-
Notifications
You must be signed in to change notification settings - Fork 3.2k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
BREAKING CHANGE: `bun.lockb` files are now included in the strict ignore list during packing
- Loading branch information
Showing
32 changed files
with
2,467 additions
and
40 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
File renamed without changes.
File renamed without changes.
File renamed without changes.
15 changes: 15 additions & 0 deletions
15
node_modules/@npmcli/metavuln-calculator/node_modules/pacote/LICENSE
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
The ISC License | ||
|
||
Copyright (c) Isaac Z. Schlueter, Kat Marchán, npm, Inc., and Contributors | ||
|
||
Permission to use, copy, modify, and/or distribute this software for any | ||
purpose with or without fee is hereby granted, provided that the above | ||
copyright notice and this permission notice appear in all copies. | ||
|
||
THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES | ||
WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF | ||
MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR | ||
ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES | ||
WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN | ||
ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR | ||
IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
158 changes: 158 additions & 0 deletions
158
node_modules/@npmcli/metavuln-calculator/node_modules/pacote/bin/index.js
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,158 @@ | ||
#!/usr/bin/env node | ||
|
||
const run = conf => { | ||
const pacote = require('../') | ||
switch (conf._[0]) { | ||
case 'resolve': | ||
case 'manifest': | ||
case 'packument': | ||
if (conf._[0] === 'resolve' && conf.long) { | ||
return pacote.manifest(conf._[1], conf).then(mani => ({ | ||
resolved: mani._resolved, | ||
integrity: mani._integrity, | ||
from: mani._from, | ||
})) | ||
} | ||
return pacote[conf._[0]](conf._[1], conf) | ||
|
||
case 'tarball': | ||
if (!conf._[2] || conf._[2] === '-') { | ||
return pacote.tarball.stream(conf._[1], stream => { | ||
stream.pipe( | ||
conf.testStdout || | ||
/* istanbul ignore next */ | ||
process.stdout | ||
) | ||
// make sure it resolves something falsey | ||
return stream.promise().then(() => { | ||
return false | ||
}) | ||
}, conf) | ||
} else { | ||
return pacote.tarball.file(conf._[1], conf._[2], conf) | ||
} | ||
|
||
case 'extract': | ||
return pacote.extract(conf._[1], conf._[2], conf) | ||
|
||
default: /* istanbul ignore next */ { | ||
throw new Error(`bad command: ${conf._[0]}`) | ||
} | ||
} | ||
} | ||
|
||
const version = require('../package.json').version | ||
const usage = () => | ||
`Pacote - The JavaScript Package Handler, v${version} | ||
Usage: | ||
pacote resolve <spec> | ||
Resolve a specifier and output the fully resolved target | ||
Returns integrity and from if '--long' flag is set. | ||
pacote manifest <spec> | ||
Fetch a manifest and print to stdout | ||
pacote packument <spec> | ||
Fetch a full packument and print to stdout | ||
pacote tarball <spec> [<filename>] | ||
Fetch a package tarball and save to <filename> | ||
If <filename> is missing or '-', the tarball will be streamed to stdout. | ||
pacote extract <spec> <folder> | ||
Extract a package to the destination folder. | ||
Configuration values all match the names of configs passed to npm, or | ||
options passed to Pacote. Additional flags for this executable: | ||
--long Print an object from 'resolve', including integrity and spec. | ||
--json Print result objects as JSON rather than node's default. | ||
(This is the default if stdout is not a TTY.) | ||
--help -h Print this helpful text. | ||
For example '--cache=/path/to/folder' will use that folder as the cache. | ||
` | ||
|
||
const shouldJSON = (conf, result) => | ||
conf.json || | ||
!process.stdout.isTTY && | ||
conf.json === undefined && | ||
result && | ||
typeof result === 'object' | ||
|
||
const pretty = (conf, result) => | ||
shouldJSON(conf, result) ? JSON.stringify(result, 0, 2) : result | ||
|
||
let addedLogListener = false | ||
const main = args => { | ||
const conf = parse(args) | ||
if (conf.help || conf.h) { | ||
return console.log(usage()) | ||
} | ||
|
||
if (!addedLogListener) { | ||
process.on('log', console.error) | ||
addedLogListener = true | ||
} | ||
|
||
try { | ||
return run(conf) | ||
.then(result => result && console.log(pretty(conf, result))) | ||
.catch(er => { | ||
console.error(er) | ||
process.exit(1) | ||
}) | ||
} catch (er) { | ||
console.error(er.message) | ||
console.error(usage()) | ||
} | ||
} | ||
|
||
const parseArg = arg => { | ||
const split = arg.slice(2).split('=') | ||
const k = split.shift() | ||
const v = split.join('=') | ||
const no = /^no-/.test(k) && !v | ||
const key = (no ? k.slice(3) : k) | ||
.replace(/^tag$/, 'defaultTag') | ||
.replace(/-([a-z])/g, (_, c) => c.toUpperCase()) | ||
const value = v ? v.replace(/^~/, process.env.HOME) : !no | ||
return { key, value } | ||
} | ||
|
||
const parse = args => { | ||
const conf = { | ||
_: [], | ||
cache: process.env.HOME + '/.npm/_cacache', | ||
} | ||
let dashdash = false | ||
args.forEach(arg => { | ||
if (dashdash) { | ||
conf._.push(arg) | ||
} else if (arg === '--') { | ||
dashdash = true | ||
} else if (arg === '-h') { | ||
conf.help = true | ||
} else if (/^--/.test(arg)) { | ||
const { key, value } = parseArg(arg) | ||
conf[key] = value | ||
} else { | ||
conf._.push(arg) | ||
} | ||
}) | ||
return conf | ||
} | ||
|
||
if (module === require.main) { | ||
main(process.argv.slice(2)) | ||
} else { | ||
module.exports = { | ||
main, | ||
run, | ||
usage, | ||
parseArg, | ||
parse, | ||
} | ||
} |
105 changes: 105 additions & 0 deletions
105
node_modules/@npmcli/metavuln-calculator/node_modules/pacote/lib/dir.js
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,105 @@ | ||
const { resolve } = require('node:path') | ||
const packlist = require('npm-packlist') | ||
const runScript = require('@npmcli/run-script') | ||
const tar = require('tar') | ||
const { Minipass } = require('minipass') | ||
const Fetcher = require('./fetcher.js') | ||
const FileFetcher = require('./file.js') | ||
const _ = require('./util/protected.js') | ||
const tarCreateOptions = require('./util/tar-create-options.js') | ||
|
||
class DirFetcher extends Fetcher { | ||
constructor (spec, opts) { | ||
super(spec, opts) | ||
// just the fully resolved filename | ||
this.resolved = this.spec.fetchSpec | ||
|
||
this.tree = opts.tree || null | ||
this.Arborist = opts.Arborist || null | ||
} | ||
|
||
// exposes tarCreateOptions as public API | ||
static tarCreateOptions (manifest) { | ||
return tarCreateOptions(manifest) | ||
} | ||
|
||
get types () { | ||
return ['directory'] | ||
} | ||
|
||
#prepareDir () { | ||
return this.manifest().then(mani => { | ||
if (!mani.scripts || !mani.scripts.prepare) { | ||
return | ||
} | ||
if (this.opts.ignoreScripts) { | ||
return | ||
} | ||
|
||
// we *only* run prepare. | ||
// pre/post-pack is run by the npm CLI for publish and pack, | ||
// but this function is *also* run when installing git deps | ||
const stdio = this.opts.foregroundScripts ? 'inherit' : 'pipe' | ||
|
||
return runScript({ | ||
// this || undefined is because runScript will be unhappy with the default null value | ||
scriptShell: this.opts.scriptShell || undefined, | ||
pkg: mani, | ||
event: 'prepare', | ||
path: this.resolved, | ||
stdio, | ||
env: { | ||
npm_package_resolved: this.resolved, | ||
npm_package_integrity: this.integrity, | ||
npm_package_json: resolve(this.resolved, 'package.json'), | ||
}, | ||
}) | ||
}) | ||
} | ||
|
||
[_.tarballFromResolved] () { | ||
if (!this.tree && !this.Arborist) { | ||
throw new Error('DirFetcher requires either a tree or an Arborist constructor to pack') | ||
} | ||
|
||
const stream = new Minipass() | ||
stream.resolved = this.resolved | ||
stream.integrity = this.integrity | ||
|
||
const { prefix, workspaces } = this.opts | ||
|
||
// run the prepare script, get the list of files, and tar it up | ||
// pipe to the stream, and proxy errors the chain. | ||
this.#prepareDir() | ||
.then(async () => { | ||
if (!this.tree) { | ||
const arb = new this.Arborist({ path: this.resolved }) | ||
this.tree = await arb.loadActual() | ||
} | ||
return packlist(this.tree, { path: this.resolved, prefix, workspaces }) | ||
}) | ||
.then(files => tar.c(tarCreateOptions(this.package), files) | ||
.on('error', er => stream.emit('error', er)).pipe(stream)) | ||
.catch(er => stream.emit('error', er)) | ||
return stream | ||
} | ||
|
||
manifest () { | ||
if (this.package) { | ||
return Promise.resolve(this.package) | ||
} | ||
|
||
return this[_.readPackageJson](this.resolved) | ||
.then(mani => this.package = { | ||
...mani, | ||
_integrity: this.integrity && String(this.integrity), | ||
_resolved: this.resolved, | ||
_from: this.from, | ||
}) | ||
} | ||
|
||
packument () { | ||
return FileFetcher.prototype.packument.apply(this) | ||
} | ||
} | ||
module.exports = DirFetcher |
Oops, something went wrong.