@npmcli/metavuln-calculator@1.0.2

3 files changed, 1 insertions, 89 deletions

diff --git a/node_modules/@npmcli/metavuln-calculator/lib/load-worker.js b/node_modules/@npmcli/metavuln-calculator/lib/load-worker.js
deleted file mode 100644
index 5c5797b4f..000000000
--- a/node_modules/@npmcli/metavuln-calculator/lib/load-worker.js
+++ /dev/null
@@ -1,29 +0,0 @@
-// When Advisory.load() is called in the main thread, it spins up
-// a worker thread to do the actual loading, because this can be
-// a CPU-intensive operation which blocks the main thread otherwise.
-
-const {
-  Worker,
-  isMainThread,
-  parentPort,
-  workerData,
-} = require('worker_threads')
-
-const Advisory = require('./advisory.js')
-const load = async ({ name, source, options, cached, packument }) => {
-  const advisory = new Advisory(name, source, options)
-  // guard against infinite recursion, mostly for testing
-  advisory.inWorkerThread = true
-  await advisory.load(cached, packument)
-  parentPort.postMessage(advisory)
-}
-
-if (isMainThread)
-  module.exports = load
-else
-  load(workerData).catch(er => parentPort.postMessage({
-    error: {
-      message: er.message,
-      stack: er.stack,
-    },
-  }))
diff --git a/node_modules/@npmcli/metavuln-calculator/lib/test-version.js b/node_modules/@npmcli/metavuln-calculator/lib/test-version.js
deleted file mode 100644
index 211a46ddd..000000000
--- a/node_modules/@npmcli/metavuln-calculator/lib/test-version.js
+++ /dev/null
@@ -1,59 +0,0 @@
-// called by the Advisory[_testVersion] method, and the test-versions worker
-const semver = require('semver')
-const semverOpt = { includePrerelease: true, loose: true }
-const getDepSpec = require('./get-dep-spec.js')
-
-module.exports = opts => {
-  const {
-    version,
-    spec,
-    vulnerableVersions,
-    type,
-    range,
-    packument,
-    dependency,
-    source,
-  } = opts
-
-  const sv = String(version)
-  if (vulnerableVersions.includes(sv))
-    return true
-
-  if (type === 'advisory') {
-    // advisory, just test range
-    return semver.satisfies(version, range, semverOpt)
-  }
-
-  // check the dependency of version on the vulnerable dep
-  // if we got a version that's not in the packument, fall back on
-  // the spec provided, if possible.
-  const mani = packument.versions[version] || {
-    dependencies: {
-      [dependency]: spec,
-    },
-  }
-
-  if (!spec)
-    spec = getDepSpec(mani, dependency)
-
-  // no dep, no vuln
-  if (spec === null)
-    return false
-
-  // not a semver range, nothing we can hope to do about it
-  if (!semver.validRange(spec, semverOpt))
-    return true
-
-  const bd = mani.bundleDependencies
-  const bundled = bd && bd.includes(source.name)
-  // XXX if bundled, then semver.intersects() means vulnerable
-  // else, pick a manifest and see if it can't be avoided
-  // try to pick a version of the dep that isn't vulnerable
-  const avoid = source.range
-
-  if (bundled) {
-    return semver.intersects(spec, avoid, semverOpt)
-  }
-
-  return this[_source].testSpec(spec)
-}
diff --git a/node_modules/@npmcli/metavuln-calculator/package.json b/node_modules/@npmcli/metavuln-calculator/package.json
index 7f643cbc5..636382170 100644
--- a/node_modules/@npmcli/metavuln-calculator/package.json
+++ b/node_modules/@npmcli/metavuln-calculator/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@npmcli/metavuln-calculator",
-  "version": "1.0.1",
+  "version": "1.0.2",
   "main": "lib/index.js",
   "files": [
     "lib"