deps: npm-registry-fetch@19.1.1

Author: wraithgar

node_modules/.gitignore

@@ -180,7 +180,10 @@
 !/npm-registry-fetch
 !/npm-registry-fetch/node_modules/
 /npm-registry-fetch/node_modules/*
-!/npm-registry-fetch/node_modules/proc-log
+!/npm-registry-fetch/node_modules/@npmcli/
+/npm-registry-fetch/node_modules/@npmcli/*
+!/npm-registry-fetch/node_modules/@npmcli/redact
+!/npm-registry-fetch/node_modules/minipass-fetch
 !/npm-user-validate
 !/p-map
 !/package-json-from-dist

node_modules/npm-registry-fetch/node_modules/@npmcli/redact/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2024 npm
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

node_modules/npm-registry-fetch/node_modules/@npmcli/redact/lib/deep-map.js

@@ -0,0 +1,71 @@
+const { serializeError } = require('./error')
+
+const deepMap = (input, handler = v => v, path = ['$'], seen = new Set([input])) => {
+  // this is in an effort to maintain bole's error logging behavior
+  if (path.join('.') === '$' && input instanceof Error) {
+    return deepMap({ err: serializeError(input) }, handler, path, seen)
+  }
+  if (input instanceof Error) {
+    return deepMap(serializeError(input), handler, path, seen)
+  }
+  // allows for non-node js environments, sush as workers
+  if (typeof Buffer !== 'undefined' && input instanceof Buffer) {
+    return `[unable to log instanceof buffer]`
+  }
+  if (input instanceof Uint8Array) {
+    return `[unable to log instanceof Uint8Array]`
+  }
+
+  if (Array.isArray(input)) {
+    const result = []
+    for (let i = 0; i < input.length; i++) {
+      const element = input[i]
+      const elementPath = [...path, i]
+      if (element instanceof Object) {
+        if (!seen.has(element)) { // avoid getting stuck in circular reference
+          seen.add(element)
+          result.push(deepMap(handler(element, elementPath), handler, elementPath, seen))
+        }
+      } else {
+        result.push(handler(element, elementPath))
+      }
+    }
+    return result
+  }
+
+  if (input === null) {
+    return null
+  } else if (typeof input === 'object' || typeof input === 'function') {
+    const result = {}
+
+    for (const propertyName of Object.getOwnPropertyNames(input)) {
+    // skip logging internal properties
+      if (propertyName.startsWith('_')) {
+        continue
+      }
+
+      try {
+        const property = input[propertyName]
+        const propertyPath = [...path, propertyName]
+        if (property instanceof Object) {
+          if (!seen.has(property)) { // avoid getting stuck in circular reference
+            seen.add(property)
+            result[propertyName] = deepMap(
+              handler(property, propertyPath), handler, propertyPath, seen
+            )
+          }
+        } else {
+          result[propertyName] = handler(property, propertyPath)
+        }
+      } catch (err) {
+      // a getter may throw an error
+        result[propertyName] = `[error getting value: ${err.message}]`
+      }
+    }
+    return result
+  }
+
+  return handler(input, path)
+}
+
+module.exports = { deepMap }

node_modules/npm-registry-fetch/node_modules/@npmcli/redact/lib/error.js

@@ -0,0 +1,28 @@
+/** takes an error object and serializes it to a plan object */
+function serializeError (input) {
+  if (!(input instanceof Error)) {
+    if (typeof input === 'string') {
+      const error = new Error(`attempted to serialize a non-error, string String, "${input}"`)
+      return serializeError(error)
+    }
+    const error = new Error(`attempted to serialize a non-error, ${typeof input} ${input?.constructor?.name}`)
+    return serializeError(error)
+  }
+  // different error objects store status code differently
+  // AxiosError uses `status`, other services use `statusCode`
+  const statusCode = input.statusCode ?? input.status
+  // CAUTION: what we serialize here gets add to the size of logs
+  return {
+    errorType: input.errorType ?? input.constructor.name,
+    ...(input.message ? { message: input.message } : {}),
+    ...(input.stack ? { stack: input.stack } : {}),
+    // think of this as error code
+    ...(input.code ? { code: input.code } : {}),
+    // think of this as http status code
+    ...(statusCode ? { statusCode } : {}),
+  }
+}
+
+module.exports = {
+  serializeError,
+}

node_modules/npm-registry-fetch/node_modules/@npmcli/redact/lib/index.js

@@ -0,0 +1,44 @@
+const matchers = require('./matchers')
+const { redactUrlPassword } = require('./utils')
+
+const REPLACE = '***'
+
+const redact = (value) => {
+  if (typeof value !== 'string' || !value) {
+    return value
+  }
+  return redactUrlPassword(value, REPLACE)
+    .replace(matchers.NPM_SECRET.pattern, `npm_${REPLACE}`)
+    .replace(matchers.UUID.pattern, REPLACE)
+}
+
+// split on \s|= similar to how nopt parses options
+const splitAndRedact = (str) => {
+  // stateful regex, don't move out of this scope
+  const splitChars = /[\s=]/g
+
+  let match = null
+  let result = ''
+  let index = 0
+  while (match = splitChars.exec(str)) {
+    result += redact(str.slice(index, match.index)) + match[0]
+    index = splitChars.lastIndex
+  }
+
+  return result + redact(str.slice(index))
+}
+
+// replaces auth info in an array of arguments or in a strings
+const redactLog = (arg) => {
+  if (typeof arg === 'string') {
+    return splitAndRedact(arg)
+  } else if (Array.isArray(arg)) {
+    return arg.map((a) => typeof a === 'string' ? splitAndRedact(a) : a)
+  }
+  return arg
+}
+
+module.exports = {
+  redact,
+  redactLog,
+}

node_modules/npm-registry-fetch/node_modules/@npmcli/redact/lib/matchers.js

@@ -0,0 +1,88 @@
+const TYPE_REGEX = 'regex'
+const TYPE_URL = 'url'
+const TYPE_PATH = 'path'
+
+const NPM_SECRET = {
+  type: TYPE_REGEX,
+  pattern: /\b(npms?_)[a-zA-Z0-9]{36,48}\b/gi,
+  replacement: `[REDACTED_NPM_SECRET]`,
+}
+
+const AUTH_HEADER = {
+  type: TYPE_REGEX,
+  pattern: /\b(Basic\s+|Bearer\s+)[\w+=\-.]+\b/gi,
+  replacement: `[REDACTED_AUTH_HEADER]`,
+}
+
+const JSON_WEB_TOKEN = {
+  type: TYPE_REGEX,
+  pattern: /\b[A-Za-z0-9-_]{10,}(?!\.\d+\.)\.[A-Za-z0-9-_]{3,}\.[A-Za-z0-9-_]{20,}\b/gi,
+  replacement: `[REDACTED_JSON_WEB_TOKEN]`,
+}
+
+const UUID = {
+  type: TYPE_REGEX,
+  pattern: /\b[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}\b/gi,
+  replacement: `[REDACTED_UUID]`,
+}
+
+const URL_MATCHER = {
+  type: TYPE_REGEX,
+  pattern: /(?:https?|ftp):\/\/[^\s/"$.?#].[^\s"]*/gi,
+  replacement: '[REDACTED_URL]',
+}
+
+const DEEP_HEADER_AUTHORIZATION = {
+  type: TYPE_PATH,
+  predicate: ({ path }) => path.endsWith('.headers.authorization'),
+  replacement: '[REDACTED_HEADER_AUTHORIZATION]',
+}
+
+const DEEP_HEADER_SET_COOKIE = {
+  type: TYPE_PATH,
+  predicate: ({ path }) => path.endsWith('.headers.set-cookie'),
+  replacement: '[REDACTED_HEADER_SET_COOKIE]',
+}
+
+const DEEP_HEADER_COOKIE = {
+  type: TYPE_PATH,
+  predicate: ({ path }) => path.endsWith('.headers.cookie'),
+  replacement: '[REDACTED_HEADER_COOKIE]',
+}
+
+const REWRITE_REQUEST = {
+  type: TYPE_PATH,
+  predicate: ({ path }) => path.endsWith('.request'),
+  replacement: (input) => ({
+    method: input?.method,
+    path: input?.path,
+    headers: input?.headers,
+    url: input?.url,
+  }),
+}
+
+const REWRITE_RESPONSE = {
+  type: TYPE_PATH,
+  predicate: ({ path }) => path.endsWith('.response'),
+  replacement: (input) => ({
+    data: input?.data,
+    status: input?.status,
+    headers: input?.headers,
+  }),
+}
+
+module.exports = {
+  TYPE_REGEX,
+  TYPE_URL,
+  TYPE_PATH,
+  NPM_SECRET,
+  AUTH_HEADER,
+  JSON_WEB_TOKEN,
+  UUID,
+  URL_MATCHER,
+  DEEP_HEADER_AUTHORIZATION,
+  DEEP_HEADER_SET_COOKIE,
+  DEEP_HEADER_COOKIE,
+  REWRITE_REQUEST,
+  REWRITE_RESPONSE,
+}

node_modules/npm-registry-fetch/node_modules/@npmcli/redact/lib/server.js

@@ -0,0 +1,59 @@
+const {
+  AUTH_HEADER,
+  JSON_WEB_TOKEN,
+  NPM_SECRET,
+  DEEP_HEADER_AUTHORIZATION,
+  DEEP_HEADER_SET_COOKIE,
+  REWRITE_REQUEST,
+  REWRITE_RESPONSE,
+  DEEP_HEADER_COOKIE,
+} = require('./matchers')
+
+const {
+  redactUrlMatcher,
+  redactUrlPasswordMatcher,
+  redactMatchers,
+} = require('./utils')
+
+const { serializeError } = require('./error')
+
+const { deepMap } = require('./deep-map')
+
+const _redact = redactMatchers(
+  NPM_SECRET,
+  AUTH_HEADER,
+  JSON_WEB_TOKEN,
+  DEEP_HEADER_AUTHORIZATION,
+  DEEP_HEADER_SET_COOKIE,
+  DEEP_HEADER_COOKIE,
+  REWRITE_REQUEST,
+  REWRITE_RESPONSE,
+  redactUrlMatcher(
+    redactUrlPasswordMatcher()
+  )
+)
+
+const redact = (input) => deepMap(input, (value, path) => _redact(value, { path }))
+
+/** takes an error returns new error keeping some custom properties */
+function redactError (input) {
+  const { message, ...data } = serializeError(input)
+  const output = new Error(redact(message))
+  return Object.assign(output, redact(data))
+}
+
+/** runs a function within try / catch and throws error wrapped in redactError */
+function redactThrow (func) {
+  if (typeof func !== 'function') {
+    throw new Error('redactThrow expects a function')
+  }
+  return async (...args) => {
+    try {
+      return await func(...args)
+    } catch (error) {
+      throw redactError(error)
+    }
+  }
+}
+
+module.exports = { redact, redactError, redactThrow }