype._processGlobStar = function (prefix, read, abs, remain, index, inGlobStar) { + + var entries = this._readdir(abs, inGlobStar) + + // no entries means not a dir, so it can never have matches + // foo.txt/** doesn't match foo.txt + if (!entries) + return + + // test without the globstar, and with every child both below + // and replacing the globstar. + var remainWithoutGlobStar = remain.slice(1) + var gspref = prefix ? [ prefix ] : [] + var noGlobStar = gspref.concat(remainWithoutGlobStar) + + // the noGlobStar pattern exits the inGlobStar state + this._process(noGlobStar, index, false) + + var len = entries.length + var isSym = this.symlinks[abs] + + // If it's a symlink, and we're in a globstar, then stop + if (isSym && inGlobStar) + return + + for (var i = 0; i < len; i++) { + var e = entries[i] + if (e.charAt(0) === '.' && !this.dot) + continue + + // these two cases enter the inGlobStar state + var instead = gspref.concat(entries[i], remainWithoutGlobStar) + this._process(instead, index, true) + + var below = gspref.concat(entries[i], remain) + this._process(below, index, true) + } +} + +GlobSync.prototype._processSimple = function (prefix, index) { + // XXX review this. Shouldn't it be doing the mounting etc + // before doing stat? kinda weird? + var exists = this._stat(prefix) + + if (!this.matches[index]) + this.matches[index] = Object.create(null) + + // If it doesn't exist, then just mark the lack of results + if (!exists) + return + + if (prefix && isAbsolute(prefix) && !this.nomount) { + var trail = /[\/\\]$/.test(prefix) + if (prefix.charAt(0) === '/') { + prefix = path.join(this.root, prefix) + } else { + prefix = path.resolve(this.root, prefix) + if (trail) + prefix += '/' + } + } + + if (process.platform === 'win32') + prefix = prefix.replace(/\\/g, '/') + + // Mark this as a match + this._emitMatch(index, prefix) +} + +// Returns either 'DIR', 'FILE', or false +GlobSync.prototype._stat = function (f) { + var abs = this._makeAbs(f) + var needDir = f.slice(-1) === '/' + + if (f.length > this.maxLength) + return false + + if (!this.stat && ownProp(this.cache, abs)) { + var c = this.cache[abs] + + if (Array.isArray(c)) + c = 'DIR' + + // It exists, but maybe not how we need it + if (!needDir || c === 'DIR') + return c + + if (needDir && c === 'FILE') + return false + + // otherwise we have to stat, because maybe c=true + // if we know it exists, but not what it is. + } + + var exists + var stat = this.statCache[abs] + if (!stat) { + var lstat + try { + lstat = fs.lstatSync(abs) + } catch (er) { + if (er && (er.code === 'ENOENT' || er.code === 'ENOTDIR')) { + this.statCache[abs] = false + return false + } + } + + if (lstat && lstat.isSymbolicLink()) { + try { + stat = fs.statSync(abs) + } catch (er) { + stat = lstat + } + } else { + stat = lstat + } + } + + this.statCache[abs] = stat + + var c = true + if (stat) + c = stat.isDirectory() ? 'DIR' : 'FILE' + + this.cache[abs] = this.cache[abs] || c + + if (needDir && c === 'FILE') + return false + + return c +} + +GlobSync.prototype._mark = function (p) { + return common.mark(this, p) +} + +GlobSync.prototype._makeAbs = function (f) { + return common.makeAbs(this, f) +} diff --git a/node_modules/pacote/node_modules/minipass/README.md b/node_modules/pacote/node_modules/minipass/README.md index c989beea0..32ace2fb9 100644 --- a/node_modules/pacote/node_modules/minipass/README.md +++ b/node_modules/pacote/node_modules/minipass/README.md @@ -7,32 +7,32 @@ stream](https://nodejs.org/api/stream.html#stream_class_stream_passthrough) fast](https://docs.google.com/spreadsheets/d/1oObKSrVwLX_7Ut4Z6g3fZW-AX1j1-k6w-cDsrkaSbHM/edit#gid=0) for objects, strings, and buffers. -Supports pipe()ing (including multi-pipe() and backpressure -transmission), buffering data until either a `data` event handler or -`pipe()` is added (so you don't lose the first chunk), and most other -cases where PassThrough is a good idea. +Supports pipe()ing (including multi-pipe() and backpressure transmission), +buffering data until either a `data` event handler or `pipe()` is added (so +you don't lose the first chunk), and most other cases where PassThrough is +a good idea. -There is a `read()` method, but it's much more efficient to consume -data from this stream via `'data'` events or by calling `pipe()` into -some other stream. Calling `read()` requires the buffer to be -flattened in some cases, which requires copying memory. +There is a `read()` method, but it's much more efficient to consume data +from this stream via `'data'` events or by calling `pipe()` into some other +stream. Calling `read()` requires the buffer to be flattened in some +cases, which requires copying memory. -There is also no `unpipe()` method. Once you start piping, there is -no stopping it! +There is also no `unpipe()` method. Once you start piping, there is no +stopping it! -If you set `objectMode: true` in the options, then whatever is written -will be emitted. Otherwise, it'll do a minimal amount of Buffer -copying to ensure proper Streams semantics when `read(n)` is called. +If you set `objectMode: true` in the options, then whatever is written will +be emitted. Otherwise, it'll do a minimal amount of Buffer copying to +ensure proper Streams semantics when `read(n)` is called. `objectMode` can also be set by doing `stream.objectMode = true`, or by writing any non-string/non-buffer data. `objectMode` cannot be set to false once it is set. -This is not a `through` or `through2` stream. It doesn't transform -the data, it just passes it right through. If you want to transform -the data, extend the class, and override the `write()` method. Once -you're done transforming the data however you want, call -`super.write()` with the transform output. +This is not a `through` or `through2` stream. It doesn't transform the +data, it just passes it right through. If you want to transform the data, +extend the class, and override the `write()` method. Once you're done +transforming the data however you want, call `super.write()` with the +transform output. For some examples of streams that extend Minipass in various ways, check out: @@ -46,6 +46,7 @@ out: - [tap](http://npm.im/tap) - [tap-parser](http://npm.im/tap) - [treport](http://npm.im/tap) +- [minipass-fetch](http://npm.im/minipass-fetch) ## Differences from Node.js Streams @@ -252,7 +253,8 @@ src.pipe(tee) ## USAGE -It's a stream! Use it like a stream and it'll most likely do what you want. +It's a stream! Use it like a stream and it'll most likely do what you +want. ```js const Minipass = require('minipass') @@ -280,31 +282,30 @@ streams. * `write(chunk, [encoding], [callback])` - Put data in. (Note that, in the base Minipass class, the same data will come out.) Returns `false` if - the stream will buffer the next write, or true if it's still in - "flowing" mode. + the stream will buffer the next write, or true if it's still in "flowing" + mode. * `end([chunk, [encoding]], [callback])` - Signal that you have no more data to write. This will queue an `end` event to be fired when all the data has been consumed. -* `setEncoding(encoding)` - Set the encoding for data coming of the - stream. This can only be done once. +* `setEncoding(encoding)` - Set the encoding for data coming of the stream. + This can only be done once. * `pause()` - No more data for a while, please. This also prevents `end` from being emitted for empty streams until the stream is resumed. -* `resume()` - Resume the stream. If there's data in the buffer, it is - all discarded. Any buffered events are immediately emitted. +* `resume()` - Resume the stream. If there's data in the buffer, it is all + discarded. Any buffered events are immediately emitted. * `pipe(dest)` - Send all output to the stream provided. There is no way to unpipe. When data is emitted, it is immediately written to any and all pipe destinations. -* `on(ev, fn)`, `emit(ev, fn)` - Minipass streams are EventEmitters. - Some events are given special treatment, however. (See below under - "events".) +* `on(ev, fn)`, `emit(ev, fn)` - Minipass streams are EventEmitters. Some + events are given special treatment, however. (See below under "events".) * `promise()` - Returns a Promise that resolves when the stream emits `end`, or rejects if the stream emits `error`. * `collect()` - Return a Promise that resolves on `end` with an array - containing each chunk of data that was emitted, or rejects if the - stream emits `error`. Note that this consumes the stream data. -* `concat()` - Same as `collect()`, but concatenates the data into a - single Buffer object. Will reject the returned promise if the stream is - in objectMode, or if it goes into objectMode by the end of the data. + containing each chunk of data that was emitted, or rejects if the stream + emits `error`. Note that this consumes the stream data. +* `concat()` - Same as `collect()`, but concatenates the data into a single + Buffer object. Will reject the returned promise if the stream is in + objectMode, or if it goes into objectMode by the end of the data. * `read(n)` - Consume `n` bytes of data out of the buffer. If `n` is not provided, then consume all of it. If `n` bytes are not available, then it returns null. **Note** consuming streams in this way is less @@ -421,8 +422,8 @@ mp.concat().then(onebigchunk => { ### iteration -You can iterate over streams synchronously or asynchronously in -platforms that support it. +You can iterate over streams synchronously or asynchronously in platforms +that support it. Synchronous iteration will end when the currently available data is consumed, even if the `end` event has not been reached. In string and @@ -430,9 +431,8 @@ buffer mode, the data is concatenated, so unless multiple writes are occurring in the same tick as the `read()`, sync iteration loops will generally only have a single iteration. -To consume chunks in this way exactly as they have been written, with -no flattening, create the stream with the `{ objectMode: true }` -option. +To consume chunks in this way exactly as they have been written, with no +flattening, create the stream with the `{ objectMode: true }` option. ```js const mp = new Minipass({ objectMode: true }) diff --git a/node_modules/pacote/node_modules/minipass/index.js b/node_modules/pacote/node_modules/minipass/index.js index c072352d4..55ea0f3dd 100644 --- a/node_modules/pacote/node_modules/minipass/index.js +++ b/node_modules/pacote/node_modules/minipass/index.js @@ -1,5 +1,6 @@ 'use strict' const EE = require('events') +const Stream = require('stream') const Yallist = require('yallist') const SD = require('string_decoder').StringDecoder @@ -29,12 +30,6 @@ const ASYNCITERATOR = doIter && Symbol.asyncIterator const ITERATOR = doIter && Symbol.iterator || Symbol('iterator not implemented') -// Buffer in node 4.x < 4.5.0 doesn't have working Buffer.from -// or Buffer.alloc, and Buffer in node 10 deprecated the ctor. -// .M, this is fine .\^/M.. -const B = Buffer.alloc ? Buffer - : /* istanbul ignore next */ require('safe-buffer').Buffer - // events that mean 'the stream is over' // these are treated specially, and re-emitted // if they are listened for after emitting. @@ -49,9 +44,9 @@ const isArrayBuffer = b => b instanceof ArrayBuffer || b.constructor.name === 'ArrayBuffer' && b.byteLength >= 0 -const isArrayBufferView = b => !B.isBuffer(b) && ArrayBuffer.isView(b) +const isArrayBufferView = b => !Buffer.isBuffer(b) && ArrayBuffer.isView(b) -module.exports = class Minipass extends EE { +module.exports = class Minipass extends Stream { constructor (options) { super() this[FLOWING] = false @@ -126,11 +121,11 @@ module.exports = class Minipass extends EE { // at some point in the future, we may want to do the opposite! // leave strings and buffers as-is // anything else switches us into object mode - if (!this[OBJECTMODE] && !B.isBuffer(chunk)) { + if (!this[OBJECTMODE] && !Buffer.isBuffer(chunk)) { if (isArrayBufferView(chunk)) - chunk = B.from(chunk.buffer, chunk.byteOffset, chunk.byteLength) + chunk = Buffer.from(chunk.buffer, chunk.byteOffset, chunk.byteLength) else if (isArrayBuffer(chunk)) - chunk = B.from(chunk) + chunk = Buffer.from(chunk) else if (typeof chunk !== 'string') // use the setter so we throw if we have encoding set this.objectMode = true @@ -152,10 +147,10 @@ module.exports = class Minipass extends EE { if (typeof chunk === 'string' && !this[OBJECTMODE] && // unless it is a string already ready for us to use !(encoding === this[ENCODING] && !this[DECODER].lastNeed)) { - chunk = B.from(chunk, encoding) + chunk = Buffer.from(chunk, encoding) } - if (B.isBuffer(chunk) && this[ENCODING]) + if (Buffer.isBuffer(chunk) && this[ENCODING]) chunk = this[DECODER].write(chunk) try { @@ -188,7 +183,7 @@ module.exports = class Minipass extends EE { ]) else this.buffer = new Yallist([ - B.concat(Array.from(this.buffer), this[BUFFERLENGTH]) + Buffer.concat(Array.from(this.buffer), this[BUFFERLENGTH]) ]) } @@ -423,12 +418,17 @@ module.exports = class Minipass extends EE { // const all = await stream.collect() collect () { const buf = [] - buf.dataLength = 0 + if (!this[OBJECTMODE]) + buf.dataLength = 0 + // set the promise first, in case an error is raised + // by triggering the flow here. + const p = this.promise() this.on('data', c => { buf.push(c) - buf.dataLength += c.length + if (!this[OBJECTMODE]) + buf.dataLength += c.length }) - return this.promise().then(() => buf) + return p.then(() => buf) } // const data = await stream.concat() @@ -438,7 +438,7 @@ module.exports = class Minipass extends EE { : this.collect().then(buf => this[OBJECTMODE] ? Promise.reject(new Error('cannot concat in objectMode')) - : this[ENCODING] ? buf.join('') : B.concat(buf, buf.dataLength)) + : this[ENCODING] ? buf.join('') : Buffer.concat(buf, buf.dataLength)) } // stream.promise().then(() => done, er => emitted error) @@ -529,9 +529,10 @@ module.exports = class Minipass extends EE { } static isStream (s) { - return !!s && (s instanceof Minipass || s instanceof EE && ( - typeof s.pipe === 'function' || // readable - (typeof s.write === 'function' && typeof s.end === 'function') // writable - )) + return !!s && (s instanceof Minipass || s instanceof Stream || + s instanceof EE && ( + typeof s.pipe === 'function' || // readable + (typeof s.write === 'function' && typeof s.end === 'function') // writable + )) } } diff --git a/node_modules/pacote/node_modules/minipass/package.json b/node_modules/pacote/node_modules/minipass/package.json index 59adc6352..ef2b18b70 100644 --- a/node_modules/pacote/node_modules/minipass/package.json +++ b/node_modules/pacote/node_modules/minipass/package.json @@ -1,27 +1,27 @@ { - "_from": "minipass@^2.3.5", - "_id": "minipass@2.9.0", + "_from": "minipass@^3.0.1", + "_id": "minipass@3.1.1", "_inBundle": false, - "_integrity": "sha512-wxfUjg9WebH+CUDX/CdbRlh5SmfZiy/hpkxaRI16Y9W56Pa75sWgd/rvFilSgrauD9NyFymP/+JFV3KwzIsJeg==", + "_integrity": "sha512-UFqVihv6PQgwj8/yTGvl9kPz7xIAY+R5z6XYjRInD3Gk3qx6QGSD6zEcpeG4Dy/lQnv1J6zv8ejV90hyYIKf3w==", "_location": "/pacote/minipass", "_phantomChildren": {}, "_requested": { "type": "range", "registry": true, - "raw": "minipass@^2.3.5", + "raw": "minipass@^3.0.1", "name": "minipass", "escapedName": "minipass", - "rawSpec": "^2.3.5", + "rawSpec": "^3.0.1", "saveSpec": null, - "fetchSpec": "^2.3.5" + "fetchSpec": "^3.0.1" }, "_requiredBy": [ "/pacote" ], - "_resolved": "https://registry.npmjs.org/minipass/-/minipass-2.9.0.tgz", - "_shasum": "e713762e7d3e32fed803115cf93e04bca9fcc9a6", - "_spec": "minipass@^2.3.5", - "_where": "/Users/ruyadorno/Documents/workspace/cli/node_modules/pacote", + "_resolved": "https://registry.npmjs.org/minipass/-/minipass-3.1.1.tgz", + "_shasum": "7607ce778472a185ad6d89082aa2070f79cedcd5", + "_spec": "minipass@^3.0.1", + "_where": "/Users/claudiahdz/npm/cli/node_modules/pacote", "author": { "name": "Isaac Z. Schlueter", "email": "i@izs.me", @@ -32,8 +32,7 @@ }, "bundleDependencies": false, "dependencies": { - "safe-buffer": "^5.1.2", - "yallist": "^3.0.0" + "yallist": "^4.0.0" }, "deprecated": false, "description": "minimal implementation of a PassThrough stream", @@ -42,6 +41,9 @@ "tap": "^14.6.5", "through2": "^2.0.3" }, + "engines": { + "node": ">=8" + }, "files": [ "index.js" ], @@ -59,12 +61,12 @@ }, "scripts": { "postpublish": "git push origin --follow-tags", - "postversion": "npm publish", + "postversion": "npm publish --tag=next", "preversion": "npm test", "test": "tap" }, "tap": { "check-coverage": true }, - "version": "2.9.0" + "version": "3.1.1" } diff --git a/node_modules/pacote/node_modules/mkdirp/CHANGELOG.md b/node_modules/pacote/node_modules/mkdirp/CHANGELOG.md new file mode 100644 index 000000000..81458380b --- /dev/null +++ b/node_modules/pacote/node_modules/mkdirp/CHANGELOG.md @@ -0,0 +1,15 @@ +# Changers Lorgs! + +## 1.0 + +Full rewrite. Essentially a brand new module. + +- Return a promise instead of taking a callback. +- Use native `fs.mkdir(path, { recursive: true })` when available. +- Drop support for outdated Node.js versions. (Technically still works on + Node.js v8, but only 10 and above are officially supported.) + +## 0.x + +Original and most widely used recursive directory creation implementation +in JavaScript, dating back to 2010. diff --git a/node_modules/pacote/node_modules/mkdirp/LICENSE b/node_modules/pacote/node_modules/mkdirp/LICENSE new file mode 100644 index 000000000..13fcd15f0 --- /dev/null +++ b/node_modules/pacote/node_modules/mkdirp/LICENSE @@ -0,0 +1,21 @@ +Copyright James Halliday (mail@substack.net) and Isaac Z. Schlueter (i@izs.me) + +This project is free software released under the MIT license: + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in +all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +THE SOFTWARE. diff --git a/node_modules/pacote/node_modules/mkdirp/bin/cmd.js b/node_modules/pacote/node_modules/mkdirp/bin/cmd.js new file mode 100755 index 000000000..6e0aa8dc4 --- /dev/null +++ b/node_modules/pacote/node_modules/mkdirp/bin/cmd.js @@ -0,0 +1,68 @@ +#!/usr/bin/env node + +const usage = () => ` +usage: mkdirp [DIR1,DIR2..] {OPTIONS} + + Create each supplied directory including any necessary parent directories + that don't yet exist. + + If the directory already exists, do nothing. + +OPTIONS are: + + -m<mode> If a directory needs to be created, set the mode as an octal + --mode=<mode> permission string. + + -v --version Print the mkdirp version number + + -h --help Print this helpful banner + + -p --print Print the first directories created for each path provided + + --manual Use manual implementation, even if native is available +` + +const dirs = [] +const opts = {} +let print = false +let dashdash = false +let manual = false +for (const arg of process.argv.slice(2)) { + if (dashdash) + dirs.push(arg) + else if (arg === '--') + dashdash = true + else if (arg === '--manual') + manual = true + else if (/^-h/.test(arg) || /^--help/.test(arg)) { + console.log(usage()) + process.exit(0) + } else if (arg === '-v' || arg === '--version') { + console.log(require('../package.json').version) + process.exit(0) + } else if (arg === '-p' || arg === '--print') { + print = true + } else if (/^-m/.test(arg) || /^--mode=/.test(arg)) { + const mode = parseInt(arg.replace(/^(-m|--mode=)/, ''), 8) + if (isNaN(mode)) { + console.error(`invalid mode argument: ${arg}\nMust be an octal number.`) + process.exit(1) + } + opts.mode = mode + } else + dirs.push(arg) +} + +const mkdirp = require('../') +const impl = manual ? mkdirp.manual : mkdirp +if (dirs.length === 0) + console.error(usage()) + +Promise.all(dirs.map(dir => impl(dir, opts))) + .then(made => print ? made.forEach(m => m && console.log(m)) : null) + .catch(er => { + console.error(er.message) + if (er.code) + console.error(' code: ' + er.code) + process.exit(1) + }) diff --git a/node_modules/pacote/node_modules/mkdirp/index.js b/node_modules/pacote/node_modules/mkdirp/index.js new file mode 100644 index 000000000..ad7a16c9f --- /dev/null +++ b/node_modules/pacote/node_modules/mkdirp/index.js @@ -0,0 +1,31 @@ +const optsArg = require('./lib/opts-arg.js') +const pathArg = require('./lib/path-arg.js') + +const {mkdirpNative, mkdirpNativeSync} = require('./lib/mkdirp-native.js') +const {mkdirpManual, mkdirpManualSync} = require('./lib/mkdirp-manual.js') +const {useNative, useNativeSync} = require('./lib/use-native.js') + + +const mkdirp = (path, opts) => { + path = pathArg(path) + opts = optsArg(opts) + return useNative(opts) + ? mkdirpNative(path, opts) + : mkdirpManual(path, opts) +} + +const mkdirpSync = (path, opts) => { + path = pathArg(path) + opts = optsArg(opts) + return useNativeSync(opts) + ? mkdirpNativeSync(path, opts) + : mkdirpManualSync(path, opts) +} + +mkdirp.sync = mkdirpSync +mkdirp.native = (path, opts) => mkdirpNative(pathArg(path), optsArg(opts)) +mkdirp.manual = (path, opts) => mkdirpManual(pathArg(path), optsArg(opts)) +mkdirp.nativeSync = (path, opts) => mkdirpNativeSync(pathArg(path), optsArg(opts)) +mkdirp.manualSync = (path, opts) => mkdirpManualSync(pathArg(path), optsArg(opts)) + +module.exports = mkdirp diff --git a/node_modules/pacote/node_modules/mkdirp/lib/find-made.js b/node_modules/pacote/node_modules/mkdirp/lib/find-made.js new file mode 100644 index 000000000..022e492c0 --- /dev/null +++ b/node_modules/pacote/node_modules/mkdirp/lib/find-made.js @@ -0,0 +1,29 @@ +const {dirname} = require('path') + +const findMade = (opts, parent, path = undefined) => { + // we never want the 'made' return value to be a root directory + if (path === parent) + return Promise.resolve() + + return opts.statAsync(parent).then( + st => st.isDirectory() ? path : undefined, // will fail later + er => er.code === 'ENOENT' + ? findMade(opts, dirname(parent), parent) + : undefined + ) +} + +const findMadeSync = (opts, parent, path = undefined) => { + if (path === parent) + return undefined + + try { + return opts.statSync(parent).isDirectory() ? path : undefined + } catch (er) { + return er.code === 'ENOENT' + ? findMadeSync(opts, dirname(parent), parent) + : undefined + } +} + +module.exports = {findMade, findMadeSync} diff --git a/node_modules/pacote/node_modules/mkdirp/lib/mkdirp-manual.js b/node_modules/pacote/node_modules/mkdirp/lib/mkdirp-manual.js new file mode 100644 index 000000000..2eb18cd64 --- /dev/null +++ b/node_modules/pacote/node_modules/mkdirp/lib/mkdirp-manual.js @@ -0,0 +1,64 @@ +const {dirname} = require('path') + +const mkdirpManual = (path, opts, made) => { + opts.recursive = false + const parent = dirname(path) + if (parent === path) { + return opts.mkdirAsync(path, opts).catch(er => { + // swallowed by recursive implementation on posix systems + // any other error is a failure + if (er.code !== 'EISDIR') + throw er + }) + } + + return opts.mkdirAsync(path, opts).then(() => made || path, er => { + if (er.code === 'ENOENT') + return mkdirpManual(parent, opts) + .then(made => mkdirpManual(path, opts, made)) + if (er.code !== 'EEXIST' && er.code !== 'EROFS') + throw er + return opts.statAsync(path).then(st => { + if (st.isDirectory()) + return made + else + throw er + }, () => { throw er }) + }) +} + +const mkdirpManualSync = (path, opts, made) => { + const parent = dirname(path) + opts.recursive = false + + if (parent === path) { + try { + return opts.mkdirSync(path, opts) + } catch (er) { + // swallowed by recursive implementation on posix systems + // any other error is a failure + if (er.code !== 'EISDIR') + throw er + else + return + } + } + + try { + opts.mkdirSync(path, opts) + return made || path + } catch (er) { + if (er.code === 'ENOENT') + return mkdirpManualSync(path, opts, mkdirpManualSync(parent, opts, made)) + if (er.code !== 'EEXIST' && er.code !== 'EROFS') + throw er + try { + if (!opts.statSync(path).isDirectory()) + throw er + } catch (_) { + throw er + } + } +} + +module.exports = {mkdirpManual, mkdirpManualSync} diff --git a/node_modules/pacote/node_modules/mkdirp/lib/mkdirp-native.js b/node_modules/pacote/node_modules/mkdirp/lib/mkdirp-native.js new file mode 100644 index 000000000..c7a6b6980 --- /dev/null +++ b/node_modules/pacote/node_modules/mkdirp/lib/mkdirp-native.js @@ -0,0 +1,39 @@ +const {dirname} = require('path') +const {findMade, findMadeSync} = require('./find-made.js') +const {mkdirpManual, mkdirpManualSync} = require('./mkdirp-manual.js') + +const mkdirpNative = (path, opts) => { + opts.recursive = true + const parent = dirname(path) + if (parent === path) + return opts.mkdirAsync(path, opts) + + return findMade(opts, path).then(made => + opts.mkdirAsync(path, opts).then(() => made) + .catch(er => { + if (er.code === 'ENOENT') + return mkdirpManual(path, opts) + else + throw er + })) +} + +const mkdirpNativeSync = (path, opts) => { + opts.recursive = true + const parent = dirname(path) + if (parent === path) + return opts.mkdirSync(path, opts) + + const made = findMadeSync(opts, path) + try { + opts.mkdirSync(path, opts) + return made + } catch (er) { + if (er.code === 'ENOENT') + return mkdirpManualSync(path, opts) + else + throw er + } +} + +module.exports = {mkdirpNative, mkdirpNativeSync} diff --git a/node_modules/pacote/node_modules/mkdirp/lib/opts-arg.js b/node_modules/pacote/node_modules/mkdirp/lib/opts-arg.js new file mode 100644 index 000000000..488bd44c3 --- /dev/null +++ b/node_modules/pacote/node_modules/mkdirp/lib/opts-arg.js @@ -0,0 +1,23 @@ +const { promisify } = require('util') +const fs = require('fs') +const optsArg = opts => { + if (!opts) + opts = { mode: 0o777 & (~process.umask()), fs } + else if (typeof opts === 'object') + opts = { mode: 0o777 & (~process.umask()), fs, ...opts } + else if (typeof opts === 'number') + opts = { mode: opts, fs } + else if (typeof opts === 'string') + opts = { mode: parseInt(opts, 8), fs } + else + throw new TypeError('invalid options argument') + + opts.mkdir = opts.mkdir || opts.fs.mkdir || fs.mkdir + opts.mkdirAsync = promisify(opts.mkdir) + opts.stat = opts.stat || opts.fs.stat || fs.stat + opts.statAsync = promisify(opts.stat) + opts.statSync = opts.statSync || opts.fs.statSync || fs.statSync + opts.mkdirSync = opts.mkdirSync || opts.fs.mkdirSync || fs.mkdirSync + return opts +} +module.exports = optsArg diff --git a/node_modules/pacote/node_modules/mkdirp/lib/path-arg.js b/node_modules/pacote/node_modules/mkdirp/lib/path-arg.js new file mode 100644 index 000000000..cc07de5a6 --- /dev/null +++ b/node_modules/pacote/node_modules/mkdirp/lib/path-arg.js @@ -0,0 +1,29 @@ +const platform = process.env.__TESTING_MKDIRP_PLATFORM__ || process.platform +const { resolve, parse } = require('path') +const pathArg = path => { + if (/\0/.test(path)) { + // simulate same failure that node raises + throw Object.assign( + new TypeError('path must be a string without null bytes'), + { + path, + code: 'ERR_INVALID_ARG_VALUE', + } + ) + } + + path = resolve(path) + if (platform === 'win32') { + const badWinChars = /[*|"<>?:]/ + const {root} = parse(path) + if (badWinChars.test(path.substr(root.length))) { + throw Object.assign(new Error('Illegal characters in path.'), { + path, + code: 'EINVAL', + }) + } + } + + return path +} +module.exports = pathArg diff --git a/node_modules/pacote/node_modules/mkdirp/lib/use-native.js b/node_modules/pacote/node_modules/mkdirp/lib/use-native.js new file mode 100644 index 000000000..079361de1 --- /dev/null +++ b/node_modules/pacote/node_modules/mkdirp/lib/use-native.js @@ -0,0 +1,10 @@ +const fs = require('fs') + +const version = process.env.__TESTING_MKDIRP_NODE_VERSION__ || process.version +const versArr = version.replace(/^v/, '').split('.') +const hasNative = +versArr[0] > 10 || +versArr[0] === 10 && +versArr[1] >= 12 + +const useNative = !hasNative ? () => false : opts => opts.mkdir === fs.mkdir +const useNativeSync = !hasNative ? () => false : opts => opts.mkdirSync === fs.mkdirSync + +module.exports = {useNative, useNativeSync} diff --git a/node_modules/pacote/node_modules/mkdirp/package.json b/node_modules/pacote/node_modules/mkdirp/package.json new file mode 100644 index 000000000..602eb7ed0 --- /dev/null +++ b/node_modules/pacote/node_modules/mkdirp/package.json @@ -0,0 +1,75 @@ +{ + "_from": "mkdirp@^1.0.3", + "_id": "mkdirp@1.0.3", + "_inBundle": false, + "_integrity": "sha512-6uCP4Qc0sWsgMLy1EOqqS/3rjDHOEnsStVr/4vtAIK2Y5i2kA7lFFejYrpIyiN9w0pYf4ckeCYT9f1r1P9KX5g==", + "_location": "/pacote/mkdirp", + "_phantomChildren": {}, + "_requested": { + "type": "range", + "registry": true, + "raw": "mkdirp@^1.0.3", + "name": "mkdirp", + "escapedName": "mkdirp", + "rawSpec": "^1.0.3", + "saveSpec": null, + "fetchSpec": "^1.0.3" + }, + "_requiredBy": [ + "/pacote" + ], + "_resolved": "https://registry.npmjs.org/mkdirp/-/mkdirp-1.0.3.tgz", + "_shasum": "4cf2e30ad45959dddea53ad97d518b6c8205e1ea", + "_spec": "mkdirp@^1.0.3", + "_where": "/Users/claudiahdz/npm/cli/node_modules/pacote", + "bin": { + "mkdirp": "bin/cmd.js" + }, + "bugs": { + "url": "https://github.com/isaacs/node-mkdirp/issues" + }, + "bundleDependencies": false, + "deprecated": false, + "description": "Recursively mkdir, like `mkdir -p`", + "devDependencies": { + "require-inject": "^1.4.4", + "tap": "^14.10.6" + }, + "engines": { + "node": ">=10" + }, + "files": [ + "bin", + "lib", + "index.js" + ], + "homepage": "https://github.com/isaacs/node-mkdirp#readme", + "keywords": [ + "mkdir", + "directory", + "make dir", + "make", + "dir", + "recursive", + "native" + ], + "license": "MIT", + "main": "index.js", + "name": "mkdirp", + "repository": { + "type": "git", + "url": "git+https://github.com/isaacs/node-mkdirp.git" + }, + "scripts": { + "postpublish": "git push origin --follow-tags", + "postversion": "npm publish", + "preversion": "npm test", + "snap": "tap", + "test": "tap" + }, + "tap": { + "check-coverage": true, + "coverage-map": "map.js" + }, + "version": "1.0.3" +} diff --git a/node_modules/pacote/node_modules/mkdirp/readme.markdown b/node_modules/pacote/node_modules/mkdirp/readme.markdown new file mode 100644 index 000000000..827de5905 --- /dev/null +++ b/node_modules/pacote/node_modules/mkdirp/readme.markdown @@ -0,0 +1,266 @@ +# mkdirp + +Like `mkdir -p`, but in Node.js! + +Now with a modern API and no\* bugs! + +<small>\* may contain some bugs</small> + +# example + +## pow.js + +```js +const mkdirp = require('mkdirp') + +// return value is a Promise resolving to the first directory created +mkdirp('/tmp/foo/bar/baz').then(made => + console.log(`made directories, starting with ${made}`)) +``` + +Output (where `/tmp/foo` already exists) + +``` +made directories, starting with /tmp/foo/bar +``` + +Or, if you don't have time to wait around for promises: + +```js +const mkdirp = require('mkdirp') + +// return value is the first directory created +const made = mkdirp.sync('/tmp/foo/bar/baz') +console.log(`made directories, starting with ${made}`) +``` + +And now /tmp/foo/bar/baz exists, huzzah! + +# methods + +```js +const mkdirp = require('mkdirp') +``` + +## mkdirp(dir, [opts]) -> Promise<String | undefined> + +Create a new directory and any necessary subdirectories at `dir` with octal +permission string `opts.mode`. If `opts` is a string or number, it will be +treated as the `opts.mode`. + +If `opts.mode` isn't specified, it defaults to `0o777 & +(~process.umask())`. + +Promise resolves to first directory `made` that had to be created, or +`undefined` if everything already exists. Promise rejects if any errors +are encountered. Note that, in the case of promise rejection, some +directories _may_ have been created, as recursive directory creation is not +an atomic operation. + +You can optionally pass in an alternate `fs` implementation by passing in +`opts.fs`. Your implementation should have `opts.fs.mkdir(path, opts, cb)` +and `opts.fs.stat(path, cb)`. + +You can also override just one or the other of `mkdir` and `stat` by +passing in `opts.stat` or `opts.mkdir`, or providing an `fs` option that +only overrides one of these. + +## mkdirp.sync(dir, opts) -> String|null + +Synchronously create a new directory and any necessary subdirectories at +`dir` with octal permission string `opts.mode`. If `opts` is a string or +number, it will be treated as the `opts.mode`. + +If `opts.mode` isn't specified, it defaults to `0o777 & +(~process.umask())`. + +Returns the first directory that had to be created, or undefined if +everything already exists. + +You can optionally pass in an alternate `fs` implementation by passing in +`opts.fs`. Your implementation should have `opts.fs.mkdirSync(path, mode)` +and `opts.fs.statSync(path)`. + +You can also override just one or the other of `mkdirSync` and `statSync` +by passing in `opts.statSync` or `opts.mkdirSync`, or providing an `fs` +option that only overrides one of these. + +## mkdirp.manual, mkdirp.manualSync + +Use the manual implementation (not the native one). This is the default +when the native implementation is not available or the stat/mkdir +implementation is overridden. + +## mkdirp.native, mkdirp.nativeSync + +Use the native implementation (not the manual one). This is the default +when the native implementation is available and stat/mkdir are not +overridden. + +# implementation + +On Node.js v10.12.0 and above, use the native `fs.mkdir(p, +{recursive:true})` option, unless `fs.mkdir`/`fs.mkdirSync` has been +overridden by an option. + +## native implementation + +- If the path is a root directory, then pass it to the underlying + implementation and return the result/error. (In this case, it'll either + succeed or fail, but we aren't actually creating any dirs.) +- Walk up the path statting each directory, to find the first path that + will be created, `made`. +- Call `fs.mkdir(path, { recursive: true })` (or `fs.mkdirSync`) +- If error, raise it to the caller. +- Return `made`. + +## manual implementation + +- Call underlying `fs.mkdir` implementation, with `recursive: false` +- If error: + - If path is a root directory, raise to the caller and do not handle it + - If ENOENT, mkdirp parent dir, store result as `made` + - stat(path) + - If error, raise original `mkdir` error + - If directory, return `made` + - Else, raise original `mkdir` error +- else + - return `undefined` if a root dir, or `made` if set, or `path` + +## windows vs unix caveat + +On Windows file systems, attempts to create a root directory (ie, a drive +letter or root UNC path) will fail. If the root directory exists, then it +will fail with `EPERM`. If the root directory does not exist, then it will +fail with `ENOENT`. + +On posix file systems, attempts to create a root directory (in recursive +mode) will succeed silently, as it is treated like just another directory +that already exists. (In non-recursive mode, of course, it fails with +`EEXIST`.) + +In order to preserve this system-specific behavior (and because it's not as +if we can create the parent of a root directory anyway), attempts to create +a root directory are passed directly to the `fs` implementation, and any +errors encountered are not handled. + +## native error caveat + +The native implementation (as of at least Node.js v13.4.0) does not provide +appropriate errors in some cases (see +[nodejs/node#31481](https://github.com/nodejs/node/issues/31481) and +[nodejs/node#28015](https://github.com/nodejs/node/issues/28015)). + +In order to work around this issue, the native implementation will fall +back to the manual implementation if an `ENOENT` error is encountered. + +# choosing a recursive mkdir implementation + +There are a few to choose from! Use the one that suits your needs best :D + +## use `fs.mkdir(path, {recursive: true}, cb)` if: + +- You wish to optimize performance even at the expense of other factors. +- You don't need to know the first dir created. +- You are ok with getting `ENOENT` as the error when some other problem is + the actual cause. +- You can limit your platforms to Node.js v10.12 and above. +- You're ok with using callbacks instead of promises. +- You don't need/want a CLI. +- You don't need to override the `fs` methods in use. + +## use this module (mkdirp 1.x) if: + +- You need to know the first directory that was created. +- You wish to use the native implementation if available, but fall back + when it's not. +- You prefer promise-returning APIs to callback-taking APIs. +- You want more useful error messages than the native recursive mkdir + provides (at least as of Node.js v13.4), and are ok with re-trying on + `ENOENT` to achieve this. +- You need (or at least, are ok with) a CLI. +- You need to override the `fs` methods in use. + +## use [`make-dir`](http://npm.im/make-dir) if: + +- You do not need to know the first dir created (and wish to save a few + `stat` calls when using the native implementation for this reason). +- You wish to use the native implementation if available, but fall back + when it's not. +- You prefer promise-returning APIs to callback-taking APIs. +- You are ok with occasionally getting `ENOENT` errors for failures that + are actually related to something other than a missing file system entry. +- You don't need/want a CLI. +- You need to override the `fs` methods in use. + +## use mkdirp 0.x if: + +- You need to know the first directory that was created. +- You need (or at least, are ok with) a CLI. +- You need to override the `fs` methods in use. +- You're ok with using callbacks instead of promises. +- You are not running on Windows, where the root-level ENOENT errors can + lead to infinite regress. +- You think vinyl just sounds warmer and richer for some weird reason. +- You are supporting truly ancient Node.js versions, before even the advent + of a `Promise` language primitive. (Please don't. You deserve better.) + +# cli + +This package also ships with a `mkdirp` command. + +``` +$ mkdirp -h + +usage: mkdirp [DIR1,DIR2..] {OPTIONS} + + Create each supplied directory including any necessary parent directories + that don't yet exist. + + If the directory already exists, do nothing. + +OPTIONS are: + + -m<mode> If a directory needs to be created, set the mode as an octal + --mode=<mode> permission string. + + -v --version Print the mkdirp version number + + -h --help Print this helpful banner + + -p --print Print the first directories created for each path provided + + --manual Use manual implementation, even if native is available +``` + +# install + +With [npm](http://npmjs.org) do: + +``` +npm install mkdirp +``` + +to get the library locally, or + +``` +npm install -g mkdirp +``` + +to get the command everywhere, or + +``` +npx mkdirp ... +``` + +to run the command without installing it globally. + +# platform support + +This module works on node v8, but only v10 and above are officially +supported, as Node v8 reached its LTS end of life 2020-01-01, which is in +the past, as of this writing. + +# license + +MIT diff --git a/node_modules/pacote/node_modules/npm-package-arg/CHANGELOG.md b/node_modules/pacote/node_modules/npm-package-arg/CHANGELOG.md deleted file mode 100644 index 1b3431acc..000000000 --- a/node_modules/pacote/node_modules/npm-package-arg/CHANGELOG.md +++ /dev/null @@ -1,26 +0,0 @@ -# Change Log - -All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines. - -<a name="6.1.1"></a> -## [6.1.1](https://github.com/npm/npm-package-arg/compare/v6.1.0...v6.1.1) (2019-08-21) - - -### Bug Fixes - -* preserve drive letter on windows git file:// urls ([3909203](https://github.com/npm/npm-package-arg/commit/3909203)) - - - -<a name="6.1.0"></a> -# [6.1.0](https://github.com/npm/npm-package-arg/compare/v6.0.0...v6.1.0) (2018-04-10) - - -### Bug Fixes - -* **git:** Fix gitRange for git+ssh for private git ([#33](https://github.com/npm/npm-package-arg/issues/33)) ([647a0b3](https://github.com/npm/npm-package-arg/commit/647a0b3)) - - -### Features - -* **alias:** add `npm:` registry alias spec ([#34](https://github.com/npm/npm-package-arg/issues/34)) ([ab99f8e](https://github.com/npm/npm-package-arg/commit/ab99f8e)) diff --git a/node_modules/pacote/node_modules/npm-package-arg/README.md b/node_modules/pacote/node_modules/npm-package-arg/README.md deleted file mode 100644 index 847341b21..000000000 --- a/node_modules/pacote/node_modules/npm-package-arg/README.md +++ /dev/null @@ -1,83 +0,0 @@ -# npm-package-arg - -[](https://travis-ci.org/npm/npm-package-arg) - -Parses package name and specifier passed to commands like `npm install` or -`npm cache add`, or as found in `package.json` dependency sections. - -## EXAMPLES - -```javascript -var assert = require("assert") -var npa = require("npm-package-arg") - -// Pass in the descriptor, and it'll return an object -try { - var parsed = npa("@bar/foo@1.2") -} catch (ex) { - … -} -``` - -## USING - -`var npa = require('npm-package-arg')` - -### var result = npa(*arg*[, *where*]) - -* *arg* - a string that you might pass to `npm install`, like: -`foo@1.2`, `@bar/foo@1.2`, `foo@user/foo`, `http://x.com/foo.tgz`, -`git+https://github.com/user/foo`, `bitbucket:user/foo`, `foo.tar.gz`, -`../foo/bar/` or `bar`. If the *arg* you provide doesn't have a specifier -part, eg `foo` then the specifier will default to `latest`. -* *where* - Optionally the path to resolve file paths relative to. Defaults to `process.cwd()` - -**Throws** if the package name is invalid, a dist-tag is invalid or a URL's protocol is not supported. - -### var result = npa.resolve(*name*, *spec*[, *where*]) - -* *name* - The name of the module you want to install. For example: `foo` or `@bar/foo`. -* *spec* - The specifier indicating where and how you can get this module. Something like: -`1.2`, `^1.7.17`, `http://x.com/foo.tgz`, `git+https://github.com/user/foo`, -`bitbucket:user/foo`, `file:foo.tar.gz` or `file:../foo/bar/`. If not -included then the default is `latest`. -* *where* - Optionally the path to resolve file paths relative to. Defaults to `process.cwd()` - -**Throws** if the package name is invalid, a dist-tag is invalid or a URL's protocol is not supported. - -## RESULT OBJECT - -The objects that are returned by npm-package-arg contain the following -keys: - -* `type` - One of the following strings: - * `git` - A git repo - * `tag` - A tagged version, like `"foo@latest"` - * `version` - A specific version number, like `"foo@1.2.3"` - * `range` - A version range, like `"foo@2.x"` - * `file` - A local `.tar.gz`, `.tar` or `.tgz` file. - * `directory` - A local directory. - * `remote` - An http url (presumably to a tgz) -* `registry` - If true this specifier refers to a resource hosted on a - registry. This is true for `tag`, `version` and `range` types. -* `name` - If known, the `name` field expected in the resulting pkg. -* `scope` - If a name is something like `@org/module` then the `scope` - field will be set to `@org`. If it doesn't have a scoped name, then - scope is `null`. -* `escapedName` - A version of `name` escaped to match the npm scoped packages - specification. Mostly used when making requests against a registry. When - `name` is `null`, `escapedName` will also be `null`. -* `rawSpec` - The specifier part that was parsed out in calls to `npa(arg)`, - or the value of `spec` in calls to `npa.resolve(name, spec). -* `saveSpec` - The normalized specifier, for saving to package.json files. - `null` for registry dependencies. -* `fetchSpec` - The version of the specifier to be used to fetch this - resource. `null` for shortcuts to hosted git dependencies as there isn't - just one URL to try with them. -* `gitRange` - If set, this is a semver specifier to match against git tags with -* `gitCommittish` - If set, this is the specific committish to use with a git dependency. -* `hosted` - If `from === 'hosted'` then this will be a `hosted-git-info` - object. This property is not included when serializing the object as - JSON. -* `raw` - The original un-modified string that was provided. If called as - `npa.resolve(name, spec)` then this will be `name + '@' + spec`. diff --git a/node_modules/pacote/node_modules/npm-package-arg/npa.js b/node_modules/pacote/node_modules/npm-package-arg/npa.js deleted file mode 100644 index bf2c17cfd..000000000 --- a/node_modules/pacote/node_modules/npm-package-arg/npa.js +++ /dev/null @@ -1,301 +0,0 @@ -'use strict' -module.exports = npa -module.exports.resolve = resolve -module.exports.Result = Result - -let url -let HostedGit -let semver -let path_ -function path () { - if (!path_) path_ = require('path') - return path_ -} -let validatePackageName -let osenv - -const isWindows = process.platform === 'win32' || global.FAKE_WINDOWS -const hasSlashes = isWindows ? /\\|[/]/ : /[/]/ -const isURL = /^(?:git[+])?[a-z]+:/i -const isFilename = /[.](?:tgz|tar.gz|tar)$/i - -function npa (arg, where) { - let name - let spec - if (typeof arg === 'object') { - if (arg instanceof Result && (!where || where === arg.where)) { - return arg - } else if (arg.name && arg.rawSpec) { - return npa.resolve(arg.name, arg.rawSpec, where || arg.where) - } else { - return npa(arg.raw, where || arg.where) - } - } - const nameEndsAt = arg[0] === '@' ? arg.slice(1).indexOf('@') + 1 : arg.indexOf('@') - const namePart = nameEndsAt > 0 ? arg.slice(0, nameEndsAt) : arg - if (isURL.test(arg)) { - spec = arg - } else if (namePart[0] !== '@' && (hasSlashes.test(namePart) || isFilename.test(namePart))) { - spec = arg - } else if (nameEndsAt > 0) { - name = namePart - spec = arg.slice(nameEndsAt + 1) - } else { - if (!validatePackageName) validatePackageName = require('validate-npm-package-name') - const valid = validatePackageName(arg) - if (valid.validForOldPackages) { - name = arg - } else { - spec = arg - } - } - return resolve(name, spec, where, arg) -} - -const isFilespec = isWindows ? /^(?:[.]|~[/]|[/\\]|[a-zA-Z]:)/ : /^(?:[.]|~[/]|[/]|[a-zA-Z]:)/ - -function resolve (name, spec, where, arg) { - const res = new Result({ - raw: arg, - name: name, - rawSpec: spec, - fromArgument: arg != null - }) - - if (name) res.setName(name) - - if (spec && (isFilespec.test(spec) || /^file:/i.test(spec))) { - return fromFile(res, where) - } else if (spec && /^npm:/i.test(spec)) { - return fromAlias(res, where) - } - if (!HostedGit) HostedGit = require('hosted-git-info') - const hosted = HostedGit.fromUrl(spec, {noGitPlus: true, noCommittish: true}) - if (hosted) { - return fromHostedGit(res, hosted) - } else if (spec && isURL.test(spec)) { - return fromURL(res) - } else if (spec && (hasSlashes.test(spec) || isFilename.test(spec))) { - return fromFile(res, where) - } else { - return fromRegistry(res) - } -} - -function invalidPackageName (name, valid) { - const err = new Error(`Invalid package name "${name}": ${valid.errors.join('; ')}`) - err.code = 'EINVALIDPACKAGENAME' - return err -} -function invalidTagName (name) { - const err = new Error(`Invalid tag name "${name}": Tags may not have any characters that encodeURIComponent encodes.`) - err.code = 'EINVALIDTAGNAME' - return err -} - -function Result (opts) { - this.type = opts.type - this.registry = opts.registry - this.where = opts.where - if (opts.raw == null) { - this.raw = opts.name ? opts.name + '@' + opts.rawSpec : opts.rawSpec - } else { - this.raw = opts.raw - } - this.name = undefined - this.escapedName = undefined - this.scope = undefined - this.rawSpec = opts.rawSpec == null ? '' : opts.rawSpec - this.saveSpec = opts.saveSpec - this.fetchSpec = opts.fetchSpec - if (opts.name) this.setName(opts.name) - this.gitRange = opts.gitRange - this.gitCommittish = opts.gitCommittish - this.hosted = opts.hosted -} - -Result.prototype.setName = function (name) { - if (!validatePackageName) validatePackageName = require('validate-npm-package-name') - const valid = validatePackageName(name) - if (!valid.validForOldPackages) { - throw invalidPackageName(name, valid) - } - this.name = name - this.scope = name[0] === '@' ? name.slice(0, name.indexOf('/')) : undefined - // scoped packages in couch must have slash url-encoded, e.g. @foo%2Fbar - this.escapedName = name.replace('/', '%2f') - return this -} - -Result.prototype.toString = function () { - const full = [] - if (this.name != null && this.name !== '') full.push(this.name) - const spec = this.saveSpec || this.fetchSpec || this.rawSpec - if (spec != null && spec !== '') full.push(spec) - return full.length ? full.join('@') : this.raw -} - -Result.prototype.toJSON = function () { - const result = Object.assign({}, this) - delete result.hosted - return result -} - -function setGitCommittish (res, committish) { - if (committish != null && committish.length >= 7 && committish.slice(0, 7) === 'semver:') { - res.gitRange = decodeURIComponent(committish.slice(7)) - res.gitCommittish = null - } else { - res.gitCommittish = committish === '' ? null : committish - } - return res -} - -const isAbsolutePath = /^[/]|^[A-Za-z]:/ - -function resolvePath (where, spec) { - if (isAbsolutePath.test(spec)) return spec - return path().resolve(where, spec) -} - -function isAbsolute (dir) { - if (dir[0] === '/') return true - if (/^[A-Za-z]:/.test(dir)) return true - return false -} - -function fromFile (res, where) { - if (!where) where = process.cwd() - res.type = isFilename.test(res.rawSpec) ? 'file' : 'directory' - res.where = where - - const spec = res.rawSpec.replace(/\\/g, '/') - .replace(/^file:[/]*([A-Za-z]:)/, '$1') // drive name paths on windows - .replace(/^file:(?:[/]*([~./]))?/, '$1') - if (/^~[/]/.test(spec)) { - // this is needed for windows and for file:~/foo/bar - if (!osenv) osenv = require('osenv') - res.fetchSpec = resolvePath(osenv.home(), spec.slice(2)) - res.saveSpec = 'file:' + spec - } else { - res.fetchSpec = resolvePath(where, spec) - if (isAbsolute(spec)) { - res.saveSpec = 'file:' + spec - } else { - res.saveSpec = 'file:' + path().relative(where, res.fetchSpec) - } - } - return res -} - -function fromHostedGit (res, hosted) { - res.type = 'git' - res.hosted = hosted - res.saveSpec = hosted.toString({noGitPlus: false, noCommittish: false}) - res.fetchSpec = hosted.getDefaultRepresentation() === 'shortcut' ? null : hosted.toString() - return setGitCommittish(res, hosted.committish) -} - -function unsupportedURLType (protocol, spec) { - const err = new Error(`Unsupported URL Type "${protocol}": ${spec}`) - err.code = 'EUNSUPPORTEDPROTOCOL' - return err -} - -function matchGitScp (spec) { - // git ssh specifiers are overloaded to also use scp-style git - // specifiers, so we have to parse those out and treat them special. - // They are NOT true URIs, so we can't hand them to `url.parse`. - // - // This regex looks for things that look like: - // git+ssh://git@my.custom.git.com:username/project.git#deadbeef - // - // ...and various combinations. The username in the beginning is *required*. - const matched = spec.match(/^git\+ssh:\/\/([^:#]+:[^#]+(?:\.git)?)(?:#(.*))?$/i) - return matched && !matched[1].match(/:[0-9]+\/?.*$/i) && { - fetchSpec: matched[1], - gitCommittish: matched[2] == null ? null : matched[2] - } -} - -function fromURL (res) { - if (!url) url = require('url') - const urlparse = url.parse(res.rawSpec) - res.saveSpec = res.rawSpec - // check the protocol, and then see if it's git or not - switch (urlparse.protocol) { - case 'git:': - case 'git+http:': - case 'git+https:': - case 'git+rsync:': - case 'git+ftp:': - case 'git+file:': - case 'git+ssh:': - res.type = 'git' - const match = urlparse.protocol === 'git+ssh:' && matchGitScp(res.rawSpec) - if (match) { - setGitCommittish(res, match.gitCommittish) - res.fetchSpec = match.fetchSpec - } else { - setGitCommittish(res, urlparse.hash != null ? urlparse.hash.slice(1) : '') - urlparse.protocol = urlparse.protocol.replace(/^git[+]/, '') - if (urlparse.protocol === 'file:' && /^git\+file:\/\/[a-z]:/i.test(res.rawSpec)) { - // keep the drive letter : on windows file paths - urlparse.host += ':' - urlparse.hostname += ':' - } - delete urlparse.hash - res.fetchSpec = url.format(urlparse) - } - break - case 'http:': - case 'https:': - res.type = 'remote' - res.fetchSpec = res.saveSpec - break - - default: - throw unsupportedURLType(urlparse.protocol, res.rawSpec) - } - - return res -} - -function fromAlias (res, where) { - const subSpec = npa(res.rawSpec.substr(4), where) - if (subSpec.type === 'alias') { - throw new Error('nested aliases not supported') - } - if (!subSpec.registry) { - throw new Error('aliases only work for registry deps') - } - res.subSpec = subSpec - res.registry = true - res.type = 'alias' - res.saveSpec = null - res.fetchSpec = null - return res -} - -function fromRegistry (res) { - res.registry = true - const spec = res.rawSpec === '' ? 'latest' : res.rawSpec - // no save spec for registry components as we save based on the fetched - // version, not on the argument so this can't compute that. - res.saveSpec = null - res.fetchSpec = spec - if (!semver) semver = require('semver') - const version = semver.valid(spec, true) - const range = semver.validRange(spec, true) - if (version) { - res.type = 'version' - } else if (range) { - res.type = 'range' - } else { - if (encodeURIComponent(spec) !== spec) { - throw invalidTagName(spec) - } - res.type = 'tag' - } - return res -} diff --git a/node_modules/pacote/node_modules/npm-package-arg/package.json b/node_modules/pacote/node_modules/npm-package-arg/package.json deleted file mode 100644 index 2c17da851..000000000 --- a/node_modules/pacote/node_modules/npm-package-arg/package.json +++ /dev/null @@ -1,75 +0,0 @@ -{ - "_from": "npm-package-arg@^6.1.0", - "_id": "npm-package-arg@6.1.1", - "_inBundle": false, - "_integrity": "sha512-qBpssaL3IOZWi5vEKUKW0cO7kzLeT+EQO9W8RsLOZf76KF9E/K9+wH0C7t06HXPpaH8WH5xF1MExLuCwbTqRUg==", - "_location": "/pacote/npm-package-arg", - "_phantomChildren": {}, - "_requested": { - "type": "range", - "registry": true, - "raw": "npm-package-arg@^6.1.0", - "name": "npm-package-arg", - "escapedName": "npm-package-arg", - "rawSpec": "^6.1.0", - "saveSpec": null, - "fetchSpec": "^6.1.0" - }, - "_requiredBy": [ - "/pacote", - "/pacote/npm-pick-manifest", - "/pacote/npm-registry-fetch" - ], - "_resolved": "https://registry.npmjs.org/npm-package-arg/-/npm-package-arg-6.1.1.tgz", - "_shasum": "02168cb0a49a2b75bf988a28698de7b529df5cb7", - "_spec": "npm-package-arg@^6.1.0", - "_where": "/Users/claudiahdz/npm/cli/node_modules/pacote", - "author": { - "name": "Isaac Z. Schlueter", - "email": "i@izs.me", - "url": "http://blog.izs.me/" - }, - "bugs": { - "url": "https://github.com/npm/npm-package-arg/issues" - }, - "bundleDependencies": false, - "dependencies": { - "hosted-git-info": "^2.7.1", - "osenv": "^0.1.5", - "semver": "^5.6.0", - "validate-npm-package-name": "^3.0.0" - }, - "deprecated": false, - "description": "Parse the things that can be arguments to `npm install`", - "devDependencies": { - "standard": "^11.0.1", - "standard-version": "^4.4.0", - "tap": "^12.5.0", - "weallbehave": "^1.2.0", - "weallcontribute": "^1.0.8" - }, - "directories": { - "test": "test" - }, - "files": [ - "npa.js" - ], - "homepage": "https://github.com/npm/npm-package-arg", - "license": "ISC", - "main": "npa.js", - "name": "npm-package-arg", - "repository": { - "type": "git", - "url": "git+https://github.com/npm/npm-package-arg.git" - }, - "scripts": { - "postrelease": "npm publish && git push --follow-tags", - "prerelease": "npm t", - "pretest": "standard", - "release": "standard-version -s", - "test": "tap --100 -J --coverage test/*.js", - "update-coc": "weallbehave -o . && git add CODE_OF_CONDUCT.md && git commit -m 'docs(coc): updated CODE_OF_CONDUCT.md'", - "update-contrib": "weallcontribute -o . && git add CONTRIBUTING.md && git commit -m 'docs(contributing): updated CONTRIBUTING.md'" - }, - "version": "6.1.1" -} diff --git a/node_modules/pacote/node_modules/npm-packlist/LICENSE b/node_modules/pacote/node_modules/npm-packlist/LICENSE new file mode 100644 index 000000000..19129e315 --- /dev/null +++ b/node_modules/pacote/node_modules/npm-packlist/LICENSE @@ -0,0 +1,15 @@ +The ISC License + +Copyright (c) Isaac Z. Schlueter and Contributors + +Permission to use, copy, modify, and/or distribute this software for any +purpose with or without fee is hereby granted, provided that the above +copyright notice and this permission notice appear in all copies. + +THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR +IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. diff --git a/node_modules/pacote/node_modules/npm-packlist/README.md b/node_modules/pacote/node_modules/npm-packlist/README.md new file mode 100644 index 000000000..9ec86afcd --- /dev/null +++ b/node_modules/pacote/node_modules/npm-packlist/README.md @@ -0,0 +1,146 @@ +# npm-packlist + +[](https://travis-ci.com/npm/npm-packlist) + +Get a list of the files to add from a folder into an npm package. + +These can be handed to [tar](http://npm.im/tar) like so to make an npm +package tarball: + +```js +const packlist = require('npm-packlist') +const tar = require('tar') +const packageDir = '/path/to/package' +const packageTarball = '/path/to/package.tgz' + +packlist({ path: packageDir }) + .then(files => tar.create({ + prefix: 'package/', + cwd: packageDir, + file: packageTarball, + gzip: true + }, files)) + .then(_ => { + // tarball has been created, continue with your day + }) +``` + +This uses the following rules: + +1. If a `package.json` file is found, and it has a `files` list, + then ignore everything that isn't in `files`. Always include the + readme, license, notice, changes, changelog, and history files, if + they exist, and the package.json file itself. +2. If there's no `package.json` file (or it has no `files` list), and + there is a `.npmignore` file, then ignore all the files in the + `.npmignore` file. +3. If there's no `package.json` with a `files` list, and there's no + `.npmignore` file, but there is a `.gitignore` file, then ignore + all the files in the `.gitignore` file. +4. Everything in the root `node_modules` is ignored, unless it's a + bundled dependency. If it IS a bundled dependency, and it's a + symbolic link, then the target of the link is included, not the + symlink itself. +4. Unless they're explicitly included (by being in a `files` list, or + a `!negated` rule in a relevant `.npmignore` or `.gitignore`), + always ignore certain common cruft files: + + 1. .npmignore and .gitignore files (their effect is in the package + already, there's no need to include them in the package) + 2. editor junk like `.*.swp`, `._*` and `.*.orig` files + 3. `.npmrc` files (these may contain private configs) + 4. The `node_modules/.bin` folder + 5. Waf and gyp cruft like `/build/config.gypi` and `.lock-wscript` + 6. Darwin's `.DS_Store` files because wtf are those even + 7. `npm-debug.log` files at the root of a project + + You can explicitly re-include any of these with a `files` list in + `package.json` or a negated ignore file rule. + +Only the `package.json` file in the very root of the project is ever +inspected for a `files` list. Below the top level of the root package, +`package.json` is treated as just another file, and no package-specific +semantics are applied. + +### Interaction between `package.json` and `.npmignore` rules + +For simplicity, it is best to use _either_ a `files` list in `package.json` +_or_ a `.npmignore` file, and not both. If you only use one of these +methods, you can skip this documentation section. + +The `files` list in `package.json` is used to direct the exploration of the +tree. In other words, that's all the walker will ever look at when +exploring that level. + +In some cases this can lead to a `.npmignore` file being ignored. If a +_directory_ is listed in `files`, then any rules in a root or nested +`.npmignore` files will be honored. + +For example, with this package.json: + +```json +{ + "files": [ "dir" ] +} +``` + +a `.npmignore` file at `dir/.npmignore` (and any subsequent +sub-directories) will be honored. However, a `.npmignore` at the root +level will be skipped. + +Conversely, with this package.json: + +``` +{ + "files": ["dir/subdir"] +} +``` + +a `.npmignore` file at `dir/.npmignore` will not be honored. + +Any specific file matched by a glob or filename in the package.json `files` +list will be included, and cannot be excluded by any `.npmignore` files in +nested directories, or by a `.npmignore` file in the root package +directory, unless that root `.npmignore` file is also in the `files` list. + +The previous (v1) implementation used in npm 6 and below treated +`package.json` as a special sort of "reverse ignore" file. That is, it was +parsed and handled as if it was a `.npmignore` file with `!` prepended to +all of the globs in the `files` list. In order to include children of a +directory listed in `files`, they would _also_ have `/**` appended to them. + +This is tricky to explain, but is a significant improvement over the +previous (v1) implementation used in npm 6 and below, with the following +beneficial properties: + +- If you have `{"files":["lib"]}` in `package.json`, then the walker will + still ignore files such as `lib/.DS_Store` and `lib/.foo.swp`. The + previous implementation would include these files, as they'd be matched + by the computed `!lib/**` ignore rule. +- If you have `{"files":["lib/a.js","lib/b.js"]}` in `package.json`, and a + `lib/.npmignore` containing `a.js`, then the walker will still include + the two files indicated in `package.json`, and ignore the + `lib/.npmignore` file. The previous implementation would mark these + files for inclusion, but then _exclude_ them when it came to the nested + `.npmignore` file. (Ignore file semantics dictate that a "closer" ignore + file always takes precedence.) +- A file in `lib/pkg-template/package.json` will be included, and its + `files` list will not have any bearing on other files being included or + skipped. When treating `package.json` as just Yet Another ignore file, + this was not the case, leading to difficulty for modules that aim to + initialize a project. + +In general, this walk should work as a reasonable developer would expect. +Matching human expectation is tricky business, and if you find cases where +it violates those expectations, [please let us +know](https://github.com/npm/npm-packlist/issues). + +## API + +Same API as [ignore-walk](http://npm.im/ignore-walk), just hard-coded +file list and rule sets. + +The `Walker` and `WalkerSync` classes take a `bundled` argument, which +is a list of package names to include from node_modules. When calling +the top-level `packlist()` and `packlist.sync()` functions, this +module calls into `npm-bundled` directly. diff --git a/node_modules/pacote/node_modules/npm-packlist/bin/index.js b/node_modules/pacote/node_modules/npm-packlist/bin/index.js new file mode 100755 index 000000000..f06feffd9 --- /dev/null +++ b/node_modules/pacote/node_modules/npm-packlist/bin/index.js @@ -0,0 +1,24 @@ +#!/usr/bin/env node + +const dirs = [] +let doSort = false +process.argv.slice(2).forEach(arg => { + if (arg === '-h' || arg === '--help') { + console.log('usage: npm-packlist [-s --sort] [directory, directory, ...]') + process.exit(0) + } else if (arg === '-s' || arg === '--sort') + doSort = true + else + dirs.push(arg) +}) + +const sort = list => doSort ? list.sort((a, b) => a.localeCompare(b)) : list + +const packlist = require('../') +if (!dirs.length) + console.log(sort(packlist.sync({ path: process.cwd() })).join('\n')) +else + dirs.forEach(path => { + console.log(`> ${path}`) + console.log(sort(packlist.sync({ path })).join('\n')) + }) diff --git a/node_modules/pacote/node_modules/npm-packlist/index.js b/node_modules/pacote/node_modules/npm-packlist/index.js new file mode 100644 index 000000000..192f40f61 --- /dev/null +++ b/node_modules/pacote/node_modules/npm-packlist/index.js @@ -0,0 +1,437 @@ +'use strict' + +// Do a two-pass walk, first to get the list of packages that need to be +// bundled, then again to get the actual files and folders. +// Keep a cache of node_modules content and package.json data, so that the +// second walk doesn't have to re-do all the same work. + +const bundleWalk = require('npm-bundled') +const BundleWalker = bundleWalk.BundleWalker +const BundleWalkerSync = bundleWalk.BundleWalkerSync + +const ignoreWalk = require('ignore-walk') +const IgnoreWalker = ignoreWalk.Walker +const IgnoreWalkerSync = ignoreWalk.WalkerSync + +const rootBuiltinRules = Symbol('root-builtin-rules') +const packageNecessaryRules = Symbol('package-necessary-rules') +const path = require('path') + +const normalizePackageBin = require('npm-normalize-package-bin') + +// Weird side-effect of this: a readme (etc) file will be included +// if it exists anywhere within a folder with a package.json file. +// The original intent was only to include these files in the root, +// but now users in the wild are dependent on that behavior for +// localized documentation and other use cases. Adding a `/` to +// these rules, while tempting and arguably more "correct", is a +// significant change that will break existing use cases. +const packageMustHaveFileNames = + 'readme|copying|license|licence|notice|changes|changelog|history' + +const packageMustHaves = `@(${packageMustHaveFileNames}){,.*[^~$]}` +const packageMustHavesRE = new RegExp(`^(${packageMustHaveFileNames})(\\..*[^~\$])?$`, 'i') + +const fs = require('fs') +const glob = require('glob') + +const defaultRules = [ + '.npmignore', + '.gitignore', + '**/.git', + '**/.svn', + '**/.hg', + '**/CVS', + '**/.git/**', + '**/.svn/**', + '**/.hg/**', + '**/CVS/**', + '/.lock-wscript', + '/.wafpickle-*', + '/build/config.gypi', + 'npm-debug.log', + '**/.npmrc', + '.*.swp', + '.DS_Store', + '**/.DS_Store/**', + '._*', + '**/._*/**', + '*.orig', + '/package-lock.json', + '/yarn.lock', + '/archived-packages/**', +] + +// There may be others, but :?|<> are handled by node-tar +const nameIsBadForWindows = file => /\*/.test(file) + +// a decorator that applies our custom rules to an ignore walker +const npmWalker = Class => class Walker extends Class { + constructor (opt) { + opt = opt || {} + + // the order in which rules are applied. + opt.ignoreFiles = [ + rootBuiltinRules, + 'package.json', + '.npmignore', + '.gitignore', + packageNecessaryRules + ] + + opt.includeEmpty = false + opt.path = opt.path || process.cwd() + const dirName = path.basename(opt.path) + const parentName = path.basename(path.dirname(opt.path)) + opt.follow = + dirName === 'node_modules' || + (parentName === 'node_modules' && /^@/.test(dirName)) + super(opt) + + // ignore a bunch of things by default at the root level. + // also ignore anything in node_modules, except bundled dependencies + if (!this.parent) { + this.bundled = opt.bundled || [] + this.bundledScopes = Array.from(new Set( + this.bundled.filter(f => /^@/.test(f)) + .map(f => f.split('/')[0]))) + const rules = defaultRules.join('\n') + '\n' + this.packageJsonCache = opt.packageJsonCache || new Map() + super.onReadIgnoreFile(rootBuiltinRules, rules, _=>_) + } else { + this.bundled = [] + this.bundledScopes = [] + this.packageJsonCache = this.parent.packageJsonCache + } + } + + onReaddir (entries) { + if (!this.parent) { + entries = entries.filter(e => + e !== '.git' && + !(e === 'node_modules' && this.bundled.length === 0) + ) + } + + // if we have a package.json, then look in it for 'files' + // we _only_ do this in the root project, not bundled deps + // or other random folders. Bundled deps are always assumed + // to be in the state the user wants to include them, and + // a package.json somewhere else might be a template or + // test or something else entirely. + if (this.parent || !entries.includes('package.json')) { + return super.onReaddir(entries) + } + + // when the cache has been seeded with the root manifest, + // we must respect that (it may differ from the filesystem) + const ig = path.resolve(this.path, 'package.json') + + if (this.packageJsonCache.has(ig)) { + const pkg = this.packageJsonCache.get(ig) + + // fall back to filesystem when seeded manifest is invalid + if (!pkg || typeof pkg !== 'object') { + return this.readPackageJson(entries) + } + + // feels wonky, but this ensures package bin is _always_ + // normalized, as well as guarding against invalid JSON + return this.getPackageFiles(entries, JSON.stringify(pkg)) + } + + this.readPackageJson(entries) + } + + onReadPackageJson (entries, er, pkg) { + if (er) + this.emit('error', er) + else + this.getPackageFiles(entries, pkg) + } + + mustHaveFilesFromPackage (pkg) { + const files = [] + if (pkg.browser) + files.push('/' + pkg.browser) + if (pkg.main) + files.push('/' + pkg.main) + if (pkg.bin) { + // always an object because normalized already + for (const key in pkg.bin) + files.push('/' + pkg.bin[key]) + } + files.push( + '/package.json', + '/npm-shrinkwrap.json', + '!/package-lock.json', + packageMustHaves, + ) + return files + } + + getPackageFiles (entries, pkg) { + try { + pkg = normalizePackageBin(JSON.parse(pkg.toString())) + } catch (er) { + // not actually a valid package.json + return super.onReaddir(entries) + } + + const ig = path.resolve(this.path, 'package.json') + this.packageJsonCache.set(ig, pkg) + + // no files list, just return the normal readdir() result + if (!Array.isArray(pkg.files)) + return super.onReaddir(entries) + + pkg.files.push(...this.mustHaveFilesFromPackage(pkg)) + + // If the package has a files list, then it's unlikely to include + // node_modules, because why would you do that? but since we use + // the files list as the effective readdir result, that means it + // looks like we don't have a node_modules folder at all unless we + // include it here. + if (pkg.bundleDependencies && entries.includes('node_modules')) + pkg.files.push('node_modules') + + const patterns = Array.from(new Set(pkg.files)).reduce((set, pattern) => { + const excl = pattern.match(/^!+/) + if (excl) + pattern = pattern.substr(excl[0].length) + // strip off any / from the start of the pattern. /foo => foo + pattern = pattern.replace(/^\/+/, '') + // an odd number of ! means a negated pattern. !!foo ==> foo + const negate = excl && excl[0].length % 2 === 1 + set.push({ pattern, negate }) + return set + }, []) + + let n = patterns.length + const set = new Set() + const negates = new Set() + const then = (pattern, negate, er, fileList) => { + if (er) + return this.emit('error', er) + + if (negate) { + fileList.forEach(f => { + set.delete(f) + negates.add(f) + }) + } else { + fileList.forEach(f => { + set.add(f) + negates.delete(f) + }) + } + + if (--n === 0) { + const list = Array.from(set) + // replace the files array with our computed explicit set + pkg.files = list.concat(Array.from(negates).map(f => '!' + f)) + const rdResult = Array.from(new Set( + list.map(f => f.replace(/^\/+/, '')) + )) + super.onReaddir(rdResult) + } + } + + patterns.forEach(({pattern, negate}) => + this.globFiles(pattern, (er, res) => then(pattern, negate, er, res))) + } + + filterEntry (entry, partial) { + // get the partial path from the root of the walk + const p = this.path.substr(this.root.length + 1) + const pkgre = /^node_modules\/(@[^\/]+\/?[^\/]+|[^\/]+)(\/.*)?$/ + const isRoot = !this.parent + const pkg = isRoot && pkgre.test(entry) ? + entry.replace(pkgre, '$1') : null + const rootNM = isRoot && entry === 'node_modules' + const rootPJ = isRoot && entry === 'package.json' + + return ( + // if we're in a bundled package, check with the parent. + /^node_modules($|\/)/i.test(p) ? this.parent.filterEntry( + this.basename + '/' + entry, partial) + + // if package is bundled, all files included + // also include @scope dirs for bundled scoped deps + // they'll be ignored if no files end up in them. + // However, this only matters if we're in the root. + // node_modules folders elsewhere, like lib/node_modules, + // should be included normally unless ignored. + : pkg ? -1 !== this.bundled.indexOf(pkg) || + -1 !== this.bundledScopes.indexOf(pkg) + + // only walk top node_modules if we want to bundle something + : rootNM ? !!this.bundled.length + + // always include package.json at the root. + : rootPJ ? true + + // always include readmes etc in any included dir + : packageMustHavesRE.test(entry) ? true + + // npm-shrinkwrap and package.json always included in the root pkg + : isRoot && (entry === 'npm-shrinkwrap.json' || entry === 'package.json') + ? true + + // package-lock never included + : isRoot && entry === 'package-lock.json' ? false + + // otherwise, follow ignore-walk's logic + : super.filterEntry(entry, partial) + ) + } + + filterEntries () { + if (this.ignoreRules['.npmignore']) + this.ignoreRules['.gitignore'] = null + this.filterEntries = super.filterEntries + super.filterEntries() + } + + addIgnoreFile (file, then) { + const ig = path.resolve(this.path, file) + if (file === 'package.json' && this.parent) + then() + else if (this.packageJsonCache.has(ig)) + this.onPackageJson(ig, this.packageJsonCache.get(ig), then) + else + super.addIgnoreFile(file, then) + } + + onPackageJson (ig, pkg, then) { + this.packageJsonCache.set(ig, pkg) + + if (Array.isArray(pkg.files)) { + // in this case we already included all the must-haves + super.onReadIgnoreFile('package.json', pkg.files.map( + f => '!' + f + ).join('\n') + '\n', then) + } else { + // if there's a bin, browser or main, make sure we don't ignore it + // also, don't ignore the package.json itself, or any files that + // must be included in the package. + const rules = this.mustHaveFilesFromPackage(pkg).map(f => `!${f}`) + const data = rules.join('\n') + '\n' + super.onReadIgnoreFile(packageNecessaryRules, data, then) + } + } + + // override parent stat function to completely skip any filenames + // that will break windows entirely. + // XXX(isaacs) Next major version should make this an error instead. + stat (entry, file, dir, then) { + if (nameIsBadForWindows(entry)) + then() + else + super.stat(entry, file, dir, then) + } + + // override parent onstat function to nix all symlinks + onstat (st, entry, file, dir, then) { + if (st.isSymbolicLink()) + then() + else + super.onstat(st, entry, file, dir, then) + } + + onReadIgnoreFile (file, data, then) { + if (file === 'package.json') { + try { + const ig = path.resolve(this.path, file) + this.onPackageJson(ig, JSON.parse(data), then) + } catch (er) { + // ignore package.json files that are not json + then() + } + } else + super.onReadIgnoreFile(file, data, then) + } + + sort (a, b) { + return sort(a, b) + } +} + +class Walker extends npmWalker(IgnoreWalker) { + globFiles (pattern, cb) { + glob(pattern, { dot: true, cwd: this.path, nocase: true }, cb) + } + + readPackageJson (entries) { + fs.readFile(this.path + '/package.json', (er, pkg) => + this.onReadPackageJson(entries, er, pkg)) + } + + walker (entry, then) { + new Walker(this.walkerOpt(entry)).on('done', then).start() + } +} + +class WalkerSync extends npmWalker(IgnoreWalkerSync) { + globFiles (pattern, cb) { + cb(null, glob.sync(pattern, { dot: true, cwd: this.path, nocase: true })) + } + + readPackageJson (entries) { + const p = this.path + '/package.json' + try { + this.onReadPackageJson(entries, null, fs.readFileSync(p)) + } catch (er) { + this.onReadPackageJson(entries, er) + } + } + + walker (entry, then) { + new WalkerSync(this.walkerOpt(entry)).start() + then() + } +} + +const walk = (options, callback) => { + options = options || {} + const p = new Promise((resolve, reject) => { + const bw = new BundleWalker(options) + bw.on('done', bundled => { + options.bundled = bundled + options.packageJsonCache = bw.packageJsonCache + new Walker(options).on('done', resolve).on('error', reject).start() + }) + bw.start() + }) + return callback ? p.then(res => callback(null, res), callback) : p +} + +const walkSync = options => { + options = options || {} + const bw = new BundleWalkerSync(options).start() + options.bundled = bw.result + options.packageJsonCache = bw.packageJsonCache + const walker = new WalkerSync(options) + walker.start() + return walker.result +} + +// optimize for compressibility +// extname, then basename, then locale alphabetically +// https://twitter.com/isntitvacant/status/1131094910923231232 +const sort = (a, b) => { + const exta = path.extname(a).toLowerCase() + const extb = path.extname(b).toLowerCase() + const basea = path.basename(a).toLowerCase() + const baseb = path.basename(b).toLowerCase() + + return exta.localeCompare(extb) || + basea.localeCompare(baseb) || + a.localeCompare(b) +} + + +module.exports = walk +walk.sync = walkSync +walk.Walker = Walker +walk.WalkerSync = WalkerSync diff --git a/node_modules/pacote/node_modules/npm-packlist/package.json b/node_modules/pacote/node_modules/npm-packlist/package.json new file mode 100644 index 000000000..e92d4a371 --- /dev/null +++ b/node_modules/pacote/node_modules/npm-packlist/package.json @@ -0,0 +1,84 @@ +{ + "_from": "npm-packlist@^2.0.3", + "_id": "npm-packlist@2.1.0", + "_inBundle": false, + "_integrity": "sha512-XXqrT4WXVc8M1cdL7LCOUflEdyvCu9lKmM5j5mFwXAK8hUMRxzClNml8ox2d8YIDhS7p51AP6zYWNsgNiWuSLQ==", + "_location": "/pacote/npm-packlist", + "_phantomChildren": {}, + "_requested": { + "type": "range", + "registry": true, + "raw": "npm-packlist@^2.0.3", + "name": "npm-packlist", + "escapedName": "npm-packlist", + "rawSpec": "^2.0.3", + "saveSpec": null, + "fetchSpec": "^2.0.3" + }, + "_requiredBy": [ + "/pacote" + ], + "_resolved": "https://registry.npmjs.org/npm-packlist/-/npm-packlist-2.1.0.tgz", + "_shasum": "ab9c8de31df6d55b78ae94eb5c47f145bc304dc0", + "_spec": "npm-packlist@^2.0.3", + "_where": "/Users/claudiahdz/npm/cli/node_modules/pacote", + "author": { + "name": "Isaac Z. Schlueter", + "email": "i@izs.me", + "url": "http://blog.izs.me/" + }, + "bin": { + "npm-packlist": "bin/index.js" + }, + "bugs": { + "url": "https://github.com/npm/npm-packlist/issues" + }, + "bundleDependencies": false, + "dependencies": { + "glob": "^7.1.6", + "ignore-walk": "^3.0.3", + "npm-bundled": "^1.0.1", + "npm-normalize-package-bin": "^1.0.1" + }, + "deprecated": false, + "description": "Get a list of the files to add from a folder into an npm package", + "devDependencies": { + "mkdirp": "^0.5.1", + "mutate-fs": "^2.1.1", + "require-inject": "^1.4.4", + "rimraf": "^2.7.1", + "tap": "^14.7.0" + }, + "directories": { + "test": "test" + }, + "engines": { + "node": ">=10" + }, + "files": [ + "index.js" + ], + "homepage": "https://github.com/npm/npm-packlist#readme", + "license": "ISC", + "main": "index.js", + "name": "npm-packlist", + "repository": { + "type": "git", + "url": "git+https://github.com/npm/npm-packlist.git" + }, + "scripts": { + "postpublish": "git push origin --follow-tags", + "postversion": "npm publish", + "preversion": "npm test", + "snap": "tap", + "test": "tap" + }, + "tap": { + "check-coverage": true, + "nyc-arg": [ + "--include=index.js", + "--include=bin/index.js" + ] + }, + "version": "2.1.0" +} diff --git a/node_modules/pacote/node_modules/semver/CHANGELOG.md b/node_modules/pacote/node_modules/semver/CHANGELOG.md new file mode 100644 index 000000000..db6b6d4d5 --- /dev/null +++ b/node_modules/pacote/node_modules/semver/CHANGELOG.md @@ -0,0 +1,85 @@ +# changes log + +## 7.1.0 + +* Add `require('semver/preload')` to load the entire module without using + lazy getter methods. + +## 7.0.0 + +* Refactor module into separate files for better tree-shaking +* Drop support for very old node versions, use const/let, `=>` functions, + and classes. + +## 6.3.0 + +* Expose the token enum on the exports + +## 6.2.0 + +* Coerce numbers to strings when passed to semver.coerce() +* Add `rtl` option to coerce from right to left + +## 6.1.3 + +* Handle X-ranges properly in includePrerelease mode + +## 6.1.2 + +* Do not throw when testing invalid version strings + +## 6.1.1 + +* Add options support for semver.coerce() +* Handle undefined version passed to Range.test + +## 6.1.0 + +* Add semver.compareBuild function +* Support `*` in semver.intersects + +## 6.0 + +* Fix `intersects` logic. + + This is technically a bug fix, but since it is also a change to behavior + that may require users updating their code, it is marked as a major + version increment. + +## 5.7 + +* Add `minVersion` method + +## 5.6 + +* Move boolean `loose` param to an options object, with + backwards-compatibility protection. +* Add ability to opt out of special prerelease version handling with + the `includePrerelease` option flag. + +## 5.5 + +* Add version coercion capabilities + +## 5.4 + +* Add intersection checking + +## 5.3 + +* Add `minSatisfying` method + +## 5.2 + +* Add `prerelease(v)` that returns prerelease components + +## 5.1 + +* Add Backus-Naur for ranges +* Remove excessively cute inspection methods + +## 5.0 + +* Remove AMD/Browserified build artifacts +* Fix ltr and gtr when using the `*` range +* Fix for range `*` with a prerelease identifier diff --git a/node_modules/pacote/node_modules/semver/LICENSE b/node_modules/pacote/node_modules/semver/LICENSE new file mode 100644 index 000000000..19129e315 --- /dev/null +++ b/node_modules/pacote/node_modules/semver/LICENSE @@ -0,0 +1,15 @@ +The ISC License + +Copyright (c) Isaac Z. Schlueter and Contributors + +Permission to use, copy, modify, and/or distribute this software for any +purpose with or without fee is hereby granted, provided that the above +copyright notice and this permission notice appear in all copies. + +THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR +IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. diff --git a/node_modules/pacote/node_modules/semver/README.md b/node_modules/pacote/node_modules/semver/README.md new file mode 100644 index 000000000..9ba40454c --- /dev/null +++ b/node_modules/pacote/node_modules/semver/README.md @@ -0,0 +1,554 @@ +semver(1) -- The semantic versioner for npm +=========================================== + +## Install + +```bash +npm install semver +```` + +## Usage + +As a node module: + +```js +const semver = require('semver') + +semver.valid('1.2.3') // '1.2.3' +semver.valid('a.b.c') // null +semver.clean(' =v1.2.3 ') // '1.2.3' +semver.satisfies('1.2.3', '1.x || >=2.5.0 || 5.0.0 - 7.2.3') // true +semver.gt('1.2.3', '9.8.7') // false +semver.lt('1.2.3', '9.8.7') // true +semver.minVersion('>=1.0.0') // '1.0.0' +semver.valid(semver.coerce('v2')) // '2.0.0' +semver.valid(semver.coerce('42.6.7.9.3-alpha')) // '42.6.7' +``` + +You can also just load the module for the function that you care about, if +you'd like to minimize your footprint. + +```js +// load the whole API at once in a single object +const semver = require('semver') + +// or just load the bits you need +// all of them listed here, just pick and choose what you want + +// classes +const SemVer = require('semver/classes/semver') +const Comparator = require('semver/classes/comparator') +const Range = require('semver/classes/range') + +// functions for working with versions +const semverParse = require('semver/functions/parse') +const semverValid = require('semver/functions/valid') +const semverClean = require('semver/functions/clean') +const semverInc = require('semver/functions/inc') +const semverDiff = require('semver/functions/diff') +const semverMajor = require('semver/functions/major') +const semverMinor = require('semver/functions/minor') +const semverPatch = require('semver/functions/patch') +const semverPrerelease = require('semver/functions/prerelease') +const semverCompare = require('semver/functions/compare') +const semverRcompare = require('semver/functions/rcompare') +const semverCompareLoose = require('semver/functions/compare-loose') +const semverCompareBuild = require('semver/functions/compare-build') +const semverSort = require('semver/functions/sort') +const semverRsort = require('semver/functions/rsort') + +// low-level comparators between versions +const semverGt = require('semver/functions/gt') +const semverLt = require('semver/functions/lt') +const semverEq = require('semver/functions/eq') +const semverNeq = require('semver/functions/neq') +const semverGte = require('semver/functions/gte') +const semverLte = require('semver/functions/lte') +const semverCmp = require('semver/functions/cmp') +const semverCoerce = require('semver/functions/coerce') + +// working with ranges +const semverSatisfies = require('semver/functions/satisfies') +const semverMaxSatisfying = require('semver/ranges/max-satisfying') +const semverMinSatisfying = require('semver/ranges/min-satisfying') +const semverToComparators = require('semver/ranges/to-comparators') +const semverMinVersion = require('semver/ranges/min-version') +const semverValidRange = require('semver/ranges/valid') +const semverOutside = require('semver/ranges/outside') +const semverGtr = require('semver/ranges/gtr') +const semverLtr = require('semver/ranges/ltr') +const semverIntersects = require('semver/ranges/intersects') +``` + +As a command-line utility: + +``` +$ semver -h + +A JavaScript implementation of the https://semver.org/ specification +Copyright Isaac Z. Schlueter + +Usage: semver [options] <version> [<version> [...]] +Prints valid versions sorted by SemVer precedence + +Options: +-r --range <range> + Print versions that match the specified range. + +-i --increment [<level>] + Increment a version by the specified level. Level can + be one of: major, minor, patch, premajor, preminor, + prepatch, or prerelease. Default level is 'patch'. + Only one version may be specified. + +--preid <identifier> + Identifier to be used to prefix premajor, preminor, + prepatch or prerelease version increments. + +-l --loose + Interpret versions and ranges loosely + +-p --include-prerelease + Always include prerelease versions in range matching + +-c --coerce + Coerce a string into SemVer if possible + (does not imply --loose) + +--rtl + Coerce version strings right to left + +--ltr + Coerce version strings left to right (default) + +Program exits successfully if any valid version satisfies +all supplied ranges, and prints all satisfying versions. + +If no satisfying versions are found, then exits failure. + +Versions are printed in ascending order, so supplying +multiple versions to the utility will just sort them. +``` + +## Versions + +A "version" is described by the `v2.0.0` specification found at +<https://semver.org/>. + +A leading `"="` or `"v"` character is stripped off and ignored. + +## Ranges + +A `version range` is a set of `comparators` which specify versions +that satisfy the range. + +A `comparator` is composed of an `operator` and a `version`. The set +of primitive `operators` is: + +* `<` Less than +* `<=` Less than or equal to +* `>` Greater than +* `>=` Greater than or equal to +* `=` Equal. If no operator is specified, then equality is assumed, + so this operator is optional, but MAY be included. + +For example, the comparator `>=1.2.7` would match the versions +`1.2.7`, `1.2.8`, `2.5.3`, and `1.3.9`, but not the versions `1.2.6` +or `1.1.0`. + +Comparators can be joined by whitespace to form a `comparator set`, +which is satisfied by the **intersection** of all of the comparators +it includes. + +A range is composed of one or more comparator sets, joined by `||`. A +version matches a range if and only if every comparator in at least +one of the `||`-separated comparator sets is satisfied by the version. + +For example, the range `>=1.2.7 <1.3.0` would match the versions +`1.2.7`, `1.2.8`, and `1.2.99`, but not the versions `1.2.6`, `1.3.0`, +or `1.1.0`. + +The range `1.2.7 || >=1.2.9 <2.0.0` would match the versions `1.2.7`, +`1.2.9`, and `1.4.6`, but not the versions `1.2.8` or `2.0.0`. + +### Prerelease Tags + +If a version has a prerelease tag (for example, `1.2.3-alpha.3`) then +it will only be allowed to satisfy comparator sets if at least one +comparator with the same `[major, minor, patch]` tuple also has a +prerelease tag. + +For example, the range `>1.2.3-alpha.3` would be allowed to match the +version `1.2.3-alpha.7`, but it would *not* be satisfied by +`3.4.5-alpha.9`, even though `3.4.5-alpha.9` is technically "greater +than" `1.2.3-alpha.3` according to the SemVer sort rules. The version +range only accepts prerelease tags on the `1.2.3` version. The +version `3.4.5` *would* satisfy the range, because it does not have a +prerelease flag, and `3.4.5` is greater than `1.2.3-alpha.7`. + +The purpose for this behavior is twofold. First, prerelease versions +frequently are updated very quickly, and contain many breaking changes +that are (by the author's design) not yet fit for public consumption. +Therefore, by default, they are excluded from range matching +semantics. + +Second, a user who has opted into using a prerelease version has +clearly indicated the intent to use *that specific* set of +alpha/beta/rc versions. By including a prerelease tag in the range, +the user is indicating that they are aware of the risk. However, it +is still not appropriate to assume that they have opted into taking a +similar risk on the *next* set of prerelease versions. + +Note that this behavior can be suppressed (treating all prerelease +versions as if they were normal versions, for the purpose of range +matching) by setting the `includePrerelease` flag on the options +object to any +[functions](https://github.com/npm/node-semver#functions) that do +range matching. + +#### Prerelease Identifiers + +The method `.inc` takes an additional `identifier` string argument that +will append the value of the string as a prerelease identifier: + +```javascript +semver.inc('1.2.3', 'prerelease', 'beta') +// '1.2.4-beta.0' +``` + +command-line example: + +```bash +$ semver 1.2.3 -i prerelease --preid beta +1.2.4-beta.0 +``` + +Which then can be used to increment further: + +```bash +$ semver 1.2.4-beta.0 -i prerelease +1.2.4-beta.1 +``` + +### Advanced Range Syntax + +Advanced range syntax desugars to primitive comparators in +deterministic ways. + +Advanced ranges may be combined in the same way as primitive +comparators using white space or `||`. + +#### Hyphen Ranges `X.Y.Z - A.B.C` + +Specifies an inclusive set. + +* `1.2.3 - 2.3.4` := `>=1.2.3 <=2.3.4` + +If a partial version is provided as the first version in the inclusive +range, then the missing pieces are replaced with zeroes. + +* `1.2 - 2.3.4` := `>=1.2.0 <=2.3.4` + +If a partial version is provided as the second version in the +inclusive range, then all versions that start with the supplied parts +of the tuple are accepted, but nothing that would be greater than the +provided tuple parts. + +* `1.2.3 - 2.3` := `>=1.2.3 <2.4.0` +* `1.2.3 - 2` := `>=1.2.3 <3.0.0` + +#### X-Ranges `1.2.x` `1.X` `1.2.*` `*` + +Any of `X`, `x`, or `*` may be used to "stand in" for one of the +numeric values in the `[major, minor, patch]` tuple. + +* `*` := `>=0.0.0` (Any version satisfies) +* `1.x` := `>=1.0.0 <2.0.0` (Matching major version) +* `1.2.x` := `>=1.2.0 <1.3.0` (Matching major and minor versions) + +A partial version range is treated as an X-Range, so the special +character is in fact optional. + +* `""` (empty string) := `*` := `>=0.0.0` +* `1` := `1.x.x` := `>=1.0.0 <2.0.0` +* `1.2` := `1.2.x` := `>=1.2.0 <1.3.0` + +#### Tilde Ranges `~1.2.3` `~1.2` `~1` + +Allows patch-level changes if a minor version is specified on the +comparator. Allows minor-level changes if not. + +* `~1.2.3` := `>=1.2.3 <1.(2+1).0` := `>=1.2.3 <1.3.0` +* `~1.2` := `>=1.2.0 <1.(2+1).0` := `>=1.2.0 <1.3.0` (Same as `1.2.x`) +* `~1` := `>=1.0.0 <(1+1).0.0` := `>=1.0.0 <2.0.0` (Same as `1.x`) +* `~0.2.3` := `>=0.2.3 <0.(2+1).0` := `>=0.2.3 <0.3.0` +* `~0.2` := `>=0.2.0 <0.(2+1).0` := `>=0.2.0 <0.3.0` (Same as `0.2.x`) +* `~0` := `>=0.0.0 <(0+1).0.0` := `>=0.0.0 <1.0.0` (Same as `0.x`) +* `~1.2.3-beta.2` := `>=1.2.3-beta.2 <1.3.0` Note that prereleases in + the `1.2.3` version will be allowed, if they are greater than or + equal to `beta.2`. So, `1.2.3-beta.4` would be allowed, but + `1.2.4-beta.2` would not, because it is a prerelease of a + different `[major, minor, patch]` tuple. + +#### Caret Ranges `^1.2.3` `^0.2.5` `^0.0.4` + +Allows changes that do not modify the left-most non-zero element in the +`[major, minor, patch]` tuple. In other words, this allows patch and +minor updates for versions `1.0.0` and above, patch updates for +versions `0.X >=0.1.0`, and *no* updates for versions `0.0.X`. + +Many authors treat a `0.x` version as if the `x` were the major +"breaking-change" indicator. + +Caret ranges are ideal when an author may make breaking changes +between `0.2.4` and `0.3.0` releases, which is a common practice. +However, it presumes that there will *not* be breaking changes between +`0.2.4` and `0.2.5`. It allows for changes that are presumed to be +additive (but non-breaking), according to commonly observed practices. + +* `^1.2.3` := `>=1.2.3 <2.0.0` +* `^0.2.3` := `>=0.2.3 <0.3.0` +* `^0.0.3` := `>=0.0.3 <0.0.4` +* `^1.2.3-beta.2` := `>=1.2.3-beta.2 <2.0.0` Note that prereleases in + the `1.2.3` version will be allowed, if they are greater than or + equal to `beta.2`. So, `1.2.3-beta.4` would be allowed, but + `1.2.4-beta.2` would not, because it is a prerelease of a + different `[major, minor, patch]` tuple. +* `^0.0.3-beta` := `>=0.0.3-beta <0.0.4` Note that prereleases in the + `0.0.3` version *only* will be allowed, if they are greater than or + equal to `beta`. So, `0.0.3-pr.2` would be allowed. + +When parsing caret ranges, a missing `patch` value desugars to the +number `0`, but will allow flexibility within that value, even if the +major and minor versions are both `0`. + +* `^1.2.x` := `>=1.2.0 <2.0.0` +* `^0.0.x` := `>=0.0.0 <0.1.0` +* `^0.0` := `>=0.0.0 <0.1.0` + +A missing `minor` and `patch` values will desugar to zero, but also +allow flexibility within those values, even if the major version is +zero. + +* `^1.x` := `>=1.0.0 <2.0.0` +* `^0.x` := `>=0.0.0 <1.0.0` + +### Range Grammar + +Putting all this together, here is a Backus-Naur grammar for ranges, +for the benefit of parser authors: + +```bnf +range-set ::= range ( logical-or range ) * +logical-or ::= ( ' ' ) * '||' ( ' ' ) * +range ::= hyphen | simple ( ' ' simple ) * | '' +hyphen ::= partial ' - ' partial +simple ::= primitive | partial | tilde | caret +primitive ::= ( '<' | '>' | '>=' | '<=' | '=' ) partial +partial ::= xr ( '.' xr ( '.' xr qualifier ? )? )? +xr ::= 'x' | 'X' | '*' | nr +nr ::= '0' | ['1'-'9'] ( ['0'-'9'] ) * +tilde ::= '~' partial +caret ::= '^' partial +qualifier ::= ( '-' pre )? ( '+' build )? +pre ::= parts +build ::= parts +parts ::= part ( '.' part ) * +part ::= nr | [-0-9A-Za-z]+ +``` + +## Functions + +All methods and classes take a final `options` object argument. All +options in this object are `false` by default. The options supported +are: + +- `loose` Be more forgiving about not-quite-valid semver strings. + (Any resulting output will always be 100% strict compliant, of + course.) For backwards compatibility reasons, if the `options` + argument is a boolean value instead of an object, it is interpreted + to be the `loose` param. +- `includePrerelease` Set to suppress the [default + behavior](https://github.com/npm/node-semver#prerelease-tags) of + excluding prerelease tagged versions from ranges unless they are + explicitly opted into. + +Strict-mode Comparators and Ranges will be strict about the SemVer +strings that they parse. + +* `valid(v)`: Return the parsed version, or null if it's not valid. +* `inc(v, release)`: Return the version incremented by the release + type (`major`, `premajor`, `minor`, `preminor`, `patch`, + `prepatch`, or `prerelease`), or null if it's not valid + * `premajor` in one call will bump the version up to the next major + version and down to a prerelease of that major version. + `preminor`, and `prepatch` work the same way. + * If called from a non-prerelease version, the `prerelease` will work the + same as `prepatch`. It increments the patch version, then makes a + prerelease. If the input version is already a prerelease it simply + increments it. +* `prerelease(v)`: Returns an array of prerelease components, or null + if none exist. Example: `prerelease('1.2.3-alpha.1') -> ['alpha', 1]` +* `major(v)`: Return the major version number. +* `minor(v)`: Return the minor version number. +* `patch(v)`: Return the patch version number. +* `intersects(r1, r2, loose)`: Return true if the two supplied ranges + or comparators intersect. +* `parse(v)`: Attempt to parse a string as a semantic version, returning either + a `SemVer` object or `null`. + +### Comparison + +* `gt(v1, v2)`: `v1 > v2` +* `gte(v1, v2)`: `v1 >= v2` +* `lt(v1, v2)`: `v1 < v2` +* `lte(v1, v2)`: `v1 <= v2` +* `eq(v1, v2)`: `v1 == v2` This is true if they're logically equivalent, + even if they're not the exact same string. You already know how to + compare strings. +* `neq(v1, v2)`: `v1 != v2` The opposite of `eq`. +* `cmp(v1, comparator, v2)`: Pass in a comparison string, and it'll call + the corresponding function above. `"==="` and `"!=="` do simple + string comparison, but are included for completeness. Throws if an + invalid comparison string is provided. +* `compare(v1, v2)`: Return `0` if `v1 == v2`, or `1` if `v1` is greater, or `-1` if + `v2` is greater. Sorts in ascending order if passed to `Array.sort()`. +* `rcompare(v1, v2)`: The reverse of compare. Sorts an array of versions + in descending order when passed to `Array.sort()`. +* `compareBuild(v1, v2)`: The same as `compare` but considers `build` when two versions + are equal. Sorts in ascending order if passed to `Array.sort()`. + `v2` is greater. Sorts in ascending order if passed to `Array.sort()`. +* `diff(v1, v2)`: Returns difference between two versions by the release type + (`major`, `premajor`, `minor`, `preminor`, `patch`, `prepatch`, or `prerelease`), + or null if the versions are the same. + +### Comparators + +* `intersects(comparator)`: Return true if the comparators intersect + +### Ranges + +* `validRange(range)`: Return the valid range or null if it's not valid +* `satisfies(version, range)`: Return true if the version satisfies the + range. +* `maxSatisfying(versions, range)`: Return the highest version in the list + that satisfies the range, or `null` if none of them do. +* `minSatisfying(versions, range)`: Return the lowest version in the list + that satisfies the range, or `null` if none of them do. +* `minVersion(range)`: Return the lowest version that can possibly match + the given range. +* `gtr(version, range)`: Return `true` if version is greater than all the + versions possible in the range. +* `ltr(version, range)`: Return `true` if version is less than all the + versions possible in the range. +* `outside(version, range, hilo)`: Return true if the version is outside + the bounds of the range in either the high or low direction. The + `hilo` argument must be either the string `'>'` or `'<'`. (This is + the function called by `gtr` and `ltr`.) +* `intersects(range)`: Return true if any of the ranges comparators intersect + +Note that, since ranges may be non-contiguous, a version might not be +greater than a range, less than a range, *or* satisfy a range! For +example, the range `1.2 <1.2.9 || >2.0.0` would have a hole from `1.2.9` +until `2.0.0`, so the version `1.2.10` would not be greater than the +range (because `2.0.1` satisfies, which is higher), nor less than the +range (since `1.2.8` satisfies, which is lower), and it also does not +satisfy the range. + +If you want to know if a version satisfies or does not satisfy a +range, use the `satisfies(version, range)` function. + +### Coercion + +* `coerce(version, options)`: Coerces a string to semver if possible + +This aims to provide a very forgiving translation of a non-semver string to +semver. It looks for the first digit in a string, and consumes all +remaining characters which satisfy at least a partial semver (e.g., `1`, +`1.2`, `1.2.3`) up to the max permitted length (256 characters). Longer +versions are simply truncated (`4.6.3.9.2-alpha2` becomes `4.6.3`). All +surrounding text is simply ignored (`v3.4 replaces v3.3.1` becomes +`3.4.0`). Only text which lacks digits will fail coercion (`version one` +is not valid). The maximum length for any semver component considered for +coercion is 16 characters; longer components will be ignored +(`10000000000000000.4.7.4` becomes `4.7.4`). The maximum value for any +semver component is `Number.MAX_SAFE_INTEGER || (2**53 - 1)`; higher value +components are invalid (`9999999999999999.4.7.4` is likely invalid). + +If the `options.rtl` flag is set, then `coerce` will return the right-most +coercible tuple that does not share an ending index with a longer coercible +tuple. For example, `1.2.3.4` will return `2.3.4` in rtl mode, not +`4.0.0`. `1.2.3/4` will return `4.0.0`, because the `4` is not a part of +any other overlapping SemVer tuple. + +### Clean + +* `clean(version)`: Clean a string to be a valid semver if possible + +This will return a cleaned and trimmed semver version. If the provided +version is not valid a null will be returned. This does not work for +ranges. + +ex. +* `s.clean(' = v 2.1.5foo')`: `null` +* `s.clean(' = v 2.1.5foo', { loose: true })`: `'2.1.5-foo'` +* `s.clean(' = v 2.1.5-foo')`: `null` +* `s.clean(' = v 2.1.5-foo', { loose: true })`: `'2.1.5-foo'` +* `s.clean('=v2.1.5')`: `'2.1.5'` +* `s.clean(' =v2.1.5')`: `2.1.5` +* `s.clean(' 2.1.5 ')`: `'2.1.5'` +* `s.clean('~1.0.0')`: `null` + +## Exported Modules + +<!-- +TODO: Make sure that all of these items are documented (classes aren't, +eg), and then pull the module name into the documentation for that specific +thing. +--> + +You may pull in just the part of this semver utility that you need, if you +are sensitive to packing and tree-shaking concerns. The main +`require('semver')` export uses getter functions to lazily load the parts +of the API that are used. + +The following modules are available: + +* `require('semver')` +* `require('semver/classes')` +* `require('semver/classes/comparator')` +* `require('semver/classes/range')` +* `require('semver/classes/semver')` +* `require('semver/functions/clean')` +* `require('semver/functions/cmp')` +* `require('semver/functions/coerce')` +* `require('semver/functions/compare')` +* `require('semver/functions/compare-build')` +* `require('semver/functions/compare-loose')` +* `require('semver/functions/diff')` +* `require('semver/functions/eq')` +* `require('semver/functions/gt')` +* `require('semver/functions/gte')` +* `require('semver/functions/inc')` +* `require('semver/functions/lt')` +* `require('semver/functions/lte')` +* `require('semver/functions/major')` +* `require('semver/functions/minor')` +* `require('semver/functions/neq')` +* `require('semver/functions/parse')` +* `require('semver/functions/patch')` +* `require('semver/functions/prerelease')` +* `require('semver/functions/rcompare')` +* `require('semver/functions/rsort')` +* `require('semver/functions/satisfies')` +* `require('semver/functions/sort')` +* `require('semver/functions/valid')` +* `require('semver/ranges/gtr')` +* `require('semver/ranges/intersects')` +* `require('semver/ranges/ltr')` +* `require('semver/ranges/max-satisfying')` +* `require('semver/ranges/min-satisfying')` +* `require('semver/ranges/min-version')` +* `require('semver/ranges/outside')` +* `require('semver/ranges/to-comparators')` +* `require('semver/ranges/valid')` diff --git a/node_modules/pacote/node_modules/semver/bin/semver.js b/node_modules/pacote/node_modules/semver/bin/semver.js new file mode 100755 index 000000000..73fe29538 --- /dev/null +++ b/node_modules/pacote/node_modules/semver/bin/semver.js @@ -0,0 +1,173 @@ +#!/usr/bin/env node +// Standalone semver comparison program. +// Exits successfully and prints matching version(s) if +// any supplied version is valid and passes all tests. + +const argv = process.argv.slice(2) + +let versions = [] + +const range = [] + +let inc = null + +const version = require('../package.json').version + +let loose = false + +let includePrerelease = false + +let coerce = false + +let rtl = false + +let identifier + +const semver = require('../') + +let reverse = false + +const options = {} + +const main = () => { + if (!argv.length) return help() + while (argv.length) { + let a = argv.shift() + const indexOfEqualSign = a.indexOf('=') + if (indexOfEqualSign !== -1) { + a = a.slice(0, indexOfEqualSign) + argv.unshift(a.slice(indexOfEqualSign + 1)) + } + switch (a) { + case '-rv': case '-rev': case '--rev': case '--reverse': + reverse = true + break + case '-l': case '--loose': + loose = true + break + case '-p': case '--include-prerelease': + includePrerelease = true + break + case '-v': case '--version': + versions.push(argv.shift()) + break + case '-i': case '--inc': case '--increment': + switch (argv[0]) { + case 'major': case 'minor': case 'patch': case 'prerelease': + case 'premajor': case 'preminor': case 'prepatch': + inc = argv.shift() + break + default: + inc = 'patch' + break + } + break + case '--preid': + identifier = argv.shift() + break + case '-r': case '--range': + range.push(argv.shift()) + break + case '-c': case '--coerce': + coerce = true + break + case '--rtl': + rtl = true + break + case '--ltr': + rtl = false + break + case '-h': case '--help': case '-?': + return help() + default: + versions.push(a) + break + } + } + + const options = { loose: loose, includePrerelease: includePrerelease, rtl: rtl } + + versions = versions.map((v) => { + return coerce ? (semver.coerce(v, options) || { version: v }).version : v + }).filter((v) => { + return semver.valid(v) + }) + if (!versions.length) return fail() + if (inc && (versions.length !== 1 || range.length)) { return failInc() } + + for (let i = 0, l = range.length; i < l; i++) { + versions = versions.filter((v) => { + return semver.satisfies(v, range[i], options) + }) + if (!versions.length) return fail() + } + return success(versions) +} + + +const failInc = () => { + console.error('--inc can only be used on a single version with no range') + fail() +} + +const fail = () => process.exit(1) + +const success = () => { + const compare = reverse ? 'rcompare' : 'compare' + versions.sort((a, b) => { + return semver[compare](a, b, options) + }).map((v) => { + return semver.clean(v, options) + }).map((v) => { + return inc ? semver.inc(v, inc, options, identifier) : v + }).forEach((v, i, _) => { console.log(v) }) +} + +const help = () => console.log( +`SemVer ${version} + +A JavaScript implementation of the https://semver.org/ specification +Copyright Isaac Z. Schlueter + +Usage: semver [options] <version> [<version> [...]] +Prints valid versions sorted by SemVer precedence + +Options: +-r --range <range> + Print versions that match the specified range. + +-i --increment [<level>] + Increment a version by the specified level. Level can + be one of: major, minor, patch, premajor, preminor, + prepatch, or prerelease. Default level is 'patch'. + Only one version may be specified. + +--preid <identifier> + Identifier to be used to prefix premajor, preminor, + prepatch or prerelease version increments. + +-l --loose + Interpret versions and ranges loosely + +-p --include-prerelease + Always include prerelease versions in range matching + +-c --coerce + Coerce a string into SemVer if possible + (does not imply --loose) + +--rtl + Coerce version strings right to left + +--ltr + Coerce version strings left to right (default) + +Program exits successfully if any valid version satisfies +all supplied ranges, and prints all satisfying versions. + +If no satisfying versions are found, then exits failure. + +Versions are printed in ascending order, so supplying +multiple versions to the utility will just sort them.`) + +main() diff --git a/node_modules/pacote/node_modules/semver/classes/comparator.js b/node_modules/pacote/node_modules/semver/classes/comparator.js new file mode 100644 index 000000000..3595792d0 --- /dev/null +++ b/node_modules/pacote/node_modules/semver/classes/comparator.js @@ -0,0 +1,139 @@ +const ANY = Symbol('SemVer ANY') +// hoisted class for cyclic dependency +class Comparator { + static get ANY () { + return ANY + } + constructor (comp, options) { + if (!options || typeof options !== 'object') { + options = { + loose: !!options, + includePrerelease: false + } + } + + if (comp instanceof Comparator) { + if (comp.loose === !!options.loose) { + return comp + } else { + comp = comp.value + } + } + + debug('comparator', comp, options) + this.options = options + this.loose = !!options.loose + this.parse(comp) + + if (this.semver === ANY) { + this.value = '' + } else { + this.value = this.operator + this.semver.version + } + + debug('comp', this) + } + + parse (comp) { + const r = this.options.loose ? re[t.COMPARATORLOOSE] : re[t.COMPARATOR] + const m = comp.match(r) + + if (!m) { + throw new TypeError(`Invalid comparator: ${comp}`) + } + + this.operator = m[1] !== undefined ? m[1] : '' + if (this.operator === '=') { + this.operator = '' + } + + // if it literally is just '>' or '' then allow anything. + if (!m[2]) { + this.semver = ANY + } else { + this.semver = new SemVer(m[2], this.options.loose) + } + } + + toString () { + return this.value + } + + test (version) { + debug('Comparator.test', version, this.options.loose) + + if (this.semver === ANY || version === ANY) { + return true + } + + if (typeof version === 'string') { + try { + version = new SemVer(version, this.options) + } catch (er) { + return false + } + } + + return cmp(version, this.operator, this.semver, this.options) + } + + intersects (comp, options) { + if (!(comp instanceof Comparator)) { + throw new TypeError('a Comparator is required') + } + + if (!options || typeof options !== 'object') { + options = { + loose: !!options, + includePrerelease: false + } + } + + if (this.operator === '') { + if (this.value === '') { + return true + } + return new Range(comp.value, options).test(this.value) + } else if (comp.operator === '') { + if (comp.value === '') { + return true + } + return new Range(this.value, options).test(comp.semver) + } + + const sameDirectionIncreasing = + (this.operator === '>=' || this.operator === '>') && + (comp.operator === '>=' || comp.operator === '>') + const sameDirectionDecreasing = + (this.operator === '<=' || this.operator === '<') && + (comp.operator === '<=' || comp.operator === '<') + const sameSemVer = this.semver.version === comp.semver.version + const differentDirectionsInclusive = + (this.operator === '>=' || this.operator === '<=') && + (comp.operator === '>=' || comp.operator === '<=') + const oppositeDirectionsLessThan = + cmp(this.semver, '<', comp.semver, options) && + (this.operator === '>=' || this.operator === '>') && + (comp.operator === '<=' || comp.operator === '<') + const oppositeDirectionsGreaterThan = + cmp(this.semver, '>', comp.semver, options) && + (this.operator === '<=' || this.operator === '<') && + (comp.operator === '>=' || comp.operator === '>') + + return ( + sameDirectionIncreasing || + sameDirectionDecreasing || + (sameSemVer && differentDirectionsInclusive) || + oppositeDirectionsLessThan || + oppositeDirectionsGreaterThan + ) + } +} + +module.exports = Comparator + +const {re, t} = require('../internal/re') +const cmp = require('../functions/cmp') +const debug = require('../internal/debug') +const SemVer = require('./semver') +const Range = require('./range') diff --git a/node_modules/pacote/node_modules/semver/classes/index.js b/node_modules/pacote/node_modules/semver/classes/index.js new file mode 100644 index 000000000..198b84d66 --- /dev/null +++ b/node_modules/pacote/node_modules/semver/classes/index.js @@ -0,0 +1,5 @@ +module.exports = { + SemVer: require('./semver.js'), + Range: require('./range.js'), + Comparator: require('./comparator.js') +} diff --git a/node_modules/pacote/node_modules/semver/classes/range.js b/node_modules/pacote/node_modules/semver/classes/range.js new file mode 100644 index 000000000..90876c389 --- /dev/null +++ b/node_modules/pacote/node_modules/semver/classes/range.js @@ -0,0 +1,448 @@ +// hoisted class for cyclic dependency +class Range { + constructor (range, options) { + if (!options || typeof options !== 'object') { + options = { + loose: !!options, + includePrerelease: false + } + } + + if (range instanceof Range) { + if ( + range.loose === !!options.loose && + range.includePrerelease === !!options.includePrerelease + ) { + return range + } else { + return new Range(range.raw, options) + } + } + + if (range instanceof Comparator) { + // just put it in the set and return + this.raw = range.value + this.set = [[range]] + this.format() + return this + } + + this.options = options + this.loose = !!options.loose + this.includePrerelease = !!options.includePrerelease + + // First, split based on boolean or || + this.raw = range + this.set = range + .split(/\s*\|\|\s*/) + // map the range to a 2d array of comparators + .map(range => this.parseRange(range.trim())) + // throw out any comparator lists that are empty + // this generally means that it was not a valid range, which is allowed + // in loose mode, but will still throw if the WHOLE range is invalid. + .filter(c => c.length) + + if (!this.set.length) { + throw new TypeError(`Invalid SemVer Range: ${range}`) + } + + this.format() + } + + format () { + this.range = this.set + .map((comps) => { + return comps.join(' ').trim() + }) + .join('||') + .trim() + return this.range + } + + toString () { + return this.range + } + + parseRange (range) { + const loose = this.options.loose + range = range.trim() + // `1.2.3 - 1.2.4` => `>=1.2.3 <=1.2.4` + const hr = loose ? re[t.HYPHENRANGELOOSE] : re[t.HYPHENRANGE] + range = range.replace(hr, hyphenReplace) + debug('hyphen replace', range) + // `> 1.2.3 < 1.2.5` => `>1.2.3 <1.2.5` + range = range.replace(re[t.COMPARATORTRIM], comparatorTrimReplace) + debug('comparator trim', range, re[t.COMPARATORTRIM]) + + // `~ 1.2.3` => `~1.2.3` + range = range.replace(re[t.TILDETRIM], tildeTrimReplace) + + // `^ 1.2.3` => `^1.2.3` + range = range.replace(re[t.CARETTRIM], caretTrimReplace) + + // normalize spaces + range = range.split(/\s+/).join(' ') + + // At this point, the range is completely trimmed and + // ready to be split into comparators. + + const compRe = loose ? re[t.COMPARATORLOOSE] : re[t.COMPARATOR] + return range + .split(' ') + .map(comp => parseComparator(comp, this.options)) + .join(' ') + .split(/\s+/) + // in loose mode, throw out any that are not valid comparators + .filter(this.options.loose ? comp => !!comp.match(compRe) : () => true) + .map(comp => new Comparator(comp, this.options)) + } + + intersects (range, options) { + if (!(range instanceof Range)) { + throw new TypeError('a Range is required') + } + + return this.set.some((thisComparators) => { + return ( + isSatisfiable(thisComparators, options) && + range.set.some((rangeComparators) => { + return ( + isSatisfiable(rangeComparators, options) && + thisComparators.every((thisComparator) => { + return rangeComparators.every((rangeComparator) => { + return thisComparator.intersects(rangeComparator, options) + }) + }) + ) + }) + ) + }) + } + + // if ANY of the sets match ALL of its comparators, then pass + test (version) { + if (!version) { + return false + } + + if (typeof version === 'string') { + try { + version = new SemVer(version, this.options) + } catch (er) { + return false + } + } + + for (let i = 0; i < this.set.length; i++) { + if (testSet(this.set[i], version, this.options)) { + return true + } + } + return false + } +} +module.exports = Range + +const Comparator = require('./comparator') +const debug = require('../internal/debug') +const SemVer = require('./semver') +const { + re, + t, + comparatorTrimReplace, + tildeTrimReplace, + caretTrimReplace +} = require('../internal/re') + +// take a set of comparators and determine whether there +// exists a version which can satisfy it +const isSatisfiable = (comparators, options) => { + let result = true + const remainingComparators = comparators.slice() + let testComparator = remainingComparators.pop() + + while (result && remainingComparators.length) { + result = remainingComparators.every((otherComparator) => { + return testComparator.intersects(otherComparator, options) + }) + + testComparator = remainingComparators.pop() + } + + return result +} + +// comprised of xranges, tildes, stars, and gtlt's at this point. +// already replaced the hyphen ranges +// turn into a set of JUST comparators. +const parseComparator = (comp, options) => { + debug('comp', comp, options) + comp = replaceCarets(comp, options) + debug('caret', comp) + comp = replaceTildes(comp, options) + debug('tildes', comp) + comp = replaceXRanges(comp, options) + debug('xrange', comp) + comp = replaceStars(comp, options) + debug('stars', comp) + return comp +} + +const isX = id => !id || id.toLowerCase() === 'x' || id === '*' + +// ~, ~> --> * (any, kinda silly) +// ~2, ~2.x, ~2.x.x, ~>2, ~>2.x ~>2.x.x --> >=2.0.0 <3.0.0 +// ~2.0, ~2.0.x, ~>2.0, ~>2.0.x --> >=2.0.0 <2.1.0 +// ~1.2, ~1.2.x, ~>1.2, ~>1.2.x --> >=1.2.0 <1.3.0 +// ~1.2.3, ~>1.2.3 --> >=1.2.3 <1.3.0 +// ~1.2.0, ~>1.2.0 --> >=1.2.0 <1.3.0 +const replaceTildes = (comp, options) => + comp.trim().split(/\s+/).map((comp) => { + return replaceTilde(comp, options) + }).join(' ') + +const replaceTilde = (comp, options) => { + const r = options.loose ? re[t.TILDELOOSE] : re[t.TILDE] + return comp.replace(r, (_, M, m, p, pr) => { + debug('tilde', comp, _, M, m, p, pr) + let ret + + if (isX(M)) { + ret = '' + } else if (isX(m)) { + ret = `>=${M}.0.0 <${+M + 1}.0.0` + } else if (isX(p)) { + // ~1.2 == >=1.2.0 <1.3.0 + ret = `>=${M}.${m}.0 <${M}.${+m + 1}.0` + } else if (pr) { + debug('replaceTilde pr', pr) + ret = `>=${M}.${m}.${p}-${pr + } <${M}.${+m + 1}.0` + } else { + // ~1.2.3 == >=1.2.3 <1.3.0 + ret = `>=${M}.${m}.${p + } <${M}.${+m + 1}.0` + } + + debug('tilde return', ret) + return ret + }) +} + +// ^ --> * (any, kinda silly) +// ^2, ^2.x, ^2.x.x --> >=2.0.0 <3.0.0 +// ^2.0, ^2.0.x --> >=2.0.0 <3.0.0 +// ^1.2, ^1.2.x --> >=1.2.0 <2.0.0 +// ^1.2.3 --> >=1.2.3 <2.0.0 +// ^1.2.0 --> >=1.2.0 <2.0.0 +const replaceCarets = (comp, options) => + comp.trim().split(/\s+/).map((comp) => { + return replaceCaret(comp, options) + }).join(' ') + +const replaceCaret = (comp, options) => { + debug('caret', comp, options) + const r = options.loose ? re[t.CARETLOOSE] : re[t.CARET] + return comp.replace(r, (_, M, m, p, pr) => { + debug('caret', comp, _, M, m, p, pr) + let ret + + if (isX(M)) { + ret = '' + } else if (isX(m)) { + ret = `>=${M}.0.0 <${+M + 1}.0.0` + } else if (isX(p)) { + if (M === '0') { + ret = `>=${M}.${m}.0 <${M}.${+m + 1}.0` + } else { + ret = `>=${M}.${m}.0 <${+M + 1}.0.0` + } + } else if (pr) { + debug('replaceCaret pr', pr) + if (M === '0') { + if (m === '0') { + ret = `>=${M}.${m}.${p}-${pr + } <${M}.${m}.${+p + 1}` + } else { + ret = `>=${M}.${m}.${p}-${pr + } <${M}.${+m + 1}.0` + } + } else { + ret = `>=${M}.${m}.${p}-${pr + } <${+M + 1}.0.0` + } + } else { + debug('no pr') + if (M === '0') { + if (m === '0') { + ret = `>=${M}.${m}.${p + } <${M}.${m}.${+p + 1}` + } else { + ret = `>=${M}.${m}.${p + } <${M}.${+m + 1}.0` + } + } else { + ret = `>=${M}.${m}.${p + } <${+M + 1}.0.0` + } + } + + debug('caret return', ret) + return ret + }) +} + +const replaceXRanges = (comp, options) => { + debug('replaceXRanges', comp, options) + return comp.split(/\s+/).map((comp) => { + return replaceXRange(comp, options) + }).join(' ') +} + +const replaceXRange = (comp, options) => { + comp = comp.trim() + const r = options.loose ? re[t.XRANGELOOSE] : re[t.XRANGE] + return comp.replace(r, (ret, gtlt, M, m, p, pr) => { + debug('xRange', comp, ret, gtlt, M, m, p, pr) + const xM = isX(M) + const xm = xM || isX(m) + const xp = xm || isX(p) + const anyX = xp + + if (gtlt === '=' && anyX) { + gtlt = '' + } + + // if we're including prereleases in the match, then we need + // to fix this to -0, the lowest possible prerelease value + pr = options.includePrerelease ? '-0' : '' + + if (xM) { + if (gtlt === '>' || gtlt === '<') { + // nothing is allowed + ret = '<0.0.0-0' + } else { + // nothing is forbidden + ret = '*' + } + } else if (gtlt && anyX) { + // we know patch is an x, because we have any x at all. + // replace X with 0 + if (xm) { + m = 0 + } + p = 0 + + if (gtlt === '>') { + // >1 => >=2.0.0 + // >1.2 => >=1.3.0 + gtlt = '>=' + if (xm) { + M = +M + 1 + m = 0 + p = 0 + } else { + m = +m + 1 + p = 0 + } + } else if (gtlt === '<=') { + // <=0.7.x is actually <0.8.0, since any 0.7.x should + // pass. Similarly, <=7.x is actually <8.0.0, etc. + gtlt = '<' + if (xm) { + M = +M + 1 + } else { + m = +m + 1 + } + } + + ret = `${gtlt + M}.${m}.${p}${pr}` + } else if (xm) { + ret = `>=${M}.0.0${pr} <${+M + 1}.0.0${pr}` + } else if (xp) { + ret = `>=${M}.${m}.0${pr + } <${M}.${+m + 1}.0${pr}` + } + + debug('xRange return', ret) + + return ret + }) +} + +// Because * is AND-ed with everything else in the comparator, +// and '' means "any version", just remove the *s entirely. +const replaceStars = (comp, options) => { + debug('replaceStars', comp, options) + // Looseness is ignored here. star is always as loose as it gets! + return comp.trim().replace(re[t.STAR], '') +} + +// This function is passed to string.replace(re[t.HYPHENRANGE]) +// M, m, patch, prerelease, build +// 1.2 - 3.4.5 => >=1.2.0 <=3.4.5 +// 1.2.3 - 3.4 => >=1.2.0 <3.5.0 Any 3.4.x will do +// 1.2 - 3.4 => >=1.2.0 <3.5.0 +const hyphenReplace = ($0, + from, fM, fm, fp, fpr, fb, + to, tM, tm, tp, tpr, tb) => { + if (isX(fM)) { + from = '' + } else if (isX(fm)) { + from = `>=${fM}.0.0` + } else if (isX(fp)) { + from = `>=${fM}.${fm}.0` + } else { + from = `>=${from}` + } + + if (isX(tM)) { + to = '' + } else if (isX(tm)) { + to = `<${+tM + 1}.0.0` + } else if (isX(tp)) { + to = `<${tM}.${+tm + 1}.0` + } else if (tpr) { + to = `<=${tM}.${tm}.${tp}-${tpr}` + } else { + to = `<=${to}` + } + + return (`${from} ${to}`).trim() +} + +const testSet = (set, version, options) => { + for (let i = 0; i < set.length; i++) { + if (!set[i].test(version)) { + return false + } + } + + if (version.prerelease.length && !options.includePrerelease) { + // Find the set of versions that are allowed to have prereleases + // For example, ^1.2.3-pr.1 desugars to >=1.2.3-pr.1 <2.0.0 + // That should allow `1.2.3-pr.2` to pass. + // However, `1.2.4-alpha.notready` should NOT be allowed, + // even though it's within the range set by the comparators. + for (let i = 0; i < set.length; i++) { + debug(set[i].semver) + if (set[i].semver === Comparator.ANY) { + continue + } + + if (set[i].semver.prerelease.length > 0) { + const allowed = set[i].semver + if (allowed.major === version.major && + allowed.minor === version.minor && + allowed.patch === version.patch) { + return true + } + } + } + + // Version has a -pre, but it's not one of the ones we like. + return false + } + + return true +} diff --git a/node_modules/pacote/node_modules/semver/classes/semver.js b/node_modules/pacote/node_modules/semver/classes/semver.js new file mode 100644 index 000000000..73247ad2b --- /dev/null +++ b/node_modules/pacote/node_modules/semver/classes/semver.js @@ -0,0 +1,290 @@ +const debug = require('../internal/debug') +const { MAX_LENGTH, MAX_SAFE_INTEGER } = require('../internal/constants') +const { re, t } = require('../internal/re') + +const { compareIdentifiers } = require('../internal/identifiers') +class SemVer { + constructor (version, options) { + if (!options || typeof options !== 'object') { + options = { + loose: !!options, + includePrerelease: false + } + } + if (version instanceof SemVer) { + if (version.loose === !!options.loose && + version.includePrerelease === !!options.includePrerelease) { + return version + } else { + version = version.version + } + } else if (typeof version !== 'string') { + throw new TypeError(`Invalid Version: ${version}`) + } + + if (version.length > MAX_LENGTH) { + throw new TypeError( + `version is longer than ${MAX_LENGTH} characters` + ) + } + + debug('SemVer', version, options) + this.options = options + this.loose = !!options.loose + // this isn't actually relevant for versions, but keep it so that we + // don't run into trouble passing this.options around. + this.includePrerelease = !!options.includePrerelease + + const m = version.trim().match(options.loose ? re[t.LOOSE] : re[t.FULL]) + + if (!m) { + throw new TypeError(`Invalid Version: ${version}`) + } + + this.raw = version + + // these are actually numbers + this.major = +m[1] + this.minor = +m[2] + this.patch = +m[3] + + if (this.major > MAX_SAFE_INTEGER || this.major < 0) { + throw new TypeError('Invalid major version') + } + + if (this.minor > MAX_SAFE_INTEGER || this.minor < 0) { + throw new TypeError('Invalid minor version') + } + + if (this.patch > MAX_SAFE_INTEGER || this.patch < 0) { + throw new TypeError('Invalid patch version') + } + + // numberify any prerelease numeric ids + if (!m[4]) { + this.prerelease = [] + } else { + this.prerelease = m[4].split('.').map((id) => { + if (/^[0-9]+$/.test(id)) { + const num = +id + if (num >= 0 && num < MAX_SAFE_INTEGER) { + return num + } + } + return id + }) + } + + this.build = m[5] ? m[5].split('.') : [] + this.format() + } + + format () { + this.version = `${this.major}.${this.minor}.${this.patch}` + if (this.prerelease.length) { + this.version += `-${this.prerelease.join('.')}` + } + return this.version + } + + toString () { + return this.version + } + + compare (other) { + debug('SemVer.compare', this.version, this.options, other) + if (!(other instanceof SemVer)) { + if (typeof other === 'string' && other === this.version) { + return 0 + } + other = new SemVer(other, this.options) + } + + if (other.version === this.version) { + return 0 + } + + return this.compareMain(other) || this.comparePre(other) + } + + compareMain (other) { + if (!(other instanceof SemVer)) { + other = new SemVer(other, this.options) + } + + return ( + compareIdentifiers(this.major, other.major) || + compareIdentifiers(this.minor, other.minor) || + compareIdentifiers(this.patch, other.patch) + ) + } + + comparePre (other) { + if (!(other instanceof SemVer)) { + other = new SemVer(other, this.options) + } + + // NOT having a prerelease is > having one + if (this.prerelease.length && !other.prerelease.length) { + return -1 + } else if (!this.prerelease.length && other.prerelease.length) { + return 1 + } else if (!this.prerelease.length && !other.prerelease.length) { + return 0 + } + + let i = 0 + do { + const a = this.prerelease[i] + const b = other.prerelease[i] + debug('prerelease compare', i, a, b) + if (a === undefined && b === undefined) { + return 0 + } else if (b === undefined) { + return 1 + } else if (a === undefined) { + return -1 + } else if (a === b) { + continue + } else { + return compareIdentifiers(a, b) + } + } while (++i) + } + + compareBuild (other) { + if (!(other instanceof SemVer)) { + other = new SemVer(other, this.options) + } + + let i = 0 + do { + const a = this.build[i] + const b = other.build[i] + debug('prerelease compare', i, a, b) + if (a === undefined && b === undefined) { + return 0 + } else if (b === undefined) { + return 1 + } else if (a === undefined) { + return -1 + } else if (a === b) { + continue + } else { + return compareIdentifiers(a, b) + } + } while (++i) + } + + // preminor will bump the version up to the next minor release, and immediately + // down to pre-release. premajor and prepatch work the same way. + inc (release, identifier) { + switch (release) { + case 'premajor': + this.prerelease.length = 0 + this.patch = 0 + this.minor = 0 + this.major++ + this.inc('pre', identifier) + break + case 'preminor': + this.prerelease.length = 0 + this.patch = 0 + this.minor++ + this.inc('pre', identifier) + break + case 'prepatch': + // If this is already a prerelease, it will bump to the next version + // drop any prereleases that might already exist, since they are not + // relevant at this point. + this.prerelease.length = 0 + this.inc('patch', identifier) + this.inc('pre', identifier) + break + // If the input is a non-prerelease version, this acts the same as + // prepatch. + case 'prerelease': + if (this.prerelease.length === 0) { + this.inc('patch', identifier) + } + this.inc('pre', identifier) + break + + case 'major': + // If this is a pre-major version, bump up to the same major version. + // Otherwise increment major. + // 1.0.0-5 bumps to 1.0.0 + // 1.1.0 bumps to 2.0.0 + if ( + this.minor !== 0 || + this.patch !== 0 || + this.prerelease.length === 0 + ) { + this.major++ + } + this.minor = 0 + this.patch = 0 + this.prerelease = [] + break + case 'minor': + // If this is a pre-minor version, bump up to the same minor version. + // Otherwise increment minor. + // 1.2.0-5 bumps to 1.2.0 + // 1.2.1 bumps to 1.3.0 + if (this.patch !== 0 || this.prerelease.length === 0) { + this.minor++ + } + this.patch = 0 + this.prerelease = [] + break + case 'patch': + // If this is not a pre-release version, it will increment the patch. + // If it is a pre-release it will bump up to the same patch version. + // 1.2.0-5 patches to 1.2.0 + // 1.2.0 patches to 1.2.1 + if (this.prerelease.length === 0) { + this.patch++ + } + this.prerelease = [] + break + // This probably shouldn't be used publicly. + // 1.0.0 'pre' would become 1.0.0-0 which is the wrong direction. + case 'pre': + if (this.prerelease.length === 0) { + this.prerelease = [0] + } else { + let i = this.prerelease.length + while (--i >= 0) { + if (typeof this.prerelease[i] === 'number') { + this.prerelease[i]++ + i = -2 + } + } + if (i === -1) { + // didn't increment anything + this.prerelease.push(0) + } + } + if (identifier) { + // 1.2.0-beta.1 bumps to 1.2.0-beta.2, + // 1.2.0-beta.fooblz or 1.2.0-beta bumps to 1.2.0-beta.0 + if (this.prerelease[0] === identifier) { + if (isNaN(this.prerelease[1])) { + this.prerelease = [identifier, 0] + } + } else { + this.prerelease = [identifier, 0] + } + } + break + + default: + throw new Error(`invalid increment argument: ${release}`) + } + this.format() + this.raw = this.version + return this + } +} + +module.exports = SemVer diff --git a/node_modules/pacote/node_modules/semver/functions/clean.js b/node_modules/pacote/node_modules/semver/functions/clean.js new file mode 100644 index 000000000..811fe6b82 --- /dev/null +++ b/node_modules/pacote/node_modules/semver/functions/clean.js @@ -0,0 +1,6 @@ +const parse = require('./parse') +const clean = (version, options) => { + const s = parse(version.trim().replace(/^[=v]+/, ''), options) + return s ? s.version : null +} +module.exports = clean diff --git a/node_modules/pacote/node_modules/semver/functions/cmp.js b/node_modules/pacote/node_modules/semver/functions/cmp.js new file mode 100644 index 000000000..3b89db779 --- /dev/null +++ b/node_modules/pacote/node_modules/semver/functions/cmp.js @@ -0,0 +1,48 @@ +const eq = require('./eq') +const neq = require('./neq') +const gt = require('./gt') +const gte = require('./gte') +const lt = require('./lt') +const lte = require('./lte') + +const cmp = (a, op, b, loose) => { + switch (op) { + case '===': + if (typeof a === 'object') + a = a.version + if (typeof b === 'object') + b = b.version + return a === b + + case '!==': + if (typeof a === 'object') + a = a.version + if (typeof b === 'object') + b = b.version + return a !== b + + case '': + case '=': + case '==': + return eq(a, b, loose) + + case '!=': + return neq(a, b, loose) + + case '>': + return gt(a, b, loose) + + case '>=': + return gte(a, b, loose) + + case '<': + return lt(a, b, loose) + + case '<=': + return lte(a, b, loose) + + default: + throw new TypeError(`Invalid operator: ${op}`) + } +} +module.exports = cmp diff --git a/node_modules/pacote/node_modules/semver/functions/coerce.js b/node_modules/pacote/node_modules/semver/functions/coerce.js new file mode 100644 index 000000000..106ca71c9 --- /dev/null +++ b/node_modules/pacote/node_modules/semver/functions/coerce.js @@ -0,0 +1,51 @@ +const SemVer = require('../classes/semver') +const parse = require('./parse') +const {re, t} = require('../internal/re') + +const coerce = (version, options) => { + if (version instanceof SemVer) { + return version + } + + if (typeof version === 'number') { + version = String(version) + } + + if (typeof version !== 'string') { + return null + } + + options = options || {} + + let match = null + if (!options.rtl) { + match = version.match(re[t.COERCE]) + } else { + // Find the right-most coercible string that does not share + // a terminus with a more left-ward coercible string. + // Eg, '1.2.3.4' wants to coerce '2.3.4', not '3.4' or '4' + // + // Walk through the string checking with a /g regexp + // Manually set the index so as to pick up overlapping matches. + // Stop when we get a match that ends at the string end, since no + // coercible string can be more right-ward without the same terminus. + let next + while ((next = re[t.COERCERTL].exec(version)) && + (!match || match.index + match[0].length !== version.length) + ) { + if (!match || + next.index + next[0].length !== match.index + match[0].length) { + match = next + } + re[t.COERCERTL].lastIndex = next.index + next[1].length + next[2].length + } + // leave it in a clean state + re[t.COERCERTL].lastIndex = -1 + } + + if (match === null) + return null + + return parse(`${match[2]}.${match[3] || '0'}.${match[4] || '0'}`, options) +} +module.exports = coerce diff --git a/node_modules/pacote/node_modules/semver/functions/compare-build.js b/node_modules/pacote/node_modules/semver/functions/compare-build.js new file mode 100644 index 000000000..9eb881bef --- /dev/null +++ b/node_modules/pacote/node_modules/semver/functions/compare-build.js @@ -0,0 +1,7 @@ +const SemVer = require('../classes/semver') +const compareBuild = (a, b, loose) => { + const versionA = new SemVer(a, loose) + const versionB = new SemVer(b, loose) + return versionA.compare(versionB) || versionA.compareBuild(versionB) +} +module.exports = compareBuild diff --git a/node_modules/pacote/node_modules/semver/functions/compare-loose.js b/node_modules/pacote/node_modules/semver/functions/compare-loose.js new file mode 100644 index 000000000..4881fbe00 --- /dev/null +++ b/node_modules/pacote/node_modules/semver/functions/compare-loose.js @@ -0,0 +1,3 @@ +const compare = require('./compare') +const compareLoose = (a, b) => compare(a, b, true) +module.exports = compareLoose diff --git a/node_modules/pacote/node_modules/semver/functions/compare.js b/node_modules/pacote/node_modules/semver/functions/compare.js new file mode 100644 index 000000000..748b7afa5 --- /dev/null +++ b/node_modules/pacote/node_modules/semver/functions/compare.js @@ -0,0 +1,5 @@ +const SemVer = require('../classes/semver') +const compare = (a, b, loose) => + new SemVer(a, loose).compare(new SemVer(b, loose)) + +module.exports = compare diff --git a/node_modules/pacote/node_modules/semver/functions/diff.js b/node_modules/pacote/node_modules/semver/functions/diff.js new file mode 100644 index 000000000..87200ef3b --- /dev/null +++ b/node_modules/pacote/node_modules/semver/functions/diff.js @@ -0,0 +1,23 @@ +const parse = require('./parse') +const eq = require('./eq') + +const diff = (version1, version2) => { + if (eq(version1, version2)) { + return null + } else { + const v1 = parse(version1) + const v2 = parse(version2) + const hasPre = v1.prerelease.length || v2.prerelease.length + const prefix = hasPre ? 'pre' : '' + const defaultResult = hasPre ? 'prerelease' : '' + for (const key in v1) { + if (key === 'major' || key === 'minor' || key === 'patch') { + if (v1[key] !== v2[key]) { + return prefix + key + } + } + } + return defaultResult // may be undefined + } +} +module.exports = diff diff --git a/node_modules/pacote/node_modules/semver/functions/eq.js b/node_modules/pacote/node_modules/semver/functions/eq.js new file mode 100644 index 000000000..271fed976 --- /dev/null +++ b/node_modules/pacote/node_modules/semver/functions/eq.js @@ -0,0 +1,3 @@ +const compare = require('./compare') +const eq = (a, b, loose) => compare(a, b, loose) === 0 +module.exports = eq diff --git a/node_modules/pacote/node_modules/semver/functions/gt.js b/node_modules/pacote/node_modules/semver/functions/gt.js new file mode 100644 index 000000000..d9b2156d8 --- /dev/null +++ b/node_modules/pacote/node_modules/semver/functions/gt.js @@ -0,0 +1,3 @@ +const compare = require('./compare') +const gt = (a, b, loose) => compare(a, b, loose) > 0 +module.exports = gt diff --git a/node_modules/pacote/node_modules/semver/functions/gte.js b/node_modules/pacote/node_modules/semver/functions/gte.js new file mode 100644 index 000000000..5aeaa6347 --- /dev/null +++ b/node_modules/pacote/node_modules/semver/functions/gte.js @@ -0,0 +1,3 @@ +const compare = require('./compare') +const gte = (a, b, loose) => compare(a, b, loose) >= 0 +module.exports = gte diff --git a/node_modules/pacote/node_modules/semver/functions/inc.js b/node_modules/pacote/node_modules/semver/functions/inc.js new file mode 100644 index 000000000..aa4d83ab4 --- /dev/null +++ b/node_modules/pacote/node_modules/semver/functions/inc.js @@ -0,0 +1,15 @@ +const SemVer = require('../classes/semver') + +const inc = (version, release, options, identifier) => { + if (typeof (options) === 'string') { + identifier = options + options = undefined + } + + try { + return new SemVer(version, options).inc(release, identifier).version + } catch (er) { + return null + } +} +module.exports = inc diff --git a/node_modules/pacote/node_modules/semver/functions/lt.js b/node_modules/pacote/node_modules/semver/functions/lt.js new file mode 100644 index 000000000..b440ab7d4 --- /dev/null +++ b/node_modules/pacote/node_modules/semver/functions/lt.js @@ -0,0 +1,3 @@ +const compare = require('./compare') +const lt = (a, b, loose) => compare(a, b, loose) < 0 +module.exports = lt diff --git a/node_modules/pacote/node_modules/semver/functions/lte.js b/node_modules/pacote/node_modules/semver/functions/lte.js new file mode 100644 index 000000000..6dcc95650 --- /dev/null +++ b/node_modules/pacote/node_modules/semver/functions/lte.js @@ -0,0 +1,3 @@ +const compare = require('./compare') +const lte = (a, b, loose) => compare(a, b, loose) <= 0 +module.exports = lte diff --git a/node_modules/pacote/node_modules/semver/functions/major.js b/node_modules/pacote/node_modules/semver/functions/major.js new file mode 100644 index 000000000..4283165e9 --- /dev/null +++ b/node_modules/pacote/node_modules/semver/functions/major.js @@ -0,0 +1,3 @@ +const SemVer = require('../classes/semver') +const major = (a, loose) => new SemVer(a, loose).major +module.exports = major diff --git a/node_modules/pacote/node_modules/semver/functions/minor.js b/node_modules/pacote/node_modules/semver/functions/minor.js new file mode 100644 index 000000000..57b3455f8 --- /dev/null +++ b/node_modules/pacote/node_modules/semver/functions/minor.js @@ -0,0 +1,3 @@ +const SemVer = require('../classes/semver') +const minor = (a, loose) => new SemVer(a, loose).minor +module.exports = minor diff --git a/node_modules/pacote/node_modules/semver/functions/neq.js b/node_modules/pacote/node_modules/semver/functions/neq.js new file mode 100644 index 000000000..f944c0157 --- /dev/null +++ b/node_modules/pacote/node_modules/semver/functions/neq.js @@ -0,0 +1,3 @@ +const compare = require('./compare') +const neq = (a, b, loose) => compare(a, b, loose) !== 0 +module.exports = neq diff --git a/node_modules/pacote/node_modules/semver/functions/parse.js b/node_modules/pacote/node_modules/semver/functions/parse.js new file mode 100644 index 000000000..457fee04a --- /dev/null +++ b/node_modules/pacote/node_modules/semver/functions/parse.js @@ -0,0 +1,37 @@ +const {MAX_LENGTH} = require('../internal/constants') +const { re, t } = require('../internal/re') +const SemVer = require('../classes/semver') + +const parse = (version, options) => { + if (!options || typeof options !== 'object') { + options = { + loose: !!options, + includePrerelease: false + } + } + + if (version instanceof SemVer) { + return version + } + + if (typeof version !== 'string') { + return null + } + + if (version.length > MAX_LENGTH) { + return null + } + + const r = options.loose ? re[t.LOOSE] : re[t.FULL] + if (!r.test(version)) { + return null + } + + try { + return new SemVer(version, options) + } catch (er) { + return null + } +} + +module.exports = parse diff --git a/node_modules/pacote/node_modules/semver/functions/patch.js b/node_modules/pacote/node_modules/semver/functions/patch.js new file mode 100644 index 000000000..63afca252 --- /dev/null +++ b/node_modules/pacote/node_modules/semver/functions/patch.js @@ -0,0 +1,3 @@ +const SemVer = require('../classes/semver') +const patch = (a, loose) => new SemVer(a, loose).patch +module.exports = patch diff --git a/node_modules/pacote/node_modules/semver/functions/prerelease.js b/node_modules/pacote/node_modules/semver/functions/prerelease.js new file mode 100644 index 000000000..06aa13248 --- /dev/null +++ b/node_modules/pacote/node_modules/semver/functions/prerelease.js @@ -0,0 +1,6 @@ +const parse = require('./parse') +const prerelease = (version, options) => { + const parsed = parse(version, options) + return (parsed && parsed.prerelease.length) ? parsed.prerelease : null +} +module.exports = prerelease diff --git a/node_modules/pacote/node_modules/semver/functions/rcompare.js b/node_modules/pacote/node_modules/semver/functions/rcompare.js new file mode 100644 index 000000000..0ac509e79 --- /dev/null +++ b/node_modules/pacote/node_modules/semver/functions/rcompare.js @@ -0,0 +1,3 @@ +const compare = require('./compare') +const rcompare = (a, b, loose) => compare(b, a, loose) +module.exports = rcompare diff --git a/node_modules/pacote/node_modules/semver/functions/rsort.js b/node_modules/pacote/node_modules/semver/functions/rsort.js new file mode 100644 index 000000000..82404c5cf --- /dev/null +++ b/node_modules/pacote/node_modules/semver/functions/rsort.js @@ -0,0 +1,3 @@ +const compareBuild = require('./compare-build') +const rsort = (list, loose) => list.sort((a, b) => compareBuild(b, a, loose)) +module.exports = rsort diff --git a/node_modules/pacote/node_modules/semver/functions/satisfies.js b/node_modules/pacote/node_modules/semver/functions/satisfies.js new file mode 100644 index 000000000..50af1c199 --- /dev/null +++ b/node_modules/pacote/node_modules/semver/functions/satisfies.js @@ -0,0 +1,10 @@ +const Range = require('../classes/range') +const satisfies = (version, range, options) => { + try { + range = new Range(range, options) + } catch (er) { + return false + } + return range.test(version) +} +module.exports = satisfies diff --git a/node_modules/pacote/node_modules/semver/functions/sort.js b/node_modules/pacote/node_modules/semver/functions/sort.js new file mode 100644 index 000000000..4d10917ab --- /dev/null +++ b/node_modules/pacote/node_modules/semver/functions/sort.js @@ -0,0 +1,3 @@ +const compareBuild = require('./compare-build') +const sort = (list, loose) => list.sort((a, b) => compareBuild(a, b, loose)) +module.exports = sort diff --git a/node_modules/pacote/node_modules/semver/functions/valid.js b/node_modules/pacote/node_modules/semver/functions/valid.js new file mode 100644 index 000000000..f27bae107 --- /dev/null +++ b/node_modules/pacote/node_modules/semver/functions/valid.js @@ -0,0 +1,6 @@ +const parse = require('./parse') +const valid = (version, options) => { + const v = parse(version, options) + return v ? v.version : null +} +module.exports = valid diff --git a/node_modules/pacote/node_modules/semver/index.js b/node_modules/pacote/node_modules/semver/index.js new file mode 100644 index 000000000..3a0b4e52c --- /dev/null +++ b/node_modules/pacote/node_modules/semver/index.js @@ -0,0 +1,46 @@ +// just pre-load all the stuff that index.js lazily exports +const internalRe = require('./internal/re') +module.exports = { + re: internalRe.re, + src: internalRe.src, + tokens: internalRe.t, + SEMVER_SPEC_VERSION: require('./internal/constants').SEMVER_SPEC_VERSION, + SemVer: require('./classes/semver'), + compareIdentifiers: require('./internal/identifiers').compareIdentifiers, + rcompareIdentifiers: require('./internal/identifiers').rcompareIdentifiers, + parse: require('./functions/parse'), + valid: require('./functions/valid'), + clean: require('./functions/clean'), + inc: require('./functions/inc'), + diff: require('./functions/diff'), + major: require('./functions/major'), + minor: require('./functions/minor'), + patch: require('./functions/patch'), + prerelease: require('./functions/prerelease'), + compare: require('./functions/compare'), + rcompare: require('./functions/rcompare'), + compareLoose: require('./functions/compare-loose'), + compareBuild: require('./functions/compare-build'), + sort: require('./functions/sort'), + rsort: require('./functions/rsort'), + gt: require('./functions/gt'), + lt: require('./functions/lt'), + eq: require('./functions/eq'), + neq: require('./functions/neq'), + gte: require('./functions/gte'), + lte: require('./functions/lte'), + cmp: require('./functions/cmp'), + coerce: require('./functions/coerce'), + Comparator: require('./classes/comparator'), + Range: require('./classes/range'), + satisfies: require('./functions/satisfies'), + toComparators: require('./ranges/to-comparators'), + maxSatisfying: require('./ranges/max-satisfying'), + minSatisfying: require('./ranges/min-satisfying'), + minVersion: require('./ranges/min-version'), + validRange: require('./ranges/valid'), + outside: require('./ranges/outside'), + gtr: require('./ranges/gtr'), + ltr: require('./ranges/ltr'), + intersects: require('./ranges/intersects'), +} diff --git a/node_modules/pacote/node_modules/semver/internal/constants.js b/node_modules/pacote/node_modules/semver/internal/constants.js new file mode 100644 index 000000000..49df215ad --- /dev/null +++ b/node_modules/pacote/node_modules/semver/internal/constants.js @@ -0,0 +1,17 @@ +// Note: this is the semver.org version of the spec that it implements +// Not necessarily the package version of this code. +const SEMVER_SPEC_VERSION = '2.0.0' + +const MAX_LENGTH = 256 +const MAX_SAFE_INTEGER = Number.MAX_SAFE_INTEGER || + /* istanbul ignore next */ 9007199254740991 + +// Max safe segment length for coercion. +const MAX_SAFE_COMPONENT_LENGTH = 16 + +module.exports = { + SEMVER_SPEC_VERSION, + MAX_LENGTH, + MAX_SAFE_INTEGER, + MAX_SAFE_COMPONENT_LENGTH +} diff --git a/node_modules/pacote/node_modules/semver/internal/debug.js b/node_modules/pacote/node_modules/semver/internal/debug.js new file mode 100644 index 000000000..1c00e1369 --- /dev/null +++ b/node_modules/pacote/node_modules/semver/internal/debug.js @@ -0,0 +1,9 @@ +const debug = ( + typeof process === 'object' && + process.env && + process.env.NODE_DEBUG && + /\bsemver\b/i.test(process.env.NODE_DEBUG) +) ? (...args) => console.error('SEMVER', ...args) + : () => {} + +module.exports = debug diff --git a/node_modules/pacote/node_modules/semver/internal/identifiers.js b/node_modules/pacote/node_modules/semver/internal/identifiers.js new file mode 100644 index 000000000..ed1309421 --- /dev/null +++ b/node_modules/pacote/node_modules/semver/internal/identifiers.js @@ -0,0 +1,23 @@ +const numeric = /^[0-9]+$/ +const compareIdentifiers = (a, b) => { + const anum = numeric.test(a) + const bnum = numeric.test(b) + + if (anum && bnum) { + a = +a + b = +b + } + + return a === b ? 0 + : (anum && !bnum) ? -1 + : (bnum && !anum) ? 1 + : a < b ? -1 + : 1 +} + +const rcompareIdentifiers = (a, b) => compareIdentifiers(b, a) + +module.exports = { + compareIdentifiers, + rcompareIdentifiers +} diff --git a/node_modules/pacote/node_modules/semver/internal/re.js b/node_modules/pacote/node_modules/semver/internal/re.js new file mode 100644 index 000000000..0e8fb5289 --- /dev/null +++ b/node_modules/pacote/node_modules/semver/internal/re.js @@ -0,0 +1,179 @@ +const { MAX_SAFE_COMPONENT_LENGTH } = require('./constants') +const debug = require('./debug') +exports = module.exports = {} + +// The actual regexps go on exports.re +const re = exports.re = [] +const src = exports.src = [] +const t = exports.t = {} +let R = 0 + +const createToken = (name, value, isGlobal) => { + const index = R++ + debug(index, value) + t[name] = index + src[index] = value + re[index] = new RegExp(value, isGlobal ? 'g' : undefined) +} + +// The following Regular Expressions can be used for tokenizing, +// validating, and parsing SemVer version strings. + +// ## Numeric Identifier +// A single `0`, or a non-zero digit followed by zero or more digits. + +createToken('NUMERICIDENTIFIER', '0|[1-9]\\d*') +createToken('NUMERICIDENTIFIERLOOSE', '[0-9]+') + +// ## Non-numeric Identifier +// Zero or more digits, followed by a letter or hyphen, and then zero or +// more letters, digits, or hyphens. + +createToken('NONNUMERICIDENTIFIER', '\\d*[a-zA-Z-][a-zA-Z0-9-]*') + +// ## Main Version +// Three dot-separated numeric identifiers. + +createToken('MAINVERSION', `(${src[t.NUMERICIDENTIFIER]})\\.` + + `(${src[t.NUMERICIDENTIFIER]})\\.` + + `(${src[t.NUMERICIDENTIFIER]})`) + +createToken('MAINVERSIONLOOSE', `(${src[t.NUMERICIDENTIFIERLOOSE]})\\.` + + `(${src[t.NUMERICIDENTIFIERLOOSE]})\\.` + + `(${src[t.NUMERICIDENTIFIERLOOSE]})`) + +// ## Pre-release Version Identifier +// A numeric identifier, or a non-numeric identifier. + +createToken('PRERELEASEIDENTIFIER', `(?:${src[t.NUMERICIDENTIFIER] +}|${src[t.NONNUMERICIDENTIFIER]})`) + +createToken('PRERELEASEIDENTIFIERLOOSE', `(?:${src[t.NUMERICIDENTIFIERLOOSE] +}|${src[t.NONNUMERICIDENTIFIER]})`) + +// ## Pre-release Version +// Hyphen, followed by one or more dot-separated pre-release version +// identifiers. + +createToken('PRERELEASE', `(?:-(${src[t.PRERELEASEIDENTIFIER] +}(?:\\.${src[t.PRERELEASEIDENTIFIER]})*))`) + +createToken('PRERELEASELOOSE', `(?:-?(${src[t.PRERELEASEIDENTIFIERLOOSE] +}(?:\\.${src[t.PRERELEASEIDENTIFIERLOOSE]})*))`) + +// ## Build Metadata Identifier +// Any combination of digits, letters, or hyphens. + +createToken('BUILDIDENTIFIER', '[0-9A-Za-z-]+') + +// ## Build Metadata +// Plus sign, followed by one or more period-separated build metadata +// identifiers. + +createToken('BUILD', `(?:\\+(${src[t.BUILDIDENTIFIER] +}(?:\\.${src[t.BUILDIDENTIFIER]})*))`) + +// ## Full Version String +// A main version, followed optionally by a pre-release version and +// build metadata. + +// Note that the only major, minor, patch, and pre-release sections of +// the version string are capturing groups. The build metadata is not a +// capturing group, because it should not ever be used in version +// comparison. + +createToken('FULLPLAIN', `v?${src[t.MAINVERSION] +}${src[t.PRERELEASE]}?${ + src[t.BUILD]}?`) + +createToken('FULL', `^${src[t.FULLPLAIN]}$`) + +// like full, but allows v1.2.3 and =1.2.3, which people do sometimes. +// also, 1.0.0alpha1 (prerelease without the hyphen) which is pretty +// common in the npm registry. +createToken('LOOSEPLAIN', `[v=\\s]*${src[t.MAINVERSIONLOOSE] +}${src[t.PRERELEASELOOSE]}?${ + src[t.BUILD]}?`) + +createToken('LOOSE', `^${src[t.LOOSEPLAIN]}$`) + +createToken('GTLT', '((?:<|>)?=?)') + +// Something like "2.*" or "1.2.x". +// Note that "x.x" is a valid xRange identifer, meaning "any version" +// Only the first item is strictly required. +createToken('XRANGEIDENTIFIERLOOSE', `${src[t.NUMERICIDENTIFIERLOOSE]}|x|X|\\*`) +createToken('XRANGEIDENTIFIER', `${src[t.NUMERICIDENTIFIER]}|x|X|\\*`) + +createToken('XRANGEPLAIN', `[v=\\s]*(${src[t.XRANGEIDENTIFIER]})` + + `(?:\\.(${src[t.XRANGEIDENTIFIER]})` + + `(?:\\.(${src[t.XRANGEIDENTIFIER]})` + + `(?:${src[t.PRERELEASE]})?${ + src[t.BUILD]}?` + + `)?)?`) + +createToken('XRANGEPLAINLOOSE', `[v=\\s]*(${src[t.XRANGEIDENTIFIERLOOSE]})` + + `(?:\\.(${src[t.XRANGEIDENTIFIERLOOSE]})` + + `(?:\\.(${src[t.XRANGEIDENTIFIERLOOSE]})` + + `(?:${src[t.PRERELEASELOOSE]})?${ + src[t.BUILD]}?` + + `)?)?`) + +createToken('XRANGE', `^${src[t.GTLT]}\\s*${src[t.XRANGEPLAIN]}$`) +createToken('XRANGELOOSE', `^${src[t.GTLT]}\\s*${src[t.XRANGEPLAINLOOSE]}$`) + +// Coercion. +// Extract anything that could conceivably be a part of a valid semver +createToken('COERCE', `${'(^|[^\\d])' + + '(\\d{1,'}${MAX_SAFE_COMPONENT_LENGTH}})` + + `(?:\\.(\\d{1,${MAX_SAFE_COMPONENT_LENGTH}}))?` + + `(?:\\.(\\d{1,${MAX_SAFE_COMPONENT_LENGTH}}))?` + + `(?:$|[^\\d])`) +createToken('COERCERTL', src[t.COERCE], true) + +// Tilde ranges. +// Meaning is "reasonably at or greater than" +createToken('LONETILDE', '(?:~>?)') + +createToken('TILDETRIM', `(\\s*)${src[t.LONETILDE]}\\s+`, true) +exports.tildeTrimReplace = '$1~' + +createToken('TILDE', `^${src[t.LONETILDE]}${src[t.XRANGEPLAIN]}$`) +createToken('TILDELOOSE', `^${src[t.LONETILDE]}${src[t.XRANGEPLAINLOOSE]}$`) + +// Caret ranges. +// Meaning is "at least and backwards compatible with" +createToken('LONECARET', '(?:\\^)') + +createToken('CARETTRIM', `(\\s*)${src[t.LONECARET]}\\s+`, true) +exports.caretTrimReplace = '$1^' + +createToken('CARET', `^${src[t.LONECARET]}${src[t.XRANGEPLAIN]}$`) +createToken('CARETLOOSE', `^${src[t.LONECARET]}${src[t.XRANGEPLAINLOOSE]}$`) + +// A simple gt/lt/eq thing, or just "" to indicate "any version" +createToken('COMPARATORLOOSE', `^${src[t.GTLT]}\\s*(${src[t.LOOSEPLAIN]})$|^$`) +createToken('COMPARATOR', `^${src[t.GTLT]}\\s*(${src[t.FULLPLAIN]})$|^$`) + +// An expression to strip any whitespace between the gtlt and the thing +// it modifies, so that `> 1.2.3` ==> `>1.2.3` +createToken('COMPARATORTRIM', `(\\s*)${src[t.GTLT] +}\\s*(${src[t.LOOSEPLAIN]}|${src[t.XRANGEPLAIN]})`, true) +exports.comparatorTrimReplace = '$1$2$3' + +// Something like `1.2.3 - 1.2.4` +// Note that these all use the loose form, because they'll be +// checked against either the strict or loose comparator form +// later. +createToken('HYPHENRANGE', `^\\s*(${src[t.XRANGEPLAIN]})` + + `\\s+-\\s+` + + `(${src[t.XRANGEPLAIN]})` + + `\\s*$`) + +createToken('HYPHENRANGELOOSE', `^\\s*(${src[t.XRANGEPLAINLOOSE]})` + + `\\s+-\\s+` + + `(${src[t.XRANGEPLAINLOOSE]})` + + `\\s*$`) + +// Star ranges basically just allow anything at all. +createToken('STAR', '(<|>)?=?\\s*\\*') diff --git a/node_modules/pacote/node_modules/semver/package.json b/node_modules/pacote/node_modules/semver/package.json new file mode 100644 index 000000000..6068990b3 --- /dev/null +++ b/node_modules/pacote/node_modules/semver/package.json @@ -0,0 +1,70 @@ +{ + "_from": "semver@^7.1.1", + "_id": "semver@7.1.3", + "_inBundle": false, + "_integrity": "sha512-ekM0zfiA9SCBlsKa2X1hxyxiI4L3B6EbVJkkdgQXnSEEaHlGdvyodMruTiulSRWMMB4NeIuYNMC9rTKTz97GxA==", + "_location": "/pacote/semver", + "_phantomChildren": {}, + "_requested": { + "type": "range", + "registry": true, + "raw": "semver@^7.1.1", + "name": "semver", + "escapedName": "semver", + "rawSpec": "^7.1.1", + "saveSpec": null, + "fetchSpec": "^7.1.1" + }, + "_requiredBy": [ + "/pacote" + ], + "_resolved": "https://registry.npmjs.org/semver/-/semver-7.1.3.tgz", + "_shasum": "e4345ce73071c53f336445cfc19efb1c311df2a6", + "_spec": "semver@^7.1.1", + "_where": "/Users/claudiahdz/npm/cli/node_modules/pacote", + "bin": { + "semver": "bin/semver.js" + }, + "bugs": { + "url": "https://github.com/npm/node-semver/issues" + }, + "bundleDependencies": false, + "deprecated": false, + "description": "The semantic version parser used by npm.", + "devDependencies": { + "tap": "^14.10.2" + }, + "engines": { + "node": ">=10" + }, + "files": [ + "bin", + "range.bnf", + "classes", + "functions", + "internal", + "ranges", + "index.js", + "preload.js" + ], + "homepage": "https://github.com/npm/node-semver#readme", + "license": "ISC", + "main": "index.js", + "name": "semver", + "repository": { + "type": "git", + "url": "git+https://github.com/npm/node-semver.git" + }, + "scripts": { + "postpublish": "git push origin --follow-tags", + "postversion": "npm publish", + "preversion": "npm test", + "snap": "tap", + "test": "tap" + }, + "tap": { + "check-coverage": true, + "coverage-map": "map.js" + }, + "version": "7.1.3" +} diff --git a/node_modules/pacote/node_modules/semver/preload.js b/node_modules/pacote/node_modules/semver/preload.js new file mode 100644 index 000000000..947cd4f79 --- /dev/null +++ b/node_modules/pacote/node_modules/semver/preload.js @@ -0,0 +1,2 @@ +// XXX remove in v8 or beyond +module.exports = require('./index.js') diff --git a/node_modules/pacote/node_modules/semver/range.bnf b/node_modules/pacote/node_modules/semver/range.bnf new file mode 100644 index 000000000..d4c6ae0d7 --- /dev/null +++ b/node_modules/pacote/node_modules/semver/range.bnf @@ -0,0 +1,16 @@ +range-set ::= range ( logical-or range ) * +logical-or ::= ( ' ' ) * '||' ( ' ' ) * +range ::= hyphen | simple ( ' ' simple ) * | '' +hyphen ::= partial ' - ' partial +simple ::= primitive | partial | tilde | caret +primitive ::= ( '<' | '>' | '>=' | '<=' | '=' ) partial +partial ::= xr ( '.' xr ( '.' xr qualifier ? )? )? +xr ::= 'x' | 'X' | '*' | nr +nr ::= '0' | [1-9] ( [0-9] ) * +tilde ::= '~' partial +caret ::= '^' partial +qualifier ::= ( '-' pre )? ( '+' build )? +pre ::= parts +build ::= parts +parts ::= part ( '.' part ) * +part ::= nr | [-0-9A-Za-z]+ diff --git a/node_modules/pacote/node_modules/semver/ranges/gtr.js b/node_modules/pacote/node_modules/semver/ranges/gtr.js new file mode 100644 index 000000000..db7e35599 --- /dev/null +++ b/node_modules/pacote/node_modules/semver/ranges/gtr.js @@ -0,0 +1,4 @@ +// Determine if version is greater than all the versions possible in the range. +const outside = require('./outside') +const gtr = (version, range, options) => outside(version, range, '>', options) +module.exports = gtr diff --git a/node_modules/pacote/node_modules/semver/ranges/intersects.js b/node_modules/pacote/node_modules/semver/ranges/intersects.js new file mode 100644 index 000000000..3d1a6f31d --- /dev/null +++ b/node_modules/pacote/node_modules/semver/ranges/intersects.js @@ -0,0 +1,7 @@ +const Range = require('../classes/range') +const intersects = (r1, r2, options) => { + r1 = new Range(r1, options) + r2 = new Range(r2, options) + return r1.intersects(r2) +} +module.exports = intersects diff --git a/node_modules/pacote/node_modules/semver/ranges/ltr.js b/node_modules/pacote/node_modules/semver/ranges/ltr.js new file mode 100644 index 000000000..528a885eb --- /dev/null +++ b/node_modules/pacote/node_modules/semver/ranges/ltr.js @@ -0,0 +1,4 @@ +const outside = require('./outside') +// Determine if version is less than all the versions possible in the range +const ltr = (version, range, options) => outside(version, range, '<', options) +module.exports = ltr diff --git a/node_modules/pacote/node_modules/semver/ranges/max-satisfying.js b/node_modules/pacote/node_modules/semver/ranges/max-satisfying.js new file mode 100644 index 000000000..6e3d993c6 --- /dev/null +++ b/node_modules/pacote/node_modules/semver/ranges/max-satisfying.js @@ -0,0 +1,25 @@ +const SemVer = require('../classes/semver') +const Range = require('../classes/range') + +const maxSatisfying = (versions, range, options) => { + let max = null + let maxSV = null + let rangeObj = null + try { + rangeObj = new Range(range, options) + } catch (er) { + return null + } + versions.forEach((v) => { + if (rangeObj.test(v)) { + // satisfies(v, range, options) + if (!max || maxSV.compare(v) === -1) { + // compare(max, v, true) + max = v + maxSV = new SemVer(max, options) + } + } + }) + return max +} +module.exports = maxSatisfying diff --git a/node_modules/pacote/node_modules/semver/ranges/min-satisfying.js b/node_modules/pacote/node_modules/semver/ranges/min-satisfying.js new file mode 100644 index 000000000..9b60974e2 --- /dev/null +++ b/node_modules/pacote/node_modules/semver/ranges/min-satisfying.js @@ -0,0 +1,24 @@ +const SemVer = require('../classes/semver') +const Range = require('../classes/range') +const minSatisfying = (versions, range, options) => { + let min = null + let minSV = null + let rangeObj = null + try { + rangeObj = new Range(range, options) + } catch (er) { + return null + } + versions.forEach((v) => { + if (rangeObj.test(v)) { + // satisfies(v, range, options) + if (!min || minSV.compare(v) === 1) { + // compare(min, v, true) + min = v + minSV = new SemVer(min, options) + } + } + }) + return min +} +module.exports = minSatisfying diff --git a/node_modules/pacote/node_modules/semver/ranges/min-version.js b/node_modules/pacote/node_modules/semver/ranges/min-version.js new file mode 100644 index 000000000..7118d237b --- /dev/null +++ b/node_modules/pacote/node_modules/semver/ranges/min-version.js @@ -0,0 +1,57 @@ +const SemVer = require('../classes/semver') +const Range = require('../classes/range') +const gt = require('../functions/gt') + +const minVersion = (range, loose) => { + range = new Range(range, loose) + + let minver = new SemVer('0.0.0') + if (range.test(minver)) { + return minver + } + + minver = new SemVer('0.0.0-0') + if (range.test(minver)) { + return minver + } + + minver = null + for (let i = 0; i < range.set.length; ++i) { + const comparators = range.set[i] + + comparators.forEach((comparator) => { + // Clone to avoid manipulating the comparator's semver object. + const compver = new SemVer(comparator.semver.version) + switch (comparator.operator) { + case '>': + if (compver.prerelease.length === 0) { + compver.patch++ + } else { + compver.prerelease.push(0) + } + compver.raw = compver.format() + /* fallthrough */ + case '': + case '>=': + if (!minver || gt(minver, compver)) { + minver = compver + } + break + case '<': + case '<=': + /* Ignore maximum versions */ + break + /* istanbul ignore next */ + default: + throw new Error(`Unexpected operation: ${comparator.operator}`) + } + }) + } + + if (minver && range.test(minver)) { + return minver + } + + return null +} +module.exports = minVersion diff --git a/node_modules/pacote/node_modules/semver/ranges/outside.js b/node_modules/pacote/node_modules/semver/ranges/outside.js new file mode 100644 index 000000000..e35ed1176 --- /dev/null +++ b/node_modules/pacote/node_modules/semver/ranges/outside.js @@ -0,0 +1,80 @@ +const SemVer = require('../classes/semver') +const Comparator = require('../classes/comparator') +const {ANY} = Comparator +const Range = require('../classes/range') +const satisfies = require('../functions/satisfies') +const gt = require('../functions/gt') +const lt = require('../functions/lt') +const lte = require('../functions/lte') +const gte = require('../functions/gte') + +const outside = (version, range, hilo, options) => { + version = new SemVer(version, options) + range = new Range(range, options) + + let gtfn, ltefn, ltfn, comp, ecomp + switch (hilo) { + case '>': + gtfn = gt + ltefn = lte + ltfn = lt + comp = '>' + ecomp = '>=' + break + case '<': + gtfn = lt + ltefn = gte + ltfn = gt + comp = '<' + ecomp = '<=' + break + default: + throw new TypeError('Must provide a hilo val of "<" or ">"') + } + + // If it satisifes the range it is not outside + if (satisfies(version, range, options)) { + return false + } + + // From now on, variable terms are as if we're in "gtr" mode. + // but note that everything is flipped for the "ltr" function. + + for (let i = 0; i < range.set.length; ++i) { + const comparators = range.set[i] + + let high = null + let low = null + + comparators.forEach((comparator) => { + if (comparator.semver === ANY) { + comparator = new Comparator('>=0.0.0') + } + high = high || comparator + low = low || comparator + if (gtfn(comparator.semver, high.semver, options)) { + high = comparator + } else if (ltfn(comparator.semver, low.semver, options)) { + low = comparator + } + }) + + // If the edge version comparator has a operator then our version + // isn't outside it + if (high.operator === comp || high.operator === ecomp) { + return false + } + + // If the lowest version comparator has an operator and our version + // is less than it then it isn't higher than the range + if ((!low.operator || low.operator === comp) && + ltefn(version, low.semver)) { + return false + } else if (low.operator === ecomp && ltfn(version, low.semver)) { + return false + } + } + return true +} + +module.exports = outside diff --git a/node_modules/pacote/node_modules/semver/ranges/to-comparators.js b/node_modules/pacote/node_modules/semver/ranges/to-comparators.js new file mode 100644 index 000000000..6c8bc7e6f --- /dev/null +++ b/node_modules/pacote/node_modules/semver/ranges/to-comparators.js @@ -0,0 +1,8 @@ +const Range = require('../classes/range') + +// Mostly just for testing and legacy API reasons +const toComparators = (range, options) => + new Range(range, options).set + .map(comp => comp.map(c => c.value).join(' ').trim().split(' ')) + +module.exports = toComparators diff --git a/node_modules/pacote/node_modules/semver/ranges/valid.js b/node_modules/pacote/node_modules/semver/ranges/valid.js new file mode 100644 index 000000000..365f35689 --- /dev/null +++ b/node_modules/pacote/node_modules/semver/ranges/valid.js @@ -0,0 +1,11 @@ +const Range = require('../classes/range') +const validRange = (range, options) => { + try { + // Return '*' instead of '' so that truthiness works. + // This will throw if it's invalid anyway + return new Range(range, options).range || '*' + } catch (er) { + return null + } +} +module.exports = validRange diff --git a/node_modules/pacote/node_modules/yallist/LICENSE b/node_modules/pacote/node_modules/yallist/LICENSE new file mode 100644 index 000000000..19129e315 --- /dev/null +++ b/node_modules/pacote/node_modules/yallist/LICENSE @@ -0,0 +1,15 @@ +The ISC License + +Copyright (c) Isaac Z. Schlueter and Contributors + +Permission to use, copy, modify, and/or distribute this software for any +purpose with or without fee is hereby granted, provided that the above +copyright notice and this permission notice appear in all copies. + +THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR +IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. diff --git a/node_modules/pacote/node_modules/yallist/README.md b/node_modules/pacote/node_modules/yallist/README.md new file mode 100644 index 000000000..f58610186 --- /dev/null +++ b/node_modules/pacote/node_modules/yallist/README.md @@ -0,0 +1,204 @@ +# yallist + +Yet Another Linked List + +There are many doubly-linked list implementations like it, but this +one is mine. + +For when an array would be too big, and a Map can't be iterated in +reverse order. + + +[](https://travis-ci.org/isaacs/yallist) [](https://coveralls.io/github/isaacs/yallist) + +## basic usage + +```javascript +var yallist = require('yallist') +var myList = yallist.create([1, 2, 3]) +myList.push('foo') +myList.unshift('bar') +// of course pop() and shift() are there, too +console.log(myList.toArray()) // ['bar', 1, 2, 3, 'foo'] +myList.forEach(function (k) { + // walk the list head to tail +}) +myList.forEachReverse(function (k, index, list) { + // walk the list tail to head +}) +var myDoubledList = myList.map(function (k) { + return k + k +}) +// now myDoubledList contains ['barbar', 2, 4, 6, 'foofoo'] +// mapReverse is also a thing +var myDoubledListReverse = myList.mapReverse(function (k) { + return k + k +}) // ['foofoo', 6, 4, 2, 'barbar'] + +var reduced = myList.reduce(function (set, entry) { + set += entry + return set +}, 'start') +console.log(reduced) // 'startfoo123bar' +``` + +## api + +The whole API is considered "public". + +Functions with the same name as an Array method work more or less the +same way. + +There's reverse versions of most things because that's the point. + +### Yallist + +Default export, the class that holds and manages a list. + +Call it with either a forEach-able (like an array) or a set of +arguments, to initialize the list. + +The Array-ish methods all act like you'd expect. No magic length, +though, so if you change that it won't automatically prune or add +empty spots. + +### Yallist.create(..) + +Alias for Yallist function. Some people like factories. + +#### yallist.head + +The first node in the list + +#### yallist.tail + +The last node in the list + +#### yallist.length + +The number of nodes in the list. (Change this at your peril. It is +not magic like Array length.) + +#### yallist.toArray() + +Convert the list to an array. + +#### yallist.forEach(fn, [thisp]) + +Call a function on each item in the list. + +#### yallist.forEachReverse(fn, [thisp]) + +Call a function on each item in the list, in reverse order. + +#### yallist.get(n) + +Get the data at position `n` in the list. If you use this a lot, +probably better off just using an Array. + +#### yallist.getReverse(n) + +Get the data at position `n`, counting from the tail. + +#### yallist.map(fn, thisp) + +Create a new Yallist with the result of calling the function on each +item. + +#### yallist.mapReverse(fn, thisp) + +Same as `map`, but in reverse. + +#### yallist.pop() + +Get the data from the list tail, and remove the tail from the list. + +#### yallist.push(item, ...) + +Insert one or more items to the tail of the list. + +#### yallist.reduce(fn, initialValue) + +Like Array.reduce. + +#### yallist.reduceReverse + +Like Array.reduce, but in reverse. + +#### yallist.reverse + +Reverse the list in place. + +#### yallist.shift() + +Get the data from the list head, and remove the head from the list. + +#### yallist.slice([from], [to]) + +Just like Array.slice, but returns a new Yallist. + +#### yallist.sliceReverse([from], [to]) + +Just like yallist.slice, but the result is returned in reverse. + +#### yallist.toArray() + +Create an array representation of the list. + +#### yallist.toArrayReverse() + +Create a reversed array representation of the list. + +#### yallist.unshift(item, ...) + +Insert one or more items to the head of the list. + +#### yallist.unshiftNode(node) + +Move a Node object to the front of the list. (That is, pull it out of +wherever it lives, and make it the new head.) + +If the node belongs to a different list, then that list will remove it +first. + +#### yallist.pushNode(node) + +Move a Node object to the end of the list. (That is, pull it out of +wherever it lives, and make it the new tail.) + +If the node belongs to a list already, then that list will remove it +first. + +#### yallist.removeNode(node) + +Remove a node from the list, preserving referential integrity of head +and tail and other nodes. + +Will throw an error if you try to have a list remove a node that +doesn't belong to it. + +### Yallist.Node + +The class that holds the data and is actually the list. + +Call with `var n = new Node(value, previousNode, nextNode)` + +Note that if you do direct operations on Nodes themselves, it's very +easy to get into weird states where the list is broken. Be careful :) + +#### node.next + +The next node in the list. + +#### node.prev + +The previous node in the list. + +#### node.value + +The data the node contains. + +#### node.list + +The list to which this node belongs. (Null if it does not belong to +any list.) diff --git a/node_modules/pacote/node_modules/yallist/iterator.js b/node_modules/pacote/node_modules/yallist/iterator.js new file mode 100644 index 000000000..d41c97a19 --- /dev/null +++ b/node_modules/pacote/node_modules/yallist/iterator.js @@ -0,0 +1,8 @@ +'use strict' +module.exports = function (Yallist) { + Yallist.prototype[Symbol.iterator] = function* () { + for (let walker = this.head; walker; walker = walker.next) { + yield walker.value + } + } +} diff --git a/node_modules/pacote/node_modules/yallist/package.json b/node_modules/pacote/node_modules/yallist/package.json new file mode 100644 index 000000000..b74deba88 --- /dev/null +++ b/node_modules/pacote/node_modules/yallist/package.json @@ -0,0 +1,62 @@ +{ + "_from": "yallist@^4.0.0", + "_id": "yallist@4.0.0", + "_inBundle": false, + "_integrity": "sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==", + "_location": "/pacote/yallist", + "_phantomChildren": {}, + "_requested": { + "type": "range", + "registry": true, + "raw": "yallist@^4.0.0", + "name": "yallist", + "escapedName": "yallist", + "rawSpec": "^4.0.0", + "saveSpec": null, + "fetchSpec": "^4.0.0" + }, + "_requiredBy": [ + "/pacote/minipass" + ], + "_resolved": "https://registry.npmjs.org/yallist/-/yallist-4.0.0.tgz", + "_shasum": "9bb92790d9c0effec63be73519e11a35019a3a72", + "_spec": "yallist@^4.0.0", + "_where": "/Users/claudiahdz/npm/cli/node_modules/pacote/node_modules/minipass", + "author": { + "name": "Isaac Z. Schlueter", + "email": "i@izs.me", + "url": "http://blog.izs.me/" + }, + "bugs": { + "url": "https://github.com/isaacs/yallist/issues" + }, + "bundleDependencies": false, + "dependencies": {}, + "deprecated": false, + "description": "Yet Another Linked List", + "devDependencies": { + "tap": "^12.1.0" + }, + "directories": { + "test": "test" + }, + "files": [ + "yallist.js", + "iterator.js" + ], + "homepage": "https://github.com/isaacs/yallist#readme", + "license": "ISC", + "main": "yallist.js", + "name": "yallist", + "repository": { + "type": "git", + "url": "git+https://github.com/isaacs/yallist.git" + }, + "scripts": { + "postpublish": "git push origin --all; git push origin --tags", + "postversion": "npm publish", + "preversion": "npm test", + "test": "tap test/*.js --100" + }, + "version": "4.0.0" +} diff --git a/node_modules/pacote/node_modules/yallist/yallist.js b/node_modules/pacote/node_modules/yallist/yallist.js new file mode 100644 index 000000000..4e83ab1c5 --- /dev/null +++ b/node_modules/pacote/node_modules/yallist/yallist.js @@ -0,0 +1,426 @@ +'use strict' +module.exports = Yallist + +Yallist.Node = Node +Yallist.create = Yallist + +function Yallist (list) { + var self = this + if (!(self instanceof Yallist)) { + self = new Yallist() + } + + self.tail = null + self.head = null + self.length = 0 + + if (list && typeof list.forEach === 'function') { + list.forEach(function (item) { + self.push(item) + }) + } else if (arguments.length > 0) { + for (var i = 0, l = arguments.length; i < l; i++) { + self.push(arguments[i]) + } + } + + return self +} + +Yallist.prototype.removeNode = function (node) { + if (node.list !== this) { + throw new Error('removing node which does not belong to this list') + } + + var next = node.next + var prev = node.prev + + if (next) { + next.prev = prev + } + + if (prev) { + prev.next = next + } + + if (node === this.head) { + this.head = next + } + if (node === this.tail) { + this.tail = prev + } + + node.list.length-- + node.next = null + node.prev = null + node.list = null + + return next +} + +Yallist.prototype.unshiftNode = function (node) { + if (node === this.head) { + return + } + + if (node.list) { + node.list.removeNode(node) + } + + var head = this.head + node.list = this + node.next = head + if (head) { + head.prev = node + } + + this.head = node + if (!this.tail) { + this.tail = node + } + this.length++ +} + +Yallist.prototype.pushNode = function (node) { + if (node === this.tail) { + return + } + + if (node.list) { + node.list.removeNode(node) + } + + var tail = this.tail + node.list = this + node.prev = tail + if (tail) { + tail.next = node + } + + this.tail = node + if (!this.head) { + this.head = node + } + this.length++ +} + +Yallist.prototype.push = function () { + for (var i = 0, l = arguments.length; i < l; i++) { + push(this, arguments[i]) + } + return this.length +} + +Yallist.prototype.unshift = function () { + for (var i = 0, l = arguments.length; i < l; i++) { + unshift(this, arguments[i]) + } + return this.length +} + +Yallist.prototype.pop = function () { + if (!this.tail) { + return undefined + } + + var res = this.tail.value + this.tail = this.tail.prev + if (this.tail) { + this.tail.next = null + } else { + this.head = null + } + this.length-- + return res +} + +Yallist.prototype.shift = function () { + if (!this.head) { + return undefined + } + + var res = this.head.value + this.head = this.head.next + if (this.head) { + this.head.prev = null + } else { + this.tail = null + } + this.length-- + return res +} + +Yallist.prototype.forEach = function (fn, thisp) { + thisp = thisp || this + for (var walker = this.head, i = 0; walker !== null; i++) { + fn.call(thisp, walker.value, i, this) + walker = walker.next + } +} + +Yallist.prototype.forEachReverse = function (fn, thisp) { + thisp = thisp || this + for (var walker = this.tail, i = this.length - 1; walker !== null; i--) { + fn.call(thisp, walker.value, i, this) + walker = walker.prev + } +} + +Yallist.prototype.get = function (n) { + for (var i = 0, walker = this.head; walker !== null && i < n; i++) { + // abort out of the list early if we hit a cycle + walker = walker.next + } + if (i === n && walker !== null) { + return walker.value + } +} + +Yallist.prototype.getReverse = function (n) { + for (var i = 0, walker = this.tail; walker !== null && i < n; i++) { + // abort out of the list early if we hit a cycle + walker = walker.prev + } + if (i === n && walker !== null) { + return walker.value + } +} + +Yallist.prototype.map = function (fn, thisp) { + thisp = thisp || this + var res = new Yallist() + for (var walker = this.head; walker !== null;) { + res.push(fn.call(thisp, walker.value, this)) + walker = walker.next + } + return res +} + +Yallist.prototype.mapReverse = function (fn, thisp) { + thisp = thisp || this + var res = new Yallist() + for (var walker = this.tail; walker !== null;) { + res.push(fn.call(thisp, walker.value, this)) + walker = walker.prev + } + return res +} + +Yallist.prototype.reduce = function (fn, initial) { + var acc + var walker = this.head + if (arguments.length > 1) { + acc = initial + } else if (this.head) { + walker = this.head.next + acc = this.head.value + } else { + throw new TypeError('Reduce of empty list with no initial value') + } + + for (var i = 0; walker !== null; i++) { + acc = fn(acc, walker.value, i) + walker = walker.next + } + + return acc +} + +Yallist.prototype.reduceReverse = function (fn, initial) { + var acc + var walker = this.tail + if (arguments.length > 1) { + acc = initial + } else if (this.tail) { + walker = this.tail.prev + acc = this.tail.value + } else { + throw new TypeError('Reduce of empty list with no initial value') + } + + for (var i = this.length - 1; walker !== null; i--) { + acc = fn(acc, walker.value, i) + walker = walker.prev + } + + return acc +} + +Yallist.prototype.toArray = function () { + var arr = new Array(this.length) + for (var i = 0, walker = this.head; walker !== null; i++) { + arr[i] = walker.value + walker = walker.next + } + return arr +} + +Yallist.prototype.toArrayReverse = function () { + var arr = new Array(this.length) + for (var i = 0, walker = this.tail; walker !== null; i++) { + arr[i] = walker.value + walker = walker.prev + } + return arr +} + +Yallist.prototype.slice = function (from, to) { + to = to || this.length + if (to < 0) { + to += this.length + } + from = from || 0 + if (from < 0) { + from += this.length + } + var ret = new Yallist() + if (to < from || to < 0) { + return ret + } + if (from < 0) { + from = 0 + } + if (to > this.length) { + to = this.length + } + for (var i = 0, walker = this.head; walker !== null && i < from; i++) { + walker = walker.next + } + for (; walker !== null && i < to; i++, walker = walker.next) { + ret.push(walker.value) + } + return ret +} + +Yallist.prototype.sliceReverse = function (from, to) { + to = to || this.length + if (to < 0) { + to += this.length + } + from = from || 0 + if (from < 0) { + from += this.length + } + var ret = new Yallist() + if (to < from || to < 0) { + return ret + } + if (from < 0) { + from = 0 + } + if (to > this.length) { + to = this.length + } + for (var i = this.length, walker = this.tail; walker !== null && i > to; i--) { + walker = walker.prev + } + for (; walker !== null && i > from; i--, walker = walker.prev) { + ret.push(walker.value) + } + return ret +} + +Yallist.prototype.splice = function (start, deleteCount, ...nodes) { + if (start > this.length) { + start = this.length - 1 + } + if (start < 0) { + start = this.length + start; + } + + for (var i = 0, walker = this.head; walker !== null && i < start; i++) { + walker = walker.next + } + + var ret = [] + for (var i = 0; walker && i < deleteCount; i++) { + ret.push(walker.value) + walker = this.removeNode(walker) + } + if (walker === null) { + walker = this.tail + } + + if (walker !== this.head && walker !== this.tail) { + walker = walker.prev + } + + for (var i = 0; i < nodes.length; i++) { + walker = insert(this, walker, nodes[i]) + } + return ret; +} + +Yallist.prototype.reverse = function () { + var head = this.head + var tail = this.tail + for (var walker = head; walker !== null; walker = walker.prev) { + var p = walker.prev + walker.prev = walker.next + walker.next = p + } + this.head = tail + this.tail = head + return this +} + +function insert (self, node, value) { + var inserted = node === self.head ? + new Node(value, null, node, self) : + new Node(value, node, node.next, self) + + if (inserted.next === null) { + self.tail = inserted + } + if (inserted.prev === null) { + self.head = inserted + } + + self.length++ + + return inserted +} + +function push (self, item) { + self.tail = new Node(item, self.tail, null, self) + if (!self.head) { + self.head = self.tail + } + self.length++ +} + +function unshift (self, item) { + self.head = new Node(item, null, self.head, self) + if (!self.tail) { + self.tail = self.head + } + self.length++ +} + +function Node (value, prev, next, list) { + if (!(this instanceof Node)) { + return new Node(value, prev, next, list) + } + + this.list = list + this.value = value + + if (prev) { + prev.next = this + this.prev = prev + } else { + this.prev = null + } + + if (next) { + next.prev = this + this.next = next + } else { + this.next = null + } +} + +try { + // add if support for Symbol.iterator is present + require('./iterator.js')(Yallist) +} catch (er) {} diff --git a/node_modules/pacote/package.json b/node_modules/pacote/package.json index d558df218..af0ff8405 100644 --- a/node_modules/pacote/package.json +++ b/node_modules/pacote/package.json @@ -1,101 +1,86 @@ { - "_from": "pacote@9.5.12", - "_id": "pacote@9.5.12", + "_from": "pacote@11.0.0", + "_id": "pacote@11.0.0", "_inBundle": false, - "_integrity": "sha512-BUIj/4kKbwWg4RtnBncXPJd15piFSVNpTzY0rysSr3VnMowTYgkGKcaHrbReepAkjTr8lH2CVWRi58Spg2CicQ==", + "_integrity": "sha512-Q8H9lfzlZTZyWWtYNGETtFp2qmzd9XHfuF3gas5xd8T6vf/6E7BOmhybWU2PxSVeSYjIw4hLpaf7hCqY+T2TbQ==", "_location": "/pacote", "_phantomChildren": { - "safe-buffer": "5.1.2", - "yallist": "3.0.3" + "fs.realpath": "1.0.0", + "ignore-walk": "3.0.3", + "inflight": "1.0.6", + "inherits": "2.0.4", + "minimatch": "3.0.4", + "npm-bundled": "1.1.1", + "npm-normalize-package-bin": "1.0.1", + "once": "1.4.0", + "path-is-absolute": "1.0.1" }, "_requested": { "type": "version", "registry": true, - "raw": "pacote@9.5.12", + "raw": "pacote@11.0.0", "name": "pacote", "escapedName": "pacote", - "rawSpec": "9.5.12", + "rawSpec": "11.0.0", "saveSpec": null, - "fetchSpec": "9.5.12" + "fetchSpec": "11.0.0" }, "_requiredBy": [ "#USER", - "/", - "/libcipm", - "/libnpm" + "/" ], - "_resolved": "https://registry.npmjs.org/pacote/-/pacote-9.5.12.tgz", - "_shasum": "1e11dd7a8d736bcc36b375a9804d41bb0377bf66", - "_spec": "pacote@9.5.12", - "_where": "/Users/ruyadorno/Documents/workspace/cli", + "_resolved": "https://registry.npmjs.org/pacote/-/pacote-11.0.0.tgz", + "_shasum": "b9c4fc7bcdeaee00a14167e669d26e9e716be8eb", + "_spec": "pacote@11.0.0", + "_where": "/Users/claudiahdz/npm/cli", "author": { - "name": "Kat Marchán", - "email": "kzm@sykosomatic.org" + "name": "Isaac Z. Schlueter", + "email": "i@izs.me", + "url": "https://izs.me" + }, + "bin": { + "pacote": "lib/bin.js" }, "bugs": { "url": "https://github.com/npm/pacote/issues" }, "bundleDependencies": false, - "contributors": [ - { - "name": "Charlotte Spencer", - "email": "charlottelaspencer@gmail.com" - }, - { - "name": "Rebecca Turner", - "email": "me@re-becca.org" - } - ], "dependencies": { - "bluebird": "^3.5.3", - "cacache": "^12.0.2", - "chownr": "^1.1.2", - "figgy-pudding": "^3.5.1", - "get-stream": "^4.1.0", - "glob": "^7.1.3", + "@npmcli/installed-package-contents": "^1.0.5", + "cacache": "^15.0.0", + "chownr": "^1.1.3", + "fs-minipass": "^2.1.0", "infer-owner": "^1.0.4", "lru-cache": "^5.1.1", - "make-fetch-happen": "^5.0.0", - "minimatch": "^3.0.4", - "minipass": "^2.3.5", - "mississippi": "^3.0.0", - "mkdirp": "^0.5.1", - "normalize-package-data": "^2.4.0", - "npm-normalize-package-bin": "^1.0.0", - "npm-package-arg": "^6.1.0", - "npm-packlist": "^1.1.12", - "npm-pick-manifest": "^3.0.0", - "npm-registry-fetch": "^4.0.0", + "minipass": "^3.0.1", + "minipass-fetch": "^1.2.1", + "mkdirp": "^1.0.3", + "npm-package-arg": "^8.0.0", + "npm-packlist": "^2.0.3", + "npm-pick-manifest": "^6.0.0", + "npm-registry-fetch": "^7.0.0", "osenv": "^0.1.5", "promise-inflight": "^1.0.1", "promise-retry": "^1.1.1", - "protoduck": "^5.0.1", - "rimraf": "^2.6.2", - "safe-buffer": "^5.1.2", - "semver": "^5.6.0", - "ssri": "^6.0.1", - "tar": "^4.4.10", - "unique-filename": "^1.1.1", - "which": "^1.3.1" + "read-package-json-fast": "^1.1.3", + "semver": "^7.1.1", + "ssri": "^8.0.0", + "tar": "^6.0.0", + "which": "^2.0.2" }, "deprecated": false, "description": "JavaScript package downloader", "devDependencies": { - "nock": "^10.0.3", - "npmlog": "^4.1.2", - "nyc": "^14.1.1", - "require-inject": "^1.4.3", - "standard": "^12.0.1", - "standard-version": "^4.4.0", - "tacks": "^1.2.7", - "tap": "^12.7.0", - "tar-stream": "^1.6.2", - "weallbehave": "^1.2.0", - "weallcontribute": "^1.0.7" + "mutate-fs": "^2.1.1", + "npm-registry-mock": "^1.3.1", + "require-inject": "^1.4.4", + "tap": "^14.10.6" + }, + "engines": { + "node": ">=10" }, "files": [ - "*.js", - "lib" + "lib/**/*.js" ], "homepage": "https://github.com/npm/pacote#readme", "keywords": [ @@ -103,25 +88,25 @@ "npm", "git" ], - "license": "MIT", - "main": "index.js", + "license": "ISC", + "main": "lib/index.js", "name": "pacote", - "publishConfig": { - "tag": "v9-legacy" - }, "repository": { "type": "git", - "url": "git+https://github.com/npm/pacote.git" + "url": "git+ssh://git@github.com/npm/pacote.git" }, "scripts": { - "postrelease": "npm publish && git push --follow-tags", - "prerelease": "npm t", - "pretest": "standard", - "release": "standard-version -s", - "test": "nyc --all -- tap -J test/*.js", - "test-docker": "docker run -it --rm --name pacotest -v \"$PWD\":/tmp -w /tmp node:latest npm test", - "update-coc": "weallbehave -o . && git add CODE_OF_CONDUCT.md && git commit -m 'docs(coc): updated CODE_OF_CONDUCT.md'", - "update-contrib": "weallcontribute -o . && git add CONTRIBUTING.md && git commit -m 'docs(contributing): updated CONTRIBUTING.md'" + "postpublish": "git push origin --follow-tags", + "postversion": "npm publish", + "preversion": "npm test", + "snap": "tap", + "test": "tap" + }, + "tap": { + "timeout": 300, + "check-coverage": true, + "coverage-map": "map.js", + "esm": false }, - "version": "9.5.12" + "version": "11.0.0" } diff --git a/node_modules/read-package-json-fast/LICENSE b/node_modules/read-package-json-fast/LICENSE new file mode 100644 index 000000000..20a476254 --- /dev/null +++ b/node_modules/read-package-json-fast/LICENSE @@ -0,0 +1,15 @@ +The ISC License + +Copyright (c) npm, Inc. and Contributors + +Permission to use, copy, modify, and/or distribute this software for any +purpose with or without fee is hereby granted, provided that the above +copyright notice and this permission notice appear in all copies. + +THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR +IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. diff --git a/node_modules/read-package-json-fast/README.md b/node_modules/read-package-json-fast/README.md new file mode 100644 index 000000000..e9c209be3 --- /dev/null +++ b/node_modules/read-package-json-fast/README.md @@ -0,0 +1,54 @@ +# read-package-json-fast + +Like [`read-package-json`](http://npm.im/read-package-json), but faster and +more accepting of "missing" data. + +This is only suitable for reading package.json files in a node_modules +tree, since it doesn't do the various cleanups, normalization, and warnings +that are beneficial at the root level in a package being published. + +## USAGE + +```js +const rpj = require('read-package-json-fast') + +// typical promisey type API +rpj('/path/to/package.json') + .then(data => ...) + .catch(er => ...) + +// or just normalize a package manifest +const normalized = rpj.normalize(packageJsonObject) +``` + +Errors raised from parsing will use +[`json-parse-even-better-errors`](http://npm.im/json-parse-even-better-errors), +so they'll be of type `JSONParseError` and have a `code: 'EJSONPARSE'` +property. Errors will also always have a `path` member referring to the +path originally passed into the function. + +## WHAT THIS MODULE DOES + +- Parse JSON +- Normalize `bundledDependencies`/`bundleDependencies` naming to just + `bundleDependencies` (without the extra `d`) +- Handle `true`, `false`, or object values passed to `bundleDependencies` +- Normalize `funding: <string>` to `funding: { url: <string> }` +- Remove any `scripts` members that are not a string value. +- Normalize a string `bin` member to `{ [name]: bin }`. +- Fold `optionalDependencies` into `dependencies`. +- Set the `_id` property if name and version are set. (This is + load-bearing in a few places within the npm CLI.) + +## WHAT THIS MODULE DOES NOT DO + +- Warn about invalid/missing name, version, repository, etc. +- Extract a description from the `README.md` file, or attach the readme to + the parsed data object. +- Read the `HEAD` value out of the `.git` folder. +- Warn about potentially typo'ed scripts (eg, `tset` instead of `test`) +- Check to make sure that all the files in the `files` field exist and are + valid files. +- Fix bundleDependencies that are not listed in `dependencies`. +- Fix `dependencies` fields that are not strictly objects of string values. +- Anything involving the `directories` field (ie, bins, mans, and so on). diff --git a/node_modules/read-package-json-fast/index.js b/node_modules/read-package-json-fast/index.js new file mode 100644 index 000000000..bfef5d6ab --- /dev/null +++ b/node_modules/read-package-json-fast/index.js @@ -0,0 +1,82 @@ +const {promisify} = require('util') +const fs = require('fs') +const readFile = promisify(fs.readFile) +const parse = require('json-parse-even-better-errors') +const rpj = path => readFile(path, 'utf8') + .then(data => normalize(parse(data))) + .catch(er => { + er.path = path + throw er + }) +const normalizePackageBin = require('npm-normalize-package-bin') + +const normalize = data => { + add_id(data) + fixBundled(data) + foldinOptionalDeps(data) + fixScripts(data) + fixFunding(data) + normalizePackageBin(data) + return data +} + +rpj.normalize = normalize + +const add_id = data => { + if (data.name && data.version) + data._id = `${data.name}@${data.version}` + return data +} + +const foldinOptionalDeps = data => { + const od = data.optionalDependencies + if (od && typeof od === 'object') { + data.dependencies = data.dependencies || {} + for (const [name, spec] of Object.entries(od)) { + data.dependencies[name] = spec + } + } + return data +} + +const fixBundled = data => { + const bdd = data.bundledDependencies + const bd = data.bundleDependencies === undefined ? bdd + : data.bundleDependencies + + if (bd === false) + data.bundleDependencies = [] + else if (bd === true) + data.bundleDependencies = Object.keys(data.dependencies || {}) + else if (bd && typeof bd === 'object') { + if (!Array.isArray(bd)) + data.bundleDependencies = Object.keys(bd) + else + data.bundleDependencies = bd + } else + delete data.bundleDependencies + + delete data.bundledDependencies + return data +} + +const fixScripts = data => { + if (!data.scripts || typeof data.scripts !== 'object') { + delete data.scripts + return data + } + + for (const [name, script] of Object.entries(data.scripts)) { + if (typeof script !== 'string') + delete data.scripts[name] + } + return data +} + +const fixFunding = data => { + if (data.funding && typeof data.funding === 'string') + data.funding = { url: data.funding } + return data +} + +module.exports = rpj diff --git a/node_modules/read-package-json-fast/package.json b/node_modules/read-package-json-fast/package.json new file mode 100644 index 000000000..de166a8f2 --- /dev/null +++ b/node_modules/read-package-json-fast/package.json @@ -0,0 +1,65 @@ +{ + "_from": "read-package-json-fast@^1.1.3", + "_id": "read-package-json-fast@1.1.3", + "_inBundle": false, + "_integrity": "sha512-MmFqiyfCXV2Dmm4jH24DEGhxdkUDFivJQj4oPZQPOKywxR7HWBE6WnMWDAapfFHi3wm1b+mhR+XHlUH0CL8axg==", + "_location": "/read-package-json-fast", + "_phantomChildren": {}, + "_requested": { + "type": "range", + "registry": true, + "raw": "read-package-json-fast@^1.1.3", + "name": "read-package-json-fast", + "escapedName": "read-package-json-fast", + "rawSpec": "^1.1.3", + "saveSpec": null, + "fetchSpec": "^1.1.3" + }, + "_requiredBy": [ + "/@npmcli/installed-package-contents", + "/pacote" + ], + "_resolved": "https://registry.npmjs.org/read-package-json-fast/-/read-package-json-fast-1.1.3.tgz", + "_shasum": "3b78464ea8f3c4447f3358635390b6946dc0737e", + "_spec": "read-package-json-fast@^1.1.3", + "_where": "/Users/claudiahdz/npm/cli/node_modules/pacote", + "author": { + "name": "Isaac Z. Schlueter", + "email": "i@izs.me", + "url": "https://izs.me" + }, + "bugs": { + "url": "https://github.com/npm/read-package-json-fast/issues" + }, + "bundleDependencies": false, + "dependencies": { + "json-parse-even-better-errors": "^2.0.1", + "npm-normalize-package-bin": "^1.0.1" + }, + "deprecated": false, + "description": "Like read-package-json, but faster", + "devDependencies": { + "tap": "^14.10.1" + }, + "files": [ + "index.js" + ], + "homepage": "https://github.com/npm/read-package-json-fast#readme", + "license": "ISC", + "name": "read-package-json-fast", + "repository": { + "type": "git", + "url": "git+https://github.com/npm/read-package-json-fast.git" + }, + "scripts": { + "postpublish": "git push origin --follow-tags", + "postversion": "npm publish", + "preversion": "npm test", + "snap": "tap", + "test": "tap" + }, + "tap": { + "check-coverage": true + }, + "version": "1.1.3" +} |