npm - @gjsify/npm-registry - Versions diffs - 0.3.15 → 0.3.17 - Mend

@gjsify/npm-registry 0.3.15 → 0.3.17

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/lib/esm/index.js +1 -250
package/package.json +3 -3

package/lib/esm/index.js CHANGED Viewed

@@ -1,250 +1 @@
-//#region src/index.ts
-const DEFAULT_REGISTRY = "https://registry.npmjs.org/";
-/** Strict-validate a packument shape. Throws on schema mismatch. */
-function assertPackument(name, body) {
-	if (!body || typeof body !== "object") {
-		throw new TypeError(`registry: ${name} packument is not an object`);
-	}
-	const p = body;
-	if (typeof p.name !== "string") {
-		throw new TypeError(`registry: ${name} packument missing string name`);
-	}
-	if (!p.versions || typeof p.versions !== "object") {
-		throw new TypeError(`registry: ${name} packument missing versions map`);
-	}
-}
-/** Pick the right registry URL for a package name (scoped overrides win). */
-function registryFor(name, npmrc) {
-	if (npmrc && name.startsWith("@")) {
-		const scope = name.slice(0, name.indexOf("/"));
-		const override = npmrc.scopes[scope];
-		if (override) return ensureTrailingSlash(override);
-	}
-	if (npmrc?.registry) return ensureTrailingSlash(npmrc.registry);
-	return DEFAULT_REGISTRY;
-}
-/** Build the GET URL for a packument. Handles `@scope/name` URL-encoding. */
-function packumentUrl(name, registry) {
-	const base = ensureTrailingSlash(registry);
-	if (name.startsWith("@")) {
-		const slash = name.indexOf("/");
-		if (slash < 0) throw new TypeError(`Invalid scoped package name: ${name}`);
-		const scope = name.slice(0, slash);
-		const rest = name.slice(slash + 1);
-		return `${base}${encodeURIComponent(scope)}/${encodeURIComponent(rest)}`;
-	}
-	return `${base}${encodeURIComponent(name)}`;
-}
-/** Fetch + parse a packument. */
-async function fetchPackument(name, opts = {}) {
-	const registry = opts.registry ?? registryFor(name, opts.npmrc);
-	const url = packumentUrl(name, registry);
-	const headers = buildHeaders(url, opts);
-	headers["accept"] ??= "application/vnd.npm.install-v1+json";
-	const fetchImpl = opts.fetch ?? globalThis.fetch;
-	if (!fetchImpl) throw new Error("@gjsify/npm-registry: globalThis.fetch is missing");
-	const res = await fetchImpl(url, {
-		headers,
-		signal: opts.signal
-	});
-	if (!res.ok) {
-		if (res.status === 404) throw new PackageNotFoundError(name, url);
-		throw new Error(`registry GET ${url} -> ${res.status} ${res.statusText}`);
-	}
-	const body = await res.json();
-	assertPackument(name, body);
-	return body;
-}
-/** Download a tarball as bytes. Verifies SRI `integrity` when supplied. */
-async function fetchTarball(url, opts = {}) {
-	const headers = buildHeaders(url, opts);
-	headers["accept"] ??= "application/octet-stream";
-	const fetchImpl = opts.fetch ?? globalThis.fetch;
-	if (!fetchImpl) throw new Error("@gjsify/npm-registry: globalThis.fetch is missing");
-	const res = await fetchImpl(url, {
-		headers,
-		signal: opts.signal
-	});
-	if (!res.ok) throw new Error(`tarball GET ${url} -> ${res.status} ${res.statusText}`);
-	const buf = new Uint8Array(await res.arrayBuffer());
-	if (opts.integrity) {
-		const ok = await verifyIntegrity(buf, opts.integrity);
-		if (!ok) throw new IntegrityError(url, opts.integrity);
-	}
-	return buf;
-}
-/**
-* Verify an SRI string (e.g. `sha512-base64==`) against bytes.
-* Multiple hashes (space-separated) accepted; any match passes.
-*/
-async function verifyIntegrity(data, integrity) {
-	const parts = integrity.trim().split(/\s+/);
-	for (const part of parts) {
-		const dash = part.indexOf("-");
-		if (dash < 0) continue;
-		const algo = part.slice(0, dash).toLowerCase();
-		const expected = part.slice(dash + 1);
-		const subtle = globalThis.crypto?.subtle;
-		if (!subtle) throw new Error("@gjsify/npm-registry: globalThis.crypto.subtle is missing");
-		const algoName = subriToWebCryptoAlgo(algo);
-		if (!algoName) continue;
-		const digest = await subtle.digest(algoName, dataAsArrayBuffer(data));
-		const got = bytesToBase64(new Uint8Array(digest));
-		if (got === expected) return true;
-	}
-	return false;
-}
-function subriToWebCryptoAlgo(sri) {
-	switch (sri) {
-		case "sha1": return "SHA-1";
-		case "sha256": return "SHA-256";
-		case "sha384": return "SHA-384";
-		case "sha512": return "SHA-512";
-		default: return null;
-	}
-}
-function dataAsArrayBuffer(data) {
-	if (data.byteOffset === 0 && data.byteLength === data.buffer.byteLength) {
-		return data.buffer;
-	}
-	const copy = new Uint8Array(data.byteLength);
-	copy.set(data);
-	return copy.buffer;
-}
-function bytesToBase64(bytes) {
-	let bin = "";
-	for (let i = 0; i < bytes.length; i++) {
-		bin += String.fromCharCode(bytes[i]);
-	}
-	return btoa(bin);
-}
-/** Parse a `.npmrc` text body. Unknown keys are kept on the result for callers. */
-function parseNpmrc(text) {
-	const out = {
-		registry: DEFAULT_REGISTRY,
-		scopes: {},
-		authTokens: {},
-		basicAuth: {}
-	};
-	const lines = text.split(/\r?\n/);
-	const basic = {};
-	for (const raw of lines) {
-		const line = raw.replace(/^\s+|\s+$/g, "");
-		if (!line || line.startsWith("#") || line.startsWith(";")) continue;
-		const eq = line.indexOf("=");
-		if (eq < 0) continue;
-		const key = line.slice(0, eq).trim();
-		const value = expandEnv(stripQuotes(line.slice(eq + 1).trim()));
-		if (key === "registry") {
-			out.registry = ensureTrailingSlash(value);
-			continue;
-		}
-		const scopeRegistry = key.match(/^(@[^:]+):registry$/);
-		if (scopeRegistry) {
-			out.scopes[scopeRegistry[1]] = ensureTrailingSlash(value);
-			continue;
-		}
-		const tokenMatch = key.match(/^\/\/(.+):_authToken$/);
-		if (tokenMatch) {
-			out.authTokens[normalizeAuthHost(tokenMatch[1])] = value;
-			continue;
-		}
-		const userMatch = key.match(/^\/\/(.+):username$/);
-		if (userMatch) {
-			(basic[normalizeAuthHost(userMatch[1])] ??= {}).user = value;
-			continue;
-		}
-		const passMatch = key.match(/^\/\/(.+):_password$/);
-		if (passMatch) {
-			const decoded = base64Decode(value);
-			(basic[normalizeAuthHost(passMatch[1])] ??= {}).pass = decoded;
-			continue;
-		}
-	}
-	for (const [host, creds] of Object.entries(basic)) {
-		if (creds.user && creds.pass !== undefined) {
-			out.basicAuth[host] = {
-				username: creds.user,
-				password: creds.pass
-			};
-		}
-	}
-	return out;
-}
-/** Build auth + UA headers for a request URL. Pure (no I/O). */
-function buildHeaders(url, opts) {
-	const headers = { "user-agent": "gjsify-install/0.3.7" };
-	if (opts.npmrc) {
-		const auth = resolveAuthForUrl(url, opts.npmrc);
-		if (auth) headers["authorization"] = auth;
-	}
-	if (opts.headers) {
-		for (const [k, v] of Object.entries(opts.headers)) headers[k.toLowerCase()] = v;
-	}
-	return headers;
-}
-/** Resolve an `Authorization` header for a URL given a parsed .npmrc. */
-function resolveAuthForUrl(url, npmrc) {
-	const u = new URL(url);
-	const candidates = pathPrefixes(u);
-	for (const prefix of candidates) {
-		const token = npmrc.authTokens[prefix];
-		if (token) return `Bearer ${token}`;
-		const basic = npmrc.basicAuth[prefix];
-		if (basic) {
-			const enc = btoa(`${basic.username}:${basic.password}`);
-			return `Basic ${enc}`;
-		}
-	}
-	return null;
-}
-function pathPrefixes(u) {
-	const segments = u.pathname.split("/").filter(Boolean);
-	const prefixes = [];
-	for (let i = segments.length; i >= 0; i--) {
-		const tail = segments.slice(0, i).join("/");
-		prefixes.push(tail ? `//${u.host}/${tail}` : `//${u.host}`);
-	}
-	return prefixes;
-}
-function normalizeAuthHost(captured) {
-	const trimmed = captured.replace(/\/+$/, "");
-	return `//${trimmed}`;
-}
-function ensureTrailingSlash(s) {
-	return s.endsWith("/") ? s : s + "/";
-}
-function stripQuotes(s) {
-	if (s.startsWith("\"") && s.endsWith("\"") || s.startsWith("'") && s.endsWith("'")) {
-		return s.slice(1, -1);
-	}
-	return s;
-}
-function expandEnv(s) {
-	return s.replace(/\$\{([A-Z0-9_]+)\}/gi, (_m, name) => {
-		const env = globalThis.process?.env;
-		return env?.[name] ?? "";
-	});
-}
-function base64Decode(s) {
-	return atob(s);
-}
-var PackageNotFoundError = class extends Error {
-	constructor(name, url) {
-		super(`Package not found in registry: ${name} (${url})`);
-		this.name = name;
-		this.url = url;
-		this.name = "PackageNotFoundError";
-	}
-};
-var IntegrityError = class extends Error {
-	constructor(url, integrity) {
-		super(`Tarball integrity mismatch for ${url} (expected ${integrity})`);
-		this.url = url;
-		this.integrity = integrity;
-		this.name = "IntegrityError";
-	}
-};
-//#endregion
-export { DEFAULT_REGISTRY, IntegrityError, PackageNotFoundError, assertPackument, buildHeaders, fetchPackument, fetchTarball, packumentUrl, parseNpmrc, registryFor, resolveAuthForUrl, verifyIntegrity };
+const e=`https://registry.npmjs.org/`;function t(e,t){if(!t||typeof t!=`object`)throw TypeError(`registry: ${e} packument is not an object`);let n=t;if(typeof n.name!=`string`)throw TypeError(`registry: ${e} packument missing string name`);if(!n.versions||typeof n.versions!=`object`)throw TypeError(`registry: ${e} packument missing versions map`)}function n(t,n){if(n&&t.startsWith(`@`)){let e=t.slice(0,t.indexOf(`/`)),r=n.scopes[e];if(r)return h(r)}return n?.registry?h(n.registry):e}function r(e,t){let n=h(t);if(e.startsWith(`@`)){let t=e.indexOf(`/`);if(t<0)throw TypeError(`Invalid scoped package name: ${e}`);let r=e.slice(0,t),i=e.slice(t+1);return`${n}${encodeURIComponent(r)}/${encodeURIComponent(i)}`}return`${n}${encodeURIComponent(e)}`}async function i(e,i={}){let a=r(e,i.registry??n(e,i.npmrc)),o=d(a,i);o.accept??=`application/vnd.npm.install-v1+json`;let s=i.fetch??globalThis.fetch;if(!s)throw Error(`@gjsify/npm-registry: globalThis.fetch is missing`);let c=await s(a,{headers:o,signal:i.signal});if(!c.ok)throw c.status===404?new y(e,a):Error(`registry GET ${a} -> ${c.status} ${c.statusText}`);let l=await c.json();return t(e,l),l}async function a(e,t={}){let n=d(e,t);n.accept??=`application/octet-stream`;let r=t.fetch??globalThis.fetch;if(!r)throw Error(`@gjsify/npm-registry: globalThis.fetch is missing`);let i=await r(e,{headers:n,signal:t.signal});if(!i.ok)throw Error(`tarball GET ${e} -> ${i.status} ${i.statusText}`);let a=new Uint8Array(await i.arrayBuffer());if(t.integrity&&!await o(a,t.integrity))throw new b(e,t.integrity);return a}async function o(e,t){let n=t.trim().split(/\s+/);for(let t of n){let n=t.indexOf(`-`);if(n<0)continue;let r=t.slice(0,n).toLowerCase(),i=t.slice(n+1),a=globalThis.crypto?.subtle;if(!a)throw Error(`@gjsify/npm-registry: globalThis.crypto.subtle is missing`);let o=s(r);if(!o)continue;let u=await a.digest(o,c(e));if(l(new Uint8Array(u))===i)return!0}return!1}function s(e){switch(e){case`sha1`:return`SHA-1`;case`sha256`:return`SHA-256`;case`sha384`:return`SHA-384`;case`sha512`:return`SHA-512`;default:return null}}function c(e){if(e.byteOffset===0&&e.byteLength===e.buffer.byteLength)return e.buffer;let t=new Uint8Array(e.byteLength);return t.set(e),t.buffer}function l(e){let t=``;for(let n=0;n<e.length;n++)t+=String.fromCharCode(e[n]);return btoa(t)}function u(t){let n={registry:e,scopes:{},authTokens:{},basicAuth:{}},r=t.split(/\r?\n/),i={};for(let e of r){let t=e.replace(/^\s+|\s+$/g,``);if(!t||t.startsWith(`#`)||t.startsWith(`;`))continue;let r=t.indexOf(`=`);if(r<0)continue;let a=t.slice(0,r).trim(),o=_(g(t.slice(r+1).trim()));if(a===`registry`){n.registry=h(o);continue}let s=a.match(/^(@[^:]+):registry$/);if(s){n.scopes[s[1]]=h(o);continue}let c=a.match(/^\/\/(.+):_authToken$/);if(c){n.authTokens[m(c[1])]=o;continue}let l=a.match(/^\/\/(.+):username$/);if(l){(i[m(l[1])]??={}).user=o;continue}let u=a.match(/^\/\/(.+):_password$/);if(u){let e=v(o);(i[m(u[1])]??={}).pass=e;continue}}for(let[e,t]of Object.entries(i))t.user&&t.pass!==void 0&&(n.basicAuth[e]={username:t.user,password:t.pass});return n}function d(e,t){let n={"user-agent":`gjsify-install/0.3.7`};if(t.npmrc){let r=f(e,t.npmrc);r&&(n.authorization=r)}if(t.headers)for(let[e,r]of Object.entries(t.headers))n[e.toLowerCase()]=r;return n}function f(e,t){let n=p(new URL(e));for(let e of n){let n=t.authTokens[e];if(n)return`Bearer ${n}`;let r=t.basicAuth[e];if(r)return`Basic ${btoa(`${r.username}:${r.password}`)}`}return null}function p(e){let t=e.pathname.split(`/`).filter(Boolean),n=[];for(let r=t.length;r>=0;r--){let i=t.slice(0,r).join(`/`);n.push(i?`//${e.host}/${i}`:`//${e.host}`)}return n}function m(e){return`//${e.replace(/\/+$/,``)}`}function h(e){return e.endsWith(`/`)?e:e+`/`}function g(e){return e.startsWith(`"`)&&e.endsWith(`"`)||e.startsWith(`'`)&&e.endsWith(`'`)?e.slice(1,-1):e}function _(e){return e.replace(/\$\{([A-Z0-9_]+)\}/gi,(e,t)=>globalThis.process?.env?.[t]??``)}function v(e){return atob(e)}var y=class extends Error{name;url;constructor(e,t){super(`Package not found in registry: ${e} (${t})`),this.name=e,this.url=t,this.name=`PackageNotFoundError`}},b=class extends Error{url;integrity;constructor(e,t){super(`Tarball integrity mismatch for ${e} (expected ${t})`),this.url=e,this.integrity=t,this.name=`IntegrityError`}};export{e as DEFAULT_REGISTRY,b as IntegrityError,y as PackageNotFoundError,t as assertPackument,d as buildHeaders,i as fetchPackument,a as fetchTarball,r as packumentUrl,u as parseNpmrc,n as registryFor,f as resolveAuthForUrl,o as verifyIntegrity};

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@gjsify/npm-registry",
-  "version": "0.3.15",
+  "version": "0.3.17",
   "description": "npm registry client for the gjsify install backend — packuments, tarballs, .npmrc auth (Node + GJS)",
   "type": "module",
   "module": "lib/esm/index.js",
@@ -34,8 +34,8 @@
   ],
   "license": "MIT",
   "devDependencies": {
-    "@gjsify/cli": "^0.3.15",
-    "@gjsify/unit": "^0.3.15",
+    "@gjsify/cli": "^0.3.17",
+    "@gjsify/unit": "^0.3.17",
     "typescript": "^6.0.3"
   }
 }