From 052e977b9d071e1b3654976881d10cd3ddcba788 Mon Sep 17 00:00:00 2001 From: foxxyz Date: Thu, 17 Sep 2020 20:46:07 -0700 Subject: [PATCH 01/21] docs: add section on peerDependenciesMeta field in package.json (fixes #1247) Credit: @foxxyz Close: #1822 Fixes: #1247 Reviewed-by: @ruyadorno --- docs/content/configuring-npm/package-json.md | 24 ++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/docs/content/configuring-npm/package-json.md b/docs/content/configuring-npm/package-json.md index 74e2cbd11eec3..8b9b4ffbb1074 100644 --- a/docs/content/configuring-npm/package-json.md +++ b/docs/content/configuring-npm/package-json.md @@ -716,6 +716,30 @@ the host package's major version will break your plugin. Thus, if you've worked with every 1.x version of the host package, use `"^1.0"` or `"1.x"` to express this. If you depend on features introduced in 1.5.2, use `">= 1.5.2 < 2"`. +### peerDependenciesMeta + +When a user installs your package, npm will emit warnings if packages specified in `peerDependencies` are not already installed. The `peerDependenciesMeta` field serves to provide npm more information on how your peer dependencies are to be used. Specifically, it allows peer dependencies to be marked as optional. + +For example: + +```json +{ + "name": "tea-latte", + "version": "1.3.5", + "peerDependencies": { + "tea": "2.x", + "soy-milk": "1.2" + }, + "peerDependenciesMeta": { + "soy-milk": { + "optional": true + } + } +} +``` + +Marking a peer dependency as optional ensures npm will not emit a warning if the `soy-milk` package is not installed on the host. This allows you to integrate and interact with a variety of host packages without requiring all of them to be installed. + ### bundledDependencies This defines an array of package names that will be bundled when publishing From 52d32d1758c5ebc58944a1e8d98d57e30048e527 Mon Sep 17 00:00:00 2001 From: Dr Date: Fri, 16 Oct 2020 11:08:37 +0800 Subject: [PATCH 02/21] docs: match npm-exec.md -p usage with lib/exec.js updated usage from: https://github.com/npm/cli/blob/v7.0.1/lib/exec.js#L8-L20, and removed extra `-p` occurrences to avoid confusion. Credit: @dr-js Close: #1970 Reviewed-by: @ruyadorno --- docs/content/commands/npm-exec.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/content/commands/npm-exec.md b/docs/content/commands/npm-exec.md index e966b0bcd18b2..38fb1bf25af4b 100644 --- a/docs/content/commands/npm-exec.md +++ b/docs/content/commands/npm-exec.md @@ -30,9 +30,9 @@ This command allows you to run an arbitrary command from an npm package (either one installed locally, or fetched remotely), in a similar context as running it via `npm run`. -Whatever packages are specified by the `--package` or `-p` option will be +Whatever packages are specified by the `--package` option will be provided in the `PATH` of the executed command, along with any locally -installed package executables. The `--package` or `-p` option may be +installed package executables. The `--package` option may be specified multiple times, to execute the supplied command in an environment where all specified packages are available. @@ -48,7 +48,7 @@ only be considered a match if they have the exact same name and version as the local dependency. If no `-c` or `--call` option is provided, then the positional arguments -are used to generate the command string. If no `-p` or `--package` options +are used to generate the command string. If no `--package` options are provided, then npm will attempt to determine the executable name from the package specifier provided as the first positional argument according to the following heuristic: From 48ee8d01edd11ed6186c483e1169ff4d2070b963 Mon Sep 17 00:00:00 2001 From: Jan Tojnar Date: Sat, 31 Oct 2020 07:20:38 +0100 Subject: [PATCH 03/21] docs: Fix RFC links in changelog Credit: @jtojnar Close: #2096 Reviewed-by: @ruyadorno --- CHANGELOG.md | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 737562a876909..7ce90085f6e17 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -602,7 +602,7 @@ sources ([@ruyadorno](https://github.com/ruyadorno)) * [`3a63ecb6f`](https://github.com/npm/cli/commit/3a63ecb6f6a0b235660f73a3ffa329b1f131b0c3) [#1718](https://github.com/npm/cli/pull/1718) - [RFC-0029](https://github.com/npm/rfcs/blob/latest/accepted/0029-add-ability-to-skip-hooks.md) + [RFC-0029](https://github.com/npm/rfcs/blob/latest/implemented/0029-add-ability-to-skip-hooks.md) add ability to skip pre/post hooks to `npm run-script` by using `--ignore-scripts` ([@ruyadorno](https://github.com/ruyadorno)) @@ -829,7 +829,7 @@ Now on to the list of **BREAKING CHANGES**! ### Programmatic Usage - [RFC - 20](https://github.com/npm/rfcs/blob/latest/accepted/0020-npm-option-handling.md) + 20](https://github.com/npm/rfcs/blob/latest/implemented/0020-npm-option-handling.md) The CLI and its dependencies no longer use the `figgy-pudding` library for configs. Configuration is done using a flat plain old JavaScript object. @@ -859,7 +859,7 @@ The environment for lifecycle scripts (eg, build scripts, `npm test`, etc.) has changed. - [RFC - 21](https://github.com/npm/rfcs/blob/latest/accepted/0021-reduce-lifecycle-script-environment.md) + 21](https://github.com/npm/rfcs/blob/latest/implemented/0021-reduce-lifecycle-script-environment.md) Environment no longer includes `npm_package_*` fields, or `npm_config_*` fields for default configs. `npm_package_json`, `npm_package_integrity`, `npm_package_resolved`, and `npm_command` environment variables added. @@ -868,13 +868,13 @@ has changed. release](https://github.com/npm/rfcs/pull/183)) - [RFC - 22](https://github.com/npm/rfcs/blob/latest/accepted/0022-quieter-install-scripts.md) + 22](https://github.com/npm/rfcs/blob/latest/implemented/0022-quieter-install-scripts.md) Scripts run during the normal course of installation are silenced unless they exit in error (ie, with a signal or non-zero exit status code), and are for a non-optional dependency. - [RFC - 24](https://github.com/npm/rfcs/blob/latest/accepted/0024-npm-run-traverse-directory-tree.md) + 24](https://github.com/npm/rfcs/blob/latest/implemented/0024-npm-run-traverse-directory-tree.md) `PATH` environment variable includes all `node_modules/.bin` folders, even if found outside of an existing `node_modules` folder hierarchy. @@ -924,7 +924,7 @@ We do intend to continue supporting the `npx` that npm ships; just not the ### Files On Disk - [RFC - 13](https://github.com/npm/rfcs/blob/latest/accepted/0013-no-package-json-_fields.md) + 13](https://github.com/npm/rfcs/blob/latest/implemented/0013-no-package-json-_fields.md) Installed `package.json` files no longer are mutated to include extra metadata. (This extra metadata is stored in the lockfile.) - `package-lock.json` is updated to a newer format, using @@ -940,7 +940,7 @@ These changes affect `install`, `ci`, `install-test`, `install-ci-test`, `update`, `prune`, `dedupe`, `uninstall`, `link`, and `audit fix`. - [RFC - 25](https://github.com/npm/rfcs/blob/latest/accepted/0025-install-peer-deps.md) + 25](https://github.com/npm/rfcs/blob/latest/implemented/0025-install-peer-deps.md) `peerDependencies` are installed by default. This behavior can be disabled by setting the `legacy-peer-deps` configuration flag. @@ -951,7 +951,7 @@ These changes affect `install`, `ci`, `install-test`, `install-ci-test`, of correctness. Use the `--legacy-peer-deps` config flag if impacted. - [RFC - 23](https://github.com/npm/rfcs/blob/latest/accepted/0023-acceptDependencies.md) + 23](https://github.com/npm/rfcs/blob/latest/implemented/0023-acceptDependencies.md) Support for `acceptDependencies` is added. This can result in dependency resolutions that previous versions of npm will incorrectly flag as invalid. @@ -973,7 +973,7 @@ These changes affect `install`, `ci`, `install-test`, `install-ci-test`, ### Workspaces - [RFC - 26](https://github.com/npm/rfcs/blob/latest/accepted/0026-workspaces.md) + 26](https://github.com/npm/rfcs/blob/latest/implemented/0026-workspaces.md) First phase of `workspaces` support is added. This changes npm's behavior when a root project's `package.json` file contains a `workspaces` field. @@ -981,7 +981,7 @@ These changes affect `install`, `ci`, `install-test`, `install-ci-test`, ### `npm update` - [RFC - 19](https://github.com/npm/rfcs/blob/latest/accepted/0019-remove-update-depth-option.md) + 19](https://github.com/npm/rfcs/blob/latest/implemented/0019-remove-update-depth-option.md) Update all dependencies when `npm update` is run without any arguments. As it is no longer relevant, `--depth` config flag removed from `npm update`. @@ -989,7 +989,7 @@ These changes affect `install`, `ci`, `install-test`, `install-ci-test`, ### `npm outdated` - [RFC - 27](https://github.com/npm/rfcs/blob/latest/accepted/0027-remove-depth-outdated.md) + 27](https://github.com/npm/rfcs/blob/latest/implemented/0027-remove-depth-outdated.md) Remove `--depth` config from `npm outdated`. Only top-level dependencies are shown, unless `--all` config option is set. From 6cd3cd08af56445e13757cac3af87f3e7d54ed27 Mon Sep 17 00:00:00 2001 From: isaacs Date: Tue, 27 Oct 2020 15:25:20 -0700 Subject: [PATCH 04/21] Support *all* conf keys in publishConfig This adds a flatOptions.flatten() method, which takes an object full of config keys, and turns it into an options object. This method expects an object that already inherits from npm's defaults, and is thus expected to be internal only. This commit also removes some config keys which were used by npm dependencies at the start of the v7 beta process, but are no longer: - all lockfile configs (since we don't use lockfiles any more! for anything! and good riddance, they're a rats' nest of race conditions) - cacheMax/cacheMin (we only use preferOffline/offline/online now, so these are strictly legacy support as input and never shared with deps) Once this lands in cli, we can remove the publishConfig handling logic in npm-registry-fetch, as it will be redundant. --- lib/publish.js | 28 +- lib/utils/flat-options.js | 314 +++++++++--------- ...test-lib-utils-flat-options.js-TAP.test.js | 10 - test/lib/publish.js | 181 +++++++--- test/lib/utils/flat-options.js | 4 +- 5 files changed, 306 insertions(+), 231 deletions(-) diff --git a/lib/publish.js b/lib/publish.js index 0ad5204c9624b..78f6507a02dd0 100644 --- a/lib/publish.js +++ b/lib/publish.js @@ -12,6 +12,9 @@ const output = require('./utils/output.js') const otplease = require('./utils/otplease.js') const { getContents, logTar } = require('./utils/tar.js') +// this is the only case in the CLI where we use the old full slow +// 'read-package-json' module, because we want to pull in all the +// defaults and metadata, like git sha's and default scripts and all that. const readJson = util.promisify(require('read-package-json')) const completion = require('./utils/completion/none.js') @@ -46,9 +49,22 @@ const publish = async args => { return tarball } +// for historical reasons, publishConfig in package.json can contain +// ANY config keys that npm supports in .npmrc files and elsewhere. +// We *may* want to revisit this at some point, and have a minimal set +// that's a SemVer-major change that ought to get a RFC written on it. +const { flatten } = require('./utils/flat-options.js') +const publishConfigToOpts = publishConfig => + // create a new object that inherits from the config stack + // then squash the css-case into camelCase opts, like we do + flatten(Object.assign(Object.create(npm.config.list[0]), publishConfig)) + const publish_ = async (arg, opts) => { const { unicode, dryRun, json } = opts - let manifest = await readJson(`${arg}/package.json`) + const manifest = await readJson(`${arg}/package.json`) + + if (manifest.publishConfig) + Object.assign(opts, publishConfigToOpts(manifest.publishConfig)) // prepublishOnly await runScript({ @@ -58,7 +74,7 @@ const publish_ = async (arg, opts) => { pkg: manifest, }) - const tarballData = await pack(arg) + const tarballData = await pack(arg, opts) const pkgContents = await getContents(manifest, tarballData) if (!json) @@ -67,9 +83,11 @@ const publish_ = async (arg, opts) => { if (!dryRun) { // The purpose of re-reading the manifest is in case it changed, // so that we send the latest and greatest thing to the registry - manifest = await readJson(`${arg}/package.json`) - const { publishConfig } = manifest - await otplease(opts, opts => libpub(arg, manifest, { ...opts, publishConfig })) + // note that publishConfig might have changed as well! + const manifest = await readJson(`${arg}/package.json`, opts) + if (manifest.publishConfig) + Object.assign(opts, publishConfigToOpts(manifest.publishConfig)) + await otplease(opts, opts => libpub(arg, manifest, opts)) } // publish diff --git a/lib/utils/flat-options.js b/lib/utils/flat-options.js index d7713ae13122f..be62c5a4cdb58 100644 --- a/lib/utils/flat-options.js +++ b/lib/utils/flat-options.js @@ -7,241 +7,231 @@ const npmSession = crypto.randomBytes(8).toString('hex') log.verbose('npm-session', npmSession) const { join } = require('path') -const buildOmitList = npm => { - const include = npm.config.get('include') || [] - const omit = new Set((npm.config.get('omit') || []) +const buildOmitList = obj => { + const include = obj.include || [] + const omit = new Set((obj.omit || []) .filter(type => !include.includes(type))) - const only = npm.config.get('only') + const only = obj.only - if (/^prod(uction)?$/.test(only) || npm.config.get('production')) + if (/^prod(uction)?$/.test(only) || obj.production) omit.add('dev') - if (/dev/.test(npm.config.get('also'))) + if (/dev/.test(obj.also)) omit.delete('dev') - if (npm.config.get('dev')) + if (obj.dev) omit.delete('dev') - if (npm.config.get('optional') === false) + if (obj.optional === false) omit.add('optional') - npm.config.set('omit', [...omit]) + obj.omit = [...omit] return [...omit] } -const flatOptions = npm => npm.flatOptions || Object.freeze({ - // Note that many of these do not come from configs or cli flags - // per se, though they may be implied or defined by them. - log, - npmSession, - dmode: npm.modes.exec, - fmode: npm.modes.file, - umask: npm.modes.umask, - hashAlgorithm: 'sha1', // XXX should this be sha512? - color: !!npm.color, - includeStaged: npm.config.get('include-staged'), - - preferDedupe: npm.config.get('prefer-dedupe'), - ignoreScripts: npm.config.get('ignore-scripts'), - - projectScope: npm.projectScope, - npmVersion: npm.version, - nodeVersion: npm.config.get('node-version'), - // npm.command is not set until AFTER flatOptions are defined - // so we need to make this a getter. - get npmCommand () { - return npm.command - }, - - tmp: npm.tmp, - cache: join(npm.config.get('cache'), '_cacache'), - prefix: npm.prefix, - globalPrefix: npm.globalPrefix, - localPrefix: npm.localPrefix, - global: npm.config.get('global'), - - metricsRegistry: npm.config.get('metrics-registry') || - npm.config.get('registry'), - sendMetrics: npm.config.get('send-metrics'), - registry: npm.config.get('registry'), - scope: npm.config.get('scope'), - access: npm.config.get('access'), - alwaysAuth: npm.config.get('always-auth'), - audit: npm.config.get('audit'), - auditLevel: npm.config.get('audit-level'), - authType: npm.config.get('auth-type'), - ssoType: npm.config.get('sso-type'), - ssoPollFrequency: npm.config.get('sso-poll-frequency'), - before: npm.config.get('before'), - browser: npm.config.get('browser'), - ca: npm.config.get('ca'), - cafile: npm.config.get('cafile'), - cert: npm.config.get('cert'), - key: npm.config.get('key'), - - // XXX remove these when we don't use lockfile any more, once - // arborist is handling the installation process - cacheLockRetries: npm.config.get('cache-lock-retries'), - cacheLockStale: npm.config.get('cache-lock-stale'), - cacheLockWait: npm.config.get('cache-lock-wait'), - lockFile: { - retries: npm.config.get('cache-lock-retries'), - stale: npm.config.get('cache-lock-stale'), - wait: npm.config.get('cache-lock-wait'), - }, - - // XXX remove these once no longer used - get cacheMax () { - return npm.config.get('cache-max') - }, - get cacheMin () { - return npm.config.get('cache-min') - }, +// turn an object with npm-config style keys into an options object +// with camelCase values. This doesn't account for the stuff that is +// not pulled from the config keys, that's all handled only for the +// main function which acts on the npm object itself. Used by the +// flatOptions generator, and by the publishConfig handling logic. +const flatten = obj => ({ + includeStaged: obj['include-staged'], + preferDedupe: obj['prefer-dedupe'], + ignoreScripts: obj['ignore-scripts'], + nodeVersion: obj['node-version'], + cache: join(obj.cache, '_cacache'), + global: obj.global, + + metricsRegistry: obj['metrics-registry'] || obj.registry, + sendMetrics: obj['send-metrics'], + registry: obj.registry, + scope: obj.scope, + access: obj.access, + alwaysAuth: obj['always-auth'], + audit: obj.audit, + auditLevel: obj['audit-level'], + authType: obj['auth-type'], + ssoType: obj['sso-type'], + ssoPollFrequency: obj['sso-poll-frequency'], + before: obj.before, + browser: obj.browser, + ca: obj.ca, + cafile: obj.cafile, + cert: obj.cert, + key: obj.key, // token creation options - cidr: npm.config.get('cidr'), - readOnly: npm.config.get('read-only'), + cidr: obj.cidr, + readOnly: obj['read-only'], // npm version options - preid: npm.config.get('preid'), - tagVersionPrefix: npm.config.get('tag-version-prefix'), - allowSameVersion: npm.config.get('allow-same-version'), + preid: obj.preid, + tagVersionPrefix: obj['tag-version-prefix'], + allowSameVersion: obj['allow-same-version'], // npm version git options - message: npm.config.get('message'), - commitHooks: npm.config.get('commit-hooks'), - gitTagVersion: npm.config.get('git-tag-version'), - signGitCommit: npm.config.get('sign-git-commit'), - signGitTag: npm.config.get('sign-git-tag'), + message: obj.message, + commitHooks: obj['commit-hooks'], + gitTagVersion: obj['git-tag-version'], + signGitCommit: obj['sign-git-commit'], + signGitTag: obj['sign-git-tag'], // only used for npm ls in v7, not update - depth: npm.config.get('depth'), - all: npm.config.get('all'), + depth: obj.depth, + all: obj.all, // Output configs - unicode: npm.config.get('unicode'), - json: npm.config.get('json'), - long: npm.config.get('long'), - parseable: npm.config.get('parseable'), + unicode: obj.unicode, + json: obj.json, + long: obj.long, + parseable: obj.parseable, // options for npm search search: { - description: npm.config.get('description'), - exclude: npm.config.get('searchexclude'), - limit: npm.config.get('searchlimit') || 20, - opts: npm.config.get('searchopts'), - staleness: npm.config.get('searchstaleness'), + description: obj.description, + exclude: obj.searchexclude, + limit: obj.searchlimit || 20, + opts: obj.searchopts, + staleness: obj.searchstaleness, }, - dryRun: npm.config.get('dry-run'), - engineStrict: npm.config.get('engine-strict'), + dryRun: obj['dry-run'], + engineStrict: obj['engine-strict'], retry: { - retries: npm.config.get('fetch-retries'), - factor: npm.config.get('fetch-retry-factor'), - maxTimeout: npm.config.get('fetch-retry-maxtimeout'), - minTimeout: npm.config.get('fetch-retry-mintimeout'), + retries: obj['fetch-retries'], + factor: obj['fetch-retry-factor'], + maxTimeout: obj['fetch-retry-maxtimeout'], + minTimeout: obj['fetch-retry-mintimeout'], }, - timeout: npm.config.get('fetch-timeout'), + timeout: obj['fetch-timeout'], - force: npm.config.get('force'), + force: obj.force, - formatPackageLock: npm.config.get('format-package-lock'), - fund: npm.config.get('fund'), + formatPackageLock: obj['format-package-lock'], + fund: obj.fund, // binary locators - git: npm.config.get('git'), - npmBin: require.main.filename, - nodeBin: process.env.NODE || process.execPath, - viewer: npm.config.get('viewer'), - editor: npm.config.get('editor'), + git: obj.git, + viewer: obj.viewer, + editor: obj.editor, // configs that affect how we build trees - binLinks: npm.config.get('bin-links'), - rebuildBundle: npm.config.get('rebuild-bundle'), + binLinks: obj['bin-links'], + rebuildBundle: obj['rebuild-bundle'], // --no-shrinkwrap is the same as --no-package-lock - packageLock: !(npm.config.get('package-lock') === false || - npm.config.get('shrinkwrap') === false), - packageLockOnly: npm.config.get('package-lock-only'), - globalStyle: npm.config.get('global-style'), - legacyBundling: npm.config.get('legacy-bundling'), - scriptShell: npm.config.get('script-shell') || undefined, - shell: npm.config.get('shell'), - omit: buildOmitList(npm), - legacyPeerDeps: npm.config.get('legacy-peer-deps'), - strictPeerDeps: npm.config.get('strict-peer-deps'), + packageLock: !(obj['package-lock'] === false || + obj.shrinkwrap === false), + packageLockOnly: obj['package-lock-only'], + globalStyle: obj['global-style'], + legacyBundling: obj['legacy-bundling'], + scriptShell: obj['script-shell'] || undefined, + shell: obj.shell, + omit: buildOmitList(obj), + legacyPeerDeps: obj['legacy-peer-deps'], + strictPeerDeps: obj['strict-peer-deps'], // npx stuff - call: npm.config.get('call'), - package: npm.config.get('package'), + call: obj.call, + package: obj.package, // used to build up the appropriate {add:{...}} options to Arborist.reify - save: npm.config.get('save'), - saveBundle: npm.config.get('save-bundle') && !npm.config.get('save-peer'), - saveType: npm.config.get('save-optional') && npm.config.get('save-peer') + save: obj.save, + saveBundle: obj['save-bundle'] && !obj['save-peer'], + saveType: obj['save-optional'] && obj['save-peer'] ? 'peerOptional' - : npm.config.get('save-optional') ? 'optional' - : npm.config.get('save-dev') ? 'dev' - : npm.config.get('save-peer') ? 'peer' - : npm.config.get('save-prod') ? 'prod' + : obj['save-optional'] ? 'optional' + : obj['save-dev'] ? 'dev' + : obj['save-peer'] ? 'peer' + : obj['save-prod'] ? 'prod' : null, - savePrefix: npm.config.get('save-exact') ? '' - : npm.config.get('save-prefix'), + savePrefix: obj['save-exact'] ? '' + : obj['save-prefix'], // configs for npm-registry-fetch - otp: npm.config.get('otp'), - offline: npm.config.get('offline'), - preferOffline: getPreferOffline(npm), - preferOnline: getPreferOnline(npm), - strictSSL: npm.config.get('strict-ssl'), - defaultTag: npm.config.get('tag'), - get tag () { - return npm.config.get('tag') - }, - userAgent: npm.config.get('user-agent'), + otp: obj.otp, + offline: obj.offline, + preferOffline: getPreferOffline(obj), + preferOnline: getPreferOnline(obj), + strictSSL: obj['strict-ssl'], + defaultTag: obj.tag, + userAgent: obj['user-agent'], // yes, it's fine, just do it, jeez, stop asking - yes: npm.config.get('yes'), + yes: obj.yes, - ...getScopesAndAuths(npm), + ...getScopesAndAuths(obj), // npm fund exclusive option to select an item from a funding list - which: npm.config.get('which'), + which: obj.which, // socks proxy can be configured in https-proxy or proxy field - // note that the various (HTTPS_|HTTP_|)PROXY environs will be + // note that the various (HTTPS_|HTTP_|]PROXY environs will be // respected if this is not set. - proxy: npm.config.get('https-proxy') || npm.config.get('proxy'), - noProxy: npm.config.get('noproxy'), + proxy: obj['https-proxy'] || obj.proxy, + noProxy: obj.noproxy, +}) + +const flatOptions = npm => npm.flatOptions || Object.freeze({ + // flatten the config object + ...flatten(npm.config.list[0]), + + // Note that many of these do not come from configs or cli flags + // per se, though they may be implied or defined by them. + log, + npmSession, + dmode: npm.modes.exec, + fmode: npm.modes.file, + umask: npm.modes.umask, + hashAlgorithm: 'sha1', // XXX should this be sha512? + color: !!npm.color, + projectScope: npm.projectScope, + npmVersion: npm.version, + + // npm.command is not set until AFTER flatOptions are defined + // so we need to make this a getter. + get npmCommand () { + return npm.command + }, + + tmp: npm.tmp, + prefix: npm.prefix, + globalPrefix: npm.globalPrefix, + localPrefix: npm.localPrefix, + npmBin: require.main && require.main.filename, + nodeBin: process.env.NODE || process.execPath, + get tag () { + return npm.config.get('tag') + }, }) -const getPreferOnline = npm => { - const po = npm.config.get('prefer-online') +const getPreferOnline = obj => { + const po = obj['prefer-online'] if (po !== undefined) return po - return npm.config.get('cache-max') <= 0 + return obj['cache-max'] <= 0 } -const getPreferOffline = npm => { - const po = npm.config.get('prefer-offline') +const getPreferOffline = obj => { + const po = obj['prefer-offline'] if (po !== undefined) return po - return npm.config.get('cache-min') >= 9999 + return obj['cache-min'] >= 9999 } // pull out all the @scope: and //host:key config fields // these are used by npm-registry-fetch for authing against registries -const getScopesAndAuths = npm => { +const getScopesAndAuths = obj => { const scopesAndAuths = {} // pull out all the @scope:... configs into a flat object. - for (const key in npm.config.list[0]) { + for (const key in obj) { if (/@.*:registry$/i.test(key) || /^\/\//.test(key)) - scopesAndAuths[key] = npm.config.get(key) + scopesAndAuths[key] = obj[key] } return scopesAndAuths } -module.exports = flatOptions +module.exports = Object.assign(flatOptions, { flatten }) diff --git a/tap-snapshots/test-lib-utils-flat-options.js-TAP.test.js b/tap-snapshots/test-lib-utils-flat-options.js-TAP.test.js index 3522084e67c71..0e6c053b2f452 100644 --- a/tap-snapshots/test-lib-utils-flat-options.js-TAP.test.js +++ b/tap-snapshots/test-lib-utils-flat-options.js-TAP.test.js @@ -21,11 +21,6 @@ Object { "browser": "browser", "ca": "ca", "cache": "cache/_cacache", - "cacheLockRetries": "cache-lock-retries", - "cacheLockStale": "cache-lock-stale", - "cacheLockWait": "cache-lock-wait", - "cacheMax": "cache-max", - "cacheMin": "cache-min", "cafile": "cafile", "call": "call", "cert": "cert", @@ -55,11 +50,6 @@ Object { "legacyBundling": "legacy-bundling", "legacyPeerDeps": undefined, "localPrefix": "/path/to/npm/cli", - "lockFile": Object { - "retries": "cache-lock-retries", - "stale": "cache-lock-stale", - "wait": "cache-lock-wait", - }, "log": Object {}, "long": undefined, "message": "message", diff --git a/test/lib/publish.js b/test/lib/publish.js index e5e412e396c1a..65fb91ae895d7 100644 --- a/test/lib/publish.js +++ b/test/lib/publish.js @@ -1,14 +1,73 @@ -const { test, cleanSnapshot } = require('tap') +const t = require('tap') const requireInject = require('require-inject') -test('should publish with libnpmpublish', (t) => { +// mock config +const {defaults} = require('../../lib/utils/config.js') +const config = { list: [defaults] } +const fs = require('fs') + +t.test('should publish with libnpmpublish, respecting publishConfig', (t) => { + const publishConfig = { registry: 'https://some.registry' } + const testDir = t.testdir({ + 'package.json': JSON.stringify({ + name: 'my-cool-pkg', + version: '1.0.0', + publishConfig, + }, null, 2), + }) + + const publish = requireInject('../../lib/publish.js', { + '../../lib/npm.js': { + flatOptions: { + json: true, + defaultTag: 'latest', + }, + config, + }, + '../../lib/utils/tar.js': { + getContents: () => ({ + id: 'someid', + }), + logTar: () => {}, + }, + '../../lib/utils/output.js': () => {}, + '../../lib/utils/otplease.js': (opts, fn) => { + return Promise.resolve().then(() => fn(opts)) + }, + // verify that we do NOT remove publishConfig if it was there originally + // and then removed during the script/pack process + libnpmpack: async () => { + fs.writeFileSync(`${testDir}/package.json`, JSON.stringify({ + name: 'my-cool-pkg', + version: '1.0.0', + })) + return '' + }, + libnpmpublish: { + publish: (arg, manifest, opts) => { + t.ok(arg, 'gets path') + t.ok(manifest, 'gets manifest') + t.ok(opts, 'gets opts object') + t.same(opts.registry, publishConfig.registry, 'publishConfig is passed through') + t.ok(true, 'libnpmpublish is called') + }, + }, + }) + + publish([testDir], (er) => { + if (er) + throw er + t.end() + }) +}) + +t.test('re-loads publishConfig if added during script process', (t) => { const publishConfig = { registry: 'https://some.registry' } const testDir = t.testdir({ 'package.json': JSON.stringify({ name: 'my-cool-pkg', version: '1.0.0', - publishConfig - }, null, 2) + }, null, 2), }) const publish = requireInject('../../lib/publish.js', { @@ -16,41 +75,51 @@ test('should publish with libnpmpublish', (t) => { flatOptions: { json: true, defaultTag: 'latest', - } + }, + config, }, '../../lib/utils/tar.js': { - 'getContents': () => ({ - id: 'someid' + getContents: () => ({ + id: 'someid', }), - 'logTar': () => {} + logTar: () => {}, }, '../../lib/utils/output.js': () => {}, '../../lib/utils/otplease.js': (opts, fn) => { return Promise.resolve().then(() => fn(opts)) }, - 'libnpmpack': () => '', - 'libnpmpublish': { + libnpmpack: async () => { + fs.writeFileSync(`${testDir}/package.json`, JSON.stringify({ + name: 'my-cool-pkg', + version: '1.0.0', + publishConfig, + })) + return '' + }, + libnpmpublish: { publish: (arg, manifest, opts) => { t.ok(arg, 'gets path') t.ok(manifest, 'gets manifest') t.ok(opts, 'gets opts object') - t.same(opts.publishConfig, publishConfig, 'publishConfig is passed through') + t.same(opts.registry, publishConfig.registry, 'publishConfig is passed through') t.ok(true, 'libnpmpublish is called') - } + }, }, }) - publish([testDir], () => { + publish([testDir], (er) => { + if (er) + throw er t.end() }) }) -test('should not log if silent', (t) => { +t.test('should not log if silent', (t) => { const testDir = t.testdir({ 'package.json': JSON.stringify({ name: 'my-cool-pkg', - version: '1.0.0' - }, null, 2) + version: '1.0.0', + }, null, 2), }) const publish = requireInject('../../lib/publish.js', { @@ -58,37 +127,40 @@ test('should not log if silent', (t) => { flatOptions: { json: false, defaultTag: 'latest', - dryRun: true - } + dryRun: true, + }, + config, }, '../../lib/utils/tar.js': { - 'getContents': () => ({}), - 'logTar': () => {} + getContents: () => ({}), + logTar: () => {}, }, '../../lib/utils/otplease.js': (opts, fn) => { return Promise.resolve().then(() => fn(opts)) - }, - 'npmlog': { - 'verbose': () => {}, - 'level': 'silent' }, - 'libnpmpack': () => '', - 'libnpmpublish': { - publish: () => {} + npmlog: { + verbose: () => {}, + level: 'silent', + }, + libnpmpack: async () => '', + libnpmpublish: { + publish: () => {}, }, }) - publish([testDir], () => { + publish([testDir], (er) => { + if (er) + throw er t.end() }) }) -test('should log tarball contents', (t) => { +t.test('should log tarball contents', (t) => { const testDir = t.testdir({ 'package.json': JSON.stringify({ name: 'my-cool-pkg', - version: '1.0.0' - }, null, 2) + version: '1.0.0', + }, null, 2), }) const publish = requireInject('../../lib/publish.js', { @@ -96,16 +168,17 @@ test('should log tarball contents', (t) => { flatOptions: { json: false, defaultTag: 'latest', - dryRun: true - } + dryRun: true, + }, + config, }, '../../lib/utils/tar.js': { - 'getContents': () => ({ - id: 'someid' + getContents: () => ({ + id: 'someid', }), - 'logTar': () => { + logTar: () => { t.ok(true, 'logTar is called') - } + }, }, '../../lib/utils/output.js': () => { t.ok(true, 'output fn is called') @@ -113,45 +186,49 @@ test('should log tarball contents', (t) => { '../../lib/utils/otplease.js': (opts, fn) => { return Promise.resolve().then(() => fn(opts)) }, - 'libnpmpack': () => '', - 'libnpmpublish': { - publish: () => {} + libnpmpack: async () => '', + libnpmpublish: { + publish: () => {}, }, }) - publish([testDir], () => { + publish([testDir], (er) => { + if (er) + throw er t.end() }) }) -test('shows usage with wrong set of arguments', (t) => { +t.test('shows usage with wrong set of arguments', (t) => { const publish = requireInject('../../lib/publish.js', { '../../lib/npm.js': { flatOptions: { json: false, - defaultTag: '0.0.13' - } - } + defaultTag: '0.0.13', + }, + config, + }, }) - publish(['a', 'b', 'c'], (result) => { - t.matchSnapshot(result, 'should print usage') + publish(['a', 'b', 'c'], (er) => { + t.matchSnapshot(er, 'should print usage') t.end() }) }) -test('throws when invalid tag', (t) => { +t.test('throws when invalid tag', (t) => { const publish = requireInject('../../lib/publish.js', { '../../lib/npm.js': { flatOptions: { json: false, - defaultTag: '0.0.13' - } - } + defaultTag: '0.0.13', + }, + config, + }, }) publish([], (err) => { - t.ok(err, 'throws when tag name is a valid SemVer range') + t.ok(err, 'throws when tag name is a valid SemVer range') t.end() }) }) diff --git a/test/lib/utils/flat-options.js b/test/lib/utils/flat-options.js index f18ce828c3e1d..d3b8b89bc865a 100644 --- a/test/lib/utils/flat-options.js +++ b/test/lib/utils/flat-options.js @@ -163,7 +163,7 @@ t.test('get preferOffline from cache-min', t => { const opts = flatOptions(npm) t.equal(opts.preferOffline, true, 'got preferOffline from cache min') logs.length = 0 - t.equal(opts.cacheMin, 9999999, 'opts.cacheMin is set') + t.equal(opts.cacheMin, undefined, 'opts.cacheMin is not set') t.match(logs, []) logs.length = 0 t.end() @@ -177,7 +177,7 @@ t.test('get preferOnline from cache-max', t => { const opts = flatOptions(npm) t.equal(opts.preferOnline, true, 'got preferOnline from cache min') logs.length = 0 - t.equal(opts.cacheMax, -1, 'opts.cacheMax is set') + t.equal(opts.cacheMax, undefined, 'opts.cacheMax is not set') t.match(logs, []) logs.length = 0 t.end() From 545382df62e3014f3e51d7034e52498fb2b01a37 Mon Sep 17 00:00:00 2001 From: isaacs Date: Wed, 28 Oct 2020 16:25:51 -0700 Subject: [PATCH 05/21] libnpmpublish@4.0.0 Support publishing things other than folders --- node_modules/libnpmpublish/README.md | 87 +- node_modules/libnpmpublish/index.js | 2 +- node_modules/libnpmpublish/package.json | 17 +- node_modules/libnpmpublish/publish.js | 73 +- node_modules/libnpmpublish/unpublish.js | 27 +- node_modules/lodash.clonedeep/LICENSE | 47 - node_modules/lodash.clonedeep/README.md | 18 - node_modules/lodash.clonedeep/index.js | 1748 -------------------- node_modules/lodash.clonedeep/package.json | 17 - package-lock.json | 27 +- package.json | 2 +- 11 files changed, 111 insertions(+), 1954 deletions(-) delete mode 100644 node_modules/lodash.clonedeep/LICENSE delete mode 100644 node_modules/lodash.clonedeep/README.md delete mode 100644 node_modules/lodash.clonedeep/index.js delete mode 100644 node_modules/lodash.clonedeep/package.json diff --git a/node_modules/libnpmpublish/README.md b/node_modules/libnpmpublish/README.md index 7d66958c9c0f4..0da46e89d3b05 100644 --- a/node_modules/libnpmpublish/README.md +++ b/node_modules/libnpmpublish/README.md @@ -1,13 +1,9 @@ # libnpmpublish -[![npm version](https://img.shields.io/npm/v/libnpmpublish.svg)](https://npm.im/libnpmpublish) -[![license](https://img.shields.io/npm/l/libnpmpublish.svg)](https://npm.im/libnpmpublish) -[![GitHub Actions](https://github.com/npm/libnpmpublish/workflows/Node%20CI/badge.svg)](https://github.com/npm/libnpmpublish/actions?query=workflow%3A%22Node+CI%22) -[![Coverage Status](https://coveralls.io/repos/github/npm/libnpmpublish/badge.svg?branch=latest)](https://coveralls.io/github/npm/libnpmpublish?branch=latest) - -[`libnpmpublish`](https://github.com/npm/libnpmpublish) is a Node.js library for -programmatically publishing and unpublishing npm packages. It takes care -of packing tarballs from source code and putting it up on a nice registry for you. +[`libnpmpublish`](https://github.com/npm/libnpmpublish) is a Node.js +library for programmatically publishing and unpublishing npm packages. Give +it a manifest as an object and a tarball as a Buffer, and it'll put them on +the registry for you. ## Table of Contents @@ -22,7 +18,6 @@ of packing tarballs from source code and putting it up on a nice registry for yo ```js const { publish, unpublish } = require('libnpmpublish') - ``` ## Install @@ -33,39 +28,58 @@ const { publish, unpublish } = require('libnpmpublish') #### `opts` for `libnpmpublish` commands -`libnpmpublish` uses [`npm-registry-fetch`](https://npm.im/npm-registry-fetch). -Most options are passed through directly to that library, so please refer to -[its own `opts` -documentation](https://www.npmjs.com/package/npm-registry-fetch#fetch-options) -for options that can be passed in. +`libnpmpublish` uses +[`npm-registry-fetch`](https://npm.im/npm-registry-fetch). Most options +are passed through directly to that library, so please refer to [its own +`opts` documentation](http://npm.im/npm-registry-fetch#fetch-options) for +options that can be passed in. + +A couple of options of note: + +* `opts.defaultTag` - registers the published package with the given tag, + defaults to `latest`. -A couple of options of note for those in a hurry: -* `opts.defaultTag` - registers the published package with the given tag, defaults to `latest`. +* `opts.access` - tells the registry whether this package should be + published as public or restricted. Only applies to scoped packages, which + default to restricted. -* `opts.access` - tells the registry whether this package should be published as public or restricted. Only applies to scoped packages, which default to restricted. +* `opts.token` - can be passed in and will be used as the authentication + token for the registry. For other ways to pass in auth details, see the + n-r-f docs. -* `opts.token` - can be passed in and will be used as the authentication token for the registry. For other ways to pass in auth details, see the n-r-f docs. +#### `> libpub.publish(manifest, tarData, [opts]) -> Promise` -#### `> libpub.publish(path, pkgJson, [opts]) -> Promise` +Sends the package represented by the `manifest` and `tarData` to the +configured registry. -Packs a tarball located in `path` and publishes to the appropriate configured registry. `pkgJson` should be -the parsed `package.json` for the package that is being published. +`manifest` should be the parsed `package.json` for the package being +published (which can also be the manifest pulled from a packument, a git +repo, tarball, etc.) -If `opts.npmVersion` is passed in, it will be used as the `_npmVersion` field in -the outgoing packument. It's recommended you add your own user agent string in -there! +`tarData` is a `Buffer` of the tarball being published. -If `opts.algorithms` is passed in, it should be an array of hashing algorithms -to generate `integrity` hashes for. The default is `['sha512']`, which means you -end up with `dist.integrity = 'sha512-deadbeefbadc0ffee'`. Any algorithm -supported by your current node version is allowed -- npm clients that do not -support those algorithms will simply ignore the unsupported hashes. +If `opts.npmVersion` is passed in, it will be used as the `_npmVersion` +field in the outgoing packument. You may put your own user-agent string in +there to identify your publishes. + +If `opts.algorithms` is passed in, it should be an array of hashing +algorithms to generate `integrity` hashes for. The default is `['sha512']`, +which means you end up with `dist.integrity = 'sha512-deadbeefbadc0ffee'`. +Any algorithm supported by your current node version is allowed -- npm +clients that do not support those algorithms will simply ignore the +unsupported hashes. ##### Example -```javascript +```js +// note that pacote.manifest() and pacote.tarball() can also take +// any spec that npm can install. a folder shown here, since that's +// far and away the most common use case. const path = '/a/path/to/your/source/code' -await libpub.publish(path, { +const pacote = require('pacote') // see: http://npm.im/pacote +const manifest = await pacote.manifest(path) +const tarData = await pacote.tarball(path) +await libpub.publish(manifest, tarData, { npmVersion: 'my-pub-script@1.0.2', token: 'my-auth-token-here' }, opts) @@ -84,15 +98,8 @@ expected. `range` specs will fail silently in most cases. ##### Example -```javascript +```js await libpub.unpublish('lodash', { token: 'i-am-the-worst'}) // -// `lodash` has now been unpublished, along with all its versions, and the world -// devolves into utter chaos. -// -// That, or we all go home to our friends and/or family and have a nice time -// doing nothing having to do with programming or JavaScript and realize our -// lives are just so much happier now, and we just can't understand why we ever -// got so into this JavaScript thing but damn did it pay well. I guess you'll -// settle for gardening or something. +// `lodash` has now been unpublished, along with all its versions ``` diff --git a/node_modules/libnpmpublish/index.js b/node_modules/libnpmpublish/index.js index 38de9ece14e4e..35687e0262559 100644 --- a/node_modules/libnpmpublish/index.js +++ b/node_modules/libnpmpublish/index.js @@ -1,4 +1,4 @@ module.exports = { publish: require('./publish.js'), - unpublish: require('./unpublish.js') + unpublish: require('./unpublish.js'), } diff --git a/node_modules/libnpmpublish/package.json b/node_modules/libnpmpublish/package.json index 91d918ef22d99..8476717a1c8e6 100644 --- a/node_modules/libnpmpublish/package.json +++ b/node_modules/libnpmpublish/package.json @@ -1,6 +1,6 @@ { "name": "libnpmpublish", - "version": "3.0.2", + "version": "4.0.0", "description": "Programmatic API for the bits behind npm publish and unpublish", "author": "npm Inc. ", "contributors": [ @@ -13,10 +13,12 @@ ], "license": "ISC", "scripts": { + "eslint": "eslint", + "lint": "npm run eslint -- \"*.js\"", + "lintfix": "npm run lint -- --fix", "preversion": "npm test", "postversion": "npm publish", "prepublishOnly": "git push origin --follow-tags", - "lint": "standard", "test": "tap", "posttest": "npm run lint" }, @@ -24,6 +26,13 @@ "check-coverage": true }, "devDependencies": { + "eslint": "^7.11.0", + "eslint-plugin-import": "^2.22.1", + "eslint-plugin-node": "^11.1.0", + "eslint-plugin-promise": "^4.2.1", + "eslint-plugin-standard": "^4.0.2", + "libnpmpack": "^2.0.0", + "lodash.clonedeep": "^4.5.0", "nock": "^12.0.2", "standard": "^14.3.1", "tap": "^14.10.6" @@ -35,11 +44,9 @@ "bugs": "https://github.com/npm/libnpmpublish/issues", "homepage": "https://npmjs.com/package/libnpmpublish", "dependencies": { - "libnpmpack": "^2.0.0", - "lodash.clonedeep": "^4.5.0", "normalize-package-data": "^3.0.0", "npm-package-arg": "^8.1.0", - "npm-registry-fetch": "^8.1.5", + "npm-registry-fetch": "^9.0.0", "semver": "^7.1.3", "ssri": "^8.0.0" }, diff --git a/node_modules/libnpmpublish/publish.js b/node_modules/libnpmpublish/publish.js index 8a382e4ad9a9c..bed0f27246faa 100644 --- a/node_modules/libnpmpublish/publish.js +++ b/node_modules/libnpmpublish/publish.js @@ -1,25 +1,15 @@ -'use strict' - const { fixer } = require('normalize-package-data') const npmFetch = require('npm-registry-fetch') -const cloneDeep = require('lodash.clonedeep') const npa = require('npm-package-arg') -const pack = require('libnpmpack') const semver = require('semver') const { URL } = require('url') -const util = require('util') const ssri = require('ssri') -const statAsync = util.promisify(require('fs').stat) - -module.exports = publish -async function publish (folder, manifest, opts) { +const publish = async (manifest, tarballData, opts) => { if (manifest.private) { throw Object.assign( - new Error( - `This package has been marked as private\n - Remove the 'private' field from the package.json to publish it.` - ), + new Error(`This package has been marked as private +Remove the 'private' field from the package.json to publish it.`), { code: 'EPRIVATE' } ) } @@ -32,16 +22,7 @@ async function publish (folder, manifest, opts) { access: spec.scope ? 'restricted' : 'public', algorithms: ['sha512'], ...opts, - spec - } - - const stat = await statAsync(folder) - // checks if it's a dir - if (!stat.isDirectory()) { - throw Object.assign( - new Error('not a directory'), - { code: 'ENOTDIR' } - ) + spec, } const reg = npmFetch.pickRegistry(spec, opts) @@ -56,7 +37,6 @@ async function publish (folder, manifest, opts) { ) } - const tarballData = await pack(`file:${folder}`, { ...opts }) const metadata = buildMetadata(reg, pubManifest, tarballData, opts) try { @@ -64,36 +44,37 @@ async function publish (folder, manifest, opts) { ...opts, method: 'PUT', body: metadata, - ignoreBody: true + ignoreBody: true, }) } catch (err) { - if (err.code !== 'E409') { throw err } + if (err.code !== 'E409') + throw err // if E409, we attempt exactly ONE retry, to protect us // against malicious activity like trying to publish // a bunch of new versions of a package at the same time // and/or spamming the registry const current = await npmFetch.json(spec.escapedName, { ...opts, - query: { write: true } + query: { write: true }, }) const newMetadata = patchMetadata(current, metadata, opts) return npmFetch(spec.escapedName, { ...opts, method: 'PUT', body: newMetadata, - ignoreBody: true + ignoreBody: true, }) } } -function patchManifest (_manifest, opts) { +const patchManifest = (_manifest, opts) => { const { npmVersion } = opts - const manifest = cloneDeep(_manifest) + // we only update top-level fields, so a shallow clone is fine + const manifest = { ..._manifest } manifest._nodeVersion = process.versions.node - if (npmVersion) { + if (npmVersion) manifest._npmVersion = npmVersion - } fixer.fixNameField(manifest, { strict: true, allowLegacyCase: true }) const version = semver.clean(manifest.version) @@ -107,7 +88,7 @@ function patchManifest (_manifest, opts) { return manifest } -function buildMetadata (registry, manifest, tarballData, opts) { +const buildMetadata = (registry, manifest, tarballData, opts) => { const { access, defaultTag, algorithms } = opts const root = { _id: manifest.name, @@ -116,7 +97,6 @@ function buildMetadata (registry, manifest, tarballData, opts) { 'dist-tags': {}, versions: {}, access, - readme: manifest.readme || '' } root.versions[manifest.version] = manifest @@ -126,7 +106,7 @@ function buildMetadata (registry, manifest, tarballData, opts) { const tarballName = `${manifest.name}-${manifest.version}.tgz` const tarballURI = `${manifest.name}/-/${tarballName}` const integrity = ssri.fromData(tarballData, { - algorithms: [...new Set(['sha1'].concat(algorithms))] + algorithms: [...new Set(['sha1'].concat(algorithms))], }) manifest._id = `${manifest.name}@${manifest.version}` @@ -146,18 +126,18 @@ function buildMetadata (registry, manifest, tarballData, opts) { root._attachments[tarballName] = { content_type: 'application/octet-stream', data: tarballData.toString('base64'), - length: tarballData.length + length: tarballData.length, } return root } -function patchMetadata (current, newData) { - const curVers = Object.keys(current.versions || {}).map(v => { - return semver.clean(v, true) - }).concat(Object.keys(current.time || {}).map(v => { - if (semver.valid(v, true)) { return semver.clean(v, true) } - })).filter(v => v) +const patchMetadata = (current, newData) => { + const curVers = Object.keys(current.versions || {}) + .map(v => semver.clean(v, true)) + .concat(Object.keys(current.time || {}) + .map(v => semver.valid(v, true) && semver.clean(v, true)) + .filter(v => v)) const newVersion = Object.keys(newData.versions)[0] @@ -169,19 +149,19 @@ function patchMetadata (current, newData) { ), { code: 'EPUBLISHCONFLICT', pkgid, - version + version, }) } current.versions = current.versions || {} current.versions[newVersion] = newData.versions[newVersion] - for (var i in newData) { + for (const i in newData) { switch (i) { // objects that copy over the new stuffs case 'dist-tags': case 'versions': case '_attachments': - for (var j in newData[i]) { + for (const j in newData[i]) { current[i] = current[i] || {} current[i][j] = newData[i][j] } @@ -190,8 +170,11 @@ function patchMetadata (current, newData) { // copy default: current[i] = newData[i] + break } } return current } + +module.exports = publish diff --git a/node_modules/libnpmpublish/unpublish.js b/node_modules/libnpmpublish/unpublish.js index 3fe3860420bbf..937e4b849636d 100644 --- a/node_modules/libnpmpublish/unpublish.js +++ b/node_modules/libnpmpublish/unpublish.js @@ -5,21 +5,20 @@ const npmFetch = require('npm-registry-fetch') const semver = require('semver') const { URL } = require('url') -module.exports = unpublish -async function unpublish (spec, opts) { +const unpublish = async (spec, opts) => { spec = npa(spec) // spec is used to pick the appropriate registry/auth combo. opts = { force: false, ...opts, - spec + spec, } try { const pkgUri = spec.escapedName const pkg = await npmFetch.json(pkgUri, { ...opts, - query: { write: true } + query: { write: true }, }) const version = spec.rawSpec @@ -32,9 +31,8 @@ async function unpublish (spec, opts) { // if missing specific version, // assumed unpublished - if (!versionData && !rawSpecs && !noVersions) { + if (!versionData && !rawSpecs && !noVersions) return true - } // unpublish all versions of a package: // - no specs supplied "npm unpublish foo" @@ -45,7 +43,7 @@ async function unpublish (spec, opts) { await npmFetch(`${pkgUri}/-rev/${pkg._rev}`, { ...opts, method: 'DELETE', - ignoreBody: true + ignoreBody: true, }) return true } else { @@ -56,9 +54,8 @@ async function unpublish (spec, opts) { // deleting dist tags associated to version Object.keys(pkg['dist-tags']).forEach(tag => { - if (pkg['dist-tags'][tag] === version) { + if (pkg['dist-tags'][tag] === version) delete pkg['dist-tags'][tag] - } }) if (latestVer === version) { @@ -75,26 +72,28 @@ async function unpublish (spec, opts) { ...opts, method: 'PUT', body: pkg, - ignoreBody: true + ignoreBody: true, }) // Remove the tarball itself const { _rev } = await npmFetch.json(pkgUri, { ...opts, - query: { write: true } + query: { write: true }, }) const tarballUrl = new URL(dist.tarball).pathname.substr(1) await npmFetch(`${tarballUrl}/-rev/${_rev}`, { ...opts, method: 'DELETE', - ignoreBody: true + ignoreBody: true, }) return true } } catch (err) { - if (err.code !== 'E404') { + if (err.code !== 'E404') throw err - } + return true } } + +module.exports = unpublish diff --git a/node_modules/lodash.clonedeep/LICENSE b/node_modules/lodash.clonedeep/LICENSE deleted file mode 100644 index e0c69d56032d1..0000000000000 --- a/node_modules/lodash.clonedeep/LICENSE +++ /dev/null @@ -1,47 +0,0 @@ -Copyright jQuery Foundation and other contributors - -Based on Underscore.js, copyright Jeremy Ashkenas, -DocumentCloud and Investigative Reporters & Editors - -This software consists of voluntary contributions made by many -individuals. For exact contribution history, see the revision history -available at https://github.com/lodash/lodash - -The following license applies to all parts of this software except as -documented below: - -==== - -Permission is hereby granted, free of charge, to any person obtaining -a copy of this software and associated documentation files (the -"Software"), to deal in the Software without restriction, including -without limitation the rights to use, copy, modify, merge, publish, -distribute, sublicense, and/or sell copies of the Software, and to -permit persons to whom the Software is furnished to do so, subject to -the following conditions: - -The above copyright notice and this permission notice shall be -included in all copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, -EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND -NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE -LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION -OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION -WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. - -==== - -Copyright and related rights for sample code are waived via CC0. Sample -code is defined as all source code displayed within the prose of the -documentation. - -CC0: http://creativecommons.org/publicdomain/zero/1.0/ - -==== - -Files located in the node_modules and vendor directories are externally -maintained libraries used by this software which have their own -licenses; we recommend you read them, as their terms may differ from the -terms above. diff --git a/node_modules/lodash.clonedeep/README.md b/node_modules/lodash.clonedeep/README.md deleted file mode 100644 index fee48e4706a97..0000000000000 --- a/node_modules/lodash.clonedeep/README.md +++ /dev/null @@ -1,18 +0,0 @@ -# lodash.clonedeep v4.5.0 - -The [lodash](https://lodash.com/) method `_.cloneDeep` exported as a [Node.js](https://nodejs.org/) module. - -## Installation - -Using npm: -```bash -$ {sudo -H} npm i -g npm -$ npm i --save lodash.clonedeep -``` - -In Node.js: -```js -var cloneDeep = require('lodash.clonedeep'); -``` - -See the [documentation](https://lodash.com/docs#cloneDeep) or [package source](https://github.com/lodash/lodash/blob/4.5.0-npm-packages/lodash.clonedeep) for more details. diff --git a/node_modules/lodash.clonedeep/index.js b/node_modules/lodash.clonedeep/index.js deleted file mode 100644 index 1b0e50298222d..0000000000000 --- a/node_modules/lodash.clonedeep/index.js +++ /dev/null @@ -1,1748 +0,0 @@ -/** - * lodash (Custom Build) - * Build: `lodash modularize exports="npm" -o ./` - * Copyright jQuery Foundation and other contributors - * Released under MIT license - * Based on Underscore.js 1.8.3 - * Copyright Jeremy Ashkenas, DocumentCloud and Investigative Reporters & Editors - */ - -/** Used as the size to enable large array optimizations. */ -var LARGE_ARRAY_SIZE = 200; - -/** Used to stand-in for `undefined` hash values. */ -var HASH_UNDEFINED = '__lodash_hash_undefined__'; - -/** Used as references for various `Number` constants. */ -var MAX_SAFE_INTEGER = 9007199254740991; - -/** `Object#toString` result references. */ -var argsTag = '[object Arguments]', - arrayTag = '[object Array]', - boolTag = '[object Boolean]', - dateTag = '[object Date]', - errorTag = '[object Error]', - funcTag = '[object Function]', - genTag = '[object GeneratorFunction]', - mapTag = '[object Map]', - numberTag = '[object Number]', - objectTag = '[object Object]', - promiseTag = '[object Promise]', - regexpTag = '[object RegExp]', - setTag = '[object Set]', - stringTag = '[object String]', - symbolTag = '[object Symbol]', - weakMapTag = '[object WeakMap]'; - -var arrayBufferTag = '[object ArrayBuffer]', - dataViewTag = '[object DataView]', - float32Tag = '[object Float32Array]', - float64Tag = '[object Float64Array]', - int8Tag = '[object Int8Array]', - int16Tag = '[object Int16Array]', - int32Tag = '[object Int32Array]', - uint8Tag = '[object Uint8Array]', - uint8ClampedTag = '[object Uint8ClampedArray]', - uint16Tag = '[object Uint16Array]', - uint32Tag = '[object Uint32Array]'; - -/** - * Used to match `RegExp` - * [syntax characters](http://ecma-international.org/ecma-262/7.0/#sec-patterns). - */ -var reRegExpChar = /[\\^$.*+?()[\]{}|]/g; - -/** Used to match `RegExp` flags from their coerced string values. */ -var reFlags = /\w*$/; - -/** Used to detect host constructors (Safari). */ -var reIsHostCtor = /^\[object .+?Constructor\]$/; - -/** Used to detect unsigned integer values. */ -var reIsUint = /^(?:0|[1-9]\d*)$/; - -/** Used to identify `toStringTag` values supported by `_.clone`. */ -var cloneableTags = {}; -cloneableTags[argsTag] = cloneableTags[arrayTag] = -cloneableTags[arrayBufferTag] = cloneableTags[dataViewTag] = -cloneableTags[boolTag] = cloneableTags[dateTag] = -cloneableTags[float32Tag] = cloneableTags[float64Tag] = -cloneableTags[int8Tag] = cloneableTags[int16Tag] = -cloneableTags[int32Tag] = cloneableTags[mapTag] = -cloneableTags[numberTag] = cloneableTags[objectTag] = -cloneableTags[regexpTag] = cloneableTags[setTag] = -cloneableTags[stringTag] = cloneableTags[symbolTag] = -cloneableTags[uint8Tag] = cloneableTags[uint8ClampedTag] = -cloneableTags[uint16Tag] = cloneableTags[uint32Tag] = true; -cloneableTags[errorTag] = cloneableTags[funcTag] = -cloneableTags[weakMapTag] = false; - -/** Detect free variable `global` from Node.js. */ -var freeGlobal = typeof global == 'object' && global && global.Object === Object && global; - -/** Detect free variable `self`. */ -var freeSelf = typeof self == 'object' && self && self.Object === Object && self; - -/** Used as a reference to the global object. */ -var root = freeGlobal || freeSelf || Function('return this')(); - -/** Detect free variable `exports`. */ -var freeExports = typeof exports == 'object' && exports && !exports.nodeType && exports; - -/** Detect free variable `module`. */ -var freeModule = freeExports && typeof module == 'object' && module && !module.nodeType && module; - -/** Detect the popular CommonJS extension `module.exports`. */ -var moduleExports = freeModule && freeModule.exports === freeExports; - -/** - * Adds the key-value `pair` to `map`. - * - * @private - * @param {Object} map The map to modify. - * @param {Array} pair The key-value pair to add. - * @returns {Object} Returns `map`. - */ -function addMapEntry(map, pair) { - // Don't return `map.set` because it's not chainable in IE 11. - map.set(pair[0], pair[1]); - return map; -} - -/** - * Adds `value` to `set`. - * - * @private - * @param {Object} set The set to modify. - * @param {*} value The value to add. - * @returns {Object} Returns `set`. - */ -function addSetEntry(set, value) { - // Don't return `set.add` because it's not chainable in IE 11. - set.add(value); - return set; -} - -/** - * A specialized version of `_.forEach` for arrays without support for - * iteratee shorthands. - * - * @private - * @param {Array} [array] The array to iterate over. - * @param {Function} iteratee The function invoked per iteration. - * @returns {Array} Returns `array`. - */ -function arrayEach(array, iteratee) { - var index = -1, - length = array ? array.length : 0; - - while (++index < length) { - if (iteratee(array[index], index, array) === false) { - break; - } - } - return array; -} - -/** - * Appends the elements of `values` to `array`. - * - * @private - * @param {Array} array The array to modify. - * @param {Array} values The values to append. - * @returns {Array} Returns `array`. - */ -function arrayPush(array, values) { - var index = -1, - length = values.length, - offset = array.length; - - while (++index < length) { - array[offset + index] = values[index]; - } - return array; -} - -/** - * A specialized version of `_.reduce` for arrays without support for - * iteratee shorthands. - * - * @private - * @param {Array} [array] The array to iterate over. - * @param {Function} iteratee The function invoked per iteration. - * @param {*} [accumulator] The initial value. - * @param {boolean} [initAccum] Specify using the first element of `array` as - * the initial value. - * @returns {*} Returns the accumulated value. - */ -function arrayReduce(array, iteratee, accumulator, initAccum) { - var index = -1, - length = array ? array.length : 0; - - if (initAccum && length) { - accumulator = array[++index]; - } - while (++index < length) { - accumulator = iteratee(accumulator, array[index], index, array); - } - return accumulator; -} - -/** - * The base implementation of `_.times` without support for iteratee shorthands - * or max array length checks. - * - * @private - * @param {number} n The number of times to invoke `iteratee`. - * @param {Function} iteratee The function invoked per iteration. - * @returns {Array} Returns the array of results. - */ -function baseTimes(n, iteratee) { - var index = -1, - result = Array(n); - - while (++index < n) { - result[index] = iteratee(index); - } - return result; -} - -/** - * Gets the value at `key` of `object`. - * - * @private - * @param {Object} [object] The object to query. - * @param {string} key The key of the property to get. - * @returns {*} Returns the property value. - */ -function getValue(object, key) { - return object == null ? undefined : object[key]; -} - -/** - * Checks if `value` is a host object in IE < 9. - * - * @private - * @param {*} value The value to check. - * @returns {boolean} Returns `true` if `value` is a host object, else `false`. - */ -function isHostObject(value) { - // Many host objects are `Object` objects that can coerce to strings - // despite having improperly defined `toString` methods. - var result = false; - if (value != null && typeof value.toString != 'function') { - try { - result = !!(value + ''); - } catch (e) {} - } - return result; -} - -/** - * Converts `map` to its key-value pairs. - * - * @private - * @param {Object} map The map to convert. - * @returns {Array} Returns the key-value pairs. - */ -function mapToArray(map) { - var index = -1, - result = Array(map.size); - - map.forEach(function(value, key) { - result[++index] = [key, value]; - }); - return result; -} - -/** - * Creates a unary function that invokes `func` with its argument transformed. - * - * @private - * @param {Function} func The function to wrap. - * @param {Function} transform The argument transform. - * @returns {Function} Returns the new function. - */ -function overArg(func, transform) { - return function(arg) { - return func(transform(arg)); - }; -} - -/** - * Converts `set` to an array of its values. - * - * @private - * @param {Object} set The set to convert. - * @returns {Array} Returns the values. - */ -function setToArray(set) { - var index = -1, - result = Array(set.size); - - set.forEach(function(value) { - result[++index] = value; - }); - return result; -} - -/** Used for built-in method references. */ -var arrayProto = Array.prototype, - funcProto = Function.prototype, - objectProto = Object.prototype; - -/** Used to detect overreaching core-js shims. */ -var coreJsData = root['__core-js_shared__']; - -/** Used to detect methods masquerading as native. */ -var maskSrcKey = (function() { - var uid = /[^.]+$/.exec(coreJsData && coreJsData.keys && coreJsData.keys.IE_PROTO || ''); - return uid ? ('Symbol(src)_1.' + uid) : ''; -}()); - -/** Used to resolve the decompiled source of functions. */ -var funcToString = funcProto.toString; - -/** Used to check objects for own properties. */ -var hasOwnProperty = objectProto.hasOwnProperty; - -/** - * Used to resolve the - * [`toStringTag`](http://ecma-international.org/ecma-262/7.0/#sec-object.prototype.tostring) - * of values. - */ -var objectToString = objectProto.toString; - -/** Used to detect if a method is native. */ -var reIsNative = RegExp('^' + - funcToString.call(hasOwnProperty).replace(reRegExpChar, '\\$&') - .replace(/hasOwnProperty|(function).*?(?=\\\()| for .+?(?=\\\])/g, '$1.*?') + '$' -); - -/** Built-in value references. */ -var Buffer = moduleExports ? root.Buffer : undefined, - Symbol = root.Symbol, - Uint8Array = root.Uint8Array, - getPrototype = overArg(Object.getPrototypeOf, Object), - objectCreate = Object.create, - propertyIsEnumerable = objectProto.propertyIsEnumerable, - splice = arrayProto.splice; - -/* Built-in method references for those with the same name as other `lodash` methods. */ -var nativeGetSymbols = Object.getOwnPropertySymbols, - nativeIsBuffer = Buffer ? Buffer.isBuffer : undefined, - nativeKeys = overArg(Object.keys, Object); - -/* Built-in method references that are verified to be native. */ -var DataView = getNative(root, 'DataView'), - Map = getNative(root, 'Map'), - Promise = getNative(root, 'Promise'), - Set = getNative(root, 'Set'), - WeakMap = getNative(root, 'WeakMap'), - nativeCreate = getNative(Object, 'create'); - -/** Used to detect maps, sets, and weakmaps. */ -var dataViewCtorString = toSource(DataView), - mapCtorString = toSource(Map), - promiseCtorString = toSource(Promise), - setCtorString = toSource(Set), - weakMapCtorString = toSource(WeakMap); - -/** Used to convert symbols to primitives and strings. */ -var symbolProto = Symbol ? Symbol.prototype : undefined, - symbolValueOf = symbolProto ? symbolProto.valueOf : undefined; - -/** - * Creates a hash object. - * - * @private - * @constructor - * @param {Array} [entries] The key-value pairs to cache. - */ -function Hash(entries) { - var index = -1, - length = entries ? entries.length : 0; - - this.clear(); - while (++index < length) { - var entry = entries[index]; - this.set(entry[0], entry[1]); - } -} - -/** - * Removes all key-value entries from the hash. - * - * @private - * @name clear - * @memberOf Hash - */ -function hashClear() { - this.__data__ = nativeCreate ? nativeCreate(null) : {}; -} - -/** - * Removes `key` and its value from the hash. - * - * @private - * @name delete - * @memberOf Hash - * @param {Object} hash The hash to modify. - * @param {string} key The key of the value to remove. - * @returns {boolean} Returns `true` if the entry was removed, else `false`. - */ -function hashDelete(key) { - return this.has(key) && delete this.__data__[key]; -} - -/** - * Gets the hash value for `key`. - * - * @private - * @name get - * @memberOf Hash - * @param {string} key The key of the value to get. - * @returns {*} Returns the entry value. - */ -function hashGet(key) { - var data = this.__data__; - if (nativeCreate) { - var result = data[key]; - return result === HASH_UNDEFINED ? undefined : result; - } - return hasOwnProperty.call(data, key) ? data[key] : undefined; -} - -/** - * Checks if a hash value for `key` exists. - * - * @private - * @name has - * @memberOf Hash - * @param {string} key The key of the entry to check. - * @returns {boolean} Returns `true` if an entry for `key` exists, else `false`. - */ -function hashHas(key) { - var data = this.__data__; - return nativeCreate ? data[key] !== undefined : hasOwnProperty.call(data, key); -} - -/** - * Sets the hash `key` to `value`. - * - * @private - * @name set - * @memberOf Hash - * @param {string} key The key of the value to set. - * @param {*} value The value to set. - * @returns {Object} Returns the hash instance. - */ -function hashSet(key, value) { - var data = this.__data__; - data[key] = (nativeCreate && value === undefined) ? HASH_UNDEFINED : value; - return this; -} - -// Add methods to `Hash`. -Hash.prototype.clear = hashClear; -Hash.prototype['delete'] = hashDelete; -Hash.prototype.get = hashGet; -Hash.prototype.has = hashHas; -Hash.prototype.set = hashSet; - -/** - * Creates an list cache object. - * - * @private - * @constructor - * @param {Array} [entries] The key-value pairs to cache. - */ -function ListCache(entries) { - var index = -1, - length = entries ? entries.length : 0; - - this.clear(); - while (++index < length) { - var entry = entries[index]; - this.set(entry[0], entry[1]); - } -} - -/** - * Removes all key-value entries from the list cache. - * - * @private - * @name clear - * @memberOf ListCache - */ -function listCacheClear() { - this.__data__ = []; -} - -/** - * Removes `key` and its value from the list cache. - * - * @private - * @name delete - * @memberOf ListCache - * @param {string} key The key of the value to remove. - * @returns {boolean} Returns `true` if the entry was removed, else `false`. - */ -function listCacheDelete(key) { - var data = this.__data__, - index = assocIndexOf(data, key); - - if (index < 0) { - return false; - } - var lastIndex = data.length - 1; - if (index == lastIndex) { - data.pop(); - } else { - splice.call(data, index, 1); - } - return true; -} - -/** - * Gets the list cache value for `key`. - * - * @private - * @name get - * @memberOf ListCache - * @param {string} key The key of the value to get. - * @returns {*} Returns the entry value. - */ -function listCacheGet(key) { - var data = this.__data__, - index = assocIndexOf(data, key); - - return index < 0 ? undefined : data[index][1]; -} - -/** - * Checks if a list cache value for `key` exists. - * - * @private - * @name has - * @memberOf ListCache - * @param {string} key The key of the entry to check. - * @returns {boolean} Returns `true` if an entry for `key` exists, else `false`. - */ -function listCacheHas(key) { - return assocIndexOf(this.__data__, key) > -1; -} - -/** - * Sets the list cache `key` to `value`. - * - * @private - * @name set - * @memberOf ListCache - * @param {string} key The key of the value to set. - * @param {*} value The value to set. - * @returns {Object} Returns the list cache instance. - */ -function listCacheSet(key, value) { - var data = this.__data__, - index = assocIndexOf(data, key); - - if (index < 0) { - data.push([key, value]); - } else { - data[index][1] = value; - } - return this; -} - -// Add methods to `ListCache`. -ListCache.prototype.clear = listCacheClear; -ListCache.prototype['delete'] = listCacheDelete; -ListCache.prototype.get = listCacheGet; -ListCache.prototype.has = listCacheHas; -ListCache.prototype.set = listCacheSet; - -/** - * Creates a map cache object to store key-value pairs. - * - * @private - * @constructor - * @param {Array} [entries] The key-value pairs to cache. - */ -function MapCache(entries) { - var index = -1, - length = entries ? entries.length : 0; - - this.clear(); - while (++index < length) { - var entry = entries[index]; - this.set(entry[0], entry[1]); - } -} - -/** - * Removes all key-value entries from the map. - * - * @private - * @name clear - * @memberOf MapCache - */ -function mapCacheClear() { - this.__data__ = { - 'hash': new Hash, - 'map': new (Map || ListCache), - 'string': new Hash - }; -} - -/** - * Removes `key` and its value from the map. - * - * @private - * @name delete - * @memberOf MapCache - * @param {string} key The key of the value to remove. - * @returns {boolean} Returns `true` if the entry was removed, else `false`. - */ -function mapCacheDelete(key) { - return getMapData(this, key)['delete'](key); -} - -/** - * Gets the map value for `key`. - * - * @private - * @name get - * @memberOf MapCache - * @param {string} key The key of the value to get. - * @returns {*} Returns the entry value. - */ -function mapCacheGet(key) { - return getMapData(this, key).get(key); -} - -/** - * Checks if a map value for `key` exists. - * - * @private - * @name has - * @memberOf MapCache - * @param {string} key The key of the entry to check. - * @returns {boolean} Returns `true` if an entry for `key` exists, else `false`. - */ -function mapCacheHas(key) { - return getMapData(this, key).has(key); -} - -/** - * Sets the map `key` to `value`. - * - * @private - * @name set - * @memberOf MapCache - * @param {string} key The key of the value to set. - * @param {*} value The value to set. - * @returns {Object} Returns the map cache instance. - */ -function mapCacheSet(key, value) { - getMapData(this, key).set(key, value); - return this; -} - -// Add methods to `MapCache`. -MapCache.prototype.clear = mapCacheClear; -MapCache.prototype['delete'] = mapCacheDelete; -MapCache.prototype.get = mapCacheGet; -MapCache.prototype.has = mapCacheHas; -MapCache.prototype.set = mapCacheSet; - -/** - * Creates a stack cache object to store key-value pairs. - * - * @private - * @constructor - * @param {Array} [entries] The key-value pairs to cache. - */ -function Stack(entries) { - this.__data__ = new ListCache(entries); -} - -/** - * Removes all key-value entries from the stack. - * - * @private - * @name clear - * @memberOf Stack - */ -function stackClear() { - this.__data__ = new ListCache; -} - -/** - * Removes `key` and its value from the stack. - * - * @private - * @name delete - * @memberOf Stack - * @param {string} key The key of the value to remove. - * @returns {boolean} Returns `true` if the entry was removed, else `false`. - */ -function stackDelete(key) { - return this.__data__['delete'](key); -} - -/** - * Gets the stack value for `key`. - * - * @private - * @name get - * @memberOf Stack - * @param {string} key The key of the value to get. - * @returns {*} Returns the entry value. - */ -function stackGet(key) { - return this.__data__.get(key); -} - -/** - * Checks if a stack value for `key` exists. - * - * @private - * @name has - * @memberOf Stack - * @param {string} key The key of the entry to check. - * @returns {boolean} Returns `true` if an entry for `key` exists, else `false`. - */ -function stackHas(key) { - return this.__data__.has(key); -} - -/** - * Sets the stack `key` to `value`. - * - * @private - * @name set - * @memberOf Stack - * @param {string} key The key of the value to set. - * @param {*} value The value to set. - * @returns {Object} Returns the stack cache instance. - */ -function stackSet(key, value) { - var cache = this.__data__; - if (cache instanceof ListCache) { - var pairs = cache.__data__; - if (!Map || (pairs.length < LARGE_ARRAY_SIZE - 1)) { - pairs.push([key, value]); - return this; - } - cache = this.__data__ = new MapCache(pairs); - } - cache.set(key, value); - return this; -} - -// Add methods to `Stack`. -Stack.prototype.clear = stackClear; -Stack.prototype['delete'] = stackDelete; -Stack.prototype.get = stackGet; -Stack.prototype.has = stackHas; -Stack.prototype.set = stackSet; - -/** - * Creates an array of the enumerable property names of the array-like `value`. - * - * @private - * @param {*} value The value to query. - * @param {boolean} inherited Specify returning inherited property names. - * @returns {Array} Returns the array of property names. - */ -function arrayLikeKeys(value, inherited) { - // Safari 8.1 makes `arguments.callee` enumerable in strict mode. - // Safari 9 makes `arguments.length` enumerable in strict mode. - var result = (isArray(value) || isArguments(value)) - ? baseTimes(value.length, String) - : []; - - var length = result.length, - skipIndexes = !!length; - - for (var key in value) { - if ((inherited || hasOwnProperty.call(value, key)) && - !(skipIndexes && (key == 'length' || isIndex(key, length)))) { - result.push(key); - } - } - return result; -} - -/** - * Assigns `value` to `key` of `object` if the existing value is not equivalent - * using [`SameValueZero`](http://ecma-international.org/ecma-262/7.0/#sec-samevaluezero) - * for equality comparisons. - * - * @private - * @param {Object} object The object to modify. - * @param {string} key The key of the property to assign. - * @param {*} value The value to assign. - */ -function assignValue(object, key, value) { - var objValue = object[key]; - if (!(hasOwnProperty.call(object, key) && eq(objValue, value)) || - (value === undefined && !(key in object))) { - object[key] = value; - } -} - -/** - * Gets the index at which the `key` is found in `array` of key-value pairs. - * - * @private - * @param {Array} array The array to inspect. - * @param {*} key The key to search for. - * @returns {number} Returns the index of the matched value, else `-1`. - */ -function assocIndexOf(array, key) { - var length = array.length; - while (length--) { - if (eq(array[length][0], key)) { - return length; - } - } - return -1; -} - -/** - * The base implementation of `_.assign` without support for multiple sources - * or `customizer` functions. - * - * @private - * @param {Object} object The destination object. - * @param {Object} source The source object. - * @returns {Object} Returns `object`. - */ -function baseAssign(object, source) { - return object && copyObject(source, keys(source), object); -} - -/** - * The base implementation of `_.clone` and `_.cloneDeep` which tracks - * traversed objects. - * - * @private - * @param {*} value The value to clone. - * @param {boolean} [isDeep] Specify a deep clone. - * @param {boolean} [isFull] Specify a clone including symbols. - * @param {Function} [customizer] The function to customize cloning. - * @param {string} [key] The key of `value`. - * @param {Object} [object] The parent object of `value`. - * @param {Object} [stack] Tracks traversed objects and their clone counterparts. - * @returns {*} Returns the cloned value. - */ -function baseClone(value, isDeep, isFull, customizer, key, object, stack) { - var result; - if (customizer) { - result = object ? customizer(value, key, object, stack) : customizer(value); - } - if (result !== undefined) { - return result; - } - if (!isObject(value)) { - return value; - } - var isArr = isArray(value); - if (isArr) { - result = initCloneArray(value); - if (!isDeep) { - return copyArray(value, result); - } - } else { - var tag = getTag(value), - isFunc = tag == funcTag || tag == genTag; - - if (isBuffer(value)) { - return cloneBuffer(value, isDeep); - } - if (tag == objectTag || tag == argsTag || (isFunc && !object)) { - if (isHostObject(value)) { - return object ? value : {}; - } - result = initCloneObject(isFunc ? {} : value); - if (!isDeep) { - return copySymbols(value, baseAssign(result, value)); - } - } else { - if (!cloneableTags[tag]) { - return object ? value : {}; - } - result = initCloneByTag(value, tag, baseClone, isDeep); - } - } - // Check for circular references and return its corresponding clone. - stack || (stack = new Stack); - var stacked = stack.get(value); - if (stacked) { - return stacked; - } - stack.set(value, result); - - if (!isArr) { - var props = isFull ? getAllKeys(value) : keys(value); - } - arrayEach(props || value, function(subValue, key) { - if (props) { - key = subValue; - subValue = value[key]; - } - // Recursively populate clone (susceptible to call stack limits). - assignValue(result, key, baseClone(subValue, isDeep, isFull, customizer, key, value, stack)); - }); - return result; -} - -/** - * The base implementation of `_.create` without support for assigning - * properties to the created object. - * - * @private - * @param {Object} prototype The object to inherit from. - * @returns {Object} Returns the new object. - */ -function baseCreate(proto) { - return isObject(proto) ? objectCreate(proto) : {}; -} - -/** - * The base implementation of `getAllKeys` and `getAllKeysIn` which uses - * `keysFunc` and `symbolsFunc` to get the enumerable property names and - * symbols of `object`. - * - * @private - * @param {Object} object The object to query. - * @param {Function} keysFunc The function to get the keys of `object`. - * @param {Function} symbolsFunc The function to get the symbols of `object`. - * @returns {Array} Returns the array of property names and symbols. - */ -function baseGetAllKeys(object, keysFunc, symbolsFunc) { - var result = keysFunc(object); - return isArray(object) ? result : arrayPush(result, symbolsFunc(object)); -} - -/** - * The base implementation of `getTag`. - * - * @private - * @param {*} value The value to query. - * @returns {string} Returns the `toStringTag`. - */ -function baseGetTag(value) { - return objectToString.call(value); -} - -/** - * The base implementation of `_.isNative` without bad shim checks. - * - * @private - * @param {*} value The value to check. - * @returns {boolean} Returns `true` if `value` is a native function, - * else `false`. - */ -function baseIsNative(value) { - if (!isObject(value) || isMasked(value)) { - return false; - } - var pattern = (isFunction(value) || isHostObject(value)) ? reIsNative : reIsHostCtor; - return pattern.test(toSource(value)); -} - -/** - * The base implementation of `_.keys` which doesn't treat sparse arrays as dense. - * - * @private - * @param {Object} object The object to query. - * @returns {Array} Returns the array of property names. - */ -function baseKeys(object) { - if (!isPrototype(object)) { - return nativeKeys(object); - } - var result = []; - for (var key in Object(object)) { - if (hasOwnProperty.call(object, key) && key != 'constructor') { - result.push(key); - } - } - return result; -} - -/** - * Creates a clone of `buffer`. - * - * @private - * @param {Buffer} buffer The buffer to clone. - * @param {boolean} [isDeep] Specify a deep clone. - * @returns {Buffer} Returns the cloned buffer. - */ -function cloneBuffer(buffer, isDeep) { - if (isDeep) { - return buffer.slice(); - } - var result = new buffer.constructor(buffer.length); - buffer.copy(result); - return result; -} - -/** - * Creates a clone of `arrayBuffer`. - * - * @private - * @param {ArrayBuffer} arrayBuffer The array buffer to clone. - * @returns {ArrayBuffer} Returns the cloned array buffer. - */ -function cloneArrayBuffer(arrayBuffer) { - var result = new arrayBuffer.constructor(arrayBuffer.byteLength); - new Uint8Array(result).set(new Uint8Array(arrayBuffer)); - return result; -} - -/** - * Creates a clone of `dataView`. - * - * @private - * @param {Object} dataView The data view to clone. - * @param {boolean} [isDeep] Specify a deep clone. - * @returns {Object} Returns the cloned data view. - */ -function cloneDataView(dataView, isDeep) { - var buffer = isDeep ? cloneArrayBuffer(dataView.buffer) : dataView.buffer; - return new dataView.constructor(buffer, dataView.byteOffset, dataView.byteLength); -} - -/** - * Creates a clone of `map`. - * - * @private - * @param {Object} map The map to clone. - * @param {Function} cloneFunc The function to clone values. - * @param {boolean} [isDeep] Specify a deep clone. - * @returns {Object} Returns the cloned map. - */ -function cloneMap(map, isDeep, cloneFunc) { - var array = isDeep ? cloneFunc(mapToArray(map), true) : mapToArray(map); - return arrayReduce(array, addMapEntry, new map.constructor); -} - -/** - * Creates a clone of `regexp`. - * - * @private - * @param {Object} regexp The regexp to clone. - * @returns {Object} Returns the cloned regexp. - */ -function cloneRegExp(regexp) { - var result = new regexp.constructor(regexp.source, reFlags.exec(regexp)); - result.lastIndex = regexp.lastIndex; - return result; -} - -/** - * Creates a clone of `set`. - * - * @private - * @param {Object} set The set to clone. - * @param {Function} cloneFunc The function to clone values. - * @param {boolean} [isDeep] Specify a deep clone. - * @returns {Object} Returns the cloned set. - */ -function cloneSet(set, isDeep, cloneFunc) { - var array = isDeep ? cloneFunc(setToArray(set), true) : setToArray(set); - return arrayReduce(array, addSetEntry, new set.constructor); -} - -/** - * Creates a clone of the `symbol` object. - * - * @private - * @param {Object} symbol The symbol object to clone. - * @returns {Object} Returns the cloned symbol object. - */ -function cloneSymbol(symbol) { - return symbolValueOf ? Object(symbolValueOf.call(symbol)) : {}; -} - -/** - * Creates a clone of `typedArray`. - * - * @private - * @param {Object} typedArray The typed array to clone. - * @param {boolean} [isDeep] Specify a deep clone. - * @returns {Object} Returns the cloned typed array. - */ -function cloneTypedArray(typedArray, isDeep) { - var buffer = isDeep ? cloneArrayBuffer(typedArray.buffer) : typedArray.buffer; - return new typedArray.constructor(buffer, typedArray.byteOffset, typedArray.length); -} - -/** - * Copies the values of `source` to `array`. - * - * @private - * @param {Array} source The array to copy values from. - * @param {Array} [array=[]] The array to copy values to. - * @returns {Array} Returns `array`. - */ -function copyArray(source, array) { - var index = -1, - length = source.length; - - array || (array = Array(length)); - while (++index < length) { - array[index] = source[index]; - } - return array; -} - -/** - * Copies properties of `source` to `object`. - * - * @private - * @param {Object} source The object to copy properties from. - * @param {Array} props The property identifiers to copy. - * @param {Object} [object={}] The object to copy properties to. - * @param {Function} [customizer] The function to customize copied values. - * @returns {Object} Returns `object`. - */ -function copyObject(source, props, object, customizer) { - object || (object = {}); - - var index = -1, - length = props.length; - - while (++index < length) { - var key = props[index]; - - var newValue = customizer - ? customizer(object[key], source[key], key, object, source) - : undefined; - - assignValue(object, key, newValue === undefined ? source[key] : newValue); - } - return object; -} - -/** - * Copies own symbol properties of `source` to `object`. - * - * @private - * @param {Object} source The object to copy symbols from. - * @param {Object} [object={}] The object to copy symbols to. - * @returns {Object} Returns `object`. - */ -function copySymbols(source, object) { - return copyObject(source, getSymbols(source), object); -} - -/** - * Creates an array of own enumerable property names and symbols of `object`. - * - * @private - * @param {Object} object The object to query. - * @returns {Array} Returns the array of property names and symbols. - */ -function getAllKeys(object) { - return baseGetAllKeys(object, keys, getSymbols); -} - -/** - * Gets the data for `map`. - * - * @private - * @param {Object} map The map to query. - * @param {string} key The reference key. - * @returns {*} Returns the map data. - */ -function getMapData(map, key) { - var data = map.__data__; - return isKeyable(key) - ? data[typeof key == 'string' ? 'string' : 'hash'] - : data.map; -} - -/** - * Gets the native function at `key` of `object`. - * - * @private - * @param {Object} object The object to query. - * @param {string} key The key of the method to get. - * @returns {*} Returns the function if it's native, else `undefined`. - */ -function getNative(object, key) { - var value = getValue(object, key); - return baseIsNative(value) ? value : undefined; -} - -/** - * Creates an array of the own enumerable symbol properties of `object`. - * - * @private - * @param {Object} object The object to query. - * @returns {Array} Returns the array of symbols. - */ -var getSymbols = nativeGetSymbols ? overArg(nativeGetSymbols, Object) : stubArray; - -/** - * Gets the `toStringTag` of `value`. - * - * @private - * @param {*} value The value to query. - * @returns {string} Returns the `toStringTag`. - */ -var getTag = baseGetTag; - -// Fallback for data views, maps, sets, and weak maps in IE 11, -// for data views in Edge < 14, and promises in Node.js. -if ((DataView && getTag(new DataView(new ArrayBuffer(1))) != dataViewTag) || - (Map && getTag(new Map) != mapTag) || - (Promise && getTag(Promise.resolve()) != promiseTag) || - (Set && getTag(new Set) != setTag) || - (WeakMap && getTag(new WeakMap) != weakMapTag)) { - getTag = function(value) { - var result = objectToString.call(value), - Ctor = result == objectTag ? value.constructor : undefined, - ctorString = Ctor ? toSource(Ctor) : undefined; - - if (ctorString) { - switch (ctorString) { - case dataViewCtorString: return dataViewTag; - case mapCtorString: return mapTag; - case promiseCtorString: return promiseTag; - case setCtorString: return setTag; - case weakMapCtorString: return weakMapTag; - } - } - return result; - }; -} - -/** - * Initializes an array clone. - * - * @private - * @param {Array} array The array to clone. - * @returns {Array} Returns the initialized clone. - */ -function initCloneArray(array) { - var length = array.length, - result = array.constructor(length); - - // Add properties assigned by `RegExp#exec`. - if (length && typeof array[0] == 'string' && hasOwnProperty.call(array, 'index')) { - result.index = array.index; - result.input = array.input; - } - return result; -} - -/** - * Initializes an object clone. - * - * @private - * @param {Object} object The object to clone. - * @returns {Object} Returns the initialized clone. - */ -function initCloneObject(object) { - return (typeof object.constructor == 'function' && !isPrototype(object)) - ? baseCreate(getPrototype(object)) - : {}; -} - -/** - * Initializes an object clone based on its `toStringTag`. - * - * **Note:** This function only supports cloning values with tags of - * `Boolean`, `Date`, `Error`, `Number`, `RegExp`, or `String`. - * - * @private - * @param {Object} object The object to clone. - * @param {string} tag The `toStringTag` of the object to clone. - * @param {Function} cloneFunc The function to clone values. - * @param {boolean} [isDeep] Specify a deep clone. - * @returns {Object} Returns the initialized clone. - */ -function initCloneByTag(object, tag, cloneFunc, isDeep) { - var Ctor = object.constructor; - switch (tag) { - case arrayBufferTag: - return cloneArrayBuffer(object); - - case boolTag: - case dateTag: - return new Ctor(+object); - - case dataViewTag: - return cloneDataView(object, isDeep); - - case float32Tag: case float64Tag: - case int8Tag: case int16Tag: case int32Tag: - case uint8Tag: case uint8ClampedTag: case uint16Tag: case uint32Tag: - return cloneTypedArray(object, isDeep); - - case mapTag: - return cloneMap(object, isDeep, cloneFunc); - - case numberTag: - case stringTag: - return new Ctor(object); - - case regexpTag: - return cloneRegExp(object); - - case setTag: - return cloneSet(object, isDeep, cloneFunc); - - case symbolTag: - return cloneSymbol(object); - } -} - -/** - * Checks if `value` is a valid array-like index. - * - * @private - * @param {*} value The value to check. - * @param {number} [length=MAX_SAFE_INTEGER] The upper bounds of a valid index. - * @returns {boolean} Returns `true` if `value` is a valid index, else `false`. - */ -function isIndex(value, length) { - length = length == null ? MAX_SAFE_INTEGER : length; - return !!length && - (typeof value == 'number' || reIsUint.test(value)) && - (value > -1 && value % 1 == 0 && value < length); -} - -/** - * Checks if `value` is suitable for use as unique object key. - * - * @private - * @param {*} value The value to check. - * @returns {boolean} Returns `true` if `value` is suitable, else `false`. - */ -function isKeyable(value) { - var type = typeof value; - return (type == 'string' || type == 'number' || type == 'symbol' || type == 'boolean') - ? (value !== '__proto__') - : (value === null); -} - -/** - * Checks if `func` has its source masked. - * - * @private - * @param {Function} func The function to check. - * @returns {boolean} Returns `true` if `func` is masked, else `false`. - */ -function isMasked(func) { - return !!maskSrcKey && (maskSrcKey in func); -} - -/** - * Checks if `value` is likely a prototype object. - * - * @private - * @param {*} value The value to check. - * @returns {boolean} Returns `true` if `value` is a prototype, else `false`. - */ -function isPrototype(value) { - var Ctor = value && value.constructor, - proto = (typeof Ctor == 'function' && Ctor.prototype) || objectProto; - - return value === proto; -} - -/** - * Converts `func` to its source code. - * - * @private - * @param {Function} func The function to process. - * @returns {string} Returns the source code. - */ -function toSource(func) { - if (func != null) { - try { - return funcToString.call(func); - } catch (e) {} - try { - return (func + ''); - } catch (e) {} - } - return ''; -} - -/** - * This method is like `_.clone` except that it recursively clones `value`. - * - * @static - * @memberOf _ - * @since 1.0.0 - * @category Lang - * @param {*} value The value to recursively clone. - * @returns {*} Returns the deep cloned value. - * @see _.clone - * @example - * - * var objects = [{ 'a': 1 }, { 'b': 2 }]; - * - * var deep = _.cloneDeep(objects); - * console.log(deep[0] === objects[0]); - * // => false - */ -function cloneDeep(value) { - return baseClone(value, true, true); -} - -/** - * Performs a - * [`SameValueZero`](http://ecma-international.org/ecma-262/7.0/#sec-samevaluezero) - * comparison between two values to determine if they are equivalent. - * - * @static - * @memberOf _ - * @since 4.0.0 - * @category Lang - * @param {*} value The value to compare. - * @param {*} other The other value to compare. - * @returns {boolean} Returns `true` if the values are equivalent, else `false`. - * @example - * - * var object = { 'a': 1 }; - * var other = { 'a': 1 }; - * - * _.eq(object, object); - * // => true - * - * _.eq(object, other); - * // => false - * - * _.eq('a', 'a'); - * // => true - * - * _.eq('a', Object('a')); - * // => false - * - * _.eq(NaN, NaN); - * // => true - */ -function eq(value, other) { - return value === other || (value !== value && other !== other); -} - -/** - * Checks if `value` is likely an `arguments` object. - * - * @static - * @memberOf _ - * @since 0.1.0 - * @category Lang - * @param {*} value The value to check. - * @returns {boolean} Returns `true` if `value` is an `arguments` object, - * else `false`. - * @example - * - * _.isArguments(function() { return arguments; }()); - * // => true - * - * _.isArguments([1, 2, 3]); - * // => false - */ -function isArguments(value) { - // Safari 8.1 makes `arguments.callee` enumerable in strict mode. - return isArrayLikeObject(value) && hasOwnProperty.call(value, 'callee') && - (!propertyIsEnumerable.call(value, 'callee') || objectToString.call(value) == argsTag); -} - -/** - * Checks if `value` is classified as an `Array` object. - * - * @static - * @memberOf _ - * @since 0.1.0 - * @category Lang - * @param {*} value The value to check. - * @returns {boolean} Returns `true` if `value` is an array, else `false`. - * @example - * - * _.isArray([1, 2, 3]); - * // => true - * - * _.isArray(document.body.children); - * // => false - * - * _.isArray('abc'); - * // => false - * - * _.isArray(_.noop); - * // => false - */ -var isArray = Array.isArray; - -/** - * Checks if `value` is array-like. A value is considered array-like if it's - * not a function and has a `value.length` that's an integer greater than or - * equal to `0` and less than or equal to `Number.MAX_SAFE_INTEGER`. - * - * @static - * @memberOf _ - * @since 4.0.0 - * @category Lang - * @param {*} value The value to check. - * @returns {boolean} Returns `true` if `value` is array-like, else `false`. - * @example - * - * _.isArrayLike([1, 2, 3]); - * // => true - * - * _.isArrayLike(document.body.children); - * // => true - * - * _.isArrayLike('abc'); - * // => true - * - * _.isArrayLike(_.noop); - * // => false - */ -function isArrayLike(value) { - return value != null && isLength(value.length) && !isFunction(value); -} - -/** - * This method is like `_.isArrayLike` except that it also checks if `value` - * is an object. - * - * @static - * @memberOf _ - * @since 4.0.0 - * @category Lang - * @param {*} value The value to check. - * @returns {boolean} Returns `true` if `value` is an array-like object, - * else `false`. - * @example - * - * _.isArrayLikeObject([1, 2, 3]); - * // => true - * - * _.isArrayLikeObject(document.body.children); - * // => true - * - * _.isArrayLikeObject('abc'); - * // => false - * - * _.isArrayLikeObject(_.noop); - * // => false - */ -function isArrayLikeObject(value) { - return isObjectLike(value) && isArrayLike(value); -} - -/** - * Checks if `value` is a buffer. - * - * @static - * @memberOf _ - * @since 4.3.0 - * @category Lang - * @param {*} value The value to check. - * @returns {boolean} Returns `true` if `value` is a buffer, else `false`. - * @example - * - * _.isBuffer(new Buffer(2)); - * // => true - * - * _.isBuffer(new Uint8Array(2)); - * // => false - */ -var isBuffer = nativeIsBuffer || stubFalse; - -/** - * Checks if `value` is classified as a `Function` object. - * - * @static - * @memberOf _ - * @since 0.1.0 - * @category Lang - * @param {*} value The value to check. - * @returns {boolean} Returns `true` if `value` is a function, else `false`. - * @example - * - * _.isFunction(_); - * // => true - * - * _.isFunction(/abc/); - * // => false - */ -function isFunction(value) { - // The use of `Object#toString` avoids issues with the `typeof` operator - // in Safari 8-9 which returns 'object' for typed array and other constructors. - var tag = isObject(value) ? objectToString.call(value) : ''; - return tag == funcTag || tag == genTag; -} - -/** - * Checks if `value` is a valid array-like length. - * - * **Note:** This method is loosely based on - * [`ToLength`](http://ecma-international.org/ecma-262/7.0/#sec-tolength). - * - * @static - * @memberOf _ - * @since 4.0.0 - * @category Lang - * @param {*} value The value to check. - * @returns {boolean} Returns `true` if `value` is a valid length, else `false`. - * @example - * - * _.isLength(3); - * // => true - * - * _.isLength(Number.MIN_VALUE); - * // => false - * - * _.isLength(Infinity); - * // => false - * - * _.isLength('3'); - * // => false - */ -function isLength(value) { - return typeof value == 'number' && - value > -1 && value % 1 == 0 && value <= MAX_SAFE_INTEGER; -} - -/** - * Checks if `value` is the - * [language type](http://www.ecma-international.org/ecma-262/7.0/#sec-ecmascript-language-types) - * of `Object`. (e.g. arrays, functions, objects, regexes, `new Number(0)`, and `new String('')`) - * - * @static - * @memberOf _ - * @since 0.1.0 - * @category Lang - * @param {*} value The value to check. - * @returns {boolean} Returns `true` if `value` is an object, else `false`. - * @example - * - * _.isObject({}); - * // => true - * - * _.isObject([1, 2, 3]); - * // => true - * - * _.isObject(_.noop); - * // => true - * - * _.isObject(null); - * // => false - */ -function isObject(value) { - var type = typeof value; - return !!value && (type == 'object' || type == 'function'); -} - -/** - * Checks if `value` is object-like. A value is object-like if it's not `null` - * and has a `typeof` result of "object". - * - * @static - * @memberOf _ - * @since 4.0.0 - * @category Lang - * @param {*} value The value to check. - * @returns {boolean} Returns `true` if `value` is object-like, else `false`. - * @example - * - * _.isObjectLike({}); - * // => true - * - * _.isObjectLike([1, 2, 3]); - * // => true - * - * _.isObjectLike(_.noop); - * // => false - * - * _.isObjectLike(null); - * // => false - */ -function isObjectLike(value) { - return !!value && typeof value == 'object'; -} - -/** - * Creates an array of the own enumerable property names of `object`. - * - * **Note:** Non-object values are coerced to objects. See the - * [ES spec](http://ecma-international.org/ecma-262/7.0/#sec-object.keys) - * for more details. - * - * @static - * @since 0.1.0 - * @memberOf _ - * @category Object - * @param {Object} object The object to query. - * @returns {Array} Returns the array of property names. - * @example - * - * function Foo() { - * this.a = 1; - * this.b = 2; - * } - * - * Foo.prototype.c = 3; - * - * _.keys(new Foo); - * // => ['a', 'b'] (iteration order is not guaranteed) - * - * _.keys('hi'); - * // => ['0', '1'] - */ -function keys(object) { - return isArrayLike(object) ? arrayLikeKeys(object) : baseKeys(object); -} - -/** - * This method returns a new empty array. - * - * @static - * @memberOf _ - * @since 4.13.0 - * @category Util - * @returns {Array} Returns the new empty array. - * @example - * - * var arrays = _.times(2, _.stubArray); - * - * console.log(arrays); - * // => [[], []] - * - * console.log(arrays[0] === arrays[1]); - * // => false - */ -function stubArray() { - return []; -} - -/** - * This method returns `false`. - * - * @static - * @memberOf _ - * @since 4.13.0 - * @category Util - * @returns {boolean} Returns `false`. - * @example - * - * _.times(2, _.stubFalse); - * // => [false, false] - */ -function stubFalse() { - return false; -} - -module.exports = cloneDeep; diff --git a/node_modules/lodash.clonedeep/package.json b/node_modules/lodash.clonedeep/package.json deleted file mode 100644 index fb1d626d5c603..0000000000000 --- a/node_modules/lodash.clonedeep/package.json +++ /dev/null @@ -1,17 +0,0 @@ -{ - "name": "lodash.clonedeep", - "version": "4.5.0", - "description": "The lodash method `_.cloneDeep` exported as a module.", - "homepage": "https://lodash.com/", - "icon": "https://lodash.com/icon.svg", - "license": "MIT", - "keywords": "lodash-modularized, clonedeep", - "author": "John-David Dalton (http://allyoucanleet.com/)", - "contributors": [ - "John-David Dalton (http://allyoucanleet.com/)", - "Blaine Bublitz (https://github.com/phated)", - "Mathias Bynens (https://mathiasbynens.be/)" - ], - "repository": "lodash/lodash", - "scripts": { "test": "echo \"See https://travis-ci.org/lodash/lodash-cli for testing details.\"" } -} diff --git a/package-lock.json b/package-lock.json index 5edc6bf17767e..7fb4b05848470 100644 --- a/package-lock.json +++ b/package-lock.json @@ -109,7 +109,7 @@ "libnpmhook": "^6.0.0", "libnpmorg": "^2.0.0", "libnpmpack": "^2.0.0", - "libnpmpublish": "^3.0.2", + "libnpmpublish": "^4.0.0", "libnpmsearch": "^3.0.0", "libnpmteam": "^2.0.1", "libnpmversion": "^1.0.6", @@ -3750,15 +3750,14 @@ } }, "node_modules/libnpmpublish": { - "version": "3.0.2", + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/libnpmpublish/-/libnpmpublish-4.0.0.tgz", + "integrity": "sha512-2RwYXRfZAB1x/9udKpZmqEzSqNd7ouBRU52jyG14/xG8EF+O9A62d7/XVR3iABEQHf1iYhkm0Oq9iXjrL3tsXA==", "inBundle": true, - "license": "ISC", "dependencies": { - "libnpmpack": "^2.0.0", - "lodash.clonedeep": "^4.5.0", "normalize-package-data": "^3.0.0", "npm-package-arg": "^8.1.0", - "npm-registry-fetch": "^8.1.5", + "npm-registry-fetch": "^9.0.0", "semver": "^7.1.3", "ssri": "^8.0.0" }, @@ -3836,11 +3835,6 @@ "integrity": "sha512-PlhdFcillOINfeV7Ni6oF1TAEayyZBoZ8bcshTHqOYJYlrqzRK5hagpagky5o4HfCzzd1TRkXPMFq6cKk9rGmA==", "dev": true }, - "node_modules/lodash.clonedeep": { - "version": "4.5.0", - "inBundle": true, - "license": "MIT" - }, "node_modules/lodash.flattendeep": { "version": "4.4.0", "resolved": "https://registry.npmjs.org/lodash.flattendeep/-/lodash.flattendeep-4.4.0.tgz", @@ -11462,13 +11456,13 @@ } }, "libnpmpublish": { - "version": "3.0.2", + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/libnpmpublish/-/libnpmpublish-4.0.0.tgz", + "integrity": "sha512-2RwYXRfZAB1x/9udKpZmqEzSqNd7ouBRU52jyG14/xG8EF+O9A62d7/XVR3iABEQHf1iYhkm0Oq9iXjrL3tsXA==", "requires": { - "libnpmpack": "^2.0.0", - "lodash.clonedeep": "^4.5.0", "normalize-package-data": "^3.0.0", "npm-package-arg": "^8.1.0", - "npm-registry-fetch": "^8.1.5", + "npm-registry-fetch": "^9.0.0", "semver": "^7.1.3", "ssri": "^8.0.0" } @@ -11526,9 +11520,6 @@ "integrity": "sha512-PlhdFcillOINfeV7Ni6oF1TAEayyZBoZ8bcshTHqOYJYlrqzRK5hagpagky5o4HfCzzd1TRkXPMFq6cKk9rGmA==", "dev": true }, - "lodash.clonedeep": { - "version": "4.5.0" - }, "lodash.flattendeep": { "version": "4.4.0", "resolved": "https://registry.npmjs.org/lodash.flattendeep/-/lodash.flattendeep-4.4.0.tgz", diff --git a/package.json b/package.json index ef00418446c85..39b55eaa6f08f 100644 --- a/package.json +++ b/package.json @@ -73,7 +73,7 @@ "libnpmhook": "^6.0.0", "libnpmorg": "^2.0.0", "libnpmpack": "^2.0.0", - "libnpmpublish": "^3.0.2", + "libnpmpublish": "^4.0.0", "libnpmsearch": "^3.0.0", "libnpmteam": "^2.0.1", "libnpmversion": "^1.0.6", From 7d88f17197e3c8cca9b277378d6f9b054b1b7886 Mon Sep 17 00:00:00 2001 From: isaacs Date: Tue, 3 Nov 2020 12:57:43 -0800 Subject: [PATCH 06/21] npm-registry-fetch@9.0.0 This causes a lot of duplicates which will be removed in subsequent commits. --- .../npm-registry-fetch/CHANGELOG.md | 384 +++++++++++ .../npm-registry-fetch/LICENSE.md | 16 + .../node_modules/npm-registry-fetch/README.md | 635 ++++++++++++++++++ .../node_modules/npm-registry-fetch/auth.js | 55 ++ .../npm-registry-fetch/check-response.js | 128 ++++ .../npm-registry-fetch/default-opts.js | 22 + .../node_modules/npm-registry-fetch/errors.js | 79 +++ .../node_modules/npm-registry-fetch/index.js | 219 ++++++ .../npm-registry-fetch/package.json | 59 ++ .../npm-registry-fetch/silentlog.js | 14 + .../npm-registry-fetch/CHANGELOG.md | 384 +++++++++++ .../npm-registry-fetch/LICENSE.md | 16 + .../node_modules/npm-registry-fetch/README.md | 635 ++++++++++++++++++ .../node_modules/npm-registry-fetch/auth.js | 55 ++ .../npm-registry-fetch/check-response.js | 128 ++++ .../npm-registry-fetch/default-opts.js | 22 + .../node_modules/npm-registry-fetch/errors.js | 79 +++ .../node_modules/npm-registry-fetch/index.js | 219 ++++++ .../npm-registry-fetch/package.json | 59 ++ .../npm-registry-fetch/silentlog.js | 14 + .../npm-registry-fetch/CHANGELOG.md | 384 +++++++++++ .../npm-registry-fetch/LICENSE.md | 16 + .../node_modules/npm-registry-fetch/README.md | 635 ++++++++++++++++++ .../node_modules/npm-registry-fetch/auth.js | 55 ++ .../npm-registry-fetch/check-response.js | 128 ++++ .../npm-registry-fetch/default-opts.js | 22 + .../node_modules/npm-registry-fetch/errors.js | 79 +++ .../node_modules/npm-registry-fetch/index.js | 219 ++++++ .../npm-registry-fetch/package.json | 59 ++ .../npm-registry-fetch/silentlog.js | 14 + .../npm-registry-fetch/CHANGELOG.md | 384 +++++++++++ .../npm-registry-fetch/LICENSE.md | 16 + .../node_modules/npm-registry-fetch/README.md | 635 ++++++++++++++++++ .../node_modules/npm-registry-fetch/auth.js | 55 ++ .../npm-registry-fetch/check-response.js | 128 ++++ .../npm-registry-fetch/default-opts.js | 22 + .../node_modules/npm-registry-fetch/errors.js | 79 +++ .../node_modules/npm-registry-fetch/index.js | 219 ++++++ .../npm-registry-fetch/package.json | 59 ++ .../npm-registry-fetch/silentlog.js | 14 + .../npm-registry-fetch/CHANGELOG.md | 384 +++++++++++ .../npm-registry-fetch/LICENSE.md | 16 + .../node_modules/npm-registry-fetch/README.md | 635 ++++++++++++++++++ .../node_modules/npm-registry-fetch/auth.js | 55 ++ .../npm-registry-fetch/check-response.js | 128 ++++ .../npm-registry-fetch/default-opts.js | 22 + .../node_modules/npm-registry-fetch/errors.js | 79 +++ .../node_modules/npm-registry-fetch/index.js | 219 ++++++ .../npm-registry-fetch/package.json | 59 ++ .../npm-registry-fetch/silentlog.js | 14 + .../npm-registry-fetch/CHANGELOG.md | 384 +++++++++++ .../npm-registry-fetch/LICENSE.md | 16 + .../node_modules/npm-registry-fetch/README.md | 635 ++++++++++++++++++ .../node_modules/npm-registry-fetch/auth.js | 55 ++ .../npm-registry-fetch/check-response.js | 128 ++++ .../npm-registry-fetch/default-opts.js | 22 + .../node_modules/npm-registry-fetch/errors.js | 79 +++ .../node_modules/npm-registry-fetch/index.js | 219 ++++++ .../npm-registry-fetch/package.json | 59 ++ .../npm-registry-fetch/silentlog.js | 14 + node_modules/npm-registry-fetch/README.md | 6 - node_modules/npm-registry-fetch/auth.js | 16 +- .../npm-registry-fetch/check-response.js | 18 +- .../npm-registry-fetch/default-opts.js | 2 +- node_modules/npm-registry-fetch/errors.js | 5 +- node_modules/npm-registry-fetch/index.js | 63 +- node_modules/npm-registry-fetch/package.json | 28 +- node_modules/npm-registry-fetch/silentlog.js | 2 +- .../npm-registry-fetch/CHANGELOG.md | 384 +++++++++++ .../npm-registry-fetch/LICENSE.md | 16 + .../node_modules/npm-registry-fetch/README.md | 635 ++++++++++++++++++ .../node_modules/npm-registry-fetch/auth.js | 55 ++ .../npm-registry-fetch/check-response.js | 128 ++++ .../npm-registry-fetch/default-opts.js | 22 + .../node_modules/npm-registry-fetch/errors.js | 79 +++ .../node_modules/npm-registry-fetch/index.js | 219 ++++++ .../npm-registry-fetch/package.json | 59 ++ .../npm-registry-fetch/silentlog.js | 14 + package-lock.json | 263 +++++++- package.json | 2 +- 80 files changed, 11597 insertions(+), 85 deletions(-) create mode 100644 node_modules/libnpmaccess/node_modules/npm-registry-fetch/CHANGELOG.md create mode 100644 node_modules/libnpmaccess/node_modules/npm-registry-fetch/LICENSE.md create mode 100644 node_modules/libnpmaccess/node_modules/npm-registry-fetch/README.md create mode 100644 node_modules/libnpmaccess/node_modules/npm-registry-fetch/auth.js create mode 100644 node_modules/libnpmaccess/node_modules/npm-registry-fetch/check-response.js create mode 100644 node_modules/libnpmaccess/node_modules/npm-registry-fetch/default-opts.js create mode 100644 node_modules/libnpmaccess/node_modules/npm-registry-fetch/errors.js create mode 100644 node_modules/libnpmaccess/node_modules/npm-registry-fetch/index.js create mode 100644 node_modules/libnpmaccess/node_modules/npm-registry-fetch/package.json create mode 100644 node_modules/libnpmaccess/node_modules/npm-registry-fetch/silentlog.js create mode 100644 node_modules/libnpmhook/node_modules/npm-registry-fetch/CHANGELOG.md create mode 100644 node_modules/libnpmhook/node_modules/npm-registry-fetch/LICENSE.md create mode 100644 node_modules/libnpmhook/node_modules/npm-registry-fetch/README.md create mode 100644 node_modules/libnpmhook/node_modules/npm-registry-fetch/auth.js create mode 100644 node_modules/libnpmhook/node_modules/npm-registry-fetch/check-response.js create mode 100644 node_modules/libnpmhook/node_modules/npm-registry-fetch/default-opts.js create mode 100644 node_modules/libnpmhook/node_modules/npm-registry-fetch/errors.js create mode 100644 node_modules/libnpmhook/node_modules/npm-registry-fetch/index.js create mode 100644 node_modules/libnpmhook/node_modules/npm-registry-fetch/package.json create mode 100644 node_modules/libnpmhook/node_modules/npm-registry-fetch/silentlog.js create mode 100644 node_modules/libnpmorg/node_modules/npm-registry-fetch/CHANGELOG.md create mode 100644 node_modules/libnpmorg/node_modules/npm-registry-fetch/LICENSE.md create mode 100644 node_modules/libnpmorg/node_modules/npm-registry-fetch/README.md create mode 100644 node_modules/libnpmorg/node_modules/npm-registry-fetch/auth.js create mode 100644 node_modules/libnpmorg/node_modules/npm-registry-fetch/check-response.js create mode 100644 node_modules/libnpmorg/node_modules/npm-registry-fetch/default-opts.js create mode 100644 node_modules/libnpmorg/node_modules/npm-registry-fetch/errors.js create mode 100644 node_modules/libnpmorg/node_modules/npm-registry-fetch/index.js create mode 100644 node_modules/libnpmorg/node_modules/npm-registry-fetch/package.json create mode 100644 node_modules/libnpmorg/node_modules/npm-registry-fetch/silentlog.js create mode 100644 node_modules/libnpmsearch/node_modules/npm-registry-fetch/CHANGELOG.md create mode 100644 node_modules/libnpmsearch/node_modules/npm-registry-fetch/LICENSE.md create mode 100644 node_modules/libnpmsearch/node_modules/npm-registry-fetch/README.md create mode 100644 node_modules/libnpmsearch/node_modules/npm-registry-fetch/auth.js create mode 100644 node_modules/libnpmsearch/node_modules/npm-registry-fetch/check-response.js create mode 100644 node_modules/libnpmsearch/node_modules/npm-registry-fetch/default-opts.js create mode 100644 node_modules/libnpmsearch/node_modules/npm-registry-fetch/errors.js create mode 100644 node_modules/libnpmsearch/node_modules/npm-registry-fetch/index.js create mode 100644 node_modules/libnpmsearch/node_modules/npm-registry-fetch/package.json create mode 100644 node_modules/libnpmsearch/node_modules/npm-registry-fetch/silentlog.js create mode 100644 node_modules/libnpmteam/node_modules/npm-registry-fetch/CHANGELOG.md create mode 100644 node_modules/libnpmteam/node_modules/npm-registry-fetch/LICENSE.md create mode 100644 node_modules/libnpmteam/node_modules/npm-registry-fetch/README.md create mode 100644 node_modules/libnpmteam/node_modules/npm-registry-fetch/auth.js create mode 100644 node_modules/libnpmteam/node_modules/npm-registry-fetch/check-response.js create mode 100644 node_modules/libnpmteam/node_modules/npm-registry-fetch/default-opts.js create mode 100644 node_modules/libnpmteam/node_modules/npm-registry-fetch/errors.js create mode 100644 node_modules/libnpmteam/node_modules/npm-registry-fetch/index.js create mode 100644 node_modules/libnpmteam/node_modules/npm-registry-fetch/package.json create mode 100644 node_modules/libnpmteam/node_modules/npm-registry-fetch/silentlog.js create mode 100644 node_modules/npm-profile/node_modules/npm-registry-fetch/CHANGELOG.md create mode 100644 node_modules/npm-profile/node_modules/npm-registry-fetch/LICENSE.md create mode 100644 node_modules/npm-profile/node_modules/npm-registry-fetch/README.md create mode 100644 node_modules/npm-profile/node_modules/npm-registry-fetch/auth.js create mode 100644 node_modules/npm-profile/node_modules/npm-registry-fetch/check-response.js create mode 100644 node_modules/npm-profile/node_modules/npm-registry-fetch/default-opts.js create mode 100644 node_modules/npm-profile/node_modules/npm-registry-fetch/errors.js create mode 100644 node_modules/npm-profile/node_modules/npm-registry-fetch/index.js create mode 100644 node_modules/npm-profile/node_modules/npm-registry-fetch/package.json create mode 100644 node_modules/npm-profile/node_modules/npm-registry-fetch/silentlog.js create mode 100644 node_modules/pacote/node_modules/npm-registry-fetch/CHANGELOG.md create mode 100644 node_modules/pacote/node_modules/npm-registry-fetch/LICENSE.md create mode 100644 node_modules/pacote/node_modules/npm-registry-fetch/README.md create mode 100644 node_modules/pacote/node_modules/npm-registry-fetch/auth.js create mode 100644 node_modules/pacote/node_modules/npm-registry-fetch/check-response.js create mode 100644 node_modules/pacote/node_modules/npm-registry-fetch/default-opts.js create mode 100644 node_modules/pacote/node_modules/npm-registry-fetch/errors.js create mode 100644 node_modules/pacote/node_modules/npm-registry-fetch/index.js create mode 100644 node_modules/pacote/node_modules/npm-registry-fetch/package.json create mode 100644 node_modules/pacote/node_modules/npm-registry-fetch/silentlog.js diff --git a/node_modules/libnpmaccess/node_modules/npm-registry-fetch/CHANGELOG.md b/node_modules/libnpmaccess/node_modules/npm-registry-fetch/CHANGELOG.md new file mode 100644 index 0000000000000..fc26ee1bda4ba --- /dev/null +++ b/node_modules/libnpmaccess/node_modules/npm-registry-fetch/CHANGELOG.md @@ -0,0 +1,384 @@ +# Changelog + +All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines. + +### [8.1.5](https://github.com/npm/registry-fetch/compare/v8.1.4...v8.1.5) (2020-10-12) + + +### Bug Fixes + +* respect publishConfig.registry when specified ([32e36ef](https://github.com/npm/registry-fetch/commit/32e36efe86302ed319973cd5b1e6ccc3f62e557e)), closes [#35](https://github.com/npm/registry-fetch/issues/35) + +### [8.1.4](https://github.com/npm/registry-fetch/compare/v8.1.3...v8.1.4) (2020-08-17) + + +### Bug Fixes + +* redact passwords from http logs ([3c294eb](https://github.com/npm/registry-fetch/commit/3c294ebbd7821725db4ff1bc5fe368c49613efcc)) + +### [8.1.3](https://github.com/npm/registry-fetch/compare/v8.1.2...v8.1.3) (2020-07-21) + +### [8.1.2](https://github.com/npm/registry-fetch/compare/v8.1.1...v8.1.2) (2020-07-11) + +### [8.1.1](https://github.com/npm/registry-fetch/compare/v8.1.0...v8.1.1) (2020-06-30) + +## [8.1.0](https://github.com/npm/registry-fetch/compare/v8.0.3...v8.1.0) (2020-05-20) + + +### Features + +* add npm-command HTTP header ([1bb4eb2](https://github.com/npm/registry-fetch/commit/1bb4eb2c66ee8a0dc62558bdcff1b548e2bb9820)) + +### [8.0.3](https://github.com/npm/registry-fetch/compare/v8.0.2...v8.0.3) (2020-05-13) + + +### Bug Fixes + +* update minipass and make-fetch-happen to latest ([3b6c5d0](https://github.com/npm/registry-fetch/commit/3b6c5d0d8ccd4c4a97862a65acef956f19aec127)), closes [#23](https://github.com/npm/registry-fetch/issues/23) + +### [8.0.2](https://github.com/npm/registry-fetch/compare/v8.0.1...v8.0.2) (2020-05-04) + + +### Bug Fixes + +* update make-fetch-happen to 8.0.6 ([226df2c](https://github.com/npm/registry-fetch/commit/226df2c32e3f9ed8ceefcfdbd11efb178181b442)) + +## [8.0.0](https://github.com/npm/registry-fetch/compare/v7.0.1...v8.0.0) (2020-02-24) + + +### ⚠ BREAKING CHANGES + +* Removes the 'opts.refer' option and the HTTP Referer +header (unless explicitly added to the 'headers' option, of course). + +PR-URL: https://github.com/npm/npm-registry-fetch/pull/25 +Credit: @isaacs + +### Bug Fixes + +* remove referer header and opts.refer ([eb8f7af](https://github.com/npm/registry-fetch/commit/eb8f7af3c102834856604c1be664b00ca0fe8ef2)), closes [#25](https://github.com/npm/registry-fetch/issues/25) + +### [7.0.1](https://github.com/npm/registry-fetch/compare/v7.0.0...v7.0.1) (2020-02-24) + +## [7.0.0](https://github.com/npm/registry-fetch/compare/v6.0.2...v7.0.0) (2020-02-18) + + +### ⚠ BREAKING CHANGES + +* figgy pudding is now nowhere to be found. +* this removes figgy-pudding, and drops several option +aliases. + +Defaults and behavior are all the same, and this module is now using the +canonical camelCase option names that npm v7 will provide to all its +deps. + +Related to: https://github.com/npm/rfcs/pull/102 + +PR-URL: https://github.com/npm/npm-registry-fetch/pull/22 +Credit: @isaacs + +### Bug Fixes + +* Remove figgy-pudding, use canonical option names ([ede3c08](https://github.com/npm/registry-fetch/commit/ede3c087007fd1808e02b1af70562220d03b18a9)), closes [#22](https://github.com/npm/registry-fetch/issues/22) + + +* update cacache, ssri, make-fetch-happen ([57fcc88](https://github.com/npm/registry-fetch/commit/57fcc889bee03edcc0a2025d96a171039108c231)) + +### [6.0.2](https://github.com/npm/registry-fetch/compare/v6.0.1...v6.0.2) (2020-02-14) + + +### Bug Fixes + +* always bypass cache when ?write=true ([83f89f3](https://github.com/npm/registry-fetch/commit/83f89f35abd2ed0507c869e37f90ed746375772c)) + +### [6.0.1](https://github.com/npm/registry-fetch/compare/v6.0.0...v6.0.1) (2020-02-14) + + +### Bug Fixes + +* use 30s default for timeout as per README ([50e8afc](https://github.com/npm/registry-fetch/commit/50e8afc6ff850542feb588f9f9c64ebae59e72a0)), closes [#20](https://github.com/npm/registry-fetch/issues/20) + +## [6.0.0](https://github.com/npm/registry-fetch/compare/v5.0.1...v6.0.0) (2019-12-17) + + +### ⚠ BREAKING CHANGES + +* This drops support for node < 10. + +There are some lint failures due to standard pushing for using WhatWG URL +objects instead of url.parse/url.resolve. However, the code in this lib +does some fancy things with the query/search portions of the parsed url +object, so it'll take a bit of care to make it work properly. + +### Bug Fixes + +* detect CI so our tests don't fail in CI ([5813da6](https://github.com/npm/registry-fetch/commit/5813da634cef73b12e40373972d7937e6934fce0)) +* Use WhatWG URLs instead of url.parse ([8ccfa8a](https://github.com/npm/registry-fetch/commit/8ccfa8a72c38cfedb0f525b7f453644fd4444f99)) + + +* normalize settings, drop old nodes, update deps ([510b125](https://github.com/npm/registry-fetch/commit/510b1255cc7ed4bb397a34e0007757dae33e2275)) + + +## [5.0.1](https://github.com/npm/registry-fetch/compare/v5.0.0...v5.0.1) (2019-11-11) + + + + +# [5.0.0](https://github.com/npm/registry-fetch/compare/v4.0.2...v5.0.0) (2019-10-04) + + +### Bug Fixes + +* prefer const in getAuth function ([90ac7b1](https://github.com/npm/registry-fetch/commit/90ac7b1)) +* use minizlib instead of core zlib ([e64702e](https://github.com/npm/registry-fetch/commit/e64702e)) + + +### Features + +* refactor to use Minipass streams ([bb37f20](https://github.com/npm/registry-fetch/commit/bb37f20)) + + +### BREAKING CHANGES + +* this replaces all core streams (except for some +PassThrough streams in a few tests) with Minipass streams, and updates +all deps to the latest and greatest Minipass versions of things. + + + + +## [4.0.2](https://github.com/npm/registry-fetch/compare/v4.0.0...v4.0.2) (2019-10-04) + + +### Bug Fixes + +* Add null check on body on 401 errors ([e3a0186](https://github.com/npm/registry-fetch/commit/e3a0186)), closes [#9](https://github.com/npm/registry-fetch/issues/9) +* **deps:** Add explicit dependency on safe-buffer ([8eae5f0](https://github.com/npm/registry-fetch/commit/8eae5f0)), closes [npm/libnpmaccess#2](https://github.com/npm/libnpmaccess/issues/2) [#3](https://github.com/npm/registry-fetch/issues/3) + + + + +# [4.0.0](https://github.com/npm/registry-fetch/compare/v3.9.1...v4.0.0) (2019-07-15) + + +* cacache@12.0.0, infer uid from cache folder ([0c4f060](https://github.com/npm/registry-fetch/commit/0c4f060)) + + +### BREAKING CHANGES + +* uid and gid are inferred from cache folder, rather than +being passed in as options. + + + + +## [3.9.1](https://github.com/npm/registry-fetch/compare/v3.9.0...v3.9.1) (2019-07-02) + + + + +# [3.9.0](https://github.com/npm/registry-fetch/compare/v3.8.0...v3.9.0) (2019-01-24) + + +### Features + +* **auth:** support username:password encoded legacy _auth ([a91f90c](https://github.com/npm/registry-fetch/commit/a91f90c)) + + + + +# [3.8.0](https://github.com/npm/registry-fetch/compare/v3.7.0...v3.8.0) (2018-08-23) + + +### Features + +* **mapJson:** add support for passing in json stream mapper ([0600986](https://github.com/npm/registry-fetch/commit/0600986)) + + + + +# [3.7.0](https://github.com/npm/registry-fetch/compare/v3.6.0...v3.7.0) (2018-08-23) + + +### Features + +* **json.stream:** add utility function for streamed JSON parsing ([051d969](https://github.com/npm/registry-fetch/commit/051d969)) + + + + +# [3.6.0](https://github.com/npm/registry-fetch/compare/v3.5.0...v3.6.0) (2018-08-22) + + +### Bug Fixes + +* **docs:** document opts.forceAuth ([40bcd65](https://github.com/npm/registry-fetch/commit/40bcd65)) + + +### Features + +* **opts.ignoreBody:** add a boolean to throw away response bodies ([6923702](https://github.com/npm/registry-fetch/commit/6923702)) + + + + +# [3.5.0](https://github.com/npm/registry-fetch/compare/v3.4.0...v3.5.0) (2018-08-22) + + +### Features + +* **pkgid:** heuristic pkgid calculation for errors ([2e789a5](https://github.com/npm/registry-fetch/commit/2e789a5)) + + + + +# [3.4.0](https://github.com/npm/registry-fetch/compare/v3.3.0...v3.4.0) (2018-08-22) + + +### Bug Fixes + +* **deps:** use new figgy-pudding with aliases fix ([0308f54](https://github.com/npm/registry-fetch/commit/0308f54)) + + +### Features + +* **auth:** add forceAuth option to force a specific auth mechanism ([4524d17](https://github.com/npm/registry-fetch/commit/4524d17)) + + + + +# [3.3.0](https://github.com/npm/registry-fetch/compare/v3.2.1...v3.3.0) (2018-08-21) + + +### Bug Fixes + +* **query:** stop including undefined keys ([4718b1b](https://github.com/npm/registry-fetch/commit/4718b1b)) + + +### Features + +* **otp:** use heuristic detection for malformed EOTP responses ([f035194](https://github.com/npm/registry-fetch/commit/f035194)) + + + + +## [3.2.1](https://github.com/npm/registry-fetch/compare/v3.2.0...v3.2.1) (2018-08-16) + + +### Bug Fixes + +* **opts:** pass through non-null opts.retry ([beba040](https://github.com/npm/registry-fetch/commit/beba040)) + + + + +# [3.2.0](https://github.com/npm/registry-fetch/compare/v3.1.1...v3.2.0) (2018-07-27) + + +### Features + +* **gzip:** add opts.gzip convenience opt ([340abe0](https://github.com/npm/registry-fetch/commit/340abe0)) + + + + +## [3.1.1](https://github.com/npm/registry-fetch/compare/v3.1.0...v3.1.1) (2018-04-09) + + + + +# [3.1.0](https://github.com/npm/registry-fetch/compare/v3.0.0...v3.1.0) (2018-04-09) + + +### Features + +* **config:** support no-proxy and https-proxy options ([9aa906b](https://github.com/npm/registry-fetch/commit/9aa906b)) + + + + +# [3.0.0](https://github.com/npm/registry-fetch/compare/v2.1.0...v3.0.0) (2018-04-09) + + +### Bug Fixes + +* **api:** pacote integration-related fixes ([a29de4f](https://github.com/npm/registry-fetch/commit/a29de4f)) +* **config:** stop caring about opts.config ([5856a6f](https://github.com/npm/registry-fetch/commit/5856a6f)) + + +### BREAKING CHANGES + +* **config:** opts.config is no longer supported. Pass the options down in opts itself. + + + + +# [2.1.0](https://github.com/npm/registry-fetch/compare/v2.0.0...v2.1.0) (2018-04-08) + + +### Features + +* **token:** accept opts.token for opts._authToken ([108c9f0](https://github.com/npm/registry-fetch/commit/108c9f0)) + + + + +# [2.0.0](https://github.com/npm/registry-fetch/compare/v1.1.1...v2.0.0) (2018-04-08) + + +### meta + +* drop support for node@4 ([758536e](https://github.com/npm/registry-fetch/commit/758536e)) + + +### BREAKING CHANGES + +* node@4 is no longer supported + + + + +## [1.1.1](https://github.com/npm/registry-fetch/compare/v1.1.0...v1.1.1) (2018-04-06) + + + + +# [1.1.0](https://github.com/npm/registry-fetch/compare/v1.0.1...v1.1.0) (2018-03-16) + + +### Features + +* **specs:** can use opts.spec to trigger pickManifest ([85c4ac9](https://github.com/npm/registry-fetch/commit/85c4ac9)) + + + + +## [1.0.1](https://github.com/npm/registry-fetch/compare/v1.0.0...v1.0.1) (2018-03-16) + + +### Bug Fixes + +* **query:** oops console.log ([870e4f5](https://github.com/npm/registry-fetch/commit/870e4f5)) + + + + +# 1.0.0 (2018-03-16) + + +### Bug Fixes + +* **auth:** get auth working with all the little details ([84b94ba](https://github.com/npm/registry-fetch/commit/84b94ba)) +* **deps:** add bluebird as an actual dep ([1286e31](https://github.com/npm/registry-fetch/commit/1286e31)) +* **errors:** Unknown auth errors use default code ([#1](https://github.com/npm/registry-fetch/issues/1)) ([3d91b93](https://github.com/npm/registry-fetch/commit/3d91b93)) +* **standard:** remove args from invocation ([9620a0a](https://github.com/npm/registry-fetch/commit/9620a0a)) + + +### Features + +* **api:** baseline kinda-working API impl ([bf91f9f](https://github.com/npm/registry-fetch/commit/bf91f9f)) +* **body:** automatic handling of different opts.body values ([f3b97db](https://github.com/npm/registry-fetch/commit/f3b97db)) +* **config:** nicer input config input handling ([b9ce21d](https://github.com/npm/registry-fetch/commit/b9ce21d)) +* **opts:** use figgy-pudding for opts handling ([0abd527](https://github.com/npm/registry-fetch/commit/0abd527)) +* **query:** add query utility support ([65ea8b1](https://github.com/npm/registry-fetch/commit/65ea8b1)) diff --git a/node_modules/libnpmaccess/node_modules/npm-registry-fetch/LICENSE.md b/node_modules/libnpmaccess/node_modules/npm-registry-fetch/LICENSE.md new file mode 100644 index 0000000000000..8d28acf866d93 --- /dev/null +++ b/node_modules/libnpmaccess/node_modules/npm-registry-fetch/LICENSE.md @@ -0,0 +1,16 @@ +ISC License + +Copyright (c) npm, Inc. + +Permission to use, copy, modify, and/or distribute this software for +any purpose with or without fee is hereby granted, provided that the +above copyright notice and this permission notice appear in all copies. + +THE SOFTWARE IS PROVIDED "AS IS" AND THE COPYRIGHT HOLDER DISCLAIMS +ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE +COPYRIGHT HOLDER BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR +CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS +OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE +USE OR PERFORMANCE OF THIS SOFTWARE. diff --git a/node_modules/libnpmaccess/node_modules/npm-registry-fetch/README.md b/node_modules/libnpmaccess/node_modules/npm-registry-fetch/README.md new file mode 100644 index 0000000000000..e660940e30dc4 --- /dev/null +++ b/node_modules/libnpmaccess/node_modules/npm-registry-fetch/README.md @@ -0,0 +1,635 @@ +# npm-registry-fetch + +[![npm version](https://img.shields.io/npm/v/npm-registry-fetch.svg)](https://npm.im/npm-registry-fetch) +[![license](https://img.shields.io/npm/l/npm-registry-fetch.svg)](https://npm.im/npm-registry-fetch) +[![Travis](https://img.shields.io/travis/npm/npm-registry-fetch/latest.svg)](https://travis-ci.org/npm/npm-registry-fetch) +[![AppVeyor](https://img.shields.io/appveyor/ci/npm/npm-registry-fetch/latest.svg)](https://ci.appveyor.com/project/npm/npm-registry-fetch) +[![Coverage Status](https://coveralls.io/repos/github/npm/npm-registry-fetch/badge.svg?branch=latest)](https://coveralls.io/github/npm/npm-registry-fetch?branch=latest) + +[`npm-registry-fetch`](https://github.com/npm/npm-registry-fetch) is a Node.js +library that implements a `fetch`-like API for accessing npm registry APIs +consistently. It's able to consume npm-style configuration values and has all +the necessary logic for picking registries, handling scopes, and dealing with +authentication details built-in. + +This package is meant to replace the older +[`npm-registry-client`](https://npm.im/npm-registry-client). + +## Example + +```javascript +const npmFetch = require('npm-registry-fetch') + +console.log( + await npmFetch.json('/-/ping') +) +``` + +## Table of Contents + +* [Installing](#install) +* [Example](#example) +* [Contributing](#contributing) +* [API](#api) + * [`fetch`](#fetch) + * [`fetch.json`](#fetch-json) + * [`fetch` options](#fetch-opts) + +### Install + +`$ npm install npm-registry-fetch` + +### Contributing + +The npm team enthusiastically welcomes contributions and project participation! +There's a bunch of things you can do if you want to contribute! The [Contributor +Guide](CONTRIBUTING.md) has all the information you need for everything from +reporting bugs to contributing entire new features. Please don't hesitate to +jump in if you'd like to, or even ask us questions if something isn't clear. + +All participants and maintainers in this project are expected to follow [Code of +Conduct](CODE_OF_CONDUCT.md), and just generally be excellent to each other. + +Please refer to the [Changelog](CHANGELOG.md) for project history details, too. + +Happy hacking! + +### API + +#### Caching and `write=true` query strings + +Before performing any PUT or DELETE operation, npm clients first make a +GET request to the registry resource being updated, which includes +the query string `?write=true`. + +The semantics of this are, effectively, "I intend to write to this thing, +and need to know the latest current value, so that my write can land +cleanly". + +The public npm registry handles these `?write=true` requests by ensuring +that the cache is re-validated before sending a response. In order to +maintain the same behavior on the client, and not get tripped up by an +overeager local cache when we intend to write data to the registry, any +request that comes through `npm-registry-fetch` that contains `write=true` +in the query string will forcibly set the `prefer-online` option to `true`, +and set both `prefer-offline` and `offline` to false, so that any local +cached value will be revalidated. + +#### `> fetch(url, [opts]) -> Promise` + +Performs a request to a given URL. + +The URL can be either a full URL, or a path to one. The appropriate registry +will be automatically picked if only a URL path is given. + +For available options, please see the section on [`fetch` options](#fetch-opts). + +##### Example + +```javascript +const res = await fetch('/-/ping') +console.log(res.headers) +res.on('data', d => console.log(d.toString('utf8'))) +``` + +#### `> fetch.json(url, [opts]) -> Promise` + +Performs a request to a given registry URL, parses the body of the response as +JSON, and returns it as its final value. This is a utility shorthand for +`fetch(url).then(res => res.json())`. + +For available options, please see the section on [`fetch` options](#fetch-opts). + +##### Example + +```javascript +const res = await fetch.json('/-/ping') +console.log(res) // Body parsed as JSON +``` + +#### `> fetch.json.stream(url, jsonPath, [opts]) -> Stream` + +Performs a request to a given registry URL and parses the body of the response +as JSON, with each entry being emitted through the stream. + +The `jsonPath` argument is a [`JSONStream.parse()` +path](https://github.com/dominictarr/JSONStream#jsonstreamparsepath), and the +returned stream (unlike default `JSONStream`s), has a valid +`Symbol.asyncIterator` implementation. + +For available options, please see the section on [`fetch` options](#fetch-opts). + +##### Example + +```javascript +console.log('https://npm.im/~zkat has access to the following packages:') +for await (let {key, value} of fetch.json.stream('/-/user/zkat/package', '$*')) { + console.log(`https://npm.im/${key} (perms: ${value})`) +} +``` + +#### `fetch` Options + +Fetch options are optional, and can be passed in as either a Map-like object +(one with a `.get()` method), a plain javascript object, or a +[`figgy-pudding`](https://npm.im/figgy-pudding) instance. + +##### `opts.agent` + +* Type: http.Agent +* Default: an appropriate agent based on URL protocol and proxy settings + +An [`Agent`](https://nodejs.org/api/http.html#http_class_http_agent) instance to +be shared across requests. This allows multiple concurrent `fetch` requests to +happen on the same socket. + +You do _not_ need to provide this option unless you want something particularly +specialized, since proxy configurations and http/https agents are already +automatically managed internally when this option is not passed through. + +##### `opts.body` + +* Type: Buffer | Stream | Object +* Default: null + +Request body to send through the outgoing request. Buffers and Streams will be +passed through as-is, with a default `content-type` of +`application/octet-stream`. Plain JavaScript objects will be `JSON.stringify`ed +and the `content-type` will default to `application/json`. + +Use [`opts.headers`](#opts-headers) to set the content-type to something else. + +##### `opts.ca` + +* Type: String, Array, or null +* Default: null + +The Certificate Authority signing certificate that is trusted for SSL +connections to the registry. Values should be in PEM format (Windows calls it +"Base-64 encoded X.509 (.CER)") with newlines replaced by the string `'\n'`. For +example: + +``` +{ + ca: '-----BEGIN CERTIFICATE-----\nXXXX\nXXXX\n-----END CERTIFICATE-----' +} +``` + +Set to `null` to only allow "known" registrars, or to a specific CA cert +to trust only that specific signing authority. + +Multiple CAs can be trusted by specifying an array of certificates instead of a +single string. + +See also [`opts.strictSSL`](#opts-strictSSL), [`opts.ca`](#opts-ca) and +[`opts.key`](#opts-key) + +##### `opts.cache` + +* Type: path +* Default: null + +The location of the http cache directory. If provided, certain cachable requests +will be cached according to [IETF RFC 7234](https://tools.ietf.org/html/rfc7234) +rules. This will speed up future requests, as well as make the cached data +available offline if necessary/requested. + +See also [`offline`](#opts-offline), [`preferOffline`](#opts-preferOffline), +and [`preferOnline`](#opts-preferOnline). + +##### `opts.cert` + +* Type: String +* Default: null + +A client certificate to pass when accessing the registry. Values should be in +PEM format (Windows calls it "Base-64 encoded X.509 (.CER)") with newlines +replaced by the string `'\n'`. For example: + +``` +{ + cert: '-----BEGIN CERTIFICATE-----\nXXXX\nXXXX\n-----END CERTIFICATE-----' +} +``` + +It is _not_ the path to a certificate file (and there is no "certfile" option). + +See also: [`opts.ca`](#opts-ca) and [`opts.key`](#opts-key) + +##### `opts.fetchRetries` + +* Type: Number +* Default: 2 + +The "retries" config for [`retry`](https://npm.im/retry) to use when fetching +packages from the registry. + +See also [`opts.retry`](#opts-retry) to provide all retry options as a single +object. + +##### `opts.fetchRetryFactor` + +* Type: Number +* Default: 10 + +The "factor" config for [`retry`](https://npm.im/retry) to use when fetching +packages. + +See also [`opts.retry`](#opts-retry) to provide all retry options as a single +object. + +##### `opts.fetchRetryMintimeout` + +* Type: Number +* Default: 10000 (10 seconds) + +The "minTimeout" config for [`retry`](https://npm.im/retry) to use when fetching +packages. + +See also [`opts.retry`](#opts-retry) to provide all retry options as a single +object. + +##### `opts.fetchRetryMaxtimeout` + +* Type: Number +* Default: 60000 (1 minute) + +The "maxTimeout" config for [`retry`](https://npm.im/retry) to use when fetching +packages. + +See also [`opts.retry`](#opts-retry) to provide all retry options as a single +object. + +##### `opts.forceAuth` + +* Type: Object +* Default: null + +If present, other auth-related values in `opts` will be completely ignored, +including `alwaysAuth`, `email`, and `otp`, when calculating auth for a request, +and the auth details in `opts.forceAuth` will be used instead. + +##### `opts.gzip` + +* Type: Boolean +* Default: false + +If true, `npm-registry-fetch` will set the `Content-Encoding` header to `gzip` +and use `zlib.gzip()` or `zlib.createGzip()` to gzip-encode +[`opts.body`](#opts-body). + +##### `opts.headers` + +* Type: Object +* Default: null + +Additional headers for the outgoing request. This option can also be used to +override headers automatically generated by `npm-registry-fetch`, such as +`Content-Type`. + +##### `opts.ignoreBody` + +* Type: Boolean +* Default: false + +If true, the **response body** will be thrown away and `res.body` set to `null`. +This will prevent dangling response sockets for requests where you don't usually +care what the response body is. + +##### `opts.integrity` + +* Type: String | [SRI object](https://npm.im/ssri) +* Default: null + +If provided, the response body's will be verified against this integrity string, +using [`ssri`](https://npm.im/ssri). If verification succeeds, the response will +complete as normal. If verification fails, the response body will error with an +`EINTEGRITY` error. + +Body integrity is only verified if the body is actually consumed to completion -- +that is, if you use `res.json()`/`res.buffer()`, or if you consume the default +`res` stream data to its end. + +Cached data will have its integrity automatically verified using the +previously-generated integrity hash for the saved request information, so +`EINTEGRITY` errors can happen if [`opts.cache`](#opts-cache) is used, even if +`opts.integrity` is not passed in. + +##### `opts.isFromCI` + +* Type: Boolean +* Default: Based on environment variables + +This is used to populate the `npm-in-ci` request header sent to the registry. + +##### `opts.key` + +* Type: String +* Default: null + +A client key to pass when accessing the registry. Values should be in PEM +format with newlines replaced by the string `'\n'`. For example: + +``` +{ + key: '-----BEGIN PRIVATE KEY-----\nXXXX\nXXXX\n-----END PRIVATE KEY-----' +} +``` + +It is _not_ the path to a key file (and there is no "keyfile" option). + +See also: [`opts.ca`](#opts-ca) and [`opts.cert`](#opts-cert) + +##### `opts.localAddress` + +* Type: IP Address String +* Default: null + +The IP address of the local interface to use when making connections +to the registry. + +See also [`opts.proxy`](#opts-proxy) + +##### `opts.log` + +* Type: [`npmlog`](https://npm.im/npmlog)-like +* Default: null + +Logger object to use for logging operation details. Must have the same methods +as `npmlog`. + +##### `opts.mapJSON` + +* Type: Function +* Default: undefined + +When using `fetch.json.stream()` (NOT `fetch.json()`), this will be passed down +to [`JSONStream`](https://npm.im/JSONStream) as the second argument to +`JSONStream.parse`, and can be used to transform stream data before output. + +##### `opts.maxSockets` + +* Type: Integer +* Default: 12 + +Maximum number of sockets to keep open during requests. Has no effect if +[`opts.agent`](#opts-agent) is used. + +##### `opts.method` + +* Type: String +* Default: 'GET' + +HTTP method to use for the outgoing request. Case-insensitive. + +##### `opts.noproxy` + +* Type: Boolean +* Default: process.env.NOPROXY + +If true, proxying will be disabled even if [`opts.proxy`](#opts-proxy) is used. + +##### `opts.npmSession` + +* Type: String +* Default: null + +If provided, will be sent in the `npm-session` header. This header is used by +the npm registry to identify individual user sessions (usually individual +invocations of the CLI). + +##### `opts.npmCommand` + +* Type: String +* Default: null + +If provided, it will be sent in the `npm-command` header. This yeader is +used by the npm registry to identify the npm command that caused this +request to be made. + +##### `opts.offline` + +* Type: Boolean +* Default: false + +Force offline mode: no network requests will be done during install. To allow +`npm-registry-fetch` to fill in missing cache data, see +[`opts.preferOffline`](#opts-preferOffline). + +This option is only really useful if you're also using +[`opts.cache`](#opts-cache). + +This option is set to `true` when the request includes `write=true` in the +query string. + +##### `opts.otp` + +* Type: Number | String +* Default: null + +This is a one-time password from a two-factor authenticator. It is required for +certain registry interactions when two-factor auth is enabled for a user +account. + +##### `opts.password` + +* Alias: `_password` +* Type: String +* Default: null + +Password used for basic authentication. For the more modern authentication +method, please use the (more secure) [`opts.token`](#opts-token) + +Can optionally be scoped to a registry by using a "nerf dart" for that registry. +That is: + +``` +{ + '//registry.npmjs.org/:password': 't0k3nH34r' +} +``` + +See also [`opts.username`](#opts-username) + +##### `opts.preferOffline` + +* Type: Boolean +* Default: false + +If true, staleness checks for cached data will be bypassed, but missing data +will be requested from the server. To force full offline mode, use +[`opts.offline`](#opts-offline). + +This option is generally only useful if you're also using +[`opts.cache`](#opts-cache). + +This option is set to `false` when the request includes `write=true` in the +query string. + +##### `opts.preferOnline` + +* Type: Boolean +* Default: false + +If true, staleness checks for cached data will be forced, making the CLI look +for updates immediately even for fresh package data. + +This option is generally only useful if you're also using +[`opts.cache`](#opts-cache). + +This option is set to `true` when the request includes `write=true` in the +query string. + +##### `opts.projectScope` + +* Type: String +* Default: null + +If provided, will be sent in the `npm-scope` header. This header is used by the +npm registry to identify the toplevel package scope that a particular project +installation is using. + +##### `opts.proxy` + +* Type: url +* Default: null + +A proxy to use for outgoing http requests. If not passed in, the `HTTP(S)_PROXY` +environment variable will be used. + +##### `opts.query` + +* Type: String | Object +* Default: null + +If provided, the request URI will have a query string appended to it using this +query. If `opts.query` is an object, it will be converted to a query string +using +[`querystring.stringify()`](https://nodejs.org/api/querystring.html#querystring_querystring_stringify_obj_sep_eq_options). + +If the request URI already has a query string, it will be merged with +`opts.query`, preferring `opts.query` values. + +##### `opts.registry` + +* Type: URL +* Default: `'https://registry.npmjs.org'` + +Registry configuration for a request. If a request URL only includes the URL +path, this registry setting will be prepended. This configuration is also used +to determine authentication details, so even if the request URL references a +completely different host, `opts.registry` will be used to find the auth details +for that request. + +See also [`opts.scope`](#opts-scope), [`opts.spec`](#opts-spec), and +[`opts.:registry`](#opts-scope-registry) which can all affect the actual +registry URL used by the outgoing request. + +##### `opts.retry` + +* Type: Object +* Default: null + +Single-object configuration for request retry settings. If passed in, will +override individually-passed `fetch-retry-*` settings. + +##### `opts.scope` + +* Type: String +* Default: null + +Associate an operation with a scope for a scoped registry. This option can force +lookup of scope-specific registries and authentication. + +See also [`opts.:registry`](#opts-scope-registry) and +[`opts.spec`](#opts-spec) for interactions with this option. + +##### `opts.:registry` + +* Type: String +* Default: null + +This option type can be used to configure the registry used for requests +involving a particular scope. For example, `opts['@myscope:registry'] = +'https://scope-specific.registry/'` will make it so requests go out to this +registry instead of [`opts.registry`](#opts-registry) when +[`opts.scope`](#opts-scope) is used, or when [`opts.spec`](#opts-spec) is a +scoped package spec. + +The `@` before the scope name is optional, but recommended. + +##### `opts.spec` + +* Type: String | [`npm-registry-arg`](https://npm.im/npm-registry-arg) object. +* Default: null + +If provided, can be used to automatically configure [`opts.scope`](#opts-scope) +based on a specific package name. Non-registry package specs will throw an +error. + +##### `opts.strictSSL` + +* Type: Boolean +* Default: true + +Whether or not to do SSL key validation when making requests to the +registry via https. + +See also [`opts.ca`](#opts-ca). + +##### `opts.timeout` + +* Type: Milliseconds +* Default: 300000 (5 minutes) + +Time before a hanging request times out. + +##### `opts.token` + +* Alias: `opts._authToken` +* Type: String +* Default: null + +Authentication token string. + +Can be scoped to a registry by using a "nerf dart" for that registry. That is: + +``` +{ + '//registry.npmjs.org/:token': 't0k3nH34r' +} +``` + +##### `opts.userAgent` + +* Type: String +* Default: `'npm-registry-fetch@/node@+ ()'` + +User agent string to send in the `User-Agent` header. + +##### `opts.username` + +* Type: String +* Default: null + +Username used for basic authentication. For the more modern authentication +method, please use the (more secure) [`opts.token`](#opts-token) + +Can optionally be scoped to a registry by using a "nerf dart" for that registry. +That is: + +``` +{ + '//registry.npmjs.org/:username': 't0k3nH34r' +} +``` + +See also [`opts.password`](#opts-password) + +##### `opts._auth` + +* Type: String +* Default: null + +** DEPRECATED ** This is a legacy authentication token supported only for +compatibility. Please use [`opts.token`](#opts-token) instead. diff --git a/node_modules/libnpmaccess/node_modules/npm-registry-fetch/auth.js b/node_modules/libnpmaccess/node_modules/npm-registry-fetch/auth.js new file mode 100644 index 0000000000000..11c3bde6b4e6c --- /dev/null +++ b/node_modules/libnpmaccess/node_modules/npm-registry-fetch/auth.js @@ -0,0 +1,55 @@ +'use strict' + +const defaultOpts = require('./default-opts.js') +const url = require('url') + +module.exports = getAuth +function getAuth (registry, opts_ = {}) { + if (!registry) { throw new Error('registry is required') } + const opts = opts_.forceAuth ? opts_.forceAuth : { ...defaultOpts, ...opts_ } + const AUTH = {} + const regKey = registry && registryKey(registry) + const doKey = (key, alias) => addKey(opts, AUTH, regKey, key, alias) + doKey('token') + doKey('_authToken', 'token') + doKey('username') + doKey('password') + doKey('_password', 'password') + doKey('email') + doKey('_auth') + doKey('otp') + doKey('always-auth', 'alwaysAuth') + if (AUTH.password) { + AUTH.password = Buffer.from(AUTH.password, 'base64').toString('utf8') + } + if (AUTH._auth && !(AUTH.username && AUTH.password)) { + let auth = Buffer.from(AUTH._auth, 'base64').toString() + auth = auth.split(':') + AUTH.username = auth.shift() + AUTH.password = auth.join(':') + } + AUTH.alwaysAuth = AUTH.alwaysAuth === 'false' ? false : !!AUTH.alwaysAuth + return AUTH +} + +function addKey (opts, obj, scope, key, objKey) { + if (opts[key]) { + obj[objKey || key] = opts[key] + } + if (scope && opts[`${scope}:${key}`]) { + obj[objKey || key] = opts[`${scope}:${key}`] + } +} + +// Called a nerf dart in the main codebase. Used as a "safe" +// key when fetching registry info from config. +function registryKey (registry) { + const parsed = new url.URL(registry) + const formatted = url.format({ + protocol: parsed.protocol, + host: parsed.host, + pathname: parsed.pathname, + slashes: true + }) + return url.format(new url.URL('.', formatted)).replace(/^[^:]+:/, '') +} diff --git a/node_modules/libnpmaccess/node_modules/npm-registry-fetch/check-response.js b/node_modules/libnpmaccess/node_modules/npm-registry-fetch/check-response.js new file mode 100644 index 0000000000000..f151711f30160 --- /dev/null +++ b/node_modules/libnpmaccess/node_modules/npm-registry-fetch/check-response.js @@ -0,0 +1,128 @@ +'use strict' + +const errors = require('./errors.js') +const LRU = require('lru-cache') +const { Response } = require('minipass-fetch') +const defaultOpts = require('./default-opts.js') + +module.exports = checkResponse +function checkResponse (method, res, registry, startTime, opts_ = {}) { + const opts = { ...defaultOpts, ...opts_ } + if (res.headers.has('npm-notice') && !res.headers.has('x-local-cache')) { + opts.log.notice('', res.headers.get('npm-notice')) + } + checkWarnings(res, registry, opts) + if (res.status >= 400) { + logRequest(method, res, startTime, opts) + return checkErrors(method, res, startTime, opts) + } else { + res.body.on('end', () => logRequest(method, res, startTime, opts)) + if (opts.ignoreBody) { + res.body.resume() + return new Response(null, res) + } + return res + } +} + +function logRequest (method, res, startTime, opts) { + const elapsedTime = Date.now() - startTime + const attempt = res.headers.get('x-fetch-attempts') + const attemptStr = attempt && attempt > 1 ? ` attempt #${attempt}` : '' + const cacheStr = res.headers.get('x-local-cache') ? ' (from cache)' : '' + + let urlStr + try { + const { URL } = require('url') + const url = new URL(res.url) + if (url.password) { + url.password = '***' + } + urlStr = url.toString() + } catch (er) { + urlStr = res.url + } + + opts.log.http( + 'fetch', + `${method.toUpperCase()} ${res.status} ${urlStr} ${elapsedTime}ms${attemptStr}${cacheStr}` + ) +} + +const WARNING_REGEXP = /^\s*(\d{3})\s+(\S+)\s+"(.*)"\s+"([^"]+)"/ +const BAD_HOSTS = new LRU({ max: 50 }) + +function checkWarnings (res, registry, opts) { + if (res.headers.has('warning') && !BAD_HOSTS.has(registry)) { + const warnings = {} + // note: headers.raw() will preserve case, so we might have a + // key on the object like 'WaRnInG' if that was used first + for (const [key, value] of Object.entries(res.headers.raw())) { + if (key.toLowerCase() !== 'warning') { continue } + value.forEach(w => { + const match = w.match(WARNING_REGEXP) + if (match) { + warnings[match[1]] = { + code: match[1], + host: match[2], + message: match[3], + date: new Date(match[4]) + } + } + }) + } + BAD_HOSTS.set(registry, true) + if (warnings['199']) { + if (warnings['199'].message.match(/ENOTFOUND/)) { + opts.log.warn('registry', `Using stale data from ${registry} because the host is inaccessible -- are you offline?`) + } else { + opts.log.warn('registry', `Unexpected warning for ${registry}: ${warnings['199'].message}`) + } + } + if (warnings['111']) { + // 111 Revalidation failed -- we're using stale data + opts.log.warn( + 'registry', + `Using stale data from ${registry} due to a request error during revalidation.` + ) + } + } +} + +function checkErrors (method, res, startTime, opts) { + return res.buffer() + .catch(() => null) + .then(body => { + let parsed = body + try { + parsed = JSON.parse(body.toString('utf8')) + } catch (e) {} + if (res.status === 401 && res.headers.get('www-authenticate')) { + const auth = res.headers.get('www-authenticate') + .split(/,\s*/) + .map(s => s.toLowerCase()) + if (auth.indexOf('ipaddress') !== -1) { + throw new errors.HttpErrorAuthIPAddress( + method, res, parsed, opts.spec + ) + } else if (auth.indexOf('otp') !== -1) { + throw new errors.HttpErrorAuthOTP( + method, res, parsed, opts.spec + ) + } else { + throw new errors.HttpErrorAuthUnknown( + method, res, parsed, opts.spec + ) + } + } else if (res.status === 401 && body != null && /one-time pass/.test(body.toString('utf8'))) { + // Heuristic for malformed OTP responses that don't include the www-authenticate header. + throw new errors.HttpErrorAuthOTP( + method, res, parsed, opts.spec + ) + } else { + throw new errors.HttpErrorGeneral( + method, res, parsed, opts.spec + ) + } + }) +} diff --git a/node_modules/libnpmaccess/node_modules/npm-registry-fetch/default-opts.js b/node_modules/libnpmaccess/node_modules/npm-registry-fetch/default-opts.js new file mode 100644 index 0000000000000..b742fd5a5fcd4 --- /dev/null +++ b/node_modules/libnpmaccess/node_modules/npm-registry-fetch/default-opts.js @@ -0,0 +1,22 @@ +const pkg = require('./package.json') +const ciDetect = require('@npmcli/ci-detect') +module.exports = { + isFromCI: ciDetect(), + log: require('./silentlog.js'), + maxSockets: 12, + method: 'GET', + registry: 'https://registry.npmjs.org/', + timeout: 5 * 60 * 1000, // 5 minutes + strictSSL: true, + noProxy: process.env.NOPROXY, + userAgent: `${pkg.name + }@${ + pkg.version + }/node@${ + process.version + }+${ + process.arch + } (${ + process.platform + })` +} diff --git a/node_modules/libnpmaccess/node_modules/npm-registry-fetch/errors.js b/node_modules/libnpmaccess/node_modules/npm-registry-fetch/errors.js new file mode 100644 index 0000000000000..c41947e29952d --- /dev/null +++ b/node_modules/libnpmaccess/node_modules/npm-registry-fetch/errors.js @@ -0,0 +1,79 @@ +'use strict' + +const url = require('url') + +function packageName (href) { + try { + let basePath = new url.URL(href).pathname.substr(1) + if (!basePath.match(/^-/)) { + basePath = basePath.split('/') + var index = basePath.indexOf('_rewrite') + if (index === -1) { + index = basePath.length - 1 + } else { + index++ + } + return decodeURIComponent(basePath[index]) + } + } catch (_) { + // this is ok + } +} + +class HttpErrorBase extends Error { + constructor (method, res, body, spec) { + super() + this.headers = res.headers.raw() + this.statusCode = res.status + this.code = `E${res.status}` + this.method = method + this.uri = res.url + this.body = body + this.pkgid = spec ? spec.toString() : packageName(res.url) + } +} +module.exports.HttpErrorBase = HttpErrorBase + +class HttpErrorGeneral extends HttpErrorBase { + constructor (method, res, body, spec) { + super(method, res, body, spec) + this.message = `${res.status} ${res.statusText} - ${ + this.method.toUpperCase() + } ${ + this.spec || this.uri + }${ + (body && body.error) ? ' - ' + body.error : '' + }` + Error.captureStackTrace(this, HttpErrorGeneral) + } +} +module.exports.HttpErrorGeneral = HttpErrorGeneral + +class HttpErrorAuthOTP extends HttpErrorBase { + constructor (method, res, body, spec) { + super(method, res, body, spec) + this.message = 'OTP required for authentication' + this.code = 'EOTP' + Error.captureStackTrace(this, HttpErrorAuthOTP) + } +} +module.exports.HttpErrorAuthOTP = HttpErrorAuthOTP + +class HttpErrorAuthIPAddress extends HttpErrorBase { + constructor (method, res, body, spec) { + super(method, res, body, spec) + this.message = 'Login is not allowed from your IP address' + this.code = 'EAUTHIP' + Error.captureStackTrace(this, HttpErrorAuthIPAddress) + } +} +module.exports.HttpErrorAuthIPAddress = HttpErrorAuthIPAddress + +class HttpErrorAuthUnknown extends HttpErrorBase { + constructor (method, res, body, spec) { + super(method, res, body, spec) + this.message = 'Unable to authenticate, need: ' + res.headers.get('www-authenticate') + Error.captureStackTrace(this, HttpErrorAuthUnknown) + } +} +module.exports.HttpErrorAuthUnknown = HttpErrorAuthUnknown diff --git a/node_modules/libnpmaccess/node_modules/npm-registry-fetch/index.js b/node_modules/libnpmaccess/node_modules/npm-registry-fetch/index.js new file mode 100644 index 0000000000000..2324e7fbfd00b --- /dev/null +++ b/node_modules/libnpmaccess/node_modules/npm-registry-fetch/index.js @@ -0,0 +1,219 @@ +'use strict' + +const checkResponse = require('./check-response.js') +const getAuth = require('./auth.js') +const fetch = require('make-fetch-happen') +const JSONStream = require('minipass-json-stream') +const npa = require('npm-package-arg') +const qs = require('querystring') +const url = require('url') +const zlib = require('minizlib') +const Minipass = require('minipass') + +const defaultOpts = require('./default-opts.js') + +// WhatWG URL throws if it's not fully resolved +const urlIsValid = u => { + try { + return !!new url.URL(u) + } catch (_) { + return false + } +} + +module.exports = regFetch +function regFetch (uri, /* istanbul ignore next */ opts_ = {}) { + const opts = { + ...defaultOpts, + ...opts_ + } + const registry = opts.registry = ( + (opts.spec && pickRegistry(opts.spec, opts)) || + (opts.publishConfig && opts.publishConfig.registry) || + opts.registry || + /* istanbul ignore next */ + 'https://registry.npmjs.org/' + ) + + if (!urlIsValid(uri)) { + uri = `${ + registry.trim().replace(/\/?$/g, '') + }/${ + uri.trim().replace(/^\//, '') + }` + } + + const method = opts.method || 'GET' + + // through that takes into account the scope, the prefix of `uri`, etc + const startTime = Date.now() + const headers = getHeaders(registry, uri, opts) + let body = opts.body + const bodyIsStream = Minipass.isStream(body) + const bodyIsPromise = body && + typeof body === 'object' && + typeof body.then === 'function' + + if (body && !bodyIsStream && !bodyIsPromise && typeof body !== 'string' && !Buffer.isBuffer(body)) { + headers['content-type'] = headers['content-type'] || 'application/json' + body = JSON.stringify(body) + } else if (body && !headers['content-type']) { + headers['content-type'] = 'application/octet-stream' + } + + if (opts.gzip) { + headers['content-encoding'] = 'gzip' + if (bodyIsStream) { + const gz = new zlib.Gzip() + body.on('error', /* istanbul ignore next: unlikely and hard to test */ + err => gz.emit('error', err)) + body = body.pipe(gz) + } else if (!bodyIsPromise) { + body = new zlib.Gzip().end(body).concat() + } + } + + const parsed = new url.URL(uri) + + if (opts.query) { + const q = typeof opts.query === 'string' + ? qs.parse(opts.query) + : opts.query + + Object.keys(q).forEach(key => { + if (q[key] !== undefined) { + parsed.searchParams.set(key, q[key]) + } + }) + uri = url.format(parsed) + } + + if (parsed.searchParams.get('write') === 'true' && method === 'GET') { + // do not cache, because this GET is fetching a rev that will be + // used for a subsequent PUT or DELETE, so we need to conditionally + // update cache. + opts.offline = false + opts.preferOffline = false + opts.preferOnline = true + } + + const doFetch = (body) => fetch(uri, { + agent: opts.agent, + algorithms: opts.algorithms, + body, + cache: getCacheMode(opts), + cacheManager: opts.cache, + ca: opts.ca, + cert: opts.cert, + headers, + integrity: opts.integrity, + key: opts.key, + localAddress: opts.localAddress, + maxSockets: opts.maxSockets, + memoize: opts.memoize, + method: method, + noProxy: opts.noProxy, + proxy: opts.httpsProxy || opts.proxy, + retry: opts.retry ? opts.retry : { + retries: opts.fetchRetries, + factor: opts.fetchRetryFactor, + minTimeout: opts.fetchRetryMintimeout, + maxTimeout: opts.fetchRetryMaxtimeout + }, + strictSSL: opts.strictSSL, + timeout: opts.timeout || 30 * 1000 + }).then(res => checkResponse( + method, res, registry, startTime, opts + )) + + return Promise.resolve(body).then(doFetch) +} + +module.exports.json = fetchJSON +function fetchJSON (uri, opts) { + return regFetch(uri, opts).then(res => res.json()) +} + +module.exports.json.stream = fetchJSONStream +function fetchJSONStream (uri, jsonPath, /* istanbul ignore next */ opts_ = {}) { + const opts = { ...defaultOpts, ...opts_ } + const parser = JSONStream.parse(jsonPath, opts.mapJSON) + regFetch(uri, opts).then(res => + res.body.on('error', + /* istanbul ignore next: unlikely and difficult to test */ + er => parser.emit('error', er)).pipe(parser) + ).catch(er => parser.emit('error', er)) + return parser +} + +module.exports.pickRegistry = pickRegistry +function pickRegistry (spec, opts = {}) { + spec = npa(spec) + let registry = spec.scope && + opts[spec.scope.replace(/^@?/, '@') + ':registry'] + + if (!registry && opts.scope) { + registry = opts[opts.scope.replace(/^@?/, '@') + ':registry'] + } + + if (!registry && opts.publishConfig) { + registry = opts.publishConfig.registry + } + + if (!registry) { + registry = opts.registry || 'https://registry.npmjs.org/' + } + + return registry +} + +function getCacheMode (opts) { + return opts.offline + ? 'only-if-cached' + : opts.preferOffline + ? 'force-cache' + : opts.preferOnline + ? 'no-cache' + : 'default' +} + +function getHeaders (registry, uri, opts) { + const headers = Object.assign({ + 'npm-in-ci': !!opts.isFromCI, + 'user-agent': opts.userAgent + }, opts.headers || {}) + + if (opts.projectScope) { + headers['npm-scope'] = opts.projectScope + } + + if (opts.npmSession) { + headers['npm-session'] = opts.npmSession + } + + if (opts.npmCommand) { + headers['npm-command'] = opts.npmCommand + } + + const auth = getAuth(registry, opts) + // If a tarball is hosted on a different place than the manifest, only send + // credentials on `alwaysAuth` + const shouldAuth = ( + auth.alwaysAuth || + new url.URL(uri).host === new url.URL(registry).host + ) + if (shouldAuth && auth.token) { + headers.authorization = `Bearer ${auth.token}` + } else if (shouldAuth && auth.username && auth.password) { + const encoded = Buffer.from( + `${auth.username}:${auth.password}`, 'utf8' + ).toString('base64') + headers.authorization = `Basic ${encoded}` + } else if (shouldAuth && auth._auth) { + headers.authorization = `Basic ${auth._auth}` + } + if (shouldAuth && auth.otp) { + headers['npm-otp'] = auth.otp + } + return headers +} diff --git a/node_modules/libnpmaccess/node_modules/npm-registry-fetch/package.json b/node_modules/libnpmaccess/node_modules/npm-registry-fetch/package.json new file mode 100644 index 0000000000000..5aeddc5b39102 --- /dev/null +++ b/node_modules/libnpmaccess/node_modules/npm-registry-fetch/package.json @@ -0,0 +1,59 @@ +{ + "name": "npm-registry-fetch", + "version": "8.1.5", + "description": "Fetch-based http client for use with npm registry APIs", + "main": "index.js", + "files": [ + "*.js", + "lib" + ], + "scripts": { + "postrelease": "npm publish", + "posttest": "standard", + "prepublishOnly": "git push --follow-tags", + "prerelease": "npm t", + "release": "standard-version -s", + "test": "tap" + }, + "repository": "https://github.com/npm/registry-fetch", + "keywords": [ + "npm", + "registry", + "fetch" + ], + "author": { + "name": "Kat Marchán", + "email": "kzm@sykosomatic.org", + "twitter": "maybekatz" + }, + "license": "ISC", + "dependencies": { + "@npmcli/ci-detect": "^1.0.0", + "lru-cache": "^6.0.0", + "make-fetch-happen": "^8.0.9", + "minipass": "^3.1.3", + "minipass-fetch": "^1.3.0", + "minipass-json-stream": "^1.0.1", + "minizlib": "^2.0.0", + "npm-package-arg": "^8.0.0" + }, + "devDependencies": { + "cacache": "^15.0.0", + "mkdirp": "^0.5.1", + "nock": "^11.7.0", + "npmlog": "^4.1.2", + "require-inject": "^1.4.4", + "rimraf": "^2.6.2", + "ssri": "^8.0.0", + "standard": "^14.3.3", + "standard-version": "^7.1.0", + "tap": "^14.10.7" + }, + "tap": { + "check-coverage": true, + "test-ignore": "test[\\\\/](util|cache)[\\\\/]" + }, + "engines": { + "node": ">=10" + } +} diff --git a/node_modules/libnpmaccess/node_modules/npm-registry-fetch/silentlog.js b/node_modules/libnpmaccess/node_modules/npm-registry-fetch/silentlog.js new file mode 100644 index 0000000000000..886c5d55b2dbb --- /dev/null +++ b/node_modules/libnpmaccess/node_modules/npm-registry-fetch/silentlog.js @@ -0,0 +1,14 @@ +'use strict' + +const noop = Function.prototype +module.exports = { + error: noop, + warn: noop, + notice: noop, + info: noop, + verbose: noop, + silly: noop, + http: noop, + pause: noop, + resume: noop +} diff --git a/node_modules/libnpmhook/node_modules/npm-registry-fetch/CHANGELOG.md b/node_modules/libnpmhook/node_modules/npm-registry-fetch/CHANGELOG.md new file mode 100644 index 0000000000000..fc26ee1bda4ba --- /dev/null +++ b/node_modules/libnpmhook/node_modules/npm-registry-fetch/CHANGELOG.md @@ -0,0 +1,384 @@ +# Changelog + +All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines. + +### [8.1.5](https://github.com/npm/registry-fetch/compare/v8.1.4...v8.1.5) (2020-10-12) + + +### Bug Fixes + +* respect publishConfig.registry when specified ([32e36ef](https://github.com/npm/registry-fetch/commit/32e36efe86302ed319973cd5b1e6ccc3f62e557e)), closes [#35](https://github.com/npm/registry-fetch/issues/35) + +### [8.1.4](https://github.com/npm/registry-fetch/compare/v8.1.3...v8.1.4) (2020-08-17) + + +### Bug Fixes + +* redact passwords from http logs ([3c294eb](https://github.com/npm/registry-fetch/commit/3c294ebbd7821725db4ff1bc5fe368c49613efcc)) + +### [8.1.3](https://github.com/npm/registry-fetch/compare/v8.1.2...v8.1.3) (2020-07-21) + +### [8.1.2](https://github.com/npm/registry-fetch/compare/v8.1.1...v8.1.2) (2020-07-11) + +### [8.1.1](https://github.com/npm/registry-fetch/compare/v8.1.0...v8.1.1) (2020-06-30) + +## [8.1.0](https://github.com/npm/registry-fetch/compare/v8.0.3...v8.1.0) (2020-05-20) + + +### Features + +* add npm-command HTTP header ([1bb4eb2](https://github.com/npm/registry-fetch/commit/1bb4eb2c66ee8a0dc62558bdcff1b548e2bb9820)) + +### [8.0.3](https://github.com/npm/registry-fetch/compare/v8.0.2...v8.0.3) (2020-05-13) + + +### Bug Fixes + +* update minipass and make-fetch-happen to latest ([3b6c5d0](https://github.com/npm/registry-fetch/commit/3b6c5d0d8ccd4c4a97862a65acef956f19aec127)), closes [#23](https://github.com/npm/registry-fetch/issues/23) + +### [8.0.2](https://github.com/npm/registry-fetch/compare/v8.0.1...v8.0.2) (2020-05-04) + + +### Bug Fixes + +* update make-fetch-happen to 8.0.6 ([226df2c](https://github.com/npm/registry-fetch/commit/226df2c32e3f9ed8ceefcfdbd11efb178181b442)) + +## [8.0.0](https://github.com/npm/registry-fetch/compare/v7.0.1...v8.0.0) (2020-02-24) + + +### ⚠ BREAKING CHANGES + +* Removes the 'opts.refer' option and the HTTP Referer +header (unless explicitly added to the 'headers' option, of course). + +PR-URL: https://github.com/npm/npm-registry-fetch/pull/25 +Credit: @isaacs + +### Bug Fixes + +* remove referer header and opts.refer ([eb8f7af](https://github.com/npm/registry-fetch/commit/eb8f7af3c102834856604c1be664b00ca0fe8ef2)), closes [#25](https://github.com/npm/registry-fetch/issues/25) + +### [7.0.1](https://github.com/npm/registry-fetch/compare/v7.0.0...v7.0.1) (2020-02-24) + +## [7.0.0](https://github.com/npm/registry-fetch/compare/v6.0.2...v7.0.0) (2020-02-18) + + +### ⚠ BREAKING CHANGES + +* figgy pudding is now nowhere to be found. +* this removes figgy-pudding, and drops several option +aliases. + +Defaults and behavior are all the same, and this module is now using the +canonical camelCase option names that npm v7 will provide to all its +deps. + +Related to: https://github.com/npm/rfcs/pull/102 + +PR-URL: https://github.com/npm/npm-registry-fetch/pull/22 +Credit: @isaacs + +### Bug Fixes + +* Remove figgy-pudding, use canonical option names ([ede3c08](https://github.com/npm/registry-fetch/commit/ede3c087007fd1808e02b1af70562220d03b18a9)), closes [#22](https://github.com/npm/registry-fetch/issues/22) + + +* update cacache, ssri, make-fetch-happen ([57fcc88](https://github.com/npm/registry-fetch/commit/57fcc889bee03edcc0a2025d96a171039108c231)) + +### [6.0.2](https://github.com/npm/registry-fetch/compare/v6.0.1...v6.0.2) (2020-02-14) + + +### Bug Fixes + +* always bypass cache when ?write=true ([83f89f3](https://github.com/npm/registry-fetch/commit/83f89f35abd2ed0507c869e37f90ed746375772c)) + +### [6.0.1](https://github.com/npm/registry-fetch/compare/v6.0.0...v6.0.1) (2020-02-14) + + +### Bug Fixes + +* use 30s default for timeout as per README ([50e8afc](https://github.com/npm/registry-fetch/commit/50e8afc6ff850542feb588f9f9c64ebae59e72a0)), closes [#20](https://github.com/npm/registry-fetch/issues/20) + +## [6.0.0](https://github.com/npm/registry-fetch/compare/v5.0.1...v6.0.0) (2019-12-17) + + +### ⚠ BREAKING CHANGES + +* This drops support for node < 10. + +There are some lint failures due to standard pushing for using WhatWG URL +objects instead of url.parse/url.resolve. However, the code in this lib +does some fancy things with the query/search portions of the parsed url +object, so it'll take a bit of care to make it work properly. + +### Bug Fixes + +* detect CI so our tests don't fail in CI ([5813da6](https://github.com/npm/registry-fetch/commit/5813da634cef73b12e40373972d7937e6934fce0)) +* Use WhatWG URLs instead of url.parse ([8ccfa8a](https://github.com/npm/registry-fetch/commit/8ccfa8a72c38cfedb0f525b7f453644fd4444f99)) + + +* normalize settings, drop old nodes, update deps ([510b125](https://github.com/npm/registry-fetch/commit/510b1255cc7ed4bb397a34e0007757dae33e2275)) + + +## [5.0.1](https://github.com/npm/registry-fetch/compare/v5.0.0...v5.0.1) (2019-11-11) + + + + +# [5.0.0](https://github.com/npm/registry-fetch/compare/v4.0.2...v5.0.0) (2019-10-04) + + +### Bug Fixes + +* prefer const in getAuth function ([90ac7b1](https://github.com/npm/registry-fetch/commit/90ac7b1)) +* use minizlib instead of core zlib ([e64702e](https://github.com/npm/registry-fetch/commit/e64702e)) + + +### Features + +* refactor to use Minipass streams ([bb37f20](https://github.com/npm/registry-fetch/commit/bb37f20)) + + +### BREAKING CHANGES + +* this replaces all core streams (except for some +PassThrough streams in a few tests) with Minipass streams, and updates +all deps to the latest and greatest Minipass versions of things. + + + + +## [4.0.2](https://github.com/npm/registry-fetch/compare/v4.0.0...v4.0.2) (2019-10-04) + + +### Bug Fixes + +* Add null check on body on 401 errors ([e3a0186](https://github.com/npm/registry-fetch/commit/e3a0186)), closes [#9](https://github.com/npm/registry-fetch/issues/9) +* **deps:** Add explicit dependency on safe-buffer ([8eae5f0](https://github.com/npm/registry-fetch/commit/8eae5f0)), closes [npm/libnpmaccess#2](https://github.com/npm/libnpmaccess/issues/2) [#3](https://github.com/npm/registry-fetch/issues/3) + + + + +# [4.0.0](https://github.com/npm/registry-fetch/compare/v3.9.1...v4.0.0) (2019-07-15) + + +* cacache@12.0.0, infer uid from cache folder ([0c4f060](https://github.com/npm/registry-fetch/commit/0c4f060)) + + +### BREAKING CHANGES + +* uid and gid are inferred from cache folder, rather than +being passed in as options. + + + + +## [3.9.1](https://github.com/npm/registry-fetch/compare/v3.9.0...v3.9.1) (2019-07-02) + + + + +# [3.9.0](https://github.com/npm/registry-fetch/compare/v3.8.0...v3.9.0) (2019-01-24) + + +### Features + +* **auth:** support username:password encoded legacy _auth ([a91f90c](https://github.com/npm/registry-fetch/commit/a91f90c)) + + + + +# [3.8.0](https://github.com/npm/registry-fetch/compare/v3.7.0...v3.8.0) (2018-08-23) + + +### Features + +* **mapJson:** add support for passing in json stream mapper ([0600986](https://github.com/npm/registry-fetch/commit/0600986)) + + + + +# [3.7.0](https://github.com/npm/registry-fetch/compare/v3.6.0...v3.7.0) (2018-08-23) + + +### Features + +* **json.stream:** add utility function for streamed JSON parsing ([051d969](https://github.com/npm/registry-fetch/commit/051d969)) + + + + +# [3.6.0](https://github.com/npm/registry-fetch/compare/v3.5.0...v3.6.0) (2018-08-22) + + +### Bug Fixes + +* **docs:** document opts.forceAuth ([40bcd65](https://github.com/npm/registry-fetch/commit/40bcd65)) + + +### Features + +* **opts.ignoreBody:** add a boolean to throw away response bodies ([6923702](https://github.com/npm/registry-fetch/commit/6923702)) + + + + +# [3.5.0](https://github.com/npm/registry-fetch/compare/v3.4.0...v3.5.0) (2018-08-22) + + +### Features + +* **pkgid:** heuristic pkgid calculation for errors ([2e789a5](https://github.com/npm/registry-fetch/commit/2e789a5)) + + + + +# [3.4.0](https://github.com/npm/registry-fetch/compare/v3.3.0...v3.4.0) (2018-08-22) + + +### Bug Fixes + +* **deps:** use new figgy-pudding with aliases fix ([0308f54](https://github.com/npm/registry-fetch/commit/0308f54)) + + +### Features + +* **auth:** add forceAuth option to force a specific auth mechanism ([4524d17](https://github.com/npm/registry-fetch/commit/4524d17)) + + + + +# [3.3.0](https://github.com/npm/registry-fetch/compare/v3.2.1...v3.3.0) (2018-08-21) + + +### Bug Fixes + +* **query:** stop including undefined keys ([4718b1b](https://github.com/npm/registry-fetch/commit/4718b1b)) + + +### Features + +* **otp:** use heuristic detection for malformed EOTP responses ([f035194](https://github.com/npm/registry-fetch/commit/f035194)) + + + + +## [3.2.1](https://github.com/npm/registry-fetch/compare/v3.2.0...v3.2.1) (2018-08-16) + + +### Bug Fixes + +* **opts:** pass through non-null opts.retry ([beba040](https://github.com/npm/registry-fetch/commit/beba040)) + + + + +# [3.2.0](https://github.com/npm/registry-fetch/compare/v3.1.1...v3.2.0) (2018-07-27) + + +### Features + +* **gzip:** add opts.gzip convenience opt ([340abe0](https://github.com/npm/registry-fetch/commit/340abe0)) + + + + +## [3.1.1](https://github.com/npm/registry-fetch/compare/v3.1.0...v3.1.1) (2018-04-09) + + + + +# [3.1.0](https://github.com/npm/registry-fetch/compare/v3.0.0...v3.1.0) (2018-04-09) + + +### Features + +* **config:** support no-proxy and https-proxy options ([9aa906b](https://github.com/npm/registry-fetch/commit/9aa906b)) + + + + +# [3.0.0](https://github.com/npm/registry-fetch/compare/v2.1.0...v3.0.0) (2018-04-09) + + +### Bug Fixes + +* **api:** pacote integration-related fixes ([a29de4f](https://github.com/npm/registry-fetch/commit/a29de4f)) +* **config:** stop caring about opts.config ([5856a6f](https://github.com/npm/registry-fetch/commit/5856a6f)) + + +### BREAKING CHANGES + +* **config:** opts.config is no longer supported. Pass the options down in opts itself. + + + + +# [2.1.0](https://github.com/npm/registry-fetch/compare/v2.0.0...v2.1.0) (2018-04-08) + + +### Features + +* **token:** accept opts.token for opts._authToken ([108c9f0](https://github.com/npm/registry-fetch/commit/108c9f0)) + + + + +# [2.0.0](https://github.com/npm/registry-fetch/compare/v1.1.1...v2.0.0) (2018-04-08) + + +### meta + +* drop support for node@4 ([758536e](https://github.com/npm/registry-fetch/commit/758536e)) + + +### BREAKING CHANGES + +* node@4 is no longer supported + + + + +## [1.1.1](https://github.com/npm/registry-fetch/compare/v1.1.0...v1.1.1) (2018-04-06) + + + + +# [1.1.0](https://github.com/npm/registry-fetch/compare/v1.0.1...v1.1.0) (2018-03-16) + + +### Features + +* **specs:** can use opts.spec to trigger pickManifest ([85c4ac9](https://github.com/npm/registry-fetch/commit/85c4ac9)) + + + + +## [1.0.1](https://github.com/npm/registry-fetch/compare/v1.0.0...v1.0.1) (2018-03-16) + + +### Bug Fixes + +* **query:** oops console.log ([870e4f5](https://github.com/npm/registry-fetch/commit/870e4f5)) + + + + +# 1.0.0 (2018-03-16) + + +### Bug Fixes + +* **auth:** get auth working with all the little details ([84b94ba](https://github.com/npm/registry-fetch/commit/84b94ba)) +* **deps:** add bluebird as an actual dep ([1286e31](https://github.com/npm/registry-fetch/commit/1286e31)) +* **errors:** Unknown auth errors use default code ([#1](https://github.com/npm/registry-fetch/issues/1)) ([3d91b93](https://github.com/npm/registry-fetch/commit/3d91b93)) +* **standard:** remove args from invocation ([9620a0a](https://github.com/npm/registry-fetch/commit/9620a0a)) + + +### Features + +* **api:** baseline kinda-working API impl ([bf91f9f](https://github.com/npm/registry-fetch/commit/bf91f9f)) +* **body:** automatic handling of different opts.body values ([f3b97db](https://github.com/npm/registry-fetch/commit/f3b97db)) +* **config:** nicer input config input handling ([b9ce21d](https://github.com/npm/registry-fetch/commit/b9ce21d)) +* **opts:** use figgy-pudding for opts handling ([0abd527](https://github.com/npm/registry-fetch/commit/0abd527)) +* **query:** add query utility support ([65ea8b1](https://github.com/npm/registry-fetch/commit/65ea8b1)) diff --git a/node_modules/libnpmhook/node_modules/npm-registry-fetch/LICENSE.md b/node_modules/libnpmhook/node_modules/npm-registry-fetch/LICENSE.md new file mode 100644 index 0000000000000..8d28acf866d93 --- /dev/null +++ b/node_modules/libnpmhook/node_modules/npm-registry-fetch/LICENSE.md @@ -0,0 +1,16 @@ +ISC License + +Copyright (c) npm, Inc. + +Permission to use, copy, modify, and/or distribute this software for +any purpose with or without fee is hereby granted, provided that the +above copyright notice and this permission notice appear in all copies. + +THE SOFTWARE IS PROVIDED "AS IS" AND THE COPYRIGHT HOLDER DISCLAIMS +ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE +COPYRIGHT HOLDER BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR +CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS +OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE +USE OR PERFORMANCE OF THIS SOFTWARE. diff --git a/node_modules/libnpmhook/node_modules/npm-registry-fetch/README.md b/node_modules/libnpmhook/node_modules/npm-registry-fetch/README.md new file mode 100644 index 0000000000000..e660940e30dc4 --- /dev/null +++ b/node_modules/libnpmhook/node_modules/npm-registry-fetch/README.md @@ -0,0 +1,635 @@ +# npm-registry-fetch + +[![npm version](https://img.shields.io/npm/v/npm-registry-fetch.svg)](https://npm.im/npm-registry-fetch) +[![license](https://img.shields.io/npm/l/npm-registry-fetch.svg)](https://npm.im/npm-registry-fetch) +[![Travis](https://img.shields.io/travis/npm/npm-registry-fetch/latest.svg)](https://travis-ci.org/npm/npm-registry-fetch) +[![AppVeyor](https://img.shields.io/appveyor/ci/npm/npm-registry-fetch/latest.svg)](https://ci.appveyor.com/project/npm/npm-registry-fetch) +[![Coverage Status](https://coveralls.io/repos/github/npm/npm-registry-fetch/badge.svg?branch=latest)](https://coveralls.io/github/npm/npm-registry-fetch?branch=latest) + +[`npm-registry-fetch`](https://github.com/npm/npm-registry-fetch) is a Node.js +library that implements a `fetch`-like API for accessing npm registry APIs +consistently. It's able to consume npm-style configuration values and has all +the necessary logic for picking registries, handling scopes, and dealing with +authentication details built-in. + +This package is meant to replace the older +[`npm-registry-client`](https://npm.im/npm-registry-client). + +## Example + +```javascript +const npmFetch = require('npm-registry-fetch') + +console.log( + await npmFetch.json('/-/ping') +) +``` + +## Table of Contents + +* [Installing](#install) +* [Example](#example) +* [Contributing](#contributing) +* [API](#api) + * [`fetch`](#fetch) + * [`fetch.json`](#fetch-json) + * [`fetch` options](#fetch-opts) + +### Install + +`$ npm install npm-registry-fetch` + +### Contributing + +The npm team enthusiastically welcomes contributions and project participation! +There's a bunch of things you can do if you want to contribute! The [Contributor +Guide](CONTRIBUTING.md) has all the information you need for everything from +reporting bugs to contributing entire new features. Please don't hesitate to +jump in if you'd like to, or even ask us questions if something isn't clear. + +All participants and maintainers in this project are expected to follow [Code of +Conduct](CODE_OF_CONDUCT.md), and just generally be excellent to each other. + +Please refer to the [Changelog](CHANGELOG.md) for project history details, too. + +Happy hacking! + +### API + +#### Caching and `write=true` query strings + +Before performing any PUT or DELETE operation, npm clients first make a +GET request to the registry resource being updated, which includes +the query string `?write=true`. + +The semantics of this are, effectively, "I intend to write to this thing, +and need to know the latest current value, so that my write can land +cleanly". + +The public npm registry handles these `?write=true` requests by ensuring +that the cache is re-validated before sending a response. In order to +maintain the same behavior on the client, and not get tripped up by an +overeager local cache when we intend to write data to the registry, any +request that comes through `npm-registry-fetch` that contains `write=true` +in the query string will forcibly set the `prefer-online` option to `true`, +and set both `prefer-offline` and `offline` to false, so that any local +cached value will be revalidated. + +#### `> fetch(url, [opts]) -> Promise` + +Performs a request to a given URL. + +The URL can be either a full URL, or a path to one. The appropriate registry +will be automatically picked if only a URL path is given. + +For available options, please see the section on [`fetch` options](#fetch-opts). + +##### Example + +```javascript +const res = await fetch('/-/ping') +console.log(res.headers) +res.on('data', d => console.log(d.toString('utf8'))) +``` + +#### `> fetch.json(url, [opts]) -> Promise` + +Performs a request to a given registry URL, parses the body of the response as +JSON, and returns it as its final value. This is a utility shorthand for +`fetch(url).then(res => res.json())`. + +For available options, please see the section on [`fetch` options](#fetch-opts). + +##### Example + +```javascript +const res = await fetch.json('/-/ping') +console.log(res) // Body parsed as JSON +``` + +#### `> fetch.json.stream(url, jsonPath, [opts]) -> Stream` + +Performs a request to a given registry URL and parses the body of the response +as JSON, with each entry being emitted through the stream. + +The `jsonPath` argument is a [`JSONStream.parse()` +path](https://github.com/dominictarr/JSONStream#jsonstreamparsepath), and the +returned stream (unlike default `JSONStream`s), has a valid +`Symbol.asyncIterator` implementation. + +For available options, please see the section on [`fetch` options](#fetch-opts). + +##### Example + +```javascript +console.log('https://npm.im/~zkat has access to the following packages:') +for await (let {key, value} of fetch.json.stream('/-/user/zkat/package', '$*')) { + console.log(`https://npm.im/${key} (perms: ${value})`) +} +``` + +#### `fetch` Options + +Fetch options are optional, and can be passed in as either a Map-like object +(one with a `.get()` method), a plain javascript object, or a +[`figgy-pudding`](https://npm.im/figgy-pudding) instance. + +##### `opts.agent` + +* Type: http.Agent +* Default: an appropriate agent based on URL protocol and proxy settings + +An [`Agent`](https://nodejs.org/api/http.html#http_class_http_agent) instance to +be shared across requests. This allows multiple concurrent `fetch` requests to +happen on the same socket. + +You do _not_ need to provide this option unless you want something particularly +specialized, since proxy configurations and http/https agents are already +automatically managed internally when this option is not passed through. + +##### `opts.body` + +* Type: Buffer | Stream | Object +* Default: null + +Request body to send through the outgoing request. Buffers and Streams will be +passed through as-is, with a default `content-type` of +`application/octet-stream`. Plain JavaScript objects will be `JSON.stringify`ed +and the `content-type` will default to `application/json`. + +Use [`opts.headers`](#opts-headers) to set the content-type to something else. + +##### `opts.ca` + +* Type: String, Array, or null +* Default: null + +The Certificate Authority signing certificate that is trusted for SSL +connections to the registry. Values should be in PEM format (Windows calls it +"Base-64 encoded X.509 (.CER)") with newlines replaced by the string `'\n'`. For +example: + +``` +{ + ca: '-----BEGIN CERTIFICATE-----\nXXXX\nXXXX\n-----END CERTIFICATE-----' +} +``` + +Set to `null` to only allow "known" registrars, or to a specific CA cert +to trust only that specific signing authority. + +Multiple CAs can be trusted by specifying an array of certificates instead of a +single string. + +See also [`opts.strictSSL`](#opts-strictSSL), [`opts.ca`](#opts-ca) and +[`opts.key`](#opts-key) + +##### `opts.cache` + +* Type: path +* Default: null + +The location of the http cache directory. If provided, certain cachable requests +will be cached according to [IETF RFC 7234](https://tools.ietf.org/html/rfc7234) +rules. This will speed up future requests, as well as make the cached data +available offline if necessary/requested. + +See also [`offline`](#opts-offline), [`preferOffline`](#opts-preferOffline), +and [`preferOnline`](#opts-preferOnline). + +##### `opts.cert` + +* Type: String +* Default: null + +A client certificate to pass when accessing the registry. Values should be in +PEM format (Windows calls it "Base-64 encoded X.509 (.CER)") with newlines +replaced by the string `'\n'`. For example: + +``` +{ + cert: '-----BEGIN CERTIFICATE-----\nXXXX\nXXXX\n-----END CERTIFICATE-----' +} +``` + +It is _not_ the path to a certificate file (and there is no "certfile" option). + +See also: [`opts.ca`](#opts-ca) and [`opts.key`](#opts-key) + +##### `opts.fetchRetries` + +* Type: Number +* Default: 2 + +The "retries" config for [`retry`](https://npm.im/retry) to use when fetching +packages from the registry. + +See also [`opts.retry`](#opts-retry) to provide all retry options as a single +object. + +##### `opts.fetchRetryFactor` + +* Type: Number +* Default: 10 + +The "factor" config for [`retry`](https://npm.im/retry) to use when fetching +packages. + +See also [`opts.retry`](#opts-retry) to provide all retry options as a single +object. + +##### `opts.fetchRetryMintimeout` + +* Type: Number +* Default: 10000 (10 seconds) + +The "minTimeout" config for [`retry`](https://npm.im/retry) to use when fetching +packages. + +See also [`opts.retry`](#opts-retry) to provide all retry options as a single +object. + +##### `opts.fetchRetryMaxtimeout` + +* Type: Number +* Default: 60000 (1 minute) + +The "maxTimeout" config for [`retry`](https://npm.im/retry) to use when fetching +packages. + +See also [`opts.retry`](#opts-retry) to provide all retry options as a single +object. + +##### `opts.forceAuth` + +* Type: Object +* Default: null + +If present, other auth-related values in `opts` will be completely ignored, +including `alwaysAuth`, `email`, and `otp`, when calculating auth for a request, +and the auth details in `opts.forceAuth` will be used instead. + +##### `opts.gzip` + +* Type: Boolean +* Default: false + +If true, `npm-registry-fetch` will set the `Content-Encoding` header to `gzip` +and use `zlib.gzip()` or `zlib.createGzip()` to gzip-encode +[`opts.body`](#opts-body). + +##### `opts.headers` + +* Type: Object +* Default: null + +Additional headers for the outgoing request. This option can also be used to +override headers automatically generated by `npm-registry-fetch`, such as +`Content-Type`. + +##### `opts.ignoreBody` + +* Type: Boolean +* Default: false + +If true, the **response body** will be thrown away and `res.body` set to `null`. +This will prevent dangling response sockets for requests where you don't usually +care what the response body is. + +##### `opts.integrity` + +* Type: String | [SRI object](https://npm.im/ssri) +* Default: null + +If provided, the response body's will be verified against this integrity string, +using [`ssri`](https://npm.im/ssri). If verification succeeds, the response will +complete as normal. If verification fails, the response body will error with an +`EINTEGRITY` error. + +Body integrity is only verified if the body is actually consumed to completion -- +that is, if you use `res.json()`/`res.buffer()`, or if you consume the default +`res` stream data to its end. + +Cached data will have its integrity automatically verified using the +previously-generated integrity hash for the saved request information, so +`EINTEGRITY` errors can happen if [`opts.cache`](#opts-cache) is used, even if +`opts.integrity` is not passed in. + +##### `opts.isFromCI` + +* Type: Boolean +* Default: Based on environment variables + +This is used to populate the `npm-in-ci` request header sent to the registry. + +##### `opts.key` + +* Type: String +* Default: null + +A client key to pass when accessing the registry. Values should be in PEM +format with newlines replaced by the string `'\n'`. For example: + +``` +{ + key: '-----BEGIN PRIVATE KEY-----\nXXXX\nXXXX\n-----END PRIVATE KEY-----' +} +``` + +It is _not_ the path to a key file (and there is no "keyfile" option). + +See also: [`opts.ca`](#opts-ca) and [`opts.cert`](#opts-cert) + +##### `opts.localAddress` + +* Type: IP Address String +* Default: null + +The IP address of the local interface to use when making connections +to the registry. + +See also [`opts.proxy`](#opts-proxy) + +##### `opts.log` + +* Type: [`npmlog`](https://npm.im/npmlog)-like +* Default: null + +Logger object to use for logging operation details. Must have the same methods +as `npmlog`. + +##### `opts.mapJSON` + +* Type: Function +* Default: undefined + +When using `fetch.json.stream()` (NOT `fetch.json()`), this will be passed down +to [`JSONStream`](https://npm.im/JSONStream) as the second argument to +`JSONStream.parse`, and can be used to transform stream data before output. + +##### `opts.maxSockets` + +* Type: Integer +* Default: 12 + +Maximum number of sockets to keep open during requests. Has no effect if +[`opts.agent`](#opts-agent) is used. + +##### `opts.method` + +* Type: String +* Default: 'GET' + +HTTP method to use for the outgoing request. Case-insensitive. + +##### `opts.noproxy` + +* Type: Boolean +* Default: process.env.NOPROXY + +If true, proxying will be disabled even if [`opts.proxy`](#opts-proxy) is used. + +##### `opts.npmSession` + +* Type: String +* Default: null + +If provided, will be sent in the `npm-session` header. This header is used by +the npm registry to identify individual user sessions (usually individual +invocations of the CLI). + +##### `opts.npmCommand` + +* Type: String +* Default: null + +If provided, it will be sent in the `npm-command` header. This yeader is +used by the npm registry to identify the npm command that caused this +request to be made. + +##### `opts.offline` + +* Type: Boolean +* Default: false + +Force offline mode: no network requests will be done during install. To allow +`npm-registry-fetch` to fill in missing cache data, see +[`opts.preferOffline`](#opts-preferOffline). + +This option is only really useful if you're also using +[`opts.cache`](#opts-cache). + +This option is set to `true` when the request includes `write=true` in the +query string. + +##### `opts.otp` + +* Type: Number | String +* Default: null + +This is a one-time password from a two-factor authenticator. It is required for +certain registry interactions when two-factor auth is enabled for a user +account. + +##### `opts.password` + +* Alias: `_password` +* Type: String +* Default: null + +Password used for basic authentication. For the more modern authentication +method, please use the (more secure) [`opts.token`](#opts-token) + +Can optionally be scoped to a registry by using a "nerf dart" for that registry. +That is: + +``` +{ + '//registry.npmjs.org/:password': 't0k3nH34r' +} +``` + +See also [`opts.username`](#opts-username) + +##### `opts.preferOffline` + +* Type: Boolean +* Default: false + +If true, staleness checks for cached data will be bypassed, but missing data +will be requested from the server. To force full offline mode, use +[`opts.offline`](#opts-offline). + +This option is generally only useful if you're also using +[`opts.cache`](#opts-cache). + +This option is set to `false` when the request includes `write=true` in the +query string. + +##### `opts.preferOnline` + +* Type: Boolean +* Default: false + +If true, staleness checks for cached data will be forced, making the CLI look +for updates immediately even for fresh package data. + +This option is generally only useful if you're also using +[`opts.cache`](#opts-cache). + +This option is set to `true` when the request includes `write=true` in the +query string. + +##### `opts.projectScope` + +* Type: String +* Default: null + +If provided, will be sent in the `npm-scope` header. This header is used by the +npm registry to identify the toplevel package scope that a particular project +installation is using. + +##### `opts.proxy` + +* Type: url +* Default: null + +A proxy to use for outgoing http requests. If not passed in, the `HTTP(S)_PROXY` +environment variable will be used. + +##### `opts.query` + +* Type: String | Object +* Default: null + +If provided, the request URI will have a query string appended to it using this +query. If `opts.query` is an object, it will be converted to a query string +using +[`querystring.stringify()`](https://nodejs.org/api/querystring.html#querystring_querystring_stringify_obj_sep_eq_options). + +If the request URI already has a query string, it will be merged with +`opts.query`, preferring `opts.query` values. + +##### `opts.registry` + +* Type: URL +* Default: `'https://registry.npmjs.org'` + +Registry configuration for a request. If a request URL only includes the URL +path, this registry setting will be prepended. This configuration is also used +to determine authentication details, so even if the request URL references a +completely different host, `opts.registry` will be used to find the auth details +for that request. + +See also [`opts.scope`](#opts-scope), [`opts.spec`](#opts-spec), and +[`opts.:registry`](#opts-scope-registry) which can all affect the actual +registry URL used by the outgoing request. + +##### `opts.retry` + +* Type: Object +* Default: null + +Single-object configuration for request retry settings. If passed in, will +override individually-passed `fetch-retry-*` settings. + +##### `opts.scope` + +* Type: String +* Default: null + +Associate an operation with a scope for a scoped registry. This option can force +lookup of scope-specific registries and authentication. + +See also [`opts.:registry`](#opts-scope-registry) and +[`opts.spec`](#opts-spec) for interactions with this option. + +##### `opts.:registry` + +* Type: String +* Default: null + +This option type can be used to configure the registry used for requests +involving a particular scope. For example, `opts['@myscope:registry'] = +'https://scope-specific.registry/'` will make it so requests go out to this +registry instead of [`opts.registry`](#opts-registry) when +[`opts.scope`](#opts-scope) is used, or when [`opts.spec`](#opts-spec) is a +scoped package spec. + +The `@` before the scope name is optional, but recommended. + +##### `opts.spec` + +* Type: String | [`npm-registry-arg`](https://npm.im/npm-registry-arg) object. +* Default: null + +If provided, can be used to automatically configure [`opts.scope`](#opts-scope) +based on a specific package name. Non-registry package specs will throw an +error. + +##### `opts.strictSSL` + +* Type: Boolean +* Default: true + +Whether or not to do SSL key validation when making requests to the +registry via https. + +See also [`opts.ca`](#opts-ca). + +##### `opts.timeout` + +* Type: Milliseconds +* Default: 300000 (5 minutes) + +Time before a hanging request times out. + +##### `opts.token` + +* Alias: `opts._authToken` +* Type: String +* Default: null + +Authentication token string. + +Can be scoped to a registry by using a "nerf dart" for that registry. That is: + +``` +{ + '//registry.npmjs.org/:token': 't0k3nH34r' +} +``` + +##### `opts.userAgent` + +* Type: String +* Default: `'npm-registry-fetch@/node@+ ()'` + +User agent string to send in the `User-Agent` header. + +##### `opts.username` + +* Type: String +* Default: null + +Username used for basic authentication. For the more modern authentication +method, please use the (more secure) [`opts.token`](#opts-token) + +Can optionally be scoped to a registry by using a "nerf dart" for that registry. +That is: + +``` +{ + '//registry.npmjs.org/:username': 't0k3nH34r' +} +``` + +See also [`opts.password`](#opts-password) + +##### `opts._auth` + +* Type: String +* Default: null + +** DEPRECATED ** This is a legacy authentication token supported only for +compatibility. Please use [`opts.token`](#opts-token) instead. diff --git a/node_modules/libnpmhook/node_modules/npm-registry-fetch/auth.js b/node_modules/libnpmhook/node_modules/npm-registry-fetch/auth.js new file mode 100644 index 0000000000000..11c3bde6b4e6c --- /dev/null +++ b/node_modules/libnpmhook/node_modules/npm-registry-fetch/auth.js @@ -0,0 +1,55 @@ +'use strict' + +const defaultOpts = require('./default-opts.js') +const url = require('url') + +module.exports = getAuth +function getAuth (registry, opts_ = {}) { + if (!registry) { throw new Error('registry is required') } + const opts = opts_.forceAuth ? opts_.forceAuth : { ...defaultOpts, ...opts_ } + const AUTH = {} + const regKey = registry && registryKey(registry) + const doKey = (key, alias) => addKey(opts, AUTH, regKey, key, alias) + doKey('token') + doKey('_authToken', 'token') + doKey('username') + doKey('password') + doKey('_password', 'password') + doKey('email') + doKey('_auth') + doKey('otp') + doKey('always-auth', 'alwaysAuth') + if (AUTH.password) { + AUTH.password = Buffer.from(AUTH.password, 'base64').toString('utf8') + } + if (AUTH._auth && !(AUTH.username && AUTH.password)) { + let auth = Buffer.from(AUTH._auth, 'base64').toString() + auth = auth.split(':') + AUTH.username = auth.shift() + AUTH.password = auth.join(':') + } + AUTH.alwaysAuth = AUTH.alwaysAuth === 'false' ? false : !!AUTH.alwaysAuth + return AUTH +} + +function addKey (opts, obj, scope, key, objKey) { + if (opts[key]) { + obj[objKey || key] = opts[key] + } + if (scope && opts[`${scope}:${key}`]) { + obj[objKey || key] = opts[`${scope}:${key}`] + } +} + +// Called a nerf dart in the main codebase. Used as a "safe" +// key when fetching registry info from config. +function registryKey (registry) { + const parsed = new url.URL(registry) + const formatted = url.format({ + protocol: parsed.protocol, + host: parsed.host, + pathname: parsed.pathname, + slashes: true + }) + return url.format(new url.URL('.', formatted)).replace(/^[^:]+:/, '') +} diff --git a/node_modules/libnpmhook/node_modules/npm-registry-fetch/check-response.js b/node_modules/libnpmhook/node_modules/npm-registry-fetch/check-response.js new file mode 100644 index 0000000000000..f151711f30160 --- /dev/null +++ b/node_modules/libnpmhook/node_modules/npm-registry-fetch/check-response.js @@ -0,0 +1,128 @@ +'use strict' + +const errors = require('./errors.js') +const LRU = require('lru-cache') +const { Response } = require('minipass-fetch') +const defaultOpts = require('./default-opts.js') + +module.exports = checkResponse +function checkResponse (method, res, registry, startTime, opts_ = {}) { + const opts = { ...defaultOpts, ...opts_ } + if (res.headers.has('npm-notice') && !res.headers.has('x-local-cache')) { + opts.log.notice('', res.headers.get('npm-notice')) + } + checkWarnings(res, registry, opts) + if (res.status >= 400) { + logRequest(method, res, startTime, opts) + return checkErrors(method, res, startTime, opts) + } else { + res.body.on('end', () => logRequest(method, res, startTime, opts)) + if (opts.ignoreBody) { + res.body.resume() + return new Response(null, res) + } + return res + } +} + +function logRequest (method, res, startTime, opts) { + const elapsedTime = Date.now() - startTime + const attempt = res.headers.get('x-fetch-attempts') + const attemptStr = attempt && attempt > 1 ? ` attempt #${attempt}` : '' + const cacheStr = res.headers.get('x-local-cache') ? ' (from cache)' : '' + + let urlStr + try { + const { URL } = require('url') + const url = new URL(res.url) + if (url.password) { + url.password = '***' + } + urlStr = url.toString() + } catch (er) { + urlStr = res.url + } + + opts.log.http( + 'fetch', + `${method.toUpperCase()} ${res.status} ${urlStr} ${elapsedTime}ms${attemptStr}${cacheStr}` + ) +} + +const WARNING_REGEXP = /^\s*(\d{3})\s+(\S+)\s+"(.*)"\s+"([^"]+)"/ +const BAD_HOSTS = new LRU({ max: 50 }) + +function checkWarnings (res, registry, opts) { + if (res.headers.has('warning') && !BAD_HOSTS.has(registry)) { + const warnings = {} + // note: headers.raw() will preserve case, so we might have a + // key on the object like 'WaRnInG' if that was used first + for (const [key, value] of Object.entries(res.headers.raw())) { + if (key.toLowerCase() !== 'warning') { continue } + value.forEach(w => { + const match = w.match(WARNING_REGEXP) + if (match) { + warnings[match[1]] = { + code: match[1], + host: match[2], + message: match[3], + date: new Date(match[4]) + } + } + }) + } + BAD_HOSTS.set(registry, true) + if (warnings['199']) { + if (warnings['199'].message.match(/ENOTFOUND/)) { + opts.log.warn('registry', `Using stale data from ${registry} because the host is inaccessible -- are you offline?`) + } else { + opts.log.warn('registry', `Unexpected warning for ${registry}: ${warnings['199'].message}`) + } + } + if (warnings['111']) { + // 111 Revalidation failed -- we're using stale data + opts.log.warn( + 'registry', + `Using stale data from ${registry} due to a request error during revalidation.` + ) + } + } +} + +function checkErrors (method, res, startTime, opts) { + return res.buffer() + .catch(() => null) + .then(body => { + let parsed = body + try { + parsed = JSON.parse(body.toString('utf8')) + } catch (e) {} + if (res.status === 401 && res.headers.get('www-authenticate')) { + const auth = res.headers.get('www-authenticate') + .split(/,\s*/) + .map(s => s.toLowerCase()) + if (auth.indexOf('ipaddress') !== -1) { + throw new errors.HttpErrorAuthIPAddress( + method, res, parsed, opts.spec + ) + } else if (auth.indexOf('otp') !== -1) { + throw new errors.HttpErrorAuthOTP( + method, res, parsed, opts.spec + ) + } else { + throw new errors.HttpErrorAuthUnknown( + method, res, parsed, opts.spec + ) + } + } else if (res.status === 401 && body != null && /one-time pass/.test(body.toString('utf8'))) { + // Heuristic for malformed OTP responses that don't include the www-authenticate header. + throw new errors.HttpErrorAuthOTP( + method, res, parsed, opts.spec + ) + } else { + throw new errors.HttpErrorGeneral( + method, res, parsed, opts.spec + ) + } + }) +} diff --git a/node_modules/libnpmhook/node_modules/npm-registry-fetch/default-opts.js b/node_modules/libnpmhook/node_modules/npm-registry-fetch/default-opts.js new file mode 100644 index 0000000000000..b742fd5a5fcd4 --- /dev/null +++ b/node_modules/libnpmhook/node_modules/npm-registry-fetch/default-opts.js @@ -0,0 +1,22 @@ +const pkg = require('./package.json') +const ciDetect = require('@npmcli/ci-detect') +module.exports = { + isFromCI: ciDetect(), + log: require('./silentlog.js'), + maxSockets: 12, + method: 'GET', + registry: 'https://registry.npmjs.org/', + timeout: 5 * 60 * 1000, // 5 minutes + strictSSL: true, + noProxy: process.env.NOPROXY, + userAgent: `${pkg.name + }@${ + pkg.version + }/node@${ + process.version + }+${ + process.arch + } (${ + process.platform + })` +} diff --git a/node_modules/libnpmhook/node_modules/npm-registry-fetch/errors.js b/node_modules/libnpmhook/node_modules/npm-registry-fetch/errors.js new file mode 100644 index 0000000000000..c41947e29952d --- /dev/null +++ b/node_modules/libnpmhook/node_modules/npm-registry-fetch/errors.js @@ -0,0 +1,79 @@ +'use strict' + +const url = require('url') + +function packageName (href) { + try { + let basePath = new url.URL(href).pathname.substr(1) + if (!basePath.match(/^-/)) { + basePath = basePath.split('/') + var index = basePath.indexOf('_rewrite') + if (index === -1) { + index = basePath.length - 1 + } else { + index++ + } + return decodeURIComponent(basePath[index]) + } + } catch (_) { + // this is ok + } +} + +class HttpErrorBase extends Error { + constructor (method, res, body, spec) { + super() + this.headers = res.headers.raw() + this.statusCode = res.status + this.code = `E${res.status}` + this.method = method + this.uri = res.url + this.body = body + this.pkgid = spec ? spec.toString() : packageName(res.url) + } +} +module.exports.HttpErrorBase = HttpErrorBase + +class HttpErrorGeneral extends HttpErrorBase { + constructor (method, res, body, spec) { + super(method, res, body, spec) + this.message = `${res.status} ${res.statusText} - ${ + this.method.toUpperCase() + } ${ + this.spec || this.uri + }${ + (body && body.error) ? ' - ' + body.error : '' + }` + Error.captureStackTrace(this, HttpErrorGeneral) + } +} +module.exports.HttpErrorGeneral = HttpErrorGeneral + +class HttpErrorAuthOTP extends HttpErrorBase { + constructor (method, res, body, spec) { + super(method, res, body, spec) + this.message = 'OTP required for authentication' + this.code = 'EOTP' + Error.captureStackTrace(this, HttpErrorAuthOTP) + } +} +module.exports.HttpErrorAuthOTP = HttpErrorAuthOTP + +class HttpErrorAuthIPAddress extends HttpErrorBase { + constructor (method, res, body, spec) { + super(method, res, body, spec) + this.message = 'Login is not allowed from your IP address' + this.code = 'EAUTHIP' + Error.captureStackTrace(this, HttpErrorAuthIPAddress) + } +} +module.exports.HttpErrorAuthIPAddress = HttpErrorAuthIPAddress + +class HttpErrorAuthUnknown extends HttpErrorBase { + constructor (method, res, body, spec) { + super(method, res, body, spec) + this.message = 'Unable to authenticate, need: ' + res.headers.get('www-authenticate') + Error.captureStackTrace(this, HttpErrorAuthUnknown) + } +} +module.exports.HttpErrorAuthUnknown = HttpErrorAuthUnknown diff --git a/node_modules/libnpmhook/node_modules/npm-registry-fetch/index.js b/node_modules/libnpmhook/node_modules/npm-registry-fetch/index.js new file mode 100644 index 0000000000000..2324e7fbfd00b --- /dev/null +++ b/node_modules/libnpmhook/node_modules/npm-registry-fetch/index.js @@ -0,0 +1,219 @@ +'use strict' + +const checkResponse = require('./check-response.js') +const getAuth = require('./auth.js') +const fetch = require('make-fetch-happen') +const JSONStream = require('minipass-json-stream') +const npa = require('npm-package-arg') +const qs = require('querystring') +const url = require('url') +const zlib = require('minizlib') +const Minipass = require('minipass') + +const defaultOpts = require('./default-opts.js') + +// WhatWG URL throws if it's not fully resolved +const urlIsValid = u => { + try { + return !!new url.URL(u) + } catch (_) { + return false + } +} + +module.exports = regFetch +function regFetch (uri, /* istanbul ignore next */ opts_ = {}) { + const opts = { + ...defaultOpts, + ...opts_ + } + const registry = opts.registry = ( + (opts.spec && pickRegistry(opts.spec, opts)) || + (opts.publishConfig && opts.publishConfig.registry) || + opts.registry || + /* istanbul ignore next */ + 'https://registry.npmjs.org/' + ) + + if (!urlIsValid(uri)) { + uri = `${ + registry.trim().replace(/\/?$/g, '') + }/${ + uri.trim().replace(/^\//, '') + }` + } + + const method = opts.method || 'GET' + + // through that takes into account the scope, the prefix of `uri`, etc + const startTime = Date.now() + const headers = getHeaders(registry, uri, opts) + let body = opts.body + const bodyIsStream = Minipass.isStream(body) + const bodyIsPromise = body && + typeof body === 'object' && + typeof body.then === 'function' + + if (body && !bodyIsStream && !bodyIsPromise && typeof body !== 'string' && !Buffer.isBuffer(body)) { + headers['content-type'] = headers['content-type'] || 'application/json' + body = JSON.stringify(body) + } else if (body && !headers['content-type']) { + headers['content-type'] = 'application/octet-stream' + } + + if (opts.gzip) { + headers['content-encoding'] = 'gzip' + if (bodyIsStream) { + const gz = new zlib.Gzip() + body.on('error', /* istanbul ignore next: unlikely and hard to test */ + err => gz.emit('error', err)) + body = body.pipe(gz) + } else if (!bodyIsPromise) { + body = new zlib.Gzip().end(body).concat() + } + } + + const parsed = new url.URL(uri) + + if (opts.query) { + const q = typeof opts.query === 'string' + ? qs.parse(opts.query) + : opts.query + + Object.keys(q).forEach(key => { + if (q[key] !== undefined) { + parsed.searchParams.set(key, q[key]) + } + }) + uri = url.format(parsed) + } + + if (parsed.searchParams.get('write') === 'true' && method === 'GET') { + // do not cache, because this GET is fetching a rev that will be + // used for a subsequent PUT or DELETE, so we need to conditionally + // update cache. + opts.offline = false + opts.preferOffline = false + opts.preferOnline = true + } + + const doFetch = (body) => fetch(uri, { + agent: opts.agent, + algorithms: opts.algorithms, + body, + cache: getCacheMode(opts), + cacheManager: opts.cache, + ca: opts.ca, + cert: opts.cert, + headers, + integrity: opts.integrity, + key: opts.key, + localAddress: opts.localAddress, + maxSockets: opts.maxSockets, + memoize: opts.memoize, + method: method, + noProxy: opts.noProxy, + proxy: opts.httpsProxy || opts.proxy, + retry: opts.retry ? opts.retry : { + retries: opts.fetchRetries, + factor: opts.fetchRetryFactor, + minTimeout: opts.fetchRetryMintimeout, + maxTimeout: opts.fetchRetryMaxtimeout + }, + strictSSL: opts.strictSSL, + timeout: opts.timeout || 30 * 1000 + }).then(res => checkResponse( + method, res, registry, startTime, opts + )) + + return Promise.resolve(body).then(doFetch) +} + +module.exports.json = fetchJSON +function fetchJSON (uri, opts) { + return regFetch(uri, opts).then(res => res.json()) +} + +module.exports.json.stream = fetchJSONStream +function fetchJSONStream (uri, jsonPath, /* istanbul ignore next */ opts_ = {}) { + const opts = { ...defaultOpts, ...opts_ } + const parser = JSONStream.parse(jsonPath, opts.mapJSON) + regFetch(uri, opts).then(res => + res.body.on('error', + /* istanbul ignore next: unlikely and difficult to test */ + er => parser.emit('error', er)).pipe(parser) + ).catch(er => parser.emit('error', er)) + return parser +} + +module.exports.pickRegistry = pickRegistry +function pickRegistry (spec, opts = {}) { + spec = npa(spec) + let registry = spec.scope && + opts[spec.scope.replace(/^@?/, '@') + ':registry'] + + if (!registry && opts.scope) { + registry = opts[opts.scope.replace(/^@?/, '@') + ':registry'] + } + + if (!registry && opts.publishConfig) { + registry = opts.publishConfig.registry + } + + if (!registry) { + registry = opts.registry || 'https://registry.npmjs.org/' + } + + return registry +} + +function getCacheMode (opts) { + return opts.offline + ? 'only-if-cached' + : opts.preferOffline + ? 'force-cache' + : opts.preferOnline + ? 'no-cache' + : 'default' +} + +function getHeaders (registry, uri, opts) { + const headers = Object.assign({ + 'npm-in-ci': !!opts.isFromCI, + 'user-agent': opts.userAgent + }, opts.headers || {}) + + if (opts.projectScope) { + headers['npm-scope'] = opts.projectScope + } + + if (opts.npmSession) { + headers['npm-session'] = opts.npmSession + } + + if (opts.npmCommand) { + headers['npm-command'] = opts.npmCommand + } + + const auth = getAuth(registry, opts) + // If a tarball is hosted on a different place than the manifest, only send + // credentials on `alwaysAuth` + const shouldAuth = ( + auth.alwaysAuth || + new url.URL(uri).host === new url.URL(registry).host + ) + if (shouldAuth && auth.token) { + headers.authorization = `Bearer ${auth.token}` + } else if (shouldAuth && auth.username && auth.password) { + const encoded = Buffer.from( + `${auth.username}:${auth.password}`, 'utf8' + ).toString('base64') + headers.authorization = `Basic ${encoded}` + } else if (shouldAuth && auth._auth) { + headers.authorization = `Basic ${auth._auth}` + } + if (shouldAuth && auth.otp) { + headers['npm-otp'] = auth.otp + } + return headers +} diff --git a/node_modules/libnpmhook/node_modules/npm-registry-fetch/package.json b/node_modules/libnpmhook/node_modules/npm-registry-fetch/package.json new file mode 100644 index 0000000000000..5aeddc5b39102 --- /dev/null +++ b/node_modules/libnpmhook/node_modules/npm-registry-fetch/package.json @@ -0,0 +1,59 @@ +{ + "name": "npm-registry-fetch", + "version": "8.1.5", + "description": "Fetch-based http client for use with npm registry APIs", + "main": "index.js", + "files": [ + "*.js", + "lib" + ], + "scripts": { + "postrelease": "npm publish", + "posttest": "standard", + "prepublishOnly": "git push --follow-tags", + "prerelease": "npm t", + "release": "standard-version -s", + "test": "tap" + }, + "repository": "https://github.com/npm/registry-fetch", + "keywords": [ + "npm", + "registry", + "fetch" + ], + "author": { + "name": "Kat Marchán", + "email": "kzm@sykosomatic.org", + "twitter": "maybekatz" + }, + "license": "ISC", + "dependencies": { + "@npmcli/ci-detect": "^1.0.0", + "lru-cache": "^6.0.0", + "make-fetch-happen": "^8.0.9", + "minipass": "^3.1.3", + "minipass-fetch": "^1.3.0", + "minipass-json-stream": "^1.0.1", + "minizlib": "^2.0.0", + "npm-package-arg": "^8.0.0" + }, + "devDependencies": { + "cacache": "^15.0.0", + "mkdirp": "^0.5.1", + "nock": "^11.7.0", + "npmlog": "^4.1.2", + "require-inject": "^1.4.4", + "rimraf": "^2.6.2", + "ssri": "^8.0.0", + "standard": "^14.3.3", + "standard-version": "^7.1.0", + "tap": "^14.10.7" + }, + "tap": { + "check-coverage": true, + "test-ignore": "test[\\\\/](util|cache)[\\\\/]" + }, + "engines": { + "node": ">=10" + } +} diff --git a/node_modules/libnpmhook/node_modules/npm-registry-fetch/silentlog.js b/node_modules/libnpmhook/node_modules/npm-registry-fetch/silentlog.js new file mode 100644 index 0000000000000..886c5d55b2dbb --- /dev/null +++ b/node_modules/libnpmhook/node_modules/npm-registry-fetch/silentlog.js @@ -0,0 +1,14 @@ +'use strict' + +const noop = Function.prototype +module.exports = { + error: noop, + warn: noop, + notice: noop, + info: noop, + verbose: noop, + silly: noop, + http: noop, + pause: noop, + resume: noop +} diff --git a/node_modules/libnpmorg/node_modules/npm-registry-fetch/CHANGELOG.md b/node_modules/libnpmorg/node_modules/npm-registry-fetch/CHANGELOG.md new file mode 100644 index 0000000000000..fc26ee1bda4ba --- /dev/null +++ b/node_modules/libnpmorg/node_modules/npm-registry-fetch/CHANGELOG.md @@ -0,0 +1,384 @@ +# Changelog + +All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines. + +### [8.1.5](https://github.com/npm/registry-fetch/compare/v8.1.4...v8.1.5) (2020-10-12) + + +### Bug Fixes + +* respect publishConfig.registry when specified ([32e36ef](https://github.com/npm/registry-fetch/commit/32e36efe86302ed319973cd5b1e6ccc3f62e557e)), closes [#35](https://github.com/npm/registry-fetch/issues/35) + +### [8.1.4](https://github.com/npm/registry-fetch/compare/v8.1.3...v8.1.4) (2020-08-17) + + +### Bug Fixes + +* redact passwords from http logs ([3c294eb](https://github.com/npm/registry-fetch/commit/3c294ebbd7821725db4ff1bc5fe368c49613efcc)) + +### [8.1.3](https://github.com/npm/registry-fetch/compare/v8.1.2...v8.1.3) (2020-07-21) + +### [8.1.2](https://github.com/npm/registry-fetch/compare/v8.1.1...v8.1.2) (2020-07-11) + +### [8.1.1](https://github.com/npm/registry-fetch/compare/v8.1.0...v8.1.1) (2020-06-30) + +## [8.1.0](https://github.com/npm/registry-fetch/compare/v8.0.3...v8.1.0) (2020-05-20) + + +### Features + +* add npm-command HTTP header ([1bb4eb2](https://github.com/npm/registry-fetch/commit/1bb4eb2c66ee8a0dc62558bdcff1b548e2bb9820)) + +### [8.0.3](https://github.com/npm/registry-fetch/compare/v8.0.2...v8.0.3) (2020-05-13) + + +### Bug Fixes + +* update minipass and make-fetch-happen to latest ([3b6c5d0](https://github.com/npm/registry-fetch/commit/3b6c5d0d8ccd4c4a97862a65acef956f19aec127)), closes [#23](https://github.com/npm/registry-fetch/issues/23) + +### [8.0.2](https://github.com/npm/registry-fetch/compare/v8.0.1...v8.0.2) (2020-05-04) + + +### Bug Fixes + +* update make-fetch-happen to 8.0.6 ([226df2c](https://github.com/npm/registry-fetch/commit/226df2c32e3f9ed8ceefcfdbd11efb178181b442)) + +## [8.0.0](https://github.com/npm/registry-fetch/compare/v7.0.1...v8.0.0) (2020-02-24) + + +### ⚠ BREAKING CHANGES + +* Removes the 'opts.refer' option and the HTTP Referer +header (unless explicitly added to the 'headers' option, of course). + +PR-URL: https://github.com/npm/npm-registry-fetch/pull/25 +Credit: @isaacs + +### Bug Fixes + +* remove referer header and opts.refer ([eb8f7af](https://github.com/npm/registry-fetch/commit/eb8f7af3c102834856604c1be664b00ca0fe8ef2)), closes [#25](https://github.com/npm/registry-fetch/issues/25) + +### [7.0.1](https://github.com/npm/registry-fetch/compare/v7.0.0...v7.0.1) (2020-02-24) + +## [7.0.0](https://github.com/npm/registry-fetch/compare/v6.0.2...v7.0.0) (2020-02-18) + + +### ⚠ BREAKING CHANGES + +* figgy pudding is now nowhere to be found. +* this removes figgy-pudding, and drops several option +aliases. + +Defaults and behavior are all the same, and this module is now using the +canonical camelCase option names that npm v7 will provide to all its +deps. + +Related to: https://github.com/npm/rfcs/pull/102 + +PR-URL: https://github.com/npm/npm-registry-fetch/pull/22 +Credit: @isaacs + +### Bug Fixes + +* Remove figgy-pudding, use canonical option names ([ede3c08](https://github.com/npm/registry-fetch/commit/ede3c087007fd1808e02b1af70562220d03b18a9)), closes [#22](https://github.com/npm/registry-fetch/issues/22) + + +* update cacache, ssri, make-fetch-happen ([57fcc88](https://github.com/npm/registry-fetch/commit/57fcc889bee03edcc0a2025d96a171039108c231)) + +### [6.0.2](https://github.com/npm/registry-fetch/compare/v6.0.1...v6.0.2) (2020-02-14) + + +### Bug Fixes + +* always bypass cache when ?write=true ([83f89f3](https://github.com/npm/registry-fetch/commit/83f89f35abd2ed0507c869e37f90ed746375772c)) + +### [6.0.1](https://github.com/npm/registry-fetch/compare/v6.0.0...v6.0.1) (2020-02-14) + + +### Bug Fixes + +* use 30s default for timeout as per README ([50e8afc](https://github.com/npm/registry-fetch/commit/50e8afc6ff850542feb588f9f9c64ebae59e72a0)), closes [#20](https://github.com/npm/registry-fetch/issues/20) + +## [6.0.0](https://github.com/npm/registry-fetch/compare/v5.0.1...v6.0.0) (2019-12-17) + + +### ⚠ BREAKING CHANGES + +* This drops support for node < 10. + +There are some lint failures due to standard pushing for using WhatWG URL +objects instead of url.parse/url.resolve. However, the code in this lib +does some fancy things with the query/search portions of the parsed url +object, so it'll take a bit of care to make it work properly. + +### Bug Fixes + +* detect CI so our tests don't fail in CI ([5813da6](https://github.com/npm/registry-fetch/commit/5813da634cef73b12e40373972d7937e6934fce0)) +* Use WhatWG URLs instead of url.parse ([8ccfa8a](https://github.com/npm/registry-fetch/commit/8ccfa8a72c38cfedb0f525b7f453644fd4444f99)) + + +* normalize settings, drop old nodes, update deps ([510b125](https://github.com/npm/registry-fetch/commit/510b1255cc7ed4bb397a34e0007757dae33e2275)) + + +## [5.0.1](https://github.com/npm/registry-fetch/compare/v5.0.0...v5.0.1) (2019-11-11) + + + + +# [5.0.0](https://github.com/npm/registry-fetch/compare/v4.0.2...v5.0.0) (2019-10-04) + + +### Bug Fixes + +* prefer const in getAuth function ([90ac7b1](https://github.com/npm/registry-fetch/commit/90ac7b1)) +* use minizlib instead of core zlib ([e64702e](https://github.com/npm/registry-fetch/commit/e64702e)) + + +### Features + +* refactor to use Minipass streams ([bb37f20](https://github.com/npm/registry-fetch/commit/bb37f20)) + + +### BREAKING CHANGES + +* this replaces all core streams (except for some +PassThrough streams in a few tests) with Minipass streams, and updates +all deps to the latest and greatest Minipass versions of things. + + + + +## [4.0.2](https://github.com/npm/registry-fetch/compare/v4.0.0...v4.0.2) (2019-10-04) + + +### Bug Fixes + +* Add null check on body on 401 errors ([e3a0186](https://github.com/npm/registry-fetch/commit/e3a0186)), closes [#9](https://github.com/npm/registry-fetch/issues/9) +* **deps:** Add explicit dependency on safe-buffer ([8eae5f0](https://github.com/npm/registry-fetch/commit/8eae5f0)), closes [npm/libnpmaccess#2](https://github.com/npm/libnpmaccess/issues/2) [#3](https://github.com/npm/registry-fetch/issues/3) + + + + +# [4.0.0](https://github.com/npm/registry-fetch/compare/v3.9.1...v4.0.0) (2019-07-15) + + +* cacache@12.0.0, infer uid from cache folder ([0c4f060](https://github.com/npm/registry-fetch/commit/0c4f060)) + + +### BREAKING CHANGES + +* uid and gid are inferred from cache folder, rather than +being passed in as options. + + + + +## [3.9.1](https://github.com/npm/registry-fetch/compare/v3.9.0...v3.9.1) (2019-07-02) + + + + +# [3.9.0](https://github.com/npm/registry-fetch/compare/v3.8.0...v3.9.0) (2019-01-24) + + +### Features + +* **auth:** support username:password encoded legacy _auth ([a91f90c](https://github.com/npm/registry-fetch/commit/a91f90c)) + + + + +# [3.8.0](https://github.com/npm/registry-fetch/compare/v3.7.0...v3.8.0) (2018-08-23) + + +### Features + +* **mapJson:** add support for passing in json stream mapper ([0600986](https://github.com/npm/registry-fetch/commit/0600986)) + + + + +# [3.7.0](https://github.com/npm/registry-fetch/compare/v3.6.0...v3.7.0) (2018-08-23) + + +### Features + +* **json.stream:** add utility function for streamed JSON parsing ([051d969](https://github.com/npm/registry-fetch/commit/051d969)) + + + + +# [3.6.0](https://github.com/npm/registry-fetch/compare/v3.5.0...v3.6.0) (2018-08-22) + + +### Bug Fixes + +* **docs:** document opts.forceAuth ([40bcd65](https://github.com/npm/registry-fetch/commit/40bcd65)) + + +### Features + +* **opts.ignoreBody:** add a boolean to throw away response bodies ([6923702](https://github.com/npm/registry-fetch/commit/6923702)) + + + + +# [3.5.0](https://github.com/npm/registry-fetch/compare/v3.4.0...v3.5.0) (2018-08-22) + + +### Features + +* **pkgid:** heuristic pkgid calculation for errors ([2e789a5](https://github.com/npm/registry-fetch/commit/2e789a5)) + + + + +# [3.4.0](https://github.com/npm/registry-fetch/compare/v3.3.0...v3.4.0) (2018-08-22) + + +### Bug Fixes + +* **deps:** use new figgy-pudding with aliases fix ([0308f54](https://github.com/npm/registry-fetch/commit/0308f54)) + + +### Features + +* **auth:** add forceAuth option to force a specific auth mechanism ([4524d17](https://github.com/npm/registry-fetch/commit/4524d17)) + + + + +# [3.3.0](https://github.com/npm/registry-fetch/compare/v3.2.1...v3.3.0) (2018-08-21) + + +### Bug Fixes + +* **query:** stop including undefined keys ([4718b1b](https://github.com/npm/registry-fetch/commit/4718b1b)) + + +### Features + +* **otp:** use heuristic detection for malformed EOTP responses ([f035194](https://github.com/npm/registry-fetch/commit/f035194)) + + + + +## [3.2.1](https://github.com/npm/registry-fetch/compare/v3.2.0...v3.2.1) (2018-08-16) + + +### Bug Fixes + +* **opts:** pass through non-null opts.retry ([beba040](https://github.com/npm/registry-fetch/commit/beba040)) + + + + +# [3.2.0](https://github.com/npm/registry-fetch/compare/v3.1.1...v3.2.0) (2018-07-27) + + +### Features + +* **gzip:** add opts.gzip convenience opt ([340abe0](https://github.com/npm/registry-fetch/commit/340abe0)) + + + + +## [3.1.1](https://github.com/npm/registry-fetch/compare/v3.1.0...v3.1.1) (2018-04-09) + + + + +# [3.1.0](https://github.com/npm/registry-fetch/compare/v3.0.0...v3.1.0) (2018-04-09) + + +### Features + +* **config:** support no-proxy and https-proxy options ([9aa906b](https://github.com/npm/registry-fetch/commit/9aa906b)) + + + + +# [3.0.0](https://github.com/npm/registry-fetch/compare/v2.1.0...v3.0.0) (2018-04-09) + + +### Bug Fixes + +* **api:** pacote integration-related fixes ([a29de4f](https://github.com/npm/registry-fetch/commit/a29de4f)) +* **config:** stop caring about opts.config ([5856a6f](https://github.com/npm/registry-fetch/commit/5856a6f)) + + +### BREAKING CHANGES + +* **config:** opts.config is no longer supported. Pass the options down in opts itself. + + + + +# [2.1.0](https://github.com/npm/registry-fetch/compare/v2.0.0...v2.1.0) (2018-04-08) + + +### Features + +* **token:** accept opts.token for opts._authToken ([108c9f0](https://github.com/npm/registry-fetch/commit/108c9f0)) + + + + +# [2.0.0](https://github.com/npm/registry-fetch/compare/v1.1.1...v2.0.0) (2018-04-08) + + +### meta + +* drop support for node@4 ([758536e](https://github.com/npm/registry-fetch/commit/758536e)) + + +### BREAKING CHANGES + +* node@4 is no longer supported + + + + +## [1.1.1](https://github.com/npm/registry-fetch/compare/v1.1.0...v1.1.1) (2018-04-06) + + + + +# [1.1.0](https://github.com/npm/registry-fetch/compare/v1.0.1...v1.1.0) (2018-03-16) + + +### Features + +* **specs:** can use opts.spec to trigger pickManifest ([85c4ac9](https://github.com/npm/registry-fetch/commit/85c4ac9)) + + + + +## [1.0.1](https://github.com/npm/registry-fetch/compare/v1.0.0...v1.0.1) (2018-03-16) + + +### Bug Fixes + +* **query:** oops console.log ([870e4f5](https://github.com/npm/registry-fetch/commit/870e4f5)) + + + + +# 1.0.0 (2018-03-16) + + +### Bug Fixes + +* **auth:** get auth working with all the little details ([84b94ba](https://github.com/npm/registry-fetch/commit/84b94ba)) +* **deps:** add bluebird as an actual dep ([1286e31](https://github.com/npm/registry-fetch/commit/1286e31)) +* **errors:** Unknown auth errors use default code ([#1](https://github.com/npm/registry-fetch/issues/1)) ([3d91b93](https://github.com/npm/registry-fetch/commit/3d91b93)) +* **standard:** remove args from invocation ([9620a0a](https://github.com/npm/registry-fetch/commit/9620a0a)) + + +### Features + +* **api:** baseline kinda-working API impl ([bf91f9f](https://github.com/npm/registry-fetch/commit/bf91f9f)) +* **body:** automatic handling of different opts.body values ([f3b97db](https://github.com/npm/registry-fetch/commit/f3b97db)) +* **config:** nicer input config input handling ([b9ce21d](https://github.com/npm/registry-fetch/commit/b9ce21d)) +* **opts:** use figgy-pudding for opts handling ([0abd527](https://github.com/npm/registry-fetch/commit/0abd527)) +* **query:** add query utility support ([65ea8b1](https://github.com/npm/registry-fetch/commit/65ea8b1)) diff --git a/node_modules/libnpmorg/node_modules/npm-registry-fetch/LICENSE.md b/node_modules/libnpmorg/node_modules/npm-registry-fetch/LICENSE.md new file mode 100644 index 0000000000000..8d28acf866d93 --- /dev/null +++ b/node_modules/libnpmorg/node_modules/npm-registry-fetch/LICENSE.md @@ -0,0 +1,16 @@ +ISC License + +Copyright (c) npm, Inc. + +Permission to use, copy, modify, and/or distribute this software for +any purpose with or without fee is hereby granted, provided that the +above copyright notice and this permission notice appear in all copies. + +THE SOFTWARE IS PROVIDED "AS IS" AND THE COPYRIGHT HOLDER DISCLAIMS +ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE +COPYRIGHT HOLDER BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR +CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS +OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE +USE OR PERFORMANCE OF THIS SOFTWARE. diff --git a/node_modules/libnpmorg/node_modules/npm-registry-fetch/README.md b/node_modules/libnpmorg/node_modules/npm-registry-fetch/README.md new file mode 100644 index 0000000000000..e660940e30dc4 --- /dev/null +++ b/node_modules/libnpmorg/node_modules/npm-registry-fetch/README.md @@ -0,0 +1,635 @@ +# npm-registry-fetch + +[![npm version](https://img.shields.io/npm/v/npm-registry-fetch.svg)](https://npm.im/npm-registry-fetch) +[![license](https://img.shields.io/npm/l/npm-registry-fetch.svg)](https://npm.im/npm-registry-fetch) +[![Travis](https://img.shields.io/travis/npm/npm-registry-fetch/latest.svg)](https://travis-ci.org/npm/npm-registry-fetch) +[![AppVeyor](https://img.shields.io/appveyor/ci/npm/npm-registry-fetch/latest.svg)](https://ci.appveyor.com/project/npm/npm-registry-fetch) +[![Coverage Status](https://coveralls.io/repos/github/npm/npm-registry-fetch/badge.svg?branch=latest)](https://coveralls.io/github/npm/npm-registry-fetch?branch=latest) + +[`npm-registry-fetch`](https://github.com/npm/npm-registry-fetch) is a Node.js +library that implements a `fetch`-like API for accessing npm registry APIs +consistently. It's able to consume npm-style configuration values and has all +the necessary logic for picking registries, handling scopes, and dealing with +authentication details built-in. + +This package is meant to replace the older +[`npm-registry-client`](https://npm.im/npm-registry-client). + +## Example + +```javascript +const npmFetch = require('npm-registry-fetch') + +console.log( + await npmFetch.json('/-/ping') +) +``` + +## Table of Contents + +* [Installing](#install) +* [Example](#example) +* [Contributing](#contributing) +* [API](#api) + * [`fetch`](#fetch) + * [`fetch.json`](#fetch-json) + * [`fetch` options](#fetch-opts) + +### Install + +`$ npm install npm-registry-fetch` + +### Contributing + +The npm team enthusiastically welcomes contributions and project participation! +There's a bunch of things you can do if you want to contribute! The [Contributor +Guide](CONTRIBUTING.md) has all the information you need for everything from +reporting bugs to contributing entire new features. Please don't hesitate to +jump in if you'd like to, or even ask us questions if something isn't clear. + +All participants and maintainers in this project are expected to follow [Code of +Conduct](CODE_OF_CONDUCT.md), and just generally be excellent to each other. + +Please refer to the [Changelog](CHANGELOG.md) for project history details, too. + +Happy hacking! + +### API + +#### Caching and `write=true` query strings + +Before performing any PUT or DELETE operation, npm clients first make a +GET request to the registry resource being updated, which includes +the query string `?write=true`. + +The semantics of this are, effectively, "I intend to write to this thing, +and need to know the latest current value, so that my write can land +cleanly". + +The public npm registry handles these `?write=true` requests by ensuring +that the cache is re-validated before sending a response. In order to +maintain the same behavior on the client, and not get tripped up by an +overeager local cache when we intend to write data to the registry, any +request that comes through `npm-registry-fetch` that contains `write=true` +in the query string will forcibly set the `prefer-online` option to `true`, +and set both `prefer-offline` and `offline` to false, so that any local +cached value will be revalidated. + +#### `> fetch(url, [opts]) -> Promise` + +Performs a request to a given URL. + +The URL can be either a full URL, or a path to one. The appropriate registry +will be automatically picked if only a URL path is given. + +For available options, please see the section on [`fetch` options](#fetch-opts). + +##### Example + +```javascript +const res = await fetch('/-/ping') +console.log(res.headers) +res.on('data', d => console.log(d.toString('utf8'))) +``` + +#### `> fetch.json(url, [opts]) -> Promise` + +Performs a request to a given registry URL, parses the body of the response as +JSON, and returns it as its final value. This is a utility shorthand for +`fetch(url).then(res => res.json())`. + +For available options, please see the section on [`fetch` options](#fetch-opts). + +##### Example + +```javascript +const res = await fetch.json('/-/ping') +console.log(res) // Body parsed as JSON +``` + +#### `> fetch.json.stream(url, jsonPath, [opts]) -> Stream` + +Performs a request to a given registry URL and parses the body of the response +as JSON, with each entry being emitted through the stream. + +The `jsonPath` argument is a [`JSONStream.parse()` +path](https://github.com/dominictarr/JSONStream#jsonstreamparsepath), and the +returned stream (unlike default `JSONStream`s), has a valid +`Symbol.asyncIterator` implementation. + +For available options, please see the section on [`fetch` options](#fetch-opts). + +##### Example + +```javascript +console.log('https://npm.im/~zkat has access to the following packages:') +for await (let {key, value} of fetch.json.stream('/-/user/zkat/package', '$*')) { + console.log(`https://npm.im/${key} (perms: ${value})`) +} +``` + +#### `fetch` Options + +Fetch options are optional, and can be passed in as either a Map-like object +(one with a `.get()` method), a plain javascript object, or a +[`figgy-pudding`](https://npm.im/figgy-pudding) instance. + +##### `opts.agent` + +* Type: http.Agent +* Default: an appropriate agent based on URL protocol and proxy settings + +An [`Agent`](https://nodejs.org/api/http.html#http_class_http_agent) instance to +be shared across requests. This allows multiple concurrent `fetch` requests to +happen on the same socket. + +You do _not_ need to provide this option unless you want something particularly +specialized, since proxy configurations and http/https agents are already +automatically managed internally when this option is not passed through. + +##### `opts.body` + +* Type: Buffer | Stream | Object +* Default: null + +Request body to send through the outgoing request. Buffers and Streams will be +passed through as-is, with a default `content-type` of +`application/octet-stream`. Plain JavaScript objects will be `JSON.stringify`ed +and the `content-type` will default to `application/json`. + +Use [`opts.headers`](#opts-headers) to set the content-type to something else. + +##### `opts.ca` + +* Type: String, Array, or null +* Default: null + +The Certificate Authority signing certificate that is trusted for SSL +connections to the registry. Values should be in PEM format (Windows calls it +"Base-64 encoded X.509 (.CER)") with newlines replaced by the string `'\n'`. For +example: + +``` +{ + ca: '-----BEGIN CERTIFICATE-----\nXXXX\nXXXX\n-----END CERTIFICATE-----' +} +``` + +Set to `null` to only allow "known" registrars, or to a specific CA cert +to trust only that specific signing authority. + +Multiple CAs can be trusted by specifying an array of certificates instead of a +single string. + +See also [`opts.strictSSL`](#opts-strictSSL), [`opts.ca`](#opts-ca) and +[`opts.key`](#opts-key) + +##### `opts.cache` + +* Type: path +* Default: null + +The location of the http cache directory. If provided, certain cachable requests +will be cached according to [IETF RFC 7234](https://tools.ietf.org/html/rfc7234) +rules. This will speed up future requests, as well as make the cached data +available offline if necessary/requested. + +See also [`offline`](#opts-offline), [`preferOffline`](#opts-preferOffline), +and [`preferOnline`](#opts-preferOnline). + +##### `opts.cert` + +* Type: String +* Default: null + +A client certificate to pass when accessing the registry. Values should be in +PEM format (Windows calls it "Base-64 encoded X.509 (.CER)") with newlines +replaced by the string `'\n'`. For example: + +``` +{ + cert: '-----BEGIN CERTIFICATE-----\nXXXX\nXXXX\n-----END CERTIFICATE-----' +} +``` + +It is _not_ the path to a certificate file (and there is no "certfile" option). + +See also: [`opts.ca`](#opts-ca) and [`opts.key`](#opts-key) + +##### `opts.fetchRetries` + +* Type: Number +* Default: 2 + +The "retries" config for [`retry`](https://npm.im/retry) to use when fetching +packages from the registry. + +See also [`opts.retry`](#opts-retry) to provide all retry options as a single +object. + +##### `opts.fetchRetryFactor` + +* Type: Number +* Default: 10 + +The "factor" config for [`retry`](https://npm.im/retry) to use when fetching +packages. + +See also [`opts.retry`](#opts-retry) to provide all retry options as a single +object. + +##### `opts.fetchRetryMintimeout` + +* Type: Number +* Default: 10000 (10 seconds) + +The "minTimeout" config for [`retry`](https://npm.im/retry) to use when fetching +packages. + +See also [`opts.retry`](#opts-retry) to provide all retry options as a single +object. + +##### `opts.fetchRetryMaxtimeout` + +* Type: Number +* Default: 60000 (1 minute) + +The "maxTimeout" config for [`retry`](https://npm.im/retry) to use when fetching +packages. + +See also [`opts.retry`](#opts-retry) to provide all retry options as a single +object. + +##### `opts.forceAuth` + +* Type: Object +* Default: null + +If present, other auth-related values in `opts` will be completely ignored, +including `alwaysAuth`, `email`, and `otp`, when calculating auth for a request, +and the auth details in `opts.forceAuth` will be used instead. + +##### `opts.gzip` + +* Type: Boolean +* Default: false + +If true, `npm-registry-fetch` will set the `Content-Encoding` header to `gzip` +and use `zlib.gzip()` or `zlib.createGzip()` to gzip-encode +[`opts.body`](#opts-body). + +##### `opts.headers` + +* Type: Object +* Default: null + +Additional headers for the outgoing request. This option can also be used to +override headers automatically generated by `npm-registry-fetch`, such as +`Content-Type`. + +##### `opts.ignoreBody` + +* Type: Boolean +* Default: false + +If true, the **response body** will be thrown away and `res.body` set to `null`. +This will prevent dangling response sockets for requests where you don't usually +care what the response body is. + +##### `opts.integrity` + +* Type: String | [SRI object](https://npm.im/ssri) +* Default: null + +If provided, the response body's will be verified against this integrity string, +using [`ssri`](https://npm.im/ssri). If verification succeeds, the response will +complete as normal. If verification fails, the response body will error with an +`EINTEGRITY` error. + +Body integrity is only verified if the body is actually consumed to completion -- +that is, if you use `res.json()`/`res.buffer()`, or if you consume the default +`res` stream data to its end. + +Cached data will have its integrity automatically verified using the +previously-generated integrity hash for the saved request information, so +`EINTEGRITY` errors can happen if [`opts.cache`](#opts-cache) is used, even if +`opts.integrity` is not passed in. + +##### `opts.isFromCI` + +* Type: Boolean +* Default: Based on environment variables + +This is used to populate the `npm-in-ci` request header sent to the registry. + +##### `opts.key` + +* Type: String +* Default: null + +A client key to pass when accessing the registry. Values should be in PEM +format with newlines replaced by the string `'\n'`. For example: + +``` +{ + key: '-----BEGIN PRIVATE KEY-----\nXXXX\nXXXX\n-----END PRIVATE KEY-----' +} +``` + +It is _not_ the path to a key file (and there is no "keyfile" option). + +See also: [`opts.ca`](#opts-ca) and [`opts.cert`](#opts-cert) + +##### `opts.localAddress` + +* Type: IP Address String +* Default: null + +The IP address of the local interface to use when making connections +to the registry. + +See also [`opts.proxy`](#opts-proxy) + +##### `opts.log` + +* Type: [`npmlog`](https://npm.im/npmlog)-like +* Default: null + +Logger object to use for logging operation details. Must have the same methods +as `npmlog`. + +##### `opts.mapJSON` + +* Type: Function +* Default: undefined + +When using `fetch.json.stream()` (NOT `fetch.json()`), this will be passed down +to [`JSONStream`](https://npm.im/JSONStream) as the second argument to +`JSONStream.parse`, and can be used to transform stream data before output. + +##### `opts.maxSockets` + +* Type: Integer +* Default: 12 + +Maximum number of sockets to keep open during requests. Has no effect if +[`opts.agent`](#opts-agent) is used. + +##### `opts.method` + +* Type: String +* Default: 'GET' + +HTTP method to use for the outgoing request. Case-insensitive. + +##### `opts.noproxy` + +* Type: Boolean +* Default: process.env.NOPROXY + +If true, proxying will be disabled even if [`opts.proxy`](#opts-proxy) is used. + +##### `opts.npmSession` + +* Type: String +* Default: null + +If provided, will be sent in the `npm-session` header. This header is used by +the npm registry to identify individual user sessions (usually individual +invocations of the CLI). + +##### `opts.npmCommand` + +* Type: String +* Default: null + +If provided, it will be sent in the `npm-command` header. This yeader is +used by the npm registry to identify the npm command that caused this +request to be made. + +##### `opts.offline` + +* Type: Boolean +* Default: false + +Force offline mode: no network requests will be done during install. To allow +`npm-registry-fetch` to fill in missing cache data, see +[`opts.preferOffline`](#opts-preferOffline). + +This option is only really useful if you're also using +[`opts.cache`](#opts-cache). + +This option is set to `true` when the request includes `write=true` in the +query string. + +##### `opts.otp` + +* Type: Number | String +* Default: null + +This is a one-time password from a two-factor authenticator. It is required for +certain registry interactions when two-factor auth is enabled for a user +account. + +##### `opts.password` + +* Alias: `_password` +* Type: String +* Default: null + +Password used for basic authentication. For the more modern authentication +method, please use the (more secure) [`opts.token`](#opts-token) + +Can optionally be scoped to a registry by using a "nerf dart" for that registry. +That is: + +``` +{ + '//registry.npmjs.org/:password': 't0k3nH34r' +} +``` + +See also [`opts.username`](#opts-username) + +##### `opts.preferOffline` + +* Type: Boolean +* Default: false + +If true, staleness checks for cached data will be bypassed, but missing data +will be requested from the server. To force full offline mode, use +[`opts.offline`](#opts-offline). + +This option is generally only useful if you're also using +[`opts.cache`](#opts-cache). + +This option is set to `false` when the request includes `write=true` in the +query string. + +##### `opts.preferOnline` + +* Type: Boolean +* Default: false + +If true, staleness checks for cached data will be forced, making the CLI look +for updates immediately even for fresh package data. + +This option is generally only useful if you're also using +[`opts.cache`](#opts-cache). + +This option is set to `true` when the request includes `write=true` in the +query string. + +##### `opts.projectScope` + +* Type: String +* Default: null + +If provided, will be sent in the `npm-scope` header. This header is used by the +npm registry to identify the toplevel package scope that a particular project +installation is using. + +##### `opts.proxy` + +* Type: url +* Default: null + +A proxy to use for outgoing http requests. If not passed in, the `HTTP(S)_PROXY` +environment variable will be used. + +##### `opts.query` + +* Type: String | Object +* Default: null + +If provided, the request URI will have a query string appended to it using this +query. If `opts.query` is an object, it will be converted to a query string +using +[`querystring.stringify()`](https://nodejs.org/api/querystring.html#querystring_querystring_stringify_obj_sep_eq_options). + +If the request URI already has a query string, it will be merged with +`opts.query`, preferring `opts.query` values. + +##### `opts.registry` + +* Type: URL +* Default: `'https://registry.npmjs.org'` + +Registry configuration for a request. If a request URL only includes the URL +path, this registry setting will be prepended. This configuration is also used +to determine authentication details, so even if the request URL references a +completely different host, `opts.registry` will be used to find the auth details +for that request. + +See also [`opts.scope`](#opts-scope), [`opts.spec`](#opts-spec), and +[`opts.:registry`](#opts-scope-registry) which can all affect the actual +registry URL used by the outgoing request. + +##### `opts.retry` + +* Type: Object +* Default: null + +Single-object configuration for request retry settings. If passed in, will +override individually-passed `fetch-retry-*` settings. + +##### `opts.scope` + +* Type: String +* Default: null + +Associate an operation with a scope for a scoped registry. This option can force +lookup of scope-specific registries and authentication. + +See also [`opts.:registry`](#opts-scope-registry) and +[`opts.spec`](#opts-spec) for interactions with this option. + +##### `opts.:registry` + +* Type: String +* Default: null + +This option type can be used to configure the registry used for requests +involving a particular scope. For example, `opts['@myscope:registry'] = +'https://scope-specific.registry/'` will make it so requests go out to this +registry instead of [`opts.registry`](#opts-registry) when +[`opts.scope`](#opts-scope) is used, or when [`opts.spec`](#opts-spec) is a +scoped package spec. + +The `@` before the scope name is optional, but recommended. + +##### `opts.spec` + +* Type: String | [`npm-registry-arg`](https://npm.im/npm-registry-arg) object. +* Default: null + +If provided, can be used to automatically configure [`opts.scope`](#opts-scope) +based on a specific package name. Non-registry package specs will throw an +error. + +##### `opts.strictSSL` + +* Type: Boolean +* Default: true + +Whether or not to do SSL key validation when making requests to the +registry via https. + +See also [`opts.ca`](#opts-ca). + +##### `opts.timeout` + +* Type: Milliseconds +* Default: 300000 (5 minutes) + +Time before a hanging request times out. + +##### `opts.token` + +* Alias: `opts._authToken` +* Type: String +* Default: null + +Authentication token string. + +Can be scoped to a registry by using a "nerf dart" for that registry. That is: + +``` +{ + '//registry.npmjs.org/:token': 't0k3nH34r' +} +``` + +##### `opts.userAgent` + +* Type: String +* Default: `'npm-registry-fetch@/node@+ ()'` + +User agent string to send in the `User-Agent` header. + +##### `opts.username` + +* Type: String +* Default: null + +Username used for basic authentication. For the more modern authentication +method, please use the (more secure) [`opts.token`](#opts-token) + +Can optionally be scoped to a registry by using a "nerf dart" for that registry. +That is: + +``` +{ + '//registry.npmjs.org/:username': 't0k3nH34r' +} +``` + +See also [`opts.password`](#opts-password) + +##### `opts._auth` + +* Type: String +* Default: null + +** DEPRECATED ** This is a legacy authentication token supported only for +compatibility. Please use [`opts.token`](#opts-token) instead. diff --git a/node_modules/libnpmorg/node_modules/npm-registry-fetch/auth.js b/node_modules/libnpmorg/node_modules/npm-registry-fetch/auth.js new file mode 100644 index 0000000000000..11c3bde6b4e6c --- /dev/null +++ b/node_modules/libnpmorg/node_modules/npm-registry-fetch/auth.js @@ -0,0 +1,55 @@ +'use strict' + +const defaultOpts = require('./default-opts.js') +const url = require('url') + +module.exports = getAuth +function getAuth (registry, opts_ = {}) { + if (!registry) { throw new Error('registry is required') } + const opts = opts_.forceAuth ? opts_.forceAuth : { ...defaultOpts, ...opts_ } + const AUTH = {} + const regKey = registry && registryKey(registry) + const doKey = (key, alias) => addKey(opts, AUTH, regKey, key, alias) + doKey('token') + doKey('_authToken', 'token') + doKey('username') + doKey('password') + doKey('_password', 'password') + doKey('email') + doKey('_auth') + doKey('otp') + doKey('always-auth', 'alwaysAuth') + if (AUTH.password) { + AUTH.password = Buffer.from(AUTH.password, 'base64').toString('utf8') + } + if (AUTH._auth && !(AUTH.username && AUTH.password)) { + let auth = Buffer.from(AUTH._auth, 'base64').toString() + auth = auth.split(':') + AUTH.username = auth.shift() + AUTH.password = auth.join(':') + } + AUTH.alwaysAuth = AUTH.alwaysAuth === 'false' ? false : !!AUTH.alwaysAuth + return AUTH +} + +function addKey (opts, obj, scope, key, objKey) { + if (opts[key]) { + obj[objKey || key] = opts[key] + } + if (scope && opts[`${scope}:${key}`]) { + obj[objKey || key] = opts[`${scope}:${key}`] + } +} + +// Called a nerf dart in the main codebase. Used as a "safe" +// key when fetching registry info from config. +function registryKey (registry) { + const parsed = new url.URL(registry) + const formatted = url.format({ + protocol: parsed.protocol, + host: parsed.host, + pathname: parsed.pathname, + slashes: true + }) + return url.format(new url.URL('.', formatted)).replace(/^[^:]+:/, '') +} diff --git a/node_modules/libnpmorg/node_modules/npm-registry-fetch/check-response.js b/node_modules/libnpmorg/node_modules/npm-registry-fetch/check-response.js new file mode 100644 index 0000000000000..f151711f30160 --- /dev/null +++ b/node_modules/libnpmorg/node_modules/npm-registry-fetch/check-response.js @@ -0,0 +1,128 @@ +'use strict' + +const errors = require('./errors.js') +const LRU = require('lru-cache') +const { Response } = require('minipass-fetch') +const defaultOpts = require('./default-opts.js') + +module.exports = checkResponse +function checkResponse (method, res, registry, startTime, opts_ = {}) { + const opts = { ...defaultOpts, ...opts_ } + if (res.headers.has('npm-notice') && !res.headers.has('x-local-cache')) { + opts.log.notice('', res.headers.get('npm-notice')) + } + checkWarnings(res, registry, opts) + if (res.status >= 400) { + logRequest(method, res, startTime, opts) + return checkErrors(method, res, startTime, opts) + } else { + res.body.on('end', () => logRequest(method, res, startTime, opts)) + if (opts.ignoreBody) { + res.body.resume() + return new Response(null, res) + } + return res + } +} + +function logRequest (method, res, startTime, opts) { + const elapsedTime = Date.now() - startTime + const attempt = res.headers.get('x-fetch-attempts') + const attemptStr = attempt && attempt > 1 ? ` attempt #${attempt}` : '' + const cacheStr = res.headers.get('x-local-cache') ? ' (from cache)' : '' + + let urlStr + try { + const { URL } = require('url') + const url = new URL(res.url) + if (url.password) { + url.password = '***' + } + urlStr = url.toString() + } catch (er) { + urlStr = res.url + } + + opts.log.http( + 'fetch', + `${method.toUpperCase()} ${res.status} ${urlStr} ${elapsedTime}ms${attemptStr}${cacheStr}` + ) +} + +const WARNING_REGEXP = /^\s*(\d{3})\s+(\S+)\s+"(.*)"\s+"([^"]+)"/ +const BAD_HOSTS = new LRU({ max: 50 }) + +function checkWarnings (res, registry, opts) { + if (res.headers.has('warning') && !BAD_HOSTS.has(registry)) { + const warnings = {} + // note: headers.raw() will preserve case, so we might have a + // key on the object like 'WaRnInG' if that was used first + for (const [key, value] of Object.entries(res.headers.raw())) { + if (key.toLowerCase() !== 'warning') { continue } + value.forEach(w => { + const match = w.match(WARNING_REGEXP) + if (match) { + warnings[match[1]] = { + code: match[1], + host: match[2], + message: match[3], + date: new Date(match[4]) + } + } + }) + } + BAD_HOSTS.set(registry, true) + if (warnings['199']) { + if (warnings['199'].message.match(/ENOTFOUND/)) { + opts.log.warn('registry', `Using stale data from ${registry} because the host is inaccessible -- are you offline?`) + } else { + opts.log.warn('registry', `Unexpected warning for ${registry}: ${warnings['199'].message}`) + } + } + if (warnings['111']) { + // 111 Revalidation failed -- we're using stale data + opts.log.warn( + 'registry', + `Using stale data from ${registry} due to a request error during revalidation.` + ) + } + } +} + +function checkErrors (method, res, startTime, opts) { + return res.buffer() + .catch(() => null) + .then(body => { + let parsed = body + try { + parsed = JSON.parse(body.toString('utf8')) + } catch (e) {} + if (res.status === 401 && res.headers.get('www-authenticate')) { + const auth = res.headers.get('www-authenticate') + .split(/,\s*/) + .map(s => s.toLowerCase()) + if (auth.indexOf('ipaddress') !== -1) { + throw new errors.HttpErrorAuthIPAddress( + method, res, parsed, opts.spec + ) + } else if (auth.indexOf('otp') !== -1) { + throw new errors.HttpErrorAuthOTP( + method, res, parsed, opts.spec + ) + } else { + throw new errors.HttpErrorAuthUnknown( + method, res, parsed, opts.spec + ) + } + } else if (res.status === 401 && body != null && /one-time pass/.test(body.toString('utf8'))) { + // Heuristic for malformed OTP responses that don't include the www-authenticate header. + throw new errors.HttpErrorAuthOTP( + method, res, parsed, opts.spec + ) + } else { + throw new errors.HttpErrorGeneral( + method, res, parsed, opts.spec + ) + } + }) +} diff --git a/node_modules/libnpmorg/node_modules/npm-registry-fetch/default-opts.js b/node_modules/libnpmorg/node_modules/npm-registry-fetch/default-opts.js new file mode 100644 index 0000000000000..b742fd5a5fcd4 --- /dev/null +++ b/node_modules/libnpmorg/node_modules/npm-registry-fetch/default-opts.js @@ -0,0 +1,22 @@ +const pkg = require('./package.json') +const ciDetect = require('@npmcli/ci-detect') +module.exports = { + isFromCI: ciDetect(), + log: require('./silentlog.js'), + maxSockets: 12, + method: 'GET', + registry: 'https://registry.npmjs.org/', + timeout: 5 * 60 * 1000, // 5 minutes + strictSSL: true, + noProxy: process.env.NOPROXY, + userAgent: `${pkg.name + }@${ + pkg.version + }/node@${ + process.version + }+${ + process.arch + } (${ + process.platform + })` +} diff --git a/node_modules/libnpmorg/node_modules/npm-registry-fetch/errors.js b/node_modules/libnpmorg/node_modules/npm-registry-fetch/errors.js new file mode 100644 index 0000000000000..c41947e29952d --- /dev/null +++ b/node_modules/libnpmorg/node_modules/npm-registry-fetch/errors.js @@ -0,0 +1,79 @@ +'use strict' + +const url = require('url') + +function packageName (href) { + try { + let basePath = new url.URL(href).pathname.substr(1) + if (!basePath.match(/^-/)) { + basePath = basePath.split('/') + var index = basePath.indexOf('_rewrite') + if (index === -1) { + index = basePath.length - 1 + } else { + index++ + } + return decodeURIComponent(basePath[index]) + } + } catch (_) { + // this is ok + } +} + +class HttpErrorBase extends Error { + constructor (method, res, body, spec) { + super() + this.headers = res.headers.raw() + this.statusCode = res.status + this.code = `E${res.status}` + this.method = method + this.uri = res.url + this.body = body + this.pkgid = spec ? spec.toString() : packageName(res.url) + } +} +module.exports.HttpErrorBase = HttpErrorBase + +class HttpErrorGeneral extends HttpErrorBase { + constructor (method, res, body, spec) { + super(method, res, body, spec) + this.message = `${res.status} ${res.statusText} - ${ + this.method.toUpperCase() + } ${ + this.spec || this.uri + }${ + (body && body.error) ? ' - ' + body.error : '' + }` + Error.captureStackTrace(this, HttpErrorGeneral) + } +} +module.exports.HttpErrorGeneral = HttpErrorGeneral + +class HttpErrorAuthOTP extends HttpErrorBase { + constructor (method, res, body, spec) { + super(method, res, body, spec) + this.message = 'OTP required for authentication' + this.code = 'EOTP' + Error.captureStackTrace(this, HttpErrorAuthOTP) + } +} +module.exports.HttpErrorAuthOTP = HttpErrorAuthOTP + +class HttpErrorAuthIPAddress extends HttpErrorBase { + constructor (method, res, body, spec) { + super(method, res, body, spec) + this.message = 'Login is not allowed from your IP address' + this.code = 'EAUTHIP' + Error.captureStackTrace(this, HttpErrorAuthIPAddress) + } +} +module.exports.HttpErrorAuthIPAddress = HttpErrorAuthIPAddress + +class HttpErrorAuthUnknown extends HttpErrorBase { + constructor (method, res, body, spec) { + super(method, res, body, spec) + this.message = 'Unable to authenticate, need: ' + res.headers.get('www-authenticate') + Error.captureStackTrace(this, HttpErrorAuthUnknown) + } +} +module.exports.HttpErrorAuthUnknown = HttpErrorAuthUnknown diff --git a/node_modules/libnpmorg/node_modules/npm-registry-fetch/index.js b/node_modules/libnpmorg/node_modules/npm-registry-fetch/index.js new file mode 100644 index 0000000000000..2324e7fbfd00b --- /dev/null +++ b/node_modules/libnpmorg/node_modules/npm-registry-fetch/index.js @@ -0,0 +1,219 @@ +'use strict' + +const checkResponse = require('./check-response.js') +const getAuth = require('./auth.js') +const fetch = require('make-fetch-happen') +const JSONStream = require('minipass-json-stream') +const npa = require('npm-package-arg') +const qs = require('querystring') +const url = require('url') +const zlib = require('minizlib') +const Minipass = require('minipass') + +const defaultOpts = require('./default-opts.js') + +// WhatWG URL throws if it's not fully resolved +const urlIsValid = u => { + try { + return !!new url.URL(u) + } catch (_) { + return false + } +} + +module.exports = regFetch +function regFetch (uri, /* istanbul ignore next */ opts_ = {}) { + const opts = { + ...defaultOpts, + ...opts_ + } + const registry = opts.registry = ( + (opts.spec && pickRegistry(opts.spec, opts)) || + (opts.publishConfig && opts.publishConfig.registry) || + opts.registry || + /* istanbul ignore next */ + 'https://registry.npmjs.org/' + ) + + if (!urlIsValid(uri)) { + uri = `${ + registry.trim().replace(/\/?$/g, '') + }/${ + uri.trim().replace(/^\//, '') + }` + } + + const method = opts.method || 'GET' + + // through that takes into account the scope, the prefix of `uri`, etc + const startTime = Date.now() + const headers = getHeaders(registry, uri, opts) + let body = opts.body + const bodyIsStream = Minipass.isStream(body) + const bodyIsPromise = body && + typeof body === 'object' && + typeof body.then === 'function' + + if (body && !bodyIsStream && !bodyIsPromise && typeof body !== 'string' && !Buffer.isBuffer(body)) { + headers['content-type'] = headers['content-type'] || 'application/json' + body = JSON.stringify(body) + } else if (body && !headers['content-type']) { + headers['content-type'] = 'application/octet-stream' + } + + if (opts.gzip) { + headers['content-encoding'] = 'gzip' + if (bodyIsStream) { + const gz = new zlib.Gzip() + body.on('error', /* istanbul ignore next: unlikely and hard to test */ + err => gz.emit('error', err)) + body = body.pipe(gz) + } else if (!bodyIsPromise) { + body = new zlib.Gzip().end(body).concat() + } + } + + const parsed = new url.URL(uri) + + if (opts.query) { + const q = typeof opts.query === 'string' + ? qs.parse(opts.query) + : opts.query + + Object.keys(q).forEach(key => { + if (q[key] !== undefined) { + parsed.searchParams.set(key, q[key]) + } + }) + uri = url.format(parsed) + } + + if (parsed.searchParams.get('write') === 'true' && method === 'GET') { + // do not cache, because this GET is fetching a rev that will be + // used for a subsequent PUT or DELETE, so we need to conditionally + // update cache. + opts.offline = false + opts.preferOffline = false + opts.preferOnline = true + } + + const doFetch = (body) => fetch(uri, { + agent: opts.agent, + algorithms: opts.algorithms, + body, + cache: getCacheMode(opts), + cacheManager: opts.cache, + ca: opts.ca, + cert: opts.cert, + headers, + integrity: opts.integrity, + key: opts.key, + localAddress: opts.localAddress, + maxSockets: opts.maxSockets, + memoize: opts.memoize, + method: method, + noProxy: opts.noProxy, + proxy: opts.httpsProxy || opts.proxy, + retry: opts.retry ? opts.retry : { + retries: opts.fetchRetries, + factor: opts.fetchRetryFactor, + minTimeout: opts.fetchRetryMintimeout, + maxTimeout: opts.fetchRetryMaxtimeout + }, + strictSSL: opts.strictSSL, + timeout: opts.timeout || 30 * 1000 + }).then(res => checkResponse( + method, res, registry, startTime, opts + )) + + return Promise.resolve(body).then(doFetch) +} + +module.exports.json = fetchJSON +function fetchJSON (uri, opts) { + return regFetch(uri, opts).then(res => res.json()) +} + +module.exports.json.stream = fetchJSONStream +function fetchJSONStream (uri, jsonPath, /* istanbul ignore next */ opts_ = {}) { + const opts = { ...defaultOpts, ...opts_ } + const parser = JSONStream.parse(jsonPath, opts.mapJSON) + regFetch(uri, opts).then(res => + res.body.on('error', + /* istanbul ignore next: unlikely and difficult to test */ + er => parser.emit('error', er)).pipe(parser) + ).catch(er => parser.emit('error', er)) + return parser +} + +module.exports.pickRegistry = pickRegistry +function pickRegistry (spec, opts = {}) { + spec = npa(spec) + let registry = spec.scope && + opts[spec.scope.replace(/^@?/, '@') + ':registry'] + + if (!registry && opts.scope) { + registry = opts[opts.scope.replace(/^@?/, '@') + ':registry'] + } + + if (!registry && opts.publishConfig) { + registry = opts.publishConfig.registry + } + + if (!registry) { + registry = opts.registry || 'https://registry.npmjs.org/' + } + + return registry +} + +function getCacheMode (opts) { + return opts.offline + ? 'only-if-cached' + : opts.preferOffline + ? 'force-cache' + : opts.preferOnline + ? 'no-cache' + : 'default' +} + +function getHeaders (registry, uri, opts) { + const headers = Object.assign({ + 'npm-in-ci': !!opts.isFromCI, + 'user-agent': opts.userAgent + }, opts.headers || {}) + + if (opts.projectScope) { + headers['npm-scope'] = opts.projectScope + } + + if (opts.npmSession) { + headers['npm-session'] = opts.npmSession + } + + if (opts.npmCommand) { + headers['npm-command'] = opts.npmCommand + } + + const auth = getAuth(registry, opts) + // If a tarball is hosted on a different place than the manifest, only send + // credentials on `alwaysAuth` + const shouldAuth = ( + auth.alwaysAuth || + new url.URL(uri).host === new url.URL(registry).host + ) + if (shouldAuth && auth.token) { + headers.authorization = `Bearer ${auth.token}` + } else if (shouldAuth && auth.username && auth.password) { + const encoded = Buffer.from( + `${auth.username}:${auth.password}`, 'utf8' + ).toString('base64') + headers.authorization = `Basic ${encoded}` + } else if (shouldAuth && auth._auth) { + headers.authorization = `Basic ${auth._auth}` + } + if (shouldAuth && auth.otp) { + headers['npm-otp'] = auth.otp + } + return headers +} diff --git a/node_modules/libnpmorg/node_modules/npm-registry-fetch/package.json b/node_modules/libnpmorg/node_modules/npm-registry-fetch/package.json new file mode 100644 index 0000000000000..5aeddc5b39102 --- /dev/null +++ b/node_modules/libnpmorg/node_modules/npm-registry-fetch/package.json @@ -0,0 +1,59 @@ +{ + "name": "npm-registry-fetch", + "version": "8.1.5", + "description": "Fetch-based http client for use with npm registry APIs", + "main": "index.js", + "files": [ + "*.js", + "lib" + ], + "scripts": { + "postrelease": "npm publish", + "posttest": "standard", + "prepublishOnly": "git push --follow-tags", + "prerelease": "npm t", + "release": "standard-version -s", + "test": "tap" + }, + "repository": "https://github.com/npm/registry-fetch", + "keywords": [ + "npm", + "registry", + "fetch" + ], + "author": { + "name": "Kat Marchán", + "email": "kzm@sykosomatic.org", + "twitter": "maybekatz" + }, + "license": "ISC", + "dependencies": { + "@npmcli/ci-detect": "^1.0.0", + "lru-cache": "^6.0.0", + "make-fetch-happen": "^8.0.9", + "minipass": "^3.1.3", + "minipass-fetch": "^1.3.0", + "minipass-json-stream": "^1.0.1", + "minizlib": "^2.0.0", + "npm-package-arg": "^8.0.0" + }, + "devDependencies": { + "cacache": "^15.0.0", + "mkdirp": "^0.5.1", + "nock": "^11.7.0", + "npmlog": "^4.1.2", + "require-inject": "^1.4.4", + "rimraf": "^2.6.2", + "ssri": "^8.0.0", + "standard": "^14.3.3", + "standard-version": "^7.1.0", + "tap": "^14.10.7" + }, + "tap": { + "check-coverage": true, + "test-ignore": "test[\\\\/](util|cache)[\\\\/]" + }, + "engines": { + "node": ">=10" + } +} diff --git a/node_modules/libnpmorg/node_modules/npm-registry-fetch/silentlog.js b/node_modules/libnpmorg/node_modules/npm-registry-fetch/silentlog.js new file mode 100644 index 0000000000000..886c5d55b2dbb --- /dev/null +++ b/node_modules/libnpmorg/node_modules/npm-registry-fetch/silentlog.js @@ -0,0 +1,14 @@ +'use strict' + +const noop = Function.prototype +module.exports = { + error: noop, + warn: noop, + notice: noop, + info: noop, + verbose: noop, + silly: noop, + http: noop, + pause: noop, + resume: noop +} diff --git a/node_modules/libnpmsearch/node_modules/npm-registry-fetch/CHANGELOG.md b/node_modules/libnpmsearch/node_modules/npm-registry-fetch/CHANGELOG.md new file mode 100644 index 0000000000000..fc26ee1bda4ba --- /dev/null +++ b/node_modules/libnpmsearch/node_modules/npm-registry-fetch/CHANGELOG.md @@ -0,0 +1,384 @@ +# Changelog + +All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines. + +### [8.1.5](https://github.com/npm/registry-fetch/compare/v8.1.4...v8.1.5) (2020-10-12) + + +### Bug Fixes + +* respect publishConfig.registry when specified ([32e36ef](https://github.com/npm/registry-fetch/commit/32e36efe86302ed319973cd5b1e6ccc3f62e557e)), closes [#35](https://github.com/npm/registry-fetch/issues/35) + +### [8.1.4](https://github.com/npm/registry-fetch/compare/v8.1.3...v8.1.4) (2020-08-17) + + +### Bug Fixes + +* redact passwords from http logs ([3c294eb](https://github.com/npm/registry-fetch/commit/3c294ebbd7821725db4ff1bc5fe368c49613efcc)) + +### [8.1.3](https://github.com/npm/registry-fetch/compare/v8.1.2...v8.1.3) (2020-07-21) + +### [8.1.2](https://github.com/npm/registry-fetch/compare/v8.1.1...v8.1.2) (2020-07-11) + +### [8.1.1](https://github.com/npm/registry-fetch/compare/v8.1.0...v8.1.1) (2020-06-30) + +## [8.1.0](https://github.com/npm/registry-fetch/compare/v8.0.3...v8.1.0) (2020-05-20) + + +### Features + +* add npm-command HTTP header ([1bb4eb2](https://github.com/npm/registry-fetch/commit/1bb4eb2c66ee8a0dc62558bdcff1b548e2bb9820)) + +### [8.0.3](https://github.com/npm/registry-fetch/compare/v8.0.2...v8.0.3) (2020-05-13) + + +### Bug Fixes + +* update minipass and make-fetch-happen to latest ([3b6c5d0](https://github.com/npm/registry-fetch/commit/3b6c5d0d8ccd4c4a97862a65acef956f19aec127)), closes [#23](https://github.com/npm/registry-fetch/issues/23) + +### [8.0.2](https://github.com/npm/registry-fetch/compare/v8.0.1...v8.0.2) (2020-05-04) + + +### Bug Fixes + +* update make-fetch-happen to 8.0.6 ([226df2c](https://github.com/npm/registry-fetch/commit/226df2c32e3f9ed8ceefcfdbd11efb178181b442)) + +## [8.0.0](https://github.com/npm/registry-fetch/compare/v7.0.1...v8.0.0) (2020-02-24) + + +### ⚠ BREAKING CHANGES + +* Removes the 'opts.refer' option and the HTTP Referer +header (unless explicitly added to the 'headers' option, of course). + +PR-URL: https://github.com/npm/npm-registry-fetch/pull/25 +Credit: @isaacs + +### Bug Fixes + +* remove referer header and opts.refer ([eb8f7af](https://github.com/npm/registry-fetch/commit/eb8f7af3c102834856604c1be664b00ca0fe8ef2)), closes [#25](https://github.com/npm/registry-fetch/issues/25) + +### [7.0.1](https://github.com/npm/registry-fetch/compare/v7.0.0...v7.0.1) (2020-02-24) + +## [7.0.0](https://github.com/npm/registry-fetch/compare/v6.0.2...v7.0.0) (2020-02-18) + + +### ⚠ BREAKING CHANGES + +* figgy pudding is now nowhere to be found. +* this removes figgy-pudding, and drops several option +aliases. + +Defaults and behavior are all the same, and this module is now using the +canonical camelCase option names that npm v7 will provide to all its +deps. + +Related to: https://github.com/npm/rfcs/pull/102 + +PR-URL: https://github.com/npm/npm-registry-fetch/pull/22 +Credit: @isaacs + +### Bug Fixes + +* Remove figgy-pudding, use canonical option names ([ede3c08](https://github.com/npm/registry-fetch/commit/ede3c087007fd1808e02b1af70562220d03b18a9)), closes [#22](https://github.com/npm/registry-fetch/issues/22) + + +* update cacache, ssri, make-fetch-happen ([57fcc88](https://github.com/npm/registry-fetch/commit/57fcc889bee03edcc0a2025d96a171039108c231)) + +### [6.0.2](https://github.com/npm/registry-fetch/compare/v6.0.1...v6.0.2) (2020-02-14) + + +### Bug Fixes + +* always bypass cache when ?write=true ([83f89f3](https://github.com/npm/registry-fetch/commit/83f89f35abd2ed0507c869e37f90ed746375772c)) + +### [6.0.1](https://github.com/npm/registry-fetch/compare/v6.0.0...v6.0.1) (2020-02-14) + + +### Bug Fixes + +* use 30s default for timeout as per README ([50e8afc](https://github.com/npm/registry-fetch/commit/50e8afc6ff850542feb588f9f9c64ebae59e72a0)), closes [#20](https://github.com/npm/registry-fetch/issues/20) + +## [6.0.0](https://github.com/npm/registry-fetch/compare/v5.0.1...v6.0.0) (2019-12-17) + + +### ⚠ BREAKING CHANGES + +* This drops support for node < 10. + +There are some lint failures due to standard pushing for using WhatWG URL +objects instead of url.parse/url.resolve. However, the code in this lib +does some fancy things with the query/search portions of the parsed url +object, so it'll take a bit of care to make it work properly. + +### Bug Fixes + +* detect CI so our tests don't fail in CI ([5813da6](https://github.com/npm/registry-fetch/commit/5813da634cef73b12e40373972d7937e6934fce0)) +* Use WhatWG URLs instead of url.parse ([8ccfa8a](https://github.com/npm/registry-fetch/commit/8ccfa8a72c38cfedb0f525b7f453644fd4444f99)) + + +* normalize settings, drop old nodes, update deps ([510b125](https://github.com/npm/registry-fetch/commit/510b1255cc7ed4bb397a34e0007757dae33e2275)) + + +## [5.0.1](https://github.com/npm/registry-fetch/compare/v5.0.0...v5.0.1) (2019-11-11) + + + + +# [5.0.0](https://github.com/npm/registry-fetch/compare/v4.0.2...v5.0.0) (2019-10-04) + + +### Bug Fixes + +* prefer const in getAuth function ([90ac7b1](https://github.com/npm/registry-fetch/commit/90ac7b1)) +* use minizlib instead of core zlib ([e64702e](https://github.com/npm/registry-fetch/commit/e64702e)) + + +### Features + +* refactor to use Minipass streams ([bb37f20](https://github.com/npm/registry-fetch/commit/bb37f20)) + + +### BREAKING CHANGES + +* this replaces all core streams (except for some +PassThrough streams in a few tests) with Minipass streams, and updates +all deps to the latest and greatest Minipass versions of things. + + + + +## [4.0.2](https://github.com/npm/registry-fetch/compare/v4.0.0...v4.0.2) (2019-10-04) + + +### Bug Fixes + +* Add null check on body on 401 errors ([e3a0186](https://github.com/npm/registry-fetch/commit/e3a0186)), closes [#9](https://github.com/npm/registry-fetch/issues/9) +* **deps:** Add explicit dependency on safe-buffer ([8eae5f0](https://github.com/npm/registry-fetch/commit/8eae5f0)), closes [npm/libnpmaccess#2](https://github.com/npm/libnpmaccess/issues/2) [#3](https://github.com/npm/registry-fetch/issues/3) + + + + +# [4.0.0](https://github.com/npm/registry-fetch/compare/v3.9.1...v4.0.0) (2019-07-15) + + +* cacache@12.0.0, infer uid from cache folder ([0c4f060](https://github.com/npm/registry-fetch/commit/0c4f060)) + + +### BREAKING CHANGES + +* uid and gid are inferred from cache folder, rather than +being passed in as options. + + + + +## [3.9.1](https://github.com/npm/registry-fetch/compare/v3.9.0...v3.9.1) (2019-07-02) + + + + +# [3.9.0](https://github.com/npm/registry-fetch/compare/v3.8.0...v3.9.0) (2019-01-24) + + +### Features + +* **auth:** support username:password encoded legacy _auth ([a91f90c](https://github.com/npm/registry-fetch/commit/a91f90c)) + + + + +# [3.8.0](https://github.com/npm/registry-fetch/compare/v3.7.0...v3.8.0) (2018-08-23) + + +### Features + +* **mapJson:** add support for passing in json stream mapper ([0600986](https://github.com/npm/registry-fetch/commit/0600986)) + + + + +# [3.7.0](https://github.com/npm/registry-fetch/compare/v3.6.0...v3.7.0) (2018-08-23) + + +### Features + +* **json.stream:** add utility function for streamed JSON parsing ([051d969](https://github.com/npm/registry-fetch/commit/051d969)) + + + + +# [3.6.0](https://github.com/npm/registry-fetch/compare/v3.5.0...v3.6.0) (2018-08-22) + + +### Bug Fixes + +* **docs:** document opts.forceAuth ([40bcd65](https://github.com/npm/registry-fetch/commit/40bcd65)) + + +### Features + +* **opts.ignoreBody:** add a boolean to throw away response bodies ([6923702](https://github.com/npm/registry-fetch/commit/6923702)) + + + + +# [3.5.0](https://github.com/npm/registry-fetch/compare/v3.4.0...v3.5.0) (2018-08-22) + + +### Features + +* **pkgid:** heuristic pkgid calculation for errors ([2e789a5](https://github.com/npm/registry-fetch/commit/2e789a5)) + + + + +# [3.4.0](https://github.com/npm/registry-fetch/compare/v3.3.0...v3.4.0) (2018-08-22) + + +### Bug Fixes + +* **deps:** use new figgy-pudding with aliases fix ([0308f54](https://github.com/npm/registry-fetch/commit/0308f54)) + + +### Features + +* **auth:** add forceAuth option to force a specific auth mechanism ([4524d17](https://github.com/npm/registry-fetch/commit/4524d17)) + + + + +# [3.3.0](https://github.com/npm/registry-fetch/compare/v3.2.1...v3.3.0) (2018-08-21) + + +### Bug Fixes + +* **query:** stop including undefined keys ([4718b1b](https://github.com/npm/registry-fetch/commit/4718b1b)) + + +### Features + +* **otp:** use heuristic detection for malformed EOTP responses ([f035194](https://github.com/npm/registry-fetch/commit/f035194)) + + + + +## [3.2.1](https://github.com/npm/registry-fetch/compare/v3.2.0...v3.2.1) (2018-08-16) + + +### Bug Fixes + +* **opts:** pass through non-null opts.retry ([beba040](https://github.com/npm/registry-fetch/commit/beba040)) + + + + +# [3.2.0](https://github.com/npm/registry-fetch/compare/v3.1.1...v3.2.0) (2018-07-27) + + +### Features + +* **gzip:** add opts.gzip convenience opt ([340abe0](https://github.com/npm/registry-fetch/commit/340abe0)) + + + + +## [3.1.1](https://github.com/npm/registry-fetch/compare/v3.1.0...v3.1.1) (2018-04-09) + + + + +# [3.1.0](https://github.com/npm/registry-fetch/compare/v3.0.0...v3.1.0) (2018-04-09) + + +### Features + +* **config:** support no-proxy and https-proxy options ([9aa906b](https://github.com/npm/registry-fetch/commit/9aa906b)) + + + + +# [3.0.0](https://github.com/npm/registry-fetch/compare/v2.1.0...v3.0.0) (2018-04-09) + + +### Bug Fixes + +* **api:** pacote integration-related fixes ([a29de4f](https://github.com/npm/registry-fetch/commit/a29de4f)) +* **config:** stop caring about opts.config ([5856a6f](https://github.com/npm/registry-fetch/commit/5856a6f)) + + +### BREAKING CHANGES + +* **config:** opts.config is no longer supported. Pass the options down in opts itself. + + + + +# [2.1.0](https://github.com/npm/registry-fetch/compare/v2.0.0...v2.1.0) (2018-04-08) + + +### Features + +* **token:** accept opts.token for opts._authToken ([108c9f0](https://github.com/npm/registry-fetch/commit/108c9f0)) + + + + +# [2.0.0](https://github.com/npm/registry-fetch/compare/v1.1.1...v2.0.0) (2018-04-08) + + +### meta + +* drop support for node@4 ([758536e](https://github.com/npm/registry-fetch/commit/758536e)) + + +### BREAKING CHANGES + +* node@4 is no longer supported + + + + +## [1.1.1](https://github.com/npm/registry-fetch/compare/v1.1.0...v1.1.1) (2018-04-06) + + + + +# [1.1.0](https://github.com/npm/registry-fetch/compare/v1.0.1...v1.1.0) (2018-03-16) + + +### Features + +* **specs:** can use opts.spec to trigger pickManifest ([85c4ac9](https://github.com/npm/registry-fetch/commit/85c4ac9)) + + + + +## [1.0.1](https://github.com/npm/registry-fetch/compare/v1.0.0...v1.0.1) (2018-03-16) + + +### Bug Fixes + +* **query:** oops console.log ([870e4f5](https://github.com/npm/registry-fetch/commit/870e4f5)) + + + + +# 1.0.0 (2018-03-16) + + +### Bug Fixes + +* **auth:** get auth working with all the little details ([84b94ba](https://github.com/npm/registry-fetch/commit/84b94ba)) +* **deps:** add bluebird as an actual dep ([1286e31](https://github.com/npm/registry-fetch/commit/1286e31)) +* **errors:** Unknown auth errors use default code ([#1](https://github.com/npm/registry-fetch/issues/1)) ([3d91b93](https://github.com/npm/registry-fetch/commit/3d91b93)) +* **standard:** remove args from invocation ([9620a0a](https://github.com/npm/registry-fetch/commit/9620a0a)) + + +### Features + +* **api:** baseline kinda-working API impl ([bf91f9f](https://github.com/npm/registry-fetch/commit/bf91f9f)) +* **body:** automatic handling of different opts.body values ([f3b97db](https://github.com/npm/registry-fetch/commit/f3b97db)) +* **config:** nicer input config input handling ([b9ce21d](https://github.com/npm/registry-fetch/commit/b9ce21d)) +* **opts:** use figgy-pudding for opts handling ([0abd527](https://github.com/npm/registry-fetch/commit/0abd527)) +* **query:** add query utility support ([65ea8b1](https://github.com/npm/registry-fetch/commit/65ea8b1)) diff --git a/node_modules/libnpmsearch/node_modules/npm-registry-fetch/LICENSE.md b/node_modules/libnpmsearch/node_modules/npm-registry-fetch/LICENSE.md new file mode 100644 index 0000000000000..8d28acf866d93 --- /dev/null +++ b/node_modules/libnpmsearch/node_modules/npm-registry-fetch/LICENSE.md @@ -0,0 +1,16 @@ +ISC License + +Copyright (c) npm, Inc. + +Permission to use, copy, modify, and/or distribute this software for +any purpose with or without fee is hereby granted, provided that the +above copyright notice and this permission notice appear in all copies. + +THE SOFTWARE IS PROVIDED "AS IS" AND THE COPYRIGHT HOLDER DISCLAIMS +ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE +COPYRIGHT HOLDER BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR +CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS +OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE +USE OR PERFORMANCE OF THIS SOFTWARE. diff --git a/node_modules/libnpmsearch/node_modules/npm-registry-fetch/README.md b/node_modules/libnpmsearch/node_modules/npm-registry-fetch/README.md new file mode 100644 index 0000000000000..e660940e30dc4 --- /dev/null +++ b/node_modules/libnpmsearch/node_modules/npm-registry-fetch/README.md @@ -0,0 +1,635 @@ +# npm-registry-fetch + +[![npm version](https://img.shields.io/npm/v/npm-registry-fetch.svg)](https://npm.im/npm-registry-fetch) +[![license](https://img.shields.io/npm/l/npm-registry-fetch.svg)](https://npm.im/npm-registry-fetch) +[![Travis](https://img.shields.io/travis/npm/npm-registry-fetch/latest.svg)](https://travis-ci.org/npm/npm-registry-fetch) +[![AppVeyor](https://img.shields.io/appveyor/ci/npm/npm-registry-fetch/latest.svg)](https://ci.appveyor.com/project/npm/npm-registry-fetch) +[![Coverage Status](https://coveralls.io/repos/github/npm/npm-registry-fetch/badge.svg?branch=latest)](https://coveralls.io/github/npm/npm-registry-fetch?branch=latest) + +[`npm-registry-fetch`](https://github.com/npm/npm-registry-fetch) is a Node.js +library that implements a `fetch`-like API for accessing npm registry APIs +consistently. It's able to consume npm-style configuration values and has all +the necessary logic for picking registries, handling scopes, and dealing with +authentication details built-in. + +This package is meant to replace the older +[`npm-registry-client`](https://npm.im/npm-registry-client). + +## Example + +```javascript +const npmFetch = require('npm-registry-fetch') + +console.log( + await npmFetch.json('/-/ping') +) +``` + +## Table of Contents + +* [Installing](#install) +* [Example](#example) +* [Contributing](#contributing) +* [API](#api) + * [`fetch`](#fetch) + * [`fetch.json`](#fetch-json) + * [`fetch` options](#fetch-opts) + +### Install + +`$ npm install npm-registry-fetch` + +### Contributing + +The npm team enthusiastically welcomes contributions and project participation! +There's a bunch of things you can do if you want to contribute! The [Contributor +Guide](CONTRIBUTING.md) has all the information you need for everything from +reporting bugs to contributing entire new features. Please don't hesitate to +jump in if you'd like to, or even ask us questions if something isn't clear. + +All participants and maintainers in this project are expected to follow [Code of +Conduct](CODE_OF_CONDUCT.md), and just generally be excellent to each other. + +Please refer to the [Changelog](CHANGELOG.md) for project history details, too. + +Happy hacking! + +### API + +#### Caching and `write=true` query strings + +Before performing any PUT or DELETE operation, npm clients first make a +GET request to the registry resource being updated, which includes +the query string `?write=true`. + +The semantics of this are, effectively, "I intend to write to this thing, +and need to know the latest current value, so that my write can land +cleanly". + +The public npm registry handles these `?write=true` requests by ensuring +that the cache is re-validated before sending a response. In order to +maintain the same behavior on the client, and not get tripped up by an +overeager local cache when we intend to write data to the registry, any +request that comes through `npm-registry-fetch` that contains `write=true` +in the query string will forcibly set the `prefer-online` option to `true`, +and set both `prefer-offline` and `offline` to false, so that any local +cached value will be revalidated. + +#### `> fetch(url, [opts]) -> Promise` + +Performs a request to a given URL. + +The URL can be either a full URL, or a path to one. The appropriate registry +will be automatically picked if only a URL path is given. + +For available options, please see the section on [`fetch` options](#fetch-opts). + +##### Example + +```javascript +const res = await fetch('/-/ping') +console.log(res.headers) +res.on('data', d => console.log(d.toString('utf8'))) +``` + +#### `> fetch.json(url, [opts]) -> Promise` + +Performs a request to a given registry URL, parses the body of the response as +JSON, and returns it as its final value. This is a utility shorthand for +`fetch(url).then(res => res.json())`. + +For available options, please see the section on [`fetch` options](#fetch-opts). + +##### Example + +```javascript +const res = await fetch.json('/-/ping') +console.log(res) // Body parsed as JSON +``` + +#### `> fetch.json.stream(url, jsonPath, [opts]) -> Stream` + +Performs a request to a given registry URL and parses the body of the response +as JSON, with each entry being emitted through the stream. + +The `jsonPath` argument is a [`JSONStream.parse()` +path](https://github.com/dominictarr/JSONStream#jsonstreamparsepath), and the +returned stream (unlike default `JSONStream`s), has a valid +`Symbol.asyncIterator` implementation. + +For available options, please see the section on [`fetch` options](#fetch-opts). + +##### Example + +```javascript +console.log('https://npm.im/~zkat has access to the following packages:') +for await (let {key, value} of fetch.json.stream('/-/user/zkat/package', '$*')) { + console.log(`https://npm.im/${key} (perms: ${value})`) +} +``` + +#### `fetch` Options + +Fetch options are optional, and can be passed in as either a Map-like object +(one with a `.get()` method), a plain javascript object, or a +[`figgy-pudding`](https://npm.im/figgy-pudding) instance. + +##### `opts.agent` + +* Type: http.Agent +* Default: an appropriate agent based on URL protocol and proxy settings + +An [`Agent`](https://nodejs.org/api/http.html#http_class_http_agent) instance to +be shared across requests. This allows multiple concurrent `fetch` requests to +happen on the same socket. + +You do _not_ need to provide this option unless you want something particularly +specialized, since proxy configurations and http/https agents are already +automatically managed internally when this option is not passed through. + +##### `opts.body` + +* Type: Buffer | Stream | Object +* Default: null + +Request body to send through the outgoing request. Buffers and Streams will be +passed through as-is, with a default `content-type` of +`application/octet-stream`. Plain JavaScript objects will be `JSON.stringify`ed +and the `content-type` will default to `application/json`. + +Use [`opts.headers`](#opts-headers) to set the content-type to something else. + +##### `opts.ca` + +* Type: String, Array, or null +* Default: null + +The Certificate Authority signing certificate that is trusted for SSL +connections to the registry. Values should be in PEM format (Windows calls it +"Base-64 encoded X.509 (.CER)") with newlines replaced by the string `'\n'`. For +example: + +``` +{ + ca: '-----BEGIN CERTIFICATE-----\nXXXX\nXXXX\n-----END CERTIFICATE-----' +} +``` + +Set to `null` to only allow "known" registrars, or to a specific CA cert +to trust only that specific signing authority. + +Multiple CAs can be trusted by specifying an array of certificates instead of a +single string. + +See also [`opts.strictSSL`](#opts-strictSSL), [`opts.ca`](#opts-ca) and +[`opts.key`](#opts-key) + +##### `opts.cache` + +* Type: path +* Default: null + +The location of the http cache directory. If provided, certain cachable requests +will be cached according to [IETF RFC 7234](https://tools.ietf.org/html/rfc7234) +rules. This will speed up future requests, as well as make the cached data +available offline if necessary/requested. + +See also [`offline`](#opts-offline), [`preferOffline`](#opts-preferOffline), +and [`preferOnline`](#opts-preferOnline). + +##### `opts.cert` + +* Type: String +* Default: null + +A client certificate to pass when accessing the registry. Values should be in +PEM format (Windows calls it "Base-64 encoded X.509 (.CER)") with newlines +replaced by the string `'\n'`. For example: + +``` +{ + cert: '-----BEGIN CERTIFICATE-----\nXXXX\nXXXX\n-----END CERTIFICATE-----' +} +``` + +It is _not_ the path to a certificate file (and there is no "certfile" option). + +See also: [`opts.ca`](#opts-ca) and [`opts.key`](#opts-key) + +##### `opts.fetchRetries` + +* Type: Number +* Default: 2 + +The "retries" config for [`retry`](https://npm.im/retry) to use when fetching +packages from the registry. + +See also [`opts.retry`](#opts-retry) to provide all retry options as a single +object. + +##### `opts.fetchRetryFactor` + +* Type: Number +* Default: 10 + +The "factor" config for [`retry`](https://npm.im/retry) to use when fetching +packages. + +See also [`opts.retry`](#opts-retry) to provide all retry options as a single +object. + +##### `opts.fetchRetryMintimeout` + +* Type: Number +* Default: 10000 (10 seconds) + +The "minTimeout" config for [`retry`](https://npm.im/retry) to use when fetching +packages. + +See also [`opts.retry`](#opts-retry) to provide all retry options as a single +object. + +##### `opts.fetchRetryMaxtimeout` + +* Type: Number +* Default: 60000 (1 minute) + +The "maxTimeout" config for [`retry`](https://npm.im/retry) to use when fetching +packages. + +See also [`opts.retry`](#opts-retry) to provide all retry options as a single +object. + +##### `opts.forceAuth` + +* Type: Object +* Default: null + +If present, other auth-related values in `opts` will be completely ignored, +including `alwaysAuth`, `email`, and `otp`, when calculating auth for a request, +and the auth details in `opts.forceAuth` will be used instead. + +##### `opts.gzip` + +* Type: Boolean +* Default: false + +If true, `npm-registry-fetch` will set the `Content-Encoding` header to `gzip` +and use `zlib.gzip()` or `zlib.createGzip()` to gzip-encode +[`opts.body`](#opts-body). + +##### `opts.headers` + +* Type: Object +* Default: null + +Additional headers for the outgoing request. This option can also be used to +override headers automatically generated by `npm-registry-fetch`, such as +`Content-Type`. + +##### `opts.ignoreBody` + +* Type: Boolean +* Default: false + +If true, the **response body** will be thrown away and `res.body` set to `null`. +This will prevent dangling response sockets for requests where you don't usually +care what the response body is. + +##### `opts.integrity` + +* Type: String | [SRI object](https://npm.im/ssri) +* Default: null + +If provided, the response body's will be verified against this integrity string, +using [`ssri`](https://npm.im/ssri). If verification succeeds, the response will +complete as normal. If verification fails, the response body will error with an +`EINTEGRITY` error. + +Body integrity is only verified if the body is actually consumed to completion -- +that is, if you use `res.json()`/`res.buffer()`, or if you consume the default +`res` stream data to its end. + +Cached data will have its integrity automatically verified using the +previously-generated integrity hash for the saved request information, so +`EINTEGRITY` errors can happen if [`opts.cache`](#opts-cache) is used, even if +`opts.integrity` is not passed in. + +##### `opts.isFromCI` + +* Type: Boolean +* Default: Based on environment variables + +This is used to populate the `npm-in-ci` request header sent to the registry. + +##### `opts.key` + +* Type: String +* Default: null + +A client key to pass when accessing the registry. Values should be in PEM +format with newlines replaced by the string `'\n'`. For example: + +``` +{ + key: '-----BEGIN PRIVATE KEY-----\nXXXX\nXXXX\n-----END PRIVATE KEY-----' +} +``` + +It is _not_ the path to a key file (and there is no "keyfile" option). + +See also: [`opts.ca`](#opts-ca) and [`opts.cert`](#opts-cert) + +##### `opts.localAddress` + +* Type: IP Address String +* Default: null + +The IP address of the local interface to use when making connections +to the registry. + +See also [`opts.proxy`](#opts-proxy) + +##### `opts.log` + +* Type: [`npmlog`](https://npm.im/npmlog)-like +* Default: null + +Logger object to use for logging operation details. Must have the same methods +as `npmlog`. + +##### `opts.mapJSON` + +* Type: Function +* Default: undefined + +When using `fetch.json.stream()` (NOT `fetch.json()`), this will be passed down +to [`JSONStream`](https://npm.im/JSONStream) as the second argument to +`JSONStream.parse`, and can be used to transform stream data before output. + +##### `opts.maxSockets` + +* Type: Integer +* Default: 12 + +Maximum number of sockets to keep open during requests. Has no effect if +[`opts.agent`](#opts-agent) is used. + +##### `opts.method` + +* Type: String +* Default: 'GET' + +HTTP method to use for the outgoing request. Case-insensitive. + +##### `opts.noproxy` + +* Type: Boolean +* Default: process.env.NOPROXY + +If true, proxying will be disabled even if [`opts.proxy`](#opts-proxy) is used. + +##### `opts.npmSession` + +* Type: String +* Default: null + +If provided, will be sent in the `npm-session` header. This header is used by +the npm registry to identify individual user sessions (usually individual +invocations of the CLI). + +##### `opts.npmCommand` + +* Type: String +* Default: null + +If provided, it will be sent in the `npm-command` header. This yeader is +used by the npm registry to identify the npm command that caused this +request to be made. + +##### `opts.offline` + +* Type: Boolean +* Default: false + +Force offline mode: no network requests will be done during install. To allow +`npm-registry-fetch` to fill in missing cache data, see +[`opts.preferOffline`](#opts-preferOffline). + +This option is only really useful if you're also using +[`opts.cache`](#opts-cache). + +This option is set to `true` when the request includes `write=true` in the +query string. + +##### `opts.otp` + +* Type: Number | String +* Default: null + +This is a one-time password from a two-factor authenticator. It is required for +certain registry interactions when two-factor auth is enabled for a user +account. + +##### `opts.password` + +* Alias: `_password` +* Type: String +* Default: null + +Password used for basic authentication. For the more modern authentication +method, please use the (more secure) [`opts.token`](#opts-token) + +Can optionally be scoped to a registry by using a "nerf dart" for that registry. +That is: + +``` +{ + '//registry.npmjs.org/:password': 't0k3nH34r' +} +``` + +See also [`opts.username`](#opts-username) + +##### `opts.preferOffline` + +* Type: Boolean +* Default: false + +If true, staleness checks for cached data will be bypassed, but missing data +will be requested from the server. To force full offline mode, use +[`opts.offline`](#opts-offline). + +This option is generally only useful if you're also using +[`opts.cache`](#opts-cache). + +This option is set to `false` when the request includes `write=true` in the +query string. + +##### `opts.preferOnline` + +* Type: Boolean +* Default: false + +If true, staleness checks for cached data will be forced, making the CLI look +for updates immediately even for fresh package data. + +This option is generally only useful if you're also using +[`opts.cache`](#opts-cache). + +This option is set to `true` when the request includes `write=true` in the +query string. + +##### `opts.projectScope` + +* Type: String +* Default: null + +If provided, will be sent in the `npm-scope` header. This header is used by the +npm registry to identify the toplevel package scope that a particular project +installation is using. + +##### `opts.proxy` + +* Type: url +* Default: null + +A proxy to use for outgoing http requests. If not passed in, the `HTTP(S)_PROXY` +environment variable will be used. + +##### `opts.query` + +* Type: String | Object +* Default: null + +If provided, the request URI will have a query string appended to it using this +query. If `opts.query` is an object, it will be converted to a query string +using +[`querystring.stringify()`](https://nodejs.org/api/querystring.html#querystring_querystring_stringify_obj_sep_eq_options). + +If the request URI already has a query string, it will be merged with +`opts.query`, preferring `opts.query` values. + +##### `opts.registry` + +* Type: URL +* Default: `'https://registry.npmjs.org'` + +Registry configuration for a request. If a request URL only includes the URL +path, this registry setting will be prepended. This configuration is also used +to determine authentication details, so even if the request URL references a +completely different host, `opts.registry` will be used to find the auth details +for that request. + +See also [`opts.scope`](#opts-scope), [`opts.spec`](#opts-spec), and +[`opts.:registry`](#opts-scope-registry) which can all affect the actual +registry URL used by the outgoing request. + +##### `opts.retry` + +* Type: Object +* Default: null + +Single-object configuration for request retry settings. If passed in, will +override individually-passed `fetch-retry-*` settings. + +##### `opts.scope` + +* Type: String +* Default: null + +Associate an operation with a scope for a scoped registry. This option can force +lookup of scope-specific registries and authentication. + +See also [`opts.:registry`](#opts-scope-registry) and +[`opts.spec`](#opts-spec) for interactions with this option. + +##### `opts.:registry` + +* Type: String +* Default: null + +This option type can be used to configure the registry used for requests +involving a particular scope. For example, `opts['@myscope:registry'] = +'https://scope-specific.registry/'` will make it so requests go out to this +registry instead of [`opts.registry`](#opts-registry) when +[`opts.scope`](#opts-scope) is used, or when [`opts.spec`](#opts-spec) is a +scoped package spec. + +The `@` before the scope name is optional, but recommended. + +##### `opts.spec` + +* Type: String | [`npm-registry-arg`](https://npm.im/npm-registry-arg) object. +* Default: null + +If provided, can be used to automatically configure [`opts.scope`](#opts-scope) +based on a specific package name. Non-registry package specs will throw an +error. + +##### `opts.strictSSL` + +* Type: Boolean +* Default: true + +Whether or not to do SSL key validation when making requests to the +registry via https. + +See also [`opts.ca`](#opts-ca). + +##### `opts.timeout` + +* Type: Milliseconds +* Default: 300000 (5 minutes) + +Time before a hanging request times out. + +##### `opts.token` + +* Alias: `opts._authToken` +* Type: String +* Default: null + +Authentication token string. + +Can be scoped to a registry by using a "nerf dart" for that registry. That is: + +``` +{ + '//registry.npmjs.org/:token': 't0k3nH34r' +} +``` + +##### `opts.userAgent` + +* Type: String +* Default: `'npm-registry-fetch@/node@+ ()'` + +User agent string to send in the `User-Agent` header. + +##### `opts.username` + +* Type: String +* Default: null + +Username used for basic authentication. For the more modern authentication +method, please use the (more secure) [`opts.token`](#opts-token) + +Can optionally be scoped to a registry by using a "nerf dart" for that registry. +That is: + +``` +{ + '//registry.npmjs.org/:username': 't0k3nH34r' +} +``` + +See also [`opts.password`](#opts-password) + +##### `opts._auth` + +* Type: String +* Default: null + +** DEPRECATED ** This is a legacy authentication token supported only for +compatibility. Please use [`opts.token`](#opts-token) instead. diff --git a/node_modules/libnpmsearch/node_modules/npm-registry-fetch/auth.js b/node_modules/libnpmsearch/node_modules/npm-registry-fetch/auth.js new file mode 100644 index 0000000000000..11c3bde6b4e6c --- /dev/null +++ b/node_modules/libnpmsearch/node_modules/npm-registry-fetch/auth.js @@ -0,0 +1,55 @@ +'use strict' + +const defaultOpts = require('./default-opts.js') +const url = require('url') + +module.exports = getAuth +function getAuth (registry, opts_ = {}) { + if (!registry) { throw new Error('registry is required') } + const opts = opts_.forceAuth ? opts_.forceAuth : { ...defaultOpts, ...opts_ } + const AUTH = {} + const regKey = registry && registryKey(registry) + const doKey = (key, alias) => addKey(opts, AUTH, regKey, key, alias) + doKey('token') + doKey('_authToken', 'token') + doKey('username') + doKey('password') + doKey('_password', 'password') + doKey('email') + doKey('_auth') + doKey('otp') + doKey('always-auth', 'alwaysAuth') + if (AUTH.password) { + AUTH.password = Buffer.from(AUTH.password, 'base64').toString('utf8') + } + if (AUTH._auth && !(AUTH.username && AUTH.password)) { + let auth = Buffer.from(AUTH._auth, 'base64').toString() + auth = auth.split(':') + AUTH.username = auth.shift() + AUTH.password = auth.join(':') + } + AUTH.alwaysAuth = AUTH.alwaysAuth === 'false' ? false : !!AUTH.alwaysAuth + return AUTH +} + +function addKey (opts, obj, scope, key, objKey) { + if (opts[key]) { + obj[objKey || key] = opts[key] + } + if (scope && opts[`${scope}:${key}`]) { + obj[objKey || key] = opts[`${scope}:${key}`] + } +} + +// Called a nerf dart in the main codebase. Used as a "safe" +// key when fetching registry info from config. +function registryKey (registry) { + const parsed = new url.URL(registry) + const formatted = url.format({ + protocol: parsed.protocol, + host: parsed.host, + pathname: parsed.pathname, + slashes: true + }) + return url.format(new url.URL('.', formatted)).replace(/^[^:]+:/, '') +} diff --git a/node_modules/libnpmsearch/node_modules/npm-registry-fetch/check-response.js b/node_modules/libnpmsearch/node_modules/npm-registry-fetch/check-response.js new file mode 100644 index 0000000000000..f151711f30160 --- /dev/null +++ b/node_modules/libnpmsearch/node_modules/npm-registry-fetch/check-response.js @@ -0,0 +1,128 @@ +'use strict' + +const errors = require('./errors.js') +const LRU = require('lru-cache') +const { Response } = require('minipass-fetch') +const defaultOpts = require('./default-opts.js') + +module.exports = checkResponse +function checkResponse (method, res, registry, startTime, opts_ = {}) { + const opts = { ...defaultOpts, ...opts_ } + if (res.headers.has('npm-notice') && !res.headers.has('x-local-cache')) { + opts.log.notice('', res.headers.get('npm-notice')) + } + checkWarnings(res, registry, opts) + if (res.status >= 400) { + logRequest(method, res, startTime, opts) + return checkErrors(method, res, startTime, opts) + } else { + res.body.on('end', () => logRequest(method, res, startTime, opts)) + if (opts.ignoreBody) { + res.body.resume() + return new Response(null, res) + } + return res + } +} + +function logRequest (method, res, startTime, opts) { + const elapsedTime = Date.now() - startTime + const attempt = res.headers.get('x-fetch-attempts') + const attemptStr = attempt && attempt > 1 ? ` attempt #${attempt}` : '' + const cacheStr = res.headers.get('x-local-cache') ? ' (from cache)' : '' + + let urlStr + try { + const { URL } = require('url') + const url = new URL(res.url) + if (url.password) { + url.password = '***' + } + urlStr = url.toString() + } catch (er) { + urlStr = res.url + } + + opts.log.http( + 'fetch', + `${method.toUpperCase()} ${res.status} ${urlStr} ${elapsedTime}ms${attemptStr}${cacheStr}` + ) +} + +const WARNING_REGEXP = /^\s*(\d{3})\s+(\S+)\s+"(.*)"\s+"([^"]+)"/ +const BAD_HOSTS = new LRU({ max: 50 }) + +function checkWarnings (res, registry, opts) { + if (res.headers.has('warning') && !BAD_HOSTS.has(registry)) { + const warnings = {} + // note: headers.raw() will preserve case, so we might have a + // key on the object like 'WaRnInG' if that was used first + for (const [key, value] of Object.entries(res.headers.raw())) { + if (key.toLowerCase() !== 'warning') { continue } + value.forEach(w => { + const match = w.match(WARNING_REGEXP) + if (match) { + warnings[match[1]] = { + code: match[1], + host: match[2], + message: match[3], + date: new Date(match[4]) + } + } + }) + } + BAD_HOSTS.set(registry, true) + if (warnings['199']) { + if (warnings['199'].message.match(/ENOTFOUND/)) { + opts.log.warn('registry', `Using stale data from ${registry} because the host is inaccessible -- are you offline?`) + } else { + opts.log.warn('registry', `Unexpected warning for ${registry}: ${warnings['199'].message}`) + } + } + if (warnings['111']) { + // 111 Revalidation failed -- we're using stale data + opts.log.warn( + 'registry', + `Using stale data from ${registry} due to a request error during revalidation.` + ) + } + } +} + +function checkErrors (method, res, startTime, opts) { + return res.buffer() + .catch(() => null) + .then(body => { + let parsed = body + try { + parsed = JSON.parse(body.toString('utf8')) + } catch (e) {} + if (res.status === 401 && res.headers.get('www-authenticate')) { + const auth = res.headers.get('www-authenticate') + .split(/,\s*/) + .map(s => s.toLowerCase()) + if (auth.indexOf('ipaddress') !== -1) { + throw new errors.HttpErrorAuthIPAddress( + method, res, parsed, opts.spec + ) + } else if (auth.indexOf('otp') !== -1) { + throw new errors.HttpErrorAuthOTP( + method, res, parsed, opts.spec + ) + } else { + throw new errors.HttpErrorAuthUnknown( + method, res, parsed, opts.spec + ) + } + } else if (res.status === 401 && body != null && /one-time pass/.test(body.toString('utf8'))) { + // Heuristic for malformed OTP responses that don't include the www-authenticate header. + throw new errors.HttpErrorAuthOTP( + method, res, parsed, opts.spec + ) + } else { + throw new errors.HttpErrorGeneral( + method, res, parsed, opts.spec + ) + } + }) +} diff --git a/node_modules/libnpmsearch/node_modules/npm-registry-fetch/default-opts.js b/node_modules/libnpmsearch/node_modules/npm-registry-fetch/default-opts.js new file mode 100644 index 0000000000000..b742fd5a5fcd4 --- /dev/null +++ b/node_modules/libnpmsearch/node_modules/npm-registry-fetch/default-opts.js @@ -0,0 +1,22 @@ +const pkg = require('./package.json') +const ciDetect = require('@npmcli/ci-detect') +module.exports = { + isFromCI: ciDetect(), + log: require('./silentlog.js'), + maxSockets: 12, + method: 'GET', + registry: 'https://registry.npmjs.org/', + timeout: 5 * 60 * 1000, // 5 minutes + strictSSL: true, + noProxy: process.env.NOPROXY, + userAgent: `${pkg.name + }@${ + pkg.version + }/node@${ + process.version + }+${ + process.arch + } (${ + process.platform + })` +} diff --git a/node_modules/libnpmsearch/node_modules/npm-registry-fetch/errors.js b/node_modules/libnpmsearch/node_modules/npm-registry-fetch/errors.js new file mode 100644 index 0000000000000..c41947e29952d --- /dev/null +++ b/node_modules/libnpmsearch/node_modules/npm-registry-fetch/errors.js @@ -0,0 +1,79 @@ +'use strict' + +const url = require('url') + +function packageName (href) { + try { + let basePath = new url.URL(href).pathname.substr(1) + if (!basePath.match(/^-/)) { + basePath = basePath.split('/') + var index = basePath.indexOf('_rewrite') + if (index === -1) { + index = basePath.length - 1 + } else { + index++ + } + return decodeURIComponent(basePath[index]) + } + } catch (_) { + // this is ok + } +} + +class HttpErrorBase extends Error { + constructor (method, res, body, spec) { + super() + this.headers = res.headers.raw() + this.statusCode = res.status + this.code = `E${res.status}` + this.method = method + this.uri = res.url + this.body = body + this.pkgid = spec ? spec.toString() : packageName(res.url) + } +} +module.exports.HttpErrorBase = HttpErrorBase + +class HttpErrorGeneral extends HttpErrorBase { + constructor (method, res, body, spec) { + super(method, res, body, spec) + this.message = `${res.status} ${res.statusText} - ${ + this.method.toUpperCase() + } ${ + this.spec || this.uri + }${ + (body && body.error) ? ' - ' + body.error : '' + }` + Error.captureStackTrace(this, HttpErrorGeneral) + } +} +module.exports.HttpErrorGeneral = HttpErrorGeneral + +class HttpErrorAuthOTP extends HttpErrorBase { + constructor (method, res, body, spec) { + super(method, res, body, spec) + this.message = 'OTP required for authentication' + this.code = 'EOTP' + Error.captureStackTrace(this, HttpErrorAuthOTP) + } +} +module.exports.HttpErrorAuthOTP = HttpErrorAuthOTP + +class HttpErrorAuthIPAddress extends HttpErrorBase { + constructor (method, res, body, spec) { + super(method, res, body, spec) + this.message = 'Login is not allowed from your IP address' + this.code = 'EAUTHIP' + Error.captureStackTrace(this, HttpErrorAuthIPAddress) + } +} +module.exports.HttpErrorAuthIPAddress = HttpErrorAuthIPAddress + +class HttpErrorAuthUnknown extends HttpErrorBase { + constructor (method, res, body, spec) { + super(method, res, body, spec) + this.message = 'Unable to authenticate, need: ' + res.headers.get('www-authenticate') + Error.captureStackTrace(this, HttpErrorAuthUnknown) + } +} +module.exports.HttpErrorAuthUnknown = HttpErrorAuthUnknown diff --git a/node_modules/libnpmsearch/node_modules/npm-registry-fetch/index.js b/node_modules/libnpmsearch/node_modules/npm-registry-fetch/index.js new file mode 100644 index 0000000000000..2324e7fbfd00b --- /dev/null +++ b/node_modules/libnpmsearch/node_modules/npm-registry-fetch/index.js @@ -0,0 +1,219 @@ +'use strict' + +const checkResponse = require('./check-response.js') +const getAuth = require('./auth.js') +const fetch = require('make-fetch-happen') +const JSONStream = require('minipass-json-stream') +const npa = require('npm-package-arg') +const qs = require('querystring') +const url = require('url') +const zlib = require('minizlib') +const Minipass = require('minipass') + +const defaultOpts = require('./default-opts.js') + +// WhatWG URL throws if it's not fully resolved +const urlIsValid = u => { + try { + return !!new url.URL(u) + } catch (_) { + return false + } +} + +module.exports = regFetch +function regFetch (uri, /* istanbul ignore next */ opts_ = {}) { + const opts = { + ...defaultOpts, + ...opts_ + } + const registry = opts.registry = ( + (opts.spec && pickRegistry(opts.spec, opts)) || + (opts.publishConfig && opts.publishConfig.registry) || + opts.registry || + /* istanbul ignore next */ + 'https://registry.npmjs.org/' + ) + + if (!urlIsValid(uri)) { + uri = `${ + registry.trim().replace(/\/?$/g, '') + }/${ + uri.trim().replace(/^\//, '') + }` + } + + const method = opts.method || 'GET' + + // through that takes into account the scope, the prefix of `uri`, etc + const startTime = Date.now() + const headers = getHeaders(registry, uri, opts) + let body = opts.body + const bodyIsStream = Minipass.isStream(body) + const bodyIsPromise = body && + typeof body === 'object' && + typeof body.then === 'function' + + if (body && !bodyIsStream && !bodyIsPromise && typeof body !== 'string' && !Buffer.isBuffer(body)) { + headers['content-type'] = headers['content-type'] || 'application/json' + body = JSON.stringify(body) + } else if (body && !headers['content-type']) { + headers['content-type'] = 'application/octet-stream' + } + + if (opts.gzip) { + headers['content-encoding'] = 'gzip' + if (bodyIsStream) { + const gz = new zlib.Gzip() + body.on('error', /* istanbul ignore next: unlikely and hard to test */ + err => gz.emit('error', err)) + body = body.pipe(gz) + } else if (!bodyIsPromise) { + body = new zlib.Gzip().end(body).concat() + } + } + + const parsed = new url.URL(uri) + + if (opts.query) { + const q = typeof opts.query === 'string' + ? qs.parse(opts.query) + : opts.query + + Object.keys(q).forEach(key => { + if (q[key] !== undefined) { + parsed.searchParams.set(key, q[key]) + } + }) + uri = url.format(parsed) + } + + if (parsed.searchParams.get('write') === 'true' && method === 'GET') { + // do not cache, because this GET is fetching a rev that will be + // used for a subsequent PUT or DELETE, so we need to conditionally + // update cache. + opts.offline = false + opts.preferOffline = false + opts.preferOnline = true + } + + const doFetch = (body) => fetch(uri, { + agent: opts.agent, + algorithms: opts.algorithms, + body, + cache: getCacheMode(opts), + cacheManager: opts.cache, + ca: opts.ca, + cert: opts.cert, + headers, + integrity: opts.integrity, + key: opts.key, + localAddress: opts.localAddress, + maxSockets: opts.maxSockets, + memoize: opts.memoize, + method: method, + noProxy: opts.noProxy, + proxy: opts.httpsProxy || opts.proxy, + retry: opts.retry ? opts.retry : { + retries: opts.fetchRetries, + factor: opts.fetchRetryFactor, + minTimeout: opts.fetchRetryMintimeout, + maxTimeout: opts.fetchRetryMaxtimeout + }, + strictSSL: opts.strictSSL, + timeout: opts.timeout || 30 * 1000 + }).then(res => checkResponse( + method, res, registry, startTime, opts + )) + + return Promise.resolve(body).then(doFetch) +} + +module.exports.json = fetchJSON +function fetchJSON (uri, opts) { + return regFetch(uri, opts).then(res => res.json()) +} + +module.exports.json.stream = fetchJSONStream +function fetchJSONStream (uri, jsonPath, /* istanbul ignore next */ opts_ = {}) { + const opts = { ...defaultOpts, ...opts_ } + const parser = JSONStream.parse(jsonPath, opts.mapJSON) + regFetch(uri, opts).then(res => + res.body.on('error', + /* istanbul ignore next: unlikely and difficult to test */ + er => parser.emit('error', er)).pipe(parser) + ).catch(er => parser.emit('error', er)) + return parser +} + +module.exports.pickRegistry = pickRegistry +function pickRegistry (spec, opts = {}) { + spec = npa(spec) + let registry = spec.scope && + opts[spec.scope.replace(/^@?/, '@') + ':registry'] + + if (!registry && opts.scope) { + registry = opts[opts.scope.replace(/^@?/, '@') + ':registry'] + } + + if (!registry && opts.publishConfig) { + registry = opts.publishConfig.registry + } + + if (!registry) { + registry = opts.registry || 'https://registry.npmjs.org/' + } + + return registry +} + +function getCacheMode (opts) { + return opts.offline + ? 'only-if-cached' + : opts.preferOffline + ? 'force-cache' + : opts.preferOnline + ? 'no-cache' + : 'default' +} + +function getHeaders (registry, uri, opts) { + const headers = Object.assign({ + 'npm-in-ci': !!opts.isFromCI, + 'user-agent': opts.userAgent + }, opts.headers || {}) + + if (opts.projectScope) { + headers['npm-scope'] = opts.projectScope + } + + if (opts.npmSession) { + headers['npm-session'] = opts.npmSession + } + + if (opts.npmCommand) { + headers['npm-command'] = opts.npmCommand + } + + const auth = getAuth(registry, opts) + // If a tarball is hosted on a different place than the manifest, only send + // credentials on `alwaysAuth` + const shouldAuth = ( + auth.alwaysAuth || + new url.URL(uri).host === new url.URL(registry).host + ) + if (shouldAuth && auth.token) { + headers.authorization = `Bearer ${auth.token}` + } else if (shouldAuth && auth.username && auth.password) { + const encoded = Buffer.from( + `${auth.username}:${auth.password}`, 'utf8' + ).toString('base64') + headers.authorization = `Basic ${encoded}` + } else if (shouldAuth && auth._auth) { + headers.authorization = `Basic ${auth._auth}` + } + if (shouldAuth && auth.otp) { + headers['npm-otp'] = auth.otp + } + return headers +} diff --git a/node_modules/libnpmsearch/node_modules/npm-registry-fetch/package.json b/node_modules/libnpmsearch/node_modules/npm-registry-fetch/package.json new file mode 100644 index 0000000000000..5aeddc5b39102 --- /dev/null +++ b/node_modules/libnpmsearch/node_modules/npm-registry-fetch/package.json @@ -0,0 +1,59 @@ +{ + "name": "npm-registry-fetch", + "version": "8.1.5", + "description": "Fetch-based http client for use with npm registry APIs", + "main": "index.js", + "files": [ + "*.js", + "lib" + ], + "scripts": { + "postrelease": "npm publish", + "posttest": "standard", + "prepublishOnly": "git push --follow-tags", + "prerelease": "npm t", + "release": "standard-version -s", + "test": "tap" + }, + "repository": "https://github.com/npm/registry-fetch", + "keywords": [ + "npm", + "registry", + "fetch" + ], + "author": { + "name": "Kat Marchán", + "email": "kzm@sykosomatic.org", + "twitter": "maybekatz" + }, + "license": "ISC", + "dependencies": { + "@npmcli/ci-detect": "^1.0.0", + "lru-cache": "^6.0.0", + "make-fetch-happen": "^8.0.9", + "minipass": "^3.1.3", + "minipass-fetch": "^1.3.0", + "minipass-json-stream": "^1.0.1", + "minizlib": "^2.0.0", + "npm-package-arg": "^8.0.0" + }, + "devDependencies": { + "cacache": "^15.0.0", + "mkdirp": "^0.5.1", + "nock": "^11.7.0", + "npmlog": "^4.1.2", + "require-inject": "^1.4.4", + "rimraf": "^2.6.2", + "ssri": "^8.0.0", + "standard": "^14.3.3", + "standard-version": "^7.1.0", + "tap": "^14.10.7" + }, + "tap": { + "check-coverage": true, + "test-ignore": "test[\\\\/](util|cache)[\\\\/]" + }, + "engines": { + "node": ">=10" + } +} diff --git a/node_modules/libnpmsearch/node_modules/npm-registry-fetch/silentlog.js b/node_modules/libnpmsearch/node_modules/npm-registry-fetch/silentlog.js new file mode 100644 index 0000000000000..886c5d55b2dbb --- /dev/null +++ b/node_modules/libnpmsearch/node_modules/npm-registry-fetch/silentlog.js @@ -0,0 +1,14 @@ +'use strict' + +const noop = Function.prototype +module.exports = { + error: noop, + warn: noop, + notice: noop, + info: noop, + verbose: noop, + silly: noop, + http: noop, + pause: noop, + resume: noop +} diff --git a/node_modules/libnpmteam/node_modules/npm-registry-fetch/CHANGELOG.md b/node_modules/libnpmteam/node_modules/npm-registry-fetch/CHANGELOG.md new file mode 100644 index 0000000000000..fc26ee1bda4ba --- /dev/null +++ b/node_modules/libnpmteam/node_modules/npm-registry-fetch/CHANGELOG.md @@ -0,0 +1,384 @@ +# Changelog + +All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines. + +### [8.1.5](https://github.com/npm/registry-fetch/compare/v8.1.4...v8.1.5) (2020-10-12) + + +### Bug Fixes + +* respect publishConfig.registry when specified ([32e36ef](https://github.com/npm/registry-fetch/commit/32e36efe86302ed319973cd5b1e6ccc3f62e557e)), closes [#35](https://github.com/npm/registry-fetch/issues/35) + +### [8.1.4](https://github.com/npm/registry-fetch/compare/v8.1.3...v8.1.4) (2020-08-17) + + +### Bug Fixes + +* redact passwords from http logs ([3c294eb](https://github.com/npm/registry-fetch/commit/3c294ebbd7821725db4ff1bc5fe368c49613efcc)) + +### [8.1.3](https://github.com/npm/registry-fetch/compare/v8.1.2...v8.1.3) (2020-07-21) + +### [8.1.2](https://github.com/npm/registry-fetch/compare/v8.1.1...v8.1.2) (2020-07-11) + +### [8.1.1](https://github.com/npm/registry-fetch/compare/v8.1.0...v8.1.1) (2020-06-30) + +## [8.1.0](https://github.com/npm/registry-fetch/compare/v8.0.3...v8.1.0) (2020-05-20) + + +### Features + +* add npm-command HTTP header ([1bb4eb2](https://github.com/npm/registry-fetch/commit/1bb4eb2c66ee8a0dc62558bdcff1b548e2bb9820)) + +### [8.0.3](https://github.com/npm/registry-fetch/compare/v8.0.2...v8.0.3) (2020-05-13) + + +### Bug Fixes + +* update minipass and make-fetch-happen to latest ([3b6c5d0](https://github.com/npm/registry-fetch/commit/3b6c5d0d8ccd4c4a97862a65acef956f19aec127)), closes [#23](https://github.com/npm/registry-fetch/issues/23) + +### [8.0.2](https://github.com/npm/registry-fetch/compare/v8.0.1...v8.0.2) (2020-05-04) + + +### Bug Fixes + +* update make-fetch-happen to 8.0.6 ([226df2c](https://github.com/npm/registry-fetch/commit/226df2c32e3f9ed8ceefcfdbd11efb178181b442)) + +## [8.0.0](https://github.com/npm/registry-fetch/compare/v7.0.1...v8.0.0) (2020-02-24) + + +### ⚠ BREAKING CHANGES + +* Removes the 'opts.refer' option and the HTTP Referer +header (unless explicitly added to the 'headers' option, of course). + +PR-URL: https://github.com/npm/npm-registry-fetch/pull/25 +Credit: @isaacs + +### Bug Fixes + +* remove referer header and opts.refer ([eb8f7af](https://github.com/npm/registry-fetch/commit/eb8f7af3c102834856604c1be664b00ca0fe8ef2)), closes [#25](https://github.com/npm/registry-fetch/issues/25) + +### [7.0.1](https://github.com/npm/registry-fetch/compare/v7.0.0...v7.0.1) (2020-02-24) + +## [7.0.0](https://github.com/npm/registry-fetch/compare/v6.0.2...v7.0.0) (2020-02-18) + + +### ⚠ BREAKING CHANGES + +* figgy pudding is now nowhere to be found. +* this removes figgy-pudding, and drops several option +aliases. + +Defaults and behavior are all the same, and this module is now using the +canonical camelCase option names that npm v7 will provide to all its +deps. + +Related to: https://github.com/npm/rfcs/pull/102 + +PR-URL: https://github.com/npm/npm-registry-fetch/pull/22 +Credit: @isaacs + +### Bug Fixes + +* Remove figgy-pudding, use canonical option names ([ede3c08](https://github.com/npm/registry-fetch/commit/ede3c087007fd1808e02b1af70562220d03b18a9)), closes [#22](https://github.com/npm/registry-fetch/issues/22) + + +* update cacache, ssri, make-fetch-happen ([57fcc88](https://github.com/npm/registry-fetch/commit/57fcc889bee03edcc0a2025d96a171039108c231)) + +### [6.0.2](https://github.com/npm/registry-fetch/compare/v6.0.1...v6.0.2) (2020-02-14) + + +### Bug Fixes + +* always bypass cache when ?write=true ([83f89f3](https://github.com/npm/registry-fetch/commit/83f89f35abd2ed0507c869e37f90ed746375772c)) + +### [6.0.1](https://github.com/npm/registry-fetch/compare/v6.0.0...v6.0.1) (2020-02-14) + + +### Bug Fixes + +* use 30s default for timeout as per README ([50e8afc](https://github.com/npm/registry-fetch/commit/50e8afc6ff850542feb588f9f9c64ebae59e72a0)), closes [#20](https://github.com/npm/registry-fetch/issues/20) + +## [6.0.0](https://github.com/npm/registry-fetch/compare/v5.0.1...v6.0.0) (2019-12-17) + + +### ⚠ BREAKING CHANGES + +* This drops support for node < 10. + +There are some lint failures due to standard pushing for using WhatWG URL +objects instead of url.parse/url.resolve. However, the code in this lib +does some fancy things with the query/search portions of the parsed url +object, so it'll take a bit of care to make it work properly. + +### Bug Fixes + +* detect CI so our tests don't fail in CI ([5813da6](https://github.com/npm/registry-fetch/commit/5813da634cef73b12e40373972d7937e6934fce0)) +* Use WhatWG URLs instead of url.parse ([8ccfa8a](https://github.com/npm/registry-fetch/commit/8ccfa8a72c38cfedb0f525b7f453644fd4444f99)) + + +* normalize settings, drop old nodes, update deps ([510b125](https://github.com/npm/registry-fetch/commit/510b1255cc7ed4bb397a34e0007757dae33e2275)) + + +## [5.0.1](https://github.com/npm/registry-fetch/compare/v5.0.0...v5.0.1) (2019-11-11) + + + + +# [5.0.0](https://github.com/npm/registry-fetch/compare/v4.0.2...v5.0.0) (2019-10-04) + + +### Bug Fixes + +* prefer const in getAuth function ([90ac7b1](https://github.com/npm/registry-fetch/commit/90ac7b1)) +* use minizlib instead of core zlib ([e64702e](https://github.com/npm/registry-fetch/commit/e64702e)) + + +### Features + +* refactor to use Minipass streams ([bb37f20](https://github.com/npm/registry-fetch/commit/bb37f20)) + + +### BREAKING CHANGES + +* this replaces all core streams (except for some +PassThrough streams in a few tests) with Minipass streams, and updates +all deps to the latest and greatest Minipass versions of things. + + + + +## [4.0.2](https://github.com/npm/registry-fetch/compare/v4.0.0...v4.0.2) (2019-10-04) + + +### Bug Fixes + +* Add null check on body on 401 errors ([e3a0186](https://github.com/npm/registry-fetch/commit/e3a0186)), closes [#9](https://github.com/npm/registry-fetch/issues/9) +* **deps:** Add explicit dependency on safe-buffer ([8eae5f0](https://github.com/npm/registry-fetch/commit/8eae5f0)), closes [npm/libnpmaccess#2](https://github.com/npm/libnpmaccess/issues/2) [#3](https://github.com/npm/registry-fetch/issues/3) + + + + +# [4.0.0](https://github.com/npm/registry-fetch/compare/v3.9.1...v4.0.0) (2019-07-15) + + +* cacache@12.0.0, infer uid from cache folder ([0c4f060](https://github.com/npm/registry-fetch/commit/0c4f060)) + + +### BREAKING CHANGES + +* uid and gid are inferred from cache folder, rather than +being passed in as options. + + + + +## [3.9.1](https://github.com/npm/registry-fetch/compare/v3.9.0...v3.9.1) (2019-07-02) + + + + +# [3.9.0](https://github.com/npm/registry-fetch/compare/v3.8.0...v3.9.0) (2019-01-24) + + +### Features + +* **auth:** support username:password encoded legacy _auth ([a91f90c](https://github.com/npm/registry-fetch/commit/a91f90c)) + + + + +# [3.8.0](https://github.com/npm/registry-fetch/compare/v3.7.0...v3.8.0) (2018-08-23) + + +### Features + +* **mapJson:** add support for passing in json stream mapper ([0600986](https://github.com/npm/registry-fetch/commit/0600986)) + + + + +# [3.7.0](https://github.com/npm/registry-fetch/compare/v3.6.0...v3.7.0) (2018-08-23) + + +### Features + +* **json.stream:** add utility function for streamed JSON parsing ([051d969](https://github.com/npm/registry-fetch/commit/051d969)) + + + + +# [3.6.0](https://github.com/npm/registry-fetch/compare/v3.5.0...v3.6.0) (2018-08-22) + + +### Bug Fixes + +* **docs:** document opts.forceAuth ([40bcd65](https://github.com/npm/registry-fetch/commit/40bcd65)) + + +### Features + +* **opts.ignoreBody:** add a boolean to throw away response bodies ([6923702](https://github.com/npm/registry-fetch/commit/6923702)) + + + + +# [3.5.0](https://github.com/npm/registry-fetch/compare/v3.4.0...v3.5.0) (2018-08-22) + + +### Features + +* **pkgid:** heuristic pkgid calculation for errors ([2e789a5](https://github.com/npm/registry-fetch/commit/2e789a5)) + + + + +# [3.4.0](https://github.com/npm/registry-fetch/compare/v3.3.0...v3.4.0) (2018-08-22) + + +### Bug Fixes + +* **deps:** use new figgy-pudding with aliases fix ([0308f54](https://github.com/npm/registry-fetch/commit/0308f54)) + + +### Features + +* **auth:** add forceAuth option to force a specific auth mechanism ([4524d17](https://github.com/npm/registry-fetch/commit/4524d17)) + + + + +# [3.3.0](https://github.com/npm/registry-fetch/compare/v3.2.1...v3.3.0) (2018-08-21) + + +### Bug Fixes + +* **query:** stop including undefined keys ([4718b1b](https://github.com/npm/registry-fetch/commit/4718b1b)) + + +### Features + +* **otp:** use heuristic detection for malformed EOTP responses ([f035194](https://github.com/npm/registry-fetch/commit/f035194)) + + + + +## [3.2.1](https://github.com/npm/registry-fetch/compare/v3.2.0...v3.2.1) (2018-08-16) + + +### Bug Fixes + +* **opts:** pass through non-null opts.retry ([beba040](https://github.com/npm/registry-fetch/commit/beba040)) + + + + +# [3.2.0](https://github.com/npm/registry-fetch/compare/v3.1.1...v3.2.0) (2018-07-27) + + +### Features + +* **gzip:** add opts.gzip convenience opt ([340abe0](https://github.com/npm/registry-fetch/commit/340abe0)) + + + + +## [3.1.1](https://github.com/npm/registry-fetch/compare/v3.1.0...v3.1.1) (2018-04-09) + + + + +# [3.1.0](https://github.com/npm/registry-fetch/compare/v3.0.0...v3.1.0) (2018-04-09) + + +### Features + +* **config:** support no-proxy and https-proxy options ([9aa906b](https://github.com/npm/registry-fetch/commit/9aa906b)) + + + + +# [3.0.0](https://github.com/npm/registry-fetch/compare/v2.1.0...v3.0.0) (2018-04-09) + + +### Bug Fixes + +* **api:** pacote integration-related fixes ([a29de4f](https://github.com/npm/registry-fetch/commit/a29de4f)) +* **config:** stop caring about opts.config ([5856a6f](https://github.com/npm/registry-fetch/commit/5856a6f)) + + +### BREAKING CHANGES + +* **config:** opts.config is no longer supported. Pass the options down in opts itself. + + + + +# [2.1.0](https://github.com/npm/registry-fetch/compare/v2.0.0...v2.1.0) (2018-04-08) + + +### Features + +* **token:** accept opts.token for opts._authToken ([108c9f0](https://github.com/npm/registry-fetch/commit/108c9f0)) + + + + +# [2.0.0](https://github.com/npm/registry-fetch/compare/v1.1.1...v2.0.0) (2018-04-08) + + +### meta + +* drop support for node@4 ([758536e](https://github.com/npm/registry-fetch/commit/758536e)) + + +### BREAKING CHANGES + +* node@4 is no longer supported + + + + +## [1.1.1](https://github.com/npm/registry-fetch/compare/v1.1.0...v1.1.1) (2018-04-06) + + + + +# [1.1.0](https://github.com/npm/registry-fetch/compare/v1.0.1...v1.1.0) (2018-03-16) + + +### Features + +* **specs:** can use opts.spec to trigger pickManifest ([85c4ac9](https://github.com/npm/registry-fetch/commit/85c4ac9)) + + + + +## [1.0.1](https://github.com/npm/registry-fetch/compare/v1.0.0...v1.0.1) (2018-03-16) + + +### Bug Fixes + +* **query:** oops console.log ([870e4f5](https://github.com/npm/registry-fetch/commit/870e4f5)) + + + + +# 1.0.0 (2018-03-16) + + +### Bug Fixes + +* **auth:** get auth working with all the little details ([84b94ba](https://github.com/npm/registry-fetch/commit/84b94ba)) +* **deps:** add bluebird as an actual dep ([1286e31](https://github.com/npm/registry-fetch/commit/1286e31)) +* **errors:** Unknown auth errors use default code ([#1](https://github.com/npm/registry-fetch/issues/1)) ([3d91b93](https://github.com/npm/registry-fetch/commit/3d91b93)) +* **standard:** remove args from invocation ([9620a0a](https://github.com/npm/registry-fetch/commit/9620a0a)) + + +### Features + +* **api:** baseline kinda-working API impl ([bf91f9f](https://github.com/npm/registry-fetch/commit/bf91f9f)) +* **body:** automatic handling of different opts.body values ([f3b97db](https://github.com/npm/registry-fetch/commit/f3b97db)) +* **config:** nicer input config input handling ([b9ce21d](https://github.com/npm/registry-fetch/commit/b9ce21d)) +* **opts:** use figgy-pudding for opts handling ([0abd527](https://github.com/npm/registry-fetch/commit/0abd527)) +* **query:** add query utility support ([65ea8b1](https://github.com/npm/registry-fetch/commit/65ea8b1)) diff --git a/node_modules/libnpmteam/node_modules/npm-registry-fetch/LICENSE.md b/node_modules/libnpmteam/node_modules/npm-registry-fetch/LICENSE.md new file mode 100644 index 0000000000000..8d28acf866d93 --- /dev/null +++ b/node_modules/libnpmteam/node_modules/npm-registry-fetch/LICENSE.md @@ -0,0 +1,16 @@ +ISC License + +Copyright (c) npm, Inc. + +Permission to use, copy, modify, and/or distribute this software for +any purpose with or without fee is hereby granted, provided that the +above copyright notice and this permission notice appear in all copies. + +THE SOFTWARE IS PROVIDED "AS IS" AND THE COPYRIGHT HOLDER DISCLAIMS +ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE +COPYRIGHT HOLDER BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR +CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS +OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE +USE OR PERFORMANCE OF THIS SOFTWARE. diff --git a/node_modules/libnpmteam/node_modules/npm-registry-fetch/README.md b/node_modules/libnpmteam/node_modules/npm-registry-fetch/README.md new file mode 100644 index 0000000000000..e660940e30dc4 --- /dev/null +++ b/node_modules/libnpmteam/node_modules/npm-registry-fetch/README.md @@ -0,0 +1,635 @@ +# npm-registry-fetch + +[![npm version](https://img.shields.io/npm/v/npm-registry-fetch.svg)](https://npm.im/npm-registry-fetch) +[![license](https://img.shields.io/npm/l/npm-registry-fetch.svg)](https://npm.im/npm-registry-fetch) +[![Travis](https://img.shields.io/travis/npm/npm-registry-fetch/latest.svg)](https://travis-ci.org/npm/npm-registry-fetch) +[![AppVeyor](https://img.shields.io/appveyor/ci/npm/npm-registry-fetch/latest.svg)](https://ci.appveyor.com/project/npm/npm-registry-fetch) +[![Coverage Status](https://coveralls.io/repos/github/npm/npm-registry-fetch/badge.svg?branch=latest)](https://coveralls.io/github/npm/npm-registry-fetch?branch=latest) + +[`npm-registry-fetch`](https://github.com/npm/npm-registry-fetch) is a Node.js +library that implements a `fetch`-like API for accessing npm registry APIs +consistently. It's able to consume npm-style configuration values and has all +the necessary logic for picking registries, handling scopes, and dealing with +authentication details built-in. + +This package is meant to replace the older +[`npm-registry-client`](https://npm.im/npm-registry-client). + +## Example + +```javascript +const npmFetch = require('npm-registry-fetch') + +console.log( + await npmFetch.json('/-/ping') +) +``` + +## Table of Contents + +* [Installing](#install) +* [Example](#example) +* [Contributing](#contributing) +* [API](#api) + * [`fetch`](#fetch) + * [`fetch.json`](#fetch-json) + * [`fetch` options](#fetch-opts) + +### Install + +`$ npm install npm-registry-fetch` + +### Contributing + +The npm team enthusiastically welcomes contributions and project participation! +There's a bunch of things you can do if you want to contribute! The [Contributor +Guide](CONTRIBUTING.md) has all the information you need for everything from +reporting bugs to contributing entire new features. Please don't hesitate to +jump in if you'd like to, or even ask us questions if something isn't clear. + +All participants and maintainers in this project are expected to follow [Code of +Conduct](CODE_OF_CONDUCT.md), and just generally be excellent to each other. + +Please refer to the [Changelog](CHANGELOG.md) for project history details, too. + +Happy hacking! + +### API + +#### Caching and `write=true` query strings + +Before performing any PUT or DELETE operation, npm clients first make a +GET request to the registry resource being updated, which includes +the query string `?write=true`. + +The semantics of this are, effectively, "I intend to write to this thing, +and need to know the latest current value, so that my write can land +cleanly". + +The public npm registry handles these `?write=true` requests by ensuring +that the cache is re-validated before sending a response. In order to +maintain the same behavior on the client, and not get tripped up by an +overeager local cache when we intend to write data to the registry, any +request that comes through `npm-registry-fetch` that contains `write=true` +in the query string will forcibly set the `prefer-online` option to `true`, +and set both `prefer-offline` and `offline` to false, so that any local +cached value will be revalidated. + +#### `> fetch(url, [opts]) -> Promise` + +Performs a request to a given URL. + +The URL can be either a full URL, or a path to one. The appropriate registry +will be automatically picked if only a URL path is given. + +For available options, please see the section on [`fetch` options](#fetch-opts). + +##### Example + +```javascript +const res = await fetch('/-/ping') +console.log(res.headers) +res.on('data', d => console.log(d.toString('utf8'))) +``` + +#### `> fetch.json(url, [opts]) -> Promise` + +Performs a request to a given registry URL, parses the body of the response as +JSON, and returns it as its final value. This is a utility shorthand for +`fetch(url).then(res => res.json())`. + +For available options, please see the section on [`fetch` options](#fetch-opts). + +##### Example + +```javascript +const res = await fetch.json('/-/ping') +console.log(res) // Body parsed as JSON +``` + +#### `> fetch.json.stream(url, jsonPath, [opts]) -> Stream` + +Performs a request to a given registry URL and parses the body of the response +as JSON, with each entry being emitted through the stream. + +The `jsonPath` argument is a [`JSONStream.parse()` +path](https://github.com/dominictarr/JSONStream#jsonstreamparsepath), and the +returned stream (unlike default `JSONStream`s), has a valid +`Symbol.asyncIterator` implementation. + +For available options, please see the section on [`fetch` options](#fetch-opts). + +##### Example + +```javascript +console.log('https://npm.im/~zkat has access to the following packages:') +for await (let {key, value} of fetch.json.stream('/-/user/zkat/package', '$*')) { + console.log(`https://npm.im/${key} (perms: ${value})`) +} +``` + +#### `fetch` Options + +Fetch options are optional, and can be passed in as either a Map-like object +(one with a `.get()` method), a plain javascript object, or a +[`figgy-pudding`](https://npm.im/figgy-pudding) instance. + +##### `opts.agent` + +* Type: http.Agent +* Default: an appropriate agent based on URL protocol and proxy settings + +An [`Agent`](https://nodejs.org/api/http.html#http_class_http_agent) instance to +be shared across requests. This allows multiple concurrent `fetch` requests to +happen on the same socket. + +You do _not_ need to provide this option unless you want something particularly +specialized, since proxy configurations and http/https agents are already +automatically managed internally when this option is not passed through. + +##### `opts.body` + +* Type: Buffer | Stream | Object +* Default: null + +Request body to send through the outgoing request. Buffers and Streams will be +passed through as-is, with a default `content-type` of +`application/octet-stream`. Plain JavaScript objects will be `JSON.stringify`ed +and the `content-type` will default to `application/json`. + +Use [`opts.headers`](#opts-headers) to set the content-type to something else. + +##### `opts.ca` + +* Type: String, Array, or null +* Default: null + +The Certificate Authority signing certificate that is trusted for SSL +connections to the registry. Values should be in PEM format (Windows calls it +"Base-64 encoded X.509 (.CER)") with newlines replaced by the string `'\n'`. For +example: + +``` +{ + ca: '-----BEGIN CERTIFICATE-----\nXXXX\nXXXX\n-----END CERTIFICATE-----' +} +``` + +Set to `null` to only allow "known" registrars, or to a specific CA cert +to trust only that specific signing authority. + +Multiple CAs can be trusted by specifying an array of certificates instead of a +single string. + +See also [`opts.strictSSL`](#opts-strictSSL), [`opts.ca`](#opts-ca) and +[`opts.key`](#opts-key) + +##### `opts.cache` + +* Type: path +* Default: null + +The location of the http cache directory. If provided, certain cachable requests +will be cached according to [IETF RFC 7234](https://tools.ietf.org/html/rfc7234) +rules. This will speed up future requests, as well as make the cached data +available offline if necessary/requested. + +See also [`offline`](#opts-offline), [`preferOffline`](#opts-preferOffline), +and [`preferOnline`](#opts-preferOnline). + +##### `opts.cert` + +* Type: String +* Default: null + +A client certificate to pass when accessing the registry. Values should be in +PEM format (Windows calls it "Base-64 encoded X.509 (.CER)") with newlines +replaced by the string `'\n'`. For example: + +``` +{ + cert: '-----BEGIN CERTIFICATE-----\nXXXX\nXXXX\n-----END CERTIFICATE-----' +} +``` + +It is _not_ the path to a certificate file (and there is no "certfile" option). + +See also: [`opts.ca`](#opts-ca) and [`opts.key`](#opts-key) + +##### `opts.fetchRetries` + +* Type: Number +* Default: 2 + +The "retries" config for [`retry`](https://npm.im/retry) to use when fetching +packages from the registry. + +See also [`opts.retry`](#opts-retry) to provide all retry options as a single +object. + +##### `opts.fetchRetryFactor` + +* Type: Number +* Default: 10 + +The "factor" config for [`retry`](https://npm.im/retry) to use when fetching +packages. + +See also [`opts.retry`](#opts-retry) to provide all retry options as a single +object. + +##### `opts.fetchRetryMintimeout` + +* Type: Number +* Default: 10000 (10 seconds) + +The "minTimeout" config for [`retry`](https://npm.im/retry) to use when fetching +packages. + +See also [`opts.retry`](#opts-retry) to provide all retry options as a single +object. + +##### `opts.fetchRetryMaxtimeout` + +* Type: Number +* Default: 60000 (1 minute) + +The "maxTimeout" config for [`retry`](https://npm.im/retry) to use when fetching +packages. + +See also [`opts.retry`](#opts-retry) to provide all retry options as a single +object. + +##### `opts.forceAuth` + +* Type: Object +* Default: null + +If present, other auth-related values in `opts` will be completely ignored, +including `alwaysAuth`, `email`, and `otp`, when calculating auth for a request, +and the auth details in `opts.forceAuth` will be used instead. + +##### `opts.gzip` + +* Type: Boolean +* Default: false + +If true, `npm-registry-fetch` will set the `Content-Encoding` header to `gzip` +and use `zlib.gzip()` or `zlib.createGzip()` to gzip-encode +[`opts.body`](#opts-body). + +##### `opts.headers` + +* Type: Object +* Default: null + +Additional headers for the outgoing request. This option can also be used to +override headers automatically generated by `npm-registry-fetch`, such as +`Content-Type`. + +##### `opts.ignoreBody` + +* Type: Boolean +* Default: false + +If true, the **response body** will be thrown away and `res.body` set to `null`. +This will prevent dangling response sockets for requests where you don't usually +care what the response body is. + +##### `opts.integrity` + +* Type: String | [SRI object](https://npm.im/ssri) +* Default: null + +If provided, the response body's will be verified against this integrity string, +using [`ssri`](https://npm.im/ssri). If verification succeeds, the response will +complete as normal. If verification fails, the response body will error with an +`EINTEGRITY` error. + +Body integrity is only verified if the body is actually consumed to completion -- +that is, if you use `res.json()`/`res.buffer()`, or if you consume the default +`res` stream data to its end. + +Cached data will have its integrity automatically verified using the +previously-generated integrity hash for the saved request information, so +`EINTEGRITY` errors can happen if [`opts.cache`](#opts-cache) is used, even if +`opts.integrity` is not passed in. + +##### `opts.isFromCI` + +* Type: Boolean +* Default: Based on environment variables + +This is used to populate the `npm-in-ci` request header sent to the registry. + +##### `opts.key` + +* Type: String +* Default: null + +A client key to pass when accessing the registry. Values should be in PEM +format with newlines replaced by the string `'\n'`. For example: + +``` +{ + key: '-----BEGIN PRIVATE KEY-----\nXXXX\nXXXX\n-----END PRIVATE KEY-----' +} +``` + +It is _not_ the path to a key file (and there is no "keyfile" option). + +See also: [`opts.ca`](#opts-ca) and [`opts.cert`](#opts-cert) + +##### `opts.localAddress` + +* Type: IP Address String +* Default: null + +The IP address of the local interface to use when making connections +to the registry. + +See also [`opts.proxy`](#opts-proxy) + +##### `opts.log` + +* Type: [`npmlog`](https://npm.im/npmlog)-like +* Default: null + +Logger object to use for logging operation details. Must have the same methods +as `npmlog`. + +##### `opts.mapJSON` + +* Type: Function +* Default: undefined + +When using `fetch.json.stream()` (NOT `fetch.json()`), this will be passed down +to [`JSONStream`](https://npm.im/JSONStream) as the second argument to +`JSONStream.parse`, and can be used to transform stream data before output. + +##### `opts.maxSockets` + +* Type: Integer +* Default: 12 + +Maximum number of sockets to keep open during requests. Has no effect if +[`opts.agent`](#opts-agent) is used. + +##### `opts.method` + +* Type: String +* Default: 'GET' + +HTTP method to use for the outgoing request. Case-insensitive. + +##### `opts.noproxy` + +* Type: Boolean +* Default: process.env.NOPROXY + +If true, proxying will be disabled even if [`opts.proxy`](#opts-proxy) is used. + +##### `opts.npmSession` + +* Type: String +* Default: null + +If provided, will be sent in the `npm-session` header. This header is used by +the npm registry to identify individual user sessions (usually individual +invocations of the CLI). + +##### `opts.npmCommand` + +* Type: String +* Default: null + +If provided, it will be sent in the `npm-command` header. This yeader is +used by the npm registry to identify the npm command that caused this +request to be made. + +##### `opts.offline` + +* Type: Boolean +* Default: false + +Force offline mode: no network requests will be done during install. To allow +`npm-registry-fetch` to fill in missing cache data, see +[`opts.preferOffline`](#opts-preferOffline). + +This option is only really useful if you're also using +[`opts.cache`](#opts-cache). + +This option is set to `true` when the request includes `write=true` in the +query string. + +##### `opts.otp` + +* Type: Number | String +* Default: null + +This is a one-time password from a two-factor authenticator. It is required for +certain registry interactions when two-factor auth is enabled for a user +account. + +##### `opts.password` + +* Alias: `_password` +* Type: String +* Default: null + +Password used for basic authentication. For the more modern authentication +method, please use the (more secure) [`opts.token`](#opts-token) + +Can optionally be scoped to a registry by using a "nerf dart" for that registry. +That is: + +``` +{ + '//registry.npmjs.org/:password': 't0k3nH34r' +} +``` + +See also [`opts.username`](#opts-username) + +##### `opts.preferOffline` + +* Type: Boolean +* Default: false + +If true, staleness checks for cached data will be bypassed, but missing data +will be requested from the server. To force full offline mode, use +[`opts.offline`](#opts-offline). + +This option is generally only useful if you're also using +[`opts.cache`](#opts-cache). + +This option is set to `false` when the request includes `write=true` in the +query string. + +##### `opts.preferOnline` + +* Type: Boolean +* Default: false + +If true, staleness checks for cached data will be forced, making the CLI look +for updates immediately even for fresh package data. + +This option is generally only useful if you're also using +[`opts.cache`](#opts-cache). + +This option is set to `true` when the request includes `write=true` in the +query string. + +##### `opts.projectScope` + +* Type: String +* Default: null + +If provided, will be sent in the `npm-scope` header. This header is used by the +npm registry to identify the toplevel package scope that a particular project +installation is using. + +##### `opts.proxy` + +* Type: url +* Default: null + +A proxy to use for outgoing http requests. If not passed in, the `HTTP(S)_PROXY` +environment variable will be used. + +##### `opts.query` + +* Type: String | Object +* Default: null + +If provided, the request URI will have a query string appended to it using this +query. If `opts.query` is an object, it will be converted to a query string +using +[`querystring.stringify()`](https://nodejs.org/api/querystring.html#querystring_querystring_stringify_obj_sep_eq_options). + +If the request URI already has a query string, it will be merged with +`opts.query`, preferring `opts.query` values. + +##### `opts.registry` + +* Type: URL +* Default: `'https://registry.npmjs.org'` + +Registry configuration for a request. If a request URL only includes the URL +path, this registry setting will be prepended. This configuration is also used +to determine authentication details, so even if the request URL references a +completely different host, `opts.registry` will be used to find the auth details +for that request. + +See also [`opts.scope`](#opts-scope), [`opts.spec`](#opts-spec), and +[`opts.:registry`](#opts-scope-registry) which can all affect the actual +registry URL used by the outgoing request. + +##### `opts.retry` + +* Type: Object +* Default: null + +Single-object configuration for request retry settings. If passed in, will +override individually-passed `fetch-retry-*` settings. + +##### `opts.scope` + +* Type: String +* Default: null + +Associate an operation with a scope for a scoped registry. This option can force +lookup of scope-specific registries and authentication. + +See also [`opts.:registry`](#opts-scope-registry) and +[`opts.spec`](#opts-spec) for interactions with this option. + +##### `opts.:registry` + +* Type: String +* Default: null + +This option type can be used to configure the registry used for requests +involving a particular scope. For example, `opts['@myscope:registry'] = +'https://scope-specific.registry/'` will make it so requests go out to this +registry instead of [`opts.registry`](#opts-registry) when +[`opts.scope`](#opts-scope) is used, or when [`opts.spec`](#opts-spec) is a +scoped package spec. + +The `@` before the scope name is optional, but recommended. + +##### `opts.spec` + +* Type: String | [`npm-registry-arg`](https://npm.im/npm-registry-arg) object. +* Default: null + +If provided, can be used to automatically configure [`opts.scope`](#opts-scope) +based on a specific package name. Non-registry package specs will throw an +error. + +##### `opts.strictSSL` + +* Type: Boolean +* Default: true + +Whether or not to do SSL key validation when making requests to the +registry via https. + +See also [`opts.ca`](#opts-ca). + +##### `opts.timeout` + +* Type: Milliseconds +* Default: 300000 (5 minutes) + +Time before a hanging request times out. + +##### `opts.token` + +* Alias: `opts._authToken` +* Type: String +* Default: null + +Authentication token string. + +Can be scoped to a registry by using a "nerf dart" for that registry. That is: + +``` +{ + '//registry.npmjs.org/:token': 't0k3nH34r' +} +``` + +##### `opts.userAgent` + +* Type: String +* Default: `'npm-registry-fetch@/node@+ ()'` + +User agent string to send in the `User-Agent` header. + +##### `opts.username` + +* Type: String +* Default: null + +Username used for basic authentication. For the more modern authentication +method, please use the (more secure) [`opts.token`](#opts-token) + +Can optionally be scoped to a registry by using a "nerf dart" for that registry. +That is: + +``` +{ + '//registry.npmjs.org/:username': 't0k3nH34r' +} +``` + +See also [`opts.password`](#opts-password) + +##### `opts._auth` + +* Type: String +* Default: null + +** DEPRECATED ** This is a legacy authentication token supported only for +compatibility. Please use [`opts.token`](#opts-token) instead. diff --git a/node_modules/libnpmteam/node_modules/npm-registry-fetch/auth.js b/node_modules/libnpmteam/node_modules/npm-registry-fetch/auth.js new file mode 100644 index 0000000000000..11c3bde6b4e6c --- /dev/null +++ b/node_modules/libnpmteam/node_modules/npm-registry-fetch/auth.js @@ -0,0 +1,55 @@ +'use strict' + +const defaultOpts = require('./default-opts.js') +const url = require('url') + +module.exports = getAuth +function getAuth (registry, opts_ = {}) { + if (!registry) { throw new Error('registry is required') } + const opts = opts_.forceAuth ? opts_.forceAuth : { ...defaultOpts, ...opts_ } + const AUTH = {} + const regKey = registry && registryKey(registry) + const doKey = (key, alias) => addKey(opts, AUTH, regKey, key, alias) + doKey('token') + doKey('_authToken', 'token') + doKey('username') + doKey('password') + doKey('_password', 'password') + doKey('email') + doKey('_auth') + doKey('otp') + doKey('always-auth', 'alwaysAuth') + if (AUTH.password) { + AUTH.password = Buffer.from(AUTH.password, 'base64').toString('utf8') + } + if (AUTH._auth && !(AUTH.username && AUTH.password)) { + let auth = Buffer.from(AUTH._auth, 'base64').toString() + auth = auth.split(':') + AUTH.username = auth.shift() + AUTH.password = auth.join(':') + } + AUTH.alwaysAuth = AUTH.alwaysAuth === 'false' ? false : !!AUTH.alwaysAuth + return AUTH +} + +function addKey (opts, obj, scope, key, objKey) { + if (opts[key]) { + obj[objKey || key] = opts[key] + } + if (scope && opts[`${scope}:${key}`]) { + obj[objKey || key] = opts[`${scope}:${key}`] + } +} + +// Called a nerf dart in the main codebase. Used as a "safe" +// key when fetching registry info from config. +function registryKey (registry) { + const parsed = new url.URL(registry) + const formatted = url.format({ + protocol: parsed.protocol, + host: parsed.host, + pathname: parsed.pathname, + slashes: true + }) + return url.format(new url.URL('.', formatted)).replace(/^[^:]+:/, '') +} diff --git a/node_modules/libnpmteam/node_modules/npm-registry-fetch/check-response.js b/node_modules/libnpmteam/node_modules/npm-registry-fetch/check-response.js new file mode 100644 index 0000000000000..f151711f30160 --- /dev/null +++ b/node_modules/libnpmteam/node_modules/npm-registry-fetch/check-response.js @@ -0,0 +1,128 @@ +'use strict' + +const errors = require('./errors.js') +const LRU = require('lru-cache') +const { Response } = require('minipass-fetch') +const defaultOpts = require('./default-opts.js') + +module.exports = checkResponse +function checkResponse (method, res, registry, startTime, opts_ = {}) { + const opts = { ...defaultOpts, ...opts_ } + if (res.headers.has('npm-notice') && !res.headers.has('x-local-cache')) { + opts.log.notice('', res.headers.get('npm-notice')) + } + checkWarnings(res, registry, opts) + if (res.status >= 400) { + logRequest(method, res, startTime, opts) + return checkErrors(method, res, startTime, opts) + } else { + res.body.on('end', () => logRequest(method, res, startTime, opts)) + if (opts.ignoreBody) { + res.body.resume() + return new Response(null, res) + } + return res + } +} + +function logRequest (method, res, startTime, opts) { + const elapsedTime = Date.now() - startTime + const attempt = res.headers.get('x-fetch-attempts') + const attemptStr = attempt && attempt > 1 ? ` attempt #${attempt}` : '' + const cacheStr = res.headers.get('x-local-cache') ? ' (from cache)' : '' + + let urlStr + try { + const { URL } = require('url') + const url = new URL(res.url) + if (url.password) { + url.password = '***' + } + urlStr = url.toString() + } catch (er) { + urlStr = res.url + } + + opts.log.http( + 'fetch', + `${method.toUpperCase()} ${res.status} ${urlStr} ${elapsedTime}ms${attemptStr}${cacheStr}` + ) +} + +const WARNING_REGEXP = /^\s*(\d{3})\s+(\S+)\s+"(.*)"\s+"([^"]+)"/ +const BAD_HOSTS = new LRU({ max: 50 }) + +function checkWarnings (res, registry, opts) { + if (res.headers.has('warning') && !BAD_HOSTS.has(registry)) { + const warnings = {} + // note: headers.raw() will preserve case, so we might have a + // key on the object like 'WaRnInG' if that was used first + for (const [key, value] of Object.entries(res.headers.raw())) { + if (key.toLowerCase() !== 'warning') { continue } + value.forEach(w => { + const match = w.match(WARNING_REGEXP) + if (match) { + warnings[match[1]] = { + code: match[1], + host: match[2], + message: match[3], + date: new Date(match[4]) + } + } + }) + } + BAD_HOSTS.set(registry, true) + if (warnings['199']) { + if (warnings['199'].message.match(/ENOTFOUND/)) { + opts.log.warn('registry', `Using stale data from ${registry} because the host is inaccessible -- are you offline?`) + } else { + opts.log.warn('registry', `Unexpected warning for ${registry}: ${warnings['199'].message}`) + } + } + if (warnings['111']) { + // 111 Revalidation failed -- we're using stale data + opts.log.warn( + 'registry', + `Using stale data from ${registry} due to a request error during revalidation.` + ) + } + } +} + +function checkErrors (method, res, startTime, opts) { + return res.buffer() + .catch(() => null) + .then(body => { + let parsed = body + try { + parsed = JSON.parse(body.toString('utf8')) + } catch (e) {} + if (res.status === 401 && res.headers.get('www-authenticate')) { + const auth = res.headers.get('www-authenticate') + .split(/,\s*/) + .map(s => s.toLowerCase()) + if (auth.indexOf('ipaddress') !== -1) { + throw new errors.HttpErrorAuthIPAddress( + method, res, parsed, opts.spec + ) + } else if (auth.indexOf('otp') !== -1) { + throw new errors.HttpErrorAuthOTP( + method, res, parsed, opts.spec + ) + } else { + throw new errors.HttpErrorAuthUnknown( + method, res, parsed, opts.spec + ) + } + } else if (res.status === 401 && body != null && /one-time pass/.test(body.toString('utf8'))) { + // Heuristic for malformed OTP responses that don't include the www-authenticate header. + throw new errors.HttpErrorAuthOTP( + method, res, parsed, opts.spec + ) + } else { + throw new errors.HttpErrorGeneral( + method, res, parsed, opts.spec + ) + } + }) +} diff --git a/node_modules/libnpmteam/node_modules/npm-registry-fetch/default-opts.js b/node_modules/libnpmteam/node_modules/npm-registry-fetch/default-opts.js new file mode 100644 index 0000000000000..b742fd5a5fcd4 --- /dev/null +++ b/node_modules/libnpmteam/node_modules/npm-registry-fetch/default-opts.js @@ -0,0 +1,22 @@ +const pkg = require('./package.json') +const ciDetect = require('@npmcli/ci-detect') +module.exports = { + isFromCI: ciDetect(), + log: require('./silentlog.js'), + maxSockets: 12, + method: 'GET', + registry: 'https://registry.npmjs.org/', + timeout: 5 * 60 * 1000, // 5 minutes + strictSSL: true, + noProxy: process.env.NOPROXY, + userAgent: `${pkg.name + }@${ + pkg.version + }/node@${ + process.version + }+${ + process.arch + } (${ + process.platform + })` +} diff --git a/node_modules/libnpmteam/node_modules/npm-registry-fetch/errors.js b/node_modules/libnpmteam/node_modules/npm-registry-fetch/errors.js new file mode 100644 index 0000000000000..c41947e29952d --- /dev/null +++ b/node_modules/libnpmteam/node_modules/npm-registry-fetch/errors.js @@ -0,0 +1,79 @@ +'use strict' + +const url = require('url') + +function packageName (href) { + try { + let basePath = new url.URL(href).pathname.substr(1) + if (!basePath.match(/^-/)) { + basePath = basePath.split('/') + var index = basePath.indexOf('_rewrite') + if (index === -1) { + index = basePath.length - 1 + } else { + index++ + } + return decodeURIComponent(basePath[index]) + } + } catch (_) { + // this is ok + } +} + +class HttpErrorBase extends Error { + constructor (method, res, body, spec) { + super() + this.headers = res.headers.raw() + this.statusCode = res.status + this.code = `E${res.status}` + this.method = method + this.uri = res.url + this.body = body + this.pkgid = spec ? spec.toString() : packageName(res.url) + } +} +module.exports.HttpErrorBase = HttpErrorBase + +class HttpErrorGeneral extends HttpErrorBase { + constructor (method, res, body, spec) { + super(method, res, body, spec) + this.message = `${res.status} ${res.statusText} - ${ + this.method.toUpperCase() + } ${ + this.spec || this.uri + }${ + (body && body.error) ? ' - ' + body.error : '' + }` + Error.captureStackTrace(this, HttpErrorGeneral) + } +} +module.exports.HttpErrorGeneral = HttpErrorGeneral + +class HttpErrorAuthOTP extends HttpErrorBase { + constructor (method, res, body, spec) { + super(method, res, body, spec) + this.message = 'OTP required for authentication' + this.code = 'EOTP' + Error.captureStackTrace(this, HttpErrorAuthOTP) + } +} +module.exports.HttpErrorAuthOTP = HttpErrorAuthOTP + +class HttpErrorAuthIPAddress extends HttpErrorBase { + constructor (method, res, body, spec) { + super(method, res, body, spec) + this.message = 'Login is not allowed from your IP address' + this.code = 'EAUTHIP' + Error.captureStackTrace(this, HttpErrorAuthIPAddress) + } +} +module.exports.HttpErrorAuthIPAddress = HttpErrorAuthIPAddress + +class HttpErrorAuthUnknown extends HttpErrorBase { + constructor (method, res, body, spec) { + super(method, res, body, spec) + this.message = 'Unable to authenticate, need: ' + res.headers.get('www-authenticate') + Error.captureStackTrace(this, HttpErrorAuthUnknown) + } +} +module.exports.HttpErrorAuthUnknown = HttpErrorAuthUnknown diff --git a/node_modules/libnpmteam/node_modules/npm-registry-fetch/index.js b/node_modules/libnpmteam/node_modules/npm-registry-fetch/index.js new file mode 100644 index 0000000000000..2324e7fbfd00b --- /dev/null +++ b/node_modules/libnpmteam/node_modules/npm-registry-fetch/index.js @@ -0,0 +1,219 @@ +'use strict' + +const checkResponse = require('./check-response.js') +const getAuth = require('./auth.js') +const fetch = require('make-fetch-happen') +const JSONStream = require('minipass-json-stream') +const npa = require('npm-package-arg') +const qs = require('querystring') +const url = require('url') +const zlib = require('minizlib') +const Minipass = require('minipass') + +const defaultOpts = require('./default-opts.js') + +// WhatWG URL throws if it's not fully resolved +const urlIsValid = u => { + try { + return !!new url.URL(u) + } catch (_) { + return false + } +} + +module.exports = regFetch +function regFetch (uri, /* istanbul ignore next */ opts_ = {}) { + const opts = { + ...defaultOpts, + ...opts_ + } + const registry = opts.registry = ( + (opts.spec && pickRegistry(opts.spec, opts)) || + (opts.publishConfig && opts.publishConfig.registry) || + opts.registry || + /* istanbul ignore next */ + 'https://registry.npmjs.org/' + ) + + if (!urlIsValid(uri)) { + uri = `${ + registry.trim().replace(/\/?$/g, '') + }/${ + uri.trim().replace(/^\//, '') + }` + } + + const method = opts.method || 'GET' + + // through that takes into account the scope, the prefix of `uri`, etc + const startTime = Date.now() + const headers = getHeaders(registry, uri, opts) + let body = opts.body + const bodyIsStream = Minipass.isStream(body) + const bodyIsPromise = body && + typeof body === 'object' && + typeof body.then === 'function' + + if (body && !bodyIsStream && !bodyIsPromise && typeof body !== 'string' && !Buffer.isBuffer(body)) { + headers['content-type'] = headers['content-type'] || 'application/json' + body = JSON.stringify(body) + } else if (body && !headers['content-type']) { + headers['content-type'] = 'application/octet-stream' + } + + if (opts.gzip) { + headers['content-encoding'] = 'gzip' + if (bodyIsStream) { + const gz = new zlib.Gzip() + body.on('error', /* istanbul ignore next: unlikely and hard to test */ + err => gz.emit('error', err)) + body = body.pipe(gz) + } else if (!bodyIsPromise) { + body = new zlib.Gzip().end(body).concat() + } + } + + const parsed = new url.URL(uri) + + if (opts.query) { + const q = typeof opts.query === 'string' + ? qs.parse(opts.query) + : opts.query + + Object.keys(q).forEach(key => { + if (q[key] !== undefined) { + parsed.searchParams.set(key, q[key]) + } + }) + uri = url.format(parsed) + } + + if (parsed.searchParams.get('write') === 'true' && method === 'GET') { + // do not cache, because this GET is fetching a rev that will be + // used for a subsequent PUT or DELETE, so we need to conditionally + // update cache. + opts.offline = false + opts.preferOffline = false + opts.preferOnline = true + } + + const doFetch = (body) => fetch(uri, { + agent: opts.agent, + algorithms: opts.algorithms, + body, + cache: getCacheMode(opts), + cacheManager: opts.cache, + ca: opts.ca, + cert: opts.cert, + headers, + integrity: opts.integrity, + key: opts.key, + localAddress: opts.localAddress, + maxSockets: opts.maxSockets, + memoize: opts.memoize, + method: method, + noProxy: opts.noProxy, + proxy: opts.httpsProxy || opts.proxy, + retry: opts.retry ? opts.retry : { + retries: opts.fetchRetries, + factor: opts.fetchRetryFactor, + minTimeout: opts.fetchRetryMintimeout, + maxTimeout: opts.fetchRetryMaxtimeout + }, + strictSSL: opts.strictSSL, + timeout: opts.timeout || 30 * 1000 + }).then(res => checkResponse( + method, res, registry, startTime, opts + )) + + return Promise.resolve(body).then(doFetch) +} + +module.exports.json = fetchJSON +function fetchJSON (uri, opts) { + return regFetch(uri, opts).then(res => res.json()) +} + +module.exports.json.stream = fetchJSONStream +function fetchJSONStream (uri, jsonPath, /* istanbul ignore next */ opts_ = {}) { + const opts = { ...defaultOpts, ...opts_ } + const parser = JSONStream.parse(jsonPath, opts.mapJSON) + regFetch(uri, opts).then(res => + res.body.on('error', + /* istanbul ignore next: unlikely and difficult to test */ + er => parser.emit('error', er)).pipe(parser) + ).catch(er => parser.emit('error', er)) + return parser +} + +module.exports.pickRegistry = pickRegistry +function pickRegistry (spec, opts = {}) { + spec = npa(spec) + let registry = spec.scope && + opts[spec.scope.replace(/^@?/, '@') + ':registry'] + + if (!registry && opts.scope) { + registry = opts[opts.scope.replace(/^@?/, '@') + ':registry'] + } + + if (!registry && opts.publishConfig) { + registry = opts.publishConfig.registry + } + + if (!registry) { + registry = opts.registry || 'https://registry.npmjs.org/' + } + + return registry +} + +function getCacheMode (opts) { + return opts.offline + ? 'only-if-cached' + : opts.preferOffline + ? 'force-cache' + : opts.preferOnline + ? 'no-cache' + : 'default' +} + +function getHeaders (registry, uri, opts) { + const headers = Object.assign({ + 'npm-in-ci': !!opts.isFromCI, + 'user-agent': opts.userAgent + }, opts.headers || {}) + + if (opts.projectScope) { + headers['npm-scope'] = opts.projectScope + } + + if (opts.npmSession) { + headers['npm-session'] = opts.npmSession + } + + if (opts.npmCommand) { + headers['npm-command'] = opts.npmCommand + } + + const auth = getAuth(registry, opts) + // If a tarball is hosted on a different place than the manifest, only send + // credentials on `alwaysAuth` + const shouldAuth = ( + auth.alwaysAuth || + new url.URL(uri).host === new url.URL(registry).host + ) + if (shouldAuth && auth.token) { + headers.authorization = `Bearer ${auth.token}` + } else if (shouldAuth && auth.username && auth.password) { + const encoded = Buffer.from( + `${auth.username}:${auth.password}`, 'utf8' + ).toString('base64') + headers.authorization = `Basic ${encoded}` + } else if (shouldAuth && auth._auth) { + headers.authorization = `Basic ${auth._auth}` + } + if (shouldAuth && auth.otp) { + headers['npm-otp'] = auth.otp + } + return headers +} diff --git a/node_modules/libnpmteam/node_modules/npm-registry-fetch/package.json b/node_modules/libnpmteam/node_modules/npm-registry-fetch/package.json new file mode 100644 index 0000000000000..5aeddc5b39102 --- /dev/null +++ b/node_modules/libnpmteam/node_modules/npm-registry-fetch/package.json @@ -0,0 +1,59 @@ +{ + "name": "npm-registry-fetch", + "version": "8.1.5", + "description": "Fetch-based http client for use with npm registry APIs", + "main": "index.js", + "files": [ + "*.js", + "lib" + ], + "scripts": { + "postrelease": "npm publish", + "posttest": "standard", + "prepublishOnly": "git push --follow-tags", + "prerelease": "npm t", + "release": "standard-version -s", + "test": "tap" + }, + "repository": "https://github.com/npm/registry-fetch", + "keywords": [ + "npm", + "registry", + "fetch" + ], + "author": { + "name": "Kat Marchán", + "email": "kzm@sykosomatic.org", + "twitter": "maybekatz" + }, + "license": "ISC", + "dependencies": { + "@npmcli/ci-detect": "^1.0.0", + "lru-cache": "^6.0.0", + "make-fetch-happen": "^8.0.9", + "minipass": "^3.1.3", + "minipass-fetch": "^1.3.0", + "minipass-json-stream": "^1.0.1", + "minizlib": "^2.0.0", + "npm-package-arg": "^8.0.0" + }, + "devDependencies": { + "cacache": "^15.0.0", + "mkdirp": "^0.5.1", + "nock": "^11.7.0", + "npmlog": "^4.1.2", + "require-inject": "^1.4.4", + "rimraf": "^2.6.2", + "ssri": "^8.0.0", + "standard": "^14.3.3", + "standard-version": "^7.1.0", + "tap": "^14.10.7" + }, + "tap": { + "check-coverage": true, + "test-ignore": "test[\\\\/](util|cache)[\\\\/]" + }, + "engines": { + "node": ">=10" + } +} diff --git a/node_modules/libnpmteam/node_modules/npm-registry-fetch/silentlog.js b/node_modules/libnpmteam/node_modules/npm-registry-fetch/silentlog.js new file mode 100644 index 0000000000000..886c5d55b2dbb --- /dev/null +++ b/node_modules/libnpmteam/node_modules/npm-registry-fetch/silentlog.js @@ -0,0 +1,14 @@ +'use strict' + +const noop = Function.prototype +module.exports = { + error: noop, + warn: noop, + notice: noop, + info: noop, + verbose: noop, + silly: noop, + http: noop, + pause: noop, + resume: noop +} diff --git a/node_modules/npm-profile/node_modules/npm-registry-fetch/CHANGELOG.md b/node_modules/npm-profile/node_modules/npm-registry-fetch/CHANGELOG.md new file mode 100644 index 0000000000000..fc26ee1bda4ba --- /dev/null +++ b/node_modules/npm-profile/node_modules/npm-registry-fetch/CHANGELOG.md @@ -0,0 +1,384 @@ +# Changelog + +All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines. + +### [8.1.5](https://github.com/npm/registry-fetch/compare/v8.1.4...v8.1.5) (2020-10-12) + + +### Bug Fixes + +* respect publishConfig.registry when specified ([32e36ef](https://github.com/npm/registry-fetch/commit/32e36efe86302ed319973cd5b1e6ccc3f62e557e)), closes [#35](https://github.com/npm/registry-fetch/issues/35) + +### [8.1.4](https://github.com/npm/registry-fetch/compare/v8.1.3...v8.1.4) (2020-08-17) + + +### Bug Fixes + +* redact passwords from http logs ([3c294eb](https://github.com/npm/registry-fetch/commit/3c294ebbd7821725db4ff1bc5fe368c49613efcc)) + +### [8.1.3](https://github.com/npm/registry-fetch/compare/v8.1.2...v8.1.3) (2020-07-21) + +### [8.1.2](https://github.com/npm/registry-fetch/compare/v8.1.1...v8.1.2) (2020-07-11) + +### [8.1.1](https://github.com/npm/registry-fetch/compare/v8.1.0...v8.1.1) (2020-06-30) + +## [8.1.0](https://github.com/npm/registry-fetch/compare/v8.0.3...v8.1.0) (2020-05-20) + + +### Features + +* add npm-command HTTP header ([1bb4eb2](https://github.com/npm/registry-fetch/commit/1bb4eb2c66ee8a0dc62558bdcff1b548e2bb9820)) + +### [8.0.3](https://github.com/npm/registry-fetch/compare/v8.0.2...v8.0.3) (2020-05-13) + + +### Bug Fixes + +* update minipass and make-fetch-happen to latest ([3b6c5d0](https://github.com/npm/registry-fetch/commit/3b6c5d0d8ccd4c4a97862a65acef956f19aec127)), closes [#23](https://github.com/npm/registry-fetch/issues/23) + +### [8.0.2](https://github.com/npm/registry-fetch/compare/v8.0.1...v8.0.2) (2020-05-04) + + +### Bug Fixes + +* update make-fetch-happen to 8.0.6 ([226df2c](https://github.com/npm/registry-fetch/commit/226df2c32e3f9ed8ceefcfdbd11efb178181b442)) + +## [8.0.0](https://github.com/npm/registry-fetch/compare/v7.0.1...v8.0.0) (2020-02-24) + + +### ⚠ BREAKING CHANGES + +* Removes the 'opts.refer' option and the HTTP Referer +header (unless explicitly added to the 'headers' option, of course). + +PR-URL: https://github.com/npm/npm-registry-fetch/pull/25 +Credit: @isaacs + +### Bug Fixes + +* remove referer header and opts.refer ([eb8f7af](https://github.com/npm/registry-fetch/commit/eb8f7af3c102834856604c1be664b00ca0fe8ef2)), closes [#25](https://github.com/npm/registry-fetch/issues/25) + +### [7.0.1](https://github.com/npm/registry-fetch/compare/v7.0.0...v7.0.1) (2020-02-24) + +## [7.0.0](https://github.com/npm/registry-fetch/compare/v6.0.2...v7.0.0) (2020-02-18) + + +### ⚠ BREAKING CHANGES + +* figgy pudding is now nowhere to be found. +* this removes figgy-pudding, and drops several option +aliases. + +Defaults and behavior are all the same, and this module is now using the +canonical camelCase option names that npm v7 will provide to all its +deps. + +Related to: https://github.com/npm/rfcs/pull/102 + +PR-URL: https://github.com/npm/npm-registry-fetch/pull/22 +Credit: @isaacs + +### Bug Fixes + +* Remove figgy-pudding, use canonical option names ([ede3c08](https://github.com/npm/registry-fetch/commit/ede3c087007fd1808e02b1af70562220d03b18a9)), closes [#22](https://github.com/npm/registry-fetch/issues/22) + + +* update cacache, ssri, make-fetch-happen ([57fcc88](https://github.com/npm/registry-fetch/commit/57fcc889bee03edcc0a2025d96a171039108c231)) + +### [6.0.2](https://github.com/npm/registry-fetch/compare/v6.0.1...v6.0.2) (2020-02-14) + + +### Bug Fixes + +* always bypass cache when ?write=true ([83f89f3](https://github.com/npm/registry-fetch/commit/83f89f35abd2ed0507c869e37f90ed746375772c)) + +### [6.0.1](https://github.com/npm/registry-fetch/compare/v6.0.0...v6.0.1) (2020-02-14) + + +### Bug Fixes + +* use 30s default for timeout as per README ([50e8afc](https://github.com/npm/registry-fetch/commit/50e8afc6ff850542feb588f9f9c64ebae59e72a0)), closes [#20](https://github.com/npm/registry-fetch/issues/20) + +## [6.0.0](https://github.com/npm/registry-fetch/compare/v5.0.1...v6.0.0) (2019-12-17) + + +### ⚠ BREAKING CHANGES + +* This drops support for node < 10. + +There are some lint failures due to standard pushing for using WhatWG URL +objects instead of url.parse/url.resolve. However, the code in this lib +does some fancy things with the query/search portions of the parsed url +object, so it'll take a bit of care to make it work properly. + +### Bug Fixes + +* detect CI so our tests don't fail in CI ([5813da6](https://github.com/npm/registry-fetch/commit/5813da634cef73b12e40373972d7937e6934fce0)) +* Use WhatWG URLs instead of url.parse ([8ccfa8a](https://github.com/npm/registry-fetch/commit/8ccfa8a72c38cfedb0f525b7f453644fd4444f99)) + + +* normalize settings, drop old nodes, update deps ([510b125](https://github.com/npm/registry-fetch/commit/510b1255cc7ed4bb397a34e0007757dae33e2275)) + + +## [5.0.1](https://github.com/npm/registry-fetch/compare/v5.0.0...v5.0.1) (2019-11-11) + + + + +# [5.0.0](https://github.com/npm/registry-fetch/compare/v4.0.2...v5.0.0) (2019-10-04) + + +### Bug Fixes + +* prefer const in getAuth function ([90ac7b1](https://github.com/npm/registry-fetch/commit/90ac7b1)) +* use minizlib instead of core zlib ([e64702e](https://github.com/npm/registry-fetch/commit/e64702e)) + + +### Features + +* refactor to use Minipass streams ([bb37f20](https://github.com/npm/registry-fetch/commit/bb37f20)) + + +### BREAKING CHANGES + +* this replaces all core streams (except for some +PassThrough streams in a few tests) with Minipass streams, and updates +all deps to the latest and greatest Minipass versions of things. + + + + +## [4.0.2](https://github.com/npm/registry-fetch/compare/v4.0.0...v4.0.2) (2019-10-04) + + +### Bug Fixes + +* Add null check on body on 401 errors ([e3a0186](https://github.com/npm/registry-fetch/commit/e3a0186)), closes [#9](https://github.com/npm/registry-fetch/issues/9) +* **deps:** Add explicit dependency on safe-buffer ([8eae5f0](https://github.com/npm/registry-fetch/commit/8eae5f0)), closes [npm/libnpmaccess#2](https://github.com/npm/libnpmaccess/issues/2) [#3](https://github.com/npm/registry-fetch/issues/3) + + + + +# [4.0.0](https://github.com/npm/registry-fetch/compare/v3.9.1...v4.0.0) (2019-07-15) + + +* cacache@12.0.0, infer uid from cache folder ([0c4f060](https://github.com/npm/registry-fetch/commit/0c4f060)) + + +### BREAKING CHANGES + +* uid and gid are inferred from cache folder, rather than +being passed in as options. + + + + +## [3.9.1](https://github.com/npm/registry-fetch/compare/v3.9.0...v3.9.1) (2019-07-02) + + + + +# [3.9.0](https://github.com/npm/registry-fetch/compare/v3.8.0...v3.9.0) (2019-01-24) + + +### Features + +* **auth:** support username:password encoded legacy _auth ([a91f90c](https://github.com/npm/registry-fetch/commit/a91f90c)) + + + + +# [3.8.0](https://github.com/npm/registry-fetch/compare/v3.7.0...v3.8.0) (2018-08-23) + + +### Features + +* **mapJson:** add support for passing in json stream mapper ([0600986](https://github.com/npm/registry-fetch/commit/0600986)) + + + + +# [3.7.0](https://github.com/npm/registry-fetch/compare/v3.6.0...v3.7.0) (2018-08-23) + + +### Features + +* **json.stream:** add utility function for streamed JSON parsing ([051d969](https://github.com/npm/registry-fetch/commit/051d969)) + + + + +# [3.6.0](https://github.com/npm/registry-fetch/compare/v3.5.0...v3.6.0) (2018-08-22) + + +### Bug Fixes + +* **docs:** document opts.forceAuth ([40bcd65](https://github.com/npm/registry-fetch/commit/40bcd65)) + + +### Features + +* **opts.ignoreBody:** add a boolean to throw away response bodies ([6923702](https://github.com/npm/registry-fetch/commit/6923702)) + + + + +# [3.5.0](https://github.com/npm/registry-fetch/compare/v3.4.0...v3.5.0) (2018-08-22) + + +### Features + +* **pkgid:** heuristic pkgid calculation for errors ([2e789a5](https://github.com/npm/registry-fetch/commit/2e789a5)) + + + + +# [3.4.0](https://github.com/npm/registry-fetch/compare/v3.3.0...v3.4.0) (2018-08-22) + + +### Bug Fixes + +* **deps:** use new figgy-pudding with aliases fix ([0308f54](https://github.com/npm/registry-fetch/commit/0308f54)) + + +### Features + +* **auth:** add forceAuth option to force a specific auth mechanism ([4524d17](https://github.com/npm/registry-fetch/commit/4524d17)) + + + + +# [3.3.0](https://github.com/npm/registry-fetch/compare/v3.2.1...v3.3.0) (2018-08-21) + + +### Bug Fixes + +* **query:** stop including undefined keys ([4718b1b](https://github.com/npm/registry-fetch/commit/4718b1b)) + + +### Features + +* **otp:** use heuristic detection for malformed EOTP responses ([f035194](https://github.com/npm/registry-fetch/commit/f035194)) + + + + +## [3.2.1](https://github.com/npm/registry-fetch/compare/v3.2.0...v3.2.1) (2018-08-16) + + +### Bug Fixes + +* **opts:** pass through non-null opts.retry ([beba040](https://github.com/npm/registry-fetch/commit/beba040)) + + + + +# [3.2.0](https://github.com/npm/registry-fetch/compare/v3.1.1...v3.2.0) (2018-07-27) + + +### Features + +* **gzip:** add opts.gzip convenience opt ([340abe0](https://github.com/npm/registry-fetch/commit/340abe0)) + + + + +## [3.1.1](https://github.com/npm/registry-fetch/compare/v3.1.0...v3.1.1) (2018-04-09) + + + + +# [3.1.0](https://github.com/npm/registry-fetch/compare/v3.0.0...v3.1.0) (2018-04-09) + + +### Features + +* **config:** support no-proxy and https-proxy options ([9aa906b](https://github.com/npm/registry-fetch/commit/9aa906b)) + + + + +# [3.0.0](https://github.com/npm/registry-fetch/compare/v2.1.0...v3.0.0) (2018-04-09) + + +### Bug Fixes + +* **api:** pacote integration-related fixes ([a29de4f](https://github.com/npm/registry-fetch/commit/a29de4f)) +* **config:** stop caring about opts.config ([5856a6f](https://github.com/npm/registry-fetch/commit/5856a6f)) + + +### BREAKING CHANGES + +* **config:** opts.config is no longer supported. Pass the options down in opts itself. + + + + +# [2.1.0](https://github.com/npm/registry-fetch/compare/v2.0.0...v2.1.0) (2018-04-08) + + +### Features + +* **token:** accept opts.token for opts._authToken ([108c9f0](https://github.com/npm/registry-fetch/commit/108c9f0)) + + + + +# [2.0.0](https://github.com/npm/registry-fetch/compare/v1.1.1...v2.0.0) (2018-04-08) + + +### meta + +* drop support for node@4 ([758536e](https://github.com/npm/registry-fetch/commit/758536e)) + + +### BREAKING CHANGES + +* node@4 is no longer supported + + + + +## [1.1.1](https://github.com/npm/registry-fetch/compare/v1.1.0...v1.1.1) (2018-04-06) + + + + +# [1.1.0](https://github.com/npm/registry-fetch/compare/v1.0.1...v1.1.0) (2018-03-16) + + +### Features + +* **specs:** can use opts.spec to trigger pickManifest ([85c4ac9](https://github.com/npm/registry-fetch/commit/85c4ac9)) + + + + +## [1.0.1](https://github.com/npm/registry-fetch/compare/v1.0.0...v1.0.1) (2018-03-16) + + +### Bug Fixes + +* **query:** oops console.log ([870e4f5](https://github.com/npm/registry-fetch/commit/870e4f5)) + + + + +# 1.0.0 (2018-03-16) + + +### Bug Fixes + +* **auth:** get auth working with all the little details ([84b94ba](https://github.com/npm/registry-fetch/commit/84b94ba)) +* **deps:** add bluebird as an actual dep ([1286e31](https://github.com/npm/registry-fetch/commit/1286e31)) +* **errors:** Unknown auth errors use default code ([#1](https://github.com/npm/registry-fetch/issues/1)) ([3d91b93](https://github.com/npm/registry-fetch/commit/3d91b93)) +* **standard:** remove args from invocation ([9620a0a](https://github.com/npm/registry-fetch/commit/9620a0a)) + + +### Features + +* **api:** baseline kinda-working API impl ([bf91f9f](https://github.com/npm/registry-fetch/commit/bf91f9f)) +* **body:** automatic handling of different opts.body values ([f3b97db](https://github.com/npm/registry-fetch/commit/f3b97db)) +* **config:** nicer input config input handling ([b9ce21d](https://github.com/npm/registry-fetch/commit/b9ce21d)) +* **opts:** use figgy-pudding for opts handling ([0abd527](https://github.com/npm/registry-fetch/commit/0abd527)) +* **query:** add query utility support ([65ea8b1](https://github.com/npm/registry-fetch/commit/65ea8b1)) diff --git a/node_modules/npm-profile/node_modules/npm-registry-fetch/LICENSE.md b/node_modules/npm-profile/node_modules/npm-registry-fetch/LICENSE.md new file mode 100644 index 0000000000000..8d28acf866d93 --- /dev/null +++ b/node_modules/npm-profile/node_modules/npm-registry-fetch/LICENSE.md @@ -0,0 +1,16 @@ +ISC License + +Copyright (c) npm, Inc. + +Permission to use, copy, modify, and/or distribute this software for +any purpose with or without fee is hereby granted, provided that the +above copyright notice and this permission notice appear in all copies. + +THE SOFTWARE IS PROVIDED "AS IS" AND THE COPYRIGHT HOLDER DISCLAIMS +ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE +COPYRIGHT HOLDER BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR +CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS +OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE +USE OR PERFORMANCE OF THIS SOFTWARE. diff --git a/node_modules/npm-profile/node_modules/npm-registry-fetch/README.md b/node_modules/npm-profile/node_modules/npm-registry-fetch/README.md new file mode 100644 index 0000000000000..e660940e30dc4 --- /dev/null +++ b/node_modules/npm-profile/node_modules/npm-registry-fetch/README.md @@ -0,0 +1,635 @@ +# npm-registry-fetch + +[![npm version](https://img.shields.io/npm/v/npm-registry-fetch.svg)](https://npm.im/npm-registry-fetch) +[![license](https://img.shields.io/npm/l/npm-registry-fetch.svg)](https://npm.im/npm-registry-fetch) +[![Travis](https://img.shields.io/travis/npm/npm-registry-fetch/latest.svg)](https://travis-ci.org/npm/npm-registry-fetch) +[![AppVeyor](https://img.shields.io/appveyor/ci/npm/npm-registry-fetch/latest.svg)](https://ci.appveyor.com/project/npm/npm-registry-fetch) +[![Coverage Status](https://coveralls.io/repos/github/npm/npm-registry-fetch/badge.svg?branch=latest)](https://coveralls.io/github/npm/npm-registry-fetch?branch=latest) + +[`npm-registry-fetch`](https://github.com/npm/npm-registry-fetch) is a Node.js +library that implements a `fetch`-like API for accessing npm registry APIs +consistently. It's able to consume npm-style configuration values and has all +the necessary logic for picking registries, handling scopes, and dealing with +authentication details built-in. + +This package is meant to replace the older +[`npm-registry-client`](https://npm.im/npm-registry-client). + +## Example + +```javascript +const npmFetch = require('npm-registry-fetch') + +console.log( + await npmFetch.json('/-/ping') +) +``` + +## Table of Contents + +* [Installing](#install) +* [Example](#example) +* [Contributing](#contributing) +* [API](#api) + * [`fetch`](#fetch) + * [`fetch.json`](#fetch-json) + * [`fetch` options](#fetch-opts) + +### Install + +`$ npm install npm-registry-fetch` + +### Contributing + +The npm team enthusiastically welcomes contributions and project participation! +There's a bunch of things you can do if you want to contribute! The [Contributor +Guide](CONTRIBUTING.md) has all the information you need for everything from +reporting bugs to contributing entire new features. Please don't hesitate to +jump in if you'd like to, or even ask us questions if something isn't clear. + +All participants and maintainers in this project are expected to follow [Code of +Conduct](CODE_OF_CONDUCT.md), and just generally be excellent to each other. + +Please refer to the [Changelog](CHANGELOG.md) for project history details, too. + +Happy hacking! + +### API + +#### Caching and `write=true` query strings + +Before performing any PUT or DELETE operation, npm clients first make a +GET request to the registry resource being updated, which includes +the query string `?write=true`. + +The semantics of this are, effectively, "I intend to write to this thing, +and need to know the latest current value, so that my write can land +cleanly". + +The public npm registry handles these `?write=true` requests by ensuring +that the cache is re-validated before sending a response. In order to +maintain the same behavior on the client, and not get tripped up by an +overeager local cache when we intend to write data to the registry, any +request that comes through `npm-registry-fetch` that contains `write=true` +in the query string will forcibly set the `prefer-online` option to `true`, +and set both `prefer-offline` and `offline` to false, so that any local +cached value will be revalidated. + +#### `> fetch(url, [opts]) -> Promise` + +Performs a request to a given URL. + +The URL can be either a full URL, or a path to one. The appropriate registry +will be automatically picked if only a URL path is given. + +For available options, please see the section on [`fetch` options](#fetch-opts). + +##### Example + +```javascript +const res = await fetch('/-/ping') +console.log(res.headers) +res.on('data', d => console.log(d.toString('utf8'))) +``` + +#### `> fetch.json(url, [opts]) -> Promise` + +Performs a request to a given registry URL, parses the body of the response as +JSON, and returns it as its final value. This is a utility shorthand for +`fetch(url).then(res => res.json())`. + +For available options, please see the section on [`fetch` options](#fetch-opts). + +##### Example + +```javascript +const res = await fetch.json('/-/ping') +console.log(res) // Body parsed as JSON +``` + +#### `> fetch.json.stream(url, jsonPath, [opts]) -> Stream` + +Performs a request to a given registry URL and parses the body of the response +as JSON, with each entry being emitted through the stream. + +The `jsonPath` argument is a [`JSONStream.parse()` +path](https://github.com/dominictarr/JSONStream#jsonstreamparsepath), and the +returned stream (unlike default `JSONStream`s), has a valid +`Symbol.asyncIterator` implementation. + +For available options, please see the section on [`fetch` options](#fetch-opts). + +##### Example + +```javascript +console.log('https://npm.im/~zkat has access to the following packages:') +for await (let {key, value} of fetch.json.stream('/-/user/zkat/package', '$*')) { + console.log(`https://npm.im/${key} (perms: ${value})`) +} +``` + +#### `fetch` Options + +Fetch options are optional, and can be passed in as either a Map-like object +(one with a `.get()` method), a plain javascript object, or a +[`figgy-pudding`](https://npm.im/figgy-pudding) instance. + +##### `opts.agent` + +* Type: http.Agent +* Default: an appropriate agent based on URL protocol and proxy settings + +An [`Agent`](https://nodejs.org/api/http.html#http_class_http_agent) instance to +be shared across requests. This allows multiple concurrent `fetch` requests to +happen on the same socket. + +You do _not_ need to provide this option unless you want something particularly +specialized, since proxy configurations and http/https agents are already +automatically managed internally when this option is not passed through. + +##### `opts.body` + +* Type: Buffer | Stream | Object +* Default: null + +Request body to send through the outgoing request. Buffers and Streams will be +passed through as-is, with a default `content-type` of +`application/octet-stream`. Plain JavaScript objects will be `JSON.stringify`ed +and the `content-type` will default to `application/json`. + +Use [`opts.headers`](#opts-headers) to set the content-type to something else. + +##### `opts.ca` + +* Type: String, Array, or null +* Default: null + +The Certificate Authority signing certificate that is trusted for SSL +connections to the registry. Values should be in PEM format (Windows calls it +"Base-64 encoded X.509 (.CER)") with newlines replaced by the string `'\n'`. For +example: + +``` +{ + ca: '-----BEGIN CERTIFICATE-----\nXXXX\nXXXX\n-----END CERTIFICATE-----' +} +``` + +Set to `null` to only allow "known" registrars, or to a specific CA cert +to trust only that specific signing authority. + +Multiple CAs can be trusted by specifying an array of certificates instead of a +single string. + +See also [`opts.strictSSL`](#opts-strictSSL), [`opts.ca`](#opts-ca) and +[`opts.key`](#opts-key) + +##### `opts.cache` + +* Type: path +* Default: null + +The location of the http cache directory. If provided, certain cachable requests +will be cached according to [IETF RFC 7234](https://tools.ietf.org/html/rfc7234) +rules. This will speed up future requests, as well as make the cached data +available offline if necessary/requested. + +See also [`offline`](#opts-offline), [`preferOffline`](#opts-preferOffline), +and [`preferOnline`](#opts-preferOnline). + +##### `opts.cert` + +* Type: String +* Default: null + +A client certificate to pass when accessing the registry. Values should be in +PEM format (Windows calls it "Base-64 encoded X.509 (.CER)") with newlines +replaced by the string `'\n'`. For example: + +``` +{ + cert: '-----BEGIN CERTIFICATE-----\nXXXX\nXXXX\n-----END CERTIFICATE-----' +} +``` + +It is _not_ the path to a certificate file (and there is no "certfile" option). + +See also: [`opts.ca`](#opts-ca) and [`opts.key`](#opts-key) + +##### `opts.fetchRetries` + +* Type: Number +* Default: 2 + +The "retries" config for [`retry`](https://npm.im/retry) to use when fetching +packages from the registry. + +See also [`opts.retry`](#opts-retry) to provide all retry options as a single +object. + +##### `opts.fetchRetryFactor` + +* Type: Number +* Default: 10 + +The "factor" config for [`retry`](https://npm.im/retry) to use when fetching +packages. + +See also [`opts.retry`](#opts-retry) to provide all retry options as a single +object. + +##### `opts.fetchRetryMintimeout` + +* Type: Number +* Default: 10000 (10 seconds) + +The "minTimeout" config for [`retry`](https://npm.im/retry) to use when fetching +packages. + +See also [`opts.retry`](#opts-retry) to provide all retry options as a single +object. + +##### `opts.fetchRetryMaxtimeout` + +* Type: Number +* Default: 60000 (1 minute) + +The "maxTimeout" config for [`retry`](https://npm.im/retry) to use when fetching +packages. + +See also [`opts.retry`](#opts-retry) to provide all retry options as a single +object. + +##### `opts.forceAuth` + +* Type: Object +* Default: null + +If present, other auth-related values in `opts` will be completely ignored, +including `alwaysAuth`, `email`, and `otp`, when calculating auth for a request, +and the auth details in `opts.forceAuth` will be used instead. + +##### `opts.gzip` + +* Type: Boolean +* Default: false + +If true, `npm-registry-fetch` will set the `Content-Encoding` header to `gzip` +and use `zlib.gzip()` or `zlib.createGzip()` to gzip-encode +[`opts.body`](#opts-body). + +##### `opts.headers` + +* Type: Object +* Default: null + +Additional headers for the outgoing request. This option can also be used to +override headers automatically generated by `npm-registry-fetch`, such as +`Content-Type`. + +##### `opts.ignoreBody` + +* Type: Boolean +* Default: false + +If true, the **response body** will be thrown away and `res.body` set to `null`. +This will prevent dangling response sockets for requests where you don't usually +care what the response body is. + +##### `opts.integrity` + +* Type: String | [SRI object](https://npm.im/ssri) +* Default: null + +If provided, the response body's will be verified against this integrity string, +using [`ssri`](https://npm.im/ssri). If verification succeeds, the response will +complete as normal. If verification fails, the response body will error with an +`EINTEGRITY` error. + +Body integrity is only verified if the body is actually consumed to completion -- +that is, if you use `res.json()`/`res.buffer()`, or if you consume the default +`res` stream data to its end. + +Cached data will have its integrity automatically verified using the +previously-generated integrity hash for the saved request information, so +`EINTEGRITY` errors can happen if [`opts.cache`](#opts-cache) is used, even if +`opts.integrity` is not passed in. + +##### `opts.isFromCI` + +* Type: Boolean +* Default: Based on environment variables + +This is used to populate the `npm-in-ci` request header sent to the registry. + +##### `opts.key` + +* Type: String +* Default: null + +A client key to pass when accessing the registry. Values should be in PEM +format with newlines replaced by the string `'\n'`. For example: + +``` +{ + key: '-----BEGIN PRIVATE KEY-----\nXXXX\nXXXX\n-----END PRIVATE KEY-----' +} +``` + +It is _not_ the path to a key file (and there is no "keyfile" option). + +See also: [`opts.ca`](#opts-ca) and [`opts.cert`](#opts-cert) + +##### `opts.localAddress` + +* Type: IP Address String +* Default: null + +The IP address of the local interface to use when making connections +to the registry. + +See also [`opts.proxy`](#opts-proxy) + +##### `opts.log` + +* Type: [`npmlog`](https://npm.im/npmlog)-like +* Default: null + +Logger object to use for logging operation details. Must have the same methods +as `npmlog`. + +##### `opts.mapJSON` + +* Type: Function +* Default: undefined + +When using `fetch.json.stream()` (NOT `fetch.json()`), this will be passed down +to [`JSONStream`](https://npm.im/JSONStream) as the second argument to +`JSONStream.parse`, and can be used to transform stream data before output. + +##### `opts.maxSockets` + +* Type: Integer +* Default: 12 + +Maximum number of sockets to keep open during requests. Has no effect if +[`opts.agent`](#opts-agent) is used. + +##### `opts.method` + +* Type: String +* Default: 'GET' + +HTTP method to use for the outgoing request. Case-insensitive. + +##### `opts.noproxy` + +* Type: Boolean +* Default: process.env.NOPROXY + +If true, proxying will be disabled even if [`opts.proxy`](#opts-proxy) is used. + +##### `opts.npmSession` + +* Type: String +* Default: null + +If provided, will be sent in the `npm-session` header. This header is used by +the npm registry to identify individual user sessions (usually individual +invocations of the CLI). + +##### `opts.npmCommand` + +* Type: String +* Default: null + +If provided, it will be sent in the `npm-command` header. This yeader is +used by the npm registry to identify the npm command that caused this +request to be made. + +##### `opts.offline` + +* Type: Boolean +* Default: false + +Force offline mode: no network requests will be done during install. To allow +`npm-registry-fetch` to fill in missing cache data, see +[`opts.preferOffline`](#opts-preferOffline). + +This option is only really useful if you're also using +[`opts.cache`](#opts-cache). + +This option is set to `true` when the request includes `write=true` in the +query string. + +##### `opts.otp` + +* Type: Number | String +* Default: null + +This is a one-time password from a two-factor authenticator. It is required for +certain registry interactions when two-factor auth is enabled for a user +account. + +##### `opts.password` + +* Alias: `_password` +* Type: String +* Default: null + +Password used for basic authentication. For the more modern authentication +method, please use the (more secure) [`opts.token`](#opts-token) + +Can optionally be scoped to a registry by using a "nerf dart" for that registry. +That is: + +``` +{ + '//registry.npmjs.org/:password': 't0k3nH34r' +} +``` + +See also [`opts.username`](#opts-username) + +##### `opts.preferOffline` + +* Type: Boolean +* Default: false + +If true, staleness checks for cached data will be bypassed, but missing data +will be requested from the server. To force full offline mode, use +[`opts.offline`](#opts-offline). + +This option is generally only useful if you're also using +[`opts.cache`](#opts-cache). + +This option is set to `false` when the request includes `write=true` in the +query string. + +##### `opts.preferOnline` + +* Type: Boolean +* Default: false + +If true, staleness checks for cached data will be forced, making the CLI look +for updates immediately even for fresh package data. + +This option is generally only useful if you're also using +[`opts.cache`](#opts-cache). + +This option is set to `true` when the request includes `write=true` in the +query string. + +##### `opts.projectScope` + +* Type: String +* Default: null + +If provided, will be sent in the `npm-scope` header. This header is used by the +npm registry to identify the toplevel package scope that a particular project +installation is using. + +##### `opts.proxy` + +* Type: url +* Default: null + +A proxy to use for outgoing http requests. If not passed in, the `HTTP(S)_PROXY` +environment variable will be used. + +##### `opts.query` + +* Type: String | Object +* Default: null + +If provided, the request URI will have a query string appended to it using this +query. If `opts.query` is an object, it will be converted to a query string +using +[`querystring.stringify()`](https://nodejs.org/api/querystring.html#querystring_querystring_stringify_obj_sep_eq_options). + +If the request URI already has a query string, it will be merged with +`opts.query`, preferring `opts.query` values. + +##### `opts.registry` + +* Type: URL +* Default: `'https://registry.npmjs.org'` + +Registry configuration for a request. If a request URL only includes the URL +path, this registry setting will be prepended. This configuration is also used +to determine authentication details, so even if the request URL references a +completely different host, `opts.registry` will be used to find the auth details +for that request. + +See also [`opts.scope`](#opts-scope), [`opts.spec`](#opts-spec), and +[`opts.:registry`](#opts-scope-registry) which can all affect the actual +registry URL used by the outgoing request. + +##### `opts.retry` + +* Type: Object +* Default: null + +Single-object configuration for request retry settings. If passed in, will +override individually-passed `fetch-retry-*` settings. + +##### `opts.scope` + +* Type: String +* Default: null + +Associate an operation with a scope for a scoped registry. This option can force +lookup of scope-specific registries and authentication. + +See also [`opts.:registry`](#opts-scope-registry) and +[`opts.spec`](#opts-spec) for interactions with this option. + +##### `opts.:registry` + +* Type: String +* Default: null + +This option type can be used to configure the registry used for requests +involving a particular scope. For example, `opts['@myscope:registry'] = +'https://scope-specific.registry/'` will make it so requests go out to this +registry instead of [`opts.registry`](#opts-registry) when +[`opts.scope`](#opts-scope) is used, or when [`opts.spec`](#opts-spec) is a +scoped package spec. + +The `@` before the scope name is optional, but recommended. + +##### `opts.spec` + +* Type: String | [`npm-registry-arg`](https://npm.im/npm-registry-arg) object. +* Default: null + +If provided, can be used to automatically configure [`opts.scope`](#opts-scope) +based on a specific package name. Non-registry package specs will throw an +error. + +##### `opts.strictSSL` + +* Type: Boolean +* Default: true + +Whether or not to do SSL key validation when making requests to the +registry via https. + +See also [`opts.ca`](#opts-ca). + +##### `opts.timeout` + +* Type: Milliseconds +* Default: 300000 (5 minutes) + +Time before a hanging request times out. + +##### `opts.token` + +* Alias: `opts._authToken` +* Type: String +* Default: null + +Authentication token string. + +Can be scoped to a registry by using a "nerf dart" for that registry. That is: + +``` +{ + '//registry.npmjs.org/:token': 't0k3nH34r' +} +``` + +##### `opts.userAgent` + +* Type: String +* Default: `'npm-registry-fetch@/node@+ ()'` + +User agent string to send in the `User-Agent` header. + +##### `opts.username` + +* Type: String +* Default: null + +Username used for basic authentication. For the more modern authentication +method, please use the (more secure) [`opts.token`](#opts-token) + +Can optionally be scoped to a registry by using a "nerf dart" for that registry. +That is: + +``` +{ + '//registry.npmjs.org/:username': 't0k3nH34r' +} +``` + +See also [`opts.password`](#opts-password) + +##### `opts._auth` + +* Type: String +* Default: null + +** DEPRECATED ** This is a legacy authentication token supported only for +compatibility. Please use [`opts.token`](#opts-token) instead. diff --git a/node_modules/npm-profile/node_modules/npm-registry-fetch/auth.js b/node_modules/npm-profile/node_modules/npm-registry-fetch/auth.js new file mode 100644 index 0000000000000..11c3bde6b4e6c --- /dev/null +++ b/node_modules/npm-profile/node_modules/npm-registry-fetch/auth.js @@ -0,0 +1,55 @@ +'use strict' + +const defaultOpts = require('./default-opts.js') +const url = require('url') + +module.exports = getAuth +function getAuth (registry, opts_ = {}) { + if (!registry) { throw new Error('registry is required') } + const opts = opts_.forceAuth ? opts_.forceAuth : { ...defaultOpts, ...opts_ } + const AUTH = {} + const regKey = registry && registryKey(registry) + const doKey = (key, alias) => addKey(opts, AUTH, regKey, key, alias) + doKey('token') + doKey('_authToken', 'token') + doKey('username') + doKey('password') + doKey('_password', 'password') + doKey('email') + doKey('_auth') + doKey('otp') + doKey('always-auth', 'alwaysAuth') + if (AUTH.password) { + AUTH.password = Buffer.from(AUTH.password, 'base64').toString('utf8') + } + if (AUTH._auth && !(AUTH.username && AUTH.password)) { + let auth = Buffer.from(AUTH._auth, 'base64').toString() + auth = auth.split(':') + AUTH.username = auth.shift() + AUTH.password = auth.join(':') + } + AUTH.alwaysAuth = AUTH.alwaysAuth === 'false' ? false : !!AUTH.alwaysAuth + return AUTH +} + +function addKey (opts, obj, scope, key, objKey) { + if (opts[key]) { + obj[objKey || key] = opts[key] + } + if (scope && opts[`${scope}:${key}`]) { + obj[objKey || key] = opts[`${scope}:${key}`] + } +} + +// Called a nerf dart in the main codebase. Used as a "safe" +// key when fetching registry info from config. +function registryKey (registry) { + const parsed = new url.URL(registry) + const formatted = url.format({ + protocol: parsed.protocol, + host: parsed.host, + pathname: parsed.pathname, + slashes: true + }) + return url.format(new url.URL('.', formatted)).replace(/^[^:]+:/, '') +} diff --git a/node_modules/npm-profile/node_modules/npm-registry-fetch/check-response.js b/node_modules/npm-profile/node_modules/npm-registry-fetch/check-response.js new file mode 100644 index 0000000000000..f151711f30160 --- /dev/null +++ b/node_modules/npm-profile/node_modules/npm-registry-fetch/check-response.js @@ -0,0 +1,128 @@ +'use strict' + +const errors = require('./errors.js') +const LRU = require('lru-cache') +const { Response } = require('minipass-fetch') +const defaultOpts = require('./default-opts.js') + +module.exports = checkResponse +function checkResponse (method, res, registry, startTime, opts_ = {}) { + const opts = { ...defaultOpts, ...opts_ } + if (res.headers.has('npm-notice') && !res.headers.has('x-local-cache')) { + opts.log.notice('', res.headers.get('npm-notice')) + } + checkWarnings(res, registry, opts) + if (res.status >= 400) { + logRequest(method, res, startTime, opts) + return checkErrors(method, res, startTime, opts) + } else { + res.body.on('end', () => logRequest(method, res, startTime, opts)) + if (opts.ignoreBody) { + res.body.resume() + return new Response(null, res) + } + return res + } +} + +function logRequest (method, res, startTime, opts) { + const elapsedTime = Date.now() - startTime + const attempt = res.headers.get('x-fetch-attempts') + const attemptStr = attempt && attempt > 1 ? ` attempt #${attempt}` : '' + const cacheStr = res.headers.get('x-local-cache') ? ' (from cache)' : '' + + let urlStr + try { + const { URL } = require('url') + const url = new URL(res.url) + if (url.password) { + url.password = '***' + } + urlStr = url.toString() + } catch (er) { + urlStr = res.url + } + + opts.log.http( + 'fetch', + `${method.toUpperCase()} ${res.status} ${urlStr} ${elapsedTime}ms${attemptStr}${cacheStr}` + ) +} + +const WARNING_REGEXP = /^\s*(\d{3})\s+(\S+)\s+"(.*)"\s+"([^"]+)"/ +const BAD_HOSTS = new LRU({ max: 50 }) + +function checkWarnings (res, registry, opts) { + if (res.headers.has('warning') && !BAD_HOSTS.has(registry)) { + const warnings = {} + // note: headers.raw() will preserve case, so we might have a + // key on the object like 'WaRnInG' if that was used first + for (const [key, value] of Object.entries(res.headers.raw())) { + if (key.toLowerCase() !== 'warning') { continue } + value.forEach(w => { + const match = w.match(WARNING_REGEXP) + if (match) { + warnings[match[1]] = { + code: match[1], + host: match[2], + message: match[3], + date: new Date(match[4]) + } + } + }) + } + BAD_HOSTS.set(registry, true) + if (warnings['199']) { + if (warnings['199'].message.match(/ENOTFOUND/)) { + opts.log.warn('registry', `Using stale data from ${registry} because the host is inaccessible -- are you offline?`) + } else { + opts.log.warn('registry', `Unexpected warning for ${registry}: ${warnings['199'].message}`) + } + } + if (warnings['111']) { + // 111 Revalidation failed -- we're using stale data + opts.log.warn( + 'registry', + `Using stale data from ${registry} due to a request error during revalidation.` + ) + } + } +} + +function checkErrors (method, res, startTime, opts) { + return res.buffer() + .catch(() => null) + .then(body => { + let parsed = body + try { + parsed = JSON.parse(body.toString('utf8')) + } catch (e) {} + if (res.status === 401 && res.headers.get('www-authenticate')) { + const auth = res.headers.get('www-authenticate') + .split(/,\s*/) + .map(s => s.toLowerCase()) + if (auth.indexOf('ipaddress') !== -1) { + throw new errors.HttpErrorAuthIPAddress( + method, res, parsed, opts.spec + ) + } else if (auth.indexOf('otp') !== -1) { + throw new errors.HttpErrorAuthOTP( + method, res, parsed, opts.spec + ) + } else { + throw new errors.HttpErrorAuthUnknown( + method, res, parsed, opts.spec + ) + } + } else if (res.status === 401 && body != null && /one-time pass/.test(body.toString('utf8'))) { + // Heuristic for malformed OTP responses that don't include the www-authenticate header. + throw new errors.HttpErrorAuthOTP( + method, res, parsed, opts.spec + ) + } else { + throw new errors.HttpErrorGeneral( + method, res, parsed, opts.spec + ) + } + }) +} diff --git a/node_modules/npm-profile/node_modules/npm-registry-fetch/default-opts.js b/node_modules/npm-profile/node_modules/npm-registry-fetch/default-opts.js new file mode 100644 index 0000000000000..b742fd5a5fcd4 --- /dev/null +++ b/node_modules/npm-profile/node_modules/npm-registry-fetch/default-opts.js @@ -0,0 +1,22 @@ +const pkg = require('./package.json') +const ciDetect = require('@npmcli/ci-detect') +module.exports = { + isFromCI: ciDetect(), + log: require('./silentlog.js'), + maxSockets: 12, + method: 'GET', + registry: 'https://registry.npmjs.org/', + timeout: 5 * 60 * 1000, // 5 minutes + strictSSL: true, + noProxy: process.env.NOPROXY, + userAgent: `${pkg.name + }@${ + pkg.version + }/node@${ + process.version + }+${ + process.arch + } (${ + process.platform + })` +} diff --git a/node_modules/npm-profile/node_modules/npm-registry-fetch/errors.js b/node_modules/npm-profile/node_modules/npm-registry-fetch/errors.js new file mode 100644 index 0000000000000..c41947e29952d --- /dev/null +++ b/node_modules/npm-profile/node_modules/npm-registry-fetch/errors.js @@ -0,0 +1,79 @@ +'use strict' + +const url = require('url') + +function packageName (href) { + try { + let basePath = new url.URL(href).pathname.substr(1) + if (!basePath.match(/^-/)) { + basePath = basePath.split('/') + var index = basePath.indexOf('_rewrite') + if (index === -1) { + index = basePath.length - 1 + } else { + index++ + } + return decodeURIComponent(basePath[index]) + } + } catch (_) { + // this is ok + } +} + +class HttpErrorBase extends Error { + constructor (method, res, body, spec) { + super() + this.headers = res.headers.raw() + this.statusCode = res.status + this.code = `E${res.status}` + this.method = method + this.uri = res.url + this.body = body + this.pkgid = spec ? spec.toString() : packageName(res.url) + } +} +module.exports.HttpErrorBase = HttpErrorBase + +class HttpErrorGeneral extends HttpErrorBase { + constructor (method, res, body, spec) { + super(method, res, body, spec) + this.message = `${res.status} ${res.statusText} - ${ + this.method.toUpperCase() + } ${ + this.spec || this.uri + }${ + (body && body.error) ? ' - ' + body.error : '' + }` + Error.captureStackTrace(this, HttpErrorGeneral) + } +} +module.exports.HttpErrorGeneral = HttpErrorGeneral + +class HttpErrorAuthOTP extends HttpErrorBase { + constructor (method, res, body, spec) { + super(method, res, body, spec) + this.message = 'OTP required for authentication' + this.code = 'EOTP' + Error.captureStackTrace(this, HttpErrorAuthOTP) + } +} +module.exports.HttpErrorAuthOTP = HttpErrorAuthOTP + +class HttpErrorAuthIPAddress extends HttpErrorBase { + constructor (method, res, body, spec) { + super(method, res, body, spec) + this.message = 'Login is not allowed from your IP address' + this.code = 'EAUTHIP' + Error.captureStackTrace(this, HttpErrorAuthIPAddress) + } +} +module.exports.HttpErrorAuthIPAddress = HttpErrorAuthIPAddress + +class HttpErrorAuthUnknown extends HttpErrorBase { + constructor (method, res, body, spec) { + super(method, res, body, spec) + this.message = 'Unable to authenticate, need: ' + res.headers.get('www-authenticate') + Error.captureStackTrace(this, HttpErrorAuthUnknown) + } +} +module.exports.HttpErrorAuthUnknown = HttpErrorAuthUnknown diff --git a/node_modules/npm-profile/node_modules/npm-registry-fetch/index.js b/node_modules/npm-profile/node_modules/npm-registry-fetch/index.js new file mode 100644 index 0000000000000..2324e7fbfd00b --- /dev/null +++ b/node_modules/npm-profile/node_modules/npm-registry-fetch/index.js @@ -0,0 +1,219 @@ +'use strict' + +const checkResponse = require('./check-response.js') +const getAuth = require('./auth.js') +const fetch = require('make-fetch-happen') +const JSONStream = require('minipass-json-stream') +const npa = require('npm-package-arg') +const qs = require('querystring') +const url = require('url') +const zlib = require('minizlib') +const Minipass = require('minipass') + +const defaultOpts = require('./default-opts.js') + +// WhatWG URL throws if it's not fully resolved +const urlIsValid = u => { + try { + return !!new url.URL(u) + } catch (_) { + return false + } +} + +module.exports = regFetch +function regFetch (uri, /* istanbul ignore next */ opts_ = {}) { + const opts = { + ...defaultOpts, + ...opts_ + } + const registry = opts.registry = ( + (opts.spec && pickRegistry(opts.spec, opts)) || + (opts.publishConfig && opts.publishConfig.registry) || + opts.registry || + /* istanbul ignore next */ + 'https://registry.npmjs.org/' + ) + + if (!urlIsValid(uri)) { + uri = `${ + registry.trim().replace(/\/?$/g, '') + }/${ + uri.trim().replace(/^\//, '') + }` + } + + const method = opts.method || 'GET' + + // through that takes into account the scope, the prefix of `uri`, etc + const startTime = Date.now() + const headers = getHeaders(registry, uri, opts) + let body = opts.body + const bodyIsStream = Minipass.isStream(body) + const bodyIsPromise = body && + typeof body === 'object' && + typeof body.then === 'function' + + if (body && !bodyIsStream && !bodyIsPromise && typeof body !== 'string' && !Buffer.isBuffer(body)) { + headers['content-type'] = headers['content-type'] || 'application/json' + body = JSON.stringify(body) + } else if (body && !headers['content-type']) { + headers['content-type'] = 'application/octet-stream' + } + + if (opts.gzip) { + headers['content-encoding'] = 'gzip' + if (bodyIsStream) { + const gz = new zlib.Gzip() + body.on('error', /* istanbul ignore next: unlikely and hard to test */ + err => gz.emit('error', err)) + body = body.pipe(gz) + } else if (!bodyIsPromise) { + body = new zlib.Gzip().end(body).concat() + } + } + + const parsed = new url.URL(uri) + + if (opts.query) { + const q = typeof opts.query === 'string' + ? qs.parse(opts.query) + : opts.query + + Object.keys(q).forEach(key => { + if (q[key] !== undefined) { + parsed.searchParams.set(key, q[key]) + } + }) + uri = url.format(parsed) + } + + if (parsed.searchParams.get('write') === 'true' && method === 'GET') { + // do not cache, because this GET is fetching a rev that will be + // used for a subsequent PUT or DELETE, so we need to conditionally + // update cache. + opts.offline = false + opts.preferOffline = false + opts.preferOnline = true + } + + const doFetch = (body) => fetch(uri, { + agent: opts.agent, + algorithms: opts.algorithms, + body, + cache: getCacheMode(opts), + cacheManager: opts.cache, + ca: opts.ca, + cert: opts.cert, + headers, + integrity: opts.integrity, + key: opts.key, + localAddress: opts.localAddress, + maxSockets: opts.maxSockets, + memoize: opts.memoize, + method: method, + noProxy: opts.noProxy, + proxy: opts.httpsProxy || opts.proxy, + retry: opts.retry ? opts.retry : { + retries: opts.fetchRetries, + factor: opts.fetchRetryFactor, + minTimeout: opts.fetchRetryMintimeout, + maxTimeout: opts.fetchRetryMaxtimeout + }, + strictSSL: opts.strictSSL, + timeout: opts.timeout || 30 * 1000 + }).then(res => checkResponse( + method, res, registry, startTime, opts + )) + + return Promise.resolve(body).then(doFetch) +} + +module.exports.json = fetchJSON +function fetchJSON (uri, opts) { + return regFetch(uri, opts).then(res => res.json()) +} + +module.exports.json.stream = fetchJSONStream +function fetchJSONStream (uri, jsonPath, /* istanbul ignore next */ opts_ = {}) { + const opts = { ...defaultOpts, ...opts_ } + const parser = JSONStream.parse(jsonPath, opts.mapJSON) + regFetch(uri, opts).then(res => + res.body.on('error', + /* istanbul ignore next: unlikely and difficult to test */ + er => parser.emit('error', er)).pipe(parser) + ).catch(er => parser.emit('error', er)) + return parser +} + +module.exports.pickRegistry = pickRegistry +function pickRegistry (spec, opts = {}) { + spec = npa(spec) + let registry = spec.scope && + opts[spec.scope.replace(/^@?/, '@') + ':registry'] + + if (!registry && opts.scope) { + registry = opts[opts.scope.replace(/^@?/, '@') + ':registry'] + } + + if (!registry && opts.publishConfig) { + registry = opts.publishConfig.registry + } + + if (!registry) { + registry = opts.registry || 'https://registry.npmjs.org/' + } + + return registry +} + +function getCacheMode (opts) { + return opts.offline + ? 'only-if-cached' + : opts.preferOffline + ? 'force-cache' + : opts.preferOnline + ? 'no-cache' + : 'default' +} + +function getHeaders (registry, uri, opts) { + const headers = Object.assign({ + 'npm-in-ci': !!opts.isFromCI, + 'user-agent': opts.userAgent + }, opts.headers || {}) + + if (opts.projectScope) { + headers['npm-scope'] = opts.projectScope + } + + if (opts.npmSession) { + headers['npm-session'] = opts.npmSession + } + + if (opts.npmCommand) { + headers['npm-command'] = opts.npmCommand + } + + const auth = getAuth(registry, opts) + // If a tarball is hosted on a different place than the manifest, only send + // credentials on `alwaysAuth` + const shouldAuth = ( + auth.alwaysAuth || + new url.URL(uri).host === new url.URL(registry).host + ) + if (shouldAuth && auth.token) { + headers.authorization = `Bearer ${auth.token}` + } else if (shouldAuth && auth.username && auth.password) { + const encoded = Buffer.from( + `${auth.username}:${auth.password}`, 'utf8' + ).toString('base64') + headers.authorization = `Basic ${encoded}` + } else if (shouldAuth && auth._auth) { + headers.authorization = `Basic ${auth._auth}` + } + if (shouldAuth && auth.otp) { + headers['npm-otp'] = auth.otp + } + return headers +} diff --git a/node_modules/npm-profile/node_modules/npm-registry-fetch/package.json b/node_modules/npm-profile/node_modules/npm-registry-fetch/package.json new file mode 100644 index 0000000000000..5aeddc5b39102 --- /dev/null +++ b/node_modules/npm-profile/node_modules/npm-registry-fetch/package.json @@ -0,0 +1,59 @@ +{ + "name": "npm-registry-fetch", + "version": "8.1.5", + "description": "Fetch-based http client for use with npm registry APIs", + "main": "index.js", + "files": [ + "*.js", + "lib" + ], + "scripts": { + "postrelease": "npm publish", + "posttest": "standard", + "prepublishOnly": "git push --follow-tags", + "prerelease": "npm t", + "release": "standard-version -s", + "test": "tap" + }, + "repository": "https://github.com/npm/registry-fetch", + "keywords": [ + "npm", + "registry", + "fetch" + ], + "author": { + "name": "Kat Marchán", + "email": "kzm@sykosomatic.org", + "twitter": "maybekatz" + }, + "license": "ISC", + "dependencies": { + "@npmcli/ci-detect": "^1.0.0", + "lru-cache": "^6.0.0", + "make-fetch-happen": "^8.0.9", + "minipass": "^3.1.3", + "minipass-fetch": "^1.3.0", + "minipass-json-stream": "^1.0.1", + "minizlib": "^2.0.0", + "npm-package-arg": "^8.0.0" + }, + "devDependencies": { + "cacache": "^15.0.0", + "mkdirp": "^0.5.1", + "nock": "^11.7.0", + "npmlog": "^4.1.2", + "require-inject": "^1.4.4", + "rimraf": "^2.6.2", + "ssri": "^8.0.0", + "standard": "^14.3.3", + "standard-version": "^7.1.0", + "tap": "^14.10.7" + }, + "tap": { + "check-coverage": true, + "test-ignore": "test[\\\\/](util|cache)[\\\\/]" + }, + "engines": { + "node": ">=10" + } +} diff --git a/node_modules/npm-profile/node_modules/npm-registry-fetch/silentlog.js b/node_modules/npm-profile/node_modules/npm-registry-fetch/silentlog.js new file mode 100644 index 0000000000000..886c5d55b2dbb --- /dev/null +++ b/node_modules/npm-profile/node_modules/npm-registry-fetch/silentlog.js @@ -0,0 +1,14 @@ +'use strict' + +const noop = Function.prototype +module.exports = { + error: noop, + warn: noop, + notice: noop, + info: noop, + verbose: noop, + silly: noop, + http: noop, + pause: noop, + resume: noop +} diff --git a/node_modules/npm-registry-fetch/README.md b/node_modules/npm-registry-fetch/README.md index e660940e30dc4..f5ae9cac31a03 100644 --- a/node_modules/npm-registry-fetch/README.md +++ b/node_modules/npm-registry-fetch/README.md @@ -1,11 +1,5 @@ # npm-registry-fetch -[![npm version](https://img.shields.io/npm/v/npm-registry-fetch.svg)](https://npm.im/npm-registry-fetch) -[![license](https://img.shields.io/npm/l/npm-registry-fetch.svg)](https://npm.im/npm-registry-fetch) -[![Travis](https://img.shields.io/travis/npm/npm-registry-fetch/latest.svg)](https://travis-ci.org/npm/npm-registry-fetch) -[![AppVeyor](https://img.shields.io/appveyor/ci/npm/npm-registry-fetch/latest.svg)](https://ci.appveyor.com/project/npm/npm-registry-fetch) -[![Coverage Status](https://coveralls.io/repos/github/npm/npm-registry-fetch/badge.svg?branch=latest)](https://coveralls.io/github/npm/npm-registry-fetch?branch=latest) - [`npm-registry-fetch`](https://github.com/npm/npm-registry-fetch) is a Node.js library that implements a `fetch`-like API for accessing npm registry APIs consistently. It's able to consume npm-style configuration values and has all diff --git a/node_modules/npm-registry-fetch/auth.js b/node_modules/npm-registry-fetch/auth.js index 11c3bde6b4e6c..e096a6f98f9a4 100644 --- a/node_modules/npm-registry-fetch/auth.js +++ b/node_modules/npm-registry-fetch/auth.js @@ -5,7 +5,8 @@ const url = require('url') module.exports = getAuth function getAuth (registry, opts_ = {}) { - if (!registry) { throw new Error('registry is required') } + if (!registry) + throw new Error('registry is required') const opts = opts_.forceAuth ? opts_.forceAuth : { ...defaultOpts, ...opts_ } const AUTH = {} const regKey = registry && registryKey(registry) @@ -19,9 +20,9 @@ function getAuth (registry, opts_ = {}) { doKey('_auth') doKey('otp') doKey('always-auth', 'alwaysAuth') - if (AUTH.password) { + if (AUTH.password) AUTH.password = Buffer.from(AUTH.password, 'base64').toString('utf8') - } + if (AUTH._auth && !(AUTH.username && AUTH.password)) { let auth = Buffer.from(AUTH._auth, 'base64').toString() auth = auth.split(':') @@ -33,12 +34,11 @@ function getAuth (registry, opts_ = {}) { } function addKey (opts, obj, scope, key, objKey) { - if (opts[key]) { + if (opts[key]) obj[objKey || key] = opts[key] - } - if (scope && opts[`${scope}:${key}`]) { + + if (scope && opts[`${scope}:${key}`]) obj[objKey || key] = opts[`${scope}:${key}`] - } } // Called a nerf dart in the main codebase. Used as a "safe" @@ -49,7 +49,7 @@ function registryKey (registry) { protocol: parsed.protocol, host: parsed.host, pathname: parsed.pathname, - slashes: true + slashes: true, }) return url.format(new url.URL('.', formatted)).replace(/^[^:]+:/, '') } diff --git a/node_modules/npm-registry-fetch/check-response.js b/node_modules/npm-registry-fetch/check-response.js index f151711f30160..5154da5349f76 100644 --- a/node_modules/npm-registry-fetch/check-response.js +++ b/node_modules/npm-registry-fetch/check-response.js @@ -8,9 +8,9 @@ const defaultOpts = require('./default-opts.js') module.exports = checkResponse function checkResponse (method, res, registry, startTime, opts_ = {}) { const opts = { ...defaultOpts, ...opts_ } - if (res.headers.has('npm-notice') && !res.headers.has('x-local-cache')) { + if (res.headers.has('npm-notice') && !res.headers.has('x-local-cache')) opts.log.notice('', res.headers.get('npm-notice')) - } + checkWarnings(res, registry, opts) if (res.status >= 400) { logRequest(method, res, startTime, opts) @@ -35,9 +35,9 @@ function logRequest (method, res, startTime, opts) { try { const { URL } = require('url') const url = new URL(res.url) - if (url.password) { + if (url.password) url.password = '***' - } + urlStr = url.toString() } catch (er) { urlStr = res.url @@ -58,7 +58,8 @@ function checkWarnings (res, registry, opts) { // note: headers.raw() will preserve case, so we might have a // key on the object like 'WaRnInG' if that was used first for (const [key, value] of Object.entries(res.headers.raw())) { - if (key.toLowerCase() !== 'warning') { continue } + if (key.toLowerCase() !== 'warning') + continue value.forEach(w => { const match = w.match(WARNING_REGEXP) if (match) { @@ -66,18 +67,17 @@ function checkWarnings (res, registry, opts) { code: match[1], host: match[2], message: match[3], - date: new Date(match[4]) + date: new Date(match[4]), } } }) } BAD_HOSTS.set(registry, true) if (warnings['199']) { - if (warnings['199'].message.match(/ENOTFOUND/)) { + if (warnings['199'].message.match(/ENOTFOUND/)) opts.log.warn('registry', `Using stale data from ${registry} because the host is inaccessible -- are you offline?`) - } else { + else opts.log.warn('registry', `Unexpected warning for ${registry}: ${warnings['199'].message}`) - } } if (warnings['111']) { // 111 Revalidation failed -- we're using stale data diff --git a/node_modules/npm-registry-fetch/default-opts.js b/node_modules/npm-registry-fetch/default-opts.js index b742fd5a5fcd4..fb8021d6b742f 100644 --- a/node_modules/npm-registry-fetch/default-opts.js +++ b/node_modules/npm-registry-fetch/default-opts.js @@ -18,5 +18,5 @@ module.exports = { process.arch } (${ process.platform - })` + })`, } diff --git a/node_modules/npm-registry-fetch/errors.js b/node_modules/npm-registry-fetch/errors.js index c41947e29952d..69671551dc619 100644 --- a/node_modules/npm-registry-fetch/errors.js +++ b/node_modules/npm-registry-fetch/errors.js @@ -8,11 +8,10 @@ function packageName (href) { if (!basePath.match(/^-/)) { basePath = basePath.split('/') var index = basePath.indexOf('_rewrite') - if (index === -1) { + if (index === -1) index = basePath.length - 1 - } else { + else index++ - } return decodeURIComponent(basePath[index]) } } catch (_) { diff --git a/node_modules/npm-registry-fetch/index.js b/node_modules/npm-registry-fetch/index.js index 2324e7fbfd00b..df3b49eb52969 100644 --- a/node_modules/npm-registry-fetch/index.js +++ b/node_modules/npm-registry-fetch/index.js @@ -25,11 +25,10 @@ module.exports = regFetch function regFetch (uri, /* istanbul ignore next */ opts_ = {}) { const opts = { ...defaultOpts, - ...opts_ + ...opts_, } const registry = opts.registry = ( (opts.spec && pickRegistry(opts.spec, opts)) || - (opts.publishConfig && opts.publishConfig.registry) || opts.registry || /* istanbul ignore next */ 'https://registry.npmjs.org/' @@ -57,9 +56,8 @@ function regFetch (uri, /* istanbul ignore next */ opts_ = {}) { if (body && !bodyIsStream && !bodyIsPromise && typeof body !== 'string' && !Buffer.isBuffer(body)) { headers['content-type'] = headers['content-type'] || 'application/json' body = JSON.stringify(body) - } else if (body && !headers['content-type']) { + } else if (body && !headers['content-type']) headers['content-type'] = 'application/octet-stream' - } if (opts.gzip) { headers['content-encoding'] = 'gzip' @@ -68,22 +66,19 @@ function regFetch (uri, /* istanbul ignore next */ opts_ = {}) { body.on('error', /* istanbul ignore next: unlikely and hard to test */ err => gz.emit('error', err)) body = body.pipe(gz) - } else if (!bodyIsPromise) { + } else if (!bodyIsPromise) body = new zlib.Gzip().end(body).concat() - } } const parsed = new url.URL(uri) if (opts.query) { - const q = typeof opts.query === 'string' - ? qs.parse(opts.query) + const q = typeof opts.query === 'string' ? qs.parse(opts.query) : opts.query Object.keys(q).forEach(key => { - if (q[key] !== undefined) { + if (q[key] !== undefined) parsed.searchParams.set(key, q[key]) - } }) uri = url.format(parsed) } @@ -118,10 +113,10 @@ function regFetch (uri, /* istanbul ignore next */ opts_ = {}) { retries: opts.fetchRetries, factor: opts.fetchRetryFactor, minTimeout: opts.fetchRetryMintimeout, - maxTimeout: opts.fetchRetryMaxtimeout + maxTimeout: opts.fetchRetryMaxtimeout, }, strictSSL: opts.strictSSL, - timeout: opts.timeout || 30 * 1000 + timeout: opts.timeout || 30 * 1000, }).then(res => checkResponse( method, res, registry, startTime, opts )) @@ -152,48 +147,36 @@ function pickRegistry (spec, opts = {}) { let registry = spec.scope && opts[spec.scope.replace(/^@?/, '@') + ':registry'] - if (!registry && opts.scope) { + if (!registry && opts.scope) registry = opts[opts.scope.replace(/^@?/, '@') + ':registry'] - } - - if (!registry && opts.publishConfig) { - registry = opts.publishConfig.registry - } - if (!registry) { + if (!registry) registry = opts.registry || 'https://registry.npmjs.org/' - } return registry } function getCacheMode (opts) { - return opts.offline - ? 'only-if-cached' - : opts.preferOffline - ? 'force-cache' - : opts.preferOnline - ? 'no-cache' - : 'default' + return opts.offline ? 'only-if-cached' + : opts.preferOffline ? 'force-cache' + : opts.preferOnline ? 'no-cache' + : 'default' } function getHeaders (registry, uri, opts) { const headers = Object.assign({ 'npm-in-ci': !!opts.isFromCI, - 'user-agent': opts.userAgent + 'user-agent': opts.userAgent, }, opts.headers || {}) - if (opts.projectScope) { + if (opts.projectScope) headers['npm-scope'] = opts.projectScope - } - if (opts.npmSession) { + if (opts.npmSession) headers['npm-session'] = opts.npmSession - } - if (opts.npmCommand) { + if (opts.npmCommand) headers['npm-command'] = opts.npmCommand - } const auth = getAuth(registry, opts) // If a tarball is hosted on a different place than the manifest, only send @@ -202,18 +185,18 @@ function getHeaders (registry, uri, opts) { auth.alwaysAuth || new url.URL(uri).host === new url.URL(registry).host ) - if (shouldAuth && auth.token) { + if (shouldAuth && auth.token) headers.authorization = `Bearer ${auth.token}` - } else if (shouldAuth && auth.username && auth.password) { + else if (shouldAuth && auth.username && auth.password) { const encoded = Buffer.from( `${auth.username}:${auth.password}`, 'utf8' ).toString('base64') headers.authorization = `Basic ${encoded}` - } else if (shouldAuth && auth._auth) { + } else if (shouldAuth && auth._auth) headers.authorization = `Basic ${auth._auth}` - } - if (shouldAuth && auth.otp) { + + if (shouldAuth && auth.otp) headers['npm-otp'] = auth.otp - } + return headers } diff --git a/node_modules/npm-registry-fetch/package.json b/node_modules/npm-registry-fetch/package.json index 5aeddc5b39102..40e0067b4aedb 100644 --- a/node_modules/npm-registry-fetch/package.json +++ b/node_modules/npm-registry-fetch/package.json @@ -1,21 +1,22 @@ { "name": "npm-registry-fetch", - "version": "8.1.5", + "version": "9.0.0", "description": "Fetch-based http client for use with npm registry APIs", "main": "index.js", "files": [ - "*.js", - "lib" + "*.js" ], "scripts": { - "postrelease": "npm publish", - "posttest": "standard", - "prepublishOnly": "git push --follow-tags", - "prerelease": "npm t", - "release": "standard-version -s", - "test": "tap" + "eslint": "eslint", + "lint": "npm run eslint -- *.js test/*.js", + "lintfix": "npm run lint -- --fix", + "prepublishOnly": "git push origin --follow-tags", + "preversion": "npm test", + "postversion": "npm publish", + "test": "tap", + "posttest": "npm run lint" }, - "repository": "https://github.com/npm/registry-fetch", + "repository": "https://github.com/npm/npm-registry-fetch", "keywords": [ "npm", "registry", @@ -39,14 +40,17 @@ }, "devDependencies": { "cacache": "^15.0.0", + "eslint": "^6.8.0", + "eslint-plugin-import": "^2.18.2", + "eslint-plugin-node": "^10.0.0", + "eslint-plugin-promise": "^4.2.1", + "eslint-plugin-standard": "^4.0.1", "mkdirp": "^0.5.1", "nock": "^11.7.0", "npmlog": "^4.1.2", "require-inject": "^1.4.4", "rimraf": "^2.6.2", "ssri": "^8.0.0", - "standard": "^14.3.3", - "standard-version": "^7.1.0", "tap": "^14.10.7" }, "tap": { diff --git a/node_modules/npm-registry-fetch/silentlog.js b/node_modules/npm-registry-fetch/silentlog.js index 886c5d55b2dbb..483bd44c7086a 100644 --- a/node_modules/npm-registry-fetch/silentlog.js +++ b/node_modules/npm-registry-fetch/silentlog.js @@ -10,5 +10,5 @@ module.exports = { silly: noop, http: noop, pause: noop, - resume: noop + resume: noop, } diff --git a/node_modules/pacote/node_modules/npm-registry-fetch/CHANGELOG.md b/node_modules/pacote/node_modules/npm-registry-fetch/CHANGELOG.md new file mode 100644 index 0000000000000..fc26ee1bda4ba --- /dev/null +++ b/node_modules/pacote/node_modules/npm-registry-fetch/CHANGELOG.md @@ -0,0 +1,384 @@ +# Changelog + +All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines. + +### [8.1.5](https://github.com/npm/registry-fetch/compare/v8.1.4...v8.1.5) (2020-10-12) + + +### Bug Fixes + +* respect publishConfig.registry when specified ([32e36ef](https://github.com/npm/registry-fetch/commit/32e36efe86302ed319973cd5b1e6ccc3f62e557e)), closes [#35](https://github.com/npm/registry-fetch/issues/35) + +### [8.1.4](https://github.com/npm/registry-fetch/compare/v8.1.3...v8.1.4) (2020-08-17) + + +### Bug Fixes + +* redact passwords from http logs ([3c294eb](https://github.com/npm/registry-fetch/commit/3c294ebbd7821725db4ff1bc5fe368c49613efcc)) + +### [8.1.3](https://github.com/npm/registry-fetch/compare/v8.1.2...v8.1.3) (2020-07-21) + +### [8.1.2](https://github.com/npm/registry-fetch/compare/v8.1.1...v8.1.2) (2020-07-11) + +### [8.1.1](https://github.com/npm/registry-fetch/compare/v8.1.0...v8.1.1) (2020-06-30) + +## [8.1.0](https://github.com/npm/registry-fetch/compare/v8.0.3...v8.1.0) (2020-05-20) + + +### Features + +* add npm-command HTTP header ([1bb4eb2](https://github.com/npm/registry-fetch/commit/1bb4eb2c66ee8a0dc62558bdcff1b548e2bb9820)) + +### [8.0.3](https://github.com/npm/registry-fetch/compare/v8.0.2...v8.0.3) (2020-05-13) + + +### Bug Fixes + +* update minipass and make-fetch-happen to latest ([3b6c5d0](https://github.com/npm/registry-fetch/commit/3b6c5d0d8ccd4c4a97862a65acef956f19aec127)), closes [#23](https://github.com/npm/registry-fetch/issues/23) + +### [8.0.2](https://github.com/npm/registry-fetch/compare/v8.0.1...v8.0.2) (2020-05-04) + + +### Bug Fixes + +* update make-fetch-happen to 8.0.6 ([226df2c](https://github.com/npm/registry-fetch/commit/226df2c32e3f9ed8ceefcfdbd11efb178181b442)) + +## [8.0.0](https://github.com/npm/registry-fetch/compare/v7.0.1...v8.0.0) (2020-02-24) + + +### ⚠ BREAKING CHANGES + +* Removes the 'opts.refer' option and the HTTP Referer +header (unless explicitly added to the 'headers' option, of course). + +PR-URL: https://github.com/npm/npm-registry-fetch/pull/25 +Credit: @isaacs + +### Bug Fixes + +* remove referer header and opts.refer ([eb8f7af](https://github.com/npm/registry-fetch/commit/eb8f7af3c102834856604c1be664b00ca0fe8ef2)), closes [#25](https://github.com/npm/registry-fetch/issues/25) + +### [7.0.1](https://github.com/npm/registry-fetch/compare/v7.0.0...v7.0.1) (2020-02-24) + +## [7.0.0](https://github.com/npm/registry-fetch/compare/v6.0.2...v7.0.0) (2020-02-18) + + +### ⚠ BREAKING CHANGES + +* figgy pudding is now nowhere to be found. +* this removes figgy-pudding, and drops several option +aliases. + +Defaults and behavior are all the same, and this module is now using the +canonical camelCase option names that npm v7 will provide to all its +deps. + +Related to: https://github.com/npm/rfcs/pull/102 + +PR-URL: https://github.com/npm/npm-registry-fetch/pull/22 +Credit: @isaacs + +### Bug Fixes + +* Remove figgy-pudding, use canonical option names ([ede3c08](https://github.com/npm/registry-fetch/commit/ede3c087007fd1808e02b1af70562220d03b18a9)), closes [#22](https://github.com/npm/registry-fetch/issues/22) + + +* update cacache, ssri, make-fetch-happen ([57fcc88](https://github.com/npm/registry-fetch/commit/57fcc889bee03edcc0a2025d96a171039108c231)) + +### [6.0.2](https://github.com/npm/registry-fetch/compare/v6.0.1...v6.0.2) (2020-02-14) + + +### Bug Fixes + +* always bypass cache when ?write=true ([83f89f3](https://github.com/npm/registry-fetch/commit/83f89f35abd2ed0507c869e37f90ed746375772c)) + +### [6.0.1](https://github.com/npm/registry-fetch/compare/v6.0.0...v6.0.1) (2020-02-14) + + +### Bug Fixes + +* use 30s default for timeout as per README ([50e8afc](https://github.com/npm/registry-fetch/commit/50e8afc6ff850542feb588f9f9c64ebae59e72a0)), closes [#20](https://github.com/npm/registry-fetch/issues/20) + +## [6.0.0](https://github.com/npm/registry-fetch/compare/v5.0.1...v6.0.0) (2019-12-17) + + +### ⚠ BREAKING CHANGES + +* This drops support for node < 10. + +There are some lint failures due to standard pushing for using WhatWG URL +objects instead of url.parse/url.resolve. However, the code in this lib +does some fancy things with the query/search portions of the parsed url +object, so it'll take a bit of care to make it work properly. + +### Bug Fixes + +* detect CI so our tests don't fail in CI ([5813da6](https://github.com/npm/registry-fetch/commit/5813da634cef73b12e40373972d7937e6934fce0)) +* Use WhatWG URLs instead of url.parse ([8ccfa8a](https://github.com/npm/registry-fetch/commit/8ccfa8a72c38cfedb0f525b7f453644fd4444f99)) + + +* normalize settings, drop old nodes, update deps ([510b125](https://github.com/npm/registry-fetch/commit/510b1255cc7ed4bb397a34e0007757dae33e2275)) + + +## [5.0.1](https://github.com/npm/registry-fetch/compare/v5.0.0...v5.0.1) (2019-11-11) + + + + +# [5.0.0](https://github.com/npm/registry-fetch/compare/v4.0.2...v5.0.0) (2019-10-04) + + +### Bug Fixes + +* prefer const in getAuth function ([90ac7b1](https://github.com/npm/registry-fetch/commit/90ac7b1)) +* use minizlib instead of core zlib ([e64702e](https://github.com/npm/registry-fetch/commit/e64702e)) + + +### Features + +* refactor to use Minipass streams ([bb37f20](https://github.com/npm/registry-fetch/commit/bb37f20)) + + +### BREAKING CHANGES + +* this replaces all core streams (except for some +PassThrough streams in a few tests) with Minipass streams, and updates +all deps to the latest and greatest Minipass versions of things. + + + + +## [4.0.2](https://github.com/npm/registry-fetch/compare/v4.0.0...v4.0.2) (2019-10-04) + + +### Bug Fixes + +* Add null check on body on 401 errors ([e3a0186](https://github.com/npm/registry-fetch/commit/e3a0186)), closes [#9](https://github.com/npm/registry-fetch/issues/9) +* **deps:** Add explicit dependency on safe-buffer ([8eae5f0](https://github.com/npm/registry-fetch/commit/8eae5f0)), closes [npm/libnpmaccess#2](https://github.com/npm/libnpmaccess/issues/2) [#3](https://github.com/npm/registry-fetch/issues/3) + + + + +# [4.0.0](https://github.com/npm/registry-fetch/compare/v3.9.1...v4.0.0) (2019-07-15) + + +* cacache@12.0.0, infer uid from cache folder ([0c4f060](https://github.com/npm/registry-fetch/commit/0c4f060)) + + +### BREAKING CHANGES + +* uid and gid are inferred from cache folder, rather than +being passed in as options. + + + + +## [3.9.1](https://github.com/npm/registry-fetch/compare/v3.9.0...v3.9.1) (2019-07-02) + + + + +# [3.9.0](https://github.com/npm/registry-fetch/compare/v3.8.0...v3.9.0) (2019-01-24) + + +### Features + +* **auth:** support username:password encoded legacy _auth ([a91f90c](https://github.com/npm/registry-fetch/commit/a91f90c)) + + + + +# [3.8.0](https://github.com/npm/registry-fetch/compare/v3.7.0...v3.8.0) (2018-08-23) + + +### Features + +* **mapJson:** add support for passing in json stream mapper ([0600986](https://github.com/npm/registry-fetch/commit/0600986)) + + + + +# [3.7.0](https://github.com/npm/registry-fetch/compare/v3.6.0...v3.7.0) (2018-08-23) + + +### Features + +* **json.stream:** add utility function for streamed JSON parsing ([051d969](https://github.com/npm/registry-fetch/commit/051d969)) + + + + +# [3.6.0](https://github.com/npm/registry-fetch/compare/v3.5.0...v3.6.0) (2018-08-22) + + +### Bug Fixes + +* **docs:** document opts.forceAuth ([40bcd65](https://github.com/npm/registry-fetch/commit/40bcd65)) + + +### Features + +* **opts.ignoreBody:** add a boolean to throw away response bodies ([6923702](https://github.com/npm/registry-fetch/commit/6923702)) + + + + +# [3.5.0](https://github.com/npm/registry-fetch/compare/v3.4.0...v3.5.0) (2018-08-22) + + +### Features + +* **pkgid:** heuristic pkgid calculation for errors ([2e789a5](https://github.com/npm/registry-fetch/commit/2e789a5)) + + + + +# [3.4.0](https://github.com/npm/registry-fetch/compare/v3.3.0...v3.4.0) (2018-08-22) + + +### Bug Fixes + +* **deps:** use new figgy-pudding with aliases fix ([0308f54](https://github.com/npm/registry-fetch/commit/0308f54)) + + +### Features + +* **auth:** add forceAuth option to force a specific auth mechanism ([4524d17](https://github.com/npm/registry-fetch/commit/4524d17)) + + + + +# [3.3.0](https://github.com/npm/registry-fetch/compare/v3.2.1...v3.3.0) (2018-08-21) + + +### Bug Fixes + +* **query:** stop including undefined keys ([4718b1b](https://github.com/npm/registry-fetch/commit/4718b1b)) + + +### Features + +* **otp:** use heuristic detection for malformed EOTP responses ([f035194](https://github.com/npm/registry-fetch/commit/f035194)) + + + + +## [3.2.1](https://github.com/npm/registry-fetch/compare/v3.2.0...v3.2.1) (2018-08-16) + + +### Bug Fixes + +* **opts:** pass through non-null opts.retry ([beba040](https://github.com/npm/registry-fetch/commit/beba040)) + + + + +# [3.2.0](https://github.com/npm/registry-fetch/compare/v3.1.1...v3.2.0) (2018-07-27) + + +### Features + +* **gzip:** add opts.gzip convenience opt ([340abe0](https://github.com/npm/registry-fetch/commit/340abe0)) + + + + +## [3.1.1](https://github.com/npm/registry-fetch/compare/v3.1.0...v3.1.1) (2018-04-09) + + + + +# [3.1.0](https://github.com/npm/registry-fetch/compare/v3.0.0...v3.1.0) (2018-04-09) + + +### Features + +* **config:** support no-proxy and https-proxy options ([9aa906b](https://github.com/npm/registry-fetch/commit/9aa906b)) + + + + +# [3.0.0](https://github.com/npm/registry-fetch/compare/v2.1.0...v3.0.0) (2018-04-09) + + +### Bug Fixes + +* **api:** pacote integration-related fixes ([a29de4f](https://github.com/npm/registry-fetch/commit/a29de4f)) +* **config:** stop caring about opts.config ([5856a6f](https://github.com/npm/registry-fetch/commit/5856a6f)) + + +### BREAKING CHANGES + +* **config:** opts.config is no longer supported. Pass the options down in opts itself. + + + + +# [2.1.0](https://github.com/npm/registry-fetch/compare/v2.0.0...v2.1.0) (2018-04-08) + + +### Features + +* **token:** accept opts.token for opts._authToken ([108c9f0](https://github.com/npm/registry-fetch/commit/108c9f0)) + + + + +# [2.0.0](https://github.com/npm/registry-fetch/compare/v1.1.1...v2.0.0) (2018-04-08) + + +### meta + +* drop support for node@4 ([758536e](https://github.com/npm/registry-fetch/commit/758536e)) + + +### BREAKING CHANGES + +* node@4 is no longer supported + + + + +## [1.1.1](https://github.com/npm/registry-fetch/compare/v1.1.0...v1.1.1) (2018-04-06) + + + + +# [1.1.0](https://github.com/npm/registry-fetch/compare/v1.0.1...v1.1.0) (2018-03-16) + + +### Features + +* **specs:** can use opts.spec to trigger pickManifest ([85c4ac9](https://github.com/npm/registry-fetch/commit/85c4ac9)) + + + + +## [1.0.1](https://github.com/npm/registry-fetch/compare/v1.0.0...v1.0.1) (2018-03-16) + + +### Bug Fixes + +* **query:** oops console.log ([870e4f5](https://github.com/npm/registry-fetch/commit/870e4f5)) + + + + +# 1.0.0 (2018-03-16) + + +### Bug Fixes + +* **auth:** get auth working with all the little details ([84b94ba](https://github.com/npm/registry-fetch/commit/84b94ba)) +* **deps:** add bluebird as an actual dep ([1286e31](https://github.com/npm/registry-fetch/commit/1286e31)) +* **errors:** Unknown auth errors use default code ([#1](https://github.com/npm/registry-fetch/issues/1)) ([3d91b93](https://github.com/npm/registry-fetch/commit/3d91b93)) +* **standard:** remove args from invocation ([9620a0a](https://github.com/npm/registry-fetch/commit/9620a0a)) + + +### Features + +* **api:** baseline kinda-working API impl ([bf91f9f](https://github.com/npm/registry-fetch/commit/bf91f9f)) +* **body:** automatic handling of different opts.body values ([f3b97db](https://github.com/npm/registry-fetch/commit/f3b97db)) +* **config:** nicer input config input handling ([b9ce21d](https://github.com/npm/registry-fetch/commit/b9ce21d)) +* **opts:** use figgy-pudding for opts handling ([0abd527](https://github.com/npm/registry-fetch/commit/0abd527)) +* **query:** add query utility support ([65ea8b1](https://github.com/npm/registry-fetch/commit/65ea8b1)) diff --git a/node_modules/pacote/node_modules/npm-registry-fetch/LICENSE.md b/node_modules/pacote/node_modules/npm-registry-fetch/LICENSE.md new file mode 100644 index 0000000000000..8d28acf866d93 --- /dev/null +++ b/node_modules/pacote/node_modules/npm-registry-fetch/LICENSE.md @@ -0,0 +1,16 @@ +ISC License + +Copyright (c) npm, Inc. + +Permission to use, copy, modify, and/or distribute this software for +any purpose with or without fee is hereby granted, provided that the +above copyright notice and this permission notice appear in all copies. + +THE SOFTWARE IS PROVIDED "AS IS" AND THE COPYRIGHT HOLDER DISCLAIMS +ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE +COPYRIGHT HOLDER BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR +CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS +OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE +USE OR PERFORMANCE OF THIS SOFTWARE. diff --git a/node_modules/pacote/node_modules/npm-registry-fetch/README.md b/node_modules/pacote/node_modules/npm-registry-fetch/README.md new file mode 100644 index 0000000000000..e660940e30dc4 --- /dev/null +++ b/node_modules/pacote/node_modules/npm-registry-fetch/README.md @@ -0,0 +1,635 @@ +# npm-registry-fetch + +[![npm version](https://img.shields.io/npm/v/npm-registry-fetch.svg)](https://npm.im/npm-registry-fetch) +[![license](https://img.shields.io/npm/l/npm-registry-fetch.svg)](https://npm.im/npm-registry-fetch) +[![Travis](https://img.shields.io/travis/npm/npm-registry-fetch/latest.svg)](https://travis-ci.org/npm/npm-registry-fetch) +[![AppVeyor](https://img.shields.io/appveyor/ci/npm/npm-registry-fetch/latest.svg)](https://ci.appveyor.com/project/npm/npm-registry-fetch) +[![Coverage Status](https://coveralls.io/repos/github/npm/npm-registry-fetch/badge.svg?branch=latest)](https://coveralls.io/github/npm/npm-registry-fetch?branch=latest) + +[`npm-registry-fetch`](https://github.com/npm/npm-registry-fetch) is a Node.js +library that implements a `fetch`-like API for accessing npm registry APIs +consistently. It's able to consume npm-style configuration values and has all +the necessary logic for picking registries, handling scopes, and dealing with +authentication details built-in. + +This package is meant to replace the older +[`npm-registry-client`](https://npm.im/npm-registry-client). + +## Example + +```javascript +const npmFetch = require('npm-registry-fetch') + +console.log( + await npmFetch.json('/-/ping') +) +``` + +## Table of Contents + +* [Installing](#install) +* [Example](#example) +* [Contributing](#contributing) +* [API](#api) + * [`fetch`](#fetch) + * [`fetch.json`](#fetch-json) + * [`fetch` options](#fetch-opts) + +### Install + +`$ npm install npm-registry-fetch` + +### Contributing + +The npm team enthusiastically welcomes contributions and project participation! +There's a bunch of things you can do if you want to contribute! The [Contributor +Guide](CONTRIBUTING.md) has all the information you need for everything from +reporting bugs to contributing entire new features. Please don't hesitate to +jump in if you'd like to, or even ask us questions if something isn't clear. + +All participants and maintainers in this project are expected to follow [Code of +Conduct](CODE_OF_CONDUCT.md), and just generally be excellent to each other. + +Please refer to the [Changelog](CHANGELOG.md) for project history details, too. + +Happy hacking! + +### API + +#### Caching and `write=true` query strings + +Before performing any PUT or DELETE operation, npm clients first make a +GET request to the registry resource being updated, which includes +the query string `?write=true`. + +The semantics of this are, effectively, "I intend to write to this thing, +and need to know the latest current value, so that my write can land +cleanly". + +The public npm registry handles these `?write=true` requests by ensuring +that the cache is re-validated before sending a response. In order to +maintain the same behavior on the client, and not get tripped up by an +overeager local cache when we intend to write data to the registry, any +request that comes through `npm-registry-fetch` that contains `write=true` +in the query string will forcibly set the `prefer-online` option to `true`, +and set both `prefer-offline` and `offline` to false, so that any local +cached value will be revalidated. + +#### `> fetch(url, [opts]) -> Promise` + +Performs a request to a given URL. + +The URL can be either a full URL, or a path to one. The appropriate registry +will be automatically picked if only a URL path is given. + +For available options, please see the section on [`fetch` options](#fetch-opts). + +##### Example + +```javascript +const res = await fetch('/-/ping') +console.log(res.headers) +res.on('data', d => console.log(d.toString('utf8'))) +``` + +#### `> fetch.json(url, [opts]) -> Promise` + +Performs a request to a given registry URL, parses the body of the response as +JSON, and returns it as its final value. This is a utility shorthand for +`fetch(url).then(res => res.json())`. + +For available options, please see the section on [`fetch` options](#fetch-opts). + +##### Example + +```javascript +const res = await fetch.json('/-/ping') +console.log(res) // Body parsed as JSON +``` + +#### `> fetch.json.stream(url, jsonPath, [opts]) -> Stream` + +Performs a request to a given registry URL and parses the body of the response +as JSON, with each entry being emitted through the stream. + +The `jsonPath` argument is a [`JSONStream.parse()` +path](https://github.com/dominictarr/JSONStream#jsonstreamparsepath), and the +returned stream (unlike default `JSONStream`s), has a valid +`Symbol.asyncIterator` implementation. + +For available options, please see the section on [`fetch` options](#fetch-opts). + +##### Example + +```javascript +console.log('https://npm.im/~zkat has access to the following packages:') +for await (let {key, value} of fetch.json.stream('/-/user/zkat/package', '$*')) { + console.log(`https://npm.im/${key} (perms: ${value})`) +} +``` + +#### `fetch` Options + +Fetch options are optional, and can be passed in as either a Map-like object +(one with a `.get()` method), a plain javascript object, or a +[`figgy-pudding`](https://npm.im/figgy-pudding) instance. + +##### `opts.agent` + +* Type: http.Agent +* Default: an appropriate agent based on URL protocol and proxy settings + +An [`Agent`](https://nodejs.org/api/http.html#http_class_http_agent) instance to +be shared across requests. This allows multiple concurrent `fetch` requests to +happen on the same socket. + +You do _not_ need to provide this option unless you want something particularly +specialized, since proxy configurations and http/https agents are already +automatically managed internally when this option is not passed through. + +##### `opts.body` + +* Type: Buffer | Stream | Object +* Default: null + +Request body to send through the outgoing request. Buffers and Streams will be +passed through as-is, with a default `content-type` of +`application/octet-stream`. Plain JavaScript objects will be `JSON.stringify`ed +and the `content-type` will default to `application/json`. + +Use [`opts.headers`](#opts-headers) to set the content-type to something else. + +##### `opts.ca` + +* Type: String, Array, or null +* Default: null + +The Certificate Authority signing certificate that is trusted for SSL +connections to the registry. Values should be in PEM format (Windows calls it +"Base-64 encoded X.509 (.CER)") with newlines replaced by the string `'\n'`. For +example: + +``` +{ + ca: '-----BEGIN CERTIFICATE-----\nXXXX\nXXXX\n-----END CERTIFICATE-----' +} +``` + +Set to `null` to only allow "known" registrars, or to a specific CA cert +to trust only that specific signing authority. + +Multiple CAs can be trusted by specifying an array of certificates instead of a +single string. + +See also [`opts.strictSSL`](#opts-strictSSL), [`opts.ca`](#opts-ca) and +[`opts.key`](#opts-key) + +##### `opts.cache` + +* Type: path +* Default: null + +The location of the http cache directory. If provided, certain cachable requests +will be cached according to [IETF RFC 7234](https://tools.ietf.org/html/rfc7234) +rules. This will speed up future requests, as well as make the cached data +available offline if necessary/requested. + +See also [`offline`](#opts-offline), [`preferOffline`](#opts-preferOffline), +and [`preferOnline`](#opts-preferOnline). + +##### `opts.cert` + +* Type: String +* Default: null + +A client certificate to pass when accessing the registry. Values should be in +PEM format (Windows calls it "Base-64 encoded X.509 (.CER)") with newlines +replaced by the string `'\n'`. For example: + +``` +{ + cert: '-----BEGIN CERTIFICATE-----\nXXXX\nXXXX\n-----END CERTIFICATE-----' +} +``` + +It is _not_ the path to a certificate file (and there is no "certfile" option). + +See also: [`opts.ca`](#opts-ca) and [`opts.key`](#opts-key) + +##### `opts.fetchRetries` + +* Type: Number +* Default: 2 + +The "retries" config for [`retry`](https://npm.im/retry) to use when fetching +packages from the registry. + +See also [`opts.retry`](#opts-retry) to provide all retry options as a single +object. + +##### `opts.fetchRetryFactor` + +* Type: Number +* Default: 10 + +The "factor" config for [`retry`](https://npm.im/retry) to use when fetching +packages. + +See also [`opts.retry`](#opts-retry) to provide all retry options as a single +object. + +##### `opts.fetchRetryMintimeout` + +* Type: Number +* Default: 10000 (10 seconds) + +The "minTimeout" config for [`retry`](https://npm.im/retry) to use when fetching +packages. + +See also [`opts.retry`](#opts-retry) to provide all retry options as a single +object. + +##### `opts.fetchRetryMaxtimeout` + +* Type: Number +* Default: 60000 (1 minute) + +The "maxTimeout" config for [`retry`](https://npm.im/retry) to use when fetching +packages. + +See also [`opts.retry`](#opts-retry) to provide all retry options as a single +object. + +##### `opts.forceAuth` + +* Type: Object +* Default: null + +If present, other auth-related values in `opts` will be completely ignored, +including `alwaysAuth`, `email`, and `otp`, when calculating auth for a request, +and the auth details in `opts.forceAuth` will be used instead. + +##### `opts.gzip` + +* Type: Boolean +* Default: false + +If true, `npm-registry-fetch` will set the `Content-Encoding` header to `gzip` +and use `zlib.gzip()` or `zlib.createGzip()` to gzip-encode +[`opts.body`](#opts-body). + +##### `opts.headers` + +* Type: Object +* Default: null + +Additional headers for the outgoing request. This option can also be used to +override headers automatically generated by `npm-registry-fetch`, such as +`Content-Type`. + +##### `opts.ignoreBody` + +* Type: Boolean +* Default: false + +If true, the **response body** will be thrown away and `res.body` set to `null`. +This will prevent dangling response sockets for requests where you don't usually +care what the response body is. + +##### `opts.integrity` + +* Type: String | [SRI object](https://npm.im/ssri) +* Default: null + +If provided, the response body's will be verified against this integrity string, +using [`ssri`](https://npm.im/ssri). If verification succeeds, the response will +complete as normal. If verification fails, the response body will error with an +`EINTEGRITY` error. + +Body integrity is only verified if the body is actually consumed to completion -- +that is, if you use `res.json()`/`res.buffer()`, or if you consume the default +`res` stream data to its end. + +Cached data will have its integrity automatically verified using the +previously-generated integrity hash for the saved request information, so +`EINTEGRITY` errors can happen if [`opts.cache`](#opts-cache) is used, even if +`opts.integrity` is not passed in. + +##### `opts.isFromCI` + +* Type: Boolean +* Default: Based on environment variables + +This is used to populate the `npm-in-ci` request header sent to the registry. + +##### `opts.key` + +* Type: String +* Default: null + +A client key to pass when accessing the registry. Values should be in PEM +format with newlines replaced by the string `'\n'`. For example: + +``` +{ + key: '-----BEGIN PRIVATE KEY-----\nXXXX\nXXXX\n-----END PRIVATE KEY-----' +} +``` + +It is _not_ the path to a key file (and there is no "keyfile" option). + +See also: [`opts.ca`](#opts-ca) and [`opts.cert`](#opts-cert) + +##### `opts.localAddress` + +* Type: IP Address String +* Default: null + +The IP address of the local interface to use when making connections +to the registry. + +See also [`opts.proxy`](#opts-proxy) + +##### `opts.log` + +* Type: [`npmlog`](https://npm.im/npmlog)-like +* Default: null + +Logger object to use for logging operation details. Must have the same methods +as `npmlog`. + +##### `opts.mapJSON` + +* Type: Function +* Default: undefined + +When using `fetch.json.stream()` (NOT `fetch.json()`), this will be passed down +to [`JSONStream`](https://npm.im/JSONStream) as the second argument to +`JSONStream.parse`, and can be used to transform stream data before output. + +##### `opts.maxSockets` + +* Type: Integer +* Default: 12 + +Maximum number of sockets to keep open during requests. Has no effect if +[`opts.agent`](#opts-agent) is used. + +##### `opts.method` + +* Type: String +* Default: 'GET' + +HTTP method to use for the outgoing request. Case-insensitive. + +##### `opts.noproxy` + +* Type: Boolean +* Default: process.env.NOPROXY + +If true, proxying will be disabled even if [`opts.proxy`](#opts-proxy) is used. + +##### `opts.npmSession` + +* Type: String +* Default: null + +If provided, will be sent in the `npm-session` header. This header is used by +the npm registry to identify individual user sessions (usually individual +invocations of the CLI). + +##### `opts.npmCommand` + +* Type: String +* Default: null + +If provided, it will be sent in the `npm-command` header. This yeader is +used by the npm registry to identify the npm command that caused this +request to be made. + +##### `opts.offline` + +* Type: Boolean +* Default: false + +Force offline mode: no network requests will be done during install. To allow +`npm-registry-fetch` to fill in missing cache data, see +[`opts.preferOffline`](#opts-preferOffline). + +This option is only really useful if you're also using +[`opts.cache`](#opts-cache). + +This option is set to `true` when the request includes `write=true` in the +query string. + +##### `opts.otp` + +* Type: Number | String +* Default: null + +This is a one-time password from a two-factor authenticator. It is required for +certain registry interactions when two-factor auth is enabled for a user +account. + +##### `opts.password` + +* Alias: `_password` +* Type: String +* Default: null + +Password used for basic authentication. For the more modern authentication +method, please use the (more secure) [`opts.token`](#opts-token) + +Can optionally be scoped to a registry by using a "nerf dart" for that registry. +That is: + +``` +{ + '//registry.npmjs.org/:password': 't0k3nH34r' +} +``` + +See also [`opts.username`](#opts-username) + +##### `opts.preferOffline` + +* Type: Boolean +* Default: false + +If true, staleness checks for cached data will be bypassed, but missing data +will be requested from the server. To force full offline mode, use +[`opts.offline`](#opts-offline). + +This option is generally only useful if you're also using +[`opts.cache`](#opts-cache). + +This option is set to `false` when the request includes `write=true` in the +query string. + +##### `opts.preferOnline` + +* Type: Boolean +* Default: false + +If true, staleness checks for cached data will be forced, making the CLI look +for updates immediately even for fresh package data. + +This option is generally only useful if you're also using +[`opts.cache`](#opts-cache). + +This option is set to `true` when the request includes `write=true` in the +query string. + +##### `opts.projectScope` + +* Type: String +* Default: null + +If provided, will be sent in the `npm-scope` header. This header is used by the +npm registry to identify the toplevel package scope that a particular project +installation is using. + +##### `opts.proxy` + +* Type: url +* Default: null + +A proxy to use for outgoing http requests. If not passed in, the `HTTP(S)_PROXY` +environment variable will be used. + +##### `opts.query` + +* Type: String | Object +* Default: null + +If provided, the request URI will have a query string appended to it using this +query. If `opts.query` is an object, it will be converted to a query string +using +[`querystring.stringify()`](https://nodejs.org/api/querystring.html#querystring_querystring_stringify_obj_sep_eq_options). + +If the request URI already has a query string, it will be merged with +`opts.query`, preferring `opts.query` values. + +##### `opts.registry` + +* Type: URL +* Default: `'https://registry.npmjs.org'` + +Registry configuration for a request. If a request URL only includes the URL +path, this registry setting will be prepended. This configuration is also used +to determine authentication details, so even if the request URL references a +completely different host, `opts.registry` will be used to find the auth details +for that request. + +See also [`opts.scope`](#opts-scope), [`opts.spec`](#opts-spec), and +[`opts.:registry`](#opts-scope-registry) which can all affect the actual +registry URL used by the outgoing request. + +##### `opts.retry` + +* Type: Object +* Default: null + +Single-object configuration for request retry settings. If passed in, will +override individually-passed `fetch-retry-*` settings. + +##### `opts.scope` + +* Type: String +* Default: null + +Associate an operation with a scope for a scoped registry. This option can force +lookup of scope-specific registries and authentication. + +See also [`opts.:registry`](#opts-scope-registry) and +[`opts.spec`](#opts-spec) for interactions with this option. + +##### `opts.:registry` + +* Type: String +* Default: null + +This option type can be used to configure the registry used for requests +involving a particular scope. For example, `opts['@myscope:registry'] = +'https://scope-specific.registry/'` will make it so requests go out to this +registry instead of [`opts.registry`](#opts-registry) when +[`opts.scope`](#opts-scope) is used, or when [`opts.spec`](#opts-spec) is a +scoped package spec. + +The `@` before the scope name is optional, but recommended. + +##### `opts.spec` + +* Type: String | [`npm-registry-arg`](https://npm.im/npm-registry-arg) object. +* Default: null + +If provided, can be used to automatically configure [`opts.scope`](#opts-scope) +based on a specific package name. Non-registry package specs will throw an +error. + +##### `opts.strictSSL` + +* Type: Boolean +* Default: true + +Whether or not to do SSL key validation when making requests to the +registry via https. + +See also [`opts.ca`](#opts-ca). + +##### `opts.timeout` + +* Type: Milliseconds +* Default: 300000 (5 minutes) + +Time before a hanging request times out. + +##### `opts.token` + +* Alias: `opts._authToken` +* Type: String +* Default: null + +Authentication token string. + +Can be scoped to a registry by using a "nerf dart" for that registry. That is: + +``` +{ + '//registry.npmjs.org/:token': 't0k3nH34r' +} +``` + +##### `opts.userAgent` + +* Type: String +* Default: `'npm-registry-fetch@/node@+ ()'` + +User agent string to send in the `User-Agent` header. + +##### `opts.username` + +* Type: String +* Default: null + +Username used for basic authentication. For the more modern authentication +method, please use the (more secure) [`opts.token`](#opts-token) + +Can optionally be scoped to a registry by using a "nerf dart" for that registry. +That is: + +``` +{ + '//registry.npmjs.org/:username': 't0k3nH34r' +} +``` + +See also [`opts.password`](#opts-password) + +##### `opts._auth` + +* Type: String +* Default: null + +** DEPRECATED ** This is a legacy authentication token supported only for +compatibility. Please use [`opts.token`](#opts-token) instead. diff --git a/node_modules/pacote/node_modules/npm-registry-fetch/auth.js b/node_modules/pacote/node_modules/npm-registry-fetch/auth.js new file mode 100644 index 0000000000000..11c3bde6b4e6c --- /dev/null +++ b/node_modules/pacote/node_modules/npm-registry-fetch/auth.js @@ -0,0 +1,55 @@ +'use strict' + +const defaultOpts = require('./default-opts.js') +const url = require('url') + +module.exports = getAuth +function getAuth (registry, opts_ = {}) { + if (!registry) { throw new Error('registry is required') } + const opts = opts_.forceAuth ? opts_.forceAuth : { ...defaultOpts, ...opts_ } + const AUTH = {} + const regKey = registry && registryKey(registry) + const doKey = (key, alias) => addKey(opts, AUTH, regKey, key, alias) + doKey('token') + doKey('_authToken', 'token') + doKey('username') + doKey('password') + doKey('_password', 'password') + doKey('email') + doKey('_auth') + doKey('otp') + doKey('always-auth', 'alwaysAuth') + if (AUTH.password) { + AUTH.password = Buffer.from(AUTH.password, 'base64').toString('utf8') + } + if (AUTH._auth && !(AUTH.username && AUTH.password)) { + let auth = Buffer.from(AUTH._auth, 'base64').toString() + auth = auth.split(':') + AUTH.username = auth.shift() + AUTH.password = auth.join(':') + } + AUTH.alwaysAuth = AUTH.alwaysAuth === 'false' ? false : !!AUTH.alwaysAuth + return AUTH +} + +function addKey (opts, obj, scope, key, objKey) { + if (opts[key]) { + obj[objKey || key] = opts[key] + } + if (scope && opts[`${scope}:${key}`]) { + obj[objKey || key] = opts[`${scope}:${key}`] + } +} + +// Called a nerf dart in the main codebase. Used as a "safe" +// key when fetching registry info from config. +function registryKey (registry) { + const parsed = new url.URL(registry) + const formatted = url.format({ + protocol: parsed.protocol, + host: parsed.host, + pathname: parsed.pathname, + slashes: true + }) + return url.format(new url.URL('.', formatted)).replace(/^[^:]+:/, '') +} diff --git a/node_modules/pacote/node_modules/npm-registry-fetch/check-response.js b/node_modules/pacote/node_modules/npm-registry-fetch/check-response.js new file mode 100644 index 0000000000000..f151711f30160 --- /dev/null +++ b/node_modules/pacote/node_modules/npm-registry-fetch/check-response.js @@ -0,0 +1,128 @@ +'use strict' + +const errors = require('./errors.js') +const LRU = require('lru-cache') +const { Response } = require('minipass-fetch') +const defaultOpts = require('./default-opts.js') + +module.exports = checkResponse +function checkResponse (method, res, registry, startTime, opts_ = {}) { + const opts = { ...defaultOpts, ...opts_ } + if (res.headers.has('npm-notice') && !res.headers.has('x-local-cache')) { + opts.log.notice('', res.headers.get('npm-notice')) + } + checkWarnings(res, registry, opts) + if (res.status >= 400) { + logRequest(method, res, startTime, opts) + return checkErrors(method, res, startTime, opts) + } else { + res.body.on('end', () => logRequest(method, res, startTime, opts)) + if (opts.ignoreBody) { + res.body.resume() + return new Response(null, res) + } + return res + } +} + +function logRequest (method, res, startTime, opts) { + const elapsedTime = Date.now() - startTime + const attempt = res.headers.get('x-fetch-attempts') + const attemptStr = attempt && attempt > 1 ? ` attempt #${attempt}` : '' + const cacheStr = res.headers.get('x-local-cache') ? ' (from cache)' : '' + + let urlStr + try { + const { URL } = require('url') + const url = new URL(res.url) + if (url.password) { + url.password = '***' + } + urlStr = url.toString() + } catch (er) { + urlStr = res.url + } + + opts.log.http( + 'fetch', + `${method.toUpperCase()} ${res.status} ${urlStr} ${elapsedTime}ms${attemptStr}${cacheStr}` + ) +} + +const WARNING_REGEXP = /^\s*(\d{3})\s+(\S+)\s+"(.*)"\s+"([^"]+)"/ +const BAD_HOSTS = new LRU({ max: 50 }) + +function checkWarnings (res, registry, opts) { + if (res.headers.has('warning') && !BAD_HOSTS.has(registry)) { + const warnings = {} + // note: headers.raw() will preserve case, so we might have a + // key on the object like 'WaRnInG' if that was used first + for (const [key, value] of Object.entries(res.headers.raw())) { + if (key.toLowerCase() !== 'warning') { continue } + value.forEach(w => { + const match = w.match(WARNING_REGEXP) + if (match) { + warnings[match[1]] = { + code: match[1], + host: match[2], + message: match[3], + date: new Date(match[4]) + } + } + }) + } + BAD_HOSTS.set(registry, true) + if (warnings['199']) { + if (warnings['199'].message.match(/ENOTFOUND/)) { + opts.log.warn('registry', `Using stale data from ${registry} because the host is inaccessible -- are you offline?`) + } else { + opts.log.warn('registry', `Unexpected warning for ${registry}: ${warnings['199'].message}`) + } + } + if (warnings['111']) { + // 111 Revalidation failed -- we're using stale data + opts.log.warn( + 'registry', + `Using stale data from ${registry} due to a request error during revalidation.` + ) + } + } +} + +function checkErrors (method, res, startTime, opts) { + return res.buffer() + .catch(() => null) + .then(body => { + let parsed = body + try { + parsed = JSON.parse(body.toString('utf8')) + } catch (e) {} + if (res.status === 401 && res.headers.get('www-authenticate')) { + const auth = res.headers.get('www-authenticate') + .split(/,\s*/) + .map(s => s.toLowerCase()) + if (auth.indexOf('ipaddress') !== -1) { + throw new errors.HttpErrorAuthIPAddress( + method, res, parsed, opts.spec + ) + } else if (auth.indexOf('otp') !== -1) { + throw new errors.HttpErrorAuthOTP( + method, res, parsed, opts.spec + ) + } else { + throw new errors.HttpErrorAuthUnknown( + method, res, parsed, opts.spec + ) + } + } else if (res.status === 401 && body != null && /one-time pass/.test(body.toString('utf8'))) { + // Heuristic for malformed OTP responses that don't include the www-authenticate header. + throw new errors.HttpErrorAuthOTP( + method, res, parsed, opts.spec + ) + } else { + throw new errors.HttpErrorGeneral( + method, res, parsed, opts.spec + ) + } + }) +} diff --git a/node_modules/pacote/node_modules/npm-registry-fetch/default-opts.js b/node_modules/pacote/node_modules/npm-registry-fetch/default-opts.js new file mode 100644 index 0000000000000..b742fd5a5fcd4 --- /dev/null +++ b/node_modules/pacote/node_modules/npm-registry-fetch/default-opts.js @@ -0,0 +1,22 @@ +const pkg = require('./package.json') +const ciDetect = require('@npmcli/ci-detect') +module.exports = { + isFromCI: ciDetect(), + log: require('./silentlog.js'), + maxSockets: 12, + method: 'GET', + registry: 'https://registry.npmjs.org/', + timeout: 5 * 60 * 1000, // 5 minutes + strictSSL: true, + noProxy: process.env.NOPROXY, + userAgent: `${pkg.name + }@${ + pkg.version + }/node@${ + process.version + }+${ + process.arch + } (${ + process.platform + })` +} diff --git a/node_modules/pacote/node_modules/npm-registry-fetch/errors.js b/node_modules/pacote/node_modules/npm-registry-fetch/errors.js new file mode 100644 index 0000000000000..c41947e29952d --- /dev/null +++ b/node_modules/pacote/node_modules/npm-registry-fetch/errors.js @@ -0,0 +1,79 @@ +'use strict' + +const url = require('url') + +function packageName (href) { + try { + let basePath = new url.URL(href).pathname.substr(1) + if (!basePath.match(/^-/)) { + basePath = basePath.split('/') + var index = basePath.indexOf('_rewrite') + if (index === -1) { + index = basePath.length - 1 + } else { + index++ + } + return decodeURIComponent(basePath[index]) + } + } catch (_) { + // this is ok + } +} + +class HttpErrorBase extends Error { + constructor (method, res, body, spec) { + super() + this.headers = res.headers.raw() + this.statusCode = res.status + this.code = `E${res.status}` + this.method = method + this.uri = res.url + this.body = body + this.pkgid = spec ? spec.toString() : packageName(res.url) + } +} +module.exports.HttpErrorBase = HttpErrorBase + +class HttpErrorGeneral extends HttpErrorBase { + constructor (method, res, body, spec) { + super(method, res, body, spec) + this.message = `${res.status} ${res.statusText} - ${ + this.method.toUpperCase() + } ${ + this.spec || this.uri + }${ + (body && body.error) ? ' - ' + body.error : '' + }` + Error.captureStackTrace(this, HttpErrorGeneral) + } +} +module.exports.HttpErrorGeneral = HttpErrorGeneral + +class HttpErrorAuthOTP extends HttpErrorBase { + constructor (method, res, body, spec) { + super(method, res, body, spec) + this.message = 'OTP required for authentication' + this.code = 'EOTP' + Error.captureStackTrace(this, HttpErrorAuthOTP) + } +} +module.exports.HttpErrorAuthOTP = HttpErrorAuthOTP + +class HttpErrorAuthIPAddress extends HttpErrorBase { + constructor (method, res, body, spec) { + super(method, res, body, spec) + this.message = 'Login is not allowed from your IP address' + this.code = 'EAUTHIP' + Error.captureStackTrace(this, HttpErrorAuthIPAddress) + } +} +module.exports.HttpErrorAuthIPAddress = HttpErrorAuthIPAddress + +class HttpErrorAuthUnknown extends HttpErrorBase { + constructor (method, res, body, spec) { + super(method, res, body, spec) + this.message = 'Unable to authenticate, need: ' + res.headers.get('www-authenticate') + Error.captureStackTrace(this, HttpErrorAuthUnknown) + } +} +module.exports.HttpErrorAuthUnknown = HttpErrorAuthUnknown diff --git a/node_modules/pacote/node_modules/npm-registry-fetch/index.js b/node_modules/pacote/node_modules/npm-registry-fetch/index.js new file mode 100644 index 0000000000000..2324e7fbfd00b --- /dev/null +++ b/node_modules/pacote/node_modules/npm-registry-fetch/index.js @@ -0,0 +1,219 @@ +'use strict' + +const checkResponse = require('./check-response.js') +const getAuth = require('./auth.js') +const fetch = require('make-fetch-happen') +const JSONStream = require('minipass-json-stream') +const npa = require('npm-package-arg') +const qs = require('querystring') +const url = require('url') +const zlib = require('minizlib') +const Minipass = require('minipass') + +const defaultOpts = require('./default-opts.js') + +// WhatWG URL throws if it's not fully resolved +const urlIsValid = u => { + try { + return !!new url.URL(u) + } catch (_) { + return false + } +} + +module.exports = regFetch +function regFetch (uri, /* istanbul ignore next */ opts_ = {}) { + const opts = { + ...defaultOpts, + ...opts_ + } + const registry = opts.registry = ( + (opts.spec && pickRegistry(opts.spec, opts)) || + (opts.publishConfig && opts.publishConfig.registry) || + opts.registry || + /* istanbul ignore next */ + 'https://registry.npmjs.org/' + ) + + if (!urlIsValid(uri)) { + uri = `${ + registry.trim().replace(/\/?$/g, '') + }/${ + uri.trim().replace(/^\//, '') + }` + } + + const method = opts.method || 'GET' + + // through that takes into account the scope, the prefix of `uri`, etc + const startTime = Date.now() + const headers = getHeaders(registry, uri, opts) + let body = opts.body + const bodyIsStream = Minipass.isStream(body) + const bodyIsPromise = body && + typeof body === 'object' && + typeof body.then === 'function' + + if (body && !bodyIsStream && !bodyIsPromise && typeof body !== 'string' && !Buffer.isBuffer(body)) { + headers['content-type'] = headers['content-type'] || 'application/json' + body = JSON.stringify(body) + } else if (body && !headers['content-type']) { + headers['content-type'] = 'application/octet-stream' + } + + if (opts.gzip) { + headers['content-encoding'] = 'gzip' + if (bodyIsStream) { + const gz = new zlib.Gzip() + body.on('error', /* istanbul ignore next: unlikely and hard to test */ + err => gz.emit('error', err)) + body = body.pipe(gz) + } else if (!bodyIsPromise) { + body = new zlib.Gzip().end(body).concat() + } + } + + const parsed = new url.URL(uri) + + if (opts.query) { + const q = typeof opts.query === 'string' + ? qs.parse(opts.query) + : opts.query + + Object.keys(q).forEach(key => { + if (q[key] !== undefined) { + parsed.searchParams.set(key, q[key]) + } + }) + uri = url.format(parsed) + } + + if (parsed.searchParams.get('write') === 'true' && method === 'GET') { + // do not cache, because this GET is fetching a rev that will be + // used for a subsequent PUT or DELETE, so we need to conditionally + // update cache. + opts.offline = false + opts.preferOffline = false + opts.preferOnline = true + } + + const doFetch = (body) => fetch(uri, { + agent: opts.agent, + algorithms: opts.algorithms, + body, + cache: getCacheMode(opts), + cacheManager: opts.cache, + ca: opts.ca, + cert: opts.cert, + headers, + integrity: opts.integrity, + key: opts.key, + localAddress: opts.localAddress, + maxSockets: opts.maxSockets, + memoize: opts.memoize, + method: method, + noProxy: opts.noProxy, + proxy: opts.httpsProxy || opts.proxy, + retry: opts.retry ? opts.retry : { + retries: opts.fetchRetries, + factor: opts.fetchRetryFactor, + minTimeout: opts.fetchRetryMintimeout, + maxTimeout: opts.fetchRetryMaxtimeout + }, + strictSSL: opts.strictSSL, + timeout: opts.timeout || 30 * 1000 + }).then(res => checkResponse( + method, res, registry, startTime, opts + )) + + return Promise.resolve(body).then(doFetch) +} + +module.exports.json = fetchJSON +function fetchJSON (uri, opts) { + return regFetch(uri, opts).then(res => res.json()) +} + +module.exports.json.stream = fetchJSONStream +function fetchJSONStream (uri, jsonPath, /* istanbul ignore next */ opts_ = {}) { + const opts = { ...defaultOpts, ...opts_ } + const parser = JSONStream.parse(jsonPath, opts.mapJSON) + regFetch(uri, opts).then(res => + res.body.on('error', + /* istanbul ignore next: unlikely and difficult to test */ + er => parser.emit('error', er)).pipe(parser) + ).catch(er => parser.emit('error', er)) + return parser +} + +module.exports.pickRegistry = pickRegistry +function pickRegistry (spec, opts = {}) { + spec = npa(spec) + let registry = spec.scope && + opts[spec.scope.replace(/^@?/, '@') + ':registry'] + + if (!registry && opts.scope) { + registry = opts[opts.scope.replace(/^@?/, '@') + ':registry'] + } + + if (!registry && opts.publishConfig) { + registry = opts.publishConfig.registry + } + + if (!registry) { + registry = opts.registry || 'https://registry.npmjs.org/' + } + + return registry +} + +function getCacheMode (opts) { + return opts.offline + ? 'only-if-cached' + : opts.preferOffline + ? 'force-cache' + : opts.preferOnline + ? 'no-cache' + : 'default' +} + +function getHeaders (registry, uri, opts) { + const headers = Object.assign({ + 'npm-in-ci': !!opts.isFromCI, + 'user-agent': opts.userAgent + }, opts.headers || {}) + + if (opts.projectScope) { + headers['npm-scope'] = opts.projectScope + } + + if (opts.npmSession) { + headers['npm-session'] = opts.npmSession + } + + if (opts.npmCommand) { + headers['npm-command'] = opts.npmCommand + } + + const auth = getAuth(registry, opts) + // If a tarball is hosted on a different place than the manifest, only send + // credentials on `alwaysAuth` + const shouldAuth = ( + auth.alwaysAuth || + new url.URL(uri).host === new url.URL(registry).host + ) + if (shouldAuth && auth.token) { + headers.authorization = `Bearer ${auth.token}` + } else if (shouldAuth && auth.username && auth.password) { + const encoded = Buffer.from( + `${auth.username}:${auth.password}`, 'utf8' + ).toString('base64') + headers.authorization = `Basic ${encoded}` + } else if (shouldAuth && auth._auth) { + headers.authorization = `Basic ${auth._auth}` + } + if (shouldAuth && auth.otp) { + headers['npm-otp'] = auth.otp + } + return headers +} diff --git a/node_modules/pacote/node_modules/npm-registry-fetch/package.json b/node_modules/pacote/node_modules/npm-registry-fetch/package.json new file mode 100644 index 0000000000000..5aeddc5b39102 --- /dev/null +++ b/node_modules/pacote/node_modules/npm-registry-fetch/package.json @@ -0,0 +1,59 @@ +{ + "name": "npm-registry-fetch", + "version": "8.1.5", + "description": "Fetch-based http client for use with npm registry APIs", + "main": "index.js", + "files": [ + "*.js", + "lib" + ], + "scripts": { + "postrelease": "npm publish", + "posttest": "standard", + "prepublishOnly": "git push --follow-tags", + "prerelease": "npm t", + "release": "standard-version -s", + "test": "tap" + }, + "repository": "https://github.com/npm/registry-fetch", + "keywords": [ + "npm", + "registry", + "fetch" + ], + "author": { + "name": "Kat Marchán", + "email": "kzm@sykosomatic.org", + "twitter": "maybekatz" + }, + "license": "ISC", + "dependencies": { + "@npmcli/ci-detect": "^1.0.0", + "lru-cache": "^6.0.0", + "make-fetch-happen": "^8.0.9", + "minipass": "^3.1.3", + "minipass-fetch": "^1.3.0", + "minipass-json-stream": "^1.0.1", + "minizlib": "^2.0.0", + "npm-package-arg": "^8.0.0" + }, + "devDependencies": { + "cacache": "^15.0.0", + "mkdirp": "^0.5.1", + "nock": "^11.7.0", + "npmlog": "^4.1.2", + "require-inject": "^1.4.4", + "rimraf": "^2.6.2", + "ssri": "^8.0.0", + "standard": "^14.3.3", + "standard-version": "^7.1.0", + "tap": "^14.10.7" + }, + "tap": { + "check-coverage": true, + "test-ignore": "test[\\\\/](util|cache)[\\\\/]" + }, + "engines": { + "node": ">=10" + } +} diff --git a/node_modules/pacote/node_modules/npm-registry-fetch/silentlog.js b/node_modules/pacote/node_modules/npm-registry-fetch/silentlog.js new file mode 100644 index 0000000000000..886c5d55b2dbb --- /dev/null +++ b/node_modules/pacote/node_modules/npm-registry-fetch/silentlog.js @@ -0,0 +1,14 @@ +'use strict' + +const noop = Function.prototype +module.exports = { + error: noop, + warn: noop, + notice: noop, + info: noop, + verbose: noop, + silly: noop, + http: noop, + pause: noop, + resume: noop +} diff --git a/package-lock.json b/package-lock.json index 7fb4b05848470..21492b37fd6cd 100644 --- a/package-lock.json +++ b/package-lock.json @@ -124,7 +124,7 @@ "npm-package-arg": "^8.1.0", "npm-pick-manifest": "^6.1.0", "npm-profile": "^5.0.1", - "npm-registry-fetch": "^8.1.4", + "npm-registry-fetch": "^9.0.0", "npm-user-validate": "^1.0.1", "npmlog": "~4.1.2", "opener": "^1.5.2", @@ -3704,6 +3704,25 @@ "node": ">=10" } }, + "node_modules/libnpmaccess/node_modules/npm-registry-fetch": { + "version": "8.1.5", + "resolved": "https://registry.npmjs.org/npm-registry-fetch/-/npm-registry-fetch-8.1.5.tgz", + "integrity": "sha512-yZPNoJK9clx1jhSXU54kU6Aj1SV2p7mXUs1W/6OjQvek3wb1RrjDCrt4iY1+VX9eBQvvSGEpzNmYkRUaTL8rqg==", + "inBundle": true, + "dependencies": { + "@npmcli/ci-detect": "^1.0.0", + "lru-cache": "^6.0.0", + "make-fetch-happen": "^8.0.9", + "minipass": "^3.1.3", + "minipass-fetch": "^1.3.0", + "minipass-json-stream": "^1.0.1", + "minizlib": "^2.0.0", + "npm-package-arg": "^8.0.0" + }, + "engines": { + "node": ">=10" + } + }, "node_modules/libnpmfund": { "version": "1.0.1", "inBundle": true, @@ -3724,6 +3743,25 @@ "node": ">=10" } }, + "node_modules/libnpmhook/node_modules/npm-registry-fetch": { + "version": "8.1.5", + "resolved": "https://registry.npmjs.org/npm-registry-fetch/-/npm-registry-fetch-8.1.5.tgz", + "integrity": "sha512-yZPNoJK9clx1jhSXU54kU6Aj1SV2p7mXUs1W/6OjQvek3wb1RrjDCrt4iY1+VX9eBQvvSGEpzNmYkRUaTL8rqg==", + "inBundle": true, + "dependencies": { + "@npmcli/ci-detect": "^1.0.0", + "lru-cache": "^6.0.0", + "make-fetch-happen": "^8.0.9", + "minipass": "^3.1.3", + "minipass-fetch": "^1.3.0", + "minipass-json-stream": "^1.0.1", + "minizlib": "^2.0.0", + "npm-package-arg": "^8.0.0" + }, + "engines": { + "node": ">=10" + } + }, "node_modules/libnpmorg": { "version": "2.0.0", "inBundle": true, @@ -3736,6 +3774,25 @@ "node": ">=10" } }, + "node_modules/libnpmorg/node_modules/npm-registry-fetch": { + "version": "8.1.5", + "resolved": "https://registry.npmjs.org/npm-registry-fetch/-/npm-registry-fetch-8.1.5.tgz", + "integrity": "sha512-yZPNoJK9clx1jhSXU54kU6Aj1SV2p7mXUs1W/6OjQvek3wb1RrjDCrt4iY1+VX9eBQvvSGEpzNmYkRUaTL8rqg==", + "inBundle": true, + "dependencies": { + "@npmcli/ci-detect": "^1.0.0", + "lru-cache": "^6.0.0", + "make-fetch-happen": "^8.0.9", + "minipass": "^3.1.3", + "minipass-fetch": "^1.3.0", + "minipass-json-stream": "^1.0.1", + "minizlib": "^2.0.0", + "npm-package-arg": "^8.0.0" + }, + "engines": { + "node": ">=10" + } + }, "node_modules/libnpmpack": { "version": "2.0.0", "inBundle": true, @@ -3776,6 +3833,25 @@ "node": ">=10" } }, + "node_modules/libnpmsearch/node_modules/npm-registry-fetch": { + "version": "8.1.5", + "resolved": "https://registry.npmjs.org/npm-registry-fetch/-/npm-registry-fetch-8.1.5.tgz", + "integrity": "sha512-yZPNoJK9clx1jhSXU54kU6Aj1SV2p7mXUs1W/6OjQvek3wb1RrjDCrt4iY1+VX9eBQvvSGEpzNmYkRUaTL8rqg==", + "inBundle": true, + "dependencies": { + "@npmcli/ci-detect": "^1.0.0", + "lru-cache": "^6.0.0", + "make-fetch-happen": "^8.0.9", + "minipass": "^3.1.3", + "minipass-fetch": "^1.3.0", + "minipass-json-stream": "^1.0.1", + "minizlib": "^2.0.0", + "npm-package-arg": "^8.0.0" + }, + "engines": { + "node": ">=10" + } + }, "node_modules/libnpmteam": { "version": "2.0.1", "inBundle": true, @@ -3788,6 +3864,25 @@ "node": ">=10" } }, + "node_modules/libnpmteam/node_modules/npm-registry-fetch": { + "version": "8.1.5", + "resolved": "https://registry.npmjs.org/npm-registry-fetch/-/npm-registry-fetch-8.1.5.tgz", + "integrity": "sha512-yZPNoJK9clx1jhSXU54kU6Aj1SV2p7mXUs1W/6OjQvek3wb1RrjDCrt4iY1+VX9eBQvvSGEpzNmYkRUaTL8rqg==", + "inBundle": true, + "dependencies": { + "@npmcli/ci-detect": "^1.0.0", + "lru-cache": "^6.0.0", + "make-fetch-happen": "^8.0.9", + "minipass": "^3.1.3", + "minipass-fetch": "^1.3.0", + "minipass-json-stream": "^1.0.1", + "minizlib": "^2.0.0", + "npm-package-arg": "^8.0.0" + }, + "engines": { + "node": ">=10" + } + }, "node_modules/libnpmversion": { "version": "1.0.6", "resolved": "https://registry.npmjs.org/libnpmversion/-/libnpmversion-1.0.6.tgz", @@ -4376,10 +4471,30 @@ "node": ">=10" } }, - "node_modules/npm-registry-fetch": { + "node_modules/npm-profile/node_modules/npm-registry-fetch": { "version": "8.1.5", + "resolved": "https://registry.npmjs.org/npm-registry-fetch/-/npm-registry-fetch-8.1.5.tgz", + "integrity": "sha512-yZPNoJK9clx1jhSXU54kU6Aj1SV2p7mXUs1W/6OjQvek3wb1RrjDCrt4iY1+VX9eBQvvSGEpzNmYkRUaTL8rqg==", + "inBundle": true, + "dependencies": { + "@npmcli/ci-detect": "^1.0.0", + "lru-cache": "^6.0.0", + "make-fetch-happen": "^8.0.9", + "minipass": "^3.1.3", + "minipass-fetch": "^1.3.0", + "minipass-json-stream": "^1.0.1", + "minizlib": "^2.0.0", + "npm-package-arg": "^8.0.0" + }, + "engines": { + "node": ">=10" + } + }, + "node_modules/npm-registry-fetch": { + "version": "9.0.0", + "resolved": "https://registry.npmjs.org/npm-registry-fetch/-/npm-registry-fetch-9.0.0.tgz", + "integrity": "sha512-PuFYYtnQ8IyVl6ib9d3PepeehcUeHN9IO5N/iCRhyg9tStQcqGQBRVHmfmMWPDERU3KwZoHFvbJ4FPXPspvzbA==", "inBundle": true, - "license": "ISC", "dependencies": { "@npmcli/ci-detect": "^1.0.0", "lru-cache": "^6.0.0", @@ -4791,6 +4906,25 @@ "node": ">=10" } }, + "node_modules/pacote/node_modules/npm-registry-fetch": { + "version": "8.1.5", + "resolved": "https://registry.npmjs.org/npm-registry-fetch/-/npm-registry-fetch-8.1.5.tgz", + "integrity": "sha512-yZPNoJK9clx1jhSXU54kU6Aj1SV2p7mXUs1W/6OjQvek3wb1RrjDCrt4iY1+VX9eBQvvSGEpzNmYkRUaTL8rqg==", + "inBundle": true, + "dependencies": { + "@npmcli/ci-detect": "^1.0.0", + "lru-cache": "^6.0.0", + "make-fetch-happen": "^8.0.9", + "minipass": "^3.1.3", + "minipass-fetch": "^1.3.0", + "minipass-json-stream": "^1.0.1", + "minizlib": "^2.0.0", + "npm-package-arg": "^8.0.0" + }, + "engines": { + "node": ">=10" + } + }, "node_modules/parent-module": { "version": "1.0.1", "resolved": "https://registry.npmjs.org/parent-module/-/parent-module-1.0.1.tgz", @@ -11425,6 +11559,23 @@ "minipass": "^3.1.1", "npm-package-arg": "^8.0.0", "npm-registry-fetch": "^8.0.0" + }, + "dependencies": { + "npm-registry-fetch": { + "version": "8.1.5", + "resolved": "https://registry.npmjs.org/npm-registry-fetch/-/npm-registry-fetch-8.1.5.tgz", + "integrity": "sha512-yZPNoJK9clx1jhSXU54kU6Aj1SV2p7mXUs1W/6OjQvek3wb1RrjDCrt4iY1+VX9eBQvvSGEpzNmYkRUaTL8rqg==", + "requires": { + "@npmcli/ci-detect": "^1.0.0", + "lru-cache": "^6.0.0", + "make-fetch-happen": "^8.0.9", + "minipass": "^3.1.3", + "minipass-fetch": "^1.3.0", + "minipass-json-stream": "^1.0.1", + "minizlib": "^2.0.0", + "npm-package-arg": "^8.0.0" + } + } } }, "libnpmfund": { @@ -11438,6 +11589,23 @@ "requires": { "aproba": "^2.0.0", "npm-registry-fetch": "^8.0.0" + }, + "dependencies": { + "npm-registry-fetch": { + "version": "8.1.5", + "resolved": "https://registry.npmjs.org/npm-registry-fetch/-/npm-registry-fetch-8.1.5.tgz", + "integrity": "sha512-yZPNoJK9clx1jhSXU54kU6Aj1SV2p7mXUs1W/6OjQvek3wb1RrjDCrt4iY1+VX9eBQvvSGEpzNmYkRUaTL8rqg==", + "requires": { + "@npmcli/ci-detect": "^1.0.0", + "lru-cache": "^6.0.0", + "make-fetch-happen": "^8.0.9", + "minipass": "^3.1.3", + "minipass-fetch": "^1.3.0", + "minipass-json-stream": "^1.0.1", + "minizlib": "^2.0.0", + "npm-package-arg": "^8.0.0" + } + } } }, "libnpmorg": { @@ -11445,6 +11613,23 @@ "requires": { "aproba": "^2.0.0", "npm-registry-fetch": "^8.0.0" + }, + "dependencies": { + "npm-registry-fetch": { + "version": "8.1.5", + "resolved": "https://registry.npmjs.org/npm-registry-fetch/-/npm-registry-fetch-8.1.5.tgz", + "integrity": "sha512-yZPNoJK9clx1jhSXU54kU6Aj1SV2p7mXUs1W/6OjQvek3wb1RrjDCrt4iY1+VX9eBQvvSGEpzNmYkRUaTL8rqg==", + "requires": { + "@npmcli/ci-detect": "^1.0.0", + "lru-cache": "^6.0.0", + "make-fetch-happen": "^8.0.9", + "minipass": "^3.1.3", + "minipass-fetch": "^1.3.0", + "minipass-json-stream": "^1.0.1", + "minizlib": "^2.0.0", + "npm-package-arg": "^8.0.0" + } + } } }, "libnpmpack": { @@ -11471,6 +11656,23 @@ "version": "3.0.0", "requires": { "npm-registry-fetch": "^8.0.0" + }, + "dependencies": { + "npm-registry-fetch": { + "version": "8.1.5", + "resolved": "https://registry.npmjs.org/npm-registry-fetch/-/npm-registry-fetch-8.1.5.tgz", + "integrity": "sha512-yZPNoJK9clx1jhSXU54kU6Aj1SV2p7mXUs1W/6OjQvek3wb1RrjDCrt4iY1+VX9eBQvvSGEpzNmYkRUaTL8rqg==", + "requires": { + "@npmcli/ci-detect": "^1.0.0", + "lru-cache": "^6.0.0", + "make-fetch-happen": "^8.0.9", + "minipass": "^3.1.3", + "minipass-fetch": "^1.3.0", + "minipass-json-stream": "^1.0.1", + "minizlib": "^2.0.0", + "npm-package-arg": "^8.0.0" + } + } } }, "libnpmteam": { @@ -11478,6 +11680,23 @@ "requires": { "aproba": "^2.0.0", "npm-registry-fetch": "^8.0.0" + }, + "dependencies": { + "npm-registry-fetch": { + "version": "8.1.5", + "resolved": "https://registry.npmjs.org/npm-registry-fetch/-/npm-registry-fetch-8.1.5.tgz", + "integrity": "sha512-yZPNoJK9clx1jhSXU54kU6Aj1SV2p7mXUs1W/6OjQvek3wb1RrjDCrt4iY1+VX9eBQvvSGEpzNmYkRUaTL8rqg==", + "requires": { + "@npmcli/ci-detect": "^1.0.0", + "lru-cache": "^6.0.0", + "make-fetch-happen": "^8.0.9", + "minipass": "^3.1.3", + "minipass-fetch": "^1.3.0", + "minipass-json-stream": "^1.0.1", + "minizlib": "^2.0.0", + "npm-package-arg": "^8.0.0" + } + } } }, "libnpmversion": { @@ -11886,10 +12105,29 @@ "version": "5.0.1", "requires": { "npm-registry-fetch": "^8.0.0" + }, + "dependencies": { + "npm-registry-fetch": { + "version": "8.1.5", + "resolved": "https://registry.npmjs.org/npm-registry-fetch/-/npm-registry-fetch-8.1.5.tgz", + "integrity": "sha512-yZPNoJK9clx1jhSXU54kU6Aj1SV2p7mXUs1W/6OjQvek3wb1RrjDCrt4iY1+VX9eBQvvSGEpzNmYkRUaTL8rqg==", + "requires": { + "@npmcli/ci-detect": "^1.0.0", + "lru-cache": "^6.0.0", + "make-fetch-happen": "^8.0.9", + "minipass": "^3.1.3", + "minipass-fetch": "^1.3.0", + "minipass-json-stream": "^1.0.1", + "minizlib": "^2.0.0", + "npm-package-arg": "^8.0.0" + } + } } }, "npm-registry-fetch": { - "version": "8.1.5", + "version": "9.0.0", + "resolved": "https://registry.npmjs.org/npm-registry-fetch/-/npm-registry-fetch-9.0.0.tgz", + "integrity": "sha512-PuFYYtnQ8IyVl6ib9d3PepeehcUeHN9IO5N/iCRhyg9tStQcqGQBRVHmfmMWPDERU3KwZoHFvbJ4FPXPspvzbA==", "requires": { "@npmcli/ci-detect": "^1.0.0", "lru-cache": "^6.0.0", @@ -12185,6 +12423,23 @@ "rimraf": "^3.0.2", "ssri": "^8.0.0", "tar": "^6.0.1" + }, + "dependencies": { + "npm-registry-fetch": { + "version": "8.1.5", + "resolved": "https://registry.npmjs.org/npm-registry-fetch/-/npm-registry-fetch-8.1.5.tgz", + "integrity": "sha512-yZPNoJK9clx1jhSXU54kU6Aj1SV2p7mXUs1W/6OjQvek3wb1RrjDCrt4iY1+VX9eBQvvSGEpzNmYkRUaTL8rqg==", + "requires": { + "@npmcli/ci-detect": "^1.0.0", + "lru-cache": "^6.0.0", + "make-fetch-happen": "^8.0.9", + "minipass": "^3.1.3", + "minipass-fetch": "^1.3.0", + "minipass-json-stream": "^1.0.1", + "minizlib": "^2.0.0", + "npm-package-arg": "^8.0.0" + } + } } }, "parent-module": { diff --git a/package.json b/package.json index 39b55eaa6f08f..2cdef0d53510e 100644 --- a/package.json +++ b/package.json @@ -88,7 +88,7 @@ "npm-package-arg": "^8.1.0", "npm-pick-manifest": "^6.1.0", "npm-profile": "^5.0.1", - "npm-registry-fetch": "^8.1.4", + "npm-registry-fetch": "^9.0.0", "npm-user-validate": "^1.0.1", "npmlog": "~4.1.2", "opener": "^1.5.2", From a1f9be8a7f9b7a3a813fc3e5e705bc982470b0e2 Mon Sep 17 00:00:00 2001 From: isaacs Date: Tue, 27 Oct 2020 15:25:20 -0700 Subject: [PATCH 07/21] Support publishing any kind of spec, not just directories Credit: @isaacs Close: #2074 Reviewed-by: @nlf --- lib/publish.js | 67 ++++++----- node_modules/@npmcli/config/lib/set-envs.js | 3 +- test/lib/publish.js | 122 ++++++++++++++++---- 3 files changed, 140 insertions(+), 52 deletions(-) diff --git a/lib/publish.js b/lib/publish.js index 78f6507a02dd0..da58134f7c250 100644 --- a/lib/publish.js +++ b/lib/publish.js @@ -6,6 +6,8 @@ const semver = require('semver') const pack = require('libnpmpack') const libpub = require('libnpmpublish').publish const runScript = require('@npmcli/run-script') +const pacote = require('pacote') +const npa = require('npm-package-arg') const npm = require('./npm.js') const output = require('./utils/output.js') @@ -49,6 +51,12 @@ const publish = async args => { return tarball } +// if it's a directory, read it from the file system +// otherwise, get the full metadata from whatever it is +const getManifest = (spec, opts) => + spec.type === 'directory' ? readJson(`${spec.fetchSpec}/package.json`) + : pacote.manifest(spec, { ...opts, fullMetadata: true }) + // for historical reasons, publishConfig in package.json can contain // ANY config keys that npm supports in .npmrc files and elsewhere. // We *may* want to revisit this at some point, and have a minimal set @@ -61,22 +69,29 @@ const publishConfigToOpts = publishConfig => const publish_ = async (arg, opts) => { const { unicode, dryRun, json } = opts - const manifest = await readJson(`${arg}/package.json`) + // you can publish name@version, ./foo.tgz, etc. + // even though the default is the 'file:.' cwd. + const spec = npa(arg) + const manifest = await getManifest(spec, opts) if (manifest.publishConfig) Object.assign(opts, publishConfigToOpts(manifest.publishConfig)) - // prepublishOnly - await runScript({ - event: 'prepublishOnly', - path: arg, - stdio: 'inherit', - pkg: manifest, - }) + // only run scripts for directory type publishes + if (spec.type === 'directory') { + await runScript({ + event: 'prepublishOnly', + path: spec.fetchSpec, + stdio: 'inherit', + pkg: manifest, + }) + } - const tarballData = await pack(arg, opts) + const tarballData = await pack(spec, opts) const pkgContents = await getContents(manifest, tarballData) + // note that logTar calls npmlog.notice(), so if we ARE in silent mode, + // this will do nothing, but we still want it in the debuglog if it fails. if (!json) logTar(pkgContents, { log, unicode }) @@ -84,27 +99,27 @@ const publish_ = async (arg, opts) => { // The purpose of re-reading the manifest is in case it changed, // so that we send the latest and greatest thing to the registry // note that publishConfig might have changed as well! - const manifest = await readJson(`${arg}/package.json`, opts) + const manifest = await getManifest(spec, opts) if (manifest.publishConfig) Object.assign(opts, publishConfigToOpts(manifest.publishConfig)) - await otplease(opts, opts => libpub(arg, manifest, opts)) + await otplease(opts, opts => libpub(manifest, tarballData, opts)) } - // publish - await runScript({ - event: 'publish', - path: arg, - stdio: 'inherit', - pkg: manifest, - }) - - // postpublish - await runScript({ - event: 'postpublish', - path: arg, - stdio: 'inherit', - pkg: manifest, - }) + if (spec.type === 'directory') { + await runScript({ + event: 'publish', + path: spec.fetchSpec, + stdio: 'inherit', + pkg: manifest, + }) + + await runScript({ + event: 'postpublish', + path: spec.fetchSpec, + stdio: 'inherit', + pkg: manifest, + }) + } return pkgContents } diff --git a/node_modules/@npmcli/config/lib/set-envs.js b/node_modules/@npmcli/config/lib/set-envs.js index d41b044ed9298..b1b1db35c5a86 100644 --- a/node_modules/@npmcli/config/lib/set-envs.js +++ b/node_modules/@npmcli/config/lib/set-envs.js @@ -92,7 +92,8 @@ const setEnvs = (config) => { if (cliConf['node-options']) env.NODE_OPTIONS = cliConf['node-options'] - env.npm_execpath = require.main.filename + if (require.main && require.main.filename) + env.npm_execpath = require.main.filename env.npm_node_execpath = config.execPath } diff --git a/test/lib/publish.js b/test/lib/publish.js index 65fb91ae895d7..14e2179816394 100644 --- a/test/lib/publish.js +++ b/test/lib/publish.js @@ -7,6 +7,8 @@ const config = { list: [defaults] } const fs = require('fs') t.test('should publish with libnpmpublish, respecting publishConfig', (t) => { + t.plan(5) + const publishConfig = { registry: 'https://some.registry' } const testDir = t.testdir({ 'package.json': JSON.stringify({ @@ -41,15 +43,14 @@ t.test('should publish with libnpmpublish, respecting publishConfig', (t) => { name: 'my-cool-pkg', version: '1.0.0', })) - return '' + return Buffer.from('') }, libnpmpublish: { - publish: (arg, manifest, opts) => { - t.ok(arg, 'gets path') - t.ok(manifest, 'gets manifest') + publish: (manifest, tarData, opts) => { + t.match(manifest, { name: 'my-cool-pkg', version: '1.0.0' }, 'gets manifest') + t.isa(tarData, Buffer, 'tarData is a buffer') t.ok(opts, 'gets opts object') t.same(opts.registry, publishConfig.registry, 'publishConfig is passed through') - t.ok(true, 'libnpmpublish is called') }, }, }) @@ -57,11 +58,12 @@ t.test('should publish with libnpmpublish, respecting publishConfig', (t) => { publish([testDir], (er) => { if (er) throw er - t.end() + t.pass('got to callback') }) }) t.test('re-loads publishConfig if added during script process', (t) => { + t.plan(5) const publishConfig = { registry: 'https://some.registry' } const testDir = t.testdir({ 'package.json': JSON.stringify({ @@ -94,15 +96,14 @@ t.test('re-loads publishConfig if added during script process', (t) => { version: '1.0.0', publishConfig, })) - return '' + return Buffer.from('') }, libnpmpublish: { - publish: (arg, manifest, opts) => { - t.ok(arg, 'gets path') - t.ok(manifest, 'gets manifest') + publish: (manifest, tarData, opts) => { + t.match(manifest, { name: 'my-cool-pkg', version: '1.0.0' }, 'gets manifest') + t.isa(tarData, Buffer, 'tarData is a buffer') t.ok(opts, 'gets opts object') t.same(opts.registry, publishConfig.registry, 'publishConfig is passed through') - t.ok(true, 'libnpmpublish is called') }, }, }) @@ -110,11 +111,13 @@ t.test('re-loads publishConfig if added during script process', (t) => { publish([testDir], (er) => { if (er) throw er - t.end() + t.pass('got to callback') }) }) t.test('should not log if silent', (t) => { + t.plan(2) + const testDir = t.testdir({ 'package.json': JSON.stringify({ name: 'my-cool-pkg', @@ -133,29 +136,38 @@ t.test('should not log if silent', (t) => { }, '../../lib/utils/tar.js': { getContents: () => ({}), - logTar: () => {}, + logTar: () => { + t.pass('called logTar (but nothing actually printed)') + }, }, '../../lib/utils/otplease.js': (opts, fn) => { return Promise.resolve().then(() => fn(opts)) }, + '../../lib/utils/output.js': () => { + throw new Error('should not output in silent mode') + }, npmlog: { verbose: () => {}, + notice: () => {}, level: 'silent', }, libnpmpack: async () => '', libnpmpublish: { - publish: () => {}, + publish: (manifest, tarData, opts) => { + throw new Error('should not call libnpmpublish!') + }, }, }) publish([testDir], (er) => { if (er) throw er - t.end() + t.pass('got to callback') }) }) t.test('should log tarball contents', (t) => { + t.plan(3) const testDir = t.testdir({ 'package.json': JSON.stringify({ name: 'my-cool-pkg', @@ -177,29 +189,32 @@ t.test('should log tarball contents', (t) => { id: 'someid', }), logTar: () => { - t.ok(true, 'logTar is called') + t.pass('logTar is called') }, }, '../../lib/utils/output.js': () => { - t.ok(true, 'output fn is called') + t.pass('output fn is called') }, '../../lib/utils/otplease.js': (opts, fn) => { return Promise.resolve().then(() => fn(opts)) }, libnpmpack: async () => '', libnpmpublish: { - publish: () => {}, + publish: () => { + throw new Error('should not call libnpmpublish!') + }, }, }) publish([testDir], (er) => { if (er) throw er - t.end() + t.pass('got to callback') }) }) t.test('shows usage with wrong set of arguments', (t) => { + t.plan(1) const publish = requireInject('../../lib/publish.js', { '../../lib/npm.js': { flatOptions: { @@ -210,13 +225,11 @@ t.test('shows usage with wrong set of arguments', (t) => { }, }) - publish(['a', 'b', 'c'], (er) => { - t.matchSnapshot(er, 'should print usage') - t.end() - }) + publish(['a', 'b', 'c'], (er) => t.matchSnapshot(er, 'should print usage')) }) t.test('throws when invalid tag', (t) => { + t.plan(1) const publish = requireInject('../../lib/publish.js', { '../../lib/npm.js': { flatOptions: { @@ -228,7 +241,66 @@ t.test('throws when invalid tag', (t) => { }) publish([], (err) => { - t.ok(err, 'throws when tag name is a valid SemVer range') - t.end() + t.match(err, { + message: /Tag name must not be a valid SemVer range: /, + }, 'throws when tag name is a valid SemVer range') + }) +}) + +t.test('can publish a tarball', t => { + t.plan(3) + const testDir = t.testdir({ + package: { + 'package.json': JSON.stringify({ + name: 'my-cool-tarball', + version: '1.2.3', + }), + }, + }) + const tar = require('tar') + tar.c({ + cwd: testDir, + file: `${testDir}/package.tgz`, + sync: true, + }, ['package']) + + // no cheating! read it from the tarball. + fs.unlinkSync(`${testDir}/package/package.json`) + fs.rmdirSync(`${testDir}/package`) + + const tarFile = fs.readFileSync(`${testDir}/package.tgz`) + const publish = requireInject('../../lib/publish.js', { + '../../lib/npm.js': { + flatOptions: { + json: true, + defaultTag: 'latest', + }, + config, + }, + '../../lib/utils/tar.js': { + getContents: () => ({ + id: 'someid', + }), + logTar: () => {}, + }, + '../../lib/utils/output.js': () => {}, + '../../lib/utils/otplease.js': (opts, fn) => { + return Promise.resolve().then(() => fn(opts)) + }, + libnpmpublish: { + publish: (manifest, tarData, opts) => { + t.match(manifest, { + name: 'my-cool-tarball', + version: '1.2.3', + }, 'sent manifest to lib pub') + t.strictSame(tarData, tarFile, 'sent the tarball data to lib pub') + }, + }, + }) + + publish([`${testDir}/package.tgz`], (er) => { + if (er) + throw er + t.pass('got to callback') }) }) From 823b40a4e9c6ef76388af6fe01a3624f6f7675be Mon Sep 17 00:00:00 2001 From: isaacs Date: Tue, 3 Nov 2020 13:05:18 -0800 Subject: [PATCH 08/21] pacote@11.1.12 --- node_modules/pacote/README.md | 16 +- .../npm-registry-fetch/CHANGELOG.md | 384 ----------- .../npm-registry-fetch/LICENSE.md | 16 - .../node_modules/npm-registry-fetch/README.md | 635 ------------------ .../node_modules/npm-registry-fetch/auth.js | 55 -- .../npm-registry-fetch/check-response.js | 128 ---- .../npm-registry-fetch/default-opts.js | 22 - .../node_modules/npm-registry-fetch/errors.js | 79 --- .../node_modules/npm-registry-fetch/index.js | 219 ------ .../npm-registry-fetch/package.json | 59 -- .../npm-registry-fetch/silentlog.js | 14 - node_modules/pacote/package.json | 10 +- package-lock.json | 51 +- package.json | 2 +- 14 files changed, 29 insertions(+), 1661 deletions(-) delete mode 100644 node_modules/pacote/node_modules/npm-registry-fetch/CHANGELOG.md delete mode 100644 node_modules/pacote/node_modules/npm-registry-fetch/LICENSE.md delete mode 100644 node_modules/pacote/node_modules/npm-registry-fetch/README.md delete mode 100644 node_modules/pacote/node_modules/npm-registry-fetch/auth.js delete mode 100644 node_modules/pacote/node_modules/npm-registry-fetch/check-response.js delete mode 100644 node_modules/pacote/node_modules/npm-registry-fetch/default-opts.js delete mode 100644 node_modules/pacote/node_modules/npm-registry-fetch/errors.js delete mode 100644 node_modules/pacote/node_modules/npm-registry-fetch/index.js delete mode 100644 node_modules/pacote/node_modules/npm-registry-fetch/package.json delete mode 100644 node_modules/pacote/node_modules/npm-registry-fetch/silentlog.js diff --git a/node_modules/pacote/README.md b/node_modules/pacote/README.md index 49dbde6a92912..81cd437efcd99 100644 --- a/node_modules/pacote/README.md +++ b/node_modules/pacote/README.md @@ -1,6 +1,6 @@ # pacote -JavaScript Package Handler +Fetches package manifests and tarballs from the npm registry. ## USAGE @@ -21,10 +21,20 @@ pacote.tarball('https://server.com/package.tgz').then(data => { }) ``` -Anything that you can do to with kind of package, you can do to any kind of -package. Data that isn't relevant (like a packument for a tarball) will be +`pacote` works with any kind of package specifier that npm can install. If +you can pass it to the npm CLI, you can pass it to pacote. (In fact, that's +exactly what the npm CLI does.) + +Anything that you can do with one kind of package, you can do with another. + +Data that isn't relevant (like a packument for a tarball) will be simulated. +`prepare` scripts will be run when generating tarballs from `git` and +`directory` locations, to simulate what _would_ be published to the +registry, so that you get a working package instead of just raw source +code that might need to be transpiled. + ## CLI This module exports a command line interface that can do most of what is diff --git a/node_modules/pacote/node_modules/npm-registry-fetch/CHANGELOG.md b/node_modules/pacote/node_modules/npm-registry-fetch/CHANGELOG.md deleted file mode 100644 index fc26ee1bda4ba..0000000000000 --- a/node_modules/pacote/node_modules/npm-registry-fetch/CHANGELOG.md +++ /dev/null @@ -1,384 +0,0 @@ -# Changelog - -All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines. - -### [8.1.5](https://github.com/npm/registry-fetch/compare/v8.1.4...v8.1.5) (2020-10-12) - - -### Bug Fixes - -* respect publishConfig.registry when specified ([32e36ef](https://github.com/npm/registry-fetch/commit/32e36efe86302ed319973cd5b1e6ccc3f62e557e)), closes [#35](https://github.com/npm/registry-fetch/issues/35) - -### [8.1.4](https://github.com/npm/registry-fetch/compare/v8.1.3...v8.1.4) (2020-08-17) - - -### Bug Fixes - -* redact passwords from http logs ([3c294eb](https://github.com/npm/registry-fetch/commit/3c294ebbd7821725db4ff1bc5fe368c49613efcc)) - -### [8.1.3](https://github.com/npm/registry-fetch/compare/v8.1.2...v8.1.3) (2020-07-21) - -### [8.1.2](https://github.com/npm/registry-fetch/compare/v8.1.1...v8.1.2) (2020-07-11) - -### [8.1.1](https://github.com/npm/registry-fetch/compare/v8.1.0...v8.1.1) (2020-06-30) - -## [8.1.0](https://github.com/npm/registry-fetch/compare/v8.0.3...v8.1.0) (2020-05-20) - - -### Features - -* add npm-command HTTP header ([1bb4eb2](https://github.com/npm/registry-fetch/commit/1bb4eb2c66ee8a0dc62558bdcff1b548e2bb9820)) - -### [8.0.3](https://github.com/npm/registry-fetch/compare/v8.0.2...v8.0.3) (2020-05-13) - - -### Bug Fixes - -* update minipass and make-fetch-happen to latest ([3b6c5d0](https://github.com/npm/registry-fetch/commit/3b6c5d0d8ccd4c4a97862a65acef956f19aec127)), closes [#23](https://github.com/npm/registry-fetch/issues/23) - -### [8.0.2](https://github.com/npm/registry-fetch/compare/v8.0.1...v8.0.2) (2020-05-04) - - -### Bug Fixes - -* update make-fetch-happen to 8.0.6 ([226df2c](https://github.com/npm/registry-fetch/commit/226df2c32e3f9ed8ceefcfdbd11efb178181b442)) - -## [8.0.0](https://github.com/npm/registry-fetch/compare/v7.0.1...v8.0.0) (2020-02-24) - - -### ⚠ BREAKING CHANGES - -* Removes the 'opts.refer' option and the HTTP Referer -header (unless explicitly added to the 'headers' option, of course). - -PR-URL: https://github.com/npm/npm-registry-fetch/pull/25 -Credit: @isaacs - -### Bug Fixes - -* remove referer header and opts.refer ([eb8f7af](https://github.com/npm/registry-fetch/commit/eb8f7af3c102834856604c1be664b00ca0fe8ef2)), closes [#25](https://github.com/npm/registry-fetch/issues/25) - -### [7.0.1](https://github.com/npm/registry-fetch/compare/v7.0.0...v7.0.1) (2020-02-24) - -## [7.0.0](https://github.com/npm/registry-fetch/compare/v6.0.2...v7.0.0) (2020-02-18) - - -### ⚠ BREAKING CHANGES - -* figgy pudding is now nowhere to be found. -* this removes figgy-pudding, and drops several option -aliases. - -Defaults and behavior are all the same, and this module is now using the -canonical camelCase option names that npm v7 will provide to all its -deps. - -Related to: https://github.com/npm/rfcs/pull/102 - -PR-URL: https://github.com/npm/npm-registry-fetch/pull/22 -Credit: @isaacs - -### Bug Fixes - -* Remove figgy-pudding, use canonical option names ([ede3c08](https://github.com/npm/registry-fetch/commit/ede3c087007fd1808e02b1af70562220d03b18a9)), closes [#22](https://github.com/npm/registry-fetch/issues/22) - - -* update cacache, ssri, make-fetch-happen ([57fcc88](https://github.com/npm/registry-fetch/commit/57fcc889bee03edcc0a2025d96a171039108c231)) - -### [6.0.2](https://github.com/npm/registry-fetch/compare/v6.0.1...v6.0.2) (2020-02-14) - - -### Bug Fixes - -* always bypass cache when ?write=true ([83f89f3](https://github.com/npm/registry-fetch/commit/83f89f35abd2ed0507c869e37f90ed746375772c)) - -### [6.0.1](https://github.com/npm/registry-fetch/compare/v6.0.0...v6.0.1) (2020-02-14) - - -### Bug Fixes - -* use 30s default for timeout as per README ([50e8afc](https://github.com/npm/registry-fetch/commit/50e8afc6ff850542feb588f9f9c64ebae59e72a0)), closes [#20](https://github.com/npm/registry-fetch/issues/20) - -## [6.0.0](https://github.com/npm/registry-fetch/compare/v5.0.1...v6.0.0) (2019-12-17) - - -### ⚠ BREAKING CHANGES - -* This drops support for node < 10. - -There are some lint failures due to standard pushing for using WhatWG URL -objects instead of url.parse/url.resolve. However, the code in this lib -does some fancy things with the query/search portions of the parsed url -object, so it'll take a bit of care to make it work properly. - -### Bug Fixes - -* detect CI so our tests don't fail in CI ([5813da6](https://github.com/npm/registry-fetch/commit/5813da634cef73b12e40373972d7937e6934fce0)) -* Use WhatWG URLs instead of url.parse ([8ccfa8a](https://github.com/npm/registry-fetch/commit/8ccfa8a72c38cfedb0f525b7f453644fd4444f99)) - - -* normalize settings, drop old nodes, update deps ([510b125](https://github.com/npm/registry-fetch/commit/510b1255cc7ed4bb397a34e0007757dae33e2275)) - - -## [5.0.1](https://github.com/npm/registry-fetch/compare/v5.0.0...v5.0.1) (2019-11-11) - - - - -# [5.0.0](https://github.com/npm/registry-fetch/compare/v4.0.2...v5.0.0) (2019-10-04) - - -### Bug Fixes - -* prefer const in getAuth function ([90ac7b1](https://github.com/npm/registry-fetch/commit/90ac7b1)) -* use minizlib instead of core zlib ([e64702e](https://github.com/npm/registry-fetch/commit/e64702e)) - - -### Features - -* refactor to use Minipass streams ([bb37f20](https://github.com/npm/registry-fetch/commit/bb37f20)) - - -### BREAKING CHANGES - -* this replaces all core streams (except for some -PassThrough streams in a few tests) with Minipass streams, and updates -all deps to the latest and greatest Minipass versions of things. - - - - -## [4.0.2](https://github.com/npm/registry-fetch/compare/v4.0.0...v4.0.2) (2019-10-04) - - -### Bug Fixes - -* Add null check on body on 401 errors ([e3a0186](https://github.com/npm/registry-fetch/commit/e3a0186)), closes [#9](https://github.com/npm/registry-fetch/issues/9) -* **deps:** Add explicit dependency on safe-buffer ([8eae5f0](https://github.com/npm/registry-fetch/commit/8eae5f0)), closes [npm/libnpmaccess#2](https://github.com/npm/libnpmaccess/issues/2) [#3](https://github.com/npm/registry-fetch/issues/3) - - - - -# [4.0.0](https://github.com/npm/registry-fetch/compare/v3.9.1...v4.0.0) (2019-07-15) - - -* cacache@12.0.0, infer uid from cache folder ([0c4f060](https://github.com/npm/registry-fetch/commit/0c4f060)) - - -### BREAKING CHANGES - -* uid and gid are inferred from cache folder, rather than -being passed in as options. - - - - -## [3.9.1](https://github.com/npm/registry-fetch/compare/v3.9.0...v3.9.1) (2019-07-02) - - - - -# [3.9.0](https://github.com/npm/registry-fetch/compare/v3.8.0...v3.9.0) (2019-01-24) - - -### Features - -* **auth:** support username:password encoded legacy _auth ([a91f90c](https://github.com/npm/registry-fetch/commit/a91f90c)) - - - - -# [3.8.0](https://github.com/npm/registry-fetch/compare/v3.7.0...v3.8.0) (2018-08-23) - - -### Features - -* **mapJson:** add support for passing in json stream mapper ([0600986](https://github.com/npm/registry-fetch/commit/0600986)) - - - - -# [3.7.0](https://github.com/npm/registry-fetch/compare/v3.6.0...v3.7.0) (2018-08-23) - - -### Features - -* **json.stream:** add utility function for streamed JSON parsing ([051d969](https://github.com/npm/registry-fetch/commit/051d969)) - - - - -# [3.6.0](https://github.com/npm/registry-fetch/compare/v3.5.0...v3.6.0) (2018-08-22) - - -### Bug Fixes - -* **docs:** document opts.forceAuth ([40bcd65](https://github.com/npm/registry-fetch/commit/40bcd65)) - - -### Features - -* **opts.ignoreBody:** add a boolean to throw away response bodies ([6923702](https://github.com/npm/registry-fetch/commit/6923702)) - - - - -# [3.5.0](https://github.com/npm/registry-fetch/compare/v3.4.0...v3.5.0) (2018-08-22) - - -### Features - -* **pkgid:** heuristic pkgid calculation for errors ([2e789a5](https://github.com/npm/registry-fetch/commit/2e789a5)) - - - - -# [3.4.0](https://github.com/npm/registry-fetch/compare/v3.3.0...v3.4.0) (2018-08-22) - - -### Bug Fixes - -* **deps:** use new figgy-pudding with aliases fix ([0308f54](https://github.com/npm/registry-fetch/commit/0308f54)) - - -### Features - -* **auth:** add forceAuth option to force a specific auth mechanism ([4524d17](https://github.com/npm/registry-fetch/commit/4524d17)) - - - - -# [3.3.0](https://github.com/npm/registry-fetch/compare/v3.2.1...v3.3.0) (2018-08-21) - - -### Bug Fixes - -* **query:** stop including undefined keys ([4718b1b](https://github.com/npm/registry-fetch/commit/4718b1b)) - - -### Features - -* **otp:** use heuristic detection for malformed EOTP responses ([f035194](https://github.com/npm/registry-fetch/commit/f035194)) - - - - -## [3.2.1](https://github.com/npm/registry-fetch/compare/v3.2.0...v3.2.1) (2018-08-16) - - -### Bug Fixes - -* **opts:** pass through non-null opts.retry ([beba040](https://github.com/npm/registry-fetch/commit/beba040)) - - - - -# [3.2.0](https://github.com/npm/registry-fetch/compare/v3.1.1...v3.2.0) (2018-07-27) - - -### Features - -* **gzip:** add opts.gzip convenience opt ([340abe0](https://github.com/npm/registry-fetch/commit/340abe0)) - - - - -## [3.1.1](https://github.com/npm/registry-fetch/compare/v3.1.0...v3.1.1) (2018-04-09) - - - - -# [3.1.0](https://github.com/npm/registry-fetch/compare/v3.0.0...v3.1.0) (2018-04-09) - - -### Features - -* **config:** support no-proxy and https-proxy options ([9aa906b](https://github.com/npm/registry-fetch/commit/9aa906b)) - - - - -# [3.0.0](https://github.com/npm/registry-fetch/compare/v2.1.0...v3.0.0) (2018-04-09) - - -### Bug Fixes - -* **api:** pacote integration-related fixes ([a29de4f](https://github.com/npm/registry-fetch/commit/a29de4f)) -* **config:** stop caring about opts.config ([5856a6f](https://github.com/npm/registry-fetch/commit/5856a6f)) - - -### BREAKING CHANGES - -* **config:** opts.config is no longer supported. Pass the options down in opts itself. - - - - -# [2.1.0](https://github.com/npm/registry-fetch/compare/v2.0.0...v2.1.0) (2018-04-08) - - -### Features - -* **token:** accept opts.token for opts._authToken ([108c9f0](https://github.com/npm/registry-fetch/commit/108c9f0)) - - - - -# [2.0.0](https://github.com/npm/registry-fetch/compare/v1.1.1...v2.0.0) (2018-04-08) - - -### meta - -* drop support for node@4 ([758536e](https://github.com/npm/registry-fetch/commit/758536e)) - - -### BREAKING CHANGES - -* node@4 is no longer supported - - - - -## [1.1.1](https://github.com/npm/registry-fetch/compare/v1.1.0...v1.1.1) (2018-04-06) - - - - -# [1.1.0](https://github.com/npm/registry-fetch/compare/v1.0.1...v1.1.0) (2018-03-16) - - -### Features - -* **specs:** can use opts.spec to trigger pickManifest ([85c4ac9](https://github.com/npm/registry-fetch/commit/85c4ac9)) - - - - -## [1.0.1](https://github.com/npm/registry-fetch/compare/v1.0.0...v1.0.1) (2018-03-16) - - -### Bug Fixes - -* **query:** oops console.log ([870e4f5](https://github.com/npm/registry-fetch/commit/870e4f5)) - - - - -# 1.0.0 (2018-03-16) - - -### Bug Fixes - -* **auth:** get auth working with all the little details ([84b94ba](https://github.com/npm/registry-fetch/commit/84b94ba)) -* **deps:** add bluebird as an actual dep ([1286e31](https://github.com/npm/registry-fetch/commit/1286e31)) -* **errors:** Unknown auth errors use default code ([#1](https://github.com/npm/registry-fetch/issues/1)) ([3d91b93](https://github.com/npm/registry-fetch/commit/3d91b93)) -* **standard:** remove args from invocation ([9620a0a](https://github.com/npm/registry-fetch/commit/9620a0a)) - - -### Features - -* **api:** baseline kinda-working API impl ([bf91f9f](https://github.com/npm/registry-fetch/commit/bf91f9f)) -* **body:** automatic handling of different opts.body values ([f3b97db](https://github.com/npm/registry-fetch/commit/f3b97db)) -* **config:** nicer input config input handling ([b9ce21d](https://github.com/npm/registry-fetch/commit/b9ce21d)) -* **opts:** use figgy-pudding for opts handling ([0abd527](https://github.com/npm/registry-fetch/commit/0abd527)) -* **query:** add query utility support ([65ea8b1](https://github.com/npm/registry-fetch/commit/65ea8b1)) diff --git a/node_modules/pacote/node_modules/npm-registry-fetch/LICENSE.md b/node_modules/pacote/node_modules/npm-registry-fetch/LICENSE.md deleted file mode 100644 index 8d28acf866d93..0000000000000 --- a/node_modules/pacote/node_modules/npm-registry-fetch/LICENSE.md +++ /dev/null @@ -1,16 +0,0 @@ -ISC License - -Copyright (c) npm, Inc. - -Permission to use, copy, modify, and/or distribute this software for -any purpose with or without fee is hereby granted, provided that the -above copyright notice and this permission notice appear in all copies. - -THE SOFTWARE IS PROVIDED "AS IS" AND THE COPYRIGHT HOLDER DISCLAIMS -ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED -WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE -COPYRIGHT HOLDER BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR -CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS -OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE -OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE -USE OR PERFORMANCE OF THIS SOFTWARE. diff --git a/node_modules/pacote/node_modules/npm-registry-fetch/README.md b/node_modules/pacote/node_modules/npm-registry-fetch/README.md deleted file mode 100644 index e660940e30dc4..0000000000000 --- a/node_modules/pacote/node_modules/npm-registry-fetch/README.md +++ /dev/null @@ -1,635 +0,0 @@ -# npm-registry-fetch - -[![npm version](https://img.shields.io/npm/v/npm-registry-fetch.svg)](https://npm.im/npm-registry-fetch) -[![license](https://img.shields.io/npm/l/npm-registry-fetch.svg)](https://npm.im/npm-registry-fetch) -[![Travis](https://img.shields.io/travis/npm/npm-registry-fetch/latest.svg)](https://travis-ci.org/npm/npm-registry-fetch) -[![AppVeyor](https://img.shields.io/appveyor/ci/npm/npm-registry-fetch/latest.svg)](https://ci.appveyor.com/project/npm/npm-registry-fetch) -[![Coverage Status](https://coveralls.io/repos/github/npm/npm-registry-fetch/badge.svg?branch=latest)](https://coveralls.io/github/npm/npm-registry-fetch?branch=latest) - -[`npm-registry-fetch`](https://github.com/npm/npm-registry-fetch) is a Node.js -library that implements a `fetch`-like API for accessing npm registry APIs -consistently. It's able to consume npm-style configuration values and has all -the necessary logic for picking registries, handling scopes, and dealing with -authentication details built-in. - -This package is meant to replace the older -[`npm-registry-client`](https://npm.im/npm-registry-client). - -## Example - -```javascript -const npmFetch = require('npm-registry-fetch') - -console.log( - await npmFetch.json('/-/ping') -) -``` - -## Table of Contents - -* [Installing](#install) -* [Example](#example) -* [Contributing](#contributing) -* [API](#api) - * [`fetch`](#fetch) - * [`fetch.json`](#fetch-json) - * [`fetch` options](#fetch-opts) - -### Install - -`$ npm install npm-registry-fetch` - -### Contributing - -The npm team enthusiastically welcomes contributions and project participation! -There's a bunch of things you can do if you want to contribute! The [Contributor -Guide](CONTRIBUTING.md) has all the information you need for everything from -reporting bugs to contributing entire new features. Please don't hesitate to -jump in if you'd like to, or even ask us questions if something isn't clear. - -All participants and maintainers in this project are expected to follow [Code of -Conduct](CODE_OF_CONDUCT.md), and just generally be excellent to each other. - -Please refer to the [Changelog](CHANGELOG.md) for project history details, too. - -Happy hacking! - -### API - -#### Caching and `write=true` query strings - -Before performing any PUT or DELETE operation, npm clients first make a -GET request to the registry resource being updated, which includes -the query string `?write=true`. - -The semantics of this are, effectively, "I intend to write to this thing, -and need to know the latest current value, so that my write can land -cleanly". - -The public npm registry handles these `?write=true` requests by ensuring -that the cache is re-validated before sending a response. In order to -maintain the same behavior on the client, and not get tripped up by an -overeager local cache when we intend to write data to the registry, any -request that comes through `npm-registry-fetch` that contains `write=true` -in the query string will forcibly set the `prefer-online` option to `true`, -and set both `prefer-offline` and `offline` to false, so that any local -cached value will be revalidated. - -#### `> fetch(url, [opts]) -> Promise` - -Performs a request to a given URL. - -The URL can be either a full URL, or a path to one. The appropriate registry -will be automatically picked if only a URL path is given. - -For available options, please see the section on [`fetch` options](#fetch-opts). - -##### Example - -```javascript -const res = await fetch('/-/ping') -console.log(res.headers) -res.on('data', d => console.log(d.toString('utf8'))) -``` - -#### `> fetch.json(url, [opts]) -> Promise` - -Performs a request to a given registry URL, parses the body of the response as -JSON, and returns it as its final value. This is a utility shorthand for -`fetch(url).then(res => res.json())`. - -For available options, please see the section on [`fetch` options](#fetch-opts). - -##### Example - -```javascript -const res = await fetch.json('/-/ping') -console.log(res) // Body parsed as JSON -``` - -#### `> fetch.json.stream(url, jsonPath, [opts]) -> Stream` - -Performs a request to a given registry URL and parses the body of the response -as JSON, with each entry being emitted through the stream. - -The `jsonPath` argument is a [`JSONStream.parse()` -path](https://github.com/dominictarr/JSONStream#jsonstreamparsepath), and the -returned stream (unlike default `JSONStream`s), has a valid -`Symbol.asyncIterator` implementation. - -For available options, please see the section on [`fetch` options](#fetch-opts). - -##### Example - -```javascript -console.log('https://npm.im/~zkat has access to the following packages:') -for await (let {key, value} of fetch.json.stream('/-/user/zkat/package', '$*')) { - console.log(`https://npm.im/${key} (perms: ${value})`) -} -``` - -#### `fetch` Options - -Fetch options are optional, and can be passed in as either a Map-like object -(one with a `.get()` method), a plain javascript object, or a -[`figgy-pudding`](https://npm.im/figgy-pudding) instance. - -##### `opts.agent` - -* Type: http.Agent -* Default: an appropriate agent based on URL protocol and proxy settings - -An [`Agent`](https://nodejs.org/api/http.html#http_class_http_agent) instance to -be shared across requests. This allows multiple concurrent `fetch` requests to -happen on the same socket. - -You do _not_ need to provide this option unless you want something particularly -specialized, since proxy configurations and http/https agents are already -automatically managed internally when this option is not passed through. - -##### `opts.body` - -* Type: Buffer | Stream | Object -* Default: null - -Request body to send through the outgoing request. Buffers and Streams will be -passed through as-is, with a default `content-type` of -`application/octet-stream`. Plain JavaScript objects will be `JSON.stringify`ed -and the `content-type` will default to `application/json`. - -Use [`opts.headers`](#opts-headers) to set the content-type to something else. - -##### `opts.ca` - -* Type: String, Array, or null -* Default: null - -The Certificate Authority signing certificate that is trusted for SSL -connections to the registry. Values should be in PEM format (Windows calls it -"Base-64 encoded X.509 (.CER)") with newlines replaced by the string `'\n'`. For -example: - -``` -{ - ca: '-----BEGIN CERTIFICATE-----\nXXXX\nXXXX\n-----END CERTIFICATE-----' -} -``` - -Set to `null` to only allow "known" registrars, or to a specific CA cert -to trust only that specific signing authority. - -Multiple CAs can be trusted by specifying an array of certificates instead of a -single string. - -See also [`opts.strictSSL`](#opts-strictSSL), [`opts.ca`](#opts-ca) and -[`opts.key`](#opts-key) - -##### `opts.cache` - -* Type: path -* Default: null - -The location of the http cache directory. If provided, certain cachable requests -will be cached according to [IETF RFC 7234](https://tools.ietf.org/html/rfc7234) -rules. This will speed up future requests, as well as make the cached data -available offline if necessary/requested. - -See also [`offline`](#opts-offline), [`preferOffline`](#opts-preferOffline), -and [`preferOnline`](#opts-preferOnline). - -##### `opts.cert` - -* Type: String -* Default: null - -A client certificate to pass when accessing the registry. Values should be in -PEM format (Windows calls it "Base-64 encoded X.509 (.CER)") with newlines -replaced by the string `'\n'`. For example: - -``` -{ - cert: '-----BEGIN CERTIFICATE-----\nXXXX\nXXXX\n-----END CERTIFICATE-----' -} -``` - -It is _not_ the path to a certificate file (and there is no "certfile" option). - -See also: [`opts.ca`](#opts-ca) and [`opts.key`](#opts-key) - -##### `opts.fetchRetries` - -* Type: Number -* Default: 2 - -The "retries" config for [`retry`](https://npm.im/retry) to use when fetching -packages from the registry. - -See also [`opts.retry`](#opts-retry) to provide all retry options as a single -object. - -##### `opts.fetchRetryFactor` - -* Type: Number -* Default: 10 - -The "factor" config for [`retry`](https://npm.im/retry) to use when fetching -packages. - -See also [`opts.retry`](#opts-retry) to provide all retry options as a single -object. - -##### `opts.fetchRetryMintimeout` - -* Type: Number -* Default: 10000 (10 seconds) - -The "minTimeout" config for [`retry`](https://npm.im/retry) to use when fetching -packages. - -See also [`opts.retry`](#opts-retry) to provide all retry options as a single -object. - -##### `opts.fetchRetryMaxtimeout` - -* Type: Number -* Default: 60000 (1 minute) - -The "maxTimeout" config for [`retry`](https://npm.im/retry) to use when fetching -packages. - -See also [`opts.retry`](#opts-retry) to provide all retry options as a single -object. - -##### `opts.forceAuth` - -* Type: Object -* Default: null - -If present, other auth-related values in `opts` will be completely ignored, -including `alwaysAuth`, `email`, and `otp`, when calculating auth for a request, -and the auth details in `opts.forceAuth` will be used instead. - -##### `opts.gzip` - -* Type: Boolean -* Default: false - -If true, `npm-registry-fetch` will set the `Content-Encoding` header to `gzip` -and use `zlib.gzip()` or `zlib.createGzip()` to gzip-encode -[`opts.body`](#opts-body). - -##### `opts.headers` - -* Type: Object -* Default: null - -Additional headers for the outgoing request. This option can also be used to -override headers automatically generated by `npm-registry-fetch`, such as -`Content-Type`. - -##### `opts.ignoreBody` - -* Type: Boolean -* Default: false - -If true, the **response body** will be thrown away and `res.body` set to `null`. -This will prevent dangling response sockets for requests where you don't usually -care what the response body is. - -##### `opts.integrity` - -* Type: String | [SRI object](https://npm.im/ssri) -* Default: null - -If provided, the response body's will be verified against this integrity string, -using [`ssri`](https://npm.im/ssri). If verification succeeds, the response will -complete as normal. If verification fails, the response body will error with an -`EINTEGRITY` error. - -Body integrity is only verified if the body is actually consumed to completion -- -that is, if you use `res.json()`/`res.buffer()`, or if you consume the default -`res` stream data to its end. - -Cached data will have its integrity automatically verified using the -previously-generated integrity hash for the saved request information, so -`EINTEGRITY` errors can happen if [`opts.cache`](#opts-cache) is used, even if -`opts.integrity` is not passed in. - -##### `opts.isFromCI` - -* Type: Boolean -* Default: Based on environment variables - -This is used to populate the `npm-in-ci` request header sent to the registry. - -##### `opts.key` - -* Type: String -* Default: null - -A client key to pass when accessing the registry. Values should be in PEM -format with newlines replaced by the string `'\n'`. For example: - -``` -{ - key: '-----BEGIN PRIVATE KEY-----\nXXXX\nXXXX\n-----END PRIVATE KEY-----' -} -``` - -It is _not_ the path to a key file (and there is no "keyfile" option). - -See also: [`opts.ca`](#opts-ca) and [`opts.cert`](#opts-cert) - -##### `opts.localAddress` - -* Type: IP Address String -* Default: null - -The IP address of the local interface to use when making connections -to the registry. - -See also [`opts.proxy`](#opts-proxy) - -##### `opts.log` - -* Type: [`npmlog`](https://npm.im/npmlog)-like -* Default: null - -Logger object to use for logging operation details. Must have the same methods -as `npmlog`. - -##### `opts.mapJSON` - -* Type: Function -* Default: undefined - -When using `fetch.json.stream()` (NOT `fetch.json()`), this will be passed down -to [`JSONStream`](https://npm.im/JSONStream) as the second argument to -`JSONStream.parse`, and can be used to transform stream data before output. - -##### `opts.maxSockets` - -* Type: Integer -* Default: 12 - -Maximum number of sockets to keep open during requests. Has no effect if -[`opts.agent`](#opts-agent) is used. - -##### `opts.method` - -* Type: String -* Default: 'GET' - -HTTP method to use for the outgoing request. Case-insensitive. - -##### `opts.noproxy` - -* Type: Boolean -* Default: process.env.NOPROXY - -If true, proxying will be disabled even if [`opts.proxy`](#opts-proxy) is used. - -##### `opts.npmSession` - -* Type: String -* Default: null - -If provided, will be sent in the `npm-session` header. This header is used by -the npm registry to identify individual user sessions (usually individual -invocations of the CLI). - -##### `opts.npmCommand` - -* Type: String -* Default: null - -If provided, it will be sent in the `npm-command` header. This yeader is -used by the npm registry to identify the npm command that caused this -request to be made. - -##### `opts.offline` - -* Type: Boolean -* Default: false - -Force offline mode: no network requests will be done during install. To allow -`npm-registry-fetch` to fill in missing cache data, see -[`opts.preferOffline`](#opts-preferOffline). - -This option is only really useful if you're also using -[`opts.cache`](#opts-cache). - -This option is set to `true` when the request includes `write=true` in the -query string. - -##### `opts.otp` - -* Type: Number | String -* Default: null - -This is a one-time password from a two-factor authenticator. It is required for -certain registry interactions when two-factor auth is enabled for a user -account. - -##### `opts.password` - -* Alias: `_password` -* Type: String -* Default: null - -Password used for basic authentication. For the more modern authentication -method, please use the (more secure) [`opts.token`](#opts-token) - -Can optionally be scoped to a registry by using a "nerf dart" for that registry. -That is: - -``` -{ - '//registry.npmjs.org/:password': 't0k3nH34r' -} -``` - -See also [`opts.username`](#opts-username) - -##### `opts.preferOffline` - -* Type: Boolean -* Default: false - -If true, staleness checks for cached data will be bypassed, but missing data -will be requested from the server. To force full offline mode, use -[`opts.offline`](#opts-offline). - -This option is generally only useful if you're also using -[`opts.cache`](#opts-cache). - -This option is set to `false` when the request includes `write=true` in the -query string. - -##### `opts.preferOnline` - -* Type: Boolean -* Default: false - -If true, staleness checks for cached data will be forced, making the CLI look -for updates immediately even for fresh package data. - -This option is generally only useful if you're also using -[`opts.cache`](#opts-cache). - -This option is set to `true` when the request includes `write=true` in the -query string. - -##### `opts.projectScope` - -* Type: String -* Default: null - -If provided, will be sent in the `npm-scope` header. This header is used by the -npm registry to identify the toplevel package scope that a particular project -installation is using. - -##### `opts.proxy` - -* Type: url -* Default: null - -A proxy to use for outgoing http requests. If not passed in, the `HTTP(S)_PROXY` -environment variable will be used. - -##### `opts.query` - -* Type: String | Object -* Default: null - -If provided, the request URI will have a query string appended to it using this -query. If `opts.query` is an object, it will be converted to a query string -using -[`querystring.stringify()`](https://nodejs.org/api/querystring.html#querystring_querystring_stringify_obj_sep_eq_options). - -If the request URI already has a query string, it will be merged with -`opts.query`, preferring `opts.query` values. - -##### `opts.registry` - -* Type: URL -* Default: `'https://registry.npmjs.org'` - -Registry configuration for a request. If a request URL only includes the URL -path, this registry setting will be prepended. This configuration is also used -to determine authentication details, so even if the request URL references a -completely different host, `opts.registry` will be used to find the auth details -for that request. - -See also [`opts.scope`](#opts-scope), [`opts.spec`](#opts-spec), and -[`opts.:registry`](#opts-scope-registry) which can all affect the actual -registry URL used by the outgoing request. - -##### `opts.retry` - -* Type: Object -* Default: null - -Single-object configuration for request retry settings. If passed in, will -override individually-passed `fetch-retry-*` settings. - -##### `opts.scope` - -* Type: String -* Default: null - -Associate an operation with a scope for a scoped registry. This option can force -lookup of scope-specific registries and authentication. - -See also [`opts.:registry`](#opts-scope-registry) and -[`opts.spec`](#opts-spec) for interactions with this option. - -##### `opts.:registry` - -* Type: String -* Default: null - -This option type can be used to configure the registry used for requests -involving a particular scope. For example, `opts['@myscope:registry'] = -'https://scope-specific.registry/'` will make it so requests go out to this -registry instead of [`opts.registry`](#opts-registry) when -[`opts.scope`](#opts-scope) is used, or when [`opts.spec`](#opts-spec) is a -scoped package spec. - -The `@` before the scope name is optional, but recommended. - -##### `opts.spec` - -* Type: String | [`npm-registry-arg`](https://npm.im/npm-registry-arg) object. -* Default: null - -If provided, can be used to automatically configure [`opts.scope`](#opts-scope) -based on a specific package name. Non-registry package specs will throw an -error. - -##### `opts.strictSSL` - -* Type: Boolean -* Default: true - -Whether or not to do SSL key validation when making requests to the -registry via https. - -See also [`opts.ca`](#opts-ca). - -##### `opts.timeout` - -* Type: Milliseconds -* Default: 300000 (5 minutes) - -Time before a hanging request times out. - -##### `opts.token` - -* Alias: `opts._authToken` -* Type: String -* Default: null - -Authentication token string. - -Can be scoped to a registry by using a "nerf dart" for that registry. That is: - -``` -{ - '//registry.npmjs.org/:token': 't0k3nH34r' -} -``` - -##### `opts.userAgent` - -* Type: String -* Default: `'npm-registry-fetch@/node@+ ()'` - -User agent string to send in the `User-Agent` header. - -##### `opts.username` - -* Type: String -* Default: null - -Username used for basic authentication. For the more modern authentication -method, please use the (more secure) [`opts.token`](#opts-token) - -Can optionally be scoped to a registry by using a "nerf dart" for that registry. -That is: - -``` -{ - '//registry.npmjs.org/:username': 't0k3nH34r' -} -``` - -See also [`opts.password`](#opts-password) - -##### `opts._auth` - -* Type: String -* Default: null - -** DEPRECATED ** This is a legacy authentication token supported only for -compatibility. Please use [`opts.token`](#opts-token) instead. diff --git a/node_modules/pacote/node_modules/npm-registry-fetch/auth.js b/node_modules/pacote/node_modules/npm-registry-fetch/auth.js deleted file mode 100644 index 11c3bde6b4e6c..0000000000000 --- a/node_modules/pacote/node_modules/npm-registry-fetch/auth.js +++ /dev/null @@ -1,55 +0,0 @@ -'use strict' - -const defaultOpts = require('./default-opts.js') -const url = require('url') - -module.exports = getAuth -function getAuth (registry, opts_ = {}) { - if (!registry) { throw new Error('registry is required') } - const opts = opts_.forceAuth ? opts_.forceAuth : { ...defaultOpts, ...opts_ } - const AUTH = {} - const regKey = registry && registryKey(registry) - const doKey = (key, alias) => addKey(opts, AUTH, regKey, key, alias) - doKey('token') - doKey('_authToken', 'token') - doKey('username') - doKey('password') - doKey('_password', 'password') - doKey('email') - doKey('_auth') - doKey('otp') - doKey('always-auth', 'alwaysAuth') - if (AUTH.password) { - AUTH.password = Buffer.from(AUTH.password, 'base64').toString('utf8') - } - if (AUTH._auth && !(AUTH.username && AUTH.password)) { - let auth = Buffer.from(AUTH._auth, 'base64').toString() - auth = auth.split(':') - AUTH.username = auth.shift() - AUTH.password = auth.join(':') - } - AUTH.alwaysAuth = AUTH.alwaysAuth === 'false' ? false : !!AUTH.alwaysAuth - return AUTH -} - -function addKey (opts, obj, scope, key, objKey) { - if (opts[key]) { - obj[objKey || key] = opts[key] - } - if (scope && opts[`${scope}:${key}`]) { - obj[objKey || key] = opts[`${scope}:${key}`] - } -} - -// Called a nerf dart in the main codebase. Used as a "safe" -// key when fetching registry info from config. -function registryKey (registry) { - const parsed = new url.URL(registry) - const formatted = url.format({ - protocol: parsed.protocol, - host: parsed.host, - pathname: parsed.pathname, - slashes: true - }) - return url.format(new url.URL('.', formatted)).replace(/^[^:]+:/, '') -} diff --git a/node_modules/pacote/node_modules/npm-registry-fetch/check-response.js b/node_modules/pacote/node_modules/npm-registry-fetch/check-response.js deleted file mode 100644 index f151711f30160..0000000000000 --- a/node_modules/pacote/node_modules/npm-registry-fetch/check-response.js +++ /dev/null @@ -1,128 +0,0 @@ -'use strict' - -const errors = require('./errors.js') -const LRU = require('lru-cache') -const { Response } = require('minipass-fetch') -const defaultOpts = require('./default-opts.js') - -module.exports = checkResponse -function checkResponse (method, res, registry, startTime, opts_ = {}) { - const opts = { ...defaultOpts, ...opts_ } - if (res.headers.has('npm-notice') && !res.headers.has('x-local-cache')) { - opts.log.notice('', res.headers.get('npm-notice')) - } - checkWarnings(res, registry, opts) - if (res.status >= 400) { - logRequest(method, res, startTime, opts) - return checkErrors(method, res, startTime, opts) - } else { - res.body.on('end', () => logRequest(method, res, startTime, opts)) - if (opts.ignoreBody) { - res.body.resume() - return new Response(null, res) - } - return res - } -} - -function logRequest (method, res, startTime, opts) { - const elapsedTime = Date.now() - startTime - const attempt = res.headers.get('x-fetch-attempts') - const attemptStr = attempt && attempt > 1 ? ` attempt #${attempt}` : '' - const cacheStr = res.headers.get('x-local-cache') ? ' (from cache)' : '' - - let urlStr - try { - const { URL } = require('url') - const url = new URL(res.url) - if (url.password) { - url.password = '***' - } - urlStr = url.toString() - } catch (er) { - urlStr = res.url - } - - opts.log.http( - 'fetch', - `${method.toUpperCase()} ${res.status} ${urlStr} ${elapsedTime}ms${attemptStr}${cacheStr}` - ) -} - -const WARNING_REGEXP = /^\s*(\d{3})\s+(\S+)\s+"(.*)"\s+"([^"]+)"/ -const BAD_HOSTS = new LRU({ max: 50 }) - -function checkWarnings (res, registry, opts) { - if (res.headers.has('warning') && !BAD_HOSTS.has(registry)) { - const warnings = {} - // note: headers.raw() will preserve case, so we might have a - // key on the object like 'WaRnInG' if that was used first - for (const [key, value] of Object.entries(res.headers.raw())) { - if (key.toLowerCase() !== 'warning') { continue } - value.forEach(w => { - const match = w.match(WARNING_REGEXP) - if (match) { - warnings[match[1]] = { - code: match[1], - host: match[2], - message: match[3], - date: new Date(match[4]) - } - } - }) - } - BAD_HOSTS.set(registry, true) - if (warnings['199']) { - if (warnings['199'].message.match(/ENOTFOUND/)) { - opts.log.warn('registry', `Using stale data from ${registry} because the host is inaccessible -- are you offline?`) - } else { - opts.log.warn('registry', `Unexpected warning for ${registry}: ${warnings['199'].message}`) - } - } - if (warnings['111']) { - // 111 Revalidation failed -- we're using stale data - opts.log.warn( - 'registry', - `Using stale data from ${registry} due to a request error during revalidation.` - ) - } - } -} - -function checkErrors (method, res, startTime, opts) { - return res.buffer() - .catch(() => null) - .then(body => { - let parsed = body - try { - parsed = JSON.parse(body.toString('utf8')) - } catch (e) {} - if (res.status === 401 && res.headers.get('www-authenticate')) { - const auth = res.headers.get('www-authenticate') - .split(/,\s*/) - .map(s => s.toLowerCase()) - if (auth.indexOf('ipaddress') !== -1) { - throw new errors.HttpErrorAuthIPAddress( - method, res, parsed, opts.spec - ) - } else if (auth.indexOf('otp') !== -1) { - throw new errors.HttpErrorAuthOTP( - method, res, parsed, opts.spec - ) - } else { - throw new errors.HttpErrorAuthUnknown( - method, res, parsed, opts.spec - ) - } - } else if (res.status === 401 && body != null && /one-time pass/.test(body.toString('utf8'))) { - // Heuristic for malformed OTP responses that don't include the www-authenticate header. - throw new errors.HttpErrorAuthOTP( - method, res, parsed, opts.spec - ) - } else { - throw new errors.HttpErrorGeneral( - method, res, parsed, opts.spec - ) - } - }) -} diff --git a/node_modules/pacote/node_modules/npm-registry-fetch/default-opts.js b/node_modules/pacote/node_modules/npm-registry-fetch/default-opts.js deleted file mode 100644 index b742fd5a5fcd4..0000000000000 --- a/node_modules/pacote/node_modules/npm-registry-fetch/default-opts.js +++ /dev/null @@ -1,22 +0,0 @@ -const pkg = require('./package.json') -const ciDetect = require('@npmcli/ci-detect') -module.exports = { - isFromCI: ciDetect(), - log: require('./silentlog.js'), - maxSockets: 12, - method: 'GET', - registry: 'https://registry.npmjs.org/', - timeout: 5 * 60 * 1000, // 5 minutes - strictSSL: true, - noProxy: process.env.NOPROXY, - userAgent: `${pkg.name - }@${ - pkg.version - }/node@${ - process.version - }+${ - process.arch - } (${ - process.platform - })` -} diff --git a/node_modules/pacote/node_modules/npm-registry-fetch/errors.js b/node_modules/pacote/node_modules/npm-registry-fetch/errors.js deleted file mode 100644 index c41947e29952d..0000000000000 --- a/node_modules/pacote/node_modules/npm-registry-fetch/errors.js +++ /dev/null @@ -1,79 +0,0 @@ -'use strict' - -const url = require('url') - -function packageName (href) { - try { - let basePath = new url.URL(href).pathname.substr(1) - if (!basePath.match(/^-/)) { - basePath = basePath.split('/') - var index = basePath.indexOf('_rewrite') - if (index === -1) { - index = basePath.length - 1 - } else { - index++ - } - return decodeURIComponent(basePath[index]) - } - } catch (_) { - // this is ok - } -} - -class HttpErrorBase extends Error { - constructor (method, res, body, spec) { - super() - this.headers = res.headers.raw() - this.statusCode = res.status - this.code = `E${res.status}` - this.method = method - this.uri = res.url - this.body = body - this.pkgid = spec ? spec.toString() : packageName(res.url) - } -} -module.exports.HttpErrorBase = HttpErrorBase - -class HttpErrorGeneral extends HttpErrorBase { - constructor (method, res, body, spec) { - super(method, res, body, spec) - this.message = `${res.status} ${res.statusText} - ${ - this.method.toUpperCase() - } ${ - this.spec || this.uri - }${ - (body && body.error) ? ' - ' + body.error : '' - }` - Error.captureStackTrace(this, HttpErrorGeneral) - } -} -module.exports.HttpErrorGeneral = HttpErrorGeneral - -class HttpErrorAuthOTP extends HttpErrorBase { - constructor (method, res, body, spec) { - super(method, res, body, spec) - this.message = 'OTP required for authentication' - this.code = 'EOTP' - Error.captureStackTrace(this, HttpErrorAuthOTP) - } -} -module.exports.HttpErrorAuthOTP = HttpErrorAuthOTP - -class HttpErrorAuthIPAddress extends HttpErrorBase { - constructor (method, res, body, spec) { - super(method, res, body, spec) - this.message = 'Login is not allowed from your IP address' - this.code = 'EAUTHIP' - Error.captureStackTrace(this, HttpErrorAuthIPAddress) - } -} -module.exports.HttpErrorAuthIPAddress = HttpErrorAuthIPAddress - -class HttpErrorAuthUnknown extends HttpErrorBase { - constructor (method, res, body, spec) { - super(method, res, body, spec) - this.message = 'Unable to authenticate, need: ' + res.headers.get('www-authenticate') - Error.captureStackTrace(this, HttpErrorAuthUnknown) - } -} -module.exports.HttpErrorAuthUnknown = HttpErrorAuthUnknown diff --git a/node_modules/pacote/node_modules/npm-registry-fetch/index.js b/node_modules/pacote/node_modules/npm-registry-fetch/index.js deleted file mode 100644 index 2324e7fbfd00b..0000000000000 --- a/node_modules/pacote/node_modules/npm-registry-fetch/index.js +++ /dev/null @@ -1,219 +0,0 @@ -'use strict' - -const checkResponse = require('./check-response.js') -const getAuth = require('./auth.js') -const fetch = require('make-fetch-happen') -const JSONStream = require('minipass-json-stream') -const npa = require('npm-package-arg') -const qs = require('querystring') -const url = require('url') -const zlib = require('minizlib') -const Minipass = require('minipass') - -const defaultOpts = require('./default-opts.js') - -// WhatWG URL throws if it's not fully resolved -const urlIsValid = u => { - try { - return !!new url.URL(u) - } catch (_) { - return false - } -} - -module.exports = regFetch -function regFetch (uri, /* istanbul ignore next */ opts_ = {}) { - const opts = { - ...defaultOpts, - ...opts_ - } - const registry = opts.registry = ( - (opts.spec && pickRegistry(opts.spec, opts)) || - (opts.publishConfig && opts.publishConfig.registry) || - opts.registry || - /* istanbul ignore next */ - 'https://registry.npmjs.org/' - ) - - if (!urlIsValid(uri)) { - uri = `${ - registry.trim().replace(/\/?$/g, '') - }/${ - uri.trim().replace(/^\//, '') - }` - } - - const method = opts.method || 'GET' - - // through that takes into account the scope, the prefix of `uri`, etc - const startTime = Date.now() - const headers = getHeaders(registry, uri, opts) - let body = opts.body - const bodyIsStream = Minipass.isStream(body) - const bodyIsPromise = body && - typeof body === 'object' && - typeof body.then === 'function' - - if (body && !bodyIsStream && !bodyIsPromise && typeof body !== 'string' && !Buffer.isBuffer(body)) { - headers['content-type'] = headers['content-type'] || 'application/json' - body = JSON.stringify(body) - } else if (body && !headers['content-type']) { - headers['content-type'] = 'application/octet-stream' - } - - if (opts.gzip) { - headers['content-encoding'] = 'gzip' - if (bodyIsStream) { - const gz = new zlib.Gzip() - body.on('error', /* istanbul ignore next: unlikely and hard to test */ - err => gz.emit('error', err)) - body = body.pipe(gz) - } else if (!bodyIsPromise) { - body = new zlib.Gzip().end(body).concat() - } - } - - const parsed = new url.URL(uri) - - if (opts.query) { - const q = typeof opts.query === 'string' - ? qs.parse(opts.query) - : opts.query - - Object.keys(q).forEach(key => { - if (q[key] !== undefined) { - parsed.searchParams.set(key, q[key]) - } - }) - uri = url.format(parsed) - } - - if (parsed.searchParams.get('write') === 'true' && method === 'GET') { - // do not cache, because this GET is fetching a rev that will be - // used for a subsequent PUT or DELETE, so we need to conditionally - // update cache. - opts.offline = false - opts.preferOffline = false - opts.preferOnline = true - } - - const doFetch = (body) => fetch(uri, { - agent: opts.agent, - algorithms: opts.algorithms, - body, - cache: getCacheMode(opts), - cacheManager: opts.cache, - ca: opts.ca, - cert: opts.cert, - headers, - integrity: opts.integrity, - key: opts.key, - localAddress: opts.localAddress, - maxSockets: opts.maxSockets, - memoize: opts.memoize, - method: method, - noProxy: opts.noProxy, - proxy: opts.httpsProxy || opts.proxy, - retry: opts.retry ? opts.retry : { - retries: opts.fetchRetries, - factor: opts.fetchRetryFactor, - minTimeout: opts.fetchRetryMintimeout, - maxTimeout: opts.fetchRetryMaxtimeout - }, - strictSSL: opts.strictSSL, - timeout: opts.timeout || 30 * 1000 - }).then(res => checkResponse( - method, res, registry, startTime, opts - )) - - return Promise.resolve(body).then(doFetch) -} - -module.exports.json = fetchJSON -function fetchJSON (uri, opts) { - return regFetch(uri, opts).then(res => res.json()) -} - -module.exports.json.stream = fetchJSONStream -function fetchJSONStream (uri, jsonPath, /* istanbul ignore next */ opts_ = {}) { - const opts = { ...defaultOpts, ...opts_ } - const parser = JSONStream.parse(jsonPath, opts.mapJSON) - regFetch(uri, opts).then(res => - res.body.on('error', - /* istanbul ignore next: unlikely and difficult to test */ - er => parser.emit('error', er)).pipe(parser) - ).catch(er => parser.emit('error', er)) - return parser -} - -module.exports.pickRegistry = pickRegistry -function pickRegistry (spec, opts = {}) { - spec = npa(spec) - let registry = spec.scope && - opts[spec.scope.replace(/^@?/, '@') + ':registry'] - - if (!registry && opts.scope) { - registry = opts[opts.scope.replace(/^@?/, '@') + ':registry'] - } - - if (!registry && opts.publishConfig) { - registry = opts.publishConfig.registry - } - - if (!registry) { - registry = opts.registry || 'https://registry.npmjs.org/' - } - - return registry -} - -function getCacheMode (opts) { - return opts.offline - ? 'only-if-cached' - : opts.preferOffline - ? 'force-cache' - : opts.preferOnline - ? 'no-cache' - : 'default' -} - -function getHeaders (registry, uri, opts) { - const headers = Object.assign({ - 'npm-in-ci': !!opts.isFromCI, - 'user-agent': opts.userAgent - }, opts.headers || {}) - - if (opts.projectScope) { - headers['npm-scope'] = opts.projectScope - } - - if (opts.npmSession) { - headers['npm-session'] = opts.npmSession - } - - if (opts.npmCommand) { - headers['npm-command'] = opts.npmCommand - } - - const auth = getAuth(registry, opts) - // If a tarball is hosted on a different place than the manifest, only send - // credentials on `alwaysAuth` - const shouldAuth = ( - auth.alwaysAuth || - new url.URL(uri).host === new url.URL(registry).host - ) - if (shouldAuth && auth.token) { - headers.authorization = `Bearer ${auth.token}` - } else if (shouldAuth && auth.username && auth.password) { - const encoded = Buffer.from( - `${auth.username}:${auth.password}`, 'utf8' - ).toString('base64') - headers.authorization = `Basic ${encoded}` - } else if (shouldAuth && auth._auth) { - headers.authorization = `Basic ${auth._auth}` - } - if (shouldAuth && auth.otp) { - headers['npm-otp'] = auth.otp - } - return headers -} diff --git a/node_modules/pacote/node_modules/npm-registry-fetch/package.json b/node_modules/pacote/node_modules/npm-registry-fetch/package.json deleted file mode 100644 index 5aeddc5b39102..0000000000000 --- a/node_modules/pacote/node_modules/npm-registry-fetch/package.json +++ /dev/null @@ -1,59 +0,0 @@ -{ - "name": "npm-registry-fetch", - "version": "8.1.5", - "description": "Fetch-based http client for use with npm registry APIs", - "main": "index.js", - "files": [ - "*.js", - "lib" - ], - "scripts": { - "postrelease": "npm publish", - "posttest": "standard", - "prepublishOnly": "git push --follow-tags", - "prerelease": "npm t", - "release": "standard-version -s", - "test": "tap" - }, - "repository": "https://github.com/npm/registry-fetch", - "keywords": [ - "npm", - "registry", - "fetch" - ], - "author": { - "name": "Kat Marchán", - "email": "kzm@sykosomatic.org", - "twitter": "maybekatz" - }, - "license": "ISC", - "dependencies": { - "@npmcli/ci-detect": "^1.0.0", - "lru-cache": "^6.0.0", - "make-fetch-happen": "^8.0.9", - "minipass": "^3.1.3", - "minipass-fetch": "^1.3.0", - "minipass-json-stream": "^1.0.1", - "minizlib": "^2.0.0", - "npm-package-arg": "^8.0.0" - }, - "devDependencies": { - "cacache": "^15.0.0", - "mkdirp": "^0.5.1", - "nock": "^11.7.0", - "npmlog": "^4.1.2", - "require-inject": "^1.4.4", - "rimraf": "^2.6.2", - "ssri": "^8.0.0", - "standard": "^14.3.3", - "standard-version": "^7.1.0", - "tap": "^14.10.7" - }, - "tap": { - "check-coverage": true, - "test-ignore": "test[\\\\/](util|cache)[\\\\/]" - }, - "engines": { - "node": ">=10" - } -} diff --git a/node_modules/pacote/node_modules/npm-registry-fetch/silentlog.js b/node_modules/pacote/node_modules/npm-registry-fetch/silentlog.js deleted file mode 100644 index 886c5d55b2dbb..0000000000000 --- a/node_modules/pacote/node_modules/npm-registry-fetch/silentlog.js +++ /dev/null @@ -1,14 +0,0 @@ -'use strict' - -const noop = Function.prototype -module.exports = { - error: noop, - warn: noop, - notice: noop, - info: noop, - verbose: noop, - silly: noop, - http: noop, - pause: noop, - resume: noop -} diff --git a/node_modules/pacote/package.json b/node_modules/pacote/package.json index 9cddf61099524..7f38a193f7cb9 100644 --- a/node_modules/pacote/package.json +++ b/node_modules/pacote/package.json @@ -1,9 +1,11 @@ { "name": "pacote", - "version": "11.1.11", + "version": "11.1.12", "description": "JavaScript package downloader", "author": "Isaac Z. Schlueter (https://izs.me)", - "bin": "lib/bin.js", + "bin": { + "pacote": "lib/bin.js" + }, "license": "ISC", "main": "lib/index.js", "scripts": { @@ -23,7 +25,7 @@ "mutate-fs": "^2.1.1", "npm-registry-mock": "^1.3.1", "require-inject": "^1.4.4", - "tap": "^14.10.6" + "tap": "^14.10.8" }, "files": [ "lib/**/*.js" @@ -47,7 +49,7 @@ "npm-package-arg": "^8.0.1", "npm-packlist": "^2.1.0", "npm-pick-manifest": "^6.0.0", - "npm-registry-fetch": "^8.1.3", + "npm-registry-fetch": "^9.0.0", "promise-retry": "^1.1.1", "read-package-json-fast": "^1.1.3", "rimraf": "^3.0.2", diff --git a/package-lock.json b/package-lock.json index 21492b37fd6cd..94b518727f2fb 100644 --- a/package-lock.json +++ b/package-lock.json @@ -128,7 +128,7 @@ "npm-user-validate": "^1.0.1", "npmlog": "~4.1.2", "opener": "^1.5.2", - "pacote": "^11.1.10", + "pacote": "^11.1.12", "parse-conflict-json": "^1.1.1", "qrcode-terminal": "^0.12.0", "read": "~1.0.7", @@ -4875,9 +4875,10 @@ } }, "node_modules/pacote": { - "version": "11.1.11", + "version": "11.1.12", + "resolved": "https://registry.npmjs.org/pacote/-/pacote-11.1.12.tgz", + "integrity": "sha512-suazooYMzefXr3glexAX4+q+qqH3wrzchtj+EivwiCCr/tsaHe9HtdHSx3R8YPjulAhojBZ2JkAVy13QwA8Jpg==", "inBundle": true, - "license": "ISC", "dependencies": { "@npmcli/git": "^2.0.1", "@npmcli/installed-package-contents": "^1.0.5", @@ -4892,7 +4893,7 @@ "npm-package-arg": "^8.0.1", "npm-packlist": "^2.1.0", "npm-pick-manifest": "^6.0.0", - "npm-registry-fetch": "^8.1.3", + "npm-registry-fetch": "^9.0.0", "promise-retry": "^1.1.1", "read-package-json-fast": "^1.1.3", "rimraf": "^3.0.2", @@ -4906,25 +4907,6 @@ "node": ">=10" } }, - "node_modules/pacote/node_modules/npm-registry-fetch": { - "version": "8.1.5", - "resolved": "https://registry.npmjs.org/npm-registry-fetch/-/npm-registry-fetch-8.1.5.tgz", - "integrity": "sha512-yZPNoJK9clx1jhSXU54kU6Aj1SV2p7mXUs1W/6OjQvek3wb1RrjDCrt4iY1+VX9eBQvvSGEpzNmYkRUaTL8rqg==", - "inBundle": true, - "dependencies": { - "@npmcli/ci-detect": "^1.0.0", - "lru-cache": "^6.0.0", - "make-fetch-happen": "^8.0.9", - "minipass": "^3.1.3", - "minipass-fetch": "^1.3.0", - "minipass-json-stream": "^1.0.1", - "minizlib": "^2.0.0", - "npm-package-arg": "^8.0.0" - }, - "engines": { - "node": ">=10" - } - }, "node_modules/parent-module": { "version": "1.0.1", "resolved": "https://registry.npmjs.org/parent-module/-/parent-module-1.0.1.tgz", @@ -12402,7 +12384,9 @@ } }, "pacote": { - "version": "11.1.11", + "version": "11.1.12", + "resolved": "https://registry.npmjs.org/pacote/-/pacote-11.1.12.tgz", + "integrity": "sha512-suazooYMzefXr3glexAX4+q+qqH3wrzchtj+EivwiCCr/tsaHe9HtdHSx3R8YPjulAhojBZ2JkAVy13QwA8Jpg==", "requires": { "@npmcli/git": "^2.0.1", "@npmcli/installed-package-contents": "^1.0.5", @@ -12417,29 +12401,12 @@ "npm-package-arg": "^8.0.1", "npm-packlist": "^2.1.0", "npm-pick-manifest": "^6.0.0", - "npm-registry-fetch": "^8.1.3", + "npm-registry-fetch": "^9.0.0", "promise-retry": "^1.1.1", "read-package-json-fast": "^1.1.3", "rimraf": "^3.0.2", "ssri": "^8.0.0", "tar": "^6.0.1" - }, - "dependencies": { - "npm-registry-fetch": { - "version": "8.1.5", - "resolved": "https://registry.npmjs.org/npm-registry-fetch/-/npm-registry-fetch-8.1.5.tgz", - "integrity": "sha512-yZPNoJK9clx1jhSXU54kU6Aj1SV2p7mXUs1W/6OjQvek3wb1RrjDCrt4iY1+VX9eBQvvSGEpzNmYkRUaTL8rqg==", - "requires": { - "@npmcli/ci-detect": "^1.0.0", - "lru-cache": "^6.0.0", - "make-fetch-happen": "^8.0.9", - "minipass": "^3.1.3", - "minipass-fetch": "^1.3.0", - "minipass-json-stream": "^1.0.1", - "minizlib": "^2.0.0", - "npm-package-arg": "^8.0.0" - } - } } }, "parent-module": { diff --git a/package.json b/package.json index 2cdef0d53510e..0e1d0e79b3b7a 100644 --- a/package.json +++ b/package.json @@ -92,7 +92,7 @@ "npm-user-validate": "^1.0.1", "npmlog": "~4.1.2", "opener": "^1.5.2", - "pacote": "^11.1.10", + "pacote": "^11.1.12", "parse-conflict-json": "^1.1.1", "qrcode-terminal": "^0.12.0", "read": "~1.0.7", From 90bf57826edf2f78ddf8deb0793115ead8a8b556 Mon Sep 17 00:00:00 2001 From: isaacs Date: Tue, 3 Nov 2020 13:05:56 -0800 Subject: [PATCH 09/21] npm-profile@5.0.2 --- .../npm-registry-fetch/CHANGELOG.md | 384 ----------- .../npm-registry-fetch/LICENSE.md | 16 - .../node_modules/npm-registry-fetch/README.md | 635 ------------------ .../node_modules/npm-registry-fetch/auth.js | 55 -- .../npm-registry-fetch/check-response.js | 128 ---- .../npm-registry-fetch/default-opts.js | 22 - .../node_modules/npm-registry-fetch/errors.js | 79 --- .../node_modules/npm-registry-fetch/index.js | 219 ------ .../npm-registry-fetch/package.json | 59 -- .../npm-registry-fetch/silentlog.js | 14 - node_modules/npm-profile/package.json | 4 +- package-lock.json | 51 +- package.json | 2 +- 13 files changed, 12 insertions(+), 1656 deletions(-) delete mode 100644 node_modules/npm-profile/node_modules/npm-registry-fetch/CHANGELOG.md delete mode 100644 node_modules/npm-profile/node_modules/npm-registry-fetch/LICENSE.md delete mode 100644 node_modules/npm-profile/node_modules/npm-registry-fetch/README.md delete mode 100644 node_modules/npm-profile/node_modules/npm-registry-fetch/auth.js delete mode 100644 node_modules/npm-profile/node_modules/npm-registry-fetch/check-response.js delete mode 100644 node_modules/npm-profile/node_modules/npm-registry-fetch/default-opts.js delete mode 100644 node_modules/npm-profile/node_modules/npm-registry-fetch/errors.js delete mode 100644 node_modules/npm-profile/node_modules/npm-registry-fetch/index.js delete mode 100644 node_modules/npm-profile/node_modules/npm-registry-fetch/package.json delete mode 100644 node_modules/npm-profile/node_modules/npm-registry-fetch/silentlog.js diff --git a/node_modules/npm-profile/node_modules/npm-registry-fetch/CHANGELOG.md b/node_modules/npm-profile/node_modules/npm-registry-fetch/CHANGELOG.md deleted file mode 100644 index fc26ee1bda4ba..0000000000000 --- a/node_modules/npm-profile/node_modules/npm-registry-fetch/CHANGELOG.md +++ /dev/null @@ -1,384 +0,0 @@ -# Changelog - -All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines. - -### [8.1.5](https://github.com/npm/registry-fetch/compare/v8.1.4...v8.1.5) (2020-10-12) - - -### Bug Fixes - -* respect publishConfig.registry when specified ([32e36ef](https://github.com/npm/registry-fetch/commit/32e36efe86302ed319973cd5b1e6ccc3f62e557e)), closes [#35](https://github.com/npm/registry-fetch/issues/35) - -### [8.1.4](https://github.com/npm/registry-fetch/compare/v8.1.3...v8.1.4) (2020-08-17) - - -### Bug Fixes - -* redact passwords from http logs ([3c294eb](https://github.com/npm/registry-fetch/commit/3c294ebbd7821725db4ff1bc5fe368c49613efcc)) - -### [8.1.3](https://github.com/npm/registry-fetch/compare/v8.1.2...v8.1.3) (2020-07-21) - -### [8.1.2](https://github.com/npm/registry-fetch/compare/v8.1.1...v8.1.2) (2020-07-11) - -### [8.1.1](https://github.com/npm/registry-fetch/compare/v8.1.0...v8.1.1) (2020-06-30) - -## [8.1.0](https://github.com/npm/registry-fetch/compare/v8.0.3...v8.1.0) (2020-05-20) - - -### Features - -* add npm-command HTTP header ([1bb4eb2](https://github.com/npm/registry-fetch/commit/1bb4eb2c66ee8a0dc62558bdcff1b548e2bb9820)) - -### [8.0.3](https://github.com/npm/registry-fetch/compare/v8.0.2...v8.0.3) (2020-05-13) - - -### Bug Fixes - -* update minipass and make-fetch-happen to latest ([3b6c5d0](https://github.com/npm/registry-fetch/commit/3b6c5d0d8ccd4c4a97862a65acef956f19aec127)), closes [#23](https://github.com/npm/registry-fetch/issues/23) - -### [8.0.2](https://github.com/npm/registry-fetch/compare/v8.0.1...v8.0.2) (2020-05-04) - - -### Bug Fixes - -* update make-fetch-happen to 8.0.6 ([226df2c](https://github.com/npm/registry-fetch/commit/226df2c32e3f9ed8ceefcfdbd11efb178181b442)) - -## [8.0.0](https://github.com/npm/registry-fetch/compare/v7.0.1...v8.0.0) (2020-02-24) - - -### ⚠ BREAKING CHANGES - -* Removes the 'opts.refer' option and the HTTP Referer -header (unless explicitly added to the 'headers' option, of course). - -PR-URL: https://github.com/npm/npm-registry-fetch/pull/25 -Credit: @isaacs - -### Bug Fixes - -* remove referer header and opts.refer ([eb8f7af](https://github.com/npm/registry-fetch/commit/eb8f7af3c102834856604c1be664b00ca0fe8ef2)), closes [#25](https://github.com/npm/registry-fetch/issues/25) - -### [7.0.1](https://github.com/npm/registry-fetch/compare/v7.0.0...v7.0.1) (2020-02-24) - -## [7.0.0](https://github.com/npm/registry-fetch/compare/v6.0.2...v7.0.0) (2020-02-18) - - -### ⚠ BREAKING CHANGES - -* figgy pudding is now nowhere to be found. -* this removes figgy-pudding, and drops several option -aliases. - -Defaults and behavior are all the same, and this module is now using the -canonical camelCase option names that npm v7 will provide to all its -deps. - -Related to: https://github.com/npm/rfcs/pull/102 - -PR-URL: https://github.com/npm/npm-registry-fetch/pull/22 -Credit: @isaacs - -### Bug Fixes - -* Remove figgy-pudding, use canonical option names ([ede3c08](https://github.com/npm/registry-fetch/commit/ede3c087007fd1808e02b1af70562220d03b18a9)), closes [#22](https://github.com/npm/registry-fetch/issues/22) - - -* update cacache, ssri, make-fetch-happen ([57fcc88](https://github.com/npm/registry-fetch/commit/57fcc889bee03edcc0a2025d96a171039108c231)) - -### [6.0.2](https://github.com/npm/registry-fetch/compare/v6.0.1...v6.0.2) (2020-02-14) - - -### Bug Fixes - -* always bypass cache when ?write=true ([83f89f3](https://github.com/npm/registry-fetch/commit/83f89f35abd2ed0507c869e37f90ed746375772c)) - -### [6.0.1](https://github.com/npm/registry-fetch/compare/v6.0.0...v6.0.1) (2020-02-14) - - -### Bug Fixes - -* use 30s default for timeout as per README ([50e8afc](https://github.com/npm/registry-fetch/commit/50e8afc6ff850542feb588f9f9c64ebae59e72a0)), closes [#20](https://github.com/npm/registry-fetch/issues/20) - -## [6.0.0](https://github.com/npm/registry-fetch/compare/v5.0.1...v6.0.0) (2019-12-17) - - -### ⚠ BREAKING CHANGES - -* This drops support for node < 10. - -There are some lint failures due to standard pushing for using WhatWG URL -objects instead of url.parse/url.resolve. However, the code in this lib -does some fancy things with the query/search portions of the parsed url -object, so it'll take a bit of care to make it work properly. - -### Bug Fixes - -* detect CI so our tests don't fail in CI ([5813da6](https://github.com/npm/registry-fetch/commit/5813da634cef73b12e40373972d7937e6934fce0)) -* Use WhatWG URLs instead of url.parse ([8ccfa8a](https://github.com/npm/registry-fetch/commit/8ccfa8a72c38cfedb0f525b7f453644fd4444f99)) - - -* normalize settings, drop old nodes, update deps ([510b125](https://github.com/npm/registry-fetch/commit/510b1255cc7ed4bb397a34e0007757dae33e2275)) - - -## [5.0.1](https://github.com/npm/registry-fetch/compare/v5.0.0...v5.0.1) (2019-11-11) - - - - -# [5.0.0](https://github.com/npm/registry-fetch/compare/v4.0.2...v5.0.0) (2019-10-04) - - -### Bug Fixes - -* prefer const in getAuth function ([90ac7b1](https://github.com/npm/registry-fetch/commit/90ac7b1)) -* use minizlib instead of core zlib ([e64702e](https://github.com/npm/registry-fetch/commit/e64702e)) - - -### Features - -* refactor to use Minipass streams ([bb37f20](https://github.com/npm/registry-fetch/commit/bb37f20)) - - -### BREAKING CHANGES - -* this replaces all core streams (except for some -PassThrough streams in a few tests) with Minipass streams, and updates -all deps to the latest and greatest Minipass versions of things. - - - - -## [4.0.2](https://github.com/npm/registry-fetch/compare/v4.0.0...v4.0.2) (2019-10-04) - - -### Bug Fixes - -* Add null check on body on 401 errors ([e3a0186](https://github.com/npm/registry-fetch/commit/e3a0186)), closes [#9](https://github.com/npm/registry-fetch/issues/9) -* **deps:** Add explicit dependency on safe-buffer ([8eae5f0](https://github.com/npm/registry-fetch/commit/8eae5f0)), closes [npm/libnpmaccess#2](https://github.com/npm/libnpmaccess/issues/2) [#3](https://github.com/npm/registry-fetch/issues/3) - - - - -# [4.0.0](https://github.com/npm/registry-fetch/compare/v3.9.1...v4.0.0) (2019-07-15) - - -* cacache@12.0.0, infer uid from cache folder ([0c4f060](https://github.com/npm/registry-fetch/commit/0c4f060)) - - -### BREAKING CHANGES - -* uid and gid are inferred from cache folder, rather than -being passed in as options. - - - - -## [3.9.1](https://github.com/npm/registry-fetch/compare/v3.9.0...v3.9.1) (2019-07-02) - - - - -# [3.9.0](https://github.com/npm/registry-fetch/compare/v3.8.0...v3.9.0) (2019-01-24) - - -### Features - -* **auth:** support username:password encoded legacy _auth ([a91f90c](https://github.com/npm/registry-fetch/commit/a91f90c)) - - - - -# [3.8.0](https://github.com/npm/registry-fetch/compare/v3.7.0...v3.8.0) (2018-08-23) - - -### Features - -* **mapJson:** add support for passing in json stream mapper ([0600986](https://github.com/npm/registry-fetch/commit/0600986)) - - - - -# [3.7.0](https://github.com/npm/registry-fetch/compare/v3.6.0...v3.7.0) (2018-08-23) - - -### Features - -* **json.stream:** add utility function for streamed JSON parsing ([051d969](https://github.com/npm/registry-fetch/commit/051d969)) - - - - -# [3.6.0](https://github.com/npm/registry-fetch/compare/v3.5.0...v3.6.0) (2018-08-22) - - -### Bug Fixes - -* **docs:** document opts.forceAuth ([40bcd65](https://github.com/npm/registry-fetch/commit/40bcd65)) - - -### Features - -* **opts.ignoreBody:** add a boolean to throw away response bodies ([6923702](https://github.com/npm/registry-fetch/commit/6923702)) - - - - -# [3.5.0](https://github.com/npm/registry-fetch/compare/v3.4.0...v3.5.0) (2018-08-22) - - -### Features - -* **pkgid:** heuristic pkgid calculation for errors ([2e789a5](https://github.com/npm/registry-fetch/commit/2e789a5)) - - - - -# [3.4.0](https://github.com/npm/registry-fetch/compare/v3.3.0...v3.4.0) (2018-08-22) - - -### Bug Fixes - -* **deps:** use new figgy-pudding with aliases fix ([0308f54](https://github.com/npm/registry-fetch/commit/0308f54)) - - -### Features - -* **auth:** add forceAuth option to force a specific auth mechanism ([4524d17](https://github.com/npm/registry-fetch/commit/4524d17)) - - - - -# [3.3.0](https://github.com/npm/registry-fetch/compare/v3.2.1...v3.3.0) (2018-08-21) - - -### Bug Fixes - -* **query:** stop including undefined keys ([4718b1b](https://github.com/npm/registry-fetch/commit/4718b1b)) - - -### Features - -* **otp:** use heuristic detection for malformed EOTP responses ([f035194](https://github.com/npm/registry-fetch/commit/f035194)) - - - - -## [3.2.1](https://github.com/npm/registry-fetch/compare/v3.2.0...v3.2.1) (2018-08-16) - - -### Bug Fixes - -* **opts:** pass through non-null opts.retry ([beba040](https://github.com/npm/registry-fetch/commit/beba040)) - - - - -# [3.2.0](https://github.com/npm/registry-fetch/compare/v3.1.1...v3.2.0) (2018-07-27) - - -### Features - -* **gzip:** add opts.gzip convenience opt ([340abe0](https://github.com/npm/registry-fetch/commit/340abe0)) - - - - -## [3.1.1](https://github.com/npm/registry-fetch/compare/v3.1.0...v3.1.1) (2018-04-09) - - - - -# [3.1.0](https://github.com/npm/registry-fetch/compare/v3.0.0...v3.1.0) (2018-04-09) - - -### Features - -* **config:** support no-proxy and https-proxy options ([9aa906b](https://github.com/npm/registry-fetch/commit/9aa906b)) - - - - -# [3.0.0](https://github.com/npm/registry-fetch/compare/v2.1.0...v3.0.0) (2018-04-09) - - -### Bug Fixes - -* **api:** pacote integration-related fixes ([a29de4f](https://github.com/npm/registry-fetch/commit/a29de4f)) -* **config:** stop caring about opts.config ([5856a6f](https://github.com/npm/registry-fetch/commit/5856a6f)) - - -### BREAKING CHANGES - -* **config:** opts.config is no longer supported. Pass the options down in opts itself. - - - - -# [2.1.0](https://github.com/npm/registry-fetch/compare/v2.0.0...v2.1.0) (2018-04-08) - - -### Features - -* **token:** accept opts.token for opts._authToken ([108c9f0](https://github.com/npm/registry-fetch/commit/108c9f0)) - - - - -# [2.0.0](https://github.com/npm/registry-fetch/compare/v1.1.1...v2.0.0) (2018-04-08) - - -### meta - -* drop support for node@4 ([758536e](https://github.com/npm/registry-fetch/commit/758536e)) - - -### BREAKING CHANGES - -* node@4 is no longer supported - - - - -## [1.1.1](https://github.com/npm/registry-fetch/compare/v1.1.0...v1.1.1) (2018-04-06) - - - - -# [1.1.0](https://github.com/npm/registry-fetch/compare/v1.0.1...v1.1.0) (2018-03-16) - - -### Features - -* **specs:** can use opts.spec to trigger pickManifest ([85c4ac9](https://github.com/npm/registry-fetch/commit/85c4ac9)) - - - - -## [1.0.1](https://github.com/npm/registry-fetch/compare/v1.0.0...v1.0.1) (2018-03-16) - - -### Bug Fixes - -* **query:** oops console.log ([870e4f5](https://github.com/npm/registry-fetch/commit/870e4f5)) - - - - -# 1.0.0 (2018-03-16) - - -### Bug Fixes - -* **auth:** get auth working with all the little details ([84b94ba](https://github.com/npm/registry-fetch/commit/84b94ba)) -* **deps:** add bluebird as an actual dep ([1286e31](https://github.com/npm/registry-fetch/commit/1286e31)) -* **errors:** Unknown auth errors use default code ([#1](https://github.com/npm/registry-fetch/issues/1)) ([3d91b93](https://github.com/npm/registry-fetch/commit/3d91b93)) -* **standard:** remove args from invocation ([9620a0a](https://github.com/npm/registry-fetch/commit/9620a0a)) - - -### Features - -* **api:** baseline kinda-working API impl ([bf91f9f](https://github.com/npm/registry-fetch/commit/bf91f9f)) -* **body:** automatic handling of different opts.body values ([f3b97db](https://github.com/npm/registry-fetch/commit/f3b97db)) -* **config:** nicer input config input handling ([b9ce21d](https://github.com/npm/registry-fetch/commit/b9ce21d)) -* **opts:** use figgy-pudding for opts handling ([0abd527](https://github.com/npm/registry-fetch/commit/0abd527)) -* **query:** add query utility support ([65ea8b1](https://github.com/npm/registry-fetch/commit/65ea8b1)) diff --git a/node_modules/npm-profile/node_modules/npm-registry-fetch/LICENSE.md b/node_modules/npm-profile/node_modules/npm-registry-fetch/LICENSE.md deleted file mode 100644 index 8d28acf866d93..0000000000000 --- a/node_modules/npm-profile/node_modules/npm-registry-fetch/LICENSE.md +++ /dev/null @@ -1,16 +0,0 @@ -ISC License - -Copyright (c) npm, Inc. - -Permission to use, copy, modify, and/or distribute this software for -any purpose with or without fee is hereby granted, provided that the -above copyright notice and this permission notice appear in all copies. - -THE SOFTWARE IS PROVIDED "AS IS" AND THE COPYRIGHT HOLDER DISCLAIMS -ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED -WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE -COPYRIGHT HOLDER BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR -CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS -OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE -OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE -USE OR PERFORMANCE OF THIS SOFTWARE. diff --git a/node_modules/npm-profile/node_modules/npm-registry-fetch/README.md b/node_modules/npm-profile/node_modules/npm-registry-fetch/README.md deleted file mode 100644 index e660940e30dc4..0000000000000 --- a/node_modules/npm-profile/node_modules/npm-registry-fetch/README.md +++ /dev/null @@ -1,635 +0,0 @@ -# npm-registry-fetch - -[![npm version](https://img.shields.io/npm/v/npm-registry-fetch.svg)](https://npm.im/npm-registry-fetch) -[![license](https://img.shields.io/npm/l/npm-registry-fetch.svg)](https://npm.im/npm-registry-fetch) -[![Travis](https://img.shields.io/travis/npm/npm-registry-fetch/latest.svg)](https://travis-ci.org/npm/npm-registry-fetch) -[![AppVeyor](https://img.shields.io/appveyor/ci/npm/npm-registry-fetch/latest.svg)](https://ci.appveyor.com/project/npm/npm-registry-fetch) -[![Coverage Status](https://coveralls.io/repos/github/npm/npm-registry-fetch/badge.svg?branch=latest)](https://coveralls.io/github/npm/npm-registry-fetch?branch=latest) - -[`npm-registry-fetch`](https://github.com/npm/npm-registry-fetch) is a Node.js -library that implements a `fetch`-like API for accessing npm registry APIs -consistently. It's able to consume npm-style configuration values and has all -the necessary logic for picking registries, handling scopes, and dealing with -authentication details built-in. - -This package is meant to replace the older -[`npm-registry-client`](https://npm.im/npm-registry-client). - -## Example - -```javascript -const npmFetch = require('npm-registry-fetch') - -console.log( - await npmFetch.json('/-/ping') -) -``` - -## Table of Contents - -* [Installing](#install) -* [Example](#example) -* [Contributing](#contributing) -* [API](#api) - * [`fetch`](#fetch) - * [`fetch.json`](#fetch-json) - * [`fetch` options](#fetch-opts) - -### Install - -`$ npm install npm-registry-fetch` - -### Contributing - -The npm team enthusiastically welcomes contributions and project participation! -There's a bunch of things you can do if you want to contribute! The [Contributor -Guide](CONTRIBUTING.md) has all the information you need for everything from -reporting bugs to contributing entire new features. Please don't hesitate to -jump in if you'd like to, or even ask us questions if something isn't clear. - -All participants and maintainers in this project are expected to follow [Code of -Conduct](CODE_OF_CONDUCT.md), and just generally be excellent to each other. - -Please refer to the [Changelog](CHANGELOG.md) for project history details, too. - -Happy hacking! - -### API - -#### Caching and `write=true` query strings - -Before performing any PUT or DELETE operation, npm clients first make a -GET request to the registry resource being updated, which includes -the query string `?write=true`. - -The semantics of this are, effectively, "I intend to write to this thing, -and need to know the latest current value, so that my write can land -cleanly". - -The public npm registry handles these `?write=true` requests by ensuring -that the cache is re-validated before sending a response. In order to -maintain the same behavior on the client, and not get tripped up by an -overeager local cache when we intend to write data to the registry, any -request that comes through `npm-registry-fetch` that contains `write=true` -in the query string will forcibly set the `prefer-online` option to `true`, -and set both `prefer-offline` and `offline` to false, so that any local -cached value will be revalidated. - -#### `> fetch(url, [opts]) -> Promise` - -Performs a request to a given URL. - -The URL can be either a full URL, or a path to one. The appropriate registry -will be automatically picked if only a URL path is given. - -For available options, please see the section on [`fetch` options](#fetch-opts). - -##### Example - -```javascript -const res = await fetch('/-/ping') -console.log(res.headers) -res.on('data', d => console.log(d.toString('utf8'))) -``` - -#### `> fetch.json(url, [opts]) -> Promise` - -Performs a request to a given registry URL, parses the body of the response as -JSON, and returns it as its final value. This is a utility shorthand for -`fetch(url).then(res => res.json())`. - -For available options, please see the section on [`fetch` options](#fetch-opts). - -##### Example - -```javascript -const res = await fetch.json('/-/ping') -console.log(res) // Body parsed as JSON -``` - -#### `> fetch.json.stream(url, jsonPath, [opts]) -> Stream` - -Performs a request to a given registry URL and parses the body of the response -as JSON, with each entry being emitted through the stream. - -The `jsonPath` argument is a [`JSONStream.parse()` -path](https://github.com/dominictarr/JSONStream#jsonstreamparsepath), and the -returned stream (unlike default `JSONStream`s), has a valid -`Symbol.asyncIterator` implementation. - -For available options, please see the section on [`fetch` options](#fetch-opts). - -##### Example - -```javascript -console.log('https://npm.im/~zkat has access to the following packages:') -for await (let {key, value} of fetch.json.stream('/-/user/zkat/package', '$*')) { - console.log(`https://npm.im/${key} (perms: ${value})`) -} -``` - -#### `fetch` Options - -Fetch options are optional, and can be passed in as either a Map-like object -(one with a `.get()` method), a plain javascript object, or a -[`figgy-pudding`](https://npm.im/figgy-pudding) instance. - -##### `opts.agent` - -* Type: http.Agent -* Default: an appropriate agent based on URL protocol and proxy settings - -An [`Agent`](https://nodejs.org/api/http.html#http_class_http_agent) instance to -be shared across requests. This allows multiple concurrent `fetch` requests to -happen on the same socket. - -You do _not_ need to provide this option unless you want something particularly -specialized, since proxy configurations and http/https agents are already -automatically managed internally when this option is not passed through. - -##### `opts.body` - -* Type: Buffer | Stream | Object -* Default: null - -Request body to send through the outgoing request. Buffers and Streams will be -passed through as-is, with a default `content-type` of -`application/octet-stream`. Plain JavaScript objects will be `JSON.stringify`ed -and the `content-type` will default to `application/json`. - -Use [`opts.headers`](#opts-headers) to set the content-type to something else. - -##### `opts.ca` - -* Type: String, Array, or null -* Default: null - -The Certificate Authority signing certificate that is trusted for SSL -connections to the registry. Values should be in PEM format (Windows calls it -"Base-64 encoded X.509 (.CER)") with newlines replaced by the string `'\n'`. For -example: - -``` -{ - ca: '-----BEGIN CERTIFICATE-----\nXXXX\nXXXX\n-----END CERTIFICATE-----' -} -``` - -Set to `null` to only allow "known" registrars, or to a specific CA cert -to trust only that specific signing authority. - -Multiple CAs can be trusted by specifying an array of certificates instead of a -single string. - -See also [`opts.strictSSL`](#opts-strictSSL), [`opts.ca`](#opts-ca) and -[`opts.key`](#opts-key) - -##### `opts.cache` - -* Type: path -* Default: null - -The location of the http cache directory. If provided, certain cachable requests -will be cached according to [IETF RFC 7234](https://tools.ietf.org/html/rfc7234) -rules. This will speed up future requests, as well as make the cached data -available offline if necessary/requested. - -See also [`offline`](#opts-offline), [`preferOffline`](#opts-preferOffline), -and [`preferOnline`](#opts-preferOnline). - -##### `opts.cert` - -* Type: String -* Default: null - -A client certificate to pass when accessing the registry. Values should be in -PEM format (Windows calls it "Base-64 encoded X.509 (.CER)") with newlines -replaced by the string `'\n'`. For example: - -``` -{ - cert: '-----BEGIN CERTIFICATE-----\nXXXX\nXXXX\n-----END CERTIFICATE-----' -} -``` - -It is _not_ the path to a certificate file (and there is no "certfile" option). - -See also: [`opts.ca`](#opts-ca) and [`opts.key`](#opts-key) - -##### `opts.fetchRetries` - -* Type: Number -* Default: 2 - -The "retries" config for [`retry`](https://npm.im/retry) to use when fetching -packages from the registry. - -See also [`opts.retry`](#opts-retry) to provide all retry options as a single -object. - -##### `opts.fetchRetryFactor` - -* Type: Number -* Default: 10 - -The "factor" config for [`retry`](https://npm.im/retry) to use when fetching -packages. - -See also [`opts.retry`](#opts-retry) to provide all retry options as a single -object. - -##### `opts.fetchRetryMintimeout` - -* Type: Number -* Default: 10000 (10 seconds) - -The "minTimeout" config for [`retry`](https://npm.im/retry) to use when fetching -packages. - -See also [`opts.retry`](#opts-retry) to provide all retry options as a single -object. - -##### `opts.fetchRetryMaxtimeout` - -* Type: Number -* Default: 60000 (1 minute) - -The "maxTimeout" config for [`retry`](https://npm.im/retry) to use when fetching -packages. - -See also [`opts.retry`](#opts-retry) to provide all retry options as a single -object. - -##### `opts.forceAuth` - -* Type: Object -* Default: null - -If present, other auth-related values in `opts` will be completely ignored, -including `alwaysAuth`, `email`, and `otp`, when calculating auth for a request, -and the auth details in `opts.forceAuth` will be used instead. - -##### `opts.gzip` - -* Type: Boolean -* Default: false - -If true, `npm-registry-fetch` will set the `Content-Encoding` header to `gzip` -and use `zlib.gzip()` or `zlib.createGzip()` to gzip-encode -[`opts.body`](#opts-body). - -##### `opts.headers` - -* Type: Object -* Default: null - -Additional headers for the outgoing request. This option can also be used to -override headers automatically generated by `npm-registry-fetch`, such as -`Content-Type`. - -##### `opts.ignoreBody` - -* Type: Boolean -* Default: false - -If true, the **response body** will be thrown away and `res.body` set to `null`. -This will prevent dangling response sockets for requests where you don't usually -care what the response body is. - -##### `opts.integrity` - -* Type: String | [SRI object](https://npm.im/ssri) -* Default: null - -If provided, the response body's will be verified against this integrity string, -using [`ssri`](https://npm.im/ssri). If verification succeeds, the response will -complete as normal. If verification fails, the response body will error with an -`EINTEGRITY` error. - -Body integrity is only verified if the body is actually consumed to completion -- -that is, if you use `res.json()`/`res.buffer()`, or if you consume the default -`res` stream data to its end. - -Cached data will have its integrity automatically verified using the -previously-generated integrity hash for the saved request information, so -`EINTEGRITY` errors can happen if [`opts.cache`](#opts-cache) is used, even if -`opts.integrity` is not passed in. - -##### `opts.isFromCI` - -* Type: Boolean -* Default: Based on environment variables - -This is used to populate the `npm-in-ci` request header sent to the registry. - -##### `opts.key` - -* Type: String -* Default: null - -A client key to pass when accessing the registry. Values should be in PEM -format with newlines replaced by the string `'\n'`. For example: - -``` -{ - key: '-----BEGIN PRIVATE KEY-----\nXXXX\nXXXX\n-----END PRIVATE KEY-----' -} -``` - -It is _not_ the path to a key file (and there is no "keyfile" option). - -See also: [`opts.ca`](#opts-ca) and [`opts.cert`](#opts-cert) - -##### `opts.localAddress` - -* Type: IP Address String -* Default: null - -The IP address of the local interface to use when making connections -to the registry. - -See also [`opts.proxy`](#opts-proxy) - -##### `opts.log` - -* Type: [`npmlog`](https://npm.im/npmlog)-like -* Default: null - -Logger object to use for logging operation details. Must have the same methods -as `npmlog`. - -##### `opts.mapJSON` - -* Type: Function -* Default: undefined - -When using `fetch.json.stream()` (NOT `fetch.json()`), this will be passed down -to [`JSONStream`](https://npm.im/JSONStream) as the second argument to -`JSONStream.parse`, and can be used to transform stream data before output. - -##### `opts.maxSockets` - -* Type: Integer -* Default: 12 - -Maximum number of sockets to keep open during requests. Has no effect if -[`opts.agent`](#opts-agent) is used. - -##### `opts.method` - -* Type: String -* Default: 'GET' - -HTTP method to use for the outgoing request. Case-insensitive. - -##### `opts.noproxy` - -* Type: Boolean -* Default: process.env.NOPROXY - -If true, proxying will be disabled even if [`opts.proxy`](#opts-proxy) is used. - -##### `opts.npmSession` - -* Type: String -* Default: null - -If provided, will be sent in the `npm-session` header. This header is used by -the npm registry to identify individual user sessions (usually individual -invocations of the CLI). - -##### `opts.npmCommand` - -* Type: String -* Default: null - -If provided, it will be sent in the `npm-command` header. This yeader is -used by the npm registry to identify the npm command that caused this -request to be made. - -##### `opts.offline` - -* Type: Boolean -* Default: false - -Force offline mode: no network requests will be done during install. To allow -`npm-registry-fetch` to fill in missing cache data, see -[`opts.preferOffline`](#opts-preferOffline). - -This option is only really useful if you're also using -[`opts.cache`](#opts-cache). - -This option is set to `true` when the request includes `write=true` in the -query string. - -##### `opts.otp` - -* Type: Number | String -* Default: null - -This is a one-time password from a two-factor authenticator. It is required for -certain registry interactions when two-factor auth is enabled for a user -account. - -##### `opts.password` - -* Alias: `_password` -* Type: String -* Default: null - -Password used for basic authentication. For the more modern authentication -method, please use the (more secure) [`opts.token`](#opts-token) - -Can optionally be scoped to a registry by using a "nerf dart" for that registry. -That is: - -``` -{ - '//registry.npmjs.org/:password': 't0k3nH34r' -} -``` - -See also [`opts.username`](#opts-username) - -##### `opts.preferOffline` - -* Type: Boolean -* Default: false - -If true, staleness checks for cached data will be bypassed, but missing data -will be requested from the server. To force full offline mode, use -[`opts.offline`](#opts-offline). - -This option is generally only useful if you're also using -[`opts.cache`](#opts-cache). - -This option is set to `false` when the request includes `write=true` in the -query string. - -##### `opts.preferOnline` - -* Type: Boolean -* Default: false - -If true, staleness checks for cached data will be forced, making the CLI look -for updates immediately even for fresh package data. - -This option is generally only useful if you're also using -[`opts.cache`](#opts-cache). - -This option is set to `true` when the request includes `write=true` in the -query string. - -##### `opts.projectScope` - -* Type: String -* Default: null - -If provided, will be sent in the `npm-scope` header. This header is used by the -npm registry to identify the toplevel package scope that a particular project -installation is using. - -##### `opts.proxy` - -* Type: url -* Default: null - -A proxy to use for outgoing http requests. If not passed in, the `HTTP(S)_PROXY` -environment variable will be used. - -##### `opts.query` - -* Type: String | Object -* Default: null - -If provided, the request URI will have a query string appended to it using this -query. If `opts.query` is an object, it will be converted to a query string -using -[`querystring.stringify()`](https://nodejs.org/api/querystring.html#querystring_querystring_stringify_obj_sep_eq_options). - -If the request URI already has a query string, it will be merged with -`opts.query`, preferring `opts.query` values. - -##### `opts.registry` - -* Type: URL -* Default: `'https://registry.npmjs.org'` - -Registry configuration for a request. If a request URL only includes the URL -path, this registry setting will be prepended. This configuration is also used -to determine authentication details, so even if the request URL references a -completely different host, `opts.registry` will be used to find the auth details -for that request. - -See also [`opts.scope`](#opts-scope), [`opts.spec`](#opts-spec), and -[`opts.:registry`](#opts-scope-registry) which can all affect the actual -registry URL used by the outgoing request. - -##### `opts.retry` - -* Type: Object -* Default: null - -Single-object configuration for request retry settings. If passed in, will -override individually-passed `fetch-retry-*` settings. - -##### `opts.scope` - -* Type: String -* Default: null - -Associate an operation with a scope for a scoped registry. This option can force -lookup of scope-specific registries and authentication. - -See also [`opts.:registry`](#opts-scope-registry) and -[`opts.spec`](#opts-spec) for interactions with this option. - -##### `opts.:registry` - -* Type: String -* Default: null - -This option type can be used to configure the registry used for requests -involving a particular scope. For example, `opts['@myscope:registry'] = -'https://scope-specific.registry/'` will make it so requests go out to this -registry instead of [`opts.registry`](#opts-registry) when -[`opts.scope`](#opts-scope) is used, or when [`opts.spec`](#opts-spec) is a -scoped package spec. - -The `@` before the scope name is optional, but recommended. - -##### `opts.spec` - -* Type: String | [`npm-registry-arg`](https://npm.im/npm-registry-arg) object. -* Default: null - -If provided, can be used to automatically configure [`opts.scope`](#opts-scope) -based on a specific package name. Non-registry package specs will throw an -error. - -##### `opts.strictSSL` - -* Type: Boolean -* Default: true - -Whether or not to do SSL key validation when making requests to the -registry via https. - -See also [`opts.ca`](#opts-ca). - -##### `opts.timeout` - -* Type: Milliseconds -* Default: 300000 (5 minutes) - -Time before a hanging request times out. - -##### `opts.token` - -* Alias: `opts._authToken` -* Type: String -* Default: null - -Authentication token string. - -Can be scoped to a registry by using a "nerf dart" for that registry. That is: - -``` -{ - '//registry.npmjs.org/:token': 't0k3nH34r' -} -``` - -##### `opts.userAgent` - -* Type: String -* Default: `'npm-registry-fetch@/node@+ ()'` - -User agent string to send in the `User-Agent` header. - -##### `opts.username` - -* Type: String -* Default: null - -Username used for basic authentication. For the more modern authentication -method, please use the (more secure) [`opts.token`](#opts-token) - -Can optionally be scoped to a registry by using a "nerf dart" for that registry. -That is: - -``` -{ - '//registry.npmjs.org/:username': 't0k3nH34r' -} -``` - -See also [`opts.password`](#opts-password) - -##### `opts._auth` - -* Type: String -* Default: null - -** DEPRECATED ** This is a legacy authentication token supported only for -compatibility. Please use [`opts.token`](#opts-token) instead. diff --git a/node_modules/npm-profile/node_modules/npm-registry-fetch/auth.js b/node_modules/npm-profile/node_modules/npm-registry-fetch/auth.js deleted file mode 100644 index 11c3bde6b4e6c..0000000000000 --- a/node_modules/npm-profile/node_modules/npm-registry-fetch/auth.js +++ /dev/null @@ -1,55 +0,0 @@ -'use strict' - -const defaultOpts = require('./default-opts.js') -const url = require('url') - -module.exports = getAuth -function getAuth (registry, opts_ = {}) { - if (!registry) { throw new Error('registry is required') } - const opts = opts_.forceAuth ? opts_.forceAuth : { ...defaultOpts, ...opts_ } - const AUTH = {} - const regKey = registry && registryKey(registry) - const doKey = (key, alias) => addKey(opts, AUTH, regKey, key, alias) - doKey('token') - doKey('_authToken', 'token') - doKey('username') - doKey('password') - doKey('_password', 'password') - doKey('email') - doKey('_auth') - doKey('otp') - doKey('always-auth', 'alwaysAuth') - if (AUTH.password) { - AUTH.password = Buffer.from(AUTH.password, 'base64').toString('utf8') - } - if (AUTH._auth && !(AUTH.username && AUTH.password)) { - let auth = Buffer.from(AUTH._auth, 'base64').toString() - auth = auth.split(':') - AUTH.username = auth.shift() - AUTH.password = auth.join(':') - } - AUTH.alwaysAuth = AUTH.alwaysAuth === 'false' ? false : !!AUTH.alwaysAuth - return AUTH -} - -function addKey (opts, obj, scope, key, objKey) { - if (opts[key]) { - obj[objKey || key] = opts[key] - } - if (scope && opts[`${scope}:${key}`]) { - obj[objKey || key] = opts[`${scope}:${key}`] - } -} - -// Called a nerf dart in the main codebase. Used as a "safe" -// key when fetching registry info from config. -function registryKey (registry) { - const parsed = new url.URL(registry) - const formatted = url.format({ - protocol: parsed.protocol, - host: parsed.host, - pathname: parsed.pathname, - slashes: true - }) - return url.format(new url.URL('.', formatted)).replace(/^[^:]+:/, '') -} diff --git a/node_modules/npm-profile/node_modules/npm-registry-fetch/check-response.js b/node_modules/npm-profile/node_modules/npm-registry-fetch/check-response.js deleted file mode 100644 index f151711f30160..0000000000000 --- a/node_modules/npm-profile/node_modules/npm-registry-fetch/check-response.js +++ /dev/null @@ -1,128 +0,0 @@ -'use strict' - -const errors = require('./errors.js') -const LRU = require('lru-cache') -const { Response } = require('minipass-fetch') -const defaultOpts = require('./default-opts.js') - -module.exports = checkResponse -function checkResponse (method, res, registry, startTime, opts_ = {}) { - const opts = { ...defaultOpts, ...opts_ } - if (res.headers.has('npm-notice') && !res.headers.has('x-local-cache')) { - opts.log.notice('', res.headers.get('npm-notice')) - } - checkWarnings(res, registry, opts) - if (res.status >= 400) { - logRequest(method, res, startTime, opts) - return checkErrors(method, res, startTime, opts) - } else { - res.body.on('end', () => logRequest(method, res, startTime, opts)) - if (opts.ignoreBody) { - res.body.resume() - return new Response(null, res) - } - return res - } -} - -function logRequest (method, res, startTime, opts) { - const elapsedTime = Date.now() - startTime - const attempt = res.headers.get('x-fetch-attempts') - const attemptStr = attempt && attempt > 1 ? ` attempt #${attempt}` : '' - const cacheStr = res.headers.get('x-local-cache') ? ' (from cache)' : '' - - let urlStr - try { - const { URL } = require('url') - const url = new URL(res.url) - if (url.password) { - url.password = '***' - } - urlStr = url.toString() - } catch (er) { - urlStr = res.url - } - - opts.log.http( - 'fetch', - `${method.toUpperCase()} ${res.status} ${urlStr} ${elapsedTime}ms${attemptStr}${cacheStr}` - ) -} - -const WARNING_REGEXP = /^\s*(\d{3})\s+(\S+)\s+"(.*)"\s+"([^"]+)"/ -const BAD_HOSTS = new LRU({ max: 50 }) - -function checkWarnings (res, registry, opts) { - if (res.headers.has('warning') && !BAD_HOSTS.has(registry)) { - const warnings = {} - // note: headers.raw() will preserve case, so we might have a - // key on the object like 'WaRnInG' if that was used first - for (const [key, value] of Object.entries(res.headers.raw())) { - if (key.toLowerCase() !== 'warning') { continue } - value.forEach(w => { - const match = w.match(WARNING_REGEXP) - if (match) { - warnings[match[1]] = { - code: match[1], - host: match[2], - message: match[3], - date: new Date(match[4]) - } - } - }) - } - BAD_HOSTS.set(registry, true) - if (warnings['199']) { - if (warnings['199'].message.match(/ENOTFOUND/)) { - opts.log.warn('registry', `Using stale data from ${registry} because the host is inaccessible -- are you offline?`) - } else { - opts.log.warn('registry', `Unexpected warning for ${registry}: ${warnings['199'].message}`) - } - } - if (warnings['111']) { - // 111 Revalidation failed -- we're using stale data - opts.log.warn( - 'registry', - `Using stale data from ${registry} due to a request error during revalidation.` - ) - } - } -} - -function checkErrors (method, res, startTime, opts) { - return res.buffer() - .catch(() => null) - .then(body => { - let parsed = body - try { - parsed = JSON.parse(body.toString('utf8')) - } catch (e) {} - if (res.status === 401 && res.headers.get('www-authenticate')) { - const auth = res.headers.get('www-authenticate') - .split(/,\s*/) - .map(s => s.toLowerCase()) - if (auth.indexOf('ipaddress') !== -1) { - throw new errors.HttpErrorAuthIPAddress( - method, res, parsed, opts.spec - ) - } else if (auth.indexOf('otp') !== -1) { - throw new errors.HttpErrorAuthOTP( - method, res, parsed, opts.spec - ) - } else { - throw new errors.HttpErrorAuthUnknown( - method, res, parsed, opts.spec - ) - } - } else if (res.status === 401 && body != null && /one-time pass/.test(body.toString('utf8'))) { - // Heuristic for malformed OTP responses that don't include the www-authenticate header. - throw new errors.HttpErrorAuthOTP( - method, res, parsed, opts.spec - ) - } else { - throw new errors.HttpErrorGeneral( - method, res, parsed, opts.spec - ) - } - }) -} diff --git a/node_modules/npm-profile/node_modules/npm-registry-fetch/default-opts.js b/node_modules/npm-profile/node_modules/npm-registry-fetch/default-opts.js deleted file mode 100644 index b742fd5a5fcd4..0000000000000 --- a/node_modules/npm-profile/node_modules/npm-registry-fetch/default-opts.js +++ /dev/null @@ -1,22 +0,0 @@ -const pkg = require('./package.json') -const ciDetect = require('@npmcli/ci-detect') -module.exports = { - isFromCI: ciDetect(), - log: require('./silentlog.js'), - maxSockets: 12, - method: 'GET', - registry: 'https://registry.npmjs.org/', - timeout: 5 * 60 * 1000, // 5 minutes - strictSSL: true, - noProxy: process.env.NOPROXY, - userAgent: `${pkg.name - }@${ - pkg.version - }/node@${ - process.version - }+${ - process.arch - } (${ - process.platform - })` -} diff --git a/node_modules/npm-profile/node_modules/npm-registry-fetch/errors.js b/node_modules/npm-profile/node_modules/npm-registry-fetch/errors.js deleted file mode 100644 index c41947e29952d..0000000000000 --- a/node_modules/npm-profile/node_modules/npm-registry-fetch/errors.js +++ /dev/null @@ -1,79 +0,0 @@ -'use strict' - -const url = require('url') - -function packageName (href) { - try { - let basePath = new url.URL(href).pathname.substr(1) - if (!basePath.match(/^-/)) { - basePath = basePath.split('/') - var index = basePath.indexOf('_rewrite') - if (index === -1) { - index = basePath.length - 1 - } else { - index++ - } - return decodeURIComponent(basePath[index]) - } - } catch (_) { - // this is ok - } -} - -class HttpErrorBase extends Error { - constructor (method, res, body, spec) { - super() - this.headers = res.headers.raw() - this.statusCode = res.status - this.code = `E${res.status}` - this.method = method - this.uri = res.url - this.body = body - this.pkgid = spec ? spec.toString() : packageName(res.url) - } -} -module.exports.HttpErrorBase = HttpErrorBase - -class HttpErrorGeneral extends HttpErrorBase { - constructor (method, res, body, spec) { - super(method, res, body, spec) - this.message = `${res.status} ${res.statusText} - ${ - this.method.toUpperCase() - } ${ - this.spec || this.uri - }${ - (body && body.error) ? ' - ' + body.error : '' - }` - Error.captureStackTrace(this, HttpErrorGeneral) - } -} -module.exports.HttpErrorGeneral = HttpErrorGeneral - -class HttpErrorAuthOTP extends HttpErrorBase { - constructor (method, res, body, spec) { - super(method, res, body, spec) - this.message = 'OTP required for authentication' - this.code = 'EOTP' - Error.captureStackTrace(this, HttpErrorAuthOTP) - } -} -module.exports.HttpErrorAuthOTP = HttpErrorAuthOTP - -class HttpErrorAuthIPAddress extends HttpErrorBase { - constructor (method, res, body, spec) { - super(method, res, body, spec) - this.message = 'Login is not allowed from your IP address' - this.code = 'EAUTHIP' - Error.captureStackTrace(this, HttpErrorAuthIPAddress) - } -} -module.exports.HttpErrorAuthIPAddress = HttpErrorAuthIPAddress - -class HttpErrorAuthUnknown extends HttpErrorBase { - constructor (method, res, body, spec) { - super(method, res, body, spec) - this.message = 'Unable to authenticate, need: ' + res.headers.get('www-authenticate') - Error.captureStackTrace(this, HttpErrorAuthUnknown) - } -} -module.exports.HttpErrorAuthUnknown = HttpErrorAuthUnknown diff --git a/node_modules/npm-profile/node_modules/npm-registry-fetch/index.js b/node_modules/npm-profile/node_modules/npm-registry-fetch/index.js deleted file mode 100644 index 2324e7fbfd00b..0000000000000 --- a/node_modules/npm-profile/node_modules/npm-registry-fetch/index.js +++ /dev/null @@ -1,219 +0,0 @@ -'use strict' - -const checkResponse = require('./check-response.js') -const getAuth = require('./auth.js') -const fetch = require('make-fetch-happen') -const JSONStream = require('minipass-json-stream') -const npa = require('npm-package-arg') -const qs = require('querystring') -const url = require('url') -const zlib = require('minizlib') -const Minipass = require('minipass') - -const defaultOpts = require('./default-opts.js') - -// WhatWG URL throws if it's not fully resolved -const urlIsValid = u => { - try { - return !!new url.URL(u) - } catch (_) { - return false - } -} - -module.exports = regFetch -function regFetch (uri, /* istanbul ignore next */ opts_ = {}) { - const opts = { - ...defaultOpts, - ...opts_ - } - const registry = opts.registry = ( - (opts.spec && pickRegistry(opts.spec, opts)) || - (opts.publishConfig && opts.publishConfig.registry) || - opts.registry || - /* istanbul ignore next */ - 'https://registry.npmjs.org/' - ) - - if (!urlIsValid(uri)) { - uri = `${ - registry.trim().replace(/\/?$/g, '') - }/${ - uri.trim().replace(/^\//, '') - }` - } - - const method = opts.method || 'GET' - - // through that takes into account the scope, the prefix of `uri`, etc - const startTime = Date.now() - const headers = getHeaders(registry, uri, opts) - let body = opts.body - const bodyIsStream = Minipass.isStream(body) - const bodyIsPromise = body && - typeof body === 'object' && - typeof body.then === 'function' - - if (body && !bodyIsStream && !bodyIsPromise && typeof body !== 'string' && !Buffer.isBuffer(body)) { - headers['content-type'] = headers['content-type'] || 'application/json' - body = JSON.stringify(body) - } else if (body && !headers['content-type']) { - headers['content-type'] = 'application/octet-stream' - } - - if (opts.gzip) { - headers['content-encoding'] = 'gzip' - if (bodyIsStream) { - const gz = new zlib.Gzip() - body.on('error', /* istanbul ignore next: unlikely and hard to test */ - err => gz.emit('error', err)) - body = body.pipe(gz) - } else if (!bodyIsPromise) { - body = new zlib.Gzip().end(body).concat() - } - } - - const parsed = new url.URL(uri) - - if (opts.query) { - const q = typeof opts.query === 'string' - ? qs.parse(opts.query) - : opts.query - - Object.keys(q).forEach(key => { - if (q[key] !== undefined) { - parsed.searchParams.set(key, q[key]) - } - }) - uri = url.format(parsed) - } - - if (parsed.searchParams.get('write') === 'true' && method === 'GET') { - // do not cache, because this GET is fetching a rev that will be - // used for a subsequent PUT or DELETE, so we need to conditionally - // update cache. - opts.offline = false - opts.preferOffline = false - opts.preferOnline = true - } - - const doFetch = (body) => fetch(uri, { - agent: opts.agent, - algorithms: opts.algorithms, - body, - cache: getCacheMode(opts), - cacheManager: opts.cache, - ca: opts.ca, - cert: opts.cert, - headers, - integrity: opts.integrity, - key: opts.key, - localAddress: opts.localAddress, - maxSockets: opts.maxSockets, - memoize: opts.memoize, - method: method, - noProxy: opts.noProxy, - proxy: opts.httpsProxy || opts.proxy, - retry: opts.retry ? opts.retry : { - retries: opts.fetchRetries, - factor: opts.fetchRetryFactor, - minTimeout: opts.fetchRetryMintimeout, - maxTimeout: opts.fetchRetryMaxtimeout - }, - strictSSL: opts.strictSSL, - timeout: opts.timeout || 30 * 1000 - }).then(res => checkResponse( - method, res, registry, startTime, opts - )) - - return Promise.resolve(body).then(doFetch) -} - -module.exports.json = fetchJSON -function fetchJSON (uri, opts) { - return regFetch(uri, opts).then(res => res.json()) -} - -module.exports.json.stream = fetchJSONStream -function fetchJSONStream (uri, jsonPath, /* istanbul ignore next */ opts_ = {}) { - const opts = { ...defaultOpts, ...opts_ } - const parser = JSONStream.parse(jsonPath, opts.mapJSON) - regFetch(uri, opts).then(res => - res.body.on('error', - /* istanbul ignore next: unlikely and difficult to test */ - er => parser.emit('error', er)).pipe(parser) - ).catch(er => parser.emit('error', er)) - return parser -} - -module.exports.pickRegistry = pickRegistry -function pickRegistry (spec, opts = {}) { - spec = npa(spec) - let registry = spec.scope && - opts[spec.scope.replace(/^@?/, '@') + ':registry'] - - if (!registry && opts.scope) { - registry = opts[opts.scope.replace(/^@?/, '@') + ':registry'] - } - - if (!registry && opts.publishConfig) { - registry = opts.publishConfig.registry - } - - if (!registry) { - registry = opts.registry || 'https://registry.npmjs.org/' - } - - return registry -} - -function getCacheMode (opts) { - return opts.offline - ? 'only-if-cached' - : opts.preferOffline - ? 'force-cache' - : opts.preferOnline - ? 'no-cache' - : 'default' -} - -function getHeaders (registry, uri, opts) { - const headers = Object.assign({ - 'npm-in-ci': !!opts.isFromCI, - 'user-agent': opts.userAgent - }, opts.headers || {}) - - if (opts.projectScope) { - headers['npm-scope'] = opts.projectScope - } - - if (opts.npmSession) { - headers['npm-session'] = opts.npmSession - } - - if (opts.npmCommand) { - headers['npm-command'] = opts.npmCommand - } - - const auth = getAuth(registry, opts) - // If a tarball is hosted on a different place than the manifest, only send - // credentials on `alwaysAuth` - const shouldAuth = ( - auth.alwaysAuth || - new url.URL(uri).host === new url.URL(registry).host - ) - if (shouldAuth && auth.token) { - headers.authorization = `Bearer ${auth.token}` - } else if (shouldAuth && auth.username && auth.password) { - const encoded = Buffer.from( - `${auth.username}:${auth.password}`, 'utf8' - ).toString('base64') - headers.authorization = `Basic ${encoded}` - } else if (shouldAuth && auth._auth) { - headers.authorization = `Basic ${auth._auth}` - } - if (shouldAuth && auth.otp) { - headers['npm-otp'] = auth.otp - } - return headers -} diff --git a/node_modules/npm-profile/node_modules/npm-registry-fetch/package.json b/node_modules/npm-profile/node_modules/npm-registry-fetch/package.json deleted file mode 100644 index 5aeddc5b39102..0000000000000 --- a/node_modules/npm-profile/node_modules/npm-registry-fetch/package.json +++ /dev/null @@ -1,59 +0,0 @@ -{ - "name": "npm-registry-fetch", - "version": "8.1.5", - "description": "Fetch-based http client for use with npm registry APIs", - "main": "index.js", - "files": [ - "*.js", - "lib" - ], - "scripts": { - "postrelease": "npm publish", - "posttest": "standard", - "prepublishOnly": "git push --follow-tags", - "prerelease": "npm t", - "release": "standard-version -s", - "test": "tap" - }, - "repository": "https://github.com/npm/registry-fetch", - "keywords": [ - "npm", - "registry", - "fetch" - ], - "author": { - "name": "Kat Marchán", - "email": "kzm@sykosomatic.org", - "twitter": "maybekatz" - }, - "license": "ISC", - "dependencies": { - "@npmcli/ci-detect": "^1.0.0", - "lru-cache": "^6.0.0", - "make-fetch-happen": "^8.0.9", - "minipass": "^3.1.3", - "minipass-fetch": "^1.3.0", - "minipass-json-stream": "^1.0.1", - "minizlib": "^2.0.0", - "npm-package-arg": "^8.0.0" - }, - "devDependencies": { - "cacache": "^15.0.0", - "mkdirp": "^0.5.1", - "nock": "^11.7.0", - "npmlog": "^4.1.2", - "require-inject": "^1.4.4", - "rimraf": "^2.6.2", - "ssri": "^8.0.0", - "standard": "^14.3.3", - "standard-version": "^7.1.0", - "tap": "^14.10.7" - }, - "tap": { - "check-coverage": true, - "test-ignore": "test[\\\\/](util|cache)[\\\\/]" - }, - "engines": { - "node": ">=10" - } -} diff --git a/node_modules/npm-profile/node_modules/npm-registry-fetch/silentlog.js b/node_modules/npm-profile/node_modules/npm-registry-fetch/silentlog.js deleted file mode 100644 index 886c5d55b2dbb..0000000000000 --- a/node_modules/npm-profile/node_modules/npm-registry-fetch/silentlog.js +++ /dev/null @@ -1,14 +0,0 @@ -'use strict' - -const noop = Function.prototype -module.exports = { - error: noop, - warn: noop, - notice: noop, - info: noop, - verbose: noop, - silly: noop, - http: noop, - pause: noop, - resume: noop -} diff --git a/node_modules/npm-profile/package.json b/node_modules/npm-profile/package.json index 41cac1ed67946..233381a38ec7b 100644 --- a/node_modules/npm-profile/package.json +++ b/node_modules/npm-profile/package.json @@ -1,12 +1,12 @@ { "name": "npm-profile", - "version": "5.0.1", + "version": "5.0.2", "description": "Library for updating an npmjs.com profile", "keywords": [], "author": "Rebecca Turner (http://re-becca.org/)", "license": "ISC", "dependencies": { - "npm-registry-fetch": "^8.0.0" + "npm-registry-fetch": "^9.0.0" }, "main": "index.js", "repository": { diff --git a/package-lock.json b/package-lock.json index 94b518727f2fb..933d96ba14cd5 100644 --- a/package-lock.json +++ b/package-lock.json @@ -123,7 +123,7 @@ "npm-audit-report": "^2.1.4", "npm-package-arg": "^8.1.0", "npm-pick-manifest": "^6.1.0", - "npm-profile": "^5.0.1", + "npm-profile": "^5.0.2", "npm-registry-fetch": "^9.0.0", "npm-user-validate": "^1.0.1", "npmlog": "~4.1.2", @@ -4461,30 +4461,12 @@ } }, "node_modules/npm-profile": { - "version": "5.0.1", - "inBundle": true, - "license": "ISC", - "dependencies": { - "npm-registry-fetch": "^8.0.0" - }, - "engines": { - "node": ">=10" - } - }, - "node_modules/npm-profile/node_modules/npm-registry-fetch": { - "version": "8.1.5", - "resolved": "https://registry.npmjs.org/npm-registry-fetch/-/npm-registry-fetch-8.1.5.tgz", - "integrity": "sha512-yZPNoJK9clx1jhSXU54kU6Aj1SV2p7mXUs1W/6OjQvek3wb1RrjDCrt4iY1+VX9eBQvvSGEpzNmYkRUaTL8rqg==", + "version": "5.0.2", + "resolved": "https://registry.npmjs.org/npm-profile/-/npm-profile-5.0.2.tgz", + "integrity": "sha512-hOhpH23PeWUFParJ6T1nquiHJLmFZ5VReTjBf1TJpl1YGuqfUS+ZYujVYPfuMbixosO82kWzvnxg4ZmP4VkTeg==", "inBundle": true, "dependencies": { - "@npmcli/ci-detect": "^1.0.0", - "lru-cache": "^6.0.0", - "make-fetch-happen": "^8.0.9", - "minipass": "^3.1.3", - "minipass-fetch": "^1.3.0", - "minipass-json-stream": "^1.0.1", - "minizlib": "^2.0.0", - "npm-package-arg": "^8.0.0" + "npm-registry-fetch": "^9.0.0" }, "engines": { "node": ">=10" @@ -12084,26 +12066,11 @@ } }, "npm-profile": { - "version": "5.0.1", + "version": "5.0.2", + "resolved": "https://registry.npmjs.org/npm-profile/-/npm-profile-5.0.2.tgz", + "integrity": "sha512-hOhpH23PeWUFParJ6T1nquiHJLmFZ5VReTjBf1TJpl1YGuqfUS+ZYujVYPfuMbixosO82kWzvnxg4ZmP4VkTeg==", "requires": { - "npm-registry-fetch": "^8.0.0" - }, - "dependencies": { - "npm-registry-fetch": { - "version": "8.1.5", - "resolved": "https://registry.npmjs.org/npm-registry-fetch/-/npm-registry-fetch-8.1.5.tgz", - "integrity": "sha512-yZPNoJK9clx1jhSXU54kU6Aj1SV2p7mXUs1W/6OjQvek3wb1RrjDCrt4iY1+VX9eBQvvSGEpzNmYkRUaTL8rqg==", - "requires": { - "@npmcli/ci-detect": "^1.0.0", - "lru-cache": "^6.0.0", - "make-fetch-happen": "^8.0.9", - "minipass": "^3.1.3", - "minipass-fetch": "^1.3.0", - "minipass-json-stream": "^1.0.1", - "minizlib": "^2.0.0", - "npm-package-arg": "^8.0.0" - } - } + "npm-registry-fetch": "^9.0.0" } }, "npm-registry-fetch": { diff --git a/package.json b/package.json index 0e1d0e79b3b7a..8bb5960513db1 100644 --- a/package.json +++ b/package.json @@ -87,7 +87,7 @@ "npm-audit-report": "^2.1.4", "npm-package-arg": "^8.1.0", "npm-pick-manifest": "^6.1.0", - "npm-profile": "^5.0.1", + "npm-profile": "^5.0.2", "npm-registry-fetch": "^9.0.0", "npm-user-validate": "^1.0.1", "npmlog": "~4.1.2", From e5a4135770d13cf114fac439167637181f87d824 Mon Sep 17 00:00:00 2001 From: isaacs Date: Tue, 3 Nov 2020 13:06:25 -0800 Subject: [PATCH 10/21] libnpmteam@2.0.2 --- .../npm-registry-fetch/CHANGELOG.md | 384 ----------- .../npm-registry-fetch/LICENSE.md | 16 - .../node_modules/npm-registry-fetch/README.md | 635 ------------------ .../node_modules/npm-registry-fetch/auth.js | 55 -- .../npm-registry-fetch/check-response.js | 128 ---- .../npm-registry-fetch/default-opts.js | 22 - .../node_modules/npm-registry-fetch/errors.js | 79 --- .../node_modules/npm-registry-fetch/index.js | 219 ------ .../npm-registry-fetch/package.json | 59 -- .../npm-registry-fetch/silentlog.js | 14 - node_modules/libnpmteam/package.json | 4 +- package-lock.json | 51 +- package.json | 2 +- 13 files changed, 12 insertions(+), 1656 deletions(-) delete mode 100644 node_modules/libnpmteam/node_modules/npm-registry-fetch/CHANGELOG.md delete mode 100644 node_modules/libnpmteam/node_modules/npm-registry-fetch/LICENSE.md delete mode 100644 node_modules/libnpmteam/node_modules/npm-registry-fetch/README.md delete mode 100644 node_modules/libnpmteam/node_modules/npm-registry-fetch/auth.js delete mode 100644 node_modules/libnpmteam/node_modules/npm-registry-fetch/check-response.js delete mode 100644 node_modules/libnpmteam/node_modules/npm-registry-fetch/default-opts.js delete mode 100644 node_modules/libnpmteam/node_modules/npm-registry-fetch/errors.js delete mode 100644 node_modules/libnpmteam/node_modules/npm-registry-fetch/index.js delete mode 100644 node_modules/libnpmteam/node_modules/npm-registry-fetch/package.json delete mode 100644 node_modules/libnpmteam/node_modules/npm-registry-fetch/silentlog.js diff --git a/node_modules/libnpmteam/node_modules/npm-registry-fetch/CHANGELOG.md b/node_modules/libnpmteam/node_modules/npm-registry-fetch/CHANGELOG.md deleted file mode 100644 index fc26ee1bda4ba..0000000000000 --- a/node_modules/libnpmteam/node_modules/npm-registry-fetch/CHANGELOG.md +++ /dev/null @@ -1,384 +0,0 @@ -# Changelog - -All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines. - -### [8.1.5](https://github.com/npm/registry-fetch/compare/v8.1.4...v8.1.5) (2020-10-12) - - -### Bug Fixes - -* respect publishConfig.registry when specified ([32e36ef](https://github.com/npm/registry-fetch/commit/32e36efe86302ed319973cd5b1e6ccc3f62e557e)), closes [#35](https://github.com/npm/registry-fetch/issues/35) - -### [8.1.4](https://github.com/npm/registry-fetch/compare/v8.1.3...v8.1.4) (2020-08-17) - - -### Bug Fixes - -* redact passwords from http logs ([3c294eb](https://github.com/npm/registry-fetch/commit/3c294ebbd7821725db4ff1bc5fe368c49613efcc)) - -### [8.1.3](https://github.com/npm/registry-fetch/compare/v8.1.2...v8.1.3) (2020-07-21) - -### [8.1.2](https://github.com/npm/registry-fetch/compare/v8.1.1...v8.1.2) (2020-07-11) - -### [8.1.1](https://github.com/npm/registry-fetch/compare/v8.1.0...v8.1.1) (2020-06-30) - -## [8.1.0](https://github.com/npm/registry-fetch/compare/v8.0.3...v8.1.0) (2020-05-20) - - -### Features - -* add npm-command HTTP header ([1bb4eb2](https://github.com/npm/registry-fetch/commit/1bb4eb2c66ee8a0dc62558bdcff1b548e2bb9820)) - -### [8.0.3](https://github.com/npm/registry-fetch/compare/v8.0.2...v8.0.3) (2020-05-13) - - -### Bug Fixes - -* update minipass and make-fetch-happen to latest ([3b6c5d0](https://github.com/npm/registry-fetch/commit/3b6c5d0d8ccd4c4a97862a65acef956f19aec127)), closes [#23](https://github.com/npm/registry-fetch/issues/23) - -### [8.0.2](https://github.com/npm/registry-fetch/compare/v8.0.1...v8.0.2) (2020-05-04) - - -### Bug Fixes - -* update make-fetch-happen to 8.0.6 ([226df2c](https://github.com/npm/registry-fetch/commit/226df2c32e3f9ed8ceefcfdbd11efb178181b442)) - -## [8.0.0](https://github.com/npm/registry-fetch/compare/v7.0.1...v8.0.0) (2020-02-24) - - -### ⚠ BREAKING CHANGES - -* Removes the 'opts.refer' option and the HTTP Referer -header (unless explicitly added to the 'headers' option, of course). - -PR-URL: https://github.com/npm/npm-registry-fetch/pull/25 -Credit: @isaacs - -### Bug Fixes - -* remove referer header and opts.refer ([eb8f7af](https://github.com/npm/registry-fetch/commit/eb8f7af3c102834856604c1be664b00ca0fe8ef2)), closes [#25](https://github.com/npm/registry-fetch/issues/25) - -### [7.0.1](https://github.com/npm/registry-fetch/compare/v7.0.0...v7.0.1) (2020-02-24) - -## [7.0.0](https://github.com/npm/registry-fetch/compare/v6.0.2...v7.0.0) (2020-02-18) - - -### ⚠ BREAKING CHANGES - -* figgy pudding is now nowhere to be found. -* this removes figgy-pudding, and drops several option -aliases. - -Defaults and behavior are all the same, and this module is now using the -canonical camelCase option names that npm v7 will provide to all its -deps. - -Related to: https://github.com/npm/rfcs/pull/102 - -PR-URL: https://github.com/npm/npm-registry-fetch/pull/22 -Credit: @isaacs - -### Bug Fixes - -* Remove figgy-pudding, use canonical option names ([ede3c08](https://github.com/npm/registry-fetch/commit/ede3c087007fd1808e02b1af70562220d03b18a9)), closes [#22](https://github.com/npm/registry-fetch/issues/22) - - -* update cacache, ssri, make-fetch-happen ([57fcc88](https://github.com/npm/registry-fetch/commit/57fcc889bee03edcc0a2025d96a171039108c231)) - -### [6.0.2](https://github.com/npm/registry-fetch/compare/v6.0.1...v6.0.2) (2020-02-14) - - -### Bug Fixes - -* always bypass cache when ?write=true ([83f89f3](https://github.com/npm/registry-fetch/commit/83f89f35abd2ed0507c869e37f90ed746375772c)) - -### [6.0.1](https://github.com/npm/registry-fetch/compare/v6.0.0...v6.0.1) (2020-02-14) - - -### Bug Fixes - -* use 30s default for timeout as per README ([50e8afc](https://github.com/npm/registry-fetch/commit/50e8afc6ff850542feb588f9f9c64ebae59e72a0)), closes [#20](https://github.com/npm/registry-fetch/issues/20) - -## [6.0.0](https://github.com/npm/registry-fetch/compare/v5.0.1...v6.0.0) (2019-12-17) - - -### ⚠ BREAKING CHANGES - -* This drops support for node < 10. - -There are some lint failures due to standard pushing for using WhatWG URL -objects instead of url.parse/url.resolve. However, the code in this lib -does some fancy things with the query/search portions of the parsed url -object, so it'll take a bit of care to make it work properly. - -### Bug Fixes - -* detect CI so our tests don't fail in CI ([5813da6](https://github.com/npm/registry-fetch/commit/5813da634cef73b12e40373972d7937e6934fce0)) -* Use WhatWG URLs instead of url.parse ([8ccfa8a](https://github.com/npm/registry-fetch/commit/8ccfa8a72c38cfedb0f525b7f453644fd4444f99)) - - -* normalize settings, drop old nodes, update deps ([510b125](https://github.com/npm/registry-fetch/commit/510b1255cc7ed4bb397a34e0007757dae33e2275)) - - -## [5.0.1](https://github.com/npm/registry-fetch/compare/v5.0.0...v5.0.1) (2019-11-11) - - - - -# [5.0.0](https://github.com/npm/registry-fetch/compare/v4.0.2...v5.0.0) (2019-10-04) - - -### Bug Fixes - -* prefer const in getAuth function ([90ac7b1](https://github.com/npm/registry-fetch/commit/90ac7b1)) -* use minizlib instead of core zlib ([e64702e](https://github.com/npm/registry-fetch/commit/e64702e)) - - -### Features - -* refactor to use Minipass streams ([bb37f20](https://github.com/npm/registry-fetch/commit/bb37f20)) - - -### BREAKING CHANGES - -* this replaces all core streams (except for some -PassThrough streams in a few tests) with Minipass streams, and updates -all deps to the latest and greatest Minipass versions of things. - - - - -## [4.0.2](https://github.com/npm/registry-fetch/compare/v4.0.0...v4.0.2) (2019-10-04) - - -### Bug Fixes - -* Add null check on body on 401 errors ([e3a0186](https://github.com/npm/registry-fetch/commit/e3a0186)), closes [#9](https://github.com/npm/registry-fetch/issues/9) -* **deps:** Add explicit dependency on safe-buffer ([8eae5f0](https://github.com/npm/registry-fetch/commit/8eae5f0)), closes [npm/libnpmaccess#2](https://github.com/npm/libnpmaccess/issues/2) [#3](https://github.com/npm/registry-fetch/issues/3) - - - - -# [4.0.0](https://github.com/npm/registry-fetch/compare/v3.9.1...v4.0.0) (2019-07-15) - - -* cacache@12.0.0, infer uid from cache folder ([0c4f060](https://github.com/npm/registry-fetch/commit/0c4f060)) - - -### BREAKING CHANGES - -* uid and gid are inferred from cache folder, rather than -being passed in as options. - - - - -## [3.9.1](https://github.com/npm/registry-fetch/compare/v3.9.0...v3.9.1) (2019-07-02) - - - - -# [3.9.0](https://github.com/npm/registry-fetch/compare/v3.8.0...v3.9.0) (2019-01-24) - - -### Features - -* **auth:** support username:password encoded legacy _auth ([a91f90c](https://github.com/npm/registry-fetch/commit/a91f90c)) - - - - -# [3.8.0](https://github.com/npm/registry-fetch/compare/v3.7.0...v3.8.0) (2018-08-23) - - -### Features - -* **mapJson:** add support for passing in json stream mapper ([0600986](https://github.com/npm/registry-fetch/commit/0600986)) - - - - -# [3.7.0](https://github.com/npm/registry-fetch/compare/v3.6.0...v3.7.0) (2018-08-23) - - -### Features - -* **json.stream:** add utility function for streamed JSON parsing ([051d969](https://github.com/npm/registry-fetch/commit/051d969)) - - - - -# [3.6.0](https://github.com/npm/registry-fetch/compare/v3.5.0...v3.6.0) (2018-08-22) - - -### Bug Fixes - -* **docs:** document opts.forceAuth ([40bcd65](https://github.com/npm/registry-fetch/commit/40bcd65)) - - -### Features - -* **opts.ignoreBody:** add a boolean to throw away response bodies ([6923702](https://github.com/npm/registry-fetch/commit/6923702)) - - - - -# [3.5.0](https://github.com/npm/registry-fetch/compare/v3.4.0...v3.5.0) (2018-08-22) - - -### Features - -* **pkgid:** heuristic pkgid calculation for errors ([2e789a5](https://github.com/npm/registry-fetch/commit/2e789a5)) - - - - -# [3.4.0](https://github.com/npm/registry-fetch/compare/v3.3.0...v3.4.0) (2018-08-22) - - -### Bug Fixes - -* **deps:** use new figgy-pudding with aliases fix ([0308f54](https://github.com/npm/registry-fetch/commit/0308f54)) - - -### Features - -* **auth:** add forceAuth option to force a specific auth mechanism ([4524d17](https://github.com/npm/registry-fetch/commit/4524d17)) - - - - -# [3.3.0](https://github.com/npm/registry-fetch/compare/v3.2.1...v3.3.0) (2018-08-21) - - -### Bug Fixes - -* **query:** stop including undefined keys ([4718b1b](https://github.com/npm/registry-fetch/commit/4718b1b)) - - -### Features - -* **otp:** use heuristic detection for malformed EOTP responses ([f035194](https://github.com/npm/registry-fetch/commit/f035194)) - - - - -## [3.2.1](https://github.com/npm/registry-fetch/compare/v3.2.0...v3.2.1) (2018-08-16) - - -### Bug Fixes - -* **opts:** pass through non-null opts.retry ([beba040](https://github.com/npm/registry-fetch/commit/beba040)) - - - - -# [3.2.0](https://github.com/npm/registry-fetch/compare/v3.1.1...v3.2.0) (2018-07-27) - - -### Features - -* **gzip:** add opts.gzip convenience opt ([340abe0](https://github.com/npm/registry-fetch/commit/340abe0)) - - - - -## [3.1.1](https://github.com/npm/registry-fetch/compare/v3.1.0...v3.1.1) (2018-04-09) - - - - -# [3.1.0](https://github.com/npm/registry-fetch/compare/v3.0.0...v3.1.0) (2018-04-09) - - -### Features - -* **config:** support no-proxy and https-proxy options ([9aa906b](https://github.com/npm/registry-fetch/commit/9aa906b)) - - - - -# [3.0.0](https://github.com/npm/registry-fetch/compare/v2.1.0...v3.0.0) (2018-04-09) - - -### Bug Fixes - -* **api:** pacote integration-related fixes ([a29de4f](https://github.com/npm/registry-fetch/commit/a29de4f)) -* **config:** stop caring about opts.config ([5856a6f](https://github.com/npm/registry-fetch/commit/5856a6f)) - - -### BREAKING CHANGES - -* **config:** opts.config is no longer supported. Pass the options down in opts itself. - - - - -# [2.1.0](https://github.com/npm/registry-fetch/compare/v2.0.0...v2.1.0) (2018-04-08) - - -### Features - -* **token:** accept opts.token for opts._authToken ([108c9f0](https://github.com/npm/registry-fetch/commit/108c9f0)) - - - - -# [2.0.0](https://github.com/npm/registry-fetch/compare/v1.1.1...v2.0.0) (2018-04-08) - - -### meta - -* drop support for node@4 ([758536e](https://github.com/npm/registry-fetch/commit/758536e)) - - -### BREAKING CHANGES - -* node@4 is no longer supported - - - - -## [1.1.1](https://github.com/npm/registry-fetch/compare/v1.1.0...v1.1.1) (2018-04-06) - - - - -# [1.1.0](https://github.com/npm/registry-fetch/compare/v1.0.1...v1.1.0) (2018-03-16) - - -### Features - -* **specs:** can use opts.spec to trigger pickManifest ([85c4ac9](https://github.com/npm/registry-fetch/commit/85c4ac9)) - - - - -## [1.0.1](https://github.com/npm/registry-fetch/compare/v1.0.0...v1.0.1) (2018-03-16) - - -### Bug Fixes - -* **query:** oops console.log ([870e4f5](https://github.com/npm/registry-fetch/commit/870e4f5)) - - - - -# 1.0.0 (2018-03-16) - - -### Bug Fixes - -* **auth:** get auth working with all the little details ([84b94ba](https://github.com/npm/registry-fetch/commit/84b94ba)) -* **deps:** add bluebird as an actual dep ([1286e31](https://github.com/npm/registry-fetch/commit/1286e31)) -* **errors:** Unknown auth errors use default code ([#1](https://github.com/npm/registry-fetch/issues/1)) ([3d91b93](https://github.com/npm/registry-fetch/commit/3d91b93)) -* **standard:** remove args from invocation ([9620a0a](https://github.com/npm/registry-fetch/commit/9620a0a)) - - -### Features - -* **api:** baseline kinda-working API impl ([bf91f9f](https://github.com/npm/registry-fetch/commit/bf91f9f)) -* **body:** automatic handling of different opts.body values ([f3b97db](https://github.com/npm/registry-fetch/commit/f3b97db)) -* **config:** nicer input config input handling ([b9ce21d](https://github.com/npm/registry-fetch/commit/b9ce21d)) -* **opts:** use figgy-pudding for opts handling ([0abd527](https://github.com/npm/registry-fetch/commit/0abd527)) -* **query:** add query utility support ([65ea8b1](https://github.com/npm/registry-fetch/commit/65ea8b1)) diff --git a/node_modules/libnpmteam/node_modules/npm-registry-fetch/LICENSE.md b/node_modules/libnpmteam/node_modules/npm-registry-fetch/LICENSE.md deleted file mode 100644 index 8d28acf866d93..0000000000000 --- a/node_modules/libnpmteam/node_modules/npm-registry-fetch/LICENSE.md +++ /dev/null @@ -1,16 +0,0 @@ -ISC License - -Copyright (c) npm, Inc. - -Permission to use, copy, modify, and/or distribute this software for -any purpose with or without fee is hereby granted, provided that the -above copyright notice and this permission notice appear in all copies. - -THE SOFTWARE IS PROVIDED "AS IS" AND THE COPYRIGHT HOLDER DISCLAIMS -ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED -WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE -COPYRIGHT HOLDER BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR -CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS -OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE -OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE -USE OR PERFORMANCE OF THIS SOFTWARE. diff --git a/node_modules/libnpmteam/node_modules/npm-registry-fetch/README.md b/node_modules/libnpmteam/node_modules/npm-registry-fetch/README.md deleted file mode 100644 index e660940e30dc4..0000000000000 --- a/node_modules/libnpmteam/node_modules/npm-registry-fetch/README.md +++ /dev/null @@ -1,635 +0,0 @@ -# npm-registry-fetch - -[![npm version](https://img.shields.io/npm/v/npm-registry-fetch.svg)](https://npm.im/npm-registry-fetch) -[![license](https://img.shields.io/npm/l/npm-registry-fetch.svg)](https://npm.im/npm-registry-fetch) -[![Travis](https://img.shields.io/travis/npm/npm-registry-fetch/latest.svg)](https://travis-ci.org/npm/npm-registry-fetch) -[![AppVeyor](https://img.shields.io/appveyor/ci/npm/npm-registry-fetch/latest.svg)](https://ci.appveyor.com/project/npm/npm-registry-fetch) -[![Coverage Status](https://coveralls.io/repos/github/npm/npm-registry-fetch/badge.svg?branch=latest)](https://coveralls.io/github/npm/npm-registry-fetch?branch=latest) - -[`npm-registry-fetch`](https://github.com/npm/npm-registry-fetch) is a Node.js -library that implements a `fetch`-like API for accessing npm registry APIs -consistently. It's able to consume npm-style configuration values and has all -the necessary logic for picking registries, handling scopes, and dealing with -authentication details built-in. - -This package is meant to replace the older -[`npm-registry-client`](https://npm.im/npm-registry-client). - -## Example - -```javascript -const npmFetch = require('npm-registry-fetch') - -console.log( - await npmFetch.json('/-/ping') -) -``` - -## Table of Contents - -* [Installing](#install) -* [Example](#example) -* [Contributing](#contributing) -* [API](#api) - * [`fetch`](#fetch) - * [`fetch.json`](#fetch-json) - * [`fetch` options](#fetch-opts) - -### Install - -`$ npm install npm-registry-fetch` - -### Contributing - -The npm team enthusiastically welcomes contributions and project participation! -There's a bunch of things you can do if you want to contribute! The [Contributor -Guide](CONTRIBUTING.md) has all the information you need for everything from -reporting bugs to contributing entire new features. Please don't hesitate to -jump in if you'd like to, or even ask us questions if something isn't clear. - -All participants and maintainers in this project are expected to follow [Code of -Conduct](CODE_OF_CONDUCT.md), and just generally be excellent to each other. - -Please refer to the [Changelog](CHANGELOG.md) for project history details, too. - -Happy hacking! - -### API - -#### Caching and `write=true` query strings - -Before performing any PUT or DELETE operation, npm clients first make a -GET request to the registry resource being updated, which includes -the query string `?write=true`. - -The semantics of this are, effectively, "I intend to write to this thing, -and need to know the latest current value, so that my write can land -cleanly". - -The public npm registry handles these `?write=true` requests by ensuring -that the cache is re-validated before sending a response. In order to -maintain the same behavior on the client, and not get tripped up by an -overeager local cache when we intend to write data to the registry, any -request that comes through `npm-registry-fetch` that contains `write=true` -in the query string will forcibly set the `prefer-online` option to `true`, -and set both `prefer-offline` and `offline` to false, so that any local -cached value will be revalidated. - -#### `> fetch(url, [opts]) -> Promise` - -Performs a request to a given URL. - -The URL can be either a full URL, or a path to one. The appropriate registry -will be automatically picked if only a URL path is given. - -For available options, please see the section on [`fetch` options](#fetch-opts). - -##### Example - -```javascript -const res = await fetch('/-/ping') -console.log(res.headers) -res.on('data', d => console.log(d.toString('utf8'))) -``` - -#### `> fetch.json(url, [opts]) -> Promise` - -Performs a request to a given registry URL, parses the body of the response as -JSON, and returns it as its final value. This is a utility shorthand for -`fetch(url).then(res => res.json())`. - -For available options, please see the section on [`fetch` options](#fetch-opts). - -##### Example - -```javascript -const res = await fetch.json('/-/ping') -console.log(res) // Body parsed as JSON -``` - -#### `> fetch.json.stream(url, jsonPath, [opts]) -> Stream` - -Performs a request to a given registry URL and parses the body of the response -as JSON, with each entry being emitted through the stream. - -The `jsonPath` argument is a [`JSONStream.parse()` -path](https://github.com/dominictarr/JSONStream#jsonstreamparsepath), and the -returned stream (unlike default `JSONStream`s), has a valid -`Symbol.asyncIterator` implementation. - -For available options, please see the section on [`fetch` options](#fetch-opts). - -##### Example - -```javascript -console.log('https://npm.im/~zkat has access to the following packages:') -for await (let {key, value} of fetch.json.stream('/-/user/zkat/package', '$*')) { - console.log(`https://npm.im/${key} (perms: ${value})`) -} -``` - -#### `fetch` Options - -Fetch options are optional, and can be passed in as either a Map-like object -(one with a `.get()` method), a plain javascript object, or a -[`figgy-pudding`](https://npm.im/figgy-pudding) instance. - -##### `opts.agent` - -* Type: http.Agent -* Default: an appropriate agent based on URL protocol and proxy settings - -An [`Agent`](https://nodejs.org/api/http.html#http_class_http_agent) instance to -be shared across requests. This allows multiple concurrent `fetch` requests to -happen on the same socket. - -You do _not_ need to provide this option unless you want something particularly -specialized, since proxy configurations and http/https agents are already -automatically managed internally when this option is not passed through. - -##### `opts.body` - -* Type: Buffer | Stream | Object -* Default: null - -Request body to send through the outgoing request. Buffers and Streams will be -passed through as-is, with a default `content-type` of -`application/octet-stream`. Plain JavaScript objects will be `JSON.stringify`ed -and the `content-type` will default to `application/json`. - -Use [`opts.headers`](#opts-headers) to set the content-type to something else. - -##### `opts.ca` - -* Type: String, Array, or null -* Default: null - -The Certificate Authority signing certificate that is trusted for SSL -connections to the registry. Values should be in PEM format (Windows calls it -"Base-64 encoded X.509 (.CER)") with newlines replaced by the string `'\n'`. For -example: - -``` -{ - ca: '-----BEGIN CERTIFICATE-----\nXXXX\nXXXX\n-----END CERTIFICATE-----' -} -``` - -Set to `null` to only allow "known" registrars, or to a specific CA cert -to trust only that specific signing authority. - -Multiple CAs can be trusted by specifying an array of certificates instead of a -single string. - -See also [`opts.strictSSL`](#opts-strictSSL), [`opts.ca`](#opts-ca) and -[`opts.key`](#opts-key) - -##### `opts.cache` - -* Type: path -* Default: null - -The location of the http cache directory. If provided, certain cachable requests -will be cached according to [IETF RFC 7234](https://tools.ietf.org/html/rfc7234) -rules. This will speed up future requests, as well as make the cached data -available offline if necessary/requested. - -See also [`offline`](#opts-offline), [`preferOffline`](#opts-preferOffline), -and [`preferOnline`](#opts-preferOnline). - -##### `opts.cert` - -* Type: String -* Default: null - -A client certificate to pass when accessing the registry. Values should be in -PEM format (Windows calls it "Base-64 encoded X.509 (.CER)") with newlines -replaced by the string `'\n'`. For example: - -``` -{ - cert: '-----BEGIN CERTIFICATE-----\nXXXX\nXXXX\n-----END CERTIFICATE-----' -} -``` - -It is _not_ the path to a certificate file (and there is no "certfile" option). - -See also: [`opts.ca`](#opts-ca) and [`opts.key`](#opts-key) - -##### `opts.fetchRetries` - -* Type: Number -* Default: 2 - -The "retries" config for [`retry`](https://npm.im/retry) to use when fetching -packages from the registry. - -See also [`opts.retry`](#opts-retry) to provide all retry options as a single -object. - -##### `opts.fetchRetryFactor` - -* Type: Number -* Default: 10 - -The "factor" config for [`retry`](https://npm.im/retry) to use when fetching -packages. - -See also [`opts.retry`](#opts-retry) to provide all retry options as a single -object. - -##### `opts.fetchRetryMintimeout` - -* Type: Number -* Default: 10000 (10 seconds) - -The "minTimeout" config for [`retry`](https://npm.im/retry) to use when fetching -packages. - -See also [`opts.retry`](#opts-retry) to provide all retry options as a single -object. - -##### `opts.fetchRetryMaxtimeout` - -* Type: Number -* Default: 60000 (1 minute) - -The "maxTimeout" config for [`retry`](https://npm.im/retry) to use when fetching -packages. - -See also [`opts.retry`](#opts-retry) to provide all retry options as a single -object. - -##### `opts.forceAuth` - -* Type: Object -* Default: null - -If present, other auth-related values in `opts` will be completely ignored, -including `alwaysAuth`, `email`, and `otp`, when calculating auth for a request, -and the auth details in `opts.forceAuth` will be used instead. - -##### `opts.gzip` - -* Type: Boolean -* Default: false - -If true, `npm-registry-fetch` will set the `Content-Encoding` header to `gzip` -and use `zlib.gzip()` or `zlib.createGzip()` to gzip-encode -[`opts.body`](#opts-body). - -##### `opts.headers` - -* Type: Object -* Default: null - -Additional headers for the outgoing request. This option can also be used to -override headers automatically generated by `npm-registry-fetch`, such as -`Content-Type`. - -##### `opts.ignoreBody` - -* Type: Boolean -* Default: false - -If true, the **response body** will be thrown away and `res.body` set to `null`. -This will prevent dangling response sockets for requests where you don't usually -care what the response body is. - -##### `opts.integrity` - -* Type: String | [SRI object](https://npm.im/ssri) -* Default: null - -If provided, the response body's will be verified against this integrity string, -using [`ssri`](https://npm.im/ssri). If verification succeeds, the response will -complete as normal. If verification fails, the response body will error with an -`EINTEGRITY` error. - -Body integrity is only verified if the body is actually consumed to completion -- -that is, if you use `res.json()`/`res.buffer()`, or if you consume the default -`res` stream data to its end. - -Cached data will have its integrity automatically verified using the -previously-generated integrity hash for the saved request information, so -`EINTEGRITY` errors can happen if [`opts.cache`](#opts-cache) is used, even if -`opts.integrity` is not passed in. - -##### `opts.isFromCI` - -* Type: Boolean -* Default: Based on environment variables - -This is used to populate the `npm-in-ci` request header sent to the registry. - -##### `opts.key` - -* Type: String -* Default: null - -A client key to pass when accessing the registry. Values should be in PEM -format with newlines replaced by the string `'\n'`. For example: - -``` -{ - key: '-----BEGIN PRIVATE KEY-----\nXXXX\nXXXX\n-----END PRIVATE KEY-----' -} -``` - -It is _not_ the path to a key file (and there is no "keyfile" option). - -See also: [`opts.ca`](#opts-ca) and [`opts.cert`](#opts-cert) - -##### `opts.localAddress` - -* Type: IP Address String -* Default: null - -The IP address of the local interface to use when making connections -to the registry. - -See also [`opts.proxy`](#opts-proxy) - -##### `opts.log` - -* Type: [`npmlog`](https://npm.im/npmlog)-like -* Default: null - -Logger object to use for logging operation details. Must have the same methods -as `npmlog`. - -##### `opts.mapJSON` - -* Type: Function -* Default: undefined - -When using `fetch.json.stream()` (NOT `fetch.json()`), this will be passed down -to [`JSONStream`](https://npm.im/JSONStream) as the second argument to -`JSONStream.parse`, and can be used to transform stream data before output. - -##### `opts.maxSockets` - -* Type: Integer -* Default: 12 - -Maximum number of sockets to keep open during requests. Has no effect if -[`opts.agent`](#opts-agent) is used. - -##### `opts.method` - -* Type: String -* Default: 'GET' - -HTTP method to use for the outgoing request. Case-insensitive. - -##### `opts.noproxy` - -* Type: Boolean -* Default: process.env.NOPROXY - -If true, proxying will be disabled even if [`opts.proxy`](#opts-proxy) is used. - -##### `opts.npmSession` - -* Type: String -* Default: null - -If provided, will be sent in the `npm-session` header. This header is used by -the npm registry to identify individual user sessions (usually individual -invocations of the CLI). - -##### `opts.npmCommand` - -* Type: String -* Default: null - -If provided, it will be sent in the `npm-command` header. This yeader is -used by the npm registry to identify the npm command that caused this -request to be made. - -##### `opts.offline` - -* Type: Boolean -* Default: false - -Force offline mode: no network requests will be done during install. To allow -`npm-registry-fetch` to fill in missing cache data, see -[`opts.preferOffline`](#opts-preferOffline). - -This option is only really useful if you're also using -[`opts.cache`](#opts-cache). - -This option is set to `true` when the request includes `write=true` in the -query string. - -##### `opts.otp` - -* Type: Number | String -* Default: null - -This is a one-time password from a two-factor authenticator. It is required for -certain registry interactions when two-factor auth is enabled for a user -account. - -##### `opts.password` - -* Alias: `_password` -* Type: String -* Default: null - -Password used for basic authentication. For the more modern authentication -method, please use the (more secure) [`opts.token`](#opts-token) - -Can optionally be scoped to a registry by using a "nerf dart" for that registry. -That is: - -``` -{ - '//registry.npmjs.org/:password': 't0k3nH34r' -} -``` - -See also [`opts.username`](#opts-username) - -##### `opts.preferOffline` - -* Type: Boolean -* Default: false - -If true, staleness checks for cached data will be bypassed, but missing data -will be requested from the server. To force full offline mode, use -[`opts.offline`](#opts-offline). - -This option is generally only useful if you're also using -[`opts.cache`](#opts-cache). - -This option is set to `false` when the request includes `write=true` in the -query string. - -##### `opts.preferOnline` - -* Type: Boolean -* Default: false - -If true, staleness checks for cached data will be forced, making the CLI look -for updates immediately even for fresh package data. - -This option is generally only useful if you're also using -[`opts.cache`](#opts-cache). - -This option is set to `true` when the request includes `write=true` in the -query string. - -##### `opts.projectScope` - -* Type: String -* Default: null - -If provided, will be sent in the `npm-scope` header. This header is used by the -npm registry to identify the toplevel package scope that a particular project -installation is using. - -##### `opts.proxy` - -* Type: url -* Default: null - -A proxy to use for outgoing http requests. If not passed in, the `HTTP(S)_PROXY` -environment variable will be used. - -##### `opts.query` - -* Type: String | Object -* Default: null - -If provided, the request URI will have a query string appended to it using this -query. If `opts.query` is an object, it will be converted to a query string -using -[`querystring.stringify()`](https://nodejs.org/api/querystring.html#querystring_querystring_stringify_obj_sep_eq_options). - -If the request URI already has a query string, it will be merged with -`opts.query`, preferring `opts.query` values. - -##### `opts.registry` - -* Type: URL -* Default: `'https://registry.npmjs.org'` - -Registry configuration for a request. If a request URL only includes the URL -path, this registry setting will be prepended. This configuration is also used -to determine authentication details, so even if the request URL references a -completely different host, `opts.registry` will be used to find the auth details -for that request. - -See also [`opts.scope`](#opts-scope), [`opts.spec`](#opts-spec), and -[`opts.:registry`](#opts-scope-registry) which can all affect the actual -registry URL used by the outgoing request. - -##### `opts.retry` - -* Type: Object -* Default: null - -Single-object configuration for request retry settings. If passed in, will -override individually-passed `fetch-retry-*` settings. - -##### `opts.scope` - -* Type: String -* Default: null - -Associate an operation with a scope for a scoped registry. This option can force -lookup of scope-specific registries and authentication. - -See also [`opts.:registry`](#opts-scope-registry) and -[`opts.spec`](#opts-spec) for interactions with this option. - -##### `opts.:registry` - -* Type: String -* Default: null - -This option type can be used to configure the registry used for requests -involving a particular scope. For example, `opts['@myscope:registry'] = -'https://scope-specific.registry/'` will make it so requests go out to this -registry instead of [`opts.registry`](#opts-registry) when -[`opts.scope`](#opts-scope) is used, or when [`opts.spec`](#opts-spec) is a -scoped package spec. - -The `@` before the scope name is optional, but recommended. - -##### `opts.spec` - -* Type: String | [`npm-registry-arg`](https://npm.im/npm-registry-arg) object. -* Default: null - -If provided, can be used to automatically configure [`opts.scope`](#opts-scope) -based on a specific package name. Non-registry package specs will throw an -error. - -##### `opts.strictSSL` - -* Type: Boolean -* Default: true - -Whether or not to do SSL key validation when making requests to the -registry via https. - -See also [`opts.ca`](#opts-ca). - -##### `opts.timeout` - -* Type: Milliseconds -* Default: 300000 (5 minutes) - -Time before a hanging request times out. - -##### `opts.token` - -* Alias: `opts._authToken` -* Type: String -* Default: null - -Authentication token string. - -Can be scoped to a registry by using a "nerf dart" for that registry. That is: - -``` -{ - '//registry.npmjs.org/:token': 't0k3nH34r' -} -``` - -##### `opts.userAgent` - -* Type: String -* Default: `'npm-registry-fetch@/node@+ ()'` - -User agent string to send in the `User-Agent` header. - -##### `opts.username` - -* Type: String -* Default: null - -Username used for basic authentication. For the more modern authentication -method, please use the (more secure) [`opts.token`](#opts-token) - -Can optionally be scoped to a registry by using a "nerf dart" for that registry. -That is: - -``` -{ - '//registry.npmjs.org/:username': 't0k3nH34r' -} -``` - -See also [`opts.password`](#opts-password) - -##### `opts._auth` - -* Type: String -* Default: null - -** DEPRECATED ** This is a legacy authentication token supported only for -compatibility. Please use [`opts.token`](#opts-token) instead. diff --git a/node_modules/libnpmteam/node_modules/npm-registry-fetch/auth.js b/node_modules/libnpmteam/node_modules/npm-registry-fetch/auth.js deleted file mode 100644 index 11c3bde6b4e6c..0000000000000 --- a/node_modules/libnpmteam/node_modules/npm-registry-fetch/auth.js +++ /dev/null @@ -1,55 +0,0 @@ -'use strict' - -const defaultOpts = require('./default-opts.js') -const url = require('url') - -module.exports = getAuth -function getAuth (registry, opts_ = {}) { - if (!registry) { throw new Error('registry is required') } - const opts = opts_.forceAuth ? opts_.forceAuth : { ...defaultOpts, ...opts_ } - const AUTH = {} - const regKey = registry && registryKey(registry) - const doKey = (key, alias) => addKey(opts, AUTH, regKey, key, alias) - doKey('token') - doKey('_authToken', 'token') - doKey('username') - doKey('password') - doKey('_password', 'password') - doKey('email') - doKey('_auth') - doKey('otp') - doKey('always-auth', 'alwaysAuth') - if (AUTH.password) { - AUTH.password = Buffer.from(AUTH.password, 'base64').toString('utf8') - } - if (AUTH._auth && !(AUTH.username && AUTH.password)) { - let auth = Buffer.from(AUTH._auth, 'base64').toString() - auth = auth.split(':') - AUTH.username = auth.shift() - AUTH.password = auth.join(':') - } - AUTH.alwaysAuth = AUTH.alwaysAuth === 'false' ? false : !!AUTH.alwaysAuth - return AUTH -} - -function addKey (opts, obj, scope, key, objKey) { - if (opts[key]) { - obj[objKey || key] = opts[key] - } - if (scope && opts[`${scope}:${key}`]) { - obj[objKey || key] = opts[`${scope}:${key}`] - } -} - -// Called a nerf dart in the main codebase. Used as a "safe" -// key when fetching registry info from config. -function registryKey (registry) { - const parsed = new url.URL(registry) - const formatted = url.format({ - protocol: parsed.protocol, - host: parsed.host, - pathname: parsed.pathname, - slashes: true - }) - return url.format(new url.URL('.', formatted)).replace(/^[^:]+:/, '') -} diff --git a/node_modules/libnpmteam/node_modules/npm-registry-fetch/check-response.js b/node_modules/libnpmteam/node_modules/npm-registry-fetch/check-response.js deleted file mode 100644 index f151711f30160..0000000000000 --- a/node_modules/libnpmteam/node_modules/npm-registry-fetch/check-response.js +++ /dev/null @@ -1,128 +0,0 @@ -'use strict' - -const errors = require('./errors.js') -const LRU = require('lru-cache') -const { Response } = require('minipass-fetch') -const defaultOpts = require('./default-opts.js') - -module.exports = checkResponse -function checkResponse (method, res, registry, startTime, opts_ = {}) { - const opts = { ...defaultOpts, ...opts_ } - if (res.headers.has('npm-notice') && !res.headers.has('x-local-cache')) { - opts.log.notice('', res.headers.get('npm-notice')) - } - checkWarnings(res, registry, opts) - if (res.status >= 400) { - logRequest(method, res, startTime, opts) - return checkErrors(method, res, startTime, opts) - } else { - res.body.on('end', () => logRequest(method, res, startTime, opts)) - if (opts.ignoreBody) { - res.body.resume() - return new Response(null, res) - } - return res - } -} - -function logRequest (method, res, startTime, opts) { - const elapsedTime = Date.now() - startTime - const attempt = res.headers.get('x-fetch-attempts') - const attemptStr = attempt && attempt > 1 ? ` attempt #${attempt}` : '' - const cacheStr = res.headers.get('x-local-cache') ? ' (from cache)' : '' - - let urlStr - try { - const { URL } = require('url') - const url = new URL(res.url) - if (url.password) { - url.password = '***' - } - urlStr = url.toString() - } catch (er) { - urlStr = res.url - } - - opts.log.http( - 'fetch', - `${method.toUpperCase()} ${res.status} ${urlStr} ${elapsedTime}ms${attemptStr}${cacheStr}` - ) -} - -const WARNING_REGEXP = /^\s*(\d{3})\s+(\S+)\s+"(.*)"\s+"([^"]+)"/ -const BAD_HOSTS = new LRU({ max: 50 }) - -function checkWarnings (res, registry, opts) { - if (res.headers.has('warning') && !BAD_HOSTS.has(registry)) { - const warnings = {} - // note: headers.raw() will preserve case, so we might have a - // key on the object like 'WaRnInG' if that was used first - for (const [key, value] of Object.entries(res.headers.raw())) { - if (key.toLowerCase() !== 'warning') { continue } - value.forEach(w => { - const match = w.match(WARNING_REGEXP) - if (match) { - warnings[match[1]] = { - code: match[1], - host: match[2], - message: match[3], - date: new Date(match[4]) - } - } - }) - } - BAD_HOSTS.set(registry, true) - if (warnings['199']) { - if (warnings['199'].message.match(/ENOTFOUND/)) { - opts.log.warn('registry', `Using stale data from ${registry} because the host is inaccessible -- are you offline?`) - } else { - opts.log.warn('registry', `Unexpected warning for ${registry}: ${warnings['199'].message}`) - } - } - if (warnings['111']) { - // 111 Revalidation failed -- we're using stale data - opts.log.warn( - 'registry', - `Using stale data from ${registry} due to a request error during revalidation.` - ) - } - } -} - -function checkErrors (method, res, startTime, opts) { - return res.buffer() - .catch(() => null) - .then(body => { - let parsed = body - try { - parsed = JSON.parse(body.toString('utf8')) - } catch (e) {} - if (res.status === 401 && res.headers.get('www-authenticate')) { - const auth = res.headers.get('www-authenticate') - .split(/,\s*/) - .map(s => s.toLowerCase()) - if (auth.indexOf('ipaddress') !== -1) { - throw new errors.HttpErrorAuthIPAddress( - method, res, parsed, opts.spec - ) - } else if (auth.indexOf('otp') !== -1) { - throw new errors.HttpErrorAuthOTP( - method, res, parsed, opts.spec - ) - } else { - throw new errors.HttpErrorAuthUnknown( - method, res, parsed, opts.spec - ) - } - } else if (res.status === 401 && body != null && /one-time pass/.test(body.toString('utf8'))) { - // Heuristic for malformed OTP responses that don't include the www-authenticate header. - throw new errors.HttpErrorAuthOTP( - method, res, parsed, opts.spec - ) - } else { - throw new errors.HttpErrorGeneral( - method, res, parsed, opts.spec - ) - } - }) -} diff --git a/node_modules/libnpmteam/node_modules/npm-registry-fetch/default-opts.js b/node_modules/libnpmteam/node_modules/npm-registry-fetch/default-opts.js deleted file mode 100644 index b742fd5a5fcd4..0000000000000 --- a/node_modules/libnpmteam/node_modules/npm-registry-fetch/default-opts.js +++ /dev/null @@ -1,22 +0,0 @@ -const pkg = require('./package.json') -const ciDetect = require('@npmcli/ci-detect') -module.exports = { - isFromCI: ciDetect(), - log: require('./silentlog.js'), - maxSockets: 12, - method: 'GET', - registry: 'https://registry.npmjs.org/', - timeout: 5 * 60 * 1000, // 5 minutes - strictSSL: true, - noProxy: process.env.NOPROXY, - userAgent: `${pkg.name - }@${ - pkg.version - }/node@${ - process.version - }+${ - process.arch - } (${ - process.platform - })` -} diff --git a/node_modules/libnpmteam/node_modules/npm-registry-fetch/errors.js b/node_modules/libnpmteam/node_modules/npm-registry-fetch/errors.js deleted file mode 100644 index c41947e29952d..0000000000000 --- a/node_modules/libnpmteam/node_modules/npm-registry-fetch/errors.js +++ /dev/null @@ -1,79 +0,0 @@ -'use strict' - -const url = require('url') - -function packageName (href) { - try { - let basePath = new url.URL(href).pathname.substr(1) - if (!basePath.match(/^-/)) { - basePath = basePath.split('/') - var index = basePath.indexOf('_rewrite') - if (index === -1) { - index = basePath.length - 1 - } else { - index++ - } - return decodeURIComponent(basePath[index]) - } - } catch (_) { - // this is ok - } -} - -class HttpErrorBase extends Error { - constructor (method, res, body, spec) { - super() - this.headers = res.headers.raw() - this.statusCode = res.status - this.code = `E${res.status}` - this.method = method - this.uri = res.url - this.body = body - this.pkgid = spec ? spec.toString() : packageName(res.url) - } -} -module.exports.HttpErrorBase = HttpErrorBase - -class HttpErrorGeneral extends HttpErrorBase { - constructor (method, res, body, spec) { - super(method, res, body, spec) - this.message = `${res.status} ${res.statusText} - ${ - this.method.toUpperCase() - } ${ - this.spec || this.uri - }${ - (body && body.error) ? ' - ' + body.error : '' - }` - Error.captureStackTrace(this, HttpErrorGeneral) - } -} -module.exports.HttpErrorGeneral = HttpErrorGeneral - -class HttpErrorAuthOTP extends HttpErrorBase { - constructor (method, res, body, spec) { - super(method, res, body, spec) - this.message = 'OTP required for authentication' - this.code = 'EOTP' - Error.captureStackTrace(this, HttpErrorAuthOTP) - } -} -module.exports.HttpErrorAuthOTP = HttpErrorAuthOTP - -class HttpErrorAuthIPAddress extends HttpErrorBase { - constructor (method, res, body, spec) { - super(method, res, body, spec) - this.message = 'Login is not allowed from your IP address' - this.code = 'EAUTHIP' - Error.captureStackTrace(this, HttpErrorAuthIPAddress) - } -} -module.exports.HttpErrorAuthIPAddress = HttpErrorAuthIPAddress - -class HttpErrorAuthUnknown extends HttpErrorBase { - constructor (method, res, body, spec) { - super(method, res, body, spec) - this.message = 'Unable to authenticate, need: ' + res.headers.get('www-authenticate') - Error.captureStackTrace(this, HttpErrorAuthUnknown) - } -} -module.exports.HttpErrorAuthUnknown = HttpErrorAuthUnknown diff --git a/node_modules/libnpmteam/node_modules/npm-registry-fetch/index.js b/node_modules/libnpmteam/node_modules/npm-registry-fetch/index.js deleted file mode 100644 index 2324e7fbfd00b..0000000000000 --- a/node_modules/libnpmteam/node_modules/npm-registry-fetch/index.js +++ /dev/null @@ -1,219 +0,0 @@ -'use strict' - -const checkResponse = require('./check-response.js') -const getAuth = require('./auth.js') -const fetch = require('make-fetch-happen') -const JSONStream = require('minipass-json-stream') -const npa = require('npm-package-arg') -const qs = require('querystring') -const url = require('url') -const zlib = require('minizlib') -const Minipass = require('minipass') - -const defaultOpts = require('./default-opts.js') - -// WhatWG URL throws if it's not fully resolved -const urlIsValid = u => { - try { - return !!new url.URL(u) - } catch (_) { - return false - } -} - -module.exports = regFetch -function regFetch (uri, /* istanbul ignore next */ opts_ = {}) { - const opts = { - ...defaultOpts, - ...opts_ - } - const registry = opts.registry = ( - (opts.spec && pickRegistry(opts.spec, opts)) || - (opts.publishConfig && opts.publishConfig.registry) || - opts.registry || - /* istanbul ignore next */ - 'https://registry.npmjs.org/' - ) - - if (!urlIsValid(uri)) { - uri = `${ - registry.trim().replace(/\/?$/g, '') - }/${ - uri.trim().replace(/^\//, '') - }` - } - - const method = opts.method || 'GET' - - // through that takes into account the scope, the prefix of `uri`, etc - const startTime = Date.now() - const headers = getHeaders(registry, uri, opts) - let body = opts.body - const bodyIsStream = Minipass.isStream(body) - const bodyIsPromise = body && - typeof body === 'object' && - typeof body.then === 'function' - - if (body && !bodyIsStream && !bodyIsPromise && typeof body !== 'string' && !Buffer.isBuffer(body)) { - headers['content-type'] = headers['content-type'] || 'application/json' - body = JSON.stringify(body) - } else if (body && !headers['content-type']) { - headers['content-type'] = 'application/octet-stream' - } - - if (opts.gzip) { - headers['content-encoding'] = 'gzip' - if (bodyIsStream) { - const gz = new zlib.Gzip() - body.on('error', /* istanbul ignore next: unlikely and hard to test */ - err => gz.emit('error', err)) - body = body.pipe(gz) - } else if (!bodyIsPromise) { - body = new zlib.Gzip().end(body).concat() - } - } - - const parsed = new url.URL(uri) - - if (opts.query) { - const q = typeof opts.query === 'string' - ? qs.parse(opts.query) - : opts.query - - Object.keys(q).forEach(key => { - if (q[key] !== undefined) { - parsed.searchParams.set(key, q[key]) - } - }) - uri = url.format(parsed) - } - - if (parsed.searchParams.get('write') === 'true' && method === 'GET') { - // do not cache, because this GET is fetching a rev that will be - // used for a subsequent PUT or DELETE, so we need to conditionally - // update cache. - opts.offline = false - opts.preferOffline = false - opts.preferOnline = true - } - - const doFetch = (body) => fetch(uri, { - agent: opts.agent, - algorithms: opts.algorithms, - body, - cache: getCacheMode(opts), - cacheManager: opts.cache, - ca: opts.ca, - cert: opts.cert, - headers, - integrity: opts.integrity, - key: opts.key, - localAddress: opts.localAddress, - maxSockets: opts.maxSockets, - memoize: opts.memoize, - method: method, - noProxy: opts.noProxy, - proxy: opts.httpsProxy || opts.proxy, - retry: opts.retry ? opts.retry : { - retries: opts.fetchRetries, - factor: opts.fetchRetryFactor, - minTimeout: opts.fetchRetryMintimeout, - maxTimeout: opts.fetchRetryMaxtimeout - }, - strictSSL: opts.strictSSL, - timeout: opts.timeout || 30 * 1000 - }).then(res => checkResponse( - method, res, registry, startTime, opts - )) - - return Promise.resolve(body).then(doFetch) -} - -module.exports.json = fetchJSON -function fetchJSON (uri, opts) { - return regFetch(uri, opts).then(res => res.json()) -} - -module.exports.json.stream = fetchJSONStream -function fetchJSONStream (uri, jsonPath, /* istanbul ignore next */ opts_ = {}) { - const opts = { ...defaultOpts, ...opts_ } - const parser = JSONStream.parse(jsonPath, opts.mapJSON) - regFetch(uri, opts).then(res => - res.body.on('error', - /* istanbul ignore next: unlikely and difficult to test */ - er => parser.emit('error', er)).pipe(parser) - ).catch(er => parser.emit('error', er)) - return parser -} - -module.exports.pickRegistry = pickRegistry -function pickRegistry (spec, opts = {}) { - spec = npa(spec) - let registry = spec.scope && - opts[spec.scope.replace(/^@?/, '@') + ':registry'] - - if (!registry && opts.scope) { - registry = opts[opts.scope.replace(/^@?/, '@') + ':registry'] - } - - if (!registry && opts.publishConfig) { - registry = opts.publishConfig.registry - } - - if (!registry) { - registry = opts.registry || 'https://registry.npmjs.org/' - } - - return registry -} - -function getCacheMode (opts) { - return opts.offline - ? 'only-if-cached' - : opts.preferOffline - ? 'force-cache' - : opts.preferOnline - ? 'no-cache' - : 'default' -} - -function getHeaders (registry, uri, opts) { - const headers = Object.assign({ - 'npm-in-ci': !!opts.isFromCI, - 'user-agent': opts.userAgent - }, opts.headers || {}) - - if (opts.projectScope) { - headers['npm-scope'] = opts.projectScope - } - - if (opts.npmSession) { - headers['npm-session'] = opts.npmSession - } - - if (opts.npmCommand) { - headers['npm-command'] = opts.npmCommand - } - - const auth = getAuth(registry, opts) - // If a tarball is hosted on a different place than the manifest, only send - // credentials on `alwaysAuth` - const shouldAuth = ( - auth.alwaysAuth || - new url.URL(uri).host === new url.URL(registry).host - ) - if (shouldAuth && auth.token) { - headers.authorization = `Bearer ${auth.token}` - } else if (shouldAuth && auth.username && auth.password) { - const encoded = Buffer.from( - `${auth.username}:${auth.password}`, 'utf8' - ).toString('base64') - headers.authorization = `Basic ${encoded}` - } else if (shouldAuth && auth._auth) { - headers.authorization = `Basic ${auth._auth}` - } - if (shouldAuth && auth.otp) { - headers['npm-otp'] = auth.otp - } - return headers -} diff --git a/node_modules/libnpmteam/node_modules/npm-registry-fetch/package.json b/node_modules/libnpmteam/node_modules/npm-registry-fetch/package.json deleted file mode 100644 index 5aeddc5b39102..0000000000000 --- a/node_modules/libnpmteam/node_modules/npm-registry-fetch/package.json +++ /dev/null @@ -1,59 +0,0 @@ -{ - "name": "npm-registry-fetch", - "version": "8.1.5", - "description": "Fetch-based http client for use with npm registry APIs", - "main": "index.js", - "files": [ - "*.js", - "lib" - ], - "scripts": { - "postrelease": "npm publish", - "posttest": "standard", - "prepublishOnly": "git push --follow-tags", - "prerelease": "npm t", - "release": "standard-version -s", - "test": "tap" - }, - "repository": "https://github.com/npm/registry-fetch", - "keywords": [ - "npm", - "registry", - "fetch" - ], - "author": { - "name": "Kat Marchán", - "email": "kzm@sykosomatic.org", - "twitter": "maybekatz" - }, - "license": "ISC", - "dependencies": { - "@npmcli/ci-detect": "^1.0.0", - "lru-cache": "^6.0.0", - "make-fetch-happen": "^8.0.9", - "minipass": "^3.1.3", - "minipass-fetch": "^1.3.0", - "minipass-json-stream": "^1.0.1", - "minizlib": "^2.0.0", - "npm-package-arg": "^8.0.0" - }, - "devDependencies": { - "cacache": "^15.0.0", - "mkdirp": "^0.5.1", - "nock": "^11.7.0", - "npmlog": "^4.1.2", - "require-inject": "^1.4.4", - "rimraf": "^2.6.2", - "ssri": "^8.0.0", - "standard": "^14.3.3", - "standard-version": "^7.1.0", - "tap": "^14.10.7" - }, - "tap": { - "check-coverage": true, - "test-ignore": "test[\\\\/](util|cache)[\\\\/]" - }, - "engines": { - "node": ">=10" - } -} diff --git a/node_modules/libnpmteam/node_modules/npm-registry-fetch/silentlog.js b/node_modules/libnpmteam/node_modules/npm-registry-fetch/silentlog.js deleted file mode 100644 index 886c5d55b2dbb..0000000000000 --- a/node_modules/libnpmteam/node_modules/npm-registry-fetch/silentlog.js +++ /dev/null @@ -1,14 +0,0 @@ -'use strict' - -const noop = Function.prototype -module.exports = { - error: noop, - warn: noop, - notice: noop, - info: noop, - verbose: noop, - silly: noop, - http: noop, - pause: noop, - resume: noop -} diff --git a/node_modules/libnpmteam/package.json b/node_modules/libnpmteam/package.json index 1834be77732ef..fc3bf5b3392d6 100644 --- a/node_modules/libnpmteam/package.json +++ b/node_modules/libnpmteam/package.json @@ -1,7 +1,7 @@ { "name": "libnpmteam", "description": "npm Team management APIs", - "version": "2.0.1", + "version": "2.0.2", "author": "Kat Marchán ", "license": "ISC", "scripts": { @@ -27,7 +27,7 @@ "homepage": "https://npmjs.com/package/libnpmteam", "dependencies": { "aproba": "^2.0.0", - "npm-registry-fetch": "^8.0.0" + "npm-registry-fetch": "^9.0.0" }, "engines": { "node": ">=10" diff --git a/package-lock.json b/package-lock.json index 933d96ba14cd5..5dc44ebcdc563 100644 --- a/package-lock.json +++ b/package-lock.json @@ -111,7 +111,7 @@ "libnpmpack": "^2.0.0", "libnpmpublish": "^4.0.0", "libnpmsearch": "^3.0.0", - "libnpmteam": "^2.0.1", + "libnpmteam": "^2.0.2", "libnpmversion": "^1.0.6", "make-fetch-happen": "^8.0.9", "mkdirp": "^1.0.4", @@ -3853,31 +3853,13 @@ } }, "node_modules/libnpmteam": { - "version": "2.0.1", + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/libnpmteam/-/libnpmteam-2.0.2.tgz", + "integrity": "sha512-QGvtbMPdQzK+XybBPK0UjfLEI9fiDPQSFMbZW+2lmm0BgPoqxHle0Wl90bsIyBVY7pYzp45MgMqQNo7KWCLpDA==", "inBundle": true, - "license": "ISC", "dependencies": { "aproba": "^2.0.0", - "npm-registry-fetch": "^8.0.0" - }, - "engines": { - "node": ">=10" - } - }, - "node_modules/libnpmteam/node_modules/npm-registry-fetch": { - "version": "8.1.5", - "resolved": "https://registry.npmjs.org/npm-registry-fetch/-/npm-registry-fetch-8.1.5.tgz", - "integrity": "sha512-yZPNoJK9clx1jhSXU54kU6Aj1SV2p7mXUs1W/6OjQvek3wb1RrjDCrt4iY1+VX9eBQvvSGEpzNmYkRUaTL8rqg==", - "inBundle": true, - "dependencies": { - "@npmcli/ci-detect": "^1.0.0", - "lru-cache": "^6.0.0", - "make-fetch-happen": "^8.0.9", - "minipass": "^3.1.3", - "minipass-fetch": "^1.3.0", - "minipass-json-stream": "^1.0.1", - "minizlib": "^2.0.0", - "npm-package-arg": "^8.0.0" + "npm-registry-fetch": "^9.0.0" }, "engines": { "node": ">=10" @@ -11640,27 +11622,12 @@ } }, "libnpmteam": { - "version": "2.0.1", + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/libnpmteam/-/libnpmteam-2.0.2.tgz", + "integrity": "sha512-QGvtbMPdQzK+XybBPK0UjfLEI9fiDPQSFMbZW+2lmm0BgPoqxHle0Wl90bsIyBVY7pYzp45MgMqQNo7KWCLpDA==", "requires": { "aproba": "^2.0.0", - "npm-registry-fetch": "^8.0.0" - }, - "dependencies": { - "npm-registry-fetch": { - "version": "8.1.5", - "resolved": "https://registry.npmjs.org/npm-registry-fetch/-/npm-registry-fetch-8.1.5.tgz", - "integrity": "sha512-yZPNoJK9clx1jhSXU54kU6Aj1SV2p7mXUs1W/6OjQvek3wb1RrjDCrt4iY1+VX9eBQvvSGEpzNmYkRUaTL8rqg==", - "requires": { - "@npmcli/ci-detect": "^1.0.0", - "lru-cache": "^6.0.0", - "make-fetch-happen": "^8.0.9", - "minipass": "^3.1.3", - "minipass-fetch": "^1.3.0", - "minipass-json-stream": "^1.0.1", - "minizlib": "^2.0.0", - "npm-package-arg": "^8.0.0" - } - } + "npm-registry-fetch": "^9.0.0" } }, "libnpmversion": { diff --git a/package.json b/package.json index 8bb5960513db1..aab6fa8c0506d 100644 --- a/package.json +++ b/package.json @@ -75,7 +75,7 @@ "libnpmpack": "^2.0.0", "libnpmpublish": "^4.0.0", "libnpmsearch": "^3.0.0", - "libnpmteam": "^2.0.1", + "libnpmteam": "^2.0.2", "libnpmversion": "^1.0.6", "make-fetch-happen": "^8.0.9", "mkdirp": "^1.0.4", From fc5aa7b4ad45cb65893f734e1229a6720f7966e5 Mon Sep 17 00:00:00 2001 From: isaacs Date: Tue, 3 Nov 2020 13:07:15 -0800 Subject: [PATCH 11/21] libnpmsearch@3.0.1 --- .../npm-registry-fetch/CHANGELOG.md | 384 ----------- .../npm-registry-fetch/LICENSE.md | 16 - .../node_modules/npm-registry-fetch/README.md | 635 ------------------ .../node_modules/npm-registry-fetch/auth.js | 55 -- .../npm-registry-fetch/check-response.js | 128 ---- .../npm-registry-fetch/default-opts.js | 22 - .../node_modules/npm-registry-fetch/errors.js | 79 --- .../node_modules/npm-registry-fetch/index.js | 219 ------ .../npm-registry-fetch/package.json | 59 -- .../npm-registry-fetch/silentlog.js | 14 - node_modules/libnpmsearch/package.json | 4 +- package-lock.json | 51 +- package.json | 2 +- 13 files changed, 12 insertions(+), 1656 deletions(-) delete mode 100644 node_modules/libnpmsearch/node_modules/npm-registry-fetch/CHANGELOG.md delete mode 100644 node_modules/libnpmsearch/node_modules/npm-registry-fetch/LICENSE.md delete mode 100644 node_modules/libnpmsearch/node_modules/npm-registry-fetch/README.md delete mode 100644 node_modules/libnpmsearch/node_modules/npm-registry-fetch/auth.js delete mode 100644 node_modules/libnpmsearch/node_modules/npm-registry-fetch/check-response.js delete mode 100644 node_modules/libnpmsearch/node_modules/npm-registry-fetch/default-opts.js delete mode 100644 node_modules/libnpmsearch/node_modules/npm-registry-fetch/errors.js delete mode 100644 node_modules/libnpmsearch/node_modules/npm-registry-fetch/index.js delete mode 100644 node_modules/libnpmsearch/node_modules/npm-registry-fetch/package.json delete mode 100644 node_modules/libnpmsearch/node_modules/npm-registry-fetch/silentlog.js diff --git a/node_modules/libnpmsearch/node_modules/npm-registry-fetch/CHANGELOG.md b/node_modules/libnpmsearch/node_modules/npm-registry-fetch/CHANGELOG.md deleted file mode 100644 index fc26ee1bda4ba..0000000000000 --- a/node_modules/libnpmsearch/node_modules/npm-registry-fetch/CHANGELOG.md +++ /dev/null @@ -1,384 +0,0 @@ -# Changelog - -All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines. - -### [8.1.5](https://github.com/npm/registry-fetch/compare/v8.1.4...v8.1.5) (2020-10-12) - - -### Bug Fixes - -* respect publishConfig.registry when specified ([32e36ef](https://github.com/npm/registry-fetch/commit/32e36efe86302ed319973cd5b1e6ccc3f62e557e)), closes [#35](https://github.com/npm/registry-fetch/issues/35) - -### [8.1.4](https://github.com/npm/registry-fetch/compare/v8.1.3...v8.1.4) (2020-08-17) - - -### Bug Fixes - -* redact passwords from http logs ([3c294eb](https://github.com/npm/registry-fetch/commit/3c294ebbd7821725db4ff1bc5fe368c49613efcc)) - -### [8.1.3](https://github.com/npm/registry-fetch/compare/v8.1.2...v8.1.3) (2020-07-21) - -### [8.1.2](https://github.com/npm/registry-fetch/compare/v8.1.1...v8.1.2) (2020-07-11) - -### [8.1.1](https://github.com/npm/registry-fetch/compare/v8.1.0...v8.1.1) (2020-06-30) - -## [8.1.0](https://github.com/npm/registry-fetch/compare/v8.0.3...v8.1.0) (2020-05-20) - - -### Features - -* add npm-command HTTP header ([1bb4eb2](https://github.com/npm/registry-fetch/commit/1bb4eb2c66ee8a0dc62558bdcff1b548e2bb9820)) - -### [8.0.3](https://github.com/npm/registry-fetch/compare/v8.0.2...v8.0.3) (2020-05-13) - - -### Bug Fixes - -* update minipass and make-fetch-happen to latest ([3b6c5d0](https://github.com/npm/registry-fetch/commit/3b6c5d0d8ccd4c4a97862a65acef956f19aec127)), closes [#23](https://github.com/npm/registry-fetch/issues/23) - -### [8.0.2](https://github.com/npm/registry-fetch/compare/v8.0.1...v8.0.2) (2020-05-04) - - -### Bug Fixes - -* update make-fetch-happen to 8.0.6 ([226df2c](https://github.com/npm/registry-fetch/commit/226df2c32e3f9ed8ceefcfdbd11efb178181b442)) - -## [8.0.0](https://github.com/npm/registry-fetch/compare/v7.0.1...v8.0.0) (2020-02-24) - - -### ⚠ BREAKING CHANGES - -* Removes the 'opts.refer' option and the HTTP Referer -header (unless explicitly added to the 'headers' option, of course). - -PR-URL: https://github.com/npm/npm-registry-fetch/pull/25 -Credit: @isaacs - -### Bug Fixes - -* remove referer header and opts.refer ([eb8f7af](https://github.com/npm/registry-fetch/commit/eb8f7af3c102834856604c1be664b00ca0fe8ef2)), closes [#25](https://github.com/npm/registry-fetch/issues/25) - -### [7.0.1](https://github.com/npm/registry-fetch/compare/v7.0.0...v7.0.1) (2020-02-24) - -## [7.0.0](https://github.com/npm/registry-fetch/compare/v6.0.2...v7.0.0) (2020-02-18) - - -### ⚠ BREAKING CHANGES - -* figgy pudding is now nowhere to be found. -* this removes figgy-pudding, and drops several option -aliases. - -Defaults and behavior are all the same, and this module is now using the -canonical camelCase option names that npm v7 will provide to all its -deps. - -Related to: https://github.com/npm/rfcs/pull/102 - -PR-URL: https://github.com/npm/npm-registry-fetch/pull/22 -Credit: @isaacs - -### Bug Fixes - -* Remove figgy-pudding, use canonical option names ([ede3c08](https://github.com/npm/registry-fetch/commit/ede3c087007fd1808e02b1af70562220d03b18a9)), closes [#22](https://github.com/npm/registry-fetch/issues/22) - - -* update cacache, ssri, make-fetch-happen ([57fcc88](https://github.com/npm/registry-fetch/commit/57fcc889bee03edcc0a2025d96a171039108c231)) - -### [6.0.2](https://github.com/npm/registry-fetch/compare/v6.0.1...v6.0.2) (2020-02-14) - - -### Bug Fixes - -* always bypass cache when ?write=true ([83f89f3](https://github.com/npm/registry-fetch/commit/83f89f35abd2ed0507c869e37f90ed746375772c)) - -### [6.0.1](https://github.com/npm/registry-fetch/compare/v6.0.0...v6.0.1) (2020-02-14) - - -### Bug Fixes - -* use 30s default for timeout as per README ([50e8afc](https://github.com/npm/registry-fetch/commit/50e8afc6ff850542feb588f9f9c64ebae59e72a0)), closes [#20](https://github.com/npm/registry-fetch/issues/20) - -## [6.0.0](https://github.com/npm/registry-fetch/compare/v5.0.1...v6.0.0) (2019-12-17) - - -### ⚠ BREAKING CHANGES - -* This drops support for node < 10. - -There are some lint failures due to standard pushing for using WhatWG URL -objects instead of url.parse/url.resolve. However, the code in this lib -does some fancy things with the query/search portions of the parsed url -object, so it'll take a bit of care to make it work properly. - -### Bug Fixes - -* detect CI so our tests don't fail in CI ([5813da6](https://github.com/npm/registry-fetch/commit/5813da634cef73b12e40373972d7937e6934fce0)) -* Use WhatWG URLs instead of url.parse ([8ccfa8a](https://github.com/npm/registry-fetch/commit/8ccfa8a72c38cfedb0f525b7f453644fd4444f99)) - - -* normalize settings, drop old nodes, update deps ([510b125](https://github.com/npm/registry-fetch/commit/510b1255cc7ed4bb397a34e0007757dae33e2275)) - - -## [5.0.1](https://github.com/npm/registry-fetch/compare/v5.0.0...v5.0.1) (2019-11-11) - - - - -# [5.0.0](https://github.com/npm/registry-fetch/compare/v4.0.2...v5.0.0) (2019-10-04) - - -### Bug Fixes - -* prefer const in getAuth function ([90ac7b1](https://github.com/npm/registry-fetch/commit/90ac7b1)) -* use minizlib instead of core zlib ([e64702e](https://github.com/npm/registry-fetch/commit/e64702e)) - - -### Features - -* refactor to use Minipass streams ([bb37f20](https://github.com/npm/registry-fetch/commit/bb37f20)) - - -### BREAKING CHANGES - -* this replaces all core streams (except for some -PassThrough streams in a few tests) with Minipass streams, and updates -all deps to the latest and greatest Minipass versions of things. - - - - -## [4.0.2](https://github.com/npm/registry-fetch/compare/v4.0.0...v4.0.2) (2019-10-04) - - -### Bug Fixes - -* Add null check on body on 401 errors ([e3a0186](https://github.com/npm/registry-fetch/commit/e3a0186)), closes [#9](https://github.com/npm/registry-fetch/issues/9) -* **deps:** Add explicit dependency on safe-buffer ([8eae5f0](https://github.com/npm/registry-fetch/commit/8eae5f0)), closes [npm/libnpmaccess#2](https://github.com/npm/libnpmaccess/issues/2) [#3](https://github.com/npm/registry-fetch/issues/3) - - - - -# [4.0.0](https://github.com/npm/registry-fetch/compare/v3.9.1...v4.0.0) (2019-07-15) - - -* cacache@12.0.0, infer uid from cache folder ([0c4f060](https://github.com/npm/registry-fetch/commit/0c4f060)) - - -### BREAKING CHANGES - -* uid and gid are inferred from cache folder, rather than -being passed in as options. - - - - -## [3.9.1](https://github.com/npm/registry-fetch/compare/v3.9.0...v3.9.1) (2019-07-02) - - - - -# [3.9.0](https://github.com/npm/registry-fetch/compare/v3.8.0...v3.9.0) (2019-01-24) - - -### Features - -* **auth:** support username:password encoded legacy _auth ([a91f90c](https://github.com/npm/registry-fetch/commit/a91f90c)) - - - - -# [3.8.0](https://github.com/npm/registry-fetch/compare/v3.7.0...v3.8.0) (2018-08-23) - - -### Features - -* **mapJson:** add support for passing in json stream mapper ([0600986](https://github.com/npm/registry-fetch/commit/0600986)) - - - - -# [3.7.0](https://github.com/npm/registry-fetch/compare/v3.6.0...v3.7.0) (2018-08-23) - - -### Features - -* **json.stream:** add utility function for streamed JSON parsing ([051d969](https://github.com/npm/registry-fetch/commit/051d969)) - - - - -# [3.6.0](https://github.com/npm/registry-fetch/compare/v3.5.0...v3.6.0) (2018-08-22) - - -### Bug Fixes - -* **docs:** document opts.forceAuth ([40bcd65](https://github.com/npm/registry-fetch/commit/40bcd65)) - - -### Features - -* **opts.ignoreBody:** add a boolean to throw away response bodies ([6923702](https://github.com/npm/registry-fetch/commit/6923702)) - - - - -# [3.5.0](https://github.com/npm/registry-fetch/compare/v3.4.0...v3.5.0) (2018-08-22) - - -### Features - -* **pkgid:** heuristic pkgid calculation for errors ([2e789a5](https://github.com/npm/registry-fetch/commit/2e789a5)) - - - - -# [3.4.0](https://github.com/npm/registry-fetch/compare/v3.3.0...v3.4.0) (2018-08-22) - - -### Bug Fixes - -* **deps:** use new figgy-pudding with aliases fix ([0308f54](https://github.com/npm/registry-fetch/commit/0308f54)) - - -### Features - -* **auth:** add forceAuth option to force a specific auth mechanism ([4524d17](https://github.com/npm/registry-fetch/commit/4524d17)) - - - - -# [3.3.0](https://github.com/npm/registry-fetch/compare/v3.2.1...v3.3.0) (2018-08-21) - - -### Bug Fixes - -* **query:** stop including undefined keys ([4718b1b](https://github.com/npm/registry-fetch/commit/4718b1b)) - - -### Features - -* **otp:** use heuristic detection for malformed EOTP responses ([f035194](https://github.com/npm/registry-fetch/commit/f035194)) - - - - -## [3.2.1](https://github.com/npm/registry-fetch/compare/v3.2.0...v3.2.1) (2018-08-16) - - -### Bug Fixes - -* **opts:** pass through non-null opts.retry ([beba040](https://github.com/npm/registry-fetch/commit/beba040)) - - - - -# [3.2.0](https://github.com/npm/registry-fetch/compare/v3.1.1...v3.2.0) (2018-07-27) - - -### Features - -* **gzip:** add opts.gzip convenience opt ([340abe0](https://github.com/npm/registry-fetch/commit/340abe0)) - - - - -## [3.1.1](https://github.com/npm/registry-fetch/compare/v3.1.0...v3.1.1) (2018-04-09) - - - - -# [3.1.0](https://github.com/npm/registry-fetch/compare/v3.0.0...v3.1.0) (2018-04-09) - - -### Features - -* **config:** support no-proxy and https-proxy options ([9aa906b](https://github.com/npm/registry-fetch/commit/9aa906b)) - - - - -# [3.0.0](https://github.com/npm/registry-fetch/compare/v2.1.0...v3.0.0) (2018-04-09) - - -### Bug Fixes - -* **api:** pacote integration-related fixes ([a29de4f](https://github.com/npm/registry-fetch/commit/a29de4f)) -* **config:** stop caring about opts.config ([5856a6f](https://github.com/npm/registry-fetch/commit/5856a6f)) - - -### BREAKING CHANGES - -* **config:** opts.config is no longer supported. Pass the options down in opts itself. - - - - -# [2.1.0](https://github.com/npm/registry-fetch/compare/v2.0.0...v2.1.0) (2018-04-08) - - -### Features - -* **token:** accept opts.token for opts._authToken ([108c9f0](https://github.com/npm/registry-fetch/commit/108c9f0)) - - - - -# [2.0.0](https://github.com/npm/registry-fetch/compare/v1.1.1...v2.0.0) (2018-04-08) - - -### meta - -* drop support for node@4 ([758536e](https://github.com/npm/registry-fetch/commit/758536e)) - - -### BREAKING CHANGES - -* node@4 is no longer supported - - - - -## [1.1.1](https://github.com/npm/registry-fetch/compare/v1.1.0...v1.1.1) (2018-04-06) - - - - -# [1.1.0](https://github.com/npm/registry-fetch/compare/v1.0.1...v1.1.0) (2018-03-16) - - -### Features - -* **specs:** can use opts.spec to trigger pickManifest ([85c4ac9](https://github.com/npm/registry-fetch/commit/85c4ac9)) - - - - -## [1.0.1](https://github.com/npm/registry-fetch/compare/v1.0.0...v1.0.1) (2018-03-16) - - -### Bug Fixes - -* **query:** oops console.log ([870e4f5](https://github.com/npm/registry-fetch/commit/870e4f5)) - - - - -# 1.0.0 (2018-03-16) - - -### Bug Fixes - -* **auth:** get auth working with all the little details ([84b94ba](https://github.com/npm/registry-fetch/commit/84b94ba)) -* **deps:** add bluebird as an actual dep ([1286e31](https://github.com/npm/registry-fetch/commit/1286e31)) -* **errors:** Unknown auth errors use default code ([#1](https://github.com/npm/registry-fetch/issues/1)) ([3d91b93](https://github.com/npm/registry-fetch/commit/3d91b93)) -* **standard:** remove args from invocation ([9620a0a](https://github.com/npm/registry-fetch/commit/9620a0a)) - - -### Features - -* **api:** baseline kinda-working API impl ([bf91f9f](https://github.com/npm/registry-fetch/commit/bf91f9f)) -* **body:** automatic handling of different opts.body values ([f3b97db](https://github.com/npm/registry-fetch/commit/f3b97db)) -* **config:** nicer input config input handling ([b9ce21d](https://github.com/npm/registry-fetch/commit/b9ce21d)) -* **opts:** use figgy-pudding for opts handling ([0abd527](https://github.com/npm/registry-fetch/commit/0abd527)) -* **query:** add query utility support ([65ea8b1](https://github.com/npm/registry-fetch/commit/65ea8b1)) diff --git a/node_modules/libnpmsearch/node_modules/npm-registry-fetch/LICENSE.md b/node_modules/libnpmsearch/node_modules/npm-registry-fetch/LICENSE.md deleted file mode 100644 index 8d28acf866d93..0000000000000 --- a/node_modules/libnpmsearch/node_modules/npm-registry-fetch/LICENSE.md +++ /dev/null @@ -1,16 +0,0 @@ -ISC License - -Copyright (c) npm, Inc. - -Permission to use, copy, modify, and/or distribute this software for -any purpose with or without fee is hereby granted, provided that the -above copyright notice and this permission notice appear in all copies. - -THE SOFTWARE IS PROVIDED "AS IS" AND THE COPYRIGHT HOLDER DISCLAIMS -ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED -WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE -COPYRIGHT HOLDER BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR -CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS -OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE -OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE -USE OR PERFORMANCE OF THIS SOFTWARE. diff --git a/node_modules/libnpmsearch/node_modules/npm-registry-fetch/README.md b/node_modules/libnpmsearch/node_modules/npm-registry-fetch/README.md deleted file mode 100644 index e660940e30dc4..0000000000000 --- a/node_modules/libnpmsearch/node_modules/npm-registry-fetch/README.md +++ /dev/null @@ -1,635 +0,0 @@ -# npm-registry-fetch - -[![npm version](https://img.shields.io/npm/v/npm-registry-fetch.svg)](https://npm.im/npm-registry-fetch) -[![license](https://img.shields.io/npm/l/npm-registry-fetch.svg)](https://npm.im/npm-registry-fetch) -[![Travis](https://img.shields.io/travis/npm/npm-registry-fetch/latest.svg)](https://travis-ci.org/npm/npm-registry-fetch) -[![AppVeyor](https://img.shields.io/appveyor/ci/npm/npm-registry-fetch/latest.svg)](https://ci.appveyor.com/project/npm/npm-registry-fetch) -[![Coverage Status](https://coveralls.io/repos/github/npm/npm-registry-fetch/badge.svg?branch=latest)](https://coveralls.io/github/npm/npm-registry-fetch?branch=latest) - -[`npm-registry-fetch`](https://github.com/npm/npm-registry-fetch) is a Node.js -library that implements a `fetch`-like API for accessing npm registry APIs -consistently. It's able to consume npm-style configuration values and has all -the necessary logic for picking registries, handling scopes, and dealing with -authentication details built-in. - -This package is meant to replace the older -[`npm-registry-client`](https://npm.im/npm-registry-client). - -## Example - -```javascript -const npmFetch = require('npm-registry-fetch') - -console.log( - await npmFetch.json('/-/ping') -) -``` - -## Table of Contents - -* [Installing](#install) -* [Example](#example) -* [Contributing](#contributing) -* [API](#api) - * [`fetch`](#fetch) - * [`fetch.json`](#fetch-json) - * [`fetch` options](#fetch-opts) - -### Install - -`$ npm install npm-registry-fetch` - -### Contributing - -The npm team enthusiastically welcomes contributions and project participation! -There's a bunch of things you can do if you want to contribute! The [Contributor -Guide](CONTRIBUTING.md) has all the information you need for everything from -reporting bugs to contributing entire new features. Please don't hesitate to -jump in if you'd like to, or even ask us questions if something isn't clear. - -All participants and maintainers in this project are expected to follow [Code of -Conduct](CODE_OF_CONDUCT.md), and just generally be excellent to each other. - -Please refer to the [Changelog](CHANGELOG.md) for project history details, too. - -Happy hacking! - -### API - -#### Caching and `write=true` query strings - -Before performing any PUT or DELETE operation, npm clients first make a -GET request to the registry resource being updated, which includes -the query string `?write=true`. - -The semantics of this are, effectively, "I intend to write to this thing, -and need to know the latest current value, so that my write can land -cleanly". - -The public npm registry handles these `?write=true` requests by ensuring -that the cache is re-validated before sending a response. In order to -maintain the same behavior on the client, and not get tripped up by an -overeager local cache when we intend to write data to the registry, any -request that comes through `npm-registry-fetch` that contains `write=true` -in the query string will forcibly set the `prefer-online` option to `true`, -and set both `prefer-offline` and `offline` to false, so that any local -cached value will be revalidated. - -#### `> fetch(url, [opts]) -> Promise` - -Performs a request to a given URL. - -The URL can be either a full URL, or a path to one. The appropriate registry -will be automatically picked if only a URL path is given. - -For available options, please see the section on [`fetch` options](#fetch-opts). - -##### Example - -```javascript -const res = await fetch('/-/ping') -console.log(res.headers) -res.on('data', d => console.log(d.toString('utf8'))) -``` - -#### `> fetch.json(url, [opts]) -> Promise` - -Performs a request to a given registry URL, parses the body of the response as -JSON, and returns it as its final value. This is a utility shorthand for -`fetch(url).then(res => res.json())`. - -For available options, please see the section on [`fetch` options](#fetch-opts). - -##### Example - -```javascript -const res = await fetch.json('/-/ping') -console.log(res) // Body parsed as JSON -``` - -#### `> fetch.json.stream(url, jsonPath, [opts]) -> Stream` - -Performs a request to a given registry URL and parses the body of the response -as JSON, with each entry being emitted through the stream. - -The `jsonPath` argument is a [`JSONStream.parse()` -path](https://github.com/dominictarr/JSONStream#jsonstreamparsepath), and the -returned stream (unlike default `JSONStream`s), has a valid -`Symbol.asyncIterator` implementation. - -For available options, please see the section on [`fetch` options](#fetch-opts). - -##### Example - -```javascript -console.log('https://npm.im/~zkat has access to the following packages:') -for await (let {key, value} of fetch.json.stream('/-/user/zkat/package', '$*')) { - console.log(`https://npm.im/${key} (perms: ${value})`) -} -``` - -#### `fetch` Options - -Fetch options are optional, and can be passed in as either a Map-like object -(one with a `.get()` method), a plain javascript object, or a -[`figgy-pudding`](https://npm.im/figgy-pudding) instance. - -##### `opts.agent` - -* Type: http.Agent -* Default: an appropriate agent based on URL protocol and proxy settings - -An [`Agent`](https://nodejs.org/api/http.html#http_class_http_agent) instance to -be shared across requests. This allows multiple concurrent `fetch` requests to -happen on the same socket. - -You do _not_ need to provide this option unless you want something particularly -specialized, since proxy configurations and http/https agents are already -automatically managed internally when this option is not passed through. - -##### `opts.body` - -* Type: Buffer | Stream | Object -* Default: null - -Request body to send through the outgoing request. Buffers and Streams will be -passed through as-is, with a default `content-type` of -`application/octet-stream`. Plain JavaScript objects will be `JSON.stringify`ed -and the `content-type` will default to `application/json`. - -Use [`opts.headers`](#opts-headers) to set the content-type to something else. - -##### `opts.ca` - -* Type: String, Array, or null -* Default: null - -The Certificate Authority signing certificate that is trusted for SSL -connections to the registry. Values should be in PEM format (Windows calls it -"Base-64 encoded X.509 (.CER)") with newlines replaced by the string `'\n'`. For -example: - -``` -{ - ca: '-----BEGIN CERTIFICATE-----\nXXXX\nXXXX\n-----END CERTIFICATE-----' -} -``` - -Set to `null` to only allow "known" registrars, or to a specific CA cert -to trust only that specific signing authority. - -Multiple CAs can be trusted by specifying an array of certificates instead of a -single string. - -See also [`opts.strictSSL`](#opts-strictSSL), [`opts.ca`](#opts-ca) and -[`opts.key`](#opts-key) - -##### `opts.cache` - -* Type: path -* Default: null - -The location of the http cache directory. If provided, certain cachable requests -will be cached according to [IETF RFC 7234](https://tools.ietf.org/html/rfc7234) -rules. This will speed up future requests, as well as make the cached data -available offline if necessary/requested. - -See also [`offline`](#opts-offline), [`preferOffline`](#opts-preferOffline), -and [`preferOnline`](#opts-preferOnline). - -##### `opts.cert` - -* Type: String -* Default: null - -A client certificate to pass when accessing the registry. Values should be in -PEM format (Windows calls it "Base-64 encoded X.509 (.CER)") with newlines -replaced by the string `'\n'`. For example: - -``` -{ - cert: '-----BEGIN CERTIFICATE-----\nXXXX\nXXXX\n-----END CERTIFICATE-----' -} -``` - -It is _not_ the path to a certificate file (and there is no "certfile" option). - -See also: [`opts.ca`](#opts-ca) and [`opts.key`](#opts-key) - -##### `opts.fetchRetries` - -* Type: Number -* Default: 2 - -The "retries" config for [`retry`](https://npm.im/retry) to use when fetching -packages from the registry. - -See also [`opts.retry`](#opts-retry) to provide all retry options as a single -object. - -##### `opts.fetchRetryFactor` - -* Type: Number -* Default: 10 - -The "factor" config for [`retry`](https://npm.im/retry) to use when fetching -packages. - -See also [`opts.retry`](#opts-retry) to provide all retry options as a single -object. - -##### `opts.fetchRetryMintimeout` - -* Type: Number -* Default: 10000 (10 seconds) - -The "minTimeout" config for [`retry`](https://npm.im/retry) to use when fetching -packages. - -See also [`opts.retry`](#opts-retry) to provide all retry options as a single -object. - -##### `opts.fetchRetryMaxtimeout` - -* Type: Number -* Default: 60000 (1 minute) - -The "maxTimeout" config for [`retry`](https://npm.im/retry) to use when fetching -packages. - -See also [`opts.retry`](#opts-retry) to provide all retry options as a single -object. - -##### `opts.forceAuth` - -* Type: Object -* Default: null - -If present, other auth-related values in `opts` will be completely ignored, -including `alwaysAuth`, `email`, and `otp`, when calculating auth for a request, -and the auth details in `opts.forceAuth` will be used instead. - -##### `opts.gzip` - -* Type: Boolean -* Default: false - -If true, `npm-registry-fetch` will set the `Content-Encoding` header to `gzip` -and use `zlib.gzip()` or `zlib.createGzip()` to gzip-encode -[`opts.body`](#opts-body). - -##### `opts.headers` - -* Type: Object -* Default: null - -Additional headers for the outgoing request. This option can also be used to -override headers automatically generated by `npm-registry-fetch`, such as -`Content-Type`. - -##### `opts.ignoreBody` - -* Type: Boolean -* Default: false - -If true, the **response body** will be thrown away and `res.body` set to `null`. -This will prevent dangling response sockets for requests where you don't usually -care what the response body is. - -##### `opts.integrity` - -* Type: String | [SRI object](https://npm.im/ssri) -* Default: null - -If provided, the response body's will be verified against this integrity string, -using [`ssri`](https://npm.im/ssri). If verification succeeds, the response will -complete as normal. If verification fails, the response body will error with an -`EINTEGRITY` error. - -Body integrity is only verified if the body is actually consumed to completion -- -that is, if you use `res.json()`/`res.buffer()`, or if you consume the default -`res` stream data to its end. - -Cached data will have its integrity automatically verified using the -previously-generated integrity hash for the saved request information, so -`EINTEGRITY` errors can happen if [`opts.cache`](#opts-cache) is used, even if -`opts.integrity` is not passed in. - -##### `opts.isFromCI` - -* Type: Boolean -* Default: Based on environment variables - -This is used to populate the `npm-in-ci` request header sent to the registry. - -##### `opts.key` - -* Type: String -* Default: null - -A client key to pass when accessing the registry. Values should be in PEM -format with newlines replaced by the string `'\n'`. For example: - -``` -{ - key: '-----BEGIN PRIVATE KEY-----\nXXXX\nXXXX\n-----END PRIVATE KEY-----' -} -``` - -It is _not_ the path to a key file (and there is no "keyfile" option). - -See also: [`opts.ca`](#opts-ca) and [`opts.cert`](#opts-cert) - -##### `opts.localAddress` - -* Type: IP Address String -* Default: null - -The IP address of the local interface to use when making connections -to the registry. - -See also [`opts.proxy`](#opts-proxy) - -##### `opts.log` - -* Type: [`npmlog`](https://npm.im/npmlog)-like -* Default: null - -Logger object to use for logging operation details. Must have the same methods -as `npmlog`. - -##### `opts.mapJSON` - -* Type: Function -* Default: undefined - -When using `fetch.json.stream()` (NOT `fetch.json()`), this will be passed down -to [`JSONStream`](https://npm.im/JSONStream) as the second argument to -`JSONStream.parse`, and can be used to transform stream data before output. - -##### `opts.maxSockets` - -* Type: Integer -* Default: 12 - -Maximum number of sockets to keep open during requests. Has no effect if -[`opts.agent`](#opts-agent) is used. - -##### `opts.method` - -* Type: String -* Default: 'GET' - -HTTP method to use for the outgoing request. Case-insensitive. - -##### `opts.noproxy` - -* Type: Boolean -* Default: process.env.NOPROXY - -If true, proxying will be disabled even if [`opts.proxy`](#opts-proxy) is used. - -##### `opts.npmSession` - -* Type: String -* Default: null - -If provided, will be sent in the `npm-session` header. This header is used by -the npm registry to identify individual user sessions (usually individual -invocations of the CLI). - -##### `opts.npmCommand` - -* Type: String -* Default: null - -If provided, it will be sent in the `npm-command` header. This yeader is -used by the npm registry to identify the npm command that caused this -request to be made. - -##### `opts.offline` - -* Type: Boolean -* Default: false - -Force offline mode: no network requests will be done during install. To allow -`npm-registry-fetch` to fill in missing cache data, see -[`opts.preferOffline`](#opts-preferOffline). - -This option is only really useful if you're also using -[`opts.cache`](#opts-cache). - -This option is set to `true` when the request includes `write=true` in the -query string. - -##### `opts.otp` - -* Type: Number | String -* Default: null - -This is a one-time password from a two-factor authenticator. It is required for -certain registry interactions when two-factor auth is enabled for a user -account. - -##### `opts.password` - -* Alias: `_password` -* Type: String -* Default: null - -Password used for basic authentication. For the more modern authentication -method, please use the (more secure) [`opts.token`](#opts-token) - -Can optionally be scoped to a registry by using a "nerf dart" for that registry. -That is: - -``` -{ - '//registry.npmjs.org/:password': 't0k3nH34r' -} -``` - -See also [`opts.username`](#opts-username) - -##### `opts.preferOffline` - -* Type: Boolean -* Default: false - -If true, staleness checks for cached data will be bypassed, but missing data -will be requested from the server. To force full offline mode, use -[`opts.offline`](#opts-offline). - -This option is generally only useful if you're also using -[`opts.cache`](#opts-cache). - -This option is set to `false` when the request includes `write=true` in the -query string. - -##### `opts.preferOnline` - -* Type: Boolean -* Default: false - -If true, staleness checks for cached data will be forced, making the CLI look -for updates immediately even for fresh package data. - -This option is generally only useful if you're also using -[`opts.cache`](#opts-cache). - -This option is set to `true` when the request includes `write=true` in the -query string. - -##### `opts.projectScope` - -* Type: String -* Default: null - -If provided, will be sent in the `npm-scope` header. This header is used by the -npm registry to identify the toplevel package scope that a particular project -installation is using. - -##### `opts.proxy` - -* Type: url -* Default: null - -A proxy to use for outgoing http requests. If not passed in, the `HTTP(S)_PROXY` -environment variable will be used. - -##### `opts.query` - -* Type: String | Object -* Default: null - -If provided, the request URI will have a query string appended to it using this -query. If `opts.query` is an object, it will be converted to a query string -using -[`querystring.stringify()`](https://nodejs.org/api/querystring.html#querystring_querystring_stringify_obj_sep_eq_options). - -If the request URI already has a query string, it will be merged with -`opts.query`, preferring `opts.query` values. - -##### `opts.registry` - -* Type: URL -* Default: `'https://registry.npmjs.org'` - -Registry configuration for a request. If a request URL only includes the URL -path, this registry setting will be prepended. This configuration is also used -to determine authentication details, so even if the request URL references a -completely different host, `opts.registry` will be used to find the auth details -for that request. - -See also [`opts.scope`](#opts-scope), [`opts.spec`](#opts-spec), and -[`opts.:registry`](#opts-scope-registry) which can all affect the actual -registry URL used by the outgoing request. - -##### `opts.retry` - -* Type: Object -* Default: null - -Single-object configuration for request retry settings. If passed in, will -override individually-passed `fetch-retry-*` settings. - -##### `opts.scope` - -* Type: String -* Default: null - -Associate an operation with a scope for a scoped registry. This option can force -lookup of scope-specific registries and authentication. - -See also [`opts.:registry`](#opts-scope-registry) and -[`opts.spec`](#opts-spec) for interactions with this option. - -##### `opts.:registry` - -* Type: String -* Default: null - -This option type can be used to configure the registry used for requests -involving a particular scope. For example, `opts['@myscope:registry'] = -'https://scope-specific.registry/'` will make it so requests go out to this -registry instead of [`opts.registry`](#opts-registry) when -[`opts.scope`](#opts-scope) is used, or when [`opts.spec`](#opts-spec) is a -scoped package spec. - -The `@` before the scope name is optional, but recommended. - -##### `opts.spec` - -* Type: String | [`npm-registry-arg`](https://npm.im/npm-registry-arg) object. -* Default: null - -If provided, can be used to automatically configure [`opts.scope`](#opts-scope) -based on a specific package name. Non-registry package specs will throw an -error. - -##### `opts.strictSSL` - -* Type: Boolean -* Default: true - -Whether or not to do SSL key validation when making requests to the -registry via https. - -See also [`opts.ca`](#opts-ca). - -##### `opts.timeout` - -* Type: Milliseconds -* Default: 300000 (5 minutes) - -Time before a hanging request times out. - -##### `opts.token` - -* Alias: `opts._authToken` -* Type: String -* Default: null - -Authentication token string. - -Can be scoped to a registry by using a "nerf dart" for that registry. That is: - -``` -{ - '//registry.npmjs.org/:token': 't0k3nH34r' -} -``` - -##### `opts.userAgent` - -* Type: String -* Default: `'npm-registry-fetch@/node@+ ()'` - -User agent string to send in the `User-Agent` header. - -##### `opts.username` - -* Type: String -* Default: null - -Username used for basic authentication. For the more modern authentication -method, please use the (more secure) [`opts.token`](#opts-token) - -Can optionally be scoped to a registry by using a "nerf dart" for that registry. -That is: - -``` -{ - '//registry.npmjs.org/:username': 't0k3nH34r' -} -``` - -See also [`opts.password`](#opts-password) - -##### `opts._auth` - -* Type: String -* Default: null - -** DEPRECATED ** This is a legacy authentication token supported only for -compatibility. Please use [`opts.token`](#opts-token) instead. diff --git a/node_modules/libnpmsearch/node_modules/npm-registry-fetch/auth.js b/node_modules/libnpmsearch/node_modules/npm-registry-fetch/auth.js deleted file mode 100644 index 11c3bde6b4e6c..0000000000000 --- a/node_modules/libnpmsearch/node_modules/npm-registry-fetch/auth.js +++ /dev/null @@ -1,55 +0,0 @@ -'use strict' - -const defaultOpts = require('./default-opts.js') -const url = require('url') - -module.exports = getAuth -function getAuth (registry, opts_ = {}) { - if (!registry) { throw new Error('registry is required') } - const opts = opts_.forceAuth ? opts_.forceAuth : { ...defaultOpts, ...opts_ } - const AUTH = {} - const regKey = registry && registryKey(registry) - const doKey = (key, alias) => addKey(opts, AUTH, regKey, key, alias) - doKey('token') - doKey('_authToken', 'token') - doKey('username') - doKey('password') - doKey('_password', 'password') - doKey('email') - doKey('_auth') - doKey('otp') - doKey('always-auth', 'alwaysAuth') - if (AUTH.password) { - AUTH.password = Buffer.from(AUTH.password, 'base64').toString('utf8') - } - if (AUTH._auth && !(AUTH.username && AUTH.password)) { - let auth = Buffer.from(AUTH._auth, 'base64').toString() - auth = auth.split(':') - AUTH.username = auth.shift() - AUTH.password = auth.join(':') - } - AUTH.alwaysAuth = AUTH.alwaysAuth === 'false' ? false : !!AUTH.alwaysAuth - return AUTH -} - -function addKey (opts, obj, scope, key, objKey) { - if (opts[key]) { - obj[objKey || key] = opts[key] - } - if (scope && opts[`${scope}:${key}`]) { - obj[objKey || key] = opts[`${scope}:${key}`] - } -} - -// Called a nerf dart in the main codebase. Used as a "safe" -// key when fetching registry info from config. -function registryKey (registry) { - const parsed = new url.URL(registry) - const formatted = url.format({ - protocol: parsed.protocol, - host: parsed.host, - pathname: parsed.pathname, - slashes: true - }) - return url.format(new url.URL('.', formatted)).replace(/^[^:]+:/, '') -} diff --git a/node_modules/libnpmsearch/node_modules/npm-registry-fetch/check-response.js b/node_modules/libnpmsearch/node_modules/npm-registry-fetch/check-response.js deleted file mode 100644 index f151711f30160..0000000000000 --- a/node_modules/libnpmsearch/node_modules/npm-registry-fetch/check-response.js +++ /dev/null @@ -1,128 +0,0 @@ -'use strict' - -const errors = require('./errors.js') -const LRU = require('lru-cache') -const { Response } = require('minipass-fetch') -const defaultOpts = require('./default-opts.js') - -module.exports = checkResponse -function checkResponse (method, res, registry, startTime, opts_ = {}) { - const opts = { ...defaultOpts, ...opts_ } - if (res.headers.has('npm-notice') && !res.headers.has('x-local-cache')) { - opts.log.notice('', res.headers.get('npm-notice')) - } - checkWarnings(res, registry, opts) - if (res.status >= 400) { - logRequest(method, res, startTime, opts) - return checkErrors(method, res, startTime, opts) - } else { - res.body.on('end', () => logRequest(method, res, startTime, opts)) - if (opts.ignoreBody) { - res.body.resume() - return new Response(null, res) - } - return res - } -} - -function logRequest (method, res, startTime, opts) { - const elapsedTime = Date.now() - startTime - const attempt = res.headers.get('x-fetch-attempts') - const attemptStr = attempt && attempt > 1 ? ` attempt #${attempt}` : '' - const cacheStr = res.headers.get('x-local-cache') ? ' (from cache)' : '' - - let urlStr - try { - const { URL } = require('url') - const url = new URL(res.url) - if (url.password) { - url.password = '***' - } - urlStr = url.toString() - } catch (er) { - urlStr = res.url - } - - opts.log.http( - 'fetch', - `${method.toUpperCase()} ${res.status} ${urlStr} ${elapsedTime}ms${attemptStr}${cacheStr}` - ) -} - -const WARNING_REGEXP = /^\s*(\d{3})\s+(\S+)\s+"(.*)"\s+"([^"]+)"/ -const BAD_HOSTS = new LRU({ max: 50 }) - -function checkWarnings (res, registry, opts) { - if (res.headers.has('warning') && !BAD_HOSTS.has(registry)) { - const warnings = {} - // note: headers.raw() will preserve case, so we might have a - // key on the object like 'WaRnInG' if that was used first - for (const [key, value] of Object.entries(res.headers.raw())) { - if (key.toLowerCase() !== 'warning') { continue } - value.forEach(w => { - const match = w.match(WARNING_REGEXP) - if (match) { - warnings[match[1]] = { - code: match[1], - host: match[2], - message: match[3], - date: new Date(match[4]) - } - } - }) - } - BAD_HOSTS.set(registry, true) - if (warnings['199']) { - if (warnings['199'].message.match(/ENOTFOUND/)) { - opts.log.warn('registry', `Using stale data from ${registry} because the host is inaccessible -- are you offline?`) - } else { - opts.log.warn('registry', `Unexpected warning for ${registry}: ${warnings['199'].message}`) - } - } - if (warnings['111']) { - // 111 Revalidation failed -- we're using stale data - opts.log.warn( - 'registry', - `Using stale data from ${registry} due to a request error during revalidation.` - ) - } - } -} - -function checkErrors (method, res, startTime, opts) { - return res.buffer() - .catch(() => null) - .then(body => { - let parsed = body - try { - parsed = JSON.parse(body.toString('utf8')) - } catch (e) {} - if (res.status === 401 && res.headers.get('www-authenticate')) { - const auth = res.headers.get('www-authenticate') - .split(/,\s*/) - .map(s => s.toLowerCase()) - if (auth.indexOf('ipaddress') !== -1) { - throw new errors.HttpErrorAuthIPAddress( - method, res, parsed, opts.spec - ) - } else if (auth.indexOf('otp') !== -1) { - throw new errors.HttpErrorAuthOTP( - method, res, parsed, opts.spec - ) - } else { - throw new errors.HttpErrorAuthUnknown( - method, res, parsed, opts.spec - ) - } - } else if (res.status === 401 && body != null && /one-time pass/.test(body.toString('utf8'))) { - // Heuristic for malformed OTP responses that don't include the www-authenticate header. - throw new errors.HttpErrorAuthOTP( - method, res, parsed, opts.spec - ) - } else { - throw new errors.HttpErrorGeneral( - method, res, parsed, opts.spec - ) - } - }) -} diff --git a/node_modules/libnpmsearch/node_modules/npm-registry-fetch/default-opts.js b/node_modules/libnpmsearch/node_modules/npm-registry-fetch/default-opts.js deleted file mode 100644 index b742fd5a5fcd4..0000000000000 --- a/node_modules/libnpmsearch/node_modules/npm-registry-fetch/default-opts.js +++ /dev/null @@ -1,22 +0,0 @@ -const pkg = require('./package.json') -const ciDetect = require('@npmcli/ci-detect') -module.exports = { - isFromCI: ciDetect(), - log: require('./silentlog.js'), - maxSockets: 12, - method: 'GET', - registry: 'https://registry.npmjs.org/', - timeout: 5 * 60 * 1000, // 5 minutes - strictSSL: true, - noProxy: process.env.NOPROXY, - userAgent: `${pkg.name - }@${ - pkg.version - }/node@${ - process.version - }+${ - process.arch - } (${ - process.platform - })` -} diff --git a/node_modules/libnpmsearch/node_modules/npm-registry-fetch/errors.js b/node_modules/libnpmsearch/node_modules/npm-registry-fetch/errors.js deleted file mode 100644 index c41947e29952d..0000000000000 --- a/node_modules/libnpmsearch/node_modules/npm-registry-fetch/errors.js +++ /dev/null @@ -1,79 +0,0 @@ -'use strict' - -const url = require('url') - -function packageName (href) { - try { - let basePath = new url.URL(href).pathname.substr(1) - if (!basePath.match(/^-/)) { - basePath = basePath.split('/') - var index = basePath.indexOf('_rewrite') - if (index === -1) { - index = basePath.length - 1 - } else { - index++ - } - return decodeURIComponent(basePath[index]) - } - } catch (_) { - // this is ok - } -} - -class HttpErrorBase extends Error { - constructor (method, res, body, spec) { - super() - this.headers = res.headers.raw() - this.statusCode = res.status - this.code = `E${res.status}` - this.method = method - this.uri = res.url - this.body = body - this.pkgid = spec ? spec.toString() : packageName(res.url) - } -} -module.exports.HttpErrorBase = HttpErrorBase - -class HttpErrorGeneral extends HttpErrorBase { - constructor (method, res, body, spec) { - super(method, res, body, spec) - this.message = `${res.status} ${res.statusText} - ${ - this.method.toUpperCase() - } ${ - this.spec || this.uri - }${ - (body && body.error) ? ' - ' + body.error : '' - }` - Error.captureStackTrace(this, HttpErrorGeneral) - } -} -module.exports.HttpErrorGeneral = HttpErrorGeneral - -class HttpErrorAuthOTP extends HttpErrorBase { - constructor (method, res, body, spec) { - super(method, res, body, spec) - this.message = 'OTP required for authentication' - this.code = 'EOTP' - Error.captureStackTrace(this, HttpErrorAuthOTP) - } -} -module.exports.HttpErrorAuthOTP = HttpErrorAuthOTP - -class HttpErrorAuthIPAddress extends HttpErrorBase { - constructor (method, res, body, spec) { - super(method, res, body, spec) - this.message = 'Login is not allowed from your IP address' - this.code = 'EAUTHIP' - Error.captureStackTrace(this, HttpErrorAuthIPAddress) - } -} -module.exports.HttpErrorAuthIPAddress = HttpErrorAuthIPAddress - -class HttpErrorAuthUnknown extends HttpErrorBase { - constructor (method, res, body, spec) { - super(method, res, body, spec) - this.message = 'Unable to authenticate, need: ' + res.headers.get('www-authenticate') - Error.captureStackTrace(this, HttpErrorAuthUnknown) - } -} -module.exports.HttpErrorAuthUnknown = HttpErrorAuthUnknown diff --git a/node_modules/libnpmsearch/node_modules/npm-registry-fetch/index.js b/node_modules/libnpmsearch/node_modules/npm-registry-fetch/index.js deleted file mode 100644 index 2324e7fbfd00b..0000000000000 --- a/node_modules/libnpmsearch/node_modules/npm-registry-fetch/index.js +++ /dev/null @@ -1,219 +0,0 @@ -'use strict' - -const checkResponse = require('./check-response.js') -const getAuth = require('./auth.js') -const fetch = require('make-fetch-happen') -const JSONStream = require('minipass-json-stream') -const npa = require('npm-package-arg') -const qs = require('querystring') -const url = require('url') -const zlib = require('minizlib') -const Minipass = require('minipass') - -const defaultOpts = require('./default-opts.js') - -// WhatWG URL throws if it's not fully resolved -const urlIsValid = u => { - try { - return !!new url.URL(u) - } catch (_) { - return false - } -} - -module.exports = regFetch -function regFetch (uri, /* istanbul ignore next */ opts_ = {}) { - const opts = { - ...defaultOpts, - ...opts_ - } - const registry = opts.registry = ( - (opts.spec && pickRegistry(opts.spec, opts)) || - (opts.publishConfig && opts.publishConfig.registry) || - opts.registry || - /* istanbul ignore next */ - 'https://registry.npmjs.org/' - ) - - if (!urlIsValid(uri)) { - uri = `${ - registry.trim().replace(/\/?$/g, '') - }/${ - uri.trim().replace(/^\//, '') - }` - } - - const method = opts.method || 'GET' - - // through that takes into account the scope, the prefix of `uri`, etc - const startTime = Date.now() - const headers = getHeaders(registry, uri, opts) - let body = opts.body - const bodyIsStream = Minipass.isStream(body) - const bodyIsPromise = body && - typeof body === 'object' && - typeof body.then === 'function' - - if (body && !bodyIsStream && !bodyIsPromise && typeof body !== 'string' && !Buffer.isBuffer(body)) { - headers['content-type'] = headers['content-type'] || 'application/json' - body = JSON.stringify(body) - } else if (body && !headers['content-type']) { - headers['content-type'] = 'application/octet-stream' - } - - if (opts.gzip) { - headers['content-encoding'] = 'gzip' - if (bodyIsStream) { - const gz = new zlib.Gzip() - body.on('error', /* istanbul ignore next: unlikely and hard to test */ - err => gz.emit('error', err)) - body = body.pipe(gz) - } else if (!bodyIsPromise) { - body = new zlib.Gzip().end(body).concat() - } - } - - const parsed = new url.URL(uri) - - if (opts.query) { - const q = typeof opts.query === 'string' - ? qs.parse(opts.query) - : opts.query - - Object.keys(q).forEach(key => { - if (q[key] !== undefined) { - parsed.searchParams.set(key, q[key]) - } - }) - uri = url.format(parsed) - } - - if (parsed.searchParams.get('write') === 'true' && method === 'GET') { - // do not cache, because this GET is fetching a rev that will be - // used for a subsequent PUT or DELETE, so we need to conditionally - // update cache. - opts.offline = false - opts.preferOffline = false - opts.preferOnline = true - } - - const doFetch = (body) => fetch(uri, { - agent: opts.agent, - algorithms: opts.algorithms, - body, - cache: getCacheMode(opts), - cacheManager: opts.cache, - ca: opts.ca, - cert: opts.cert, - headers, - integrity: opts.integrity, - key: opts.key, - localAddress: opts.localAddress, - maxSockets: opts.maxSockets, - memoize: opts.memoize, - method: method, - noProxy: opts.noProxy, - proxy: opts.httpsProxy || opts.proxy, - retry: opts.retry ? opts.retry : { - retries: opts.fetchRetries, - factor: opts.fetchRetryFactor, - minTimeout: opts.fetchRetryMintimeout, - maxTimeout: opts.fetchRetryMaxtimeout - }, - strictSSL: opts.strictSSL, - timeout: opts.timeout || 30 * 1000 - }).then(res => checkResponse( - method, res, registry, startTime, opts - )) - - return Promise.resolve(body).then(doFetch) -} - -module.exports.json = fetchJSON -function fetchJSON (uri, opts) { - return regFetch(uri, opts).then(res => res.json()) -} - -module.exports.json.stream = fetchJSONStream -function fetchJSONStream (uri, jsonPath, /* istanbul ignore next */ opts_ = {}) { - const opts = { ...defaultOpts, ...opts_ } - const parser = JSONStream.parse(jsonPath, opts.mapJSON) - regFetch(uri, opts).then(res => - res.body.on('error', - /* istanbul ignore next: unlikely and difficult to test */ - er => parser.emit('error', er)).pipe(parser) - ).catch(er => parser.emit('error', er)) - return parser -} - -module.exports.pickRegistry = pickRegistry -function pickRegistry (spec, opts = {}) { - spec = npa(spec) - let registry = spec.scope && - opts[spec.scope.replace(/^@?/, '@') + ':registry'] - - if (!registry && opts.scope) { - registry = opts[opts.scope.replace(/^@?/, '@') + ':registry'] - } - - if (!registry && opts.publishConfig) { - registry = opts.publishConfig.registry - } - - if (!registry) { - registry = opts.registry || 'https://registry.npmjs.org/' - } - - return registry -} - -function getCacheMode (opts) { - return opts.offline - ? 'only-if-cached' - : opts.preferOffline - ? 'force-cache' - : opts.preferOnline - ? 'no-cache' - : 'default' -} - -function getHeaders (registry, uri, opts) { - const headers = Object.assign({ - 'npm-in-ci': !!opts.isFromCI, - 'user-agent': opts.userAgent - }, opts.headers || {}) - - if (opts.projectScope) { - headers['npm-scope'] = opts.projectScope - } - - if (opts.npmSession) { - headers['npm-session'] = opts.npmSession - } - - if (opts.npmCommand) { - headers['npm-command'] = opts.npmCommand - } - - const auth = getAuth(registry, opts) - // If a tarball is hosted on a different place than the manifest, only send - // credentials on `alwaysAuth` - const shouldAuth = ( - auth.alwaysAuth || - new url.URL(uri).host === new url.URL(registry).host - ) - if (shouldAuth && auth.token) { - headers.authorization = `Bearer ${auth.token}` - } else if (shouldAuth && auth.username && auth.password) { - const encoded = Buffer.from( - `${auth.username}:${auth.password}`, 'utf8' - ).toString('base64') - headers.authorization = `Basic ${encoded}` - } else if (shouldAuth && auth._auth) { - headers.authorization = `Basic ${auth._auth}` - } - if (shouldAuth && auth.otp) { - headers['npm-otp'] = auth.otp - } - return headers -} diff --git a/node_modules/libnpmsearch/node_modules/npm-registry-fetch/package.json b/node_modules/libnpmsearch/node_modules/npm-registry-fetch/package.json deleted file mode 100644 index 5aeddc5b39102..0000000000000 --- a/node_modules/libnpmsearch/node_modules/npm-registry-fetch/package.json +++ /dev/null @@ -1,59 +0,0 @@ -{ - "name": "npm-registry-fetch", - "version": "8.1.5", - "description": "Fetch-based http client for use with npm registry APIs", - "main": "index.js", - "files": [ - "*.js", - "lib" - ], - "scripts": { - "postrelease": "npm publish", - "posttest": "standard", - "prepublishOnly": "git push --follow-tags", - "prerelease": "npm t", - "release": "standard-version -s", - "test": "tap" - }, - "repository": "https://github.com/npm/registry-fetch", - "keywords": [ - "npm", - "registry", - "fetch" - ], - "author": { - "name": "Kat Marchán", - "email": "kzm@sykosomatic.org", - "twitter": "maybekatz" - }, - "license": "ISC", - "dependencies": { - "@npmcli/ci-detect": "^1.0.0", - "lru-cache": "^6.0.0", - "make-fetch-happen": "^8.0.9", - "minipass": "^3.1.3", - "minipass-fetch": "^1.3.0", - "minipass-json-stream": "^1.0.1", - "minizlib": "^2.0.0", - "npm-package-arg": "^8.0.0" - }, - "devDependencies": { - "cacache": "^15.0.0", - "mkdirp": "^0.5.1", - "nock": "^11.7.0", - "npmlog": "^4.1.2", - "require-inject": "^1.4.4", - "rimraf": "^2.6.2", - "ssri": "^8.0.0", - "standard": "^14.3.3", - "standard-version": "^7.1.0", - "tap": "^14.10.7" - }, - "tap": { - "check-coverage": true, - "test-ignore": "test[\\\\/](util|cache)[\\\\/]" - }, - "engines": { - "node": ">=10" - } -} diff --git a/node_modules/libnpmsearch/node_modules/npm-registry-fetch/silentlog.js b/node_modules/libnpmsearch/node_modules/npm-registry-fetch/silentlog.js deleted file mode 100644 index 886c5d55b2dbb..0000000000000 --- a/node_modules/libnpmsearch/node_modules/npm-registry-fetch/silentlog.js +++ /dev/null @@ -1,14 +0,0 @@ -'use strict' - -const noop = Function.prototype -module.exports = { - error: noop, - warn: noop, - notice: noop, - info: noop, - verbose: noop, - silly: noop, - http: noop, - pause: noop, - resume: noop -} diff --git a/node_modules/libnpmsearch/package.json b/node_modules/libnpmsearch/package.json index 0007a7fcc4a8d..5b86d77d5cb2b 100644 --- a/node_modules/libnpmsearch/package.json +++ b/node_modules/libnpmsearch/package.json @@ -1,6 +1,6 @@ { "name": "libnpmsearch", - "version": "3.0.0", + "version": "3.0.1", "description": "Programmatic API for searching in npm and compatible registries.", "author": "Kat Marchán ", "files": [ @@ -37,7 +37,7 @@ "bugs": "https://github.com/npm/libnpmsearch/issues", "homepage": "https://npmjs.com/package/libnpmsearch", "dependencies": { - "npm-registry-fetch": "^8.0.0" + "npm-registry-fetch": "^9.0.0" }, "engines": { "node": ">=10" diff --git a/package-lock.json b/package-lock.json index 5dc44ebcdc563..a3b44e5f81af6 100644 --- a/package-lock.json +++ b/package-lock.json @@ -110,7 +110,7 @@ "libnpmorg": "^2.0.0", "libnpmpack": "^2.0.0", "libnpmpublish": "^4.0.0", - "libnpmsearch": "^3.0.0", + "libnpmsearch": "^3.0.1", "libnpmteam": "^2.0.2", "libnpmversion": "^1.0.6", "make-fetch-happen": "^8.0.9", @@ -3823,30 +3823,12 @@ } }, "node_modules/libnpmsearch": { - "version": "3.0.0", - "inBundle": true, - "license": "ISC", - "dependencies": { - "npm-registry-fetch": "^8.0.0" - }, - "engines": { - "node": ">=10" - } - }, - "node_modules/libnpmsearch/node_modules/npm-registry-fetch": { - "version": "8.1.5", - "resolved": "https://registry.npmjs.org/npm-registry-fetch/-/npm-registry-fetch-8.1.5.tgz", - "integrity": "sha512-yZPNoJK9clx1jhSXU54kU6Aj1SV2p7mXUs1W/6OjQvek3wb1RrjDCrt4iY1+VX9eBQvvSGEpzNmYkRUaTL8rqg==", + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/libnpmsearch/-/libnpmsearch-3.0.1.tgz", + "integrity": "sha512-AiYl3w8yrSrmxnwa97bXBNTcWlDiAFIIVUGtk4yPz4YNtx9CCeGpYinZKN+G9I5KJGAS+sAVv9SykFEKextB5w==", "inBundle": true, "dependencies": { - "@npmcli/ci-detect": "^1.0.0", - "lru-cache": "^6.0.0", - "make-fetch-happen": "^8.0.9", - "minipass": "^3.1.3", - "minipass-fetch": "^1.3.0", - "minipass-json-stream": "^1.0.1", - "minizlib": "^2.0.0", - "npm-package-arg": "^8.0.0" + "npm-registry-fetch": "^9.0.0" }, "engines": { "node": ">=10" @@ -11599,26 +11581,11 @@ } }, "libnpmsearch": { - "version": "3.0.0", + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/libnpmsearch/-/libnpmsearch-3.0.1.tgz", + "integrity": "sha512-AiYl3w8yrSrmxnwa97bXBNTcWlDiAFIIVUGtk4yPz4YNtx9CCeGpYinZKN+G9I5KJGAS+sAVv9SykFEKextB5w==", "requires": { - "npm-registry-fetch": "^8.0.0" - }, - "dependencies": { - "npm-registry-fetch": { - "version": "8.1.5", - "resolved": "https://registry.npmjs.org/npm-registry-fetch/-/npm-registry-fetch-8.1.5.tgz", - "integrity": "sha512-yZPNoJK9clx1jhSXU54kU6Aj1SV2p7mXUs1W/6OjQvek3wb1RrjDCrt4iY1+VX9eBQvvSGEpzNmYkRUaTL8rqg==", - "requires": { - "@npmcli/ci-detect": "^1.0.0", - "lru-cache": "^6.0.0", - "make-fetch-happen": "^8.0.9", - "minipass": "^3.1.3", - "minipass-fetch": "^1.3.0", - "minipass-json-stream": "^1.0.1", - "minizlib": "^2.0.0", - "npm-package-arg": "^8.0.0" - } - } + "npm-registry-fetch": "^9.0.0" } }, "libnpmteam": { diff --git a/package.json b/package.json index aab6fa8c0506d..875b65ea0adb0 100644 --- a/package.json +++ b/package.json @@ -74,7 +74,7 @@ "libnpmorg": "^2.0.0", "libnpmpack": "^2.0.0", "libnpmpublish": "^4.0.0", - "libnpmsearch": "^3.0.0", + "libnpmsearch": "^3.0.1", "libnpmteam": "^2.0.2", "libnpmversion": "^1.0.6", "make-fetch-happen": "^8.0.9", From 9fc1dee138ca33ecdbd57e63142b27c60cf88f9b Mon Sep 17 00:00:00 2001 From: isaacs Date: Tue, 3 Nov 2020 13:07:32 -0800 Subject: [PATCH 12/21] libnpmorg@2.0.1 --- .../npm-registry-fetch/CHANGELOG.md | 384 ----------- .../npm-registry-fetch/LICENSE.md | 16 - .../node_modules/npm-registry-fetch/README.md | 635 ------------------ .../node_modules/npm-registry-fetch/auth.js | 55 -- .../npm-registry-fetch/check-response.js | 128 ---- .../npm-registry-fetch/default-opts.js | 22 - .../node_modules/npm-registry-fetch/errors.js | 79 --- .../node_modules/npm-registry-fetch/index.js | 219 ------ .../npm-registry-fetch/package.json | 59 -- .../npm-registry-fetch/silentlog.js | 14 - node_modules/libnpmorg/package.json | 4 +- package-lock.json | 51 +- package.json | 2 +- 13 files changed, 12 insertions(+), 1656 deletions(-) delete mode 100644 node_modules/libnpmorg/node_modules/npm-registry-fetch/CHANGELOG.md delete mode 100644 node_modules/libnpmorg/node_modules/npm-registry-fetch/LICENSE.md delete mode 100644 node_modules/libnpmorg/node_modules/npm-registry-fetch/README.md delete mode 100644 node_modules/libnpmorg/node_modules/npm-registry-fetch/auth.js delete mode 100644 node_modules/libnpmorg/node_modules/npm-registry-fetch/check-response.js delete mode 100644 node_modules/libnpmorg/node_modules/npm-registry-fetch/default-opts.js delete mode 100644 node_modules/libnpmorg/node_modules/npm-registry-fetch/errors.js delete mode 100644 node_modules/libnpmorg/node_modules/npm-registry-fetch/index.js delete mode 100644 node_modules/libnpmorg/node_modules/npm-registry-fetch/package.json delete mode 100644 node_modules/libnpmorg/node_modules/npm-registry-fetch/silentlog.js diff --git a/node_modules/libnpmorg/node_modules/npm-registry-fetch/CHANGELOG.md b/node_modules/libnpmorg/node_modules/npm-registry-fetch/CHANGELOG.md deleted file mode 100644 index fc26ee1bda4ba..0000000000000 --- a/node_modules/libnpmorg/node_modules/npm-registry-fetch/CHANGELOG.md +++ /dev/null @@ -1,384 +0,0 @@ -# Changelog - -All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines. - -### [8.1.5](https://github.com/npm/registry-fetch/compare/v8.1.4...v8.1.5) (2020-10-12) - - -### Bug Fixes - -* respect publishConfig.registry when specified ([32e36ef](https://github.com/npm/registry-fetch/commit/32e36efe86302ed319973cd5b1e6ccc3f62e557e)), closes [#35](https://github.com/npm/registry-fetch/issues/35) - -### [8.1.4](https://github.com/npm/registry-fetch/compare/v8.1.3...v8.1.4) (2020-08-17) - - -### Bug Fixes - -* redact passwords from http logs ([3c294eb](https://github.com/npm/registry-fetch/commit/3c294ebbd7821725db4ff1bc5fe368c49613efcc)) - -### [8.1.3](https://github.com/npm/registry-fetch/compare/v8.1.2...v8.1.3) (2020-07-21) - -### [8.1.2](https://github.com/npm/registry-fetch/compare/v8.1.1...v8.1.2) (2020-07-11) - -### [8.1.1](https://github.com/npm/registry-fetch/compare/v8.1.0...v8.1.1) (2020-06-30) - -## [8.1.0](https://github.com/npm/registry-fetch/compare/v8.0.3...v8.1.0) (2020-05-20) - - -### Features - -* add npm-command HTTP header ([1bb4eb2](https://github.com/npm/registry-fetch/commit/1bb4eb2c66ee8a0dc62558bdcff1b548e2bb9820)) - -### [8.0.3](https://github.com/npm/registry-fetch/compare/v8.0.2...v8.0.3) (2020-05-13) - - -### Bug Fixes - -* update minipass and make-fetch-happen to latest ([3b6c5d0](https://github.com/npm/registry-fetch/commit/3b6c5d0d8ccd4c4a97862a65acef956f19aec127)), closes [#23](https://github.com/npm/registry-fetch/issues/23) - -### [8.0.2](https://github.com/npm/registry-fetch/compare/v8.0.1...v8.0.2) (2020-05-04) - - -### Bug Fixes - -* update make-fetch-happen to 8.0.6 ([226df2c](https://github.com/npm/registry-fetch/commit/226df2c32e3f9ed8ceefcfdbd11efb178181b442)) - -## [8.0.0](https://github.com/npm/registry-fetch/compare/v7.0.1...v8.0.0) (2020-02-24) - - -### ⚠ BREAKING CHANGES - -* Removes the 'opts.refer' option and the HTTP Referer -header (unless explicitly added to the 'headers' option, of course). - -PR-URL: https://github.com/npm/npm-registry-fetch/pull/25 -Credit: @isaacs - -### Bug Fixes - -* remove referer header and opts.refer ([eb8f7af](https://github.com/npm/registry-fetch/commit/eb8f7af3c102834856604c1be664b00ca0fe8ef2)), closes [#25](https://github.com/npm/registry-fetch/issues/25) - -### [7.0.1](https://github.com/npm/registry-fetch/compare/v7.0.0...v7.0.1) (2020-02-24) - -## [7.0.0](https://github.com/npm/registry-fetch/compare/v6.0.2...v7.0.0) (2020-02-18) - - -### ⚠ BREAKING CHANGES - -* figgy pudding is now nowhere to be found. -* this removes figgy-pudding, and drops several option -aliases. - -Defaults and behavior are all the same, and this module is now using the -canonical camelCase option names that npm v7 will provide to all its -deps. - -Related to: https://github.com/npm/rfcs/pull/102 - -PR-URL: https://github.com/npm/npm-registry-fetch/pull/22 -Credit: @isaacs - -### Bug Fixes - -* Remove figgy-pudding, use canonical option names ([ede3c08](https://github.com/npm/registry-fetch/commit/ede3c087007fd1808e02b1af70562220d03b18a9)), closes [#22](https://github.com/npm/registry-fetch/issues/22) - - -* update cacache, ssri, make-fetch-happen ([57fcc88](https://github.com/npm/registry-fetch/commit/57fcc889bee03edcc0a2025d96a171039108c231)) - -### [6.0.2](https://github.com/npm/registry-fetch/compare/v6.0.1...v6.0.2) (2020-02-14) - - -### Bug Fixes - -* always bypass cache when ?write=true ([83f89f3](https://github.com/npm/registry-fetch/commit/83f89f35abd2ed0507c869e37f90ed746375772c)) - -### [6.0.1](https://github.com/npm/registry-fetch/compare/v6.0.0...v6.0.1) (2020-02-14) - - -### Bug Fixes - -* use 30s default for timeout as per README ([50e8afc](https://github.com/npm/registry-fetch/commit/50e8afc6ff850542feb588f9f9c64ebae59e72a0)), closes [#20](https://github.com/npm/registry-fetch/issues/20) - -## [6.0.0](https://github.com/npm/registry-fetch/compare/v5.0.1...v6.0.0) (2019-12-17) - - -### ⚠ BREAKING CHANGES - -* This drops support for node < 10. - -There are some lint failures due to standard pushing for using WhatWG URL -objects instead of url.parse/url.resolve. However, the code in this lib -does some fancy things with the query/search portions of the parsed url -object, so it'll take a bit of care to make it work properly. - -### Bug Fixes - -* detect CI so our tests don't fail in CI ([5813da6](https://github.com/npm/registry-fetch/commit/5813da634cef73b12e40373972d7937e6934fce0)) -* Use WhatWG URLs instead of url.parse ([8ccfa8a](https://github.com/npm/registry-fetch/commit/8ccfa8a72c38cfedb0f525b7f453644fd4444f99)) - - -* normalize settings, drop old nodes, update deps ([510b125](https://github.com/npm/registry-fetch/commit/510b1255cc7ed4bb397a34e0007757dae33e2275)) - - -## [5.0.1](https://github.com/npm/registry-fetch/compare/v5.0.0...v5.0.1) (2019-11-11) - - - - -# [5.0.0](https://github.com/npm/registry-fetch/compare/v4.0.2...v5.0.0) (2019-10-04) - - -### Bug Fixes - -* prefer const in getAuth function ([90ac7b1](https://github.com/npm/registry-fetch/commit/90ac7b1)) -* use minizlib instead of core zlib ([e64702e](https://github.com/npm/registry-fetch/commit/e64702e)) - - -### Features - -* refactor to use Minipass streams ([bb37f20](https://github.com/npm/registry-fetch/commit/bb37f20)) - - -### BREAKING CHANGES - -* this replaces all core streams (except for some -PassThrough streams in a few tests) with Minipass streams, and updates -all deps to the latest and greatest Minipass versions of things. - - - - -## [4.0.2](https://github.com/npm/registry-fetch/compare/v4.0.0...v4.0.2) (2019-10-04) - - -### Bug Fixes - -* Add null check on body on 401 errors ([e3a0186](https://github.com/npm/registry-fetch/commit/e3a0186)), closes [#9](https://github.com/npm/registry-fetch/issues/9) -* **deps:** Add explicit dependency on safe-buffer ([8eae5f0](https://github.com/npm/registry-fetch/commit/8eae5f0)), closes [npm/libnpmaccess#2](https://github.com/npm/libnpmaccess/issues/2) [#3](https://github.com/npm/registry-fetch/issues/3) - - - - -# [4.0.0](https://github.com/npm/registry-fetch/compare/v3.9.1...v4.0.0) (2019-07-15) - - -* cacache@12.0.0, infer uid from cache folder ([0c4f060](https://github.com/npm/registry-fetch/commit/0c4f060)) - - -### BREAKING CHANGES - -* uid and gid are inferred from cache folder, rather than -being passed in as options. - - - - -## [3.9.1](https://github.com/npm/registry-fetch/compare/v3.9.0...v3.9.1) (2019-07-02) - - - - -# [3.9.0](https://github.com/npm/registry-fetch/compare/v3.8.0...v3.9.0) (2019-01-24) - - -### Features - -* **auth:** support username:password encoded legacy _auth ([a91f90c](https://github.com/npm/registry-fetch/commit/a91f90c)) - - - - -# [3.8.0](https://github.com/npm/registry-fetch/compare/v3.7.0...v3.8.0) (2018-08-23) - - -### Features - -* **mapJson:** add support for passing in json stream mapper ([0600986](https://github.com/npm/registry-fetch/commit/0600986)) - - - - -# [3.7.0](https://github.com/npm/registry-fetch/compare/v3.6.0...v3.7.0) (2018-08-23) - - -### Features - -* **json.stream:** add utility function for streamed JSON parsing ([051d969](https://github.com/npm/registry-fetch/commit/051d969)) - - - - -# [3.6.0](https://github.com/npm/registry-fetch/compare/v3.5.0...v3.6.0) (2018-08-22) - - -### Bug Fixes - -* **docs:** document opts.forceAuth ([40bcd65](https://github.com/npm/registry-fetch/commit/40bcd65)) - - -### Features - -* **opts.ignoreBody:** add a boolean to throw away response bodies ([6923702](https://github.com/npm/registry-fetch/commit/6923702)) - - - - -# [3.5.0](https://github.com/npm/registry-fetch/compare/v3.4.0...v3.5.0) (2018-08-22) - - -### Features - -* **pkgid:** heuristic pkgid calculation for errors ([2e789a5](https://github.com/npm/registry-fetch/commit/2e789a5)) - - - - -# [3.4.0](https://github.com/npm/registry-fetch/compare/v3.3.0...v3.4.0) (2018-08-22) - - -### Bug Fixes - -* **deps:** use new figgy-pudding with aliases fix ([0308f54](https://github.com/npm/registry-fetch/commit/0308f54)) - - -### Features - -* **auth:** add forceAuth option to force a specific auth mechanism ([4524d17](https://github.com/npm/registry-fetch/commit/4524d17)) - - - - -# [3.3.0](https://github.com/npm/registry-fetch/compare/v3.2.1...v3.3.0) (2018-08-21) - - -### Bug Fixes - -* **query:** stop including undefined keys ([4718b1b](https://github.com/npm/registry-fetch/commit/4718b1b)) - - -### Features - -* **otp:** use heuristic detection for malformed EOTP responses ([f035194](https://github.com/npm/registry-fetch/commit/f035194)) - - - - -## [3.2.1](https://github.com/npm/registry-fetch/compare/v3.2.0...v3.2.1) (2018-08-16) - - -### Bug Fixes - -* **opts:** pass through non-null opts.retry ([beba040](https://github.com/npm/registry-fetch/commit/beba040)) - - - - -# [3.2.0](https://github.com/npm/registry-fetch/compare/v3.1.1...v3.2.0) (2018-07-27) - - -### Features - -* **gzip:** add opts.gzip convenience opt ([340abe0](https://github.com/npm/registry-fetch/commit/340abe0)) - - - - -## [3.1.1](https://github.com/npm/registry-fetch/compare/v3.1.0...v3.1.1) (2018-04-09) - - - - -# [3.1.0](https://github.com/npm/registry-fetch/compare/v3.0.0...v3.1.0) (2018-04-09) - - -### Features - -* **config:** support no-proxy and https-proxy options ([9aa906b](https://github.com/npm/registry-fetch/commit/9aa906b)) - - - - -# [3.0.0](https://github.com/npm/registry-fetch/compare/v2.1.0...v3.0.0) (2018-04-09) - - -### Bug Fixes - -* **api:** pacote integration-related fixes ([a29de4f](https://github.com/npm/registry-fetch/commit/a29de4f)) -* **config:** stop caring about opts.config ([5856a6f](https://github.com/npm/registry-fetch/commit/5856a6f)) - - -### BREAKING CHANGES - -* **config:** opts.config is no longer supported. Pass the options down in opts itself. - - - - -# [2.1.0](https://github.com/npm/registry-fetch/compare/v2.0.0...v2.1.0) (2018-04-08) - - -### Features - -* **token:** accept opts.token for opts._authToken ([108c9f0](https://github.com/npm/registry-fetch/commit/108c9f0)) - - - - -# [2.0.0](https://github.com/npm/registry-fetch/compare/v1.1.1...v2.0.0) (2018-04-08) - - -### meta - -* drop support for node@4 ([758536e](https://github.com/npm/registry-fetch/commit/758536e)) - - -### BREAKING CHANGES - -* node@4 is no longer supported - - - - -## [1.1.1](https://github.com/npm/registry-fetch/compare/v1.1.0...v1.1.1) (2018-04-06) - - - - -# [1.1.0](https://github.com/npm/registry-fetch/compare/v1.0.1...v1.1.0) (2018-03-16) - - -### Features - -* **specs:** can use opts.spec to trigger pickManifest ([85c4ac9](https://github.com/npm/registry-fetch/commit/85c4ac9)) - - - - -## [1.0.1](https://github.com/npm/registry-fetch/compare/v1.0.0...v1.0.1) (2018-03-16) - - -### Bug Fixes - -* **query:** oops console.log ([870e4f5](https://github.com/npm/registry-fetch/commit/870e4f5)) - - - - -# 1.0.0 (2018-03-16) - - -### Bug Fixes - -* **auth:** get auth working with all the little details ([84b94ba](https://github.com/npm/registry-fetch/commit/84b94ba)) -* **deps:** add bluebird as an actual dep ([1286e31](https://github.com/npm/registry-fetch/commit/1286e31)) -* **errors:** Unknown auth errors use default code ([#1](https://github.com/npm/registry-fetch/issues/1)) ([3d91b93](https://github.com/npm/registry-fetch/commit/3d91b93)) -* **standard:** remove args from invocation ([9620a0a](https://github.com/npm/registry-fetch/commit/9620a0a)) - - -### Features - -* **api:** baseline kinda-working API impl ([bf91f9f](https://github.com/npm/registry-fetch/commit/bf91f9f)) -* **body:** automatic handling of different opts.body values ([f3b97db](https://github.com/npm/registry-fetch/commit/f3b97db)) -* **config:** nicer input config input handling ([b9ce21d](https://github.com/npm/registry-fetch/commit/b9ce21d)) -* **opts:** use figgy-pudding for opts handling ([0abd527](https://github.com/npm/registry-fetch/commit/0abd527)) -* **query:** add query utility support ([65ea8b1](https://github.com/npm/registry-fetch/commit/65ea8b1)) diff --git a/node_modules/libnpmorg/node_modules/npm-registry-fetch/LICENSE.md b/node_modules/libnpmorg/node_modules/npm-registry-fetch/LICENSE.md deleted file mode 100644 index 8d28acf866d93..0000000000000 --- a/node_modules/libnpmorg/node_modules/npm-registry-fetch/LICENSE.md +++ /dev/null @@ -1,16 +0,0 @@ -ISC License - -Copyright (c) npm, Inc. - -Permission to use, copy, modify, and/or distribute this software for -any purpose with or without fee is hereby granted, provided that the -above copyright notice and this permission notice appear in all copies. - -THE SOFTWARE IS PROVIDED "AS IS" AND THE COPYRIGHT HOLDER DISCLAIMS -ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED -WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE -COPYRIGHT HOLDER BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR -CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS -OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE -OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE -USE OR PERFORMANCE OF THIS SOFTWARE. diff --git a/node_modules/libnpmorg/node_modules/npm-registry-fetch/README.md b/node_modules/libnpmorg/node_modules/npm-registry-fetch/README.md deleted file mode 100644 index e660940e30dc4..0000000000000 --- a/node_modules/libnpmorg/node_modules/npm-registry-fetch/README.md +++ /dev/null @@ -1,635 +0,0 @@ -# npm-registry-fetch - -[![npm version](https://img.shields.io/npm/v/npm-registry-fetch.svg)](https://npm.im/npm-registry-fetch) -[![license](https://img.shields.io/npm/l/npm-registry-fetch.svg)](https://npm.im/npm-registry-fetch) -[![Travis](https://img.shields.io/travis/npm/npm-registry-fetch/latest.svg)](https://travis-ci.org/npm/npm-registry-fetch) -[![AppVeyor](https://img.shields.io/appveyor/ci/npm/npm-registry-fetch/latest.svg)](https://ci.appveyor.com/project/npm/npm-registry-fetch) -[![Coverage Status](https://coveralls.io/repos/github/npm/npm-registry-fetch/badge.svg?branch=latest)](https://coveralls.io/github/npm/npm-registry-fetch?branch=latest) - -[`npm-registry-fetch`](https://github.com/npm/npm-registry-fetch) is a Node.js -library that implements a `fetch`-like API for accessing npm registry APIs -consistently. It's able to consume npm-style configuration values and has all -the necessary logic for picking registries, handling scopes, and dealing with -authentication details built-in. - -This package is meant to replace the older -[`npm-registry-client`](https://npm.im/npm-registry-client). - -## Example - -```javascript -const npmFetch = require('npm-registry-fetch') - -console.log( - await npmFetch.json('/-/ping') -) -``` - -## Table of Contents - -* [Installing](#install) -* [Example](#example) -* [Contributing](#contributing) -* [API](#api) - * [`fetch`](#fetch) - * [`fetch.json`](#fetch-json) - * [`fetch` options](#fetch-opts) - -### Install - -`$ npm install npm-registry-fetch` - -### Contributing - -The npm team enthusiastically welcomes contributions and project participation! -There's a bunch of things you can do if you want to contribute! The [Contributor -Guide](CONTRIBUTING.md) has all the information you need for everything from -reporting bugs to contributing entire new features. Please don't hesitate to -jump in if you'd like to, or even ask us questions if something isn't clear. - -All participants and maintainers in this project are expected to follow [Code of -Conduct](CODE_OF_CONDUCT.md), and just generally be excellent to each other. - -Please refer to the [Changelog](CHANGELOG.md) for project history details, too. - -Happy hacking! - -### API - -#### Caching and `write=true` query strings - -Before performing any PUT or DELETE operation, npm clients first make a -GET request to the registry resource being updated, which includes -the query string `?write=true`. - -The semantics of this are, effectively, "I intend to write to this thing, -and need to know the latest current value, so that my write can land -cleanly". - -The public npm registry handles these `?write=true` requests by ensuring -that the cache is re-validated before sending a response. In order to -maintain the same behavior on the client, and not get tripped up by an -overeager local cache when we intend to write data to the registry, any -request that comes through `npm-registry-fetch` that contains `write=true` -in the query string will forcibly set the `prefer-online` option to `true`, -and set both `prefer-offline` and `offline` to false, so that any local -cached value will be revalidated. - -#### `> fetch(url, [opts]) -> Promise` - -Performs a request to a given URL. - -The URL can be either a full URL, or a path to one. The appropriate registry -will be automatically picked if only a URL path is given. - -For available options, please see the section on [`fetch` options](#fetch-opts). - -##### Example - -```javascript -const res = await fetch('/-/ping') -console.log(res.headers) -res.on('data', d => console.log(d.toString('utf8'))) -``` - -#### `> fetch.json(url, [opts]) -> Promise` - -Performs a request to a given registry URL, parses the body of the response as -JSON, and returns it as its final value. This is a utility shorthand for -`fetch(url).then(res => res.json())`. - -For available options, please see the section on [`fetch` options](#fetch-opts). - -##### Example - -```javascript -const res = await fetch.json('/-/ping') -console.log(res) // Body parsed as JSON -``` - -#### `> fetch.json.stream(url, jsonPath, [opts]) -> Stream` - -Performs a request to a given registry URL and parses the body of the response -as JSON, with each entry being emitted through the stream. - -The `jsonPath` argument is a [`JSONStream.parse()` -path](https://github.com/dominictarr/JSONStream#jsonstreamparsepath), and the -returned stream (unlike default `JSONStream`s), has a valid -`Symbol.asyncIterator` implementation. - -For available options, please see the section on [`fetch` options](#fetch-opts). - -##### Example - -```javascript -console.log('https://npm.im/~zkat has access to the following packages:') -for await (let {key, value} of fetch.json.stream('/-/user/zkat/package', '$*')) { - console.log(`https://npm.im/${key} (perms: ${value})`) -} -``` - -#### `fetch` Options - -Fetch options are optional, and can be passed in as either a Map-like object -(one with a `.get()` method), a plain javascript object, or a -[`figgy-pudding`](https://npm.im/figgy-pudding) instance. - -##### `opts.agent` - -* Type: http.Agent -* Default: an appropriate agent based on URL protocol and proxy settings - -An [`Agent`](https://nodejs.org/api/http.html#http_class_http_agent) instance to -be shared across requests. This allows multiple concurrent `fetch` requests to -happen on the same socket. - -You do _not_ need to provide this option unless you want something particularly -specialized, since proxy configurations and http/https agents are already -automatically managed internally when this option is not passed through. - -##### `opts.body` - -* Type: Buffer | Stream | Object -* Default: null - -Request body to send through the outgoing request. Buffers and Streams will be -passed through as-is, with a default `content-type` of -`application/octet-stream`. Plain JavaScript objects will be `JSON.stringify`ed -and the `content-type` will default to `application/json`. - -Use [`opts.headers`](#opts-headers) to set the content-type to something else. - -##### `opts.ca` - -* Type: String, Array, or null -* Default: null - -The Certificate Authority signing certificate that is trusted for SSL -connections to the registry. Values should be in PEM format (Windows calls it -"Base-64 encoded X.509 (.CER)") with newlines replaced by the string `'\n'`. For -example: - -``` -{ - ca: '-----BEGIN CERTIFICATE-----\nXXXX\nXXXX\n-----END CERTIFICATE-----' -} -``` - -Set to `null` to only allow "known" registrars, or to a specific CA cert -to trust only that specific signing authority. - -Multiple CAs can be trusted by specifying an array of certificates instead of a -single string. - -See also [`opts.strictSSL`](#opts-strictSSL), [`opts.ca`](#opts-ca) and -[`opts.key`](#opts-key) - -##### `opts.cache` - -* Type: path -* Default: null - -The location of the http cache directory. If provided, certain cachable requests -will be cached according to [IETF RFC 7234](https://tools.ietf.org/html/rfc7234) -rules. This will speed up future requests, as well as make the cached data -available offline if necessary/requested. - -See also [`offline`](#opts-offline), [`preferOffline`](#opts-preferOffline), -and [`preferOnline`](#opts-preferOnline). - -##### `opts.cert` - -* Type: String -* Default: null - -A client certificate to pass when accessing the registry. Values should be in -PEM format (Windows calls it "Base-64 encoded X.509 (.CER)") with newlines -replaced by the string `'\n'`. For example: - -``` -{ - cert: '-----BEGIN CERTIFICATE-----\nXXXX\nXXXX\n-----END CERTIFICATE-----' -} -``` - -It is _not_ the path to a certificate file (and there is no "certfile" option). - -See also: [`opts.ca`](#opts-ca) and [`opts.key`](#opts-key) - -##### `opts.fetchRetries` - -* Type: Number -* Default: 2 - -The "retries" config for [`retry`](https://npm.im/retry) to use when fetching -packages from the registry. - -See also [`opts.retry`](#opts-retry) to provide all retry options as a single -object. - -##### `opts.fetchRetryFactor` - -* Type: Number -* Default: 10 - -The "factor" config for [`retry`](https://npm.im/retry) to use when fetching -packages. - -See also [`opts.retry`](#opts-retry) to provide all retry options as a single -object. - -##### `opts.fetchRetryMintimeout` - -* Type: Number -* Default: 10000 (10 seconds) - -The "minTimeout" config for [`retry`](https://npm.im/retry) to use when fetching -packages. - -See also [`opts.retry`](#opts-retry) to provide all retry options as a single -object. - -##### `opts.fetchRetryMaxtimeout` - -* Type: Number -* Default: 60000 (1 minute) - -The "maxTimeout" config for [`retry`](https://npm.im/retry) to use when fetching -packages. - -See also [`opts.retry`](#opts-retry) to provide all retry options as a single -object. - -##### `opts.forceAuth` - -* Type: Object -* Default: null - -If present, other auth-related values in `opts` will be completely ignored, -including `alwaysAuth`, `email`, and `otp`, when calculating auth for a request, -and the auth details in `opts.forceAuth` will be used instead. - -##### `opts.gzip` - -* Type: Boolean -* Default: false - -If true, `npm-registry-fetch` will set the `Content-Encoding` header to `gzip` -and use `zlib.gzip()` or `zlib.createGzip()` to gzip-encode -[`opts.body`](#opts-body). - -##### `opts.headers` - -* Type: Object -* Default: null - -Additional headers for the outgoing request. This option can also be used to -override headers automatically generated by `npm-registry-fetch`, such as -`Content-Type`. - -##### `opts.ignoreBody` - -* Type: Boolean -* Default: false - -If true, the **response body** will be thrown away and `res.body` set to `null`. -This will prevent dangling response sockets for requests where you don't usually -care what the response body is. - -##### `opts.integrity` - -* Type: String | [SRI object](https://npm.im/ssri) -* Default: null - -If provided, the response body's will be verified against this integrity string, -using [`ssri`](https://npm.im/ssri). If verification succeeds, the response will -complete as normal. If verification fails, the response body will error with an -`EINTEGRITY` error. - -Body integrity is only verified if the body is actually consumed to completion -- -that is, if you use `res.json()`/`res.buffer()`, or if you consume the default -`res` stream data to its end. - -Cached data will have its integrity automatically verified using the -previously-generated integrity hash for the saved request information, so -`EINTEGRITY` errors can happen if [`opts.cache`](#opts-cache) is used, even if -`opts.integrity` is not passed in. - -##### `opts.isFromCI` - -* Type: Boolean -* Default: Based on environment variables - -This is used to populate the `npm-in-ci` request header sent to the registry. - -##### `opts.key` - -* Type: String -* Default: null - -A client key to pass when accessing the registry. Values should be in PEM -format with newlines replaced by the string `'\n'`. For example: - -``` -{ - key: '-----BEGIN PRIVATE KEY-----\nXXXX\nXXXX\n-----END PRIVATE KEY-----' -} -``` - -It is _not_ the path to a key file (and there is no "keyfile" option). - -See also: [`opts.ca`](#opts-ca) and [`opts.cert`](#opts-cert) - -##### `opts.localAddress` - -* Type: IP Address String -* Default: null - -The IP address of the local interface to use when making connections -to the registry. - -See also [`opts.proxy`](#opts-proxy) - -##### `opts.log` - -* Type: [`npmlog`](https://npm.im/npmlog)-like -* Default: null - -Logger object to use for logging operation details. Must have the same methods -as `npmlog`. - -##### `opts.mapJSON` - -* Type: Function -* Default: undefined - -When using `fetch.json.stream()` (NOT `fetch.json()`), this will be passed down -to [`JSONStream`](https://npm.im/JSONStream) as the second argument to -`JSONStream.parse`, and can be used to transform stream data before output. - -##### `opts.maxSockets` - -* Type: Integer -* Default: 12 - -Maximum number of sockets to keep open during requests. Has no effect if -[`opts.agent`](#opts-agent) is used. - -##### `opts.method` - -* Type: String -* Default: 'GET' - -HTTP method to use for the outgoing request. Case-insensitive. - -##### `opts.noproxy` - -* Type: Boolean -* Default: process.env.NOPROXY - -If true, proxying will be disabled even if [`opts.proxy`](#opts-proxy) is used. - -##### `opts.npmSession` - -* Type: String -* Default: null - -If provided, will be sent in the `npm-session` header. This header is used by -the npm registry to identify individual user sessions (usually individual -invocations of the CLI). - -##### `opts.npmCommand` - -* Type: String -* Default: null - -If provided, it will be sent in the `npm-command` header. This yeader is -used by the npm registry to identify the npm command that caused this -request to be made. - -##### `opts.offline` - -* Type: Boolean -* Default: false - -Force offline mode: no network requests will be done during install. To allow -`npm-registry-fetch` to fill in missing cache data, see -[`opts.preferOffline`](#opts-preferOffline). - -This option is only really useful if you're also using -[`opts.cache`](#opts-cache). - -This option is set to `true` when the request includes `write=true` in the -query string. - -##### `opts.otp` - -* Type: Number | String -* Default: null - -This is a one-time password from a two-factor authenticator. It is required for -certain registry interactions when two-factor auth is enabled for a user -account. - -##### `opts.password` - -* Alias: `_password` -* Type: String -* Default: null - -Password used for basic authentication. For the more modern authentication -method, please use the (more secure) [`opts.token`](#opts-token) - -Can optionally be scoped to a registry by using a "nerf dart" for that registry. -That is: - -``` -{ - '//registry.npmjs.org/:password': 't0k3nH34r' -} -``` - -See also [`opts.username`](#opts-username) - -##### `opts.preferOffline` - -* Type: Boolean -* Default: false - -If true, staleness checks for cached data will be bypassed, but missing data -will be requested from the server. To force full offline mode, use -[`opts.offline`](#opts-offline). - -This option is generally only useful if you're also using -[`opts.cache`](#opts-cache). - -This option is set to `false` when the request includes `write=true` in the -query string. - -##### `opts.preferOnline` - -* Type: Boolean -* Default: false - -If true, staleness checks for cached data will be forced, making the CLI look -for updates immediately even for fresh package data. - -This option is generally only useful if you're also using -[`opts.cache`](#opts-cache). - -This option is set to `true` when the request includes `write=true` in the -query string. - -##### `opts.projectScope` - -* Type: String -* Default: null - -If provided, will be sent in the `npm-scope` header. This header is used by the -npm registry to identify the toplevel package scope that a particular project -installation is using. - -##### `opts.proxy` - -* Type: url -* Default: null - -A proxy to use for outgoing http requests. If not passed in, the `HTTP(S)_PROXY` -environment variable will be used. - -##### `opts.query` - -* Type: String | Object -* Default: null - -If provided, the request URI will have a query string appended to it using this -query. If `opts.query` is an object, it will be converted to a query string -using -[`querystring.stringify()`](https://nodejs.org/api/querystring.html#querystring_querystring_stringify_obj_sep_eq_options). - -If the request URI already has a query string, it will be merged with -`opts.query`, preferring `opts.query` values. - -##### `opts.registry` - -* Type: URL -* Default: `'https://registry.npmjs.org'` - -Registry configuration for a request. If a request URL only includes the URL -path, this registry setting will be prepended. This configuration is also used -to determine authentication details, so even if the request URL references a -completely different host, `opts.registry` will be used to find the auth details -for that request. - -See also [`opts.scope`](#opts-scope), [`opts.spec`](#opts-spec), and -[`opts.:registry`](#opts-scope-registry) which can all affect the actual -registry URL used by the outgoing request. - -##### `opts.retry` - -* Type: Object -* Default: null - -Single-object configuration for request retry settings. If passed in, will -override individually-passed `fetch-retry-*` settings. - -##### `opts.scope` - -* Type: String -* Default: null - -Associate an operation with a scope for a scoped registry. This option can force -lookup of scope-specific registries and authentication. - -See also [`opts.:registry`](#opts-scope-registry) and -[`opts.spec`](#opts-spec) for interactions with this option. - -##### `opts.:registry` - -* Type: String -* Default: null - -This option type can be used to configure the registry used for requests -involving a particular scope. For example, `opts['@myscope:registry'] = -'https://scope-specific.registry/'` will make it so requests go out to this -registry instead of [`opts.registry`](#opts-registry) when -[`opts.scope`](#opts-scope) is used, or when [`opts.spec`](#opts-spec) is a -scoped package spec. - -The `@` before the scope name is optional, but recommended. - -##### `opts.spec` - -* Type: String | [`npm-registry-arg`](https://npm.im/npm-registry-arg) object. -* Default: null - -If provided, can be used to automatically configure [`opts.scope`](#opts-scope) -based on a specific package name. Non-registry package specs will throw an -error. - -##### `opts.strictSSL` - -* Type: Boolean -* Default: true - -Whether or not to do SSL key validation when making requests to the -registry via https. - -See also [`opts.ca`](#opts-ca). - -##### `opts.timeout` - -* Type: Milliseconds -* Default: 300000 (5 minutes) - -Time before a hanging request times out. - -##### `opts.token` - -* Alias: `opts._authToken` -* Type: String -* Default: null - -Authentication token string. - -Can be scoped to a registry by using a "nerf dart" for that registry. That is: - -``` -{ - '//registry.npmjs.org/:token': 't0k3nH34r' -} -``` - -##### `opts.userAgent` - -* Type: String -* Default: `'npm-registry-fetch@/node@+ ()'` - -User agent string to send in the `User-Agent` header. - -##### `opts.username` - -* Type: String -* Default: null - -Username used for basic authentication. For the more modern authentication -method, please use the (more secure) [`opts.token`](#opts-token) - -Can optionally be scoped to a registry by using a "nerf dart" for that registry. -That is: - -``` -{ - '//registry.npmjs.org/:username': 't0k3nH34r' -} -``` - -See also [`opts.password`](#opts-password) - -##### `opts._auth` - -* Type: String -* Default: null - -** DEPRECATED ** This is a legacy authentication token supported only for -compatibility. Please use [`opts.token`](#opts-token) instead. diff --git a/node_modules/libnpmorg/node_modules/npm-registry-fetch/auth.js b/node_modules/libnpmorg/node_modules/npm-registry-fetch/auth.js deleted file mode 100644 index 11c3bde6b4e6c..0000000000000 --- a/node_modules/libnpmorg/node_modules/npm-registry-fetch/auth.js +++ /dev/null @@ -1,55 +0,0 @@ -'use strict' - -const defaultOpts = require('./default-opts.js') -const url = require('url') - -module.exports = getAuth -function getAuth (registry, opts_ = {}) { - if (!registry) { throw new Error('registry is required') } - const opts = opts_.forceAuth ? opts_.forceAuth : { ...defaultOpts, ...opts_ } - const AUTH = {} - const regKey = registry && registryKey(registry) - const doKey = (key, alias) => addKey(opts, AUTH, regKey, key, alias) - doKey('token') - doKey('_authToken', 'token') - doKey('username') - doKey('password') - doKey('_password', 'password') - doKey('email') - doKey('_auth') - doKey('otp') - doKey('always-auth', 'alwaysAuth') - if (AUTH.password) { - AUTH.password = Buffer.from(AUTH.password, 'base64').toString('utf8') - } - if (AUTH._auth && !(AUTH.username && AUTH.password)) { - let auth = Buffer.from(AUTH._auth, 'base64').toString() - auth = auth.split(':') - AUTH.username = auth.shift() - AUTH.password = auth.join(':') - } - AUTH.alwaysAuth = AUTH.alwaysAuth === 'false' ? false : !!AUTH.alwaysAuth - return AUTH -} - -function addKey (opts, obj, scope, key, objKey) { - if (opts[key]) { - obj[objKey || key] = opts[key] - } - if (scope && opts[`${scope}:${key}`]) { - obj[objKey || key] = opts[`${scope}:${key}`] - } -} - -// Called a nerf dart in the main codebase. Used as a "safe" -// key when fetching registry info from config. -function registryKey (registry) { - const parsed = new url.URL(registry) - const formatted = url.format({ - protocol: parsed.protocol, - host: parsed.host, - pathname: parsed.pathname, - slashes: true - }) - return url.format(new url.URL('.', formatted)).replace(/^[^:]+:/, '') -} diff --git a/node_modules/libnpmorg/node_modules/npm-registry-fetch/check-response.js b/node_modules/libnpmorg/node_modules/npm-registry-fetch/check-response.js deleted file mode 100644 index f151711f30160..0000000000000 --- a/node_modules/libnpmorg/node_modules/npm-registry-fetch/check-response.js +++ /dev/null @@ -1,128 +0,0 @@ -'use strict' - -const errors = require('./errors.js') -const LRU = require('lru-cache') -const { Response } = require('minipass-fetch') -const defaultOpts = require('./default-opts.js') - -module.exports = checkResponse -function checkResponse (method, res, registry, startTime, opts_ = {}) { - const opts = { ...defaultOpts, ...opts_ } - if (res.headers.has('npm-notice') && !res.headers.has('x-local-cache')) { - opts.log.notice('', res.headers.get('npm-notice')) - } - checkWarnings(res, registry, opts) - if (res.status >= 400) { - logRequest(method, res, startTime, opts) - return checkErrors(method, res, startTime, opts) - } else { - res.body.on('end', () => logRequest(method, res, startTime, opts)) - if (opts.ignoreBody) { - res.body.resume() - return new Response(null, res) - } - return res - } -} - -function logRequest (method, res, startTime, opts) { - const elapsedTime = Date.now() - startTime - const attempt = res.headers.get('x-fetch-attempts') - const attemptStr = attempt && attempt > 1 ? ` attempt #${attempt}` : '' - const cacheStr = res.headers.get('x-local-cache') ? ' (from cache)' : '' - - let urlStr - try { - const { URL } = require('url') - const url = new URL(res.url) - if (url.password) { - url.password = '***' - } - urlStr = url.toString() - } catch (er) { - urlStr = res.url - } - - opts.log.http( - 'fetch', - `${method.toUpperCase()} ${res.status} ${urlStr} ${elapsedTime}ms${attemptStr}${cacheStr}` - ) -} - -const WARNING_REGEXP = /^\s*(\d{3})\s+(\S+)\s+"(.*)"\s+"([^"]+)"/ -const BAD_HOSTS = new LRU({ max: 50 }) - -function checkWarnings (res, registry, opts) { - if (res.headers.has('warning') && !BAD_HOSTS.has(registry)) { - const warnings = {} - // note: headers.raw() will preserve case, so we might have a - // key on the object like 'WaRnInG' if that was used first - for (const [key, value] of Object.entries(res.headers.raw())) { - if (key.toLowerCase() !== 'warning') { continue } - value.forEach(w => { - const match = w.match(WARNING_REGEXP) - if (match) { - warnings[match[1]] = { - code: match[1], - host: match[2], - message: match[3], - date: new Date(match[4]) - } - } - }) - } - BAD_HOSTS.set(registry, true) - if (warnings['199']) { - if (warnings['199'].message.match(/ENOTFOUND/)) { - opts.log.warn('registry', `Using stale data from ${registry} because the host is inaccessible -- are you offline?`) - } else { - opts.log.warn('registry', `Unexpected warning for ${registry}: ${warnings['199'].message}`) - } - } - if (warnings['111']) { - // 111 Revalidation failed -- we're using stale data - opts.log.warn( - 'registry', - `Using stale data from ${registry} due to a request error during revalidation.` - ) - } - } -} - -function checkErrors (method, res, startTime, opts) { - return res.buffer() - .catch(() => null) - .then(body => { - let parsed = body - try { - parsed = JSON.parse(body.toString('utf8')) - } catch (e) {} - if (res.status === 401 && res.headers.get('www-authenticate')) { - const auth = res.headers.get('www-authenticate') - .split(/,\s*/) - .map(s => s.toLowerCase()) - if (auth.indexOf('ipaddress') !== -1) { - throw new errors.HttpErrorAuthIPAddress( - method, res, parsed, opts.spec - ) - } else if (auth.indexOf('otp') !== -1) { - throw new errors.HttpErrorAuthOTP( - method, res, parsed, opts.spec - ) - } else { - throw new errors.HttpErrorAuthUnknown( - method, res, parsed, opts.spec - ) - } - } else if (res.status === 401 && body != null && /one-time pass/.test(body.toString('utf8'))) { - // Heuristic for malformed OTP responses that don't include the www-authenticate header. - throw new errors.HttpErrorAuthOTP( - method, res, parsed, opts.spec - ) - } else { - throw new errors.HttpErrorGeneral( - method, res, parsed, opts.spec - ) - } - }) -} diff --git a/node_modules/libnpmorg/node_modules/npm-registry-fetch/default-opts.js b/node_modules/libnpmorg/node_modules/npm-registry-fetch/default-opts.js deleted file mode 100644 index b742fd5a5fcd4..0000000000000 --- a/node_modules/libnpmorg/node_modules/npm-registry-fetch/default-opts.js +++ /dev/null @@ -1,22 +0,0 @@ -const pkg = require('./package.json') -const ciDetect = require('@npmcli/ci-detect') -module.exports = { - isFromCI: ciDetect(), - log: require('./silentlog.js'), - maxSockets: 12, - method: 'GET', - registry: 'https://registry.npmjs.org/', - timeout: 5 * 60 * 1000, // 5 minutes - strictSSL: true, - noProxy: process.env.NOPROXY, - userAgent: `${pkg.name - }@${ - pkg.version - }/node@${ - process.version - }+${ - process.arch - } (${ - process.platform - })` -} diff --git a/node_modules/libnpmorg/node_modules/npm-registry-fetch/errors.js b/node_modules/libnpmorg/node_modules/npm-registry-fetch/errors.js deleted file mode 100644 index c41947e29952d..0000000000000 --- a/node_modules/libnpmorg/node_modules/npm-registry-fetch/errors.js +++ /dev/null @@ -1,79 +0,0 @@ -'use strict' - -const url = require('url') - -function packageName (href) { - try { - let basePath = new url.URL(href).pathname.substr(1) - if (!basePath.match(/^-/)) { - basePath = basePath.split('/') - var index = basePath.indexOf('_rewrite') - if (index === -1) { - index = basePath.length - 1 - } else { - index++ - } - return decodeURIComponent(basePath[index]) - } - } catch (_) { - // this is ok - } -} - -class HttpErrorBase extends Error { - constructor (method, res, body, spec) { - super() - this.headers = res.headers.raw() - this.statusCode = res.status - this.code = `E${res.status}` - this.method = method - this.uri = res.url - this.body = body - this.pkgid = spec ? spec.toString() : packageName(res.url) - } -} -module.exports.HttpErrorBase = HttpErrorBase - -class HttpErrorGeneral extends HttpErrorBase { - constructor (method, res, body, spec) { - super(method, res, body, spec) - this.message = `${res.status} ${res.statusText} - ${ - this.method.toUpperCase() - } ${ - this.spec || this.uri - }${ - (body && body.error) ? ' - ' + body.error : '' - }` - Error.captureStackTrace(this, HttpErrorGeneral) - } -} -module.exports.HttpErrorGeneral = HttpErrorGeneral - -class HttpErrorAuthOTP extends HttpErrorBase { - constructor (method, res, body, spec) { - super(method, res, body, spec) - this.message = 'OTP required for authentication' - this.code = 'EOTP' - Error.captureStackTrace(this, HttpErrorAuthOTP) - } -} -module.exports.HttpErrorAuthOTP = HttpErrorAuthOTP - -class HttpErrorAuthIPAddress extends HttpErrorBase { - constructor (method, res, body, spec) { - super(method, res, body, spec) - this.message = 'Login is not allowed from your IP address' - this.code = 'EAUTHIP' - Error.captureStackTrace(this, HttpErrorAuthIPAddress) - } -} -module.exports.HttpErrorAuthIPAddress = HttpErrorAuthIPAddress - -class HttpErrorAuthUnknown extends HttpErrorBase { - constructor (method, res, body, spec) { - super(method, res, body, spec) - this.message = 'Unable to authenticate, need: ' + res.headers.get('www-authenticate') - Error.captureStackTrace(this, HttpErrorAuthUnknown) - } -} -module.exports.HttpErrorAuthUnknown = HttpErrorAuthUnknown diff --git a/node_modules/libnpmorg/node_modules/npm-registry-fetch/index.js b/node_modules/libnpmorg/node_modules/npm-registry-fetch/index.js deleted file mode 100644 index 2324e7fbfd00b..0000000000000 --- a/node_modules/libnpmorg/node_modules/npm-registry-fetch/index.js +++ /dev/null @@ -1,219 +0,0 @@ -'use strict' - -const checkResponse = require('./check-response.js') -const getAuth = require('./auth.js') -const fetch = require('make-fetch-happen') -const JSONStream = require('minipass-json-stream') -const npa = require('npm-package-arg') -const qs = require('querystring') -const url = require('url') -const zlib = require('minizlib') -const Minipass = require('minipass') - -const defaultOpts = require('./default-opts.js') - -// WhatWG URL throws if it's not fully resolved -const urlIsValid = u => { - try { - return !!new url.URL(u) - } catch (_) { - return false - } -} - -module.exports = regFetch -function regFetch (uri, /* istanbul ignore next */ opts_ = {}) { - const opts = { - ...defaultOpts, - ...opts_ - } - const registry = opts.registry = ( - (opts.spec && pickRegistry(opts.spec, opts)) || - (opts.publishConfig && opts.publishConfig.registry) || - opts.registry || - /* istanbul ignore next */ - 'https://registry.npmjs.org/' - ) - - if (!urlIsValid(uri)) { - uri = `${ - registry.trim().replace(/\/?$/g, '') - }/${ - uri.trim().replace(/^\//, '') - }` - } - - const method = opts.method || 'GET' - - // through that takes into account the scope, the prefix of `uri`, etc - const startTime = Date.now() - const headers = getHeaders(registry, uri, opts) - let body = opts.body - const bodyIsStream = Minipass.isStream(body) - const bodyIsPromise = body && - typeof body === 'object' && - typeof body.then === 'function' - - if (body && !bodyIsStream && !bodyIsPromise && typeof body !== 'string' && !Buffer.isBuffer(body)) { - headers['content-type'] = headers['content-type'] || 'application/json' - body = JSON.stringify(body) - } else if (body && !headers['content-type']) { - headers['content-type'] = 'application/octet-stream' - } - - if (opts.gzip) { - headers['content-encoding'] = 'gzip' - if (bodyIsStream) { - const gz = new zlib.Gzip() - body.on('error', /* istanbul ignore next: unlikely and hard to test */ - err => gz.emit('error', err)) - body = body.pipe(gz) - } else if (!bodyIsPromise) { - body = new zlib.Gzip().end(body).concat() - } - } - - const parsed = new url.URL(uri) - - if (opts.query) { - const q = typeof opts.query === 'string' - ? qs.parse(opts.query) - : opts.query - - Object.keys(q).forEach(key => { - if (q[key] !== undefined) { - parsed.searchParams.set(key, q[key]) - } - }) - uri = url.format(parsed) - } - - if (parsed.searchParams.get('write') === 'true' && method === 'GET') { - // do not cache, because this GET is fetching a rev that will be - // used for a subsequent PUT or DELETE, so we need to conditionally - // update cache. - opts.offline = false - opts.preferOffline = false - opts.preferOnline = true - } - - const doFetch = (body) => fetch(uri, { - agent: opts.agent, - algorithms: opts.algorithms, - body, - cache: getCacheMode(opts), - cacheManager: opts.cache, - ca: opts.ca, - cert: opts.cert, - headers, - integrity: opts.integrity, - key: opts.key, - localAddress: opts.localAddress, - maxSockets: opts.maxSockets, - memoize: opts.memoize, - method: method, - noProxy: opts.noProxy, - proxy: opts.httpsProxy || opts.proxy, - retry: opts.retry ? opts.retry : { - retries: opts.fetchRetries, - factor: opts.fetchRetryFactor, - minTimeout: opts.fetchRetryMintimeout, - maxTimeout: opts.fetchRetryMaxtimeout - }, - strictSSL: opts.strictSSL, - timeout: opts.timeout || 30 * 1000 - }).then(res => checkResponse( - method, res, registry, startTime, opts - )) - - return Promise.resolve(body).then(doFetch) -} - -module.exports.json = fetchJSON -function fetchJSON (uri, opts) { - return regFetch(uri, opts).then(res => res.json()) -} - -module.exports.json.stream = fetchJSONStream -function fetchJSONStream (uri, jsonPath, /* istanbul ignore next */ opts_ = {}) { - const opts = { ...defaultOpts, ...opts_ } - const parser = JSONStream.parse(jsonPath, opts.mapJSON) - regFetch(uri, opts).then(res => - res.body.on('error', - /* istanbul ignore next: unlikely and difficult to test */ - er => parser.emit('error', er)).pipe(parser) - ).catch(er => parser.emit('error', er)) - return parser -} - -module.exports.pickRegistry = pickRegistry -function pickRegistry (spec, opts = {}) { - spec = npa(spec) - let registry = spec.scope && - opts[spec.scope.replace(/^@?/, '@') + ':registry'] - - if (!registry && opts.scope) { - registry = opts[opts.scope.replace(/^@?/, '@') + ':registry'] - } - - if (!registry && opts.publishConfig) { - registry = opts.publishConfig.registry - } - - if (!registry) { - registry = opts.registry || 'https://registry.npmjs.org/' - } - - return registry -} - -function getCacheMode (opts) { - return opts.offline - ? 'only-if-cached' - : opts.preferOffline - ? 'force-cache' - : opts.preferOnline - ? 'no-cache' - : 'default' -} - -function getHeaders (registry, uri, opts) { - const headers = Object.assign({ - 'npm-in-ci': !!opts.isFromCI, - 'user-agent': opts.userAgent - }, opts.headers || {}) - - if (opts.projectScope) { - headers['npm-scope'] = opts.projectScope - } - - if (opts.npmSession) { - headers['npm-session'] = opts.npmSession - } - - if (opts.npmCommand) { - headers['npm-command'] = opts.npmCommand - } - - const auth = getAuth(registry, opts) - // If a tarball is hosted on a different place than the manifest, only send - // credentials on `alwaysAuth` - const shouldAuth = ( - auth.alwaysAuth || - new url.URL(uri).host === new url.URL(registry).host - ) - if (shouldAuth && auth.token) { - headers.authorization = `Bearer ${auth.token}` - } else if (shouldAuth && auth.username && auth.password) { - const encoded = Buffer.from( - `${auth.username}:${auth.password}`, 'utf8' - ).toString('base64') - headers.authorization = `Basic ${encoded}` - } else if (shouldAuth && auth._auth) { - headers.authorization = `Basic ${auth._auth}` - } - if (shouldAuth && auth.otp) { - headers['npm-otp'] = auth.otp - } - return headers -} diff --git a/node_modules/libnpmorg/node_modules/npm-registry-fetch/package.json b/node_modules/libnpmorg/node_modules/npm-registry-fetch/package.json deleted file mode 100644 index 5aeddc5b39102..0000000000000 --- a/node_modules/libnpmorg/node_modules/npm-registry-fetch/package.json +++ /dev/null @@ -1,59 +0,0 @@ -{ - "name": "npm-registry-fetch", - "version": "8.1.5", - "description": "Fetch-based http client for use with npm registry APIs", - "main": "index.js", - "files": [ - "*.js", - "lib" - ], - "scripts": { - "postrelease": "npm publish", - "posttest": "standard", - "prepublishOnly": "git push --follow-tags", - "prerelease": "npm t", - "release": "standard-version -s", - "test": "tap" - }, - "repository": "https://github.com/npm/registry-fetch", - "keywords": [ - "npm", - "registry", - "fetch" - ], - "author": { - "name": "Kat Marchán", - "email": "kzm@sykosomatic.org", - "twitter": "maybekatz" - }, - "license": "ISC", - "dependencies": { - "@npmcli/ci-detect": "^1.0.0", - "lru-cache": "^6.0.0", - "make-fetch-happen": "^8.0.9", - "minipass": "^3.1.3", - "minipass-fetch": "^1.3.0", - "minipass-json-stream": "^1.0.1", - "minizlib": "^2.0.0", - "npm-package-arg": "^8.0.0" - }, - "devDependencies": { - "cacache": "^15.0.0", - "mkdirp": "^0.5.1", - "nock": "^11.7.0", - "npmlog": "^4.1.2", - "require-inject": "^1.4.4", - "rimraf": "^2.6.2", - "ssri": "^8.0.0", - "standard": "^14.3.3", - "standard-version": "^7.1.0", - "tap": "^14.10.7" - }, - "tap": { - "check-coverage": true, - "test-ignore": "test[\\\\/](util|cache)[\\\\/]" - }, - "engines": { - "node": ">=10" - } -} diff --git a/node_modules/libnpmorg/node_modules/npm-registry-fetch/silentlog.js b/node_modules/libnpmorg/node_modules/npm-registry-fetch/silentlog.js deleted file mode 100644 index 886c5d55b2dbb..0000000000000 --- a/node_modules/libnpmorg/node_modules/npm-registry-fetch/silentlog.js +++ /dev/null @@ -1,14 +0,0 @@ -'use strict' - -const noop = Function.prototype -module.exports = { - error: noop, - warn: noop, - notice: noop, - info: noop, - verbose: noop, - silly: noop, - http: noop, - pause: noop, - resume: noop -} diff --git a/node_modules/libnpmorg/package.json b/node_modules/libnpmorg/package.json index f18c43adafaad..b6074ed8e4a7c 100644 --- a/node_modules/libnpmorg/package.json +++ b/node_modules/libnpmorg/package.json @@ -1,6 +1,6 @@ { "name": "libnpmorg", - "version": "2.0.0", + "version": "2.0.1", "description": "Programmatic api for `npm org` commands", "author": "Kat Marchán ", "keywords": [ @@ -40,7 +40,7 @@ "homepage": "https://npmjs.com/package/libnpmorg", "dependencies": { "aproba": "^2.0.0", - "npm-registry-fetch": "^8.0.0" + "npm-registry-fetch": "^9.0.0" }, "engines": { "node": ">=10" diff --git a/package-lock.json b/package-lock.json index a3b44e5f81af6..16f2f0b4afb52 100644 --- a/package-lock.json +++ b/package-lock.json @@ -107,7 +107,7 @@ "libnpmaccess": "^4.0.0", "libnpmfund": "^1.0.1", "libnpmhook": "^6.0.0", - "libnpmorg": "^2.0.0", + "libnpmorg": "^2.0.1", "libnpmpack": "^2.0.0", "libnpmpublish": "^4.0.0", "libnpmsearch": "^3.0.1", @@ -3763,31 +3763,13 @@ } }, "node_modules/libnpmorg": { - "version": "2.0.0", + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/libnpmorg/-/libnpmorg-2.0.1.tgz", + "integrity": "sha512-Wj0aApN6TfZWHqtJNjkY7IeQpX24jrQD58IHrEz234quKVRYlegUiMsZl2g4OEFeZNSSc9QN28EdI1SBkUlW7g==", "inBundle": true, - "license": "ISC", "dependencies": { "aproba": "^2.0.0", - "npm-registry-fetch": "^8.0.0" - }, - "engines": { - "node": ">=10" - } - }, - "node_modules/libnpmorg/node_modules/npm-registry-fetch": { - "version": "8.1.5", - "resolved": "https://registry.npmjs.org/npm-registry-fetch/-/npm-registry-fetch-8.1.5.tgz", - "integrity": "sha512-yZPNoJK9clx1jhSXU54kU6Aj1SV2p7mXUs1W/6OjQvek3wb1RrjDCrt4iY1+VX9eBQvvSGEpzNmYkRUaTL8rqg==", - "inBundle": true, - "dependencies": { - "@npmcli/ci-detect": "^1.0.0", - "lru-cache": "^6.0.0", - "make-fetch-happen": "^8.0.9", - "minipass": "^3.1.3", - "minipass-fetch": "^1.3.0", - "minipass-json-stream": "^1.0.1", - "minizlib": "^2.0.0", - "npm-package-arg": "^8.0.0" + "npm-registry-fetch": "^9.0.0" }, "engines": { "node": ">=10" @@ -11537,27 +11519,12 @@ } }, "libnpmorg": { - "version": "2.0.0", + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/libnpmorg/-/libnpmorg-2.0.1.tgz", + "integrity": "sha512-Wj0aApN6TfZWHqtJNjkY7IeQpX24jrQD58IHrEz234quKVRYlegUiMsZl2g4OEFeZNSSc9QN28EdI1SBkUlW7g==", "requires": { "aproba": "^2.0.0", - "npm-registry-fetch": "^8.0.0" - }, - "dependencies": { - "npm-registry-fetch": { - "version": "8.1.5", - "resolved": "https://registry.npmjs.org/npm-registry-fetch/-/npm-registry-fetch-8.1.5.tgz", - "integrity": "sha512-yZPNoJK9clx1jhSXU54kU6Aj1SV2p7mXUs1W/6OjQvek3wb1RrjDCrt4iY1+VX9eBQvvSGEpzNmYkRUaTL8rqg==", - "requires": { - "@npmcli/ci-detect": "^1.0.0", - "lru-cache": "^6.0.0", - "make-fetch-happen": "^8.0.9", - "minipass": "^3.1.3", - "minipass-fetch": "^1.3.0", - "minipass-json-stream": "^1.0.1", - "minizlib": "^2.0.0", - "npm-package-arg": "^8.0.0" - } - } + "npm-registry-fetch": "^9.0.0" } }, "libnpmpack": { diff --git a/package.json b/package.json index 875b65ea0adb0..036227644a9e6 100644 --- a/package.json +++ b/package.json @@ -71,7 +71,7 @@ "libnpmaccess": "^4.0.0", "libnpmfund": "^1.0.1", "libnpmhook": "^6.0.0", - "libnpmorg": "^2.0.0", + "libnpmorg": "^2.0.1", "libnpmpack": "^2.0.0", "libnpmpublish": "^4.0.0", "libnpmsearch": "^3.0.1", From 0ea870ec5d2be1d44f050ad8bc24ed936cc45fde Mon Sep 17 00:00:00 2001 From: isaacs Date: Tue, 3 Nov 2020 13:07:51 -0800 Subject: [PATCH 13/21] libnpmhook@6.0.1 --- .../npm-registry-fetch/CHANGELOG.md | 384 ----------- .../npm-registry-fetch/LICENSE.md | 16 - .../node_modules/npm-registry-fetch/README.md | 635 ------------------ .../node_modules/npm-registry-fetch/auth.js | 55 -- .../npm-registry-fetch/check-response.js | 128 ---- .../npm-registry-fetch/default-opts.js | 22 - .../node_modules/npm-registry-fetch/errors.js | 79 --- .../node_modules/npm-registry-fetch/index.js | 219 ------ .../npm-registry-fetch/package.json | 59 -- .../npm-registry-fetch/silentlog.js | 14 - node_modules/libnpmhook/package.json | 4 +- package-lock.json | 51 +- package.json | 2 +- 13 files changed, 12 insertions(+), 1656 deletions(-) delete mode 100644 node_modules/libnpmhook/node_modules/npm-registry-fetch/CHANGELOG.md delete mode 100644 node_modules/libnpmhook/node_modules/npm-registry-fetch/LICENSE.md delete mode 100644 node_modules/libnpmhook/node_modules/npm-registry-fetch/README.md delete mode 100644 node_modules/libnpmhook/node_modules/npm-registry-fetch/auth.js delete mode 100644 node_modules/libnpmhook/node_modules/npm-registry-fetch/check-response.js delete mode 100644 node_modules/libnpmhook/node_modules/npm-registry-fetch/default-opts.js delete mode 100644 node_modules/libnpmhook/node_modules/npm-registry-fetch/errors.js delete mode 100644 node_modules/libnpmhook/node_modules/npm-registry-fetch/index.js delete mode 100644 node_modules/libnpmhook/node_modules/npm-registry-fetch/package.json delete mode 100644 node_modules/libnpmhook/node_modules/npm-registry-fetch/silentlog.js diff --git a/node_modules/libnpmhook/node_modules/npm-registry-fetch/CHANGELOG.md b/node_modules/libnpmhook/node_modules/npm-registry-fetch/CHANGELOG.md deleted file mode 100644 index fc26ee1bda4ba..0000000000000 --- a/node_modules/libnpmhook/node_modules/npm-registry-fetch/CHANGELOG.md +++ /dev/null @@ -1,384 +0,0 @@ -# Changelog - -All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines. - -### [8.1.5](https://github.com/npm/registry-fetch/compare/v8.1.4...v8.1.5) (2020-10-12) - - -### Bug Fixes - -* respect publishConfig.registry when specified ([32e36ef](https://github.com/npm/registry-fetch/commit/32e36efe86302ed319973cd5b1e6ccc3f62e557e)), closes [#35](https://github.com/npm/registry-fetch/issues/35) - -### [8.1.4](https://github.com/npm/registry-fetch/compare/v8.1.3...v8.1.4) (2020-08-17) - - -### Bug Fixes - -* redact passwords from http logs ([3c294eb](https://github.com/npm/registry-fetch/commit/3c294ebbd7821725db4ff1bc5fe368c49613efcc)) - -### [8.1.3](https://github.com/npm/registry-fetch/compare/v8.1.2...v8.1.3) (2020-07-21) - -### [8.1.2](https://github.com/npm/registry-fetch/compare/v8.1.1...v8.1.2) (2020-07-11) - -### [8.1.1](https://github.com/npm/registry-fetch/compare/v8.1.0...v8.1.1) (2020-06-30) - -## [8.1.0](https://github.com/npm/registry-fetch/compare/v8.0.3...v8.1.0) (2020-05-20) - - -### Features - -* add npm-command HTTP header ([1bb4eb2](https://github.com/npm/registry-fetch/commit/1bb4eb2c66ee8a0dc62558bdcff1b548e2bb9820)) - -### [8.0.3](https://github.com/npm/registry-fetch/compare/v8.0.2...v8.0.3) (2020-05-13) - - -### Bug Fixes - -* update minipass and make-fetch-happen to latest ([3b6c5d0](https://github.com/npm/registry-fetch/commit/3b6c5d0d8ccd4c4a97862a65acef956f19aec127)), closes [#23](https://github.com/npm/registry-fetch/issues/23) - -### [8.0.2](https://github.com/npm/registry-fetch/compare/v8.0.1...v8.0.2) (2020-05-04) - - -### Bug Fixes - -* update make-fetch-happen to 8.0.6 ([226df2c](https://github.com/npm/registry-fetch/commit/226df2c32e3f9ed8ceefcfdbd11efb178181b442)) - -## [8.0.0](https://github.com/npm/registry-fetch/compare/v7.0.1...v8.0.0) (2020-02-24) - - -### ⚠ BREAKING CHANGES - -* Removes the 'opts.refer' option and the HTTP Referer -header (unless explicitly added to the 'headers' option, of course). - -PR-URL: https://github.com/npm/npm-registry-fetch/pull/25 -Credit: @isaacs - -### Bug Fixes - -* remove referer header and opts.refer ([eb8f7af](https://github.com/npm/registry-fetch/commit/eb8f7af3c102834856604c1be664b00ca0fe8ef2)), closes [#25](https://github.com/npm/registry-fetch/issues/25) - -### [7.0.1](https://github.com/npm/registry-fetch/compare/v7.0.0...v7.0.1) (2020-02-24) - -## [7.0.0](https://github.com/npm/registry-fetch/compare/v6.0.2...v7.0.0) (2020-02-18) - - -### ⚠ BREAKING CHANGES - -* figgy pudding is now nowhere to be found. -* this removes figgy-pudding, and drops several option -aliases. - -Defaults and behavior are all the same, and this module is now using the -canonical camelCase option names that npm v7 will provide to all its -deps. - -Related to: https://github.com/npm/rfcs/pull/102 - -PR-URL: https://github.com/npm/npm-registry-fetch/pull/22 -Credit: @isaacs - -### Bug Fixes - -* Remove figgy-pudding, use canonical option names ([ede3c08](https://github.com/npm/registry-fetch/commit/ede3c087007fd1808e02b1af70562220d03b18a9)), closes [#22](https://github.com/npm/registry-fetch/issues/22) - - -* update cacache, ssri, make-fetch-happen ([57fcc88](https://github.com/npm/registry-fetch/commit/57fcc889bee03edcc0a2025d96a171039108c231)) - -### [6.0.2](https://github.com/npm/registry-fetch/compare/v6.0.1...v6.0.2) (2020-02-14) - - -### Bug Fixes - -* always bypass cache when ?write=true ([83f89f3](https://github.com/npm/registry-fetch/commit/83f89f35abd2ed0507c869e37f90ed746375772c)) - -### [6.0.1](https://github.com/npm/registry-fetch/compare/v6.0.0...v6.0.1) (2020-02-14) - - -### Bug Fixes - -* use 30s default for timeout as per README ([50e8afc](https://github.com/npm/registry-fetch/commit/50e8afc6ff850542feb588f9f9c64ebae59e72a0)), closes [#20](https://github.com/npm/registry-fetch/issues/20) - -## [6.0.0](https://github.com/npm/registry-fetch/compare/v5.0.1...v6.0.0) (2019-12-17) - - -### ⚠ BREAKING CHANGES - -* This drops support for node < 10. - -There are some lint failures due to standard pushing for using WhatWG URL -objects instead of url.parse/url.resolve. However, the code in this lib -does some fancy things with the query/search portions of the parsed url -object, so it'll take a bit of care to make it work properly. - -### Bug Fixes - -* detect CI so our tests don't fail in CI ([5813da6](https://github.com/npm/registry-fetch/commit/5813da634cef73b12e40373972d7937e6934fce0)) -* Use WhatWG URLs instead of url.parse ([8ccfa8a](https://github.com/npm/registry-fetch/commit/8ccfa8a72c38cfedb0f525b7f453644fd4444f99)) - - -* normalize settings, drop old nodes, update deps ([510b125](https://github.com/npm/registry-fetch/commit/510b1255cc7ed4bb397a34e0007757dae33e2275)) - - -## [5.0.1](https://github.com/npm/registry-fetch/compare/v5.0.0...v5.0.1) (2019-11-11) - - - - -# [5.0.0](https://github.com/npm/registry-fetch/compare/v4.0.2...v5.0.0) (2019-10-04) - - -### Bug Fixes - -* prefer const in getAuth function ([90ac7b1](https://github.com/npm/registry-fetch/commit/90ac7b1)) -* use minizlib instead of core zlib ([e64702e](https://github.com/npm/registry-fetch/commit/e64702e)) - - -### Features - -* refactor to use Minipass streams ([bb37f20](https://github.com/npm/registry-fetch/commit/bb37f20)) - - -### BREAKING CHANGES - -* this replaces all core streams (except for some -PassThrough streams in a few tests) with Minipass streams, and updates -all deps to the latest and greatest Minipass versions of things. - - - - -## [4.0.2](https://github.com/npm/registry-fetch/compare/v4.0.0...v4.0.2) (2019-10-04) - - -### Bug Fixes - -* Add null check on body on 401 errors ([e3a0186](https://github.com/npm/registry-fetch/commit/e3a0186)), closes [#9](https://github.com/npm/registry-fetch/issues/9) -* **deps:** Add explicit dependency on safe-buffer ([8eae5f0](https://github.com/npm/registry-fetch/commit/8eae5f0)), closes [npm/libnpmaccess#2](https://github.com/npm/libnpmaccess/issues/2) [#3](https://github.com/npm/registry-fetch/issues/3) - - - - -# [4.0.0](https://github.com/npm/registry-fetch/compare/v3.9.1...v4.0.0) (2019-07-15) - - -* cacache@12.0.0, infer uid from cache folder ([0c4f060](https://github.com/npm/registry-fetch/commit/0c4f060)) - - -### BREAKING CHANGES - -* uid and gid are inferred from cache folder, rather than -being passed in as options. - - - - -## [3.9.1](https://github.com/npm/registry-fetch/compare/v3.9.0...v3.9.1) (2019-07-02) - - - - -# [3.9.0](https://github.com/npm/registry-fetch/compare/v3.8.0...v3.9.0) (2019-01-24) - - -### Features - -* **auth:** support username:password encoded legacy _auth ([a91f90c](https://github.com/npm/registry-fetch/commit/a91f90c)) - - - - -# [3.8.0](https://github.com/npm/registry-fetch/compare/v3.7.0...v3.8.0) (2018-08-23) - - -### Features - -* **mapJson:** add support for passing in json stream mapper ([0600986](https://github.com/npm/registry-fetch/commit/0600986)) - - - - -# [3.7.0](https://github.com/npm/registry-fetch/compare/v3.6.0...v3.7.0) (2018-08-23) - - -### Features - -* **json.stream:** add utility function for streamed JSON parsing ([051d969](https://github.com/npm/registry-fetch/commit/051d969)) - - - - -# [3.6.0](https://github.com/npm/registry-fetch/compare/v3.5.0...v3.6.0) (2018-08-22) - - -### Bug Fixes - -* **docs:** document opts.forceAuth ([40bcd65](https://github.com/npm/registry-fetch/commit/40bcd65)) - - -### Features - -* **opts.ignoreBody:** add a boolean to throw away response bodies ([6923702](https://github.com/npm/registry-fetch/commit/6923702)) - - - - -# [3.5.0](https://github.com/npm/registry-fetch/compare/v3.4.0...v3.5.0) (2018-08-22) - - -### Features - -* **pkgid:** heuristic pkgid calculation for errors ([2e789a5](https://github.com/npm/registry-fetch/commit/2e789a5)) - - - - -# [3.4.0](https://github.com/npm/registry-fetch/compare/v3.3.0...v3.4.0) (2018-08-22) - - -### Bug Fixes - -* **deps:** use new figgy-pudding with aliases fix ([0308f54](https://github.com/npm/registry-fetch/commit/0308f54)) - - -### Features - -* **auth:** add forceAuth option to force a specific auth mechanism ([4524d17](https://github.com/npm/registry-fetch/commit/4524d17)) - - - - -# [3.3.0](https://github.com/npm/registry-fetch/compare/v3.2.1...v3.3.0) (2018-08-21) - - -### Bug Fixes - -* **query:** stop including undefined keys ([4718b1b](https://github.com/npm/registry-fetch/commit/4718b1b)) - - -### Features - -* **otp:** use heuristic detection for malformed EOTP responses ([f035194](https://github.com/npm/registry-fetch/commit/f035194)) - - - - -## [3.2.1](https://github.com/npm/registry-fetch/compare/v3.2.0...v3.2.1) (2018-08-16) - - -### Bug Fixes - -* **opts:** pass through non-null opts.retry ([beba040](https://github.com/npm/registry-fetch/commit/beba040)) - - - - -# [3.2.0](https://github.com/npm/registry-fetch/compare/v3.1.1...v3.2.0) (2018-07-27) - - -### Features - -* **gzip:** add opts.gzip convenience opt ([340abe0](https://github.com/npm/registry-fetch/commit/340abe0)) - - - - -## [3.1.1](https://github.com/npm/registry-fetch/compare/v3.1.0...v3.1.1) (2018-04-09) - - - - -# [3.1.0](https://github.com/npm/registry-fetch/compare/v3.0.0...v3.1.0) (2018-04-09) - - -### Features - -* **config:** support no-proxy and https-proxy options ([9aa906b](https://github.com/npm/registry-fetch/commit/9aa906b)) - - - - -# [3.0.0](https://github.com/npm/registry-fetch/compare/v2.1.0...v3.0.0) (2018-04-09) - - -### Bug Fixes - -* **api:** pacote integration-related fixes ([a29de4f](https://github.com/npm/registry-fetch/commit/a29de4f)) -* **config:** stop caring about opts.config ([5856a6f](https://github.com/npm/registry-fetch/commit/5856a6f)) - - -### BREAKING CHANGES - -* **config:** opts.config is no longer supported. Pass the options down in opts itself. - - - - -# [2.1.0](https://github.com/npm/registry-fetch/compare/v2.0.0...v2.1.0) (2018-04-08) - - -### Features - -* **token:** accept opts.token for opts._authToken ([108c9f0](https://github.com/npm/registry-fetch/commit/108c9f0)) - - - - -# [2.0.0](https://github.com/npm/registry-fetch/compare/v1.1.1...v2.0.0) (2018-04-08) - - -### meta - -* drop support for node@4 ([758536e](https://github.com/npm/registry-fetch/commit/758536e)) - - -### BREAKING CHANGES - -* node@4 is no longer supported - - - - -## [1.1.1](https://github.com/npm/registry-fetch/compare/v1.1.0...v1.1.1) (2018-04-06) - - - - -# [1.1.0](https://github.com/npm/registry-fetch/compare/v1.0.1...v1.1.0) (2018-03-16) - - -### Features - -* **specs:** can use opts.spec to trigger pickManifest ([85c4ac9](https://github.com/npm/registry-fetch/commit/85c4ac9)) - - - - -## [1.0.1](https://github.com/npm/registry-fetch/compare/v1.0.0...v1.0.1) (2018-03-16) - - -### Bug Fixes - -* **query:** oops console.log ([870e4f5](https://github.com/npm/registry-fetch/commit/870e4f5)) - - - - -# 1.0.0 (2018-03-16) - - -### Bug Fixes - -* **auth:** get auth working with all the little details ([84b94ba](https://github.com/npm/registry-fetch/commit/84b94ba)) -* **deps:** add bluebird as an actual dep ([1286e31](https://github.com/npm/registry-fetch/commit/1286e31)) -* **errors:** Unknown auth errors use default code ([#1](https://github.com/npm/registry-fetch/issues/1)) ([3d91b93](https://github.com/npm/registry-fetch/commit/3d91b93)) -* **standard:** remove args from invocation ([9620a0a](https://github.com/npm/registry-fetch/commit/9620a0a)) - - -### Features - -* **api:** baseline kinda-working API impl ([bf91f9f](https://github.com/npm/registry-fetch/commit/bf91f9f)) -* **body:** automatic handling of different opts.body values ([f3b97db](https://github.com/npm/registry-fetch/commit/f3b97db)) -* **config:** nicer input config input handling ([b9ce21d](https://github.com/npm/registry-fetch/commit/b9ce21d)) -* **opts:** use figgy-pudding for opts handling ([0abd527](https://github.com/npm/registry-fetch/commit/0abd527)) -* **query:** add query utility support ([65ea8b1](https://github.com/npm/registry-fetch/commit/65ea8b1)) diff --git a/node_modules/libnpmhook/node_modules/npm-registry-fetch/LICENSE.md b/node_modules/libnpmhook/node_modules/npm-registry-fetch/LICENSE.md deleted file mode 100644 index 8d28acf866d93..0000000000000 --- a/node_modules/libnpmhook/node_modules/npm-registry-fetch/LICENSE.md +++ /dev/null @@ -1,16 +0,0 @@ -ISC License - -Copyright (c) npm, Inc. - -Permission to use, copy, modify, and/or distribute this software for -any purpose with or without fee is hereby granted, provided that the -above copyright notice and this permission notice appear in all copies. - -THE SOFTWARE IS PROVIDED "AS IS" AND THE COPYRIGHT HOLDER DISCLAIMS -ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED -WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE -COPYRIGHT HOLDER BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR -CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS -OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE -OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE -USE OR PERFORMANCE OF THIS SOFTWARE. diff --git a/node_modules/libnpmhook/node_modules/npm-registry-fetch/README.md b/node_modules/libnpmhook/node_modules/npm-registry-fetch/README.md deleted file mode 100644 index e660940e30dc4..0000000000000 --- a/node_modules/libnpmhook/node_modules/npm-registry-fetch/README.md +++ /dev/null @@ -1,635 +0,0 @@ -# npm-registry-fetch - -[![npm version](https://img.shields.io/npm/v/npm-registry-fetch.svg)](https://npm.im/npm-registry-fetch) -[![license](https://img.shields.io/npm/l/npm-registry-fetch.svg)](https://npm.im/npm-registry-fetch) -[![Travis](https://img.shields.io/travis/npm/npm-registry-fetch/latest.svg)](https://travis-ci.org/npm/npm-registry-fetch) -[![AppVeyor](https://img.shields.io/appveyor/ci/npm/npm-registry-fetch/latest.svg)](https://ci.appveyor.com/project/npm/npm-registry-fetch) -[![Coverage Status](https://coveralls.io/repos/github/npm/npm-registry-fetch/badge.svg?branch=latest)](https://coveralls.io/github/npm/npm-registry-fetch?branch=latest) - -[`npm-registry-fetch`](https://github.com/npm/npm-registry-fetch) is a Node.js -library that implements a `fetch`-like API for accessing npm registry APIs -consistently. It's able to consume npm-style configuration values and has all -the necessary logic for picking registries, handling scopes, and dealing with -authentication details built-in. - -This package is meant to replace the older -[`npm-registry-client`](https://npm.im/npm-registry-client). - -## Example - -```javascript -const npmFetch = require('npm-registry-fetch') - -console.log( - await npmFetch.json('/-/ping') -) -``` - -## Table of Contents - -* [Installing](#install) -* [Example](#example) -* [Contributing](#contributing) -* [API](#api) - * [`fetch`](#fetch) - * [`fetch.json`](#fetch-json) - * [`fetch` options](#fetch-opts) - -### Install - -`$ npm install npm-registry-fetch` - -### Contributing - -The npm team enthusiastically welcomes contributions and project participation! -There's a bunch of things you can do if you want to contribute! The [Contributor -Guide](CONTRIBUTING.md) has all the information you need for everything from -reporting bugs to contributing entire new features. Please don't hesitate to -jump in if you'd like to, or even ask us questions if something isn't clear. - -All participants and maintainers in this project are expected to follow [Code of -Conduct](CODE_OF_CONDUCT.md), and just generally be excellent to each other. - -Please refer to the [Changelog](CHANGELOG.md) for project history details, too. - -Happy hacking! - -### API - -#### Caching and `write=true` query strings - -Before performing any PUT or DELETE operation, npm clients first make a -GET request to the registry resource being updated, which includes -the query string `?write=true`. - -The semantics of this are, effectively, "I intend to write to this thing, -and need to know the latest current value, so that my write can land -cleanly". - -The public npm registry handles these `?write=true` requests by ensuring -that the cache is re-validated before sending a response. In order to -maintain the same behavior on the client, and not get tripped up by an -overeager local cache when we intend to write data to the registry, any -request that comes through `npm-registry-fetch` that contains `write=true` -in the query string will forcibly set the `prefer-online` option to `true`, -and set both `prefer-offline` and `offline` to false, so that any local -cached value will be revalidated. - -#### `> fetch(url, [opts]) -> Promise` - -Performs a request to a given URL. - -The URL can be either a full URL, or a path to one. The appropriate registry -will be automatically picked if only a URL path is given. - -For available options, please see the section on [`fetch` options](#fetch-opts). - -##### Example - -```javascript -const res = await fetch('/-/ping') -console.log(res.headers) -res.on('data', d => console.log(d.toString('utf8'))) -``` - -#### `> fetch.json(url, [opts]) -> Promise` - -Performs a request to a given registry URL, parses the body of the response as -JSON, and returns it as its final value. This is a utility shorthand for -`fetch(url).then(res => res.json())`. - -For available options, please see the section on [`fetch` options](#fetch-opts). - -##### Example - -```javascript -const res = await fetch.json('/-/ping') -console.log(res) // Body parsed as JSON -``` - -#### `> fetch.json.stream(url, jsonPath, [opts]) -> Stream` - -Performs a request to a given registry URL and parses the body of the response -as JSON, with each entry being emitted through the stream. - -The `jsonPath` argument is a [`JSONStream.parse()` -path](https://github.com/dominictarr/JSONStream#jsonstreamparsepath), and the -returned stream (unlike default `JSONStream`s), has a valid -`Symbol.asyncIterator` implementation. - -For available options, please see the section on [`fetch` options](#fetch-opts). - -##### Example - -```javascript -console.log('https://npm.im/~zkat has access to the following packages:') -for await (let {key, value} of fetch.json.stream('/-/user/zkat/package', '$*')) { - console.log(`https://npm.im/${key} (perms: ${value})`) -} -``` - -#### `fetch` Options - -Fetch options are optional, and can be passed in as either a Map-like object -(one with a `.get()` method), a plain javascript object, or a -[`figgy-pudding`](https://npm.im/figgy-pudding) instance. - -##### `opts.agent` - -* Type: http.Agent -* Default: an appropriate agent based on URL protocol and proxy settings - -An [`Agent`](https://nodejs.org/api/http.html#http_class_http_agent) instance to -be shared across requests. This allows multiple concurrent `fetch` requests to -happen on the same socket. - -You do _not_ need to provide this option unless you want something particularly -specialized, since proxy configurations and http/https agents are already -automatically managed internally when this option is not passed through. - -##### `opts.body` - -* Type: Buffer | Stream | Object -* Default: null - -Request body to send through the outgoing request. Buffers and Streams will be -passed through as-is, with a default `content-type` of -`application/octet-stream`. Plain JavaScript objects will be `JSON.stringify`ed -and the `content-type` will default to `application/json`. - -Use [`opts.headers`](#opts-headers) to set the content-type to something else. - -##### `opts.ca` - -* Type: String, Array, or null -* Default: null - -The Certificate Authority signing certificate that is trusted for SSL -connections to the registry. Values should be in PEM format (Windows calls it -"Base-64 encoded X.509 (.CER)") with newlines replaced by the string `'\n'`. For -example: - -``` -{ - ca: '-----BEGIN CERTIFICATE-----\nXXXX\nXXXX\n-----END CERTIFICATE-----' -} -``` - -Set to `null` to only allow "known" registrars, or to a specific CA cert -to trust only that specific signing authority. - -Multiple CAs can be trusted by specifying an array of certificates instead of a -single string. - -See also [`opts.strictSSL`](#opts-strictSSL), [`opts.ca`](#opts-ca) and -[`opts.key`](#opts-key) - -##### `opts.cache` - -* Type: path -* Default: null - -The location of the http cache directory. If provided, certain cachable requests -will be cached according to [IETF RFC 7234](https://tools.ietf.org/html/rfc7234) -rules. This will speed up future requests, as well as make the cached data -available offline if necessary/requested. - -See also [`offline`](#opts-offline), [`preferOffline`](#opts-preferOffline), -and [`preferOnline`](#opts-preferOnline). - -##### `opts.cert` - -* Type: String -* Default: null - -A client certificate to pass when accessing the registry. Values should be in -PEM format (Windows calls it "Base-64 encoded X.509 (.CER)") with newlines -replaced by the string `'\n'`. For example: - -``` -{ - cert: '-----BEGIN CERTIFICATE-----\nXXXX\nXXXX\n-----END CERTIFICATE-----' -} -``` - -It is _not_ the path to a certificate file (and there is no "certfile" option). - -See also: [`opts.ca`](#opts-ca) and [`opts.key`](#opts-key) - -##### `opts.fetchRetries` - -* Type: Number -* Default: 2 - -The "retries" config for [`retry`](https://npm.im/retry) to use when fetching -packages from the registry. - -See also [`opts.retry`](#opts-retry) to provide all retry options as a single -object. - -##### `opts.fetchRetryFactor` - -* Type: Number -* Default: 10 - -The "factor" config for [`retry`](https://npm.im/retry) to use when fetching -packages. - -See also [`opts.retry`](#opts-retry) to provide all retry options as a single -object. - -##### `opts.fetchRetryMintimeout` - -* Type: Number -* Default: 10000 (10 seconds) - -The "minTimeout" config for [`retry`](https://npm.im/retry) to use when fetching -packages. - -See also [`opts.retry`](#opts-retry) to provide all retry options as a single -object. - -##### `opts.fetchRetryMaxtimeout` - -* Type: Number -* Default: 60000 (1 minute) - -The "maxTimeout" config for [`retry`](https://npm.im/retry) to use when fetching -packages. - -See also [`opts.retry`](#opts-retry) to provide all retry options as a single -object. - -##### `opts.forceAuth` - -* Type: Object -* Default: null - -If present, other auth-related values in `opts` will be completely ignored, -including `alwaysAuth`, `email`, and `otp`, when calculating auth for a request, -and the auth details in `opts.forceAuth` will be used instead. - -##### `opts.gzip` - -* Type: Boolean -* Default: false - -If true, `npm-registry-fetch` will set the `Content-Encoding` header to `gzip` -and use `zlib.gzip()` or `zlib.createGzip()` to gzip-encode -[`opts.body`](#opts-body). - -##### `opts.headers` - -* Type: Object -* Default: null - -Additional headers for the outgoing request. This option can also be used to -override headers automatically generated by `npm-registry-fetch`, such as -`Content-Type`. - -##### `opts.ignoreBody` - -* Type: Boolean -* Default: false - -If true, the **response body** will be thrown away and `res.body` set to `null`. -This will prevent dangling response sockets for requests where you don't usually -care what the response body is. - -##### `opts.integrity` - -* Type: String | [SRI object](https://npm.im/ssri) -* Default: null - -If provided, the response body's will be verified against this integrity string, -using [`ssri`](https://npm.im/ssri). If verification succeeds, the response will -complete as normal. If verification fails, the response body will error with an -`EINTEGRITY` error. - -Body integrity is only verified if the body is actually consumed to completion -- -that is, if you use `res.json()`/`res.buffer()`, or if you consume the default -`res` stream data to its end. - -Cached data will have its integrity automatically verified using the -previously-generated integrity hash for the saved request information, so -`EINTEGRITY` errors can happen if [`opts.cache`](#opts-cache) is used, even if -`opts.integrity` is not passed in. - -##### `opts.isFromCI` - -* Type: Boolean -* Default: Based on environment variables - -This is used to populate the `npm-in-ci` request header sent to the registry. - -##### `opts.key` - -* Type: String -* Default: null - -A client key to pass when accessing the registry. Values should be in PEM -format with newlines replaced by the string `'\n'`. For example: - -``` -{ - key: '-----BEGIN PRIVATE KEY-----\nXXXX\nXXXX\n-----END PRIVATE KEY-----' -} -``` - -It is _not_ the path to a key file (and there is no "keyfile" option). - -See also: [`opts.ca`](#opts-ca) and [`opts.cert`](#opts-cert) - -##### `opts.localAddress` - -* Type: IP Address String -* Default: null - -The IP address of the local interface to use when making connections -to the registry. - -See also [`opts.proxy`](#opts-proxy) - -##### `opts.log` - -* Type: [`npmlog`](https://npm.im/npmlog)-like -* Default: null - -Logger object to use for logging operation details. Must have the same methods -as `npmlog`. - -##### `opts.mapJSON` - -* Type: Function -* Default: undefined - -When using `fetch.json.stream()` (NOT `fetch.json()`), this will be passed down -to [`JSONStream`](https://npm.im/JSONStream) as the second argument to -`JSONStream.parse`, and can be used to transform stream data before output. - -##### `opts.maxSockets` - -* Type: Integer -* Default: 12 - -Maximum number of sockets to keep open during requests. Has no effect if -[`opts.agent`](#opts-agent) is used. - -##### `opts.method` - -* Type: String -* Default: 'GET' - -HTTP method to use for the outgoing request. Case-insensitive. - -##### `opts.noproxy` - -* Type: Boolean -* Default: process.env.NOPROXY - -If true, proxying will be disabled even if [`opts.proxy`](#opts-proxy) is used. - -##### `opts.npmSession` - -* Type: String -* Default: null - -If provided, will be sent in the `npm-session` header. This header is used by -the npm registry to identify individual user sessions (usually individual -invocations of the CLI). - -##### `opts.npmCommand` - -* Type: String -* Default: null - -If provided, it will be sent in the `npm-command` header. This yeader is -used by the npm registry to identify the npm command that caused this -request to be made. - -##### `opts.offline` - -* Type: Boolean -* Default: false - -Force offline mode: no network requests will be done during install. To allow -`npm-registry-fetch` to fill in missing cache data, see -[`opts.preferOffline`](#opts-preferOffline). - -This option is only really useful if you're also using -[`opts.cache`](#opts-cache). - -This option is set to `true` when the request includes `write=true` in the -query string. - -##### `opts.otp` - -* Type: Number | String -* Default: null - -This is a one-time password from a two-factor authenticator. It is required for -certain registry interactions when two-factor auth is enabled for a user -account. - -##### `opts.password` - -* Alias: `_password` -* Type: String -* Default: null - -Password used for basic authentication. For the more modern authentication -method, please use the (more secure) [`opts.token`](#opts-token) - -Can optionally be scoped to a registry by using a "nerf dart" for that registry. -That is: - -``` -{ - '//registry.npmjs.org/:password': 't0k3nH34r' -} -``` - -See also [`opts.username`](#opts-username) - -##### `opts.preferOffline` - -* Type: Boolean -* Default: false - -If true, staleness checks for cached data will be bypassed, but missing data -will be requested from the server. To force full offline mode, use -[`opts.offline`](#opts-offline). - -This option is generally only useful if you're also using -[`opts.cache`](#opts-cache). - -This option is set to `false` when the request includes `write=true` in the -query string. - -##### `opts.preferOnline` - -* Type: Boolean -* Default: false - -If true, staleness checks for cached data will be forced, making the CLI look -for updates immediately even for fresh package data. - -This option is generally only useful if you're also using -[`opts.cache`](#opts-cache). - -This option is set to `true` when the request includes `write=true` in the -query string. - -##### `opts.projectScope` - -* Type: String -* Default: null - -If provided, will be sent in the `npm-scope` header. This header is used by the -npm registry to identify the toplevel package scope that a particular project -installation is using. - -##### `opts.proxy` - -* Type: url -* Default: null - -A proxy to use for outgoing http requests. If not passed in, the `HTTP(S)_PROXY` -environment variable will be used. - -##### `opts.query` - -* Type: String | Object -* Default: null - -If provided, the request URI will have a query string appended to it using this -query. If `opts.query` is an object, it will be converted to a query string -using -[`querystring.stringify()`](https://nodejs.org/api/querystring.html#querystring_querystring_stringify_obj_sep_eq_options). - -If the request URI already has a query string, it will be merged with -`opts.query`, preferring `opts.query` values. - -##### `opts.registry` - -* Type: URL -* Default: `'https://registry.npmjs.org'` - -Registry configuration for a request. If a request URL only includes the URL -path, this registry setting will be prepended. This configuration is also used -to determine authentication details, so even if the request URL references a -completely different host, `opts.registry` will be used to find the auth details -for that request. - -See also [`opts.scope`](#opts-scope), [`opts.spec`](#opts-spec), and -[`opts.:registry`](#opts-scope-registry) which can all affect the actual -registry URL used by the outgoing request. - -##### `opts.retry` - -* Type: Object -* Default: null - -Single-object configuration for request retry settings. If passed in, will -override individually-passed `fetch-retry-*` settings. - -##### `opts.scope` - -* Type: String -* Default: null - -Associate an operation with a scope for a scoped registry. This option can force -lookup of scope-specific registries and authentication. - -See also [`opts.:registry`](#opts-scope-registry) and -[`opts.spec`](#opts-spec) for interactions with this option. - -##### `opts.:registry` - -* Type: String -* Default: null - -This option type can be used to configure the registry used for requests -involving a particular scope. For example, `opts['@myscope:registry'] = -'https://scope-specific.registry/'` will make it so requests go out to this -registry instead of [`opts.registry`](#opts-registry) when -[`opts.scope`](#opts-scope) is used, or when [`opts.spec`](#opts-spec) is a -scoped package spec. - -The `@` before the scope name is optional, but recommended. - -##### `opts.spec` - -* Type: String | [`npm-registry-arg`](https://npm.im/npm-registry-arg) object. -* Default: null - -If provided, can be used to automatically configure [`opts.scope`](#opts-scope) -based on a specific package name. Non-registry package specs will throw an -error. - -##### `opts.strictSSL` - -* Type: Boolean -* Default: true - -Whether or not to do SSL key validation when making requests to the -registry via https. - -See also [`opts.ca`](#opts-ca). - -##### `opts.timeout` - -* Type: Milliseconds -* Default: 300000 (5 minutes) - -Time before a hanging request times out. - -##### `opts.token` - -* Alias: `opts._authToken` -* Type: String -* Default: null - -Authentication token string. - -Can be scoped to a registry by using a "nerf dart" for that registry. That is: - -``` -{ - '//registry.npmjs.org/:token': 't0k3nH34r' -} -``` - -##### `opts.userAgent` - -* Type: String -* Default: `'npm-registry-fetch@/node@+ ()'` - -User agent string to send in the `User-Agent` header. - -##### `opts.username` - -* Type: String -* Default: null - -Username used for basic authentication. For the more modern authentication -method, please use the (more secure) [`opts.token`](#opts-token) - -Can optionally be scoped to a registry by using a "nerf dart" for that registry. -That is: - -``` -{ - '//registry.npmjs.org/:username': 't0k3nH34r' -} -``` - -See also [`opts.password`](#opts-password) - -##### `opts._auth` - -* Type: String -* Default: null - -** DEPRECATED ** This is a legacy authentication token supported only for -compatibility. Please use [`opts.token`](#opts-token) instead. diff --git a/node_modules/libnpmhook/node_modules/npm-registry-fetch/auth.js b/node_modules/libnpmhook/node_modules/npm-registry-fetch/auth.js deleted file mode 100644 index 11c3bde6b4e6c..0000000000000 --- a/node_modules/libnpmhook/node_modules/npm-registry-fetch/auth.js +++ /dev/null @@ -1,55 +0,0 @@ -'use strict' - -const defaultOpts = require('./default-opts.js') -const url = require('url') - -module.exports = getAuth -function getAuth (registry, opts_ = {}) { - if (!registry) { throw new Error('registry is required') } - const opts = opts_.forceAuth ? opts_.forceAuth : { ...defaultOpts, ...opts_ } - const AUTH = {} - const regKey = registry && registryKey(registry) - const doKey = (key, alias) => addKey(opts, AUTH, regKey, key, alias) - doKey('token') - doKey('_authToken', 'token') - doKey('username') - doKey('password') - doKey('_password', 'password') - doKey('email') - doKey('_auth') - doKey('otp') - doKey('always-auth', 'alwaysAuth') - if (AUTH.password) { - AUTH.password = Buffer.from(AUTH.password, 'base64').toString('utf8') - } - if (AUTH._auth && !(AUTH.username && AUTH.password)) { - let auth = Buffer.from(AUTH._auth, 'base64').toString() - auth = auth.split(':') - AUTH.username = auth.shift() - AUTH.password = auth.join(':') - } - AUTH.alwaysAuth = AUTH.alwaysAuth === 'false' ? false : !!AUTH.alwaysAuth - return AUTH -} - -function addKey (opts, obj, scope, key, objKey) { - if (opts[key]) { - obj[objKey || key] = opts[key] - } - if (scope && opts[`${scope}:${key}`]) { - obj[objKey || key] = opts[`${scope}:${key}`] - } -} - -// Called a nerf dart in the main codebase. Used as a "safe" -// key when fetching registry info from config. -function registryKey (registry) { - const parsed = new url.URL(registry) - const formatted = url.format({ - protocol: parsed.protocol, - host: parsed.host, - pathname: parsed.pathname, - slashes: true - }) - return url.format(new url.URL('.', formatted)).replace(/^[^:]+:/, '') -} diff --git a/node_modules/libnpmhook/node_modules/npm-registry-fetch/check-response.js b/node_modules/libnpmhook/node_modules/npm-registry-fetch/check-response.js deleted file mode 100644 index f151711f30160..0000000000000 --- a/node_modules/libnpmhook/node_modules/npm-registry-fetch/check-response.js +++ /dev/null @@ -1,128 +0,0 @@ -'use strict' - -const errors = require('./errors.js') -const LRU = require('lru-cache') -const { Response } = require('minipass-fetch') -const defaultOpts = require('./default-opts.js') - -module.exports = checkResponse -function checkResponse (method, res, registry, startTime, opts_ = {}) { - const opts = { ...defaultOpts, ...opts_ } - if (res.headers.has('npm-notice') && !res.headers.has('x-local-cache')) { - opts.log.notice('', res.headers.get('npm-notice')) - } - checkWarnings(res, registry, opts) - if (res.status >= 400) { - logRequest(method, res, startTime, opts) - return checkErrors(method, res, startTime, opts) - } else { - res.body.on('end', () => logRequest(method, res, startTime, opts)) - if (opts.ignoreBody) { - res.body.resume() - return new Response(null, res) - } - return res - } -} - -function logRequest (method, res, startTime, opts) { - const elapsedTime = Date.now() - startTime - const attempt = res.headers.get('x-fetch-attempts') - const attemptStr = attempt && attempt > 1 ? ` attempt #${attempt}` : '' - const cacheStr = res.headers.get('x-local-cache') ? ' (from cache)' : '' - - let urlStr - try { - const { URL } = require('url') - const url = new URL(res.url) - if (url.password) { - url.password = '***' - } - urlStr = url.toString() - } catch (er) { - urlStr = res.url - } - - opts.log.http( - 'fetch', - `${method.toUpperCase()} ${res.status} ${urlStr} ${elapsedTime}ms${attemptStr}${cacheStr}` - ) -} - -const WARNING_REGEXP = /^\s*(\d{3})\s+(\S+)\s+"(.*)"\s+"([^"]+)"/ -const BAD_HOSTS = new LRU({ max: 50 }) - -function checkWarnings (res, registry, opts) { - if (res.headers.has('warning') && !BAD_HOSTS.has(registry)) { - const warnings = {} - // note: headers.raw() will preserve case, so we might have a - // key on the object like 'WaRnInG' if that was used first - for (const [key, value] of Object.entries(res.headers.raw())) { - if (key.toLowerCase() !== 'warning') { continue } - value.forEach(w => { - const match = w.match(WARNING_REGEXP) - if (match) { - warnings[match[1]] = { - code: match[1], - host: match[2], - message: match[3], - date: new Date(match[4]) - } - } - }) - } - BAD_HOSTS.set(registry, true) - if (warnings['199']) { - if (warnings['199'].message.match(/ENOTFOUND/)) { - opts.log.warn('registry', `Using stale data from ${registry} because the host is inaccessible -- are you offline?`) - } else { - opts.log.warn('registry', `Unexpected warning for ${registry}: ${warnings['199'].message}`) - } - } - if (warnings['111']) { - // 111 Revalidation failed -- we're using stale data - opts.log.warn( - 'registry', - `Using stale data from ${registry} due to a request error during revalidation.` - ) - } - } -} - -function checkErrors (method, res, startTime, opts) { - return res.buffer() - .catch(() => null) - .then(body => { - let parsed = body - try { - parsed = JSON.parse(body.toString('utf8')) - } catch (e) {} - if (res.status === 401 && res.headers.get('www-authenticate')) { - const auth = res.headers.get('www-authenticate') - .split(/,\s*/) - .map(s => s.toLowerCase()) - if (auth.indexOf('ipaddress') !== -1) { - throw new errors.HttpErrorAuthIPAddress( - method, res, parsed, opts.spec - ) - } else if (auth.indexOf('otp') !== -1) { - throw new errors.HttpErrorAuthOTP( - method, res, parsed, opts.spec - ) - } else { - throw new errors.HttpErrorAuthUnknown( - method, res, parsed, opts.spec - ) - } - } else if (res.status === 401 && body != null && /one-time pass/.test(body.toString('utf8'))) { - // Heuristic for malformed OTP responses that don't include the www-authenticate header. - throw new errors.HttpErrorAuthOTP( - method, res, parsed, opts.spec - ) - } else { - throw new errors.HttpErrorGeneral( - method, res, parsed, opts.spec - ) - } - }) -} diff --git a/node_modules/libnpmhook/node_modules/npm-registry-fetch/default-opts.js b/node_modules/libnpmhook/node_modules/npm-registry-fetch/default-opts.js deleted file mode 100644 index b742fd5a5fcd4..0000000000000 --- a/node_modules/libnpmhook/node_modules/npm-registry-fetch/default-opts.js +++ /dev/null @@ -1,22 +0,0 @@ -const pkg = require('./package.json') -const ciDetect = require('@npmcli/ci-detect') -module.exports = { - isFromCI: ciDetect(), - log: require('./silentlog.js'), - maxSockets: 12, - method: 'GET', - registry: 'https://registry.npmjs.org/', - timeout: 5 * 60 * 1000, // 5 minutes - strictSSL: true, - noProxy: process.env.NOPROXY, - userAgent: `${pkg.name - }@${ - pkg.version - }/node@${ - process.version - }+${ - process.arch - } (${ - process.platform - })` -} diff --git a/node_modules/libnpmhook/node_modules/npm-registry-fetch/errors.js b/node_modules/libnpmhook/node_modules/npm-registry-fetch/errors.js deleted file mode 100644 index c41947e29952d..0000000000000 --- a/node_modules/libnpmhook/node_modules/npm-registry-fetch/errors.js +++ /dev/null @@ -1,79 +0,0 @@ -'use strict' - -const url = require('url') - -function packageName (href) { - try { - let basePath = new url.URL(href).pathname.substr(1) - if (!basePath.match(/^-/)) { - basePath = basePath.split('/') - var index = basePath.indexOf('_rewrite') - if (index === -1) { - index = basePath.length - 1 - } else { - index++ - } - return decodeURIComponent(basePath[index]) - } - } catch (_) { - // this is ok - } -} - -class HttpErrorBase extends Error { - constructor (method, res, body, spec) { - super() - this.headers = res.headers.raw() - this.statusCode = res.status - this.code = `E${res.status}` - this.method = method - this.uri = res.url - this.body = body - this.pkgid = spec ? spec.toString() : packageName(res.url) - } -} -module.exports.HttpErrorBase = HttpErrorBase - -class HttpErrorGeneral extends HttpErrorBase { - constructor (method, res, body, spec) { - super(method, res, body, spec) - this.message = `${res.status} ${res.statusText} - ${ - this.method.toUpperCase() - } ${ - this.spec || this.uri - }${ - (body && body.error) ? ' - ' + body.error : '' - }` - Error.captureStackTrace(this, HttpErrorGeneral) - } -} -module.exports.HttpErrorGeneral = HttpErrorGeneral - -class HttpErrorAuthOTP extends HttpErrorBase { - constructor (method, res, body, spec) { - super(method, res, body, spec) - this.message = 'OTP required for authentication' - this.code = 'EOTP' - Error.captureStackTrace(this, HttpErrorAuthOTP) - } -} -module.exports.HttpErrorAuthOTP = HttpErrorAuthOTP - -class HttpErrorAuthIPAddress extends HttpErrorBase { - constructor (method, res, body, spec) { - super(method, res, body, spec) - this.message = 'Login is not allowed from your IP address' - this.code = 'EAUTHIP' - Error.captureStackTrace(this, HttpErrorAuthIPAddress) - } -} -module.exports.HttpErrorAuthIPAddress = HttpErrorAuthIPAddress - -class HttpErrorAuthUnknown extends HttpErrorBase { - constructor (method, res, body, spec) { - super(method, res, body, spec) - this.message = 'Unable to authenticate, need: ' + res.headers.get('www-authenticate') - Error.captureStackTrace(this, HttpErrorAuthUnknown) - } -} -module.exports.HttpErrorAuthUnknown = HttpErrorAuthUnknown diff --git a/node_modules/libnpmhook/node_modules/npm-registry-fetch/index.js b/node_modules/libnpmhook/node_modules/npm-registry-fetch/index.js deleted file mode 100644 index 2324e7fbfd00b..0000000000000 --- a/node_modules/libnpmhook/node_modules/npm-registry-fetch/index.js +++ /dev/null @@ -1,219 +0,0 @@ -'use strict' - -const checkResponse = require('./check-response.js') -const getAuth = require('./auth.js') -const fetch = require('make-fetch-happen') -const JSONStream = require('minipass-json-stream') -const npa = require('npm-package-arg') -const qs = require('querystring') -const url = require('url') -const zlib = require('minizlib') -const Minipass = require('minipass') - -const defaultOpts = require('./default-opts.js') - -// WhatWG URL throws if it's not fully resolved -const urlIsValid = u => { - try { - return !!new url.URL(u) - } catch (_) { - return false - } -} - -module.exports = regFetch -function regFetch (uri, /* istanbul ignore next */ opts_ = {}) { - const opts = { - ...defaultOpts, - ...opts_ - } - const registry = opts.registry = ( - (opts.spec && pickRegistry(opts.spec, opts)) || - (opts.publishConfig && opts.publishConfig.registry) || - opts.registry || - /* istanbul ignore next */ - 'https://registry.npmjs.org/' - ) - - if (!urlIsValid(uri)) { - uri = `${ - registry.trim().replace(/\/?$/g, '') - }/${ - uri.trim().replace(/^\//, '') - }` - } - - const method = opts.method || 'GET' - - // through that takes into account the scope, the prefix of `uri`, etc - const startTime = Date.now() - const headers = getHeaders(registry, uri, opts) - let body = opts.body - const bodyIsStream = Minipass.isStream(body) - const bodyIsPromise = body && - typeof body === 'object' && - typeof body.then === 'function' - - if (body && !bodyIsStream && !bodyIsPromise && typeof body !== 'string' && !Buffer.isBuffer(body)) { - headers['content-type'] = headers['content-type'] || 'application/json' - body = JSON.stringify(body) - } else if (body && !headers['content-type']) { - headers['content-type'] = 'application/octet-stream' - } - - if (opts.gzip) { - headers['content-encoding'] = 'gzip' - if (bodyIsStream) { - const gz = new zlib.Gzip() - body.on('error', /* istanbul ignore next: unlikely and hard to test */ - err => gz.emit('error', err)) - body = body.pipe(gz) - } else if (!bodyIsPromise) { - body = new zlib.Gzip().end(body).concat() - } - } - - const parsed = new url.URL(uri) - - if (opts.query) { - const q = typeof opts.query === 'string' - ? qs.parse(opts.query) - : opts.query - - Object.keys(q).forEach(key => { - if (q[key] !== undefined) { - parsed.searchParams.set(key, q[key]) - } - }) - uri = url.format(parsed) - } - - if (parsed.searchParams.get('write') === 'true' && method === 'GET') { - // do not cache, because this GET is fetching a rev that will be - // used for a subsequent PUT or DELETE, so we need to conditionally - // update cache. - opts.offline = false - opts.preferOffline = false - opts.preferOnline = true - } - - const doFetch = (body) => fetch(uri, { - agent: opts.agent, - algorithms: opts.algorithms, - body, - cache: getCacheMode(opts), - cacheManager: opts.cache, - ca: opts.ca, - cert: opts.cert, - headers, - integrity: opts.integrity, - key: opts.key, - localAddress: opts.localAddress, - maxSockets: opts.maxSockets, - memoize: opts.memoize, - method: method, - noProxy: opts.noProxy, - proxy: opts.httpsProxy || opts.proxy, - retry: opts.retry ? opts.retry : { - retries: opts.fetchRetries, - factor: opts.fetchRetryFactor, - minTimeout: opts.fetchRetryMintimeout, - maxTimeout: opts.fetchRetryMaxtimeout - }, - strictSSL: opts.strictSSL, - timeout: opts.timeout || 30 * 1000 - }).then(res => checkResponse( - method, res, registry, startTime, opts - )) - - return Promise.resolve(body).then(doFetch) -} - -module.exports.json = fetchJSON -function fetchJSON (uri, opts) { - return regFetch(uri, opts).then(res => res.json()) -} - -module.exports.json.stream = fetchJSONStream -function fetchJSONStream (uri, jsonPath, /* istanbul ignore next */ opts_ = {}) { - const opts = { ...defaultOpts, ...opts_ } - const parser = JSONStream.parse(jsonPath, opts.mapJSON) - regFetch(uri, opts).then(res => - res.body.on('error', - /* istanbul ignore next: unlikely and difficult to test */ - er => parser.emit('error', er)).pipe(parser) - ).catch(er => parser.emit('error', er)) - return parser -} - -module.exports.pickRegistry = pickRegistry -function pickRegistry (spec, opts = {}) { - spec = npa(spec) - let registry = spec.scope && - opts[spec.scope.replace(/^@?/, '@') + ':registry'] - - if (!registry && opts.scope) { - registry = opts[opts.scope.replace(/^@?/, '@') + ':registry'] - } - - if (!registry && opts.publishConfig) { - registry = opts.publishConfig.registry - } - - if (!registry) { - registry = opts.registry || 'https://registry.npmjs.org/' - } - - return registry -} - -function getCacheMode (opts) { - return opts.offline - ? 'only-if-cached' - : opts.preferOffline - ? 'force-cache' - : opts.preferOnline - ? 'no-cache' - : 'default' -} - -function getHeaders (registry, uri, opts) { - const headers = Object.assign({ - 'npm-in-ci': !!opts.isFromCI, - 'user-agent': opts.userAgent - }, opts.headers || {}) - - if (opts.projectScope) { - headers['npm-scope'] = opts.projectScope - } - - if (opts.npmSession) { - headers['npm-session'] = opts.npmSession - } - - if (opts.npmCommand) { - headers['npm-command'] = opts.npmCommand - } - - const auth = getAuth(registry, opts) - // If a tarball is hosted on a different place than the manifest, only send - // credentials on `alwaysAuth` - const shouldAuth = ( - auth.alwaysAuth || - new url.URL(uri).host === new url.URL(registry).host - ) - if (shouldAuth && auth.token) { - headers.authorization = `Bearer ${auth.token}` - } else if (shouldAuth && auth.username && auth.password) { - const encoded = Buffer.from( - `${auth.username}:${auth.password}`, 'utf8' - ).toString('base64') - headers.authorization = `Basic ${encoded}` - } else if (shouldAuth && auth._auth) { - headers.authorization = `Basic ${auth._auth}` - } - if (shouldAuth && auth.otp) { - headers['npm-otp'] = auth.otp - } - return headers -} diff --git a/node_modules/libnpmhook/node_modules/npm-registry-fetch/package.json b/node_modules/libnpmhook/node_modules/npm-registry-fetch/package.json deleted file mode 100644 index 5aeddc5b39102..0000000000000 --- a/node_modules/libnpmhook/node_modules/npm-registry-fetch/package.json +++ /dev/null @@ -1,59 +0,0 @@ -{ - "name": "npm-registry-fetch", - "version": "8.1.5", - "description": "Fetch-based http client for use with npm registry APIs", - "main": "index.js", - "files": [ - "*.js", - "lib" - ], - "scripts": { - "postrelease": "npm publish", - "posttest": "standard", - "prepublishOnly": "git push --follow-tags", - "prerelease": "npm t", - "release": "standard-version -s", - "test": "tap" - }, - "repository": "https://github.com/npm/registry-fetch", - "keywords": [ - "npm", - "registry", - "fetch" - ], - "author": { - "name": "Kat Marchán", - "email": "kzm@sykosomatic.org", - "twitter": "maybekatz" - }, - "license": "ISC", - "dependencies": { - "@npmcli/ci-detect": "^1.0.0", - "lru-cache": "^6.0.0", - "make-fetch-happen": "^8.0.9", - "minipass": "^3.1.3", - "minipass-fetch": "^1.3.0", - "minipass-json-stream": "^1.0.1", - "minizlib": "^2.0.0", - "npm-package-arg": "^8.0.0" - }, - "devDependencies": { - "cacache": "^15.0.0", - "mkdirp": "^0.5.1", - "nock": "^11.7.0", - "npmlog": "^4.1.2", - "require-inject": "^1.4.4", - "rimraf": "^2.6.2", - "ssri": "^8.0.0", - "standard": "^14.3.3", - "standard-version": "^7.1.0", - "tap": "^14.10.7" - }, - "tap": { - "check-coverage": true, - "test-ignore": "test[\\\\/](util|cache)[\\\\/]" - }, - "engines": { - "node": ">=10" - } -} diff --git a/node_modules/libnpmhook/node_modules/npm-registry-fetch/silentlog.js b/node_modules/libnpmhook/node_modules/npm-registry-fetch/silentlog.js deleted file mode 100644 index 886c5d55b2dbb..0000000000000 --- a/node_modules/libnpmhook/node_modules/npm-registry-fetch/silentlog.js +++ /dev/null @@ -1,14 +0,0 @@ -'use strict' - -const noop = Function.prototype -module.exports = { - error: noop, - warn: noop, - notice: noop, - info: noop, - verbose: noop, - silly: noop, - http: noop, - pause: noop, - resume: noop -} diff --git a/node_modules/libnpmhook/package.json b/node_modules/libnpmhook/package.json index d8c5c687d5b89..abdac88e2c45f 100644 --- a/node_modules/libnpmhook/package.json +++ b/node_modules/libnpmhook/package.json @@ -1,6 +1,6 @@ { "name": "libnpmhook", - "version": "6.0.0", + "version": "6.0.1", "description": "programmatic API for managing npm registry hooks", "main": "index.js", "files": [ @@ -28,7 +28,7 @@ "license": "ISC", "dependencies": { "aproba": "^2.0.0", - "npm-registry-fetch": "^8.0.0" + "npm-registry-fetch": "^9.0.0" }, "devDependencies": { "nock": "^9.6.1", diff --git a/package-lock.json b/package-lock.json index 16f2f0b4afb52..dd2887b197da1 100644 --- a/package-lock.json +++ b/package-lock.json @@ -106,7 +106,7 @@ "leven": "^3.1.0", "libnpmaccess": "^4.0.0", "libnpmfund": "^1.0.1", - "libnpmhook": "^6.0.0", + "libnpmhook": "^6.0.1", "libnpmorg": "^2.0.1", "libnpmpack": "^2.0.0", "libnpmpublish": "^4.0.0", @@ -3732,31 +3732,13 @@ } }, "node_modules/libnpmhook": { - "version": "6.0.0", + "version": "6.0.1", + "resolved": "https://registry.npmjs.org/libnpmhook/-/libnpmhook-6.0.1.tgz", + "integrity": "sha512-rwiWIWAQ6R5sPFRi9gsSC/+1/BxFlxk5nNQysVTXEHbqM9ds8g/duW79wRbZKnRyK1xyOmafxbj69nt9tcUkyw==", "inBundle": true, - "license": "ISC", "dependencies": { "aproba": "^2.0.0", - "npm-registry-fetch": "^8.0.0" - }, - "engines": { - "node": ">=10" - } - }, - "node_modules/libnpmhook/node_modules/npm-registry-fetch": { - "version": "8.1.5", - "resolved": "https://registry.npmjs.org/npm-registry-fetch/-/npm-registry-fetch-8.1.5.tgz", - "integrity": "sha512-yZPNoJK9clx1jhSXU54kU6Aj1SV2p7mXUs1W/6OjQvek3wb1RrjDCrt4iY1+VX9eBQvvSGEpzNmYkRUaTL8rqg==", - "inBundle": true, - "dependencies": { - "@npmcli/ci-detect": "^1.0.0", - "lru-cache": "^6.0.0", - "make-fetch-happen": "^8.0.9", - "minipass": "^3.1.3", - "minipass-fetch": "^1.3.0", - "minipass-json-stream": "^1.0.1", - "minizlib": "^2.0.0", - "npm-package-arg": "^8.0.0" + "npm-registry-fetch": "^9.0.0" }, "engines": { "node": ">=10" @@ -11495,27 +11477,12 @@ } }, "libnpmhook": { - "version": "6.0.0", + "version": "6.0.1", + "resolved": "https://registry.npmjs.org/libnpmhook/-/libnpmhook-6.0.1.tgz", + "integrity": "sha512-rwiWIWAQ6R5sPFRi9gsSC/+1/BxFlxk5nNQysVTXEHbqM9ds8g/duW79wRbZKnRyK1xyOmafxbj69nt9tcUkyw==", "requires": { "aproba": "^2.0.0", - "npm-registry-fetch": "^8.0.0" - }, - "dependencies": { - "npm-registry-fetch": { - "version": "8.1.5", - "resolved": "https://registry.npmjs.org/npm-registry-fetch/-/npm-registry-fetch-8.1.5.tgz", - "integrity": "sha512-yZPNoJK9clx1jhSXU54kU6Aj1SV2p7mXUs1W/6OjQvek3wb1RrjDCrt4iY1+VX9eBQvvSGEpzNmYkRUaTL8rqg==", - "requires": { - "@npmcli/ci-detect": "^1.0.0", - "lru-cache": "^6.0.0", - "make-fetch-happen": "^8.0.9", - "minipass": "^3.1.3", - "minipass-fetch": "^1.3.0", - "minipass-json-stream": "^1.0.1", - "minizlib": "^2.0.0", - "npm-package-arg": "^8.0.0" - } - } + "npm-registry-fetch": "^9.0.0" } }, "libnpmorg": { diff --git a/package.json b/package.json index 036227644a9e6..117bbb8f35f4c 100644 --- a/package.json +++ b/package.json @@ -70,7 +70,7 @@ "leven": "^3.1.0", "libnpmaccess": "^4.0.0", "libnpmfund": "^1.0.1", - "libnpmhook": "^6.0.0", + "libnpmhook": "^6.0.1", "libnpmorg": "^2.0.1", "libnpmpack": "^2.0.0", "libnpmpublish": "^4.0.0", From 32fd744ea745f297f0be79a80955f077a57c4ac7 Mon Sep 17 00:00:00 2001 From: isaacs Date: Tue, 3 Nov 2020 13:08:06 -0800 Subject: [PATCH 14/21] libnpmaccess@4.0.1 --- .../npm-registry-fetch/CHANGELOG.md | 384 ----------- .../npm-registry-fetch/LICENSE.md | 16 - .../node_modules/npm-registry-fetch/README.md | 635 ------------------ .../node_modules/npm-registry-fetch/auth.js | 55 -- .../npm-registry-fetch/check-response.js | 128 ---- .../npm-registry-fetch/default-opts.js | 22 - .../node_modules/npm-registry-fetch/errors.js | 79 --- .../node_modules/npm-registry-fetch/index.js | 219 ------ .../npm-registry-fetch/package.json | 59 -- .../npm-registry-fetch/silentlog.js | 14 - node_modules/libnpmaccess/package.json | 4 +- package-lock.json | 51 +- package.json | 2 +- 13 files changed, 12 insertions(+), 1656 deletions(-) delete mode 100644 node_modules/libnpmaccess/node_modules/npm-registry-fetch/CHANGELOG.md delete mode 100644 node_modules/libnpmaccess/node_modules/npm-registry-fetch/LICENSE.md delete mode 100644 node_modules/libnpmaccess/node_modules/npm-registry-fetch/README.md delete mode 100644 node_modules/libnpmaccess/node_modules/npm-registry-fetch/auth.js delete mode 100644 node_modules/libnpmaccess/node_modules/npm-registry-fetch/check-response.js delete mode 100644 node_modules/libnpmaccess/node_modules/npm-registry-fetch/default-opts.js delete mode 100644 node_modules/libnpmaccess/node_modules/npm-registry-fetch/errors.js delete mode 100644 node_modules/libnpmaccess/node_modules/npm-registry-fetch/index.js delete mode 100644 node_modules/libnpmaccess/node_modules/npm-registry-fetch/package.json delete mode 100644 node_modules/libnpmaccess/node_modules/npm-registry-fetch/silentlog.js diff --git a/node_modules/libnpmaccess/node_modules/npm-registry-fetch/CHANGELOG.md b/node_modules/libnpmaccess/node_modules/npm-registry-fetch/CHANGELOG.md deleted file mode 100644 index fc26ee1bda4ba..0000000000000 --- a/node_modules/libnpmaccess/node_modules/npm-registry-fetch/CHANGELOG.md +++ /dev/null @@ -1,384 +0,0 @@ -# Changelog - -All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines. - -### [8.1.5](https://github.com/npm/registry-fetch/compare/v8.1.4...v8.1.5) (2020-10-12) - - -### Bug Fixes - -* respect publishConfig.registry when specified ([32e36ef](https://github.com/npm/registry-fetch/commit/32e36efe86302ed319973cd5b1e6ccc3f62e557e)), closes [#35](https://github.com/npm/registry-fetch/issues/35) - -### [8.1.4](https://github.com/npm/registry-fetch/compare/v8.1.3...v8.1.4) (2020-08-17) - - -### Bug Fixes - -* redact passwords from http logs ([3c294eb](https://github.com/npm/registry-fetch/commit/3c294ebbd7821725db4ff1bc5fe368c49613efcc)) - -### [8.1.3](https://github.com/npm/registry-fetch/compare/v8.1.2...v8.1.3) (2020-07-21) - -### [8.1.2](https://github.com/npm/registry-fetch/compare/v8.1.1...v8.1.2) (2020-07-11) - -### [8.1.1](https://github.com/npm/registry-fetch/compare/v8.1.0...v8.1.1) (2020-06-30) - -## [8.1.0](https://github.com/npm/registry-fetch/compare/v8.0.3...v8.1.0) (2020-05-20) - - -### Features - -* add npm-command HTTP header ([1bb4eb2](https://github.com/npm/registry-fetch/commit/1bb4eb2c66ee8a0dc62558bdcff1b548e2bb9820)) - -### [8.0.3](https://github.com/npm/registry-fetch/compare/v8.0.2...v8.0.3) (2020-05-13) - - -### Bug Fixes - -* update minipass and make-fetch-happen to latest ([3b6c5d0](https://github.com/npm/registry-fetch/commit/3b6c5d0d8ccd4c4a97862a65acef956f19aec127)), closes [#23](https://github.com/npm/registry-fetch/issues/23) - -### [8.0.2](https://github.com/npm/registry-fetch/compare/v8.0.1...v8.0.2) (2020-05-04) - - -### Bug Fixes - -* update make-fetch-happen to 8.0.6 ([226df2c](https://github.com/npm/registry-fetch/commit/226df2c32e3f9ed8ceefcfdbd11efb178181b442)) - -## [8.0.0](https://github.com/npm/registry-fetch/compare/v7.0.1...v8.0.0) (2020-02-24) - - -### ⚠ BREAKING CHANGES - -* Removes the 'opts.refer' option and the HTTP Referer -header (unless explicitly added to the 'headers' option, of course). - -PR-URL: https://github.com/npm/npm-registry-fetch/pull/25 -Credit: @isaacs - -### Bug Fixes - -* remove referer header and opts.refer ([eb8f7af](https://github.com/npm/registry-fetch/commit/eb8f7af3c102834856604c1be664b00ca0fe8ef2)), closes [#25](https://github.com/npm/registry-fetch/issues/25) - -### [7.0.1](https://github.com/npm/registry-fetch/compare/v7.0.0...v7.0.1) (2020-02-24) - -## [7.0.0](https://github.com/npm/registry-fetch/compare/v6.0.2...v7.0.0) (2020-02-18) - - -### ⚠ BREAKING CHANGES - -* figgy pudding is now nowhere to be found. -* this removes figgy-pudding, and drops several option -aliases. - -Defaults and behavior are all the same, and this module is now using the -canonical camelCase option names that npm v7 will provide to all its -deps. - -Related to: https://github.com/npm/rfcs/pull/102 - -PR-URL: https://github.com/npm/npm-registry-fetch/pull/22 -Credit: @isaacs - -### Bug Fixes - -* Remove figgy-pudding, use canonical option names ([ede3c08](https://github.com/npm/registry-fetch/commit/ede3c087007fd1808e02b1af70562220d03b18a9)), closes [#22](https://github.com/npm/registry-fetch/issues/22) - - -* update cacache, ssri, make-fetch-happen ([57fcc88](https://github.com/npm/registry-fetch/commit/57fcc889bee03edcc0a2025d96a171039108c231)) - -### [6.0.2](https://github.com/npm/registry-fetch/compare/v6.0.1...v6.0.2) (2020-02-14) - - -### Bug Fixes - -* always bypass cache when ?write=true ([83f89f3](https://github.com/npm/registry-fetch/commit/83f89f35abd2ed0507c869e37f90ed746375772c)) - -### [6.0.1](https://github.com/npm/registry-fetch/compare/v6.0.0...v6.0.1) (2020-02-14) - - -### Bug Fixes - -* use 30s default for timeout as per README ([50e8afc](https://github.com/npm/registry-fetch/commit/50e8afc6ff850542feb588f9f9c64ebae59e72a0)), closes [#20](https://github.com/npm/registry-fetch/issues/20) - -## [6.0.0](https://github.com/npm/registry-fetch/compare/v5.0.1...v6.0.0) (2019-12-17) - - -### ⚠ BREAKING CHANGES - -* This drops support for node < 10. - -There are some lint failures due to standard pushing for using WhatWG URL -objects instead of url.parse/url.resolve. However, the code in this lib -does some fancy things with the query/search portions of the parsed url -object, so it'll take a bit of care to make it work properly. - -### Bug Fixes - -* detect CI so our tests don't fail in CI ([5813da6](https://github.com/npm/registry-fetch/commit/5813da634cef73b12e40373972d7937e6934fce0)) -* Use WhatWG URLs instead of url.parse ([8ccfa8a](https://github.com/npm/registry-fetch/commit/8ccfa8a72c38cfedb0f525b7f453644fd4444f99)) - - -* normalize settings, drop old nodes, update deps ([510b125](https://github.com/npm/registry-fetch/commit/510b1255cc7ed4bb397a34e0007757dae33e2275)) - - -## [5.0.1](https://github.com/npm/registry-fetch/compare/v5.0.0...v5.0.1) (2019-11-11) - - - - -# [5.0.0](https://github.com/npm/registry-fetch/compare/v4.0.2...v5.0.0) (2019-10-04) - - -### Bug Fixes - -* prefer const in getAuth function ([90ac7b1](https://github.com/npm/registry-fetch/commit/90ac7b1)) -* use minizlib instead of core zlib ([e64702e](https://github.com/npm/registry-fetch/commit/e64702e)) - - -### Features - -* refactor to use Minipass streams ([bb37f20](https://github.com/npm/registry-fetch/commit/bb37f20)) - - -### BREAKING CHANGES - -* this replaces all core streams (except for some -PassThrough streams in a few tests) with Minipass streams, and updates -all deps to the latest and greatest Minipass versions of things. - - - - -## [4.0.2](https://github.com/npm/registry-fetch/compare/v4.0.0...v4.0.2) (2019-10-04) - - -### Bug Fixes - -* Add null check on body on 401 errors ([e3a0186](https://github.com/npm/registry-fetch/commit/e3a0186)), closes [#9](https://github.com/npm/registry-fetch/issues/9) -* **deps:** Add explicit dependency on safe-buffer ([8eae5f0](https://github.com/npm/registry-fetch/commit/8eae5f0)), closes [npm/libnpmaccess#2](https://github.com/npm/libnpmaccess/issues/2) [#3](https://github.com/npm/registry-fetch/issues/3) - - - - -# [4.0.0](https://github.com/npm/registry-fetch/compare/v3.9.1...v4.0.0) (2019-07-15) - - -* cacache@12.0.0, infer uid from cache folder ([0c4f060](https://github.com/npm/registry-fetch/commit/0c4f060)) - - -### BREAKING CHANGES - -* uid and gid are inferred from cache folder, rather than -being passed in as options. - - - - -## [3.9.1](https://github.com/npm/registry-fetch/compare/v3.9.0...v3.9.1) (2019-07-02) - - - - -# [3.9.0](https://github.com/npm/registry-fetch/compare/v3.8.0...v3.9.0) (2019-01-24) - - -### Features - -* **auth:** support username:password encoded legacy _auth ([a91f90c](https://github.com/npm/registry-fetch/commit/a91f90c)) - - - - -# [3.8.0](https://github.com/npm/registry-fetch/compare/v3.7.0...v3.8.0) (2018-08-23) - - -### Features - -* **mapJson:** add support for passing in json stream mapper ([0600986](https://github.com/npm/registry-fetch/commit/0600986)) - - - - -# [3.7.0](https://github.com/npm/registry-fetch/compare/v3.6.0...v3.7.0) (2018-08-23) - - -### Features - -* **json.stream:** add utility function for streamed JSON parsing ([051d969](https://github.com/npm/registry-fetch/commit/051d969)) - - - - -# [3.6.0](https://github.com/npm/registry-fetch/compare/v3.5.0...v3.6.0) (2018-08-22) - - -### Bug Fixes - -* **docs:** document opts.forceAuth ([40bcd65](https://github.com/npm/registry-fetch/commit/40bcd65)) - - -### Features - -* **opts.ignoreBody:** add a boolean to throw away response bodies ([6923702](https://github.com/npm/registry-fetch/commit/6923702)) - - - - -# [3.5.0](https://github.com/npm/registry-fetch/compare/v3.4.0...v3.5.0) (2018-08-22) - - -### Features - -* **pkgid:** heuristic pkgid calculation for errors ([2e789a5](https://github.com/npm/registry-fetch/commit/2e789a5)) - - - - -# [3.4.0](https://github.com/npm/registry-fetch/compare/v3.3.0...v3.4.0) (2018-08-22) - - -### Bug Fixes - -* **deps:** use new figgy-pudding with aliases fix ([0308f54](https://github.com/npm/registry-fetch/commit/0308f54)) - - -### Features - -* **auth:** add forceAuth option to force a specific auth mechanism ([4524d17](https://github.com/npm/registry-fetch/commit/4524d17)) - - - - -# [3.3.0](https://github.com/npm/registry-fetch/compare/v3.2.1...v3.3.0) (2018-08-21) - - -### Bug Fixes - -* **query:** stop including undefined keys ([4718b1b](https://github.com/npm/registry-fetch/commit/4718b1b)) - - -### Features - -* **otp:** use heuristic detection for malformed EOTP responses ([f035194](https://github.com/npm/registry-fetch/commit/f035194)) - - - - -## [3.2.1](https://github.com/npm/registry-fetch/compare/v3.2.0...v3.2.1) (2018-08-16) - - -### Bug Fixes - -* **opts:** pass through non-null opts.retry ([beba040](https://github.com/npm/registry-fetch/commit/beba040)) - - - - -# [3.2.0](https://github.com/npm/registry-fetch/compare/v3.1.1...v3.2.0) (2018-07-27) - - -### Features - -* **gzip:** add opts.gzip convenience opt ([340abe0](https://github.com/npm/registry-fetch/commit/340abe0)) - - - - -## [3.1.1](https://github.com/npm/registry-fetch/compare/v3.1.0...v3.1.1) (2018-04-09) - - - - -# [3.1.0](https://github.com/npm/registry-fetch/compare/v3.0.0...v3.1.0) (2018-04-09) - - -### Features - -* **config:** support no-proxy and https-proxy options ([9aa906b](https://github.com/npm/registry-fetch/commit/9aa906b)) - - - - -# [3.0.0](https://github.com/npm/registry-fetch/compare/v2.1.0...v3.0.0) (2018-04-09) - - -### Bug Fixes - -* **api:** pacote integration-related fixes ([a29de4f](https://github.com/npm/registry-fetch/commit/a29de4f)) -* **config:** stop caring about opts.config ([5856a6f](https://github.com/npm/registry-fetch/commit/5856a6f)) - - -### BREAKING CHANGES - -* **config:** opts.config is no longer supported. Pass the options down in opts itself. - - - - -# [2.1.0](https://github.com/npm/registry-fetch/compare/v2.0.0...v2.1.0) (2018-04-08) - - -### Features - -* **token:** accept opts.token for opts._authToken ([108c9f0](https://github.com/npm/registry-fetch/commit/108c9f0)) - - - - -# [2.0.0](https://github.com/npm/registry-fetch/compare/v1.1.1...v2.0.0) (2018-04-08) - - -### meta - -* drop support for node@4 ([758536e](https://github.com/npm/registry-fetch/commit/758536e)) - - -### BREAKING CHANGES - -* node@4 is no longer supported - - - - -## [1.1.1](https://github.com/npm/registry-fetch/compare/v1.1.0...v1.1.1) (2018-04-06) - - - - -# [1.1.0](https://github.com/npm/registry-fetch/compare/v1.0.1...v1.1.0) (2018-03-16) - - -### Features - -* **specs:** can use opts.spec to trigger pickManifest ([85c4ac9](https://github.com/npm/registry-fetch/commit/85c4ac9)) - - - - -## [1.0.1](https://github.com/npm/registry-fetch/compare/v1.0.0...v1.0.1) (2018-03-16) - - -### Bug Fixes - -* **query:** oops console.log ([870e4f5](https://github.com/npm/registry-fetch/commit/870e4f5)) - - - - -# 1.0.0 (2018-03-16) - - -### Bug Fixes - -* **auth:** get auth working with all the little details ([84b94ba](https://github.com/npm/registry-fetch/commit/84b94ba)) -* **deps:** add bluebird as an actual dep ([1286e31](https://github.com/npm/registry-fetch/commit/1286e31)) -* **errors:** Unknown auth errors use default code ([#1](https://github.com/npm/registry-fetch/issues/1)) ([3d91b93](https://github.com/npm/registry-fetch/commit/3d91b93)) -* **standard:** remove args from invocation ([9620a0a](https://github.com/npm/registry-fetch/commit/9620a0a)) - - -### Features - -* **api:** baseline kinda-working API impl ([bf91f9f](https://github.com/npm/registry-fetch/commit/bf91f9f)) -* **body:** automatic handling of different opts.body values ([f3b97db](https://github.com/npm/registry-fetch/commit/f3b97db)) -* **config:** nicer input config input handling ([b9ce21d](https://github.com/npm/registry-fetch/commit/b9ce21d)) -* **opts:** use figgy-pudding for opts handling ([0abd527](https://github.com/npm/registry-fetch/commit/0abd527)) -* **query:** add query utility support ([65ea8b1](https://github.com/npm/registry-fetch/commit/65ea8b1)) diff --git a/node_modules/libnpmaccess/node_modules/npm-registry-fetch/LICENSE.md b/node_modules/libnpmaccess/node_modules/npm-registry-fetch/LICENSE.md deleted file mode 100644 index 8d28acf866d93..0000000000000 --- a/node_modules/libnpmaccess/node_modules/npm-registry-fetch/LICENSE.md +++ /dev/null @@ -1,16 +0,0 @@ -ISC License - -Copyright (c) npm, Inc. - -Permission to use, copy, modify, and/or distribute this software for -any purpose with or without fee is hereby granted, provided that the -above copyright notice and this permission notice appear in all copies. - -THE SOFTWARE IS PROVIDED "AS IS" AND THE COPYRIGHT HOLDER DISCLAIMS -ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED -WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE -COPYRIGHT HOLDER BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR -CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS -OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE -OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE -USE OR PERFORMANCE OF THIS SOFTWARE. diff --git a/node_modules/libnpmaccess/node_modules/npm-registry-fetch/README.md b/node_modules/libnpmaccess/node_modules/npm-registry-fetch/README.md deleted file mode 100644 index e660940e30dc4..0000000000000 --- a/node_modules/libnpmaccess/node_modules/npm-registry-fetch/README.md +++ /dev/null @@ -1,635 +0,0 @@ -# npm-registry-fetch - -[![npm version](https://img.shields.io/npm/v/npm-registry-fetch.svg)](https://npm.im/npm-registry-fetch) -[![license](https://img.shields.io/npm/l/npm-registry-fetch.svg)](https://npm.im/npm-registry-fetch) -[![Travis](https://img.shields.io/travis/npm/npm-registry-fetch/latest.svg)](https://travis-ci.org/npm/npm-registry-fetch) -[![AppVeyor](https://img.shields.io/appveyor/ci/npm/npm-registry-fetch/latest.svg)](https://ci.appveyor.com/project/npm/npm-registry-fetch) -[![Coverage Status](https://coveralls.io/repos/github/npm/npm-registry-fetch/badge.svg?branch=latest)](https://coveralls.io/github/npm/npm-registry-fetch?branch=latest) - -[`npm-registry-fetch`](https://github.com/npm/npm-registry-fetch) is a Node.js -library that implements a `fetch`-like API for accessing npm registry APIs -consistently. It's able to consume npm-style configuration values and has all -the necessary logic for picking registries, handling scopes, and dealing with -authentication details built-in. - -This package is meant to replace the older -[`npm-registry-client`](https://npm.im/npm-registry-client). - -## Example - -```javascript -const npmFetch = require('npm-registry-fetch') - -console.log( - await npmFetch.json('/-/ping') -) -``` - -## Table of Contents - -* [Installing](#install) -* [Example](#example) -* [Contributing](#contributing) -* [API](#api) - * [`fetch`](#fetch) - * [`fetch.json`](#fetch-json) - * [`fetch` options](#fetch-opts) - -### Install - -`$ npm install npm-registry-fetch` - -### Contributing - -The npm team enthusiastically welcomes contributions and project participation! -There's a bunch of things you can do if you want to contribute! The [Contributor -Guide](CONTRIBUTING.md) has all the information you need for everything from -reporting bugs to contributing entire new features. Please don't hesitate to -jump in if you'd like to, or even ask us questions if something isn't clear. - -All participants and maintainers in this project are expected to follow [Code of -Conduct](CODE_OF_CONDUCT.md), and just generally be excellent to each other. - -Please refer to the [Changelog](CHANGELOG.md) for project history details, too. - -Happy hacking! - -### API - -#### Caching and `write=true` query strings - -Before performing any PUT or DELETE operation, npm clients first make a -GET request to the registry resource being updated, which includes -the query string `?write=true`. - -The semantics of this are, effectively, "I intend to write to this thing, -and need to know the latest current value, so that my write can land -cleanly". - -The public npm registry handles these `?write=true` requests by ensuring -that the cache is re-validated before sending a response. In order to -maintain the same behavior on the client, and not get tripped up by an -overeager local cache when we intend to write data to the registry, any -request that comes through `npm-registry-fetch` that contains `write=true` -in the query string will forcibly set the `prefer-online` option to `true`, -and set both `prefer-offline` and `offline` to false, so that any local -cached value will be revalidated. - -#### `> fetch(url, [opts]) -> Promise` - -Performs a request to a given URL. - -The URL can be either a full URL, or a path to one. The appropriate registry -will be automatically picked if only a URL path is given. - -For available options, please see the section on [`fetch` options](#fetch-opts). - -##### Example - -```javascript -const res = await fetch('/-/ping') -console.log(res.headers) -res.on('data', d => console.log(d.toString('utf8'))) -``` - -#### `> fetch.json(url, [opts]) -> Promise` - -Performs a request to a given registry URL, parses the body of the response as -JSON, and returns it as its final value. This is a utility shorthand for -`fetch(url).then(res => res.json())`. - -For available options, please see the section on [`fetch` options](#fetch-opts). - -##### Example - -```javascript -const res = await fetch.json('/-/ping') -console.log(res) // Body parsed as JSON -``` - -#### `> fetch.json.stream(url, jsonPath, [opts]) -> Stream` - -Performs a request to a given registry URL and parses the body of the response -as JSON, with each entry being emitted through the stream. - -The `jsonPath` argument is a [`JSONStream.parse()` -path](https://github.com/dominictarr/JSONStream#jsonstreamparsepath), and the -returned stream (unlike default `JSONStream`s), has a valid -`Symbol.asyncIterator` implementation. - -For available options, please see the section on [`fetch` options](#fetch-opts). - -##### Example - -```javascript -console.log('https://npm.im/~zkat has access to the following packages:') -for await (let {key, value} of fetch.json.stream('/-/user/zkat/package', '$*')) { - console.log(`https://npm.im/${key} (perms: ${value})`) -} -``` - -#### `fetch` Options - -Fetch options are optional, and can be passed in as either a Map-like object -(one with a `.get()` method), a plain javascript object, or a -[`figgy-pudding`](https://npm.im/figgy-pudding) instance. - -##### `opts.agent` - -* Type: http.Agent -* Default: an appropriate agent based on URL protocol and proxy settings - -An [`Agent`](https://nodejs.org/api/http.html#http_class_http_agent) instance to -be shared across requests. This allows multiple concurrent `fetch` requests to -happen on the same socket. - -You do _not_ need to provide this option unless you want something particularly -specialized, since proxy configurations and http/https agents are already -automatically managed internally when this option is not passed through. - -##### `opts.body` - -* Type: Buffer | Stream | Object -* Default: null - -Request body to send through the outgoing request. Buffers and Streams will be -passed through as-is, with a default `content-type` of -`application/octet-stream`. Plain JavaScript objects will be `JSON.stringify`ed -and the `content-type` will default to `application/json`. - -Use [`opts.headers`](#opts-headers) to set the content-type to something else. - -##### `opts.ca` - -* Type: String, Array, or null -* Default: null - -The Certificate Authority signing certificate that is trusted for SSL -connections to the registry. Values should be in PEM format (Windows calls it -"Base-64 encoded X.509 (.CER)") with newlines replaced by the string `'\n'`. For -example: - -``` -{ - ca: '-----BEGIN CERTIFICATE-----\nXXXX\nXXXX\n-----END CERTIFICATE-----' -} -``` - -Set to `null` to only allow "known" registrars, or to a specific CA cert -to trust only that specific signing authority. - -Multiple CAs can be trusted by specifying an array of certificates instead of a -single string. - -See also [`opts.strictSSL`](#opts-strictSSL), [`opts.ca`](#opts-ca) and -[`opts.key`](#opts-key) - -##### `opts.cache` - -* Type: path -* Default: null - -The location of the http cache directory. If provided, certain cachable requests -will be cached according to [IETF RFC 7234](https://tools.ietf.org/html/rfc7234) -rules. This will speed up future requests, as well as make the cached data -available offline if necessary/requested. - -See also [`offline`](#opts-offline), [`preferOffline`](#opts-preferOffline), -and [`preferOnline`](#opts-preferOnline). - -##### `opts.cert` - -* Type: String -* Default: null - -A client certificate to pass when accessing the registry. Values should be in -PEM format (Windows calls it "Base-64 encoded X.509 (.CER)") with newlines -replaced by the string `'\n'`. For example: - -``` -{ - cert: '-----BEGIN CERTIFICATE-----\nXXXX\nXXXX\n-----END CERTIFICATE-----' -} -``` - -It is _not_ the path to a certificate file (and there is no "certfile" option). - -See also: [`opts.ca`](#opts-ca) and [`opts.key`](#opts-key) - -##### `opts.fetchRetries` - -* Type: Number -* Default: 2 - -The "retries" config for [`retry`](https://npm.im/retry) to use when fetching -packages from the registry. - -See also [`opts.retry`](#opts-retry) to provide all retry options as a single -object. - -##### `opts.fetchRetryFactor` - -* Type: Number -* Default: 10 - -The "factor" config for [`retry`](https://npm.im/retry) to use when fetching -packages. - -See also [`opts.retry`](#opts-retry) to provide all retry options as a single -object. - -##### `opts.fetchRetryMintimeout` - -* Type: Number -* Default: 10000 (10 seconds) - -The "minTimeout" config for [`retry`](https://npm.im/retry) to use when fetching -packages. - -See also [`opts.retry`](#opts-retry) to provide all retry options as a single -object. - -##### `opts.fetchRetryMaxtimeout` - -* Type: Number -* Default: 60000 (1 minute) - -The "maxTimeout" config for [`retry`](https://npm.im/retry) to use when fetching -packages. - -See also [`opts.retry`](#opts-retry) to provide all retry options as a single -object. - -##### `opts.forceAuth` - -* Type: Object -* Default: null - -If present, other auth-related values in `opts` will be completely ignored, -including `alwaysAuth`, `email`, and `otp`, when calculating auth for a request, -and the auth details in `opts.forceAuth` will be used instead. - -##### `opts.gzip` - -* Type: Boolean -* Default: false - -If true, `npm-registry-fetch` will set the `Content-Encoding` header to `gzip` -and use `zlib.gzip()` or `zlib.createGzip()` to gzip-encode -[`opts.body`](#opts-body). - -##### `opts.headers` - -* Type: Object -* Default: null - -Additional headers for the outgoing request. This option can also be used to -override headers automatically generated by `npm-registry-fetch`, such as -`Content-Type`. - -##### `opts.ignoreBody` - -* Type: Boolean -* Default: false - -If true, the **response body** will be thrown away and `res.body` set to `null`. -This will prevent dangling response sockets for requests where you don't usually -care what the response body is. - -##### `opts.integrity` - -* Type: String | [SRI object](https://npm.im/ssri) -* Default: null - -If provided, the response body's will be verified against this integrity string, -using [`ssri`](https://npm.im/ssri). If verification succeeds, the response will -complete as normal. If verification fails, the response body will error with an -`EINTEGRITY` error. - -Body integrity is only verified if the body is actually consumed to completion -- -that is, if you use `res.json()`/`res.buffer()`, or if you consume the default -`res` stream data to its end. - -Cached data will have its integrity automatically verified using the -previously-generated integrity hash for the saved request information, so -`EINTEGRITY` errors can happen if [`opts.cache`](#opts-cache) is used, even if -`opts.integrity` is not passed in. - -##### `opts.isFromCI` - -* Type: Boolean -* Default: Based on environment variables - -This is used to populate the `npm-in-ci` request header sent to the registry. - -##### `opts.key` - -* Type: String -* Default: null - -A client key to pass when accessing the registry. Values should be in PEM -format with newlines replaced by the string `'\n'`. For example: - -``` -{ - key: '-----BEGIN PRIVATE KEY-----\nXXXX\nXXXX\n-----END PRIVATE KEY-----' -} -``` - -It is _not_ the path to a key file (and there is no "keyfile" option). - -See also: [`opts.ca`](#opts-ca) and [`opts.cert`](#opts-cert) - -##### `opts.localAddress` - -* Type: IP Address String -* Default: null - -The IP address of the local interface to use when making connections -to the registry. - -See also [`opts.proxy`](#opts-proxy) - -##### `opts.log` - -* Type: [`npmlog`](https://npm.im/npmlog)-like -* Default: null - -Logger object to use for logging operation details. Must have the same methods -as `npmlog`. - -##### `opts.mapJSON` - -* Type: Function -* Default: undefined - -When using `fetch.json.stream()` (NOT `fetch.json()`), this will be passed down -to [`JSONStream`](https://npm.im/JSONStream) as the second argument to -`JSONStream.parse`, and can be used to transform stream data before output. - -##### `opts.maxSockets` - -* Type: Integer -* Default: 12 - -Maximum number of sockets to keep open during requests. Has no effect if -[`opts.agent`](#opts-agent) is used. - -##### `opts.method` - -* Type: String -* Default: 'GET' - -HTTP method to use for the outgoing request. Case-insensitive. - -##### `opts.noproxy` - -* Type: Boolean -* Default: process.env.NOPROXY - -If true, proxying will be disabled even if [`opts.proxy`](#opts-proxy) is used. - -##### `opts.npmSession` - -* Type: String -* Default: null - -If provided, will be sent in the `npm-session` header. This header is used by -the npm registry to identify individual user sessions (usually individual -invocations of the CLI). - -##### `opts.npmCommand` - -* Type: String -* Default: null - -If provided, it will be sent in the `npm-command` header. This yeader is -used by the npm registry to identify the npm command that caused this -request to be made. - -##### `opts.offline` - -* Type: Boolean -* Default: false - -Force offline mode: no network requests will be done during install. To allow -`npm-registry-fetch` to fill in missing cache data, see -[`opts.preferOffline`](#opts-preferOffline). - -This option is only really useful if you're also using -[`opts.cache`](#opts-cache). - -This option is set to `true` when the request includes `write=true` in the -query string. - -##### `opts.otp` - -* Type: Number | String -* Default: null - -This is a one-time password from a two-factor authenticator. It is required for -certain registry interactions when two-factor auth is enabled for a user -account. - -##### `opts.password` - -* Alias: `_password` -* Type: String -* Default: null - -Password used for basic authentication. For the more modern authentication -method, please use the (more secure) [`opts.token`](#opts-token) - -Can optionally be scoped to a registry by using a "nerf dart" for that registry. -That is: - -``` -{ - '//registry.npmjs.org/:password': 't0k3nH34r' -} -``` - -See also [`opts.username`](#opts-username) - -##### `opts.preferOffline` - -* Type: Boolean -* Default: false - -If true, staleness checks for cached data will be bypassed, but missing data -will be requested from the server. To force full offline mode, use -[`opts.offline`](#opts-offline). - -This option is generally only useful if you're also using -[`opts.cache`](#opts-cache). - -This option is set to `false` when the request includes `write=true` in the -query string. - -##### `opts.preferOnline` - -* Type: Boolean -* Default: false - -If true, staleness checks for cached data will be forced, making the CLI look -for updates immediately even for fresh package data. - -This option is generally only useful if you're also using -[`opts.cache`](#opts-cache). - -This option is set to `true` when the request includes `write=true` in the -query string. - -##### `opts.projectScope` - -* Type: String -* Default: null - -If provided, will be sent in the `npm-scope` header. This header is used by the -npm registry to identify the toplevel package scope that a particular project -installation is using. - -##### `opts.proxy` - -* Type: url -* Default: null - -A proxy to use for outgoing http requests. If not passed in, the `HTTP(S)_PROXY` -environment variable will be used. - -##### `opts.query` - -* Type: String | Object -* Default: null - -If provided, the request URI will have a query string appended to it using this -query. If `opts.query` is an object, it will be converted to a query string -using -[`querystring.stringify()`](https://nodejs.org/api/querystring.html#querystring_querystring_stringify_obj_sep_eq_options). - -If the request URI already has a query string, it will be merged with -`opts.query`, preferring `opts.query` values. - -##### `opts.registry` - -* Type: URL -* Default: `'https://registry.npmjs.org'` - -Registry configuration for a request. If a request URL only includes the URL -path, this registry setting will be prepended. This configuration is also used -to determine authentication details, so even if the request URL references a -completely different host, `opts.registry` will be used to find the auth details -for that request. - -See also [`opts.scope`](#opts-scope), [`opts.spec`](#opts-spec), and -[`opts.:registry`](#opts-scope-registry) which can all affect the actual -registry URL used by the outgoing request. - -##### `opts.retry` - -* Type: Object -* Default: null - -Single-object configuration for request retry settings. If passed in, will -override individually-passed `fetch-retry-*` settings. - -##### `opts.scope` - -* Type: String -* Default: null - -Associate an operation with a scope for a scoped registry. This option can force -lookup of scope-specific registries and authentication. - -See also [`opts.:registry`](#opts-scope-registry) and -[`opts.spec`](#opts-spec) for interactions with this option. - -##### `opts.:registry` - -* Type: String -* Default: null - -This option type can be used to configure the registry used for requests -involving a particular scope. For example, `opts['@myscope:registry'] = -'https://scope-specific.registry/'` will make it so requests go out to this -registry instead of [`opts.registry`](#opts-registry) when -[`opts.scope`](#opts-scope) is used, or when [`opts.spec`](#opts-spec) is a -scoped package spec. - -The `@` before the scope name is optional, but recommended. - -##### `opts.spec` - -* Type: String | [`npm-registry-arg`](https://npm.im/npm-registry-arg) object. -* Default: null - -If provided, can be used to automatically configure [`opts.scope`](#opts-scope) -based on a specific package name. Non-registry package specs will throw an -error. - -##### `opts.strictSSL` - -* Type: Boolean -* Default: true - -Whether or not to do SSL key validation when making requests to the -registry via https. - -See also [`opts.ca`](#opts-ca). - -##### `opts.timeout` - -* Type: Milliseconds -* Default: 300000 (5 minutes) - -Time before a hanging request times out. - -##### `opts.token` - -* Alias: `opts._authToken` -* Type: String -* Default: null - -Authentication token string. - -Can be scoped to a registry by using a "nerf dart" for that registry. That is: - -``` -{ - '//registry.npmjs.org/:token': 't0k3nH34r' -} -``` - -##### `opts.userAgent` - -* Type: String -* Default: `'npm-registry-fetch@/node@+ ()'` - -User agent string to send in the `User-Agent` header. - -##### `opts.username` - -* Type: String -* Default: null - -Username used for basic authentication. For the more modern authentication -method, please use the (more secure) [`opts.token`](#opts-token) - -Can optionally be scoped to a registry by using a "nerf dart" for that registry. -That is: - -``` -{ - '//registry.npmjs.org/:username': 't0k3nH34r' -} -``` - -See also [`opts.password`](#opts-password) - -##### `opts._auth` - -* Type: String -* Default: null - -** DEPRECATED ** This is a legacy authentication token supported only for -compatibility. Please use [`opts.token`](#opts-token) instead. diff --git a/node_modules/libnpmaccess/node_modules/npm-registry-fetch/auth.js b/node_modules/libnpmaccess/node_modules/npm-registry-fetch/auth.js deleted file mode 100644 index 11c3bde6b4e6c..0000000000000 --- a/node_modules/libnpmaccess/node_modules/npm-registry-fetch/auth.js +++ /dev/null @@ -1,55 +0,0 @@ -'use strict' - -const defaultOpts = require('./default-opts.js') -const url = require('url') - -module.exports = getAuth -function getAuth (registry, opts_ = {}) { - if (!registry) { throw new Error('registry is required') } - const opts = opts_.forceAuth ? opts_.forceAuth : { ...defaultOpts, ...opts_ } - const AUTH = {} - const regKey = registry && registryKey(registry) - const doKey = (key, alias) => addKey(opts, AUTH, regKey, key, alias) - doKey('token') - doKey('_authToken', 'token') - doKey('username') - doKey('password') - doKey('_password', 'password') - doKey('email') - doKey('_auth') - doKey('otp') - doKey('always-auth', 'alwaysAuth') - if (AUTH.password) { - AUTH.password = Buffer.from(AUTH.password, 'base64').toString('utf8') - } - if (AUTH._auth && !(AUTH.username && AUTH.password)) { - let auth = Buffer.from(AUTH._auth, 'base64').toString() - auth = auth.split(':') - AUTH.username = auth.shift() - AUTH.password = auth.join(':') - } - AUTH.alwaysAuth = AUTH.alwaysAuth === 'false' ? false : !!AUTH.alwaysAuth - return AUTH -} - -function addKey (opts, obj, scope, key, objKey) { - if (opts[key]) { - obj[objKey || key] = opts[key] - } - if (scope && opts[`${scope}:${key}`]) { - obj[objKey || key] = opts[`${scope}:${key}`] - } -} - -// Called a nerf dart in the main codebase. Used as a "safe" -// key when fetching registry info from config. -function registryKey (registry) { - const parsed = new url.URL(registry) - const formatted = url.format({ - protocol: parsed.protocol, - host: parsed.host, - pathname: parsed.pathname, - slashes: true - }) - return url.format(new url.URL('.', formatted)).replace(/^[^:]+:/, '') -} diff --git a/node_modules/libnpmaccess/node_modules/npm-registry-fetch/check-response.js b/node_modules/libnpmaccess/node_modules/npm-registry-fetch/check-response.js deleted file mode 100644 index f151711f30160..0000000000000 --- a/node_modules/libnpmaccess/node_modules/npm-registry-fetch/check-response.js +++ /dev/null @@ -1,128 +0,0 @@ -'use strict' - -const errors = require('./errors.js') -const LRU = require('lru-cache') -const { Response } = require('minipass-fetch') -const defaultOpts = require('./default-opts.js') - -module.exports = checkResponse -function checkResponse (method, res, registry, startTime, opts_ = {}) { - const opts = { ...defaultOpts, ...opts_ } - if (res.headers.has('npm-notice') && !res.headers.has('x-local-cache')) { - opts.log.notice('', res.headers.get('npm-notice')) - } - checkWarnings(res, registry, opts) - if (res.status >= 400) { - logRequest(method, res, startTime, opts) - return checkErrors(method, res, startTime, opts) - } else { - res.body.on('end', () => logRequest(method, res, startTime, opts)) - if (opts.ignoreBody) { - res.body.resume() - return new Response(null, res) - } - return res - } -} - -function logRequest (method, res, startTime, opts) { - const elapsedTime = Date.now() - startTime - const attempt = res.headers.get('x-fetch-attempts') - const attemptStr = attempt && attempt > 1 ? ` attempt #${attempt}` : '' - const cacheStr = res.headers.get('x-local-cache') ? ' (from cache)' : '' - - let urlStr - try { - const { URL } = require('url') - const url = new URL(res.url) - if (url.password) { - url.password = '***' - } - urlStr = url.toString() - } catch (er) { - urlStr = res.url - } - - opts.log.http( - 'fetch', - `${method.toUpperCase()} ${res.status} ${urlStr} ${elapsedTime}ms${attemptStr}${cacheStr}` - ) -} - -const WARNING_REGEXP = /^\s*(\d{3})\s+(\S+)\s+"(.*)"\s+"([^"]+)"/ -const BAD_HOSTS = new LRU({ max: 50 }) - -function checkWarnings (res, registry, opts) { - if (res.headers.has('warning') && !BAD_HOSTS.has(registry)) { - const warnings = {} - // note: headers.raw() will preserve case, so we might have a - // key on the object like 'WaRnInG' if that was used first - for (const [key, value] of Object.entries(res.headers.raw())) { - if (key.toLowerCase() !== 'warning') { continue } - value.forEach(w => { - const match = w.match(WARNING_REGEXP) - if (match) { - warnings[match[1]] = { - code: match[1], - host: match[2], - message: match[3], - date: new Date(match[4]) - } - } - }) - } - BAD_HOSTS.set(registry, true) - if (warnings['199']) { - if (warnings['199'].message.match(/ENOTFOUND/)) { - opts.log.warn('registry', `Using stale data from ${registry} because the host is inaccessible -- are you offline?`) - } else { - opts.log.warn('registry', `Unexpected warning for ${registry}: ${warnings['199'].message}`) - } - } - if (warnings['111']) { - // 111 Revalidation failed -- we're using stale data - opts.log.warn( - 'registry', - `Using stale data from ${registry} due to a request error during revalidation.` - ) - } - } -} - -function checkErrors (method, res, startTime, opts) { - return res.buffer() - .catch(() => null) - .then(body => { - let parsed = body - try { - parsed = JSON.parse(body.toString('utf8')) - } catch (e) {} - if (res.status === 401 && res.headers.get('www-authenticate')) { - const auth = res.headers.get('www-authenticate') - .split(/,\s*/) - .map(s => s.toLowerCase()) - if (auth.indexOf('ipaddress') !== -1) { - throw new errors.HttpErrorAuthIPAddress( - method, res, parsed, opts.spec - ) - } else if (auth.indexOf('otp') !== -1) { - throw new errors.HttpErrorAuthOTP( - method, res, parsed, opts.spec - ) - } else { - throw new errors.HttpErrorAuthUnknown( - method, res, parsed, opts.spec - ) - } - } else if (res.status === 401 && body != null && /one-time pass/.test(body.toString('utf8'))) { - // Heuristic for malformed OTP responses that don't include the www-authenticate header. - throw new errors.HttpErrorAuthOTP( - method, res, parsed, opts.spec - ) - } else { - throw new errors.HttpErrorGeneral( - method, res, parsed, opts.spec - ) - } - }) -} diff --git a/node_modules/libnpmaccess/node_modules/npm-registry-fetch/default-opts.js b/node_modules/libnpmaccess/node_modules/npm-registry-fetch/default-opts.js deleted file mode 100644 index b742fd5a5fcd4..0000000000000 --- a/node_modules/libnpmaccess/node_modules/npm-registry-fetch/default-opts.js +++ /dev/null @@ -1,22 +0,0 @@ -const pkg = require('./package.json') -const ciDetect = require('@npmcli/ci-detect') -module.exports = { - isFromCI: ciDetect(), - log: require('./silentlog.js'), - maxSockets: 12, - method: 'GET', - registry: 'https://registry.npmjs.org/', - timeout: 5 * 60 * 1000, // 5 minutes - strictSSL: true, - noProxy: process.env.NOPROXY, - userAgent: `${pkg.name - }@${ - pkg.version - }/node@${ - process.version - }+${ - process.arch - } (${ - process.platform - })` -} diff --git a/node_modules/libnpmaccess/node_modules/npm-registry-fetch/errors.js b/node_modules/libnpmaccess/node_modules/npm-registry-fetch/errors.js deleted file mode 100644 index c41947e29952d..0000000000000 --- a/node_modules/libnpmaccess/node_modules/npm-registry-fetch/errors.js +++ /dev/null @@ -1,79 +0,0 @@ -'use strict' - -const url = require('url') - -function packageName (href) { - try { - let basePath = new url.URL(href).pathname.substr(1) - if (!basePath.match(/^-/)) { - basePath = basePath.split('/') - var index = basePath.indexOf('_rewrite') - if (index === -1) { - index = basePath.length - 1 - } else { - index++ - } - return decodeURIComponent(basePath[index]) - } - } catch (_) { - // this is ok - } -} - -class HttpErrorBase extends Error { - constructor (method, res, body, spec) { - super() - this.headers = res.headers.raw() - this.statusCode = res.status - this.code = `E${res.status}` - this.method = method - this.uri = res.url - this.body = body - this.pkgid = spec ? spec.toString() : packageName(res.url) - } -} -module.exports.HttpErrorBase = HttpErrorBase - -class HttpErrorGeneral extends HttpErrorBase { - constructor (method, res, body, spec) { - super(method, res, body, spec) - this.message = `${res.status} ${res.statusText} - ${ - this.method.toUpperCase() - } ${ - this.spec || this.uri - }${ - (body && body.error) ? ' - ' + body.error : '' - }` - Error.captureStackTrace(this, HttpErrorGeneral) - } -} -module.exports.HttpErrorGeneral = HttpErrorGeneral - -class HttpErrorAuthOTP extends HttpErrorBase { - constructor (method, res, body, spec) { - super(method, res, body, spec) - this.message = 'OTP required for authentication' - this.code = 'EOTP' - Error.captureStackTrace(this, HttpErrorAuthOTP) - } -} -module.exports.HttpErrorAuthOTP = HttpErrorAuthOTP - -class HttpErrorAuthIPAddress extends HttpErrorBase { - constructor (method, res, body, spec) { - super(method, res, body, spec) - this.message = 'Login is not allowed from your IP address' - this.code = 'EAUTHIP' - Error.captureStackTrace(this, HttpErrorAuthIPAddress) - } -} -module.exports.HttpErrorAuthIPAddress = HttpErrorAuthIPAddress - -class HttpErrorAuthUnknown extends HttpErrorBase { - constructor (method, res, body, spec) { - super(method, res, body, spec) - this.message = 'Unable to authenticate, need: ' + res.headers.get('www-authenticate') - Error.captureStackTrace(this, HttpErrorAuthUnknown) - } -} -module.exports.HttpErrorAuthUnknown = HttpErrorAuthUnknown diff --git a/node_modules/libnpmaccess/node_modules/npm-registry-fetch/index.js b/node_modules/libnpmaccess/node_modules/npm-registry-fetch/index.js deleted file mode 100644 index 2324e7fbfd00b..0000000000000 --- a/node_modules/libnpmaccess/node_modules/npm-registry-fetch/index.js +++ /dev/null @@ -1,219 +0,0 @@ -'use strict' - -const checkResponse = require('./check-response.js') -const getAuth = require('./auth.js') -const fetch = require('make-fetch-happen') -const JSONStream = require('minipass-json-stream') -const npa = require('npm-package-arg') -const qs = require('querystring') -const url = require('url') -const zlib = require('minizlib') -const Minipass = require('minipass') - -const defaultOpts = require('./default-opts.js') - -// WhatWG URL throws if it's not fully resolved -const urlIsValid = u => { - try { - return !!new url.URL(u) - } catch (_) { - return false - } -} - -module.exports = regFetch -function regFetch (uri, /* istanbul ignore next */ opts_ = {}) { - const opts = { - ...defaultOpts, - ...opts_ - } - const registry = opts.registry = ( - (opts.spec && pickRegistry(opts.spec, opts)) || - (opts.publishConfig && opts.publishConfig.registry) || - opts.registry || - /* istanbul ignore next */ - 'https://registry.npmjs.org/' - ) - - if (!urlIsValid(uri)) { - uri = `${ - registry.trim().replace(/\/?$/g, '') - }/${ - uri.trim().replace(/^\//, '') - }` - } - - const method = opts.method || 'GET' - - // through that takes into account the scope, the prefix of `uri`, etc - const startTime = Date.now() - const headers = getHeaders(registry, uri, opts) - let body = opts.body - const bodyIsStream = Minipass.isStream(body) - const bodyIsPromise = body && - typeof body === 'object' && - typeof body.then === 'function' - - if (body && !bodyIsStream && !bodyIsPromise && typeof body !== 'string' && !Buffer.isBuffer(body)) { - headers['content-type'] = headers['content-type'] || 'application/json' - body = JSON.stringify(body) - } else if (body && !headers['content-type']) { - headers['content-type'] = 'application/octet-stream' - } - - if (opts.gzip) { - headers['content-encoding'] = 'gzip' - if (bodyIsStream) { - const gz = new zlib.Gzip() - body.on('error', /* istanbul ignore next: unlikely and hard to test */ - err => gz.emit('error', err)) - body = body.pipe(gz) - } else if (!bodyIsPromise) { - body = new zlib.Gzip().end(body).concat() - } - } - - const parsed = new url.URL(uri) - - if (opts.query) { - const q = typeof opts.query === 'string' - ? qs.parse(opts.query) - : opts.query - - Object.keys(q).forEach(key => { - if (q[key] !== undefined) { - parsed.searchParams.set(key, q[key]) - } - }) - uri = url.format(parsed) - } - - if (parsed.searchParams.get('write') === 'true' && method === 'GET') { - // do not cache, because this GET is fetching a rev that will be - // used for a subsequent PUT or DELETE, so we need to conditionally - // update cache. - opts.offline = false - opts.preferOffline = false - opts.preferOnline = true - } - - const doFetch = (body) => fetch(uri, { - agent: opts.agent, - algorithms: opts.algorithms, - body, - cache: getCacheMode(opts), - cacheManager: opts.cache, - ca: opts.ca, - cert: opts.cert, - headers, - integrity: opts.integrity, - key: opts.key, - localAddress: opts.localAddress, - maxSockets: opts.maxSockets, - memoize: opts.memoize, - method: method, - noProxy: opts.noProxy, - proxy: opts.httpsProxy || opts.proxy, - retry: opts.retry ? opts.retry : { - retries: opts.fetchRetries, - factor: opts.fetchRetryFactor, - minTimeout: opts.fetchRetryMintimeout, - maxTimeout: opts.fetchRetryMaxtimeout - }, - strictSSL: opts.strictSSL, - timeout: opts.timeout || 30 * 1000 - }).then(res => checkResponse( - method, res, registry, startTime, opts - )) - - return Promise.resolve(body).then(doFetch) -} - -module.exports.json = fetchJSON -function fetchJSON (uri, opts) { - return regFetch(uri, opts).then(res => res.json()) -} - -module.exports.json.stream = fetchJSONStream -function fetchJSONStream (uri, jsonPath, /* istanbul ignore next */ opts_ = {}) { - const opts = { ...defaultOpts, ...opts_ } - const parser = JSONStream.parse(jsonPath, opts.mapJSON) - regFetch(uri, opts).then(res => - res.body.on('error', - /* istanbul ignore next: unlikely and difficult to test */ - er => parser.emit('error', er)).pipe(parser) - ).catch(er => parser.emit('error', er)) - return parser -} - -module.exports.pickRegistry = pickRegistry -function pickRegistry (spec, opts = {}) { - spec = npa(spec) - let registry = spec.scope && - opts[spec.scope.replace(/^@?/, '@') + ':registry'] - - if (!registry && opts.scope) { - registry = opts[opts.scope.replace(/^@?/, '@') + ':registry'] - } - - if (!registry && opts.publishConfig) { - registry = opts.publishConfig.registry - } - - if (!registry) { - registry = opts.registry || 'https://registry.npmjs.org/' - } - - return registry -} - -function getCacheMode (opts) { - return opts.offline - ? 'only-if-cached' - : opts.preferOffline - ? 'force-cache' - : opts.preferOnline - ? 'no-cache' - : 'default' -} - -function getHeaders (registry, uri, opts) { - const headers = Object.assign({ - 'npm-in-ci': !!opts.isFromCI, - 'user-agent': opts.userAgent - }, opts.headers || {}) - - if (opts.projectScope) { - headers['npm-scope'] = opts.projectScope - } - - if (opts.npmSession) { - headers['npm-session'] = opts.npmSession - } - - if (opts.npmCommand) { - headers['npm-command'] = opts.npmCommand - } - - const auth = getAuth(registry, opts) - // If a tarball is hosted on a different place than the manifest, only send - // credentials on `alwaysAuth` - const shouldAuth = ( - auth.alwaysAuth || - new url.URL(uri).host === new url.URL(registry).host - ) - if (shouldAuth && auth.token) { - headers.authorization = `Bearer ${auth.token}` - } else if (shouldAuth && auth.username && auth.password) { - const encoded = Buffer.from( - `${auth.username}:${auth.password}`, 'utf8' - ).toString('base64') - headers.authorization = `Basic ${encoded}` - } else if (shouldAuth && auth._auth) { - headers.authorization = `Basic ${auth._auth}` - } - if (shouldAuth && auth.otp) { - headers['npm-otp'] = auth.otp - } - return headers -} diff --git a/node_modules/libnpmaccess/node_modules/npm-registry-fetch/package.json b/node_modules/libnpmaccess/node_modules/npm-registry-fetch/package.json deleted file mode 100644 index 5aeddc5b39102..0000000000000 --- a/node_modules/libnpmaccess/node_modules/npm-registry-fetch/package.json +++ /dev/null @@ -1,59 +0,0 @@ -{ - "name": "npm-registry-fetch", - "version": "8.1.5", - "description": "Fetch-based http client for use with npm registry APIs", - "main": "index.js", - "files": [ - "*.js", - "lib" - ], - "scripts": { - "postrelease": "npm publish", - "posttest": "standard", - "prepublishOnly": "git push --follow-tags", - "prerelease": "npm t", - "release": "standard-version -s", - "test": "tap" - }, - "repository": "https://github.com/npm/registry-fetch", - "keywords": [ - "npm", - "registry", - "fetch" - ], - "author": { - "name": "Kat Marchán", - "email": "kzm@sykosomatic.org", - "twitter": "maybekatz" - }, - "license": "ISC", - "dependencies": { - "@npmcli/ci-detect": "^1.0.0", - "lru-cache": "^6.0.0", - "make-fetch-happen": "^8.0.9", - "minipass": "^3.1.3", - "minipass-fetch": "^1.3.0", - "minipass-json-stream": "^1.0.1", - "minizlib": "^2.0.0", - "npm-package-arg": "^8.0.0" - }, - "devDependencies": { - "cacache": "^15.0.0", - "mkdirp": "^0.5.1", - "nock": "^11.7.0", - "npmlog": "^4.1.2", - "require-inject": "^1.4.4", - "rimraf": "^2.6.2", - "ssri": "^8.0.0", - "standard": "^14.3.3", - "standard-version": "^7.1.0", - "tap": "^14.10.7" - }, - "tap": { - "check-coverage": true, - "test-ignore": "test[\\\\/](util|cache)[\\\\/]" - }, - "engines": { - "node": ">=10" - } -} diff --git a/node_modules/libnpmaccess/node_modules/npm-registry-fetch/silentlog.js b/node_modules/libnpmaccess/node_modules/npm-registry-fetch/silentlog.js deleted file mode 100644 index 886c5d55b2dbb..0000000000000 --- a/node_modules/libnpmaccess/node_modules/npm-registry-fetch/silentlog.js +++ /dev/null @@ -1,14 +0,0 @@ -'use strict' - -const noop = Function.prototype -module.exports = { - error: noop, - warn: noop, - notice: noop, - info: noop, - verbose: noop, - silly: noop, - http: noop, - pause: noop, - resume: noop -} diff --git a/node_modules/libnpmaccess/package.json b/node_modules/libnpmaccess/package.json index a727e18721474..2b522e090a89b 100644 --- a/node_modules/libnpmaccess/package.json +++ b/node_modules/libnpmaccess/package.json @@ -1,6 +1,6 @@ { "name": "libnpmaccess", - "version": "4.0.0", + "version": "4.0.1", "description": "programmatic library for `npm access` commands", "author": "Kat Marchán ", "license": "ISC", @@ -26,7 +26,7 @@ "aproba": "^2.0.0", "minipass": "^3.1.1", "npm-package-arg": "^8.0.0", - "npm-registry-fetch": "^8.0.0" + "npm-registry-fetch": "^9.0.0" }, "engines": { "node": ">=10" diff --git a/package-lock.json b/package-lock.json index dd2887b197da1..fa97a161b4e28 100644 --- a/package-lock.json +++ b/package-lock.json @@ -104,7 +104,7 @@ "init-package-json": "^2.0.1", "is-cidr": "^4.0.2", "leven": "^3.1.0", - "libnpmaccess": "^4.0.0", + "libnpmaccess": "^4.0.1", "libnpmfund": "^1.0.1", "libnpmhook": "^6.0.1", "libnpmorg": "^2.0.1", @@ -3691,33 +3691,15 @@ } }, "node_modules/libnpmaccess": { - "version": "4.0.0", + "version": "4.0.1", + "resolved": "https://registry.npmjs.org/libnpmaccess/-/libnpmaccess-4.0.1.tgz", + "integrity": "sha512-ZiAgvfUbvmkHoMTzdwmNWCrQRsDkOC+aM5BDfO0C9aOSwF3R1LdFDBD+Rer1KWtsoQYO35nXgmMR7OUHpDRxyA==", "inBundle": true, - "license": "ISC", "dependencies": { "aproba": "^2.0.0", "minipass": "^3.1.1", "npm-package-arg": "^8.0.0", - "npm-registry-fetch": "^8.0.0" - }, - "engines": { - "node": ">=10" - } - }, - "node_modules/libnpmaccess/node_modules/npm-registry-fetch": { - "version": "8.1.5", - "resolved": "https://registry.npmjs.org/npm-registry-fetch/-/npm-registry-fetch-8.1.5.tgz", - "integrity": "sha512-yZPNoJK9clx1jhSXU54kU6Aj1SV2p7mXUs1W/6OjQvek3wb1RrjDCrt4iY1+VX9eBQvvSGEpzNmYkRUaTL8rqg==", - "inBundle": true, - "dependencies": { - "@npmcli/ci-detect": "^1.0.0", - "lru-cache": "^6.0.0", - "make-fetch-happen": "^8.0.9", - "minipass": "^3.1.3", - "minipass-fetch": "^1.3.0", - "minipass-json-stream": "^1.0.1", - "minizlib": "^2.0.0", - "npm-package-arg": "^8.0.0" + "npm-registry-fetch": "^9.0.0" }, "engines": { "node": ">=10" @@ -11445,29 +11427,14 @@ } }, "libnpmaccess": { - "version": "4.0.0", + "version": "4.0.1", + "resolved": "https://registry.npmjs.org/libnpmaccess/-/libnpmaccess-4.0.1.tgz", + "integrity": "sha512-ZiAgvfUbvmkHoMTzdwmNWCrQRsDkOC+aM5BDfO0C9aOSwF3R1LdFDBD+Rer1KWtsoQYO35nXgmMR7OUHpDRxyA==", "requires": { "aproba": "^2.0.0", "minipass": "^3.1.1", "npm-package-arg": "^8.0.0", - "npm-registry-fetch": "^8.0.0" - }, - "dependencies": { - "npm-registry-fetch": { - "version": "8.1.5", - "resolved": "https://registry.npmjs.org/npm-registry-fetch/-/npm-registry-fetch-8.1.5.tgz", - "integrity": "sha512-yZPNoJK9clx1jhSXU54kU6Aj1SV2p7mXUs1W/6OjQvek3wb1RrjDCrt4iY1+VX9eBQvvSGEpzNmYkRUaTL8rqg==", - "requires": { - "@npmcli/ci-detect": "^1.0.0", - "lru-cache": "^6.0.0", - "make-fetch-happen": "^8.0.9", - "minipass": "^3.1.3", - "minipass-fetch": "^1.3.0", - "minipass-json-stream": "^1.0.1", - "minizlib": "^2.0.0", - "npm-package-arg": "^8.0.0" - } - } + "npm-registry-fetch": "^9.0.0" } }, "libnpmfund": { diff --git a/package.json b/package.json index 117bbb8f35f4c..5e0d71cd73cb5 100644 --- a/package.json +++ b/package.json @@ -68,7 +68,7 @@ "init-package-json": "^2.0.1", "is-cidr": "^4.0.2", "leven": "^3.1.0", - "libnpmaccess": "^4.0.0", + "libnpmaccess": "^4.0.1", "libnpmfund": "^1.0.1", "libnpmhook": "^6.0.1", "libnpmorg": "^2.0.1", From fc76f3d9fcf19e65a9373ab3d9068c4326d2f782 Mon Sep 17 00:00:00 2001 From: isaacs Date: Tue, 3 Nov 2020 13:22:45 -0800 Subject: [PATCH 15/21] @npmcli/arborist@1.0.8 --- .../arborist/lib/arborist/build-ideal-tree.js | 34 ++++++++++++++++--- node_modules/@npmcli/arborist/lib/node.js | 9 ++++- node_modules/@npmcli/arborist/package.json | 2 +- package-lock.json | 14 ++++---- package.json | 2 +- 5 files changed, 46 insertions(+), 15 deletions(-) diff --git a/node_modules/@npmcli/arborist/lib/arborist/build-ideal-tree.js b/node_modules/@npmcli/arborist/lib/arborist/build-ideal-tree.js index 23497827a7749..54a6ff33751a1 100644 --- a/node_modules/@npmcli/arborist/lib/arborist/build-ideal-tree.js +++ b/node_modules/@npmcli/arborist/lib/arborist/build-ideal-tree.js @@ -759,6 +759,11 @@ This is a one-time fix-up, please be patient... // be forced to agree on a version of z. const dep = vrDep && vrDep.satisfies(edge) ? vrDep : await this[_nodeFromEdge](edge, edge.peer ? virtualRoot : null) + /* istanbul ignore next */ + debug(() => { + if (!dep) + throw new Error('no dep??') + }) tasks.push({edge, dep}) } @@ -1055,13 +1060,18 @@ This is a one-time fix-up, please be patient... // top nodes should still get peer deps from their fsParent if possible, // and only install locally if there's no other option, eg for a link // outside of the project root, or for a conflicted dep. - const start = edge.peer && !node.isRoot - ? node.resolveParent || node + const start = edge.peer && !node.isRoot ? node.resolveParent || node : node let target let canPlace = null for (let check = start; check; check = check.resolveParent) { + // if the current location has a peerDep on it, then we can't place here + // this is pretty rare to hit, since we always prefer deduping peers. + const checkEdge = check.edgesOut.get(edge.name) + if (!check.isTop && checkEdge && checkEdge.peer) + continue + const cp = this[_canPlaceDep](dep, check, edge, peerEntryEdge, peerPath) // anything other than a conflict is fine to proceed with @@ -1210,9 +1220,15 @@ This is a one-time fix-up, please be patient... // otherwise they'd be gone and the peer set would change throughout // this loop. for (const peerEdge of newDep.edgesOut.values()) { - if (!peerEdge.peer || peerEdge.valid) - continue const peer = virtualRoot.children.get(peerEdge.name) + + // Note: if the virtualRoot *doesn't* have the peer, then that means + // it's an optional peer dep. If it's not being properly met (ie, + // peerEdge.valid is false), that this is likely heading for an + // ERESOLVE error, unless it can walk further up the tree. + if (!peerEdge.peer || peerEdge.valid || !peer) + continue + const peerPlaced = this[_placeDep]( peer, newDep, peerEdge, peerEntryEdge || edge, peerPath) placed.push(...peerPlaced) @@ -1264,6 +1280,11 @@ This is a one-time fix-up, please be patient... // When we check peers, we pass along the peerEntryEdge to track the // original edge that caused us to load the family of peer dependencies. [_canPlaceDep] (dep, target, edge, peerEntryEdge = null, peerPath = []) { + /* istanbul ignore next */ + debug(() => { + if (!dep) + throw new Error('no dep??') + }) const entryEdge = peerEntryEdge || edge const source = this[_peerSetSource].get(dep) const isSource = target === source @@ -1308,7 +1329,10 @@ This is a one-time fix-up, please be patient... return KEEP // if we prefer deduping, then try replacing newer with older - if (this[_preferDedupe] && !tryReplace && dep.canReplace(current)) { + // we always prefer to dedupe peers, because they are trying + // a bit harder to be singletons. + const preferDedupe = this[_preferDedupe] || edge.peer + if (preferDedupe && !tryReplace && dep.canReplace(current)) { const res = this[_canPlacePeers](dep, target, edge, REPLACE, peerEntryEdge, peerPath) /* istanbul ignore else - It's extremely rare that a replaceable * node would be a conflict, if the current one wasn't a conflict, diff --git a/node_modules/@npmcli/arborist/lib/node.js b/node_modules/@npmcli/arborist/lib/node.js index cc3a7ec5ef709..a783ce9c97572 100644 --- a/node_modules/@npmcli/arborist/lib/node.js +++ b/node_modules/@npmcli/arborist/lib/node.js @@ -175,7 +175,7 @@ class Node { // have to set the internal package ref before assigning the parent, // because this.package is read when adding to inventory - this[_package] = pkg + this[_package] = pkg && typeof pkg === 'object' ? pkg : {} // only relevant for the root and top nodes this.meta = meta @@ -307,6 +307,13 @@ class Node { edge.detach() this[_explanation] = null + /* istanbul ignore next - should be impossible */ + if (!pkg || typeof pkg !== 'object') { + debug(() => { + throw new Error('setting Node.package to non-object') + }) + pkg = {} + } this[_package] = pkg this[_loadWorkspaces]() this[_loadDeps]() diff --git a/node_modules/@npmcli/arborist/package.json b/node_modules/@npmcli/arborist/package.json index 73c6ce58d2839..fe72f409c4a45 100644 --- a/node_modules/@npmcli/arborist/package.json +++ b/node_modules/@npmcli/arborist/package.json @@ -1,6 +1,6 @@ { "name": "@npmcli/arborist", - "version": "1.0.6", + "version": "1.0.8", "description": "Manage node_modules trees", "dependencies": { "@npmcli/installed-package-contents": "^1.0.5", diff --git a/package-lock.json b/package-lock.json index fa97a161b4e28..456f21ef4a3b9 100644 --- a/package-lock.json +++ b/package-lock.json @@ -78,7 +78,7 @@ ], "license": "Artistic-2.0", "dependencies": { - "@npmcli/arborist": "^1.0.6", + "@npmcli/arborist": "^1.0.8", "@npmcli/ci-detect": "^1.2.0", "@npmcli/config": "^1.2.1", "@npmcli/run-script": "^1.7.4", @@ -386,9 +386,9 @@ } }, "node_modules/@npmcli/arborist": { - "version": "1.0.6", - "resolved": "https://registry.npmjs.org/@npmcli/arborist/-/arborist-1.0.6.tgz", - "integrity": "sha512-Hj5QxT1/BIU5HMb3sSOCV81trhc6sqT1FaCdXPM+YjZPLpQsO3UFKWAGuDknDcNyx1mVT0IA1nlmrjhGGXDDtQ==", + "version": "1.0.8", + "resolved": "https://registry.npmjs.org/@npmcli/arborist/-/arborist-1.0.8.tgz", + "integrity": "sha512-LAopKkhAnBr6/cbIpH9VeNS4yLWMFf6AFKC7x3XHvNFDMy8cmvEjWtjcpV8ACjPPm4UbjIzQ/n4qrxaA0ZyBDA==", "inBundle": true, "dependencies": { "@npmcli/installed-package-contents": "^1.0.5", @@ -9065,9 +9065,9 @@ } }, "@npmcli/arborist": { - "version": "1.0.6", - "resolved": "https://registry.npmjs.org/@npmcli/arborist/-/arborist-1.0.6.tgz", - "integrity": "sha512-Hj5QxT1/BIU5HMb3sSOCV81trhc6sqT1FaCdXPM+YjZPLpQsO3UFKWAGuDknDcNyx1mVT0IA1nlmrjhGGXDDtQ==", + "version": "1.0.8", + "resolved": "https://registry.npmjs.org/@npmcli/arborist/-/arborist-1.0.8.tgz", + "integrity": "sha512-LAopKkhAnBr6/cbIpH9VeNS4yLWMFf6AFKC7x3XHvNFDMy8cmvEjWtjcpV8ACjPPm4UbjIzQ/n4qrxaA0ZyBDA==", "requires": { "@npmcli/installed-package-contents": "^1.0.5", "@npmcli/map-workspaces": "^1.0.1", diff --git a/package.json b/package.json index 5e0d71cd73cb5..cf1278af12694 100644 --- a/package.json +++ b/package.json @@ -42,7 +42,7 @@ "./package.json": "./package.json" }, "dependencies": { - "@npmcli/arborist": "^1.0.6", + "@npmcli/arborist": "^1.0.8", "@npmcli/ci-detect": "^1.2.0", "@npmcli/config": "^1.2.1", "@npmcli/run-script": "^1.7.4", From e0302a02109d31ce099f1c2c92a6d4dd53abcce6 Mon Sep 17 00:00:00 2001 From: isaacs Date: Tue, 3 Nov 2020 14:20:45 -0800 Subject: [PATCH 16/21] changelog: automatically backtickify scoped pkg names --- scripts/changelog.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/changelog.js b/scripts/changelog.js index c770b4ac400d5..0e84fc24fba3d 100644 --- a/scripts/changelog.js +++ b/scripts/changelog.js @@ -53,8 +53,8 @@ function printCommit (c) { .replace(/^/mg, ' ') .replace(/\n$/, '') // backtickify package@version - .replace(/^(\s*[^@\s]+@\d+[.]\d+[.]\d+)(\s*\S)/g, '$1:$2') - .replace(/\b([^@\s]+@\d+[.]\d+[.]\d+)\b/g, '`$1`') + .replace(/^(\s*@?[^@\s]+@\d+[.]\d+[.]\d+)(\s*\S)/g, '$1:$2') + .replace(/((?:\b|@)[^@\s]+@\d+[.]\d+[.]\d+)\b/g, '`$1`') // linkify commitids .replace(/\b([a-f0-9]{7,8})\b/g, '[`$1`](https://github.com/npm/cli/commit/$1)') .replace(/\b#(\d+)\b/g, '[#$1](https://npm.community/t/$1)') From fea7da32a24f0b65770d837eaf574f2cc526efaa Mon Sep 17 00:00:00 2001 From: isaacs Date: Tue, 3 Nov 2020 14:37:51 -0800 Subject: [PATCH 17/21] doc: updates to changelog generation script Less manual effort paper cuts. --- scripts/changelog.js | 41 ++++++++++++++++++++++++----------------- 1 file changed, 24 insertions(+), 17 deletions(-) diff --git a/scripts/changelog.js b/scripts/changelog.js index 0e84fc24fba3d..f36ad56c9c5bf 100644 --- a/scripts/changelog.js +++ b/scripts/changelog.js @@ -32,12 +32,12 @@ function shortname (url) { function printCommit (c) { console.log(`* [\`${c.shortid}\`](https://github.com/npm/cli/commit/${c.fullid})`) - if (c.fixes) { - let label = shortname(c.fixes) - if (label) { - console.log(` [${label}](${c.fixes})`) - } else { - console.log(` [npm.community#${c.fixes}](https://npm.community/t/${c.fixes})`) + if (c.fixes.length) { + for (const fix of c.fixes) { + let label = shortname(fix) + if (label) { + console.log(` [${label}](${fix})`) + } } } else if (c.prurl) { let label = shortname(c.prurl) @@ -51,20 +51,23 @@ function printCommit (c) { .replace(/^\s+/mg, '') .replace(/^[-a-z]+: /, '') .replace(/^/mg, ' ') + .replace(/^ Reviewed-by: @.*/mg, '') .replace(/\n$/, '') // backtickify package@version - .replace(/^(\s*@?[^@\s]+@\d+[.]\d+[.]\d+)(\s*\S)/g, '$1:$2') + .replace(/^(\s*@?[^@\s]+@\d+[.]\d+[.]\d+)\b(\s*\S)/g, '$1:$2') .replace(/((?:\b|@)[^@\s]+@\d+[.]\d+[.]\d+)\b/g, '`$1`') // linkify commitids .replace(/\b([a-f0-9]{7,8})\b/g, '[`$1`](https://github.com/npm/cli/commit/$1)') - .replace(/\b#(\d+)\b/g, '[#$1](https://npm.community/t/$1)') console.log(msg) - if (c.credit) { - c.credit.forEach(function (credit) { - console.log(` ([@${credit}](https://github.com/${credit}))`) - }) - } else { - console.log(` ([@${c.author}](https://github.com/${c.author}))`) + // don't assign credit for dep updates + if (!/^ `[^`]+@\d+\.\d+\.\d+[^`]*`:?$/m.test(msg)) { + if (c.credit) { + c.credit.forEach(function (credit) { + console.log(` ([@${credit}](https://github.com/${credit}))`) + }) + } else { + console.log(` ([@${c.author}](https://github.com/${c.author}))`) + } } } @@ -84,7 +87,7 @@ function main () { message: m[4], author: m[5], prurl: null, - fixes: null, + fixes: [], credit: null } } else if (m = line.match(/^PR-URL: (.*)/)) { @@ -92,8 +95,12 @@ function main () { } else if (m = line.match(/^Credit: @(.*)/)) { if (!commit.credit) commit.credit = [] commit.credit.push(m[1]) - } else if (m = line.match(/^Fixes: #?(.*)/)) { - commit.fixes = m[1] + } else if (m = line.match(/^(?:Fix(?:es)|Closes?): #?([0-9]+)/)) { + commit.fixes.push(`https://github.com/npm/cli/issues/${m[1]}`) + } else if (m = line.match(/^(?:Fix(?:es)|Closes?): ([^#]+)#([0-9]*)/)) { + commit.fixes.push(`https://github.com/${m[1]}/issues/${m[2]}`) + } else if (m = line.match(/^(?:Fix(?:es)|Closes?): (https?:\/\/.*)/)) { + commit.fixes.push(m[1]) } else if (m = line.match(/^Reviewed-By: @(.*)/)) { commit.reviewed = m[1] } else if (/\S/.test(line)) { From 34bd6c73c4e76366c3bdc52b0ab09b3687808438 Mon Sep 17 00:00:00 2001 From: isaacs Date: Tue, 3 Nov 2020 14:53:23 -0800 Subject: [PATCH 18/21] docs: changelog for v7.0.8 --- CHANGELOG.md | 56 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 56 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 7ce90085f6e17..49d44ab10a09e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,59 @@ +## 7.0.8 (2020-11-03) + +### DOCUMENTATION + +* [`052e977b9`](https://github.com/npm/cli/commit/052e977b9d071e1b3654976881d10cd3ddcba788) + [#1822](https://github.com/npm/cli/issues/1822) + [#1247](https://github.com/npm/cli/issues/1247) + add section on peerDependenciesMeta field in package.json + ([@foxxyz](https://github.com/foxxyz)) +* [`52d32d175`](https://github.com/npm/cli/commit/52d32d1758c5ebc58944a1e8d98d57e30048e527) + [#1970](https://github.com/npm/cli/issues/1970) + match npm-exec.md -p usage with lib/exec.js + ([@dr-js](https://github.com/dr-js)) +* [`48ee8d01e`](https://github.com/npm/cli/commit/48ee8d01edd11ed6186c483e1169ff4d2070b963) + [#2096](https://github.com/npm/cli/issues/2096) + Fix RFC links in changelog + ([@jtojnar](https://github.com/jtojnar)) + + +### BUG FIXES + +* [`6cd3cd08a`](https://github.com/npm/cli/commit/6cd3cd08af56445e13757cac3af87f3e7d54ed27) + Support *all* conf keys in publishConfig +* [`a1f9be8a7`](https://github.com/npm/cli/commit/a1f9be8a7f9b7a3a813fc3e5e705bc982470b0e2) + [#2074](https://github.com/npm/cli/issues/2074) + Support publishing any kind of spec, not just directories + +### DEPENDENCIES + +* [`545382df6`](https://github.com/npm/cli/commit/545382df62e3014f3e51d7034e52498fb2b01a37) + `libnpmpublish@4.0.0`: + * Support publishing things other than folders +* [`7d88f1719`](https://github.com/npm/cli/commit/7d88f17197e3c8cca9b277378d6f9b054b1b7886) + `npm-registry-fetch@9.0.0` +* [`823b40a4e`](https://github.com/npm/cli/commit/823b40a4e9c6ef76388af6fe01a3624f6f7675be) + `pacote@11.1.12` +* [`90bf57826`](https://github.com/npm/cli/commit/90bf57826edf2f78ddf8deb0793115ead8a8b556) + `npm-profile@5.0.2` +* [`e5a413577`](https://github.com/npm/cli/commit/e5a4135770d13cf114fac439167637181f87d824) + `libnpmteam@2.0.2` +* [`fc5aa7b4a`](https://github.com/npm/cli/commit/fc5aa7b4ad45cb65893f734e1229a6720f7966e5) + `libnpmsearch@3.0.1` +* [`9fc1dee13`](https://github.com/npm/cli/commit/9fc1dee138ca33ecdbd57e63142b27c60cf88f9b) + `libnpmorg@2.0.1` +* [`0ea870ec5`](https://github.com/npm/cli/commit/0ea870ec5d2be1d44f050ad8bc24ed936cc45fde) + `libnpmhook@6.0.1` +* [`32fd744ea`](https://github.com/npm/cli/commit/32fd744ea745f297f0be79a80955f077a57c4ac7) + `libnpmaccess@4.0.1` +* [`fc76f3d9f`](https://github.com/npm/cli/commit/fc76f3d9fcf19e65a9373ab3d9068c4326d2f782) + `@npmcli/arborist@1.0.8` + * Fix `cannot read property 'description' of undefined` in `npm ls` + when `package-lock.json` is corrupted + * Do not allow peerDependencies to be nested under dependents in any + circumstances + * Always resolve peerDependencies in `--prefer-dedupe` mode + ## 7.0.7 (2020-10-30) ### BUG FIXES From 8778981103b36a10811c416de0c0cbe378322931 Mon Sep 17 00:00:00 2001 From: isaacs Date: Tue, 3 Nov 2020 15:10:34 -0800 Subject: [PATCH 19/21] add untracked uuid CONTRIBUTING file --- node_modules/uuid/CONTRIBUTING.md | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 node_modules/uuid/CONTRIBUTING.md diff --git a/node_modules/uuid/CONTRIBUTING.md b/node_modules/uuid/CONTRIBUTING.md new file mode 100644 index 0000000000000..4a4503d02ca58 --- /dev/null +++ b/node_modules/uuid/CONTRIBUTING.md @@ -0,0 +1,18 @@ +# Contributing + +Please feel free to file GitHub Issues or propose Pull Requests. We're always happy to discuss improvements to this library! + +## Testing + +```shell +npm test +``` + +## Releasing + +Releases are supposed to be done from master, version bumping is automated through [`standard-version`](https://github.com/conventional-changelog/standard-version): + +```shell +npm run release -- --dry-run # verify output manually +npm run release # follow the instructions from the output of this command +``` From 9b60be2508c9479faf417c257072ea08ddfeff29 Mon Sep 17 00:00:00 2001 From: isaacs Date: Tue, 3 Nov 2020 15:11:12 -0800 Subject: [PATCH 20/21] update AUTHORS --- AUTHORS | 3 +++ 1 file changed, 3 insertions(+) diff --git a/AUTHORS b/AUTHORS index bda59af7eebcd..4209517f2a0ff 100644 --- a/AUTHORS +++ b/AUTHORS @@ -727,3 +727,6 @@ Jake Champion takenspc iraj Michele Azzolari +foxxyz +Dr +Jan Tojnar From 65fe2ffb8a85964a682e5c7422b3d3dc4121e02d Mon Sep 17 00:00:00 2001 From: isaacs Date: Tue, 3 Nov 2020 15:11:12 -0800 Subject: [PATCH 21/21] 7.0.8 --- package-lock.json | 4 ++-- package.json | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/package-lock.json b/package-lock.json index 456f21ef4a3b9..cd6d96b687059 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "npm", - "version": "7.0.7", + "version": "7.0.8", "lockfileVersion": 2, "requires": true, "packages": { "": { "name": "npm", - "version": "7.0.7", + "version": "7.0.8", "bundleDependencies": [ "@npmcli/arborist", "@npmcli/ci-detect", diff --git a/package.json b/package.json index cf1278af12694..d0ca0bf91a7dd 100644 --- a/package.json +++ b/package.json @@ -1,5 +1,5 @@ { - "version": "7.0.7", + "version": "7.0.8", "name": "npm", "description": "a package manager for JavaScript", "keywords": [