diff options
| author | Ruy Adorno <ruyadorno@hotmail.com> | 2021-02-05 02:14:15 +0300 |
|---|---|---|
| committer | Ruy Adorno <ruyadorno@hotmail.com> | 2021-02-05 17:45:09 +0300 |
| commit | 3294fed6f18626516978c21fac5f28ecfdb58124 (patch) | |
| tree | b7e7ab2ee9698eb4287729a7b4a63bf29544d3b0 /node_modules | |
| parent | 6d7afb03cd7602b60e709516711a2f94cd61ff25 (diff) | |
pacote@11.2.5
Diffstat (limited to 'node_modules')
| -rw-r--r-- | node_modules/pacote/lib/fetcher.js | 2 | ||||
| -rw-r--r-- | node_modules/pacote/lib/git.js | 16 | ||||
| -rw-r--r-- | node_modules/pacote/lib/util/cache-dir.js | 4 | ||||
| -rw-r--r-- | node_modules/pacote/lib/util/npm.js | 10 | ||||
| -rw-r--r-- | node_modules/pacote/package.json | 2 |
5 files changed, 28 insertions, 6 deletions
diff --git a/node_modules/pacote/lib/fetcher.js b/node_modules/pacote/lib/fetcher.js index ad3cacec8..c9a3201f0 100644 --- a/node_modules/pacote/lib/fetcher.js +++ b/node_modules/pacote/lib/fetcher.js @@ -110,7 +110,7 @@ class FetcherBase { // going to be packing in the context of a publish, which may set // a dist-tag, but certainly wants to keep defaulting to latest. this.npmCliConfig = opts.npmCliConfig || [ - `--cache=${this.cache}`, + `--cache=${dirname(this.cache)}`, `--prefer-offline=${!!this.preferOffline}`, `--prefer-online=${!!this.preferOnline}`, `--offline=${!!this.offline}`, diff --git a/node_modules/pacote/lib/git.js b/node_modules/pacote/lib/git.js index 406ab5c60..14d8a8336 100644 --- a/node_modules/pacote/lib/git.js +++ b/node_modules/pacote/lib/git.js @@ -161,12 +161,28 @@ class GitFetcher extends Fetcher { scripts.prepare)) return + // to avoid cases where we have an cycle of git deps that depend + // on one another, we only ever do preparation for one instance + // of a given git dep along the chain of installations. + // Note that this does mean that a dependency MAY in theory end up + // trying to run its prepare script using a dependency that has not + // been properly prepared itself, but that edge case is smaller + // and less hazardous than a fork bomb of npm and git commands. + const noPrepare = !process.env._PACOTE_NO_PREPARE_ ? [] + : process.env._PACOTE_NO_PREPARE_.split('\n') + if (noPrepare.includes(this.resolved)) { + this.log.info('prepare', 'skip prepare, already seen', this.resolved) + return + } + noPrepare.push(this.resolved) + // the DirFetcher will do its own preparation to run the prepare scripts // All we have to do is put the deps in place so that it can succeed. return npm( this.npmBin, [].concat(this.npmInstallCmd).concat(this.npmCliConfig), dir, + { ...process.env, _PACOTE_NO_PREPARE_: noPrepare.join('\n') }, { message: 'git dep preparation failed' } ) }) diff --git a/node_modules/pacote/lib/util/cache-dir.js b/node_modules/pacote/lib/util/cache-dir.js index d5c0bf28f..abd245323 100644 --- a/node_modules/pacote/lib/util/cache-dir.js +++ b/node_modules/pacote/lib/util/cache-dir.js @@ -7,6 +7,6 @@ module.exports = (fakePlatform = false) => { const home = os.homedir() || resolve(temp, 'npm-' + uidOrPid) const platform = fakePlatform || process.platform const cacheExtra = platform === 'win32' ? 'npm-cache' : '.npm' - const cacheRoot = (platform === 'win32' && process.env.APPDATA) || home - return resolve(cacheRoot, cacheExtra) + const cacheRoot = (platform === 'win32' && process.env.LOCALAPPDATA) || home + return resolve(cacheRoot, cacheExtra, '_cacache') } diff --git a/node_modules/pacote/lib/util/npm.js b/node_modules/pacote/lib/util/npm.js index 293695525..f2f29bd0a 100644 --- a/node_modules/pacote/lib/util/npm.js +++ b/node_modules/pacote/lib/util/npm.js @@ -1,9 +1,15 @@ // run an npm command const spawn = require('@npmcli/promise-spawn') +const {dirname} = require('path') -module.exports = (npmBin, npmCommand, cwd, extra) => { +module.exports = (npmBin, npmCommand, cwd, env, extra) => { const isJS = npmBin.endsWith('.js') const cmd = isJS ? process.execPath : npmBin const args = (isJS ? [npmBin] : []).concat(npmCommand) - return spawn(cmd, args, { cwd, stdioString: true }, extra) + // when installing to run the `prepare` script for a git dep, we need + // to ensure that we don't run into a cycle of checking out packages + // in temp directories. this lets us link previously-seen repos that + // are also being prepared. + + return spawn(cmd, args, { cwd, stdioString: true, env }, extra) } diff --git a/node_modules/pacote/package.json b/node_modules/pacote/package.json index 959cb1ec4..270d87212 100644 --- a/node_modules/pacote/package.json +++ b/node_modules/pacote/package.json @@ -1,6 +1,6 @@ { "name": "pacote", - "version": "11.2.4", + "version": "11.2.5", "description": "JavaScript package downloader", "author": "Isaac Z. Schlueter <i@izs.me> (https://izs.me)", "bin": { |