@metamask/snaps-controllers 0.34.1-flask.1 → 0.35.0-flask.1

package/dist/esm/snaps/location/local.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../../../src/snaps/location/local.ts"],"sourcesContent":["import {\n  LocalSnapIdStruct,\n  SnapIdPrefixes,\n  SnapManifest,\n  VirtualFile,\n} from '@metamask/snaps-utils';\nimport { assert, assertStruct } from '@metamask/utils';\n\nimport { HttpLocation, HttpOptions } from './http';\nimport { SnapLocation } from './location';\n\nexport class LocalLocation implements SnapLocation {\n  readonly #http: HttpLocation;\n\n  constructor(url: URL, opts: HttpOptions = {}) {\n    assertStruct(url.toString(), LocalSnapIdStruct, 'Invalid Snap Id');\n    // TODO(ritave): Write deepMerge() which merges fetchOptions.\n    assert(\n      opts.fetchOptions === undefined,\n      'Currently adding fetch options to local: is unsupported.',\n    );\n\n    this.#http = new HttpLocation(\n      new URL(url.toString().slice(SnapIdPrefixes.local.length)),\n      { ...opts, fetchOptions: { cache: 'no-cache' } },\n    );\n  }\n\n  async manifest(): Promise<VirtualFile<SnapManifest>> {\n    const vfile = await this.#http.manifest();\n\n    return convertCanonical(vfile);\n  }\n\n  async fetch(path: string): Promise<VirtualFile> {\n    return convertCanonical(await this.#http.fetch(path));\n  }\n\n  get shouldAlwaysReload() {\n    return true;\n  }\n}\n\n/**\n * Converts vfiles with canonical `http:` paths into `local:` paths.\n *\n * @param vfile - The {@link VirtualFile} to convert.\n * @returns The same object with updated `.data.canonicalPath`.\n */\nfunction convertCanonical<Result>(\n  vfile: VirtualFile<Result>,\n): VirtualFile<Result> {\n  assert(vfile.data.canonicalPath !== undefined);\n  vfile.data.canonicalPath = `local:${vfile.data.canonicalPath}`;\n  return vfile;\n}\n"],"names":["LocalSnapIdStruct","SnapIdPrefixes","assert","assertStruct","HttpLocation","LocalLocation","manifest","vfile","http","convertCanonical","fetch","path","shouldAlwaysReload","constructor","url","opts","toString","fetchOptions","undefined","URL","slice","local","length","cache","data","canonicalPath"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,SACEA,iBAAiB,EACjBC,cAAc,QAGT,wBAAwB;AAC/B,SAASC,MAAM,EAAEC,YAAY,QAAQ,kBAAkB;AAEvD,SAASC,YAAY,QAAqB,SAAS;IAIxC;AADX,OAAO,MAAMC;IAiBX,MAAMC,WAA+C;QACnD,MAAMC,QAAQ,MAAM,yBAAA,IAAI,EAAEC,OAAKF,QAAQ;QAEvC,OAAOG,iBAAiBF;IAC1B;IAEA,MAAMG,MAAMC,IAAY,EAAwB;QAC9C,OAAOF,iBAAiB,MAAM,yBAAA,IAAI,EAAED,OAAKE,KAAK,CAACC;IACjD;IAEA,IAAIC,qBAAqB;QACvB,OAAO;IACT;IA1BAC,YAAYC,GAAQ,EAAEC,OAAoB,CAAC,CAAC,CAAE;QAF9C,gCAAS;;mBAAT,KAAA;;QAGEZ,aAAaW,IAAIE,QAAQ,IAAIhB,mBAAmB;QAChD,6DAA6D;QAC7DE,OACEa,KAAKE,YAAY,KAAKC,WACtB;uCAGIV,OAAO,IAAIJ,aACf,IAAIe,IAAIL,IAAIE,QAAQ,GAAGI,KAAK,CAACnB,eAAeoB,KAAK,CAACC,MAAM,IACxD;YAAE,GAAGP,IAAI;YAAEE,cAAc;gBAAEM,OAAO;YAAW;QAAE;IAEnD;AAeF;AAEA;;;;;CAKC,GACD,SAASd,iBACPF,KAA0B;IAE1BL,OAAOK,MAAMiB,IAAI,CAACC,aAAa,KAAKP;IACpCX,MAAMiB,IAAI,CAACC,aAAa,GAAG,CAAC,MAAM,EAAElB,MAAMiB,IAAI,CAACC,aAAa,CAAC,CAAC;IAC9D,OAAOlB;AACT"}

package/dist/esm/snaps/location/location.js

@@ -0,0 +1,30 @@
+import { assert } from '@metamask/utils';
+import { HttpLocation } from './http';
+import { LocalLocation } from './local';
+import { NpmLocation } from './npm';
+/**
+ * Auto-magically detects which SnapLocation object to create based on the provided {@link location}.
+ *
+ * @param location - A {@link https://github.com/MetaMask/SIPs/blob/main/SIPS/sip-8.md SIP-8} uri.
+ * @param opts - NPM options and feature flags.
+ * @returns SnapLocation based on url.
+ */ export function detectSnapLocation(location, opts) {
+    const allowHttp = opts?.allowHttp ?? false;
+    const allowLocal = opts?.allowLocal ?? false;
+    const root = new URL(location);
+    switch(root.protocol){
+        case 'npm:':
+            return new NpmLocation(root, opts);
+        case 'local:':
+            assert(allowLocal, new TypeError('Fetching local snaps is disabled.'));
+            return new LocalLocation(root, opts);
+        case 'http:':
+        case 'https:':
+            assert(allowHttp, new TypeError('Fetching snaps through http/https is disabled.'));
+            return new HttpLocation(root, opts);
+        default:
+            throw new TypeError(`Unrecognized "${root.protocol}" snap location protocol.`);
+    }
+}
+
+//# sourceMappingURL=location.js.map

package/dist/esm/snaps/location/location.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../../../src/snaps/location/location.ts"],"sourcesContent":["import { SnapManifest, VirtualFile } from '@metamask/snaps-utils';\nimport { assert } from '@metamask/utils';\n\nimport { HttpLocation } from './http';\nimport { LocalLocation } from './local';\nimport { NpmLocation, NpmOptions } from './npm';\n\ndeclare module '@metamask/snaps-utils' {\n  interface DataMap {\n    /**\n     * Fully qualified, canonical path for the file in {@link https://github.com/MetaMask/SIPs/blob/main/SIPS/sip-8.md SIP-8 } URI format.\n     */\n    canonicalPath: string;\n  }\n}\n\nexport interface SnapLocation {\n  /**\n   * All files are relative to the manifest, except the manifest itself.\n   */\n  manifest(): Promise<VirtualFile<SnapManifest>>;\n  fetch(path: string): Promise<VirtualFile>;\n\n  readonly shouldAlwaysReload?: boolean;\n}\n\nexport type DetectSnapLocationOptions = NpmOptions & {\n  /**\n   * The function used to fetch data.\n   *\n   * @default globalThis.fetch\n   */\n  fetch?: typeof fetch;\n  /**\n   * @default false\n   */\n  allowHttp?: boolean;\n  /**\n   * @default false\n   */\n  allowLocal?: boolean;\n};\n\n/**\n * Auto-magically detects which SnapLocation object to create based on the provided {@link location}.\n *\n * @param location - A {@link https://github.com/MetaMask/SIPs/blob/main/SIPS/sip-8.md SIP-8} uri.\n * @param opts - NPM options and feature flags.\n * @returns SnapLocation based on url.\n */\nexport function detectSnapLocation(\n  location: string | URL,\n  opts?: DetectSnapLocationOptions,\n): SnapLocation {\n  const allowHttp = opts?.allowHttp ?? false;\n  const allowLocal = opts?.allowLocal ?? false;\n  const root = new URL(location);\n  switch (root.protocol) {\n    case 'npm:':\n      return new NpmLocation(root, opts);\n    case 'local:':\n      assert(allowLocal, new TypeError('Fetching local snaps is disabled.'));\n      return new LocalLocation(root, opts);\n    case 'http:':\n    case 'https:':\n      assert(\n        allowHttp,\n        new TypeError('Fetching snaps through http/https is disabled.'),\n      );\n      return new HttpLocation(root, opts);\n    default:\n      throw new TypeError(\n        `Unrecognized \"${root.protocol}\" snap location protocol.`,\n      );\n  }\n}\n"],"names":["assert","HttpLocation","LocalLocation","NpmLocation","detectSnapLocation","location","opts","allowHttp","allowLocal","root","URL","protocol","TypeError"],"mappings":"AACA,SAASA,MAAM,QAAQ,kBAAkB;AAEzC,SAASC,YAAY,QAAQ,SAAS;AACtC,SAASC,aAAa,QAAQ,UAAU;AACxC,SAASC,WAAW,QAAoB,QAAQ;AAsChD;;;;;;CAMC,GACD,OAAO,SAASC,mBACdC,QAAsB,EACtBC,IAAgC;IAEhC,MAAMC,YAAYD,MAAMC,aAAa;IACrC,MAAMC,aAAaF,MAAME,cAAc;IACvC,MAAMC,OAAO,IAAIC,IAAIL;IACrB,OAAQI,KAAKE,QAAQ;QACnB,KAAK;YACH,OAAO,IAAIR,YAAYM,MAAMH;QAC/B,KAAK;YACHN,OAAOQ,YAAY,IAAII,UAAU;YACjC,OAAO,IAAIV,cAAcO,MAAMH;QACjC,KAAK;QACL,KAAK;YACHN,OACEO,WACA,IAAIK,UAAU;YAEhB,OAAO,IAAIX,aAAaQ,MAAMH;QAChC;YACE,MAAM,IAAIM,UACR,CAAC,cAAc,EAAEH,KAAKE,QAAQ,CAAC,yBAAyB,CAAC;IAE/D;AACF"}

package/dist/{snaps → esm/snaps}/location/npm.js

@@ -1,90 +1,66 @@
-"use strict";
-var __classPrivateFieldGet = (this && this.__classPrivateFieldGet) || function (receiver, state, kind, f) {
-    if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a getter");
-    if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot read private member from an object whose class did not declare it");
-    return kind === "m" ? f : kind === "a" ? f.call(receiver) : f ? f.value : state.get(receiver);
-};
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
-var _NpmLocation_instances, _NpmLocation_lazyInit;
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.fetchNpmMetadata = exports.NpmLocation = exports.DEFAULT_NPM_REGISTRY = void 0;
-const snaps_utils_1 = require("@metamask/snaps-utils");
-const utils_1 = require("@metamask/utils");
-const concat_stream_1 = __importDefault(require("concat-stream"));
-const gunzip_maybe_1 = __importDefault(require("gunzip-maybe"));
-const pump_1 = __importDefault(require("pump"));
-const readable_web_to_node_stream_1 = require("readable-web-to-node-stream");
-const tar_stream_1 = require("tar-stream");
-exports.DEFAULT_NPM_REGISTRY = 'https://registry.npmjs.org';
-class NpmLocation {
-    constructor(url, opts = {}) {
-        _NpmLocation_instances.add(this);
-        const allowCustomRegistries = opts.allowCustomRegistries ?? false;
-        const fetchFunction = opts.fetch ?? globalThis.fetch.bind(globalThis);
-        const requestedRange = opts.versionRange ?? snaps_utils_1.DEFAULT_REQUESTED_SNAP_VERSION;
-        (0, utils_1.assertStruct)(url.toString(), snaps_utils_1.NpmSnapIdStruct, 'Invalid Snap Id: ');
-        let registry;
-        if (url.host === '' &&
-            url.port === '' &&
-            url.username === '' &&
-            url.password === '') {
-            registry = new URL(exports.DEFAULT_NPM_REGISTRY);
-        }
-        else {
-            registry = 'https://';
-            if (url.username) {
-                registry += url.username;
-                if (url.password) {
-                    registry += `:${url.password}`;
-                }
-                registry += '@';
-            }
-            registry += url.host;
-            registry = new URL(registry);
-            (0, utils_1.assert)(allowCustomRegistries, new TypeError(`Custom NPM registries are disabled, tried to use "${registry.toString()}".`));
-        }
-        (0, utils_1.assert)(registry.pathname === '/' &&
-            registry.search === '' &&
-            registry.hash === '');
-        (0, utils_1.assert)(url.pathname !== '' && url.pathname !== '/', new TypeError('The package name in NPM location is empty.'));
-        let packageName = url.pathname;
-        if (packageName.startsWith('/')) {
-            packageName = packageName.slice(1);
-        }
-        this.meta = {
-            requestedRange,
-            registry,
-            packageName,
-            fetch: fetchFunction,
-        };
+function _check_private_redeclaration(obj, privateCollection) {
+    if (privateCollection.has(obj)) {
+        throw new TypeError("Cannot initialize the same private elements twice on an object");
+    }
+}
+function _class_private_method_get(receiver, privateSet, fn) {
+    if (!privateSet.has(receiver)) {
+        throw new TypeError("attempted to get private field on non-instance");
     }
+    return fn;
+}
+function _class_private_method_init(obj, privateSet) {
+    _check_private_redeclaration(obj, privateSet);
+    privateSet.add(obj);
+}
+function _define_property(obj, key, value) {
+    if (key in obj) {
+        Object.defineProperty(obj, key, {
+            value: value,
+            enumerable: true,
+            configurable: true,
+            writable: true
+        });
+    } else {
+        obj[key] = value;
+    }
+    return obj;
+}
+import { createSnapManifest, DEFAULT_REQUESTED_SNAP_VERSION, getTargetVersion, isValidUrl, NpmSnapIdStruct, VirtualFile, normalizeRelative, parseJson } from '@metamask/snaps-utils';
+import { assert, assertIsSemVerVersion, assertStruct, isObject } from '@metamask/utils';
+import concat from 'concat-stream';
+import createGunzipStream from 'gunzip-maybe';
+import pump from 'pump';
+import { ReadableWebToNodeStream } from 'readable-web-to-node-stream';
+import { extract as tarExtract } from 'tar-stream';
+export const DEFAULT_NPM_REGISTRY = 'https://registry.npmjs.org';
+var _lazyInit = /*#__PURE__*/ new WeakSet();
+export class NpmLocation {
     async manifest() {
         if (this.validatedManifest) {
             return this.validatedManifest.clone();
         }
         const vfile = await this.fetch('snap.manifest.json');
-        const result = JSON.parse(vfile.toString());
-        vfile.result = (0, snaps_utils_1.createSnapManifest)(result);
+        const result = parseJson(vfile.toString());
+        vfile.result = createSnapManifest(result);
         this.validatedManifest = vfile;
         return this.manifest();
     }
     async fetch(path) {
-        const relativePath = (0, snaps_utils_1.normalizeRelative)(path);
+        const relativePath = normalizeRelative(path);
         if (!this.files) {
-            await __classPrivateFieldGet(this, _NpmLocation_instances, "m", _NpmLocation_lazyInit).call(this);
-            (0, utils_1.assert)(this.files !== undefined);
+            await _class_private_method_get(this, _lazyInit, lazyInit).call(this);
+            assert(this.files !== undefined);
         }
         const vfile = this.files.get(relativePath);
-        (0, utils_1.assert)(vfile !== undefined, new TypeError(`File "${path}" not found in package.`));
+        assert(vfile !== undefined, new TypeError(`File "${path}" not found in package.`));
         return vfile.clone();
     }
     get packageName() {
         return this.meta.packageName;
     }
     get version() {
-        (0, utils_1.assert)(this.meta.version !== undefined, 'Tried to access version without first fetching NPM package.');
+        assert(this.meta.version !== undefined, 'Tried to access version without first fetching NPM package.');
         return this.meta.version;
     }
     get registry() {
@@ -93,10 +69,47 @@ class NpmLocation {
     get versionRange() {
         return this.meta.requestedRange;
     }
+    constructor(url, opts = {}){
+        _class_private_method_init(this, _lazyInit);
+        _define_property(this, "meta", void 0);
+        _define_property(this, "validatedManifest", void 0);
+        _define_property(this, "files", void 0);
+        const allowCustomRegistries = opts.allowCustomRegistries ?? false;
+        const fetchFunction = opts.fetch ?? globalThis.fetch.bind(globalThis);
+        const requestedRange = opts.versionRange ?? DEFAULT_REQUESTED_SNAP_VERSION;
+        assertStruct(url.toString(), NpmSnapIdStruct, 'Invalid Snap Id: ');
+        let registry;
+        if (url.host === '' && url.port === '' && url.username === '' && url.password === '') {
+            registry = new URL(DEFAULT_NPM_REGISTRY);
+        } else {
+            registry = 'https://';
+            if (url.username) {
+                registry += url.username;
+                if (url.password) {
+                    registry += `:${url.password}`;
+                }
+                registry += '@';
+            }
+            registry += url.host;
+            registry = new URL(registry);
+            assert(allowCustomRegistries, new TypeError(`Custom NPM registries are disabled, tried to use "${registry.toString()}".`));
+        }
+        assert(registry.pathname === '/' && registry.search === '' && registry.hash === '');
+        assert(url.pathname !== '' && url.pathname !== '/', new TypeError('The package name in NPM location is empty.'));
+        let packageName = url.pathname;
+        if (packageName.startsWith('/')) {
+            packageName = packageName.slice(1);
+        }
+        this.meta = {
+            requestedRange,
+            registry,
+            packageName,
+            fetch: fetchFunction
+        };
+    }
 }
-exports.NpmLocation = NpmLocation;
-_NpmLocation_instances = new WeakSet(), _NpmLocation_lazyInit = async function _NpmLocation_lazyInit() {
-    (0, utils_1.assert)(this.files === undefined);
+async function lazyInit() {
+    assert(this.files === undefined);
     const [tarballResponse, actualVersion] = await fetchNpmTarball(this.meta.packageName, this.meta.requestedRange, this.meta.registry, this.meta.fetch);
     this.meta.version = actualVersion;
     let canonicalBase = 'npm://';
@@ -110,17 +123,16 @@ _NpmLocation_instances = new WeakSet(), _NpmLocation_lazyInit = async function _
     canonicalBase += this.meta.registry.host;
     // TODO(ritave): Lazily extract files instead of up-front extracting all of them
     //               We would need to replace tar-stream package because it requires immediate consumption of streams.
-    await new Promise((resolve, reject) => {
+    await new Promise((resolve, reject)=>{
         this.files = new Map();
-        (0, pump_1.default)(getNodeStream(tarballResponse), 
-        // The "gz" in "tgz" stands for "gzip". The tarball needs to be decompressed
+        pump(getNodeStream(tarballResponse), // The "gz" in "tgz" stands for "gzip". The tarball needs to be decompressed
         // before we can actually grab any files from it.
         // To prevent recursion-based zip bombs, we set a maximum recursion depth of 1.
-        (0, gunzip_maybe_1.default)(1), createTarballStream(`${canonicalBase}/${this.meta.packageName}/`, this.files), (error) => {
+        createGunzipStream(1), createTarballStream(`${canonicalBase}/${this.meta.packageName}/`, this.files), (error)=>{
             error ? reject(error) : resolve();
         });
     });
-};
+}
 // Safety limit for tarballs, 250 MB in bytes
 const TARBALL_SIZE_SAFETY_LIMIT = 262144000;
 /**
@@ -133,19 +145,17 @@ const TARBALL_SIZE_SAFETY_LIMIT = 262144000;
  * {@link fetch}. Useful for Node.js compatibility.
  * @returns The NPM metadata object.
  * @throws If fetching the metadata fails.
- */
-async function fetchNpmMetadata(packageName, registryUrl, fetchFunction) {
+ */ export async function fetchNpmMetadata(packageName, registryUrl, fetchFunction) {
     const packageResponse = await fetchFunction(new URL(packageName, registryUrl).toString());
     if (!packageResponse.ok) {
         throw new Error(`Failed to fetch NPM registry entry. Status code: ${packageResponse.status}.`);
     }
     const packageMetadata = await packageResponse.json();
-    if (!(0, utils_1.isObject)(packageMetadata)) {
+    if (!isObject(packageMetadata)) {
         throw new Error(`Failed to fetch package "${packageName}" metadata from npm.`);
     }
     return packageMetadata;
 }
-exports.fetchNpmMetadata = fetchNpmMetadata;
 /**
  * Fetches the tarball (`.tgz` file) of the specified package and version from
  * the public npm registry.
@@ -159,20 +169,18 @@ exports.fetchNpmMetadata = fetchNpmMetadata;
  * @returns A tuple of the {@link Response} for the package tarball and the
  * actual version of the package.
  * @throws If fetching the tarball fails.
- */
-async function fetchNpmTarball(packageName, versionRange, registryUrl, fetchFunction) {
+ */ async function fetchNpmTarball(packageName, versionRange, registryUrl, fetchFunction) {
     const packageMetadata = await fetchNpmMetadata(packageName, registryUrl, fetchFunction);
-    const versions = Object.keys(packageMetadata?.versions ?? {}).map((version) => {
-        (0, utils_1.assertIsSemVerVersion)(version);
+    const versions = Object.keys(packageMetadata?.versions ?? {}).map((version)=>{
+        assertIsSemVerVersion(version);
         return version;
     });
-    const targetVersion = (0, snaps_utils_1.getTargetVersion)(versions, versionRange);
+    const targetVersion = getTargetVersion(versions, versionRange);
     if (targetVersion === null) {
         throw new Error(`Failed to find a matching version in npm metadata for package "${packageName}" and requested semver range "${versionRange}".`);
     }
     const tarballUrlString = packageMetadata?.versions?.[targetVersion]?.dist?.tarball;
-    if (!(0, snaps_utils_1.isValidUrl)(tarballUrlString) ||
-        !tarballUrlString.toString().endsWith('.tgz')) {
+    if (!isValidUrl(tarballUrlString) || !tarballUrlString.toString().endsWith('.tgz')) {
         throw new Error(`Failed to find valid tarball URL in NPM metadata for package "${packageName}".`);
     }
     // Override the tarball hostname/protocol with registryUrl hostname/protocol
@@ -187,16 +195,18 @@ async function fetchNpmTarball(packageName, versionRange, registryUrl, fetchFunc
     }
     // We assume that NPM is a good actor and provides us with a valid `content-length` header.
     const tarballSizeString = tarballResponse.headers.get('content-length');
-    (0, utils_1.assert)(tarballSizeString, 'Snap tarball has invalid content-length');
+    assert(tarballSizeString, 'Snap tarball has invalid content-length');
     const tarballSize = parseInt(tarballSizeString, 10);
-    (0, utils_1.assert)(tarballSize <= TARBALL_SIZE_SAFETY_LIMIT, 'Snap tarball exceeds size limit');
-    return [tarballResponse.body, targetVersion];
+    assert(tarballSize <= TARBALL_SIZE_SAFETY_LIMIT, 'Snap tarball exceeds size limit');
+    return [
+        tarballResponse.body,
+        targetVersion
+    ];
 }
 /**
  * The paths of files within npm tarballs appear to always be prefixed with
  * "package/".
- */
-const NPM_TARBALL_PATH_PREFIX = /^package\//u;
+ */ const NPM_TARBALL_PATH_PREFIX = /^package\//u;
 /**
  * Converts a {@link ReadableStream} to a Node.js {@link Readable}
  * stream. Returns the stream directly if it is already a Node.js stream.
@@ -205,12 +215,11 @@ const NPM_TARBALL_PATH_PREFIX = /^package\//u;
  *
  * @param stream - The stream to convert.
  * @returns The given stream as a Node.js Readable stream.
- */
-function getNodeStream(stream) {
+ */ function getNodeStream(stream) {
     if (typeof stream.getReader !== 'function') {
         return stream;
     }
-    return new readable_web_to_node_stream_1.ReadableWebToNodeStream(stream);
+    return new ReadableWebToNodeStream(stream);
 }
 /**
  * Creates a `tar-stream` that will get the necessary files from an npm Snap
@@ -219,39 +228,37 @@ function getNodeStream(stream) {
  * @param canonicalBase - A base URI as specified in {@link https://github.com/MetaMask/SIPs/blob/main/SIPS/sip-8.md SIP-8}. Starting with 'npm:'. Will be used for canonicalPath vfile argument.
  * @param files - An object to write target file contents to.
  * @returns The {@link Writable} tarball extraction stream.
- */
-function createTarballStream(canonicalBase, files) {
-    (0, utils_1.assert)(canonicalBase.endsWith('/'), "Base needs to end with '/' for relative paths to be added as children instead of siblings.");
-    (0, utils_1.assert)(canonicalBase.startsWith('npm:'), 'Protocol mismatch, expected "npm:".');
+ */ function createTarballStream(canonicalBase, files) {
+    assert(canonicalBase.endsWith('/'), "Base needs to end with '/' for relative paths to be added as children instead of siblings.");
+    assert(canonicalBase.startsWith('npm:'), 'Protocol mismatch, expected "npm:".');
     // `tar-stream` is pretty old-school, so we create it first and then
     // instrument it by adding event listeners.
-    const extractStream = (0, tar_stream_1.extract)();
+    const extractStream = tarExtract();
     let totalSize = 0;
     // "entry" is fired for every discreet entity in the tarball. This includes
     // files and folders.
-    extractStream.on('entry', (header, entryStream, next) => {
+    extractStream.on('entry', (header, entryStream, next)=>{
         const { name: headerName, type: headerType } = header;
         if (headerType === 'file') {
             // The name is a path if the header type is "file".
             const path = headerName.replace(NPM_TARBALL_PATH_PREFIX, '');
-            return entryStream.pipe((0, concat_stream_1.default)((data) => {
+            return entryStream.pipe(concat((data)=>{
                 try {
                     totalSize += data.byteLength;
                     // To prevent zip bombs, we set a safety limit for the total size of tarballs.
-                    (0, utils_1.assert)(totalSize < TARBALL_SIZE_SAFETY_LIMIT, `Snap tarball exceeds limit of ${TARBALL_SIZE_SAFETY_LIMIT} bytes.`);
-                    const vfile = new snaps_utils_1.VirtualFile({
+                    assert(totalSize < TARBALL_SIZE_SAFETY_LIMIT, `Snap tarball exceeds limit of ${TARBALL_SIZE_SAFETY_LIMIT} bytes.`);
+                    const vfile = new VirtualFile({
                         value: data,
                         path,
                         data: {
-                            canonicalPath: new URL(path, canonicalBase).toString(),
-                        },
+                            canonicalPath: new URL(path, canonicalBase).toString()
+                        }
                     });
                     // We disallow files having identical paths as it may confuse our checksum calculations.
-                    (0, utils_1.assert)(!files.has(path), 'Malformed tarball, multiple files with the same path.');
+                    assert(!files.has(path), 'Malformed tarball, multiple files with the same path.');
                     files.set(path, vfile);
                     return next();
-                }
-                catch (error) {
+                } catch (error) {
                     return extractStream.destroy(error);
                 }
             }));
@@ -259,9 +266,10 @@ function createTarballStream(canonicalBase, files) {
         // If we get here, the entry is not a file, and we want to ignore. The entry
         // stream must be drained, or the extractStream will stop reading. This is
         // effectively a no-op for the current entry.
-        entryStream.on('end', () => next());
+        entryStream.on('end', ()=>next());
         return entryStream.resume();
     });
     return extractStream;
 }
+
 //# sourceMappingURL=npm.js.map

package/dist/esm/snaps/location/npm.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../../../src/snaps/location/npm.ts"],"sourcesContent":["import {\n  createSnapManifest,\n  DEFAULT_REQUESTED_SNAP_VERSION,\n  getTargetVersion,\n  isValidUrl,\n  NpmSnapIdStruct,\n  SnapManifest,\n  VirtualFile,\n  normalizeRelative,\n  parseJson,\n} from '@metamask/snaps-utils';\nimport {\n  assert,\n  assertIsSemVerVersion,\n  assertStruct,\n  isObject,\n  SemVerRange,\n  SemVerVersion,\n} from '@metamask/utils';\nimport concat from 'concat-stream';\nimport createGunzipStream from 'gunzip-maybe';\nimport pump from 'pump';\nimport { ReadableWebToNodeStream } from 'readable-web-to-node-stream';\nimport { Readable, Writable } from 'stream';\nimport { extract as tarExtract } from 'tar-stream';\n\nimport { DetectSnapLocationOptions, SnapLocation } from './location';\n\nexport const DEFAULT_NPM_REGISTRY = 'https://registry.npmjs.org';\n\ninterface NpmMeta {\n  registry: URL;\n  packageName: string;\n  requestedRange: SemVerRange;\n  version?: string;\n  fetch: typeof fetch;\n}\nexport interface NpmOptions {\n  /**\n   * @default DEFAULT_REQUESTED_SNAP_VERSION\n   */\n  versionRange?: SemVerRange;\n  /**\n   * Whether to allow custom NPM registries outside of {@link DEFAULT_NPM_REGISTRY}.\n   *\n   * @default false\n   */\n  allowCustomRegistries?: boolean;\n}\n\nexport class NpmLocation implements SnapLocation {\n  private readonly meta: NpmMeta;\n\n  private validatedManifest?: VirtualFile<SnapManifest>;\n\n  private files?: Map<string, VirtualFile>;\n\n  constructor(url: URL, opts: DetectSnapLocationOptions = {}) {\n    const allowCustomRegistries = opts.allowCustomRegistries ?? false;\n    const fetchFunction = opts.fetch ?? globalThis.fetch.bind(globalThis);\n    const requestedRange = opts.versionRange ?? DEFAULT_REQUESTED_SNAP_VERSION;\n\n    assertStruct(url.toString(), NpmSnapIdStruct, 'Invalid Snap Id: ');\n\n    let registry: string | URL;\n    if (\n      url.host === '' &&\n      url.port === '' &&\n      url.username === '' &&\n      url.password === ''\n    ) {\n      registry = new URL(DEFAULT_NPM_REGISTRY);\n    } else {\n      registry = 'https://';\n      if (url.username) {\n        registry += url.username;\n        if (url.password) {\n          registry += `:${url.password}`;\n        }\n        registry += '@';\n      }\n      registry += url.host;\n      registry = new URL(registry);\n      assert(\n        allowCustomRegistries,\n        new TypeError(\n          `Custom NPM registries are disabled, tried to use \"${registry.toString()}\".`,\n        ),\n      );\n    }\n\n    assert(\n      registry.pathname === '/' &&\n        registry.search === '' &&\n        registry.hash === '',\n    );\n\n    assert(\n      url.pathname !== '' && url.pathname !== '/',\n      new TypeError('The package name in NPM location is empty.'),\n    );\n    let packageName = url.pathname;\n    if (packageName.startsWith('/')) {\n      packageName = packageName.slice(1);\n    }\n\n    this.meta = {\n      requestedRange,\n      registry,\n      packageName,\n      fetch: fetchFunction,\n    };\n  }\n\n  async manifest(): Promise<VirtualFile<SnapManifest>> {\n    if (this.validatedManifest) {\n      return this.validatedManifest.clone();\n    }\n\n    const vfile = await this.fetch('snap.manifest.json');\n    const result = parseJson(vfile.toString());\n    vfile.result = createSnapManifest(result);\n    this.validatedManifest = vfile as VirtualFile<SnapManifest>;\n\n    return this.manifest();\n  }\n\n  async fetch(path: string): Promise<VirtualFile> {\n    const relativePath = normalizeRelative(path);\n    if (!this.files) {\n      await this.#lazyInit();\n      assert(this.files !== undefined);\n    }\n    const vfile = this.files.get(relativePath);\n    assert(\n      vfile !== undefined,\n      new TypeError(`File \"${path}\" not found in package.`),\n    );\n    return vfile.clone();\n  }\n\n  get packageName(): string {\n    return this.meta.packageName;\n  }\n\n  get version(): string {\n    assert(\n      this.meta.version !== undefined,\n      'Tried to access version without first fetching NPM package.',\n    );\n    return this.meta.version;\n  }\n\n  get registry(): URL {\n    return this.meta.registry;\n  }\n\n  get versionRange(): SemVerRange {\n    return this.meta.requestedRange;\n  }\n\n  async #lazyInit() {\n    assert(this.files === undefined);\n    const [tarballResponse, actualVersion] = await fetchNpmTarball(\n      this.meta.packageName,\n      this.meta.requestedRange,\n      this.meta.registry,\n      this.meta.fetch,\n    );\n    this.meta.version = actualVersion;\n\n    let canonicalBase = 'npm://';\n    if (this.meta.registry.username !== '') {\n      canonicalBase += this.meta.registry.username;\n      if (this.meta.registry.password !== '') {\n        canonicalBase += `:${this.meta.registry.password}`;\n      }\n      canonicalBase += '@';\n    }\n    canonicalBase += this.meta.registry.host;\n\n    // TODO(ritave): Lazily extract files instead of up-front extracting all of them\n    //               We would need to replace tar-stream package because it requires immediate consumption of streams.\n    await new Promise<void>((resolve, reject) => {\n      this.files = new Map();\n      pump(\n        getNodeStream(tarballResponse),\n        // The \"gz\" in \"tgz\" stands for \"gzip\". The tarball needs to be decompressed\n        // before we can actually grab any files from it.\n        // To prevent recursion-based zip bombs, we set a maximum recursion depth of 1.\n        createGunzipStream(1),\n        createTarballStream(\n          `${canonicalBase}/${this.meta.packageName}/`,\n          this.files,\n        ),\n        (error) => {\n          error ? reject(error) : resolve();\n        },\n      );\n    });\n  }\n}\n\n// Safety limit for tarballs, 250 MB in bytes\nconst TARBALL_SIZE_SAFETY_LIMIT = 262144000;\n\n// Incomplete type\nexport type PartialNpmMetadata = {\n  versions: Record<string, { dist: { tarball: string } }>;\n};\n\n/**\n * Fetches the NPM metadata of the specified package from\n * the public npm registry.\n *\n * @param packageName - The name of the package whose metadata to fetch.\n * @param registryUrl - The URL of the npm registry to fetch the metadata from.\n * @param fetchFunction - The fetch function to use. Defaults to the global\n * {@link fetch}. Useful for Node.js compatibility.\n * @returns The NPM metadata object.\n * @throws If fetching the metadata fails.\n */\nexport async function fetchNpmMetadata(\n  packageName: string,\n  registryUrl: URL | string,\n  fetchFunction: typeof fetch,\n): Promise<PartialNpmMetadata> {\n  const packageResponse = await fetchFunction(\n    new URL(packageName, registryUrl).toString(),\n  );\n  if (!packageResponse.ok) {\n    throw new Error(\n      `Failed to fetch NPM registry entry. Status code: ${packageResponse.status}.`,\n    );\n  }\n  const packageMetadata = await packageResponse.json();\n\n  if (!isObject(packageMetadata)) {\n    throw new Error(\n      `Failed to fetch package \"${packageName}\" metadata from npm.`,\n    );\n  }\n\n  return packageMetadata as PartialNpmMetadata;\n}\n\n/**\n * Fetches the tarball (`.tgz` file) of the specified package and version from\n * the public npm registry.\n *\n * @param packageName - The name of the package whose tarball to fetch.\n * @param versionRange - The SemVer range of the package to fetch. The highest\n * version satisfying the range will be fetched.\n * @param registryUrl - The URL of the npm registry to fetch the tarball from.\n * @param fetchFunction - The fetch function to use. Defaults to the global\n * {@link fetch}. Useful for Node.js compatibility.\n * @returns A tuple of the {@link Response} for the package tarball and the\n * actual version of the package.\n * @throws If fetching the tarball fails.\n */\nasync function fetchNpmTarball(\n  packageName: string,\n  versionRange: SemVerRange,\n  registryUrl: URL | string,\n  fetchFunction: typeof fetch,\n): Promise<[ReadableStream, SemVerVersion]> {\n  const packageMetadata = await fetchNpmMetadata(\n    packageName,\n    registryUrl,\n    fetchFunction,\n  );\n\n  const versions = Object.keys(packageMetadata?.versions ?? {}).map(\n    (version) => {\n      assertIsSemVerVersion(version);\n      return version;\n    },\n  );\n\n  const targetVersion = getTargetVersion(versions, versionRange);\n\n  if (targetVersion === null) {\n    throw new Error(\n      `Failed to find a matching version in npm metadata for package \"${packageName}\" and requested semver range \"${versionRange}\".`,\n    );\n  }\n\n  const tarballUrlString =\n    packageMetadata?.versions?.[targetVersion]?.dist?.tarball;\n\n  if (\n    !isValidUrl(tarballUrlString) ||\n    !tarballUrlString.toString().endsWith('.tgz')\n  ) {\n    throw new Error(\n      `Failed to find valid tarball URL in NPM metadata for package \"${packageName}\".`,\n    );\n  }\n\n  // Override the tarball hostname/protocol with registryUrl hostname/protocol\n  const newRegistryUrl = new URL(registryUrl);\n  const newTarballUrl = new URL(tarballUrlString);\n  newTarballUrl.hostname = newRegistryUrl.hostname;\n  newTarballUrl.protocol = newRegistryUrl.protocol;\n\n  // Perform a raw fetch because we want the Response object itself.\n  const tarballResponse = await fetchFunction(newTarballUrl.toString());\n  if (!tarballResponse.ok || !tarballResponse.body) {\n    throw new Error(`Failed to fetch tarball for package \"${packageName}\".`);\n  }\n  // We assume that NPM is a good actor and provides us with a valid `content-length` header.\n  const tarballSizeString = tarballResponse.headers.get('content-length');\n  assert(tarballSizeString, 'Snap tarball has invalid content-length');\n  const tarballSize = parseInt(tarballSizeString, 10);\n  assert(\n    tarballSize <= TARBALL_SIZE_SAFETY_LIMIT,\n    'Snap tarball exceeds size limit',\n  );\n  return [tarballResponse.body, targetVersion];\n}\n\n/**\n * The paths of files within npm tarballs appear to always be prefixed with\n * \"package/\".\n */\nconst NPM_TARBALL_PATH_PREFIX = /^package\\//u;\n\n/**\n * Converts a {@link ReadableStream} to a Node.js {@link Readable}\n * stream. Returns the stream directly if it is already a Node.js stream.\n * We can't use the native Web {@link ReadableStream} directly because the\n * other stream libraries we use expect Node.js streams.\n *\n * @param stream - The stream to convert.\n * @returns The given stream as a Node.js Readable stream.\n */\nfunction getNodeStream(stream: ReadableStream): Readable {\n  if (typeof stream.getReader !== 'function') {\n    return stream as unknown as Readable;\n  }\n\n  return new ReadableWebToNodeStream(stream);\n}\n\n/**\n * Creates a `tar-stream` that will get the necessary files from an npm Snap\n * package tarball (`.tgz` file).\n *\n * @param canonicalBase - A base URI as specified in {@link https://github.com/MetaMask/SIPs/blob/main/SIPS/sip-8.md SIP-8}. Starting with 'npm:'. Will be used for canonicalPath vfile argument.\n * @param files - An object to write target file contents to.\n * @returns The {@link Writable} tarball extraction stream.\n */\nfunction createTarballStream(\n  canonicalBase: string,\n  files: Map<string, VirtualFile>,\n): Writable {\n  assert(\n    canonicalBase.endsWith('/'),\n    \"Base needs to end with '/' for relative paths to be added as children instead of siblings.\",\n  );\n\n  assert(\n    canonicalBase.startsWith('npm:'),\n    'Protocol mismatch, expected \"npm:\".',\n  );\n  // `tar-stream` is pretty old-school, so we create it first and then\n  // instrument it by adding event listeners.\n  const extractStream = tarExtract();\n\n  let totalSize = 0;\n\n  // \"entry\" is fired for every discreet entity in the tarball. This includes\n  // files and folders.\n  extractStream.on('entry', (header, entryStream, next) => {\n    const { name: headerName, type: headerType } = header;\n    if (headerType === 'file') {\n      // The name is a path if the header type is \"file\".\n      const path = headerName.replace(NPM_TARBALL_PATH_PREFIX, '');\n      return entryStream.pipe(\n        concat((data) => {\n          try {\n            totalSize += data.byteLength;\n            // To prevent zip bombs, we set a safety limit for the total size of tarballs.\n            assert(\n              totalSize < TARBALL_SIZE_SAFETY_LIMIT,\n              `Snap tarball exceeds limit of ${TARBALL_SIZE_SAFETY_LIMIT} bytes.`,\n            );\n            const vfile = new VirtualFile({\n              value: data,\n              path,\n              data: {\n                canonicalPath: new URL(path, canonicalBase).toString(),\n              },\n            });\n            // We disallow files having identical paths as it may confuse our checksum calculations.\n            assert(\n              !files.has(path),\n              'Malformed tarball, multiple files with the same path.',\n            );\n            files.set(path, vfile);\n            return next();\n          } catch (error) {\n            return extractStream.destroy(error);\n          }\n        }),\n      );\n    }\n\n    // If we get here, the entry is not a file, and we want to ignore. The entry\n    // stream must be drained, or the extractStream will stop reading. This is\n    // effectively a no-op for the current entry.\n    entryStream.on('end', () => next());\n    return entryStream.resume();\n  });\n  return extractStream;\n}\n"],"names":["createSnapManifest","DEFAULT_REQUESTED_SNAP_VERSION","getTargetVersion","isValidUrl","NpmSnapIdStruct","VirtualFile","normalizeRelative","parseJson","assert","assertIsSemVerVersion","assertStruct","isObject","concat","createGunzipStream","pump","ReadableWebToNodeStream","extract","tarExtract","DEFAULT_NPM_REGISTRY","NpmLocation","manifest","validatedManifest","clone","vfile","fetch","result","toString","path","relativePath","files","lazyInit","undefined","get","TypeError","packageName","meta","version","registry","versionRange","requestedRange","constructor","url","opts","allowCustomRegistries","fetchFunction","globalThis","bind","host","port","username","password","URL","pathname","search","hash","startsWith","slice","tarballResponse","actualVersion","fetchNpmTarball","canonicalBase","Promise","resolve","reject","Map","getNodeStream","createTarballStream","error","TARBALL_SIZE_SAFETY_LIMIT","fetchNpmMetadata","registryUrl","packageResponse","ok","Error","status","packageMetadata","json","versions","Object","keys","map","targetVersion","tarballUrlString","dist","tarball","endsWith","newRegistryUrl","newTarballUrl","hostname","protocol","body","tarballSizeString","headers","tarballSize","parseInt","NPM_TARBALL_PATH_PREFIX","stream","getReader","extractStream","totalSize","on","header","entryStream","next","name","headerName","type","headerType","replace","pipe","data","byteLength","value","canonicalPath","has","set","destroy","resume"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,SACEA,kBAAkB,EAClBC,8BAA8B,EAC9BC,gBAAgB,EAChBC,UAAU,EACVC,eAAe,EAEfC,WAAW,EACXC,iBAAiB,EACjBC,SAAS,QACJ,wBAAwB;AAC/B,SACEC,MAAM,EACNC,qBAAqB,EACrBC,YAAY,EACZC,QAAQ,QAGH,kBAAkB;AACzB,OAAOC,YAAY,gBAAgB;AACnC,OAAOC,wBAAwB,eAAe;AAC9C,OAAOC,UAAU,OAAO;AACxB,SAASC,uBAAuB,QAAQ,8BAA8B;AAEtE,SAASC,WAAWC,UAAU,QAAQ,aAAa;AAInD,OAAO,MAAMC,uBAAuB,6BAA6B;IAqIzD;AA/GR,OAAO,MAAMC;IAgEX,MAAMC,WAA+C;QACnD,IAAI,IAAI,CAACC,iBAAiB,EAAE;YAC1B,OAAO,IAAI,CAACA,iBAAiB,CAACC,KAAK;QACrC;QAEA,MAAMC,QAAQ,MAAM,IAAI,CAACC,KAAK,CAAC;QAC/B,MAAMC,SAASlB,UAAUgB,MAAMG,QAAQ;QACvCH,MAAME,MAAM,GAAGzB,mBAAmByB;QAClC,IAAI,CAACJ,iBAAiB,GAAGE;QAEzB,OAAO,IAAI,CAACH,QAAQ;IACtB;IAEA,MAAMI,MAAMG,IAAY,EAAwB;QAC9C,MAAMC,eAAetB,kBAAkBqB;QACvC,IAAI,CAAC,IAAI,CAACE,KAAK,EAAE;YACf,MAAM,0BAAA,IAAI,EAAEC,WAAAA,eAAN,IAAI;YACVtB,OAAO,IAAI,CAACqB,KAAK,KAAKE;QACxB;QACA,MAAMR,QAAQ,IAAI,CAACM,KAAK,CAACG,GAAG,CAACJ;QAC7BpB,OACEe,UAAUQ,WACV,IAAIE,UAAU,CAAC,MAAM,EAAEN,KAAK,uBAAuB,CAAC;QAEtD,OAAOJ,MAAMD,KAAK;IACpB;IAEA,IAAIY,cAAsB;QACxB,OAAO,IAAI,CAACC,IAAI,CAACD,WAAW;IAC9B;IAEA,IAAIE,UAAkB;QACpB5B,OACE,IAAI,CAAC2B,IAAI,CAACC,OAAO,KAAKL,WACtB;QAEF,OAAO,IAAI,CAACI,IAAI,CAACC,OAAO;IAC1B;IAEA,IAAIC,WAAgB;QAClB,OAAO,IAAI,CAACF,IAAI,CAACE,QAAQ;IAC3B;IAEA,IAAIC,eAA4B;QAC9B,OAAO,IAAI,CAACH,IAAI,CAACI,cAAc;IACjC;IAtGAC,YAAYC,GAAQ,EAAEC,OAAkC,CAAC,CAAC,CAAE;QAwG5D,iCAAM;QA9GN,uBAAiBP,QAAjB,KAAA;QAEA,uBAAQd,qBAAR,KAAA;QAEA,uBAAQQ,SAAR,KAAA;QAGE,MAAMc,wBAAwBD,KAAKC,qBAAqB,IAAI;QAC5D,MAAMC,gBAAgBF,KAAKlB,KAAK,IAAIqB,WAAWrB,KAAK,CAACsB,IAAI,CAACD;QAC1D,MAAMN,iBAAiBG,KAAKJ,YAAY,IAAIrC;QAE5CS,aAAa+B,IAAIf,QAAQ,IAAItB,iBAAiB;QAE9C,IAAIiC;QACJ,IACEI,IAAIM,IAAI,KAAK,MACbN,IAAIO,IAAI,KAAK,MACbP,IAAIQ,QAAQ,KAAK,MACjBR,IAAIS,QAAQ,KAAK,IACjB;YACAb,WAAW,IAAIc,IAAIjC;QACrB,OAAO;YACLmB,WAAW;YACX,IAAII,IAAIQ,QAAQ,EAAE;gBAChBZ,YAAYI,IAAIQ,QAAQ;gBACxB,IAAIR,IAAIS,QAAQ,EAAE;oBAChBb,YAAY,CAAC,CAAC,EAAEI,IAAIS,QAAQ,CAAC,CAAC;gBAChC;gBACAb,YAAY;YACd;YACAA,YAAYI,IAAIM,IAAI;YACpBV,WAAW,IAAIc,IAAId;YACnB7B,OACEmC,uBACA,IAAIV,UACF,CAAC,kDAAkD,EAAEI,SAASX,QAAQ,GAAG,EAAE,CAAC;QAGlF;QAEAlB,OACE6B,SAASe,QAAQ,KAAK,OACpBf,SAASgB,MAAM,KAAK,MACpBhB,SAASiB,IAAI,KAAK;QAGtB9C,OACEiC,IAAIW,QAAQ,KAAK,MAAMX,IAAIW,QAAQ,KAAK,KACxC,IAAInB,UAAU;QAEhB,IAAIC,cAAcO,IAAIW,QAAQ;QAC9B,IAAIlB,YAAYqB,UAAU,CAAC,MAAM;YAC/BrB,cAAcA,YAAYsB,KAAK,CAAC;QAClC;QAEA,IAAI,CAACrB,IAAI,GAAG;YACVI;YACAF;YACAH;YACAV,OAAOoB;QACT;IACF;AAyFF;AAxCE,eAAA;IACEpC,OAAO,IAAI,CAACqB,KAAK,KAAKE;IACtB,MAAM,CAAC0B,iBAAiBC,cAAc,GAAG,MAAMC,gBAC7C,IAAI,CAACxB,IAAI,CAACD,WAAW,EACrB,IAAI,CAACC,IAAI,CAACI,cAAc,EACxB,IAAI,CAACJ,IAAI,CAACE,QAAQ,EAClB,IAAI,CAACF,IAAI,CAACX,KAAK;IAEjB,IAAI,CAACW,IAAI,CAACC,OAAO,GAAGsB;IAEpB,IAAIE,gBAAgB;IACpB,IAAI,IAAI,CAACzB,IAAI,CAACE,QAAQ,CAACY,QAAQ,KAAK,IAAI;QACtCW,iBAAiB,IAAI,CAACzB,IAAI,CAACE,QAAQ,CAACY,QAAQ;QAC5C,IAAI,IAAI,CAACd,IAAI,CAACE,QAAQ,CAACa,QAAQ,KAAK,IAAI;YACtCU,iBAAiB,CAAC,CAAC,EAAE,IAAI,CAACzB,IAAI,CAACE,QAAQ,CAACa,QAAQ,CAAC,CAAC;QACpD;QACAU,iBAAiB;IACnB;IACAA,iBAAiB,IAAI,CAACzB,IAAI,CAACE,QAAQ,CAACU,IAAI;IAExC,gFAAgF;IAChF,kHAAkH;IAClH,MAAM,IAAIc,QAAc,CAACC,SAASC;QAChC,IAAI,CAAClC,KAAK,GAAG,IAAImC;QACjBlD,KACEmD,cAAcR,kBACd,4EAA4E;QAC5E,iDAAiD;QACjD,+EAA+E;QAC/E5C,mBAAmB,IACnBqD,oBACE,CAAC,EAAEN,cAAc,CAAC,EAAE,IAAI,CAACzB,IAAI,CAACD,WAAW,CAAC,CAAC,CAAC,EAC5C,IAAI,CAACL,KAAK,GAEZ,CAACsC;YACCA,QAAQJ,OAAOI,SAASL;QAC1B;IAEJ;AACF;AAGF,6CAA6C;AAC7C,MAAMM,4BAA4B;AAOlC;;;;;;;;;;CAUC,GACD,OAAO,eAAeC,iBACpBnC,WAAmB,EACnBoC,WAAyB,EACzB1B,aAA2B;IAE3B,MAAM2B,kBAAkB,MAAM3B,cAC5B,IAAIO,IAAIjB,aAAaoC,aAAa5C,QAAQ;IAE5C,IAAI,CAAC6C,gBAAgBC,EAAE,EAAE;QACvB,MAAM,IAAIC,MACR,CAAC,iDAAiD,EAAEF,gBAAgBG,MAAM,CAAC,CAAC,CAAC;IAEjF;IACA,MAAMC,kBAAkB,MAAMJ,gBAAgBK,IAAI;IAElD,IAAI,CAACjE,SAASgE,kBAAkB;QAC9B,MAAM,IAAIF,MACR,CAAC,yBAAyB,EAAEvC,YAAY,oBAAoB,CAAC;IAEjE;IAEA,OAAOyC;AACT;AAEA;;;;;;;;;;;;;CAaC,GACD,eAAehB,gBACbzB,WAAmB,EACnBI,YAAyB,EACzBgC,WAAyB,EACzB1B,aAA2B;IAE3B,MAAM+B,kBAAkB,MAAMN,iBAC5BnC,aACAoC,aACA1B;IAGF,MAAMiC,WAAWC,OAAOC,IAAI,CAACJ,iBAAiBE,YAAY,CAAC,GAAGG,GAAG,CAC/D,CAAC5C;QACC3B,sBAAsB2B;QACtB,OAAOA;IACT;IAGF,MAAM6C,gBAAgB/E,iBAAiB2E,UAAUvC;IAEjD,IAAI2C,kBAAkB,MAAM;QAC1B,MAAM,IAAIR,MACR,CAAC,+DAA+D,EAAEvC,YAAY,8BAA8B,EAAEI,aAAa,EAAE,CAAC;IAElI;IAEA,MAAM4C,mBACJP,iBAAiBE,UAAU,CAACI,cAAc,EAAEE,MAAMC;IAEpD,IACE,CAACjF,WAAW+E,qBACZ,CAACA,iBAAiBxD,QAAQ,GAAG2D,QAAQ,CAAC,SACtC;QACA,MAAM,IAAIZ,MACR,CAAC,8DAA8D,EAAEvC,YAAY,EAAE,CAAC;IAEpF;IAEA,4EAA4E;IAC5E,MAAMoD,iBAAiB,IAAInC,IAAImB;IAC/B,MAAMiB,gBAAgB,IAAIpC,IAAI+B;IAC9BK,cAAcC,QAAQ,GAAGF,eAAeE,QAAQ;IAChDD,cAAcE,QAAQ,GAAGH,eAAeG,QAAQ;IAEhD,kEAAkE;IAClE,MAAMhC,kBAAkB,MAAMb,cAAc2C,cAAc7D,QAAQ;IAClE,IAAI,CAAC+B,gBAAgBe,EAAE,IAAI,CAACf,gBAAgBiC,IAAI,EAAE;QAChD,MAAM,IAAIjB,MAAM,CAAC,qCAAqC,EAAEvC,YAAY,EAAE,CAAC;IACzE;IACA,2FAA2F;IAC3F,MAAMyD,oBAAoBlC,gBAAgBmC,OAAO,CAAC5D,GAAG,CAAC;IACtDxB,OAAOmF,mBAAmB;IAC1B,MAAME,cAAcC,SAASH,mBAAmB;IAChDnF,OACEqF,eAAezB,2BACf;IAEF,OAAO;QAACX,gBAAgBiC,IAAI;QAAET;KAAc;AAC9C;AAEA;;;CAGC,GACD,MAAMc,0BAA0B;AAEhC;;;;;;;;CAQC,GACD,SAAS9B,cAAc+B,MAAsB;IAC3C,IAAI,OAAOA,OAAOC,SAAS,KAAK,YAAY;QAC1C,OAAOD;IACT;IAEA,OAAO,IAAIjF,wBAAwBiF;AACrC;AAEA;;;;;;;CAOC,GACD,SAAS9B,oBACPN,aAAqB,EACrB/B,KAA+B;IAE/BrB,OACEoD,cAAcyB,QAAQ,CAAC,MACvB;IAGF7E,OACEoD,cAAcL,UAAU,CAAC,SACzB;IAEF,oEAAoE;IACpE,2CAA2C;IAC3C,MAAM2C,gBAAgBjF;IAEtB,IAAIkF,YAAY;IAEhB,2EAA2E;IAC3E,qBAAqB;IACrBD,cAAcE,EAAE,CAAC,SAAS,CAACC,QAAQC,aAAaC;QAC9C,MAAM,EAAEC,MAAMC,UAAU,EAAEC,MAAMC,UAAU,EAAE,GAAGN;QAC/C,IAAIM,eAAe,QAAQ;YACzB,mDAAmD;YACnD,MAAMhF,OAAO8E,WAAWG,OAAO,CAACb,yBAAyB;YACzD,OAAOO,YAAYO,IAAI,CACrBjG,OAAO,CAACkG;gBACN,IAAI;oBACFX,aAAaW,KAAKC,UAAU;oBAC5B,8EAA8E;oBAC9EvG,OACE2F,YAAY/B,2BACZ,CAAC,8BAA8B,EAAEA,0BAA0B,OAAO,CAAC;oBAErE,MAAM7C,QAAQ,IAAIlB,YAAY;wBAC5B2G,OAAOF;wBACPnF;wBACAmF,MAAM;4BACJG,eAAe,IAAI9D,IAAIxB,MAAMiC,eAAelC,QAAQ;wBACtD;oBACF;oBACA,wFAAwF;oBACxFlB,OACE,CAACqB,MAAMqF,GAAG,CAACvF,OACX;oBAEFE,MAAMsF,GAAG,CAACxF,MAAMJ;oBAChB,OAAOgF;gBACT,EAAE,OAAOpC,OAAO;oBACd,OAAO+B,cAAckB,OAAO,CAACjD;gBAC/B;YACF;QAEJ;QAEA,4EAA4E;QAC5E,0EAA0E;QAC1E,6CAA6C;QAC7CmC,YAAYF,EAAE,CAAC,OAAO,IAAMG;QAC5B,OAAOD,YAAYe,MAAM;IAC3B;IACA,OAAOnB;AACT"}

package/dist/esm/snaps/permissions.js

@@ -0,0 +1,50 @@
+import { caveatMappers, restrictedMethodPermissionBuilders, selectHooks } from '@metamask/rpc-methods';
+import { hasProperty } from '@metamask/utils';
+import { endowmentCaveatMappers, endowmentPermissionBuilders } from './endowments';
+/**
+ * Map initial permissions as defined in a Snap manifest to something that can
+ * be processed by the PermissionsController. Each caveat mapping function
+ * should return a valid permission caveat value.
+ *
+ * This function does not validate the caveat values, since that is done by
+ * the PermissionsController itself, upon requesting the permissions.
+ *
+ * @param initialPermissions - The initial permissions to process.
+ * @returns The processed permissions.
+ */ export function processSnapPermissions(initialPermissions) {
+    return Object.fromEntries(Object.entries(initialPermissions).map(([initialPermission, value])=>{
+        if (hasProperty(caveatMappers, initialPermission)) {
+            return [
+                initialPermission,
+                caveatMappers[initialPermission](value)
+            ];
+        } else if (hasProperty(endowmentCaveatMappers, initialPermission)) {
+            return [
+                initialPermission,
+                endowmentCaveatMappers[initialPermission](value)
+            ];
+        }
+        // If we have no mapping, this may be a non-snap permission, return as-is
+        return [
+            initialPermission,
+            value
+        ];
+    }));
+}
+export const buildSnapEndowmentSpecifications = (excludedEndowments)=>Object.values(endowmentPermissionBuilders).reduce((allSpecifications, { targetName, specificationBuilder })=>{
+        if (!excludedEndowments.includes(targetName)) {
+            allSpecifications[targetName] = specificationBuilder({});
+        }
+        return allSpecifications;
+    }, {});
+export const buildSnapRestrictedMethodSpecifications = (excludedPermissions, hooks)=>Object.values(restrictedMethodPermissionBuilders).reduce((specifications, { targetName, specificationBuilder, methodHooks })=>{
+        if (!excludedPermissions.includes(targetName)) {
+            specifications[targetName] = specificationBuilder({
+                // @ts-expect-error The selectHooks type is wonky
+                methodHooks: selectHooks(hooks, methodHooks)
+            });
+        }
+        return specifications;
+    }, {});
+
+//# sourceMappingURL=permissions.js.map

package/dist/esm/snaps/permissions.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../../src/snaps/permissions.ts"],"sourcesContent":["import {\n  PermissionConstraint,\n  PermissionSpecificationConstraint,\n} from '@metamask/permission-controller';\nimport {\n  caveatMappers,\n  restrictedMethodPermissionBuilders,\n  selectHooks,\n} from '@metamask/rpc-methods';\nimport { SnapPermissions } from '@metamask/snaps-utils';\nimport { hasProperty } from '@metamask/utils';\n\nimport {\n  endowmentCaveatMappers,\n  endowmentPermissionBuilders,\n} from './endowments';\n\n/**\n * Map initial permissions as defined in a Snap manifest to something that can\n * be processed by the PermissionsController. Each caveat mapping function\n * should return a valid permission caveat value.\n *\n * This function does not validate the caveat values, since that is done by\n * the PermissionsController itself, upon requesting the permissions.\n *\n * @param initialPermissions - The initial permissions to process.\n * @returns The processed permissions.\n */\nexport function processSnapPermissions(\n  initialPermissions: SnapPermissions,\n): Record<string, Pick<PermissionConstraint, 'caveats'>> {\n  return Object.fromEntries(\n    Object.entries(initialPermissions).map(([initialPermission, value]) => {\n      if (hasProperty(caveatMappers, initialPermission)) {\n        return [initialPermission, caveatMappers[initialPermission](value)];\n      } else if (hasProperty(endowmentCaveatMappers, initialPermission)) {\n        return [\n          initialPermission,\n          endowmentCaveatMappers[initialPermission](value),\n        ];\n      }\n\n      // If we have no mapping, this may be a non-snap permission, return as-is\n      return [\n        initialPermission,\n        value as Pick<PermissionConstraint, 'caveats'>,\n      ];\n    }),\n  );\n}\n\nexport const buildSnapEndowmentSpecifications = (\n  excludedEndowments: string[],\n) =>\n  Object.values(endowmentPermissionBuilders).reduce<\n    Record<string, PermissionSpecificationConstraint>\n  >((allSpecifications, { targetName, specificationBuilder }) => {\n    if (!excludedEndowments.includes(targetName)) {\n      allSpecifications[targetName] = specificationBuilder({});\n    }\n    return allSpecifications;\n  }, {});\n\nexport const buildSnapRestrictedMethodSpecifications = (\n  excludedPermissions: string[],\n  hooks: Record<string, unknown>,\n) =>\n  Object.values(restrictedMethodPermissionBuilders).reduce<\n    Record<string, PermissionSpecificationConstraint>\n  >((specifications, { targetName, specificationBuilder, methodHooks }) => {\n    if (!excludedPermissions.includes(targetName)) {\n      specifications[targetName] = specificationBuilder({\n        // @ts-expect-error The selectHooks type is wonky\n        methodHooks: selectHooks<typeof hooks, keyof typeof methodHooks>(\n          hooks,\n          methodHooks,\n        ) as Pick<typeof hooks, keyof typeof methodHooks>,\n      });\n    }\n    return specifications;\n  }, {});\n"],"names":["caveatMappers","restrictedMethodPermissionBuilders","selectHooks","hasProperty","endowmentCaveatMappers","endowmentPermissionBuilders","processSnapPermissions","initialPermissions","Object","fromEntries","entries","map","initialPermission","value","buildSnapEndowmentSpecifications","excludedEndowments","values","reduce","allSpecifications","targetName","specificationBuilder","includes","buildSnapRestrictedMethodSpecifications","excludedPermissions","hooks","specifications","methodHooks"],"mappings":"AAIA,SACEA,aAAa,EACbC,kCAAkC,EAClCC,WAAW,QACN,wBAAwB;AAE/B,SAASC,WAAW,QAAQ,kBAAkB;AAE9C,SACEC,sBAAsB,EACtBC,2BAA2B,QACtB,eAAe;AAEtB;;;;;;;;;;CAUC,GACD,OAAO,SAASC,uBACdC,kBAAmC;IAEnC,OAAOC,OAAOC,WAAW,CACvBD,OAAOE,OAAO,CAACH,oBAAoBI,GAAG,CAAC,CAAC,CAACC,mBAAmBC,MAAM;QAChE,IAAIV,YAAYH,eAAeY,oBAAoB;YACjD,OAAO;gBAACA;gBAAmBZ,aAAa,CAACY,kBAAkB,CAACC;aAAO;QACrE,OAAO,IAAIV,YAAYC,wBAAwBQ,oBAAoB;YACjE,OAAO;gBACLA;gBACAR,sBAAsB,CAACQ,kBAAkB,CAACC;aAC3C;QACH;QAEA,yEAAyE;QACzE,OAAO;YACLD;YACAC;SACD;IACH;AAEJ;AAEA,OAAO,MAAMC,mCAAmC,CAC9CC,qBAEAP,OAAOQ,MAAM,CAACX,6BAA6BY,MAAM,CAE/C,CAACC,mBAAmB,EAAEC,UAAU,EAAEC,oBAAoB,EAAE;QACxD,IAAI,CAACL,mBAAmBM,QAAQ,CAACF,aAAa;YAC5CD,iBAAiB,CAACC,WAAW,GAAGC,qBAAqB,CAAC;QACxD;QACA,OAAOF;IACT,GAAG,CAAC,GAAG;AAET,OAAO,MAAMI,0CAA0C,CACrDC,qBACAC,QAEAhB,OAAOQ,MAAM,CAACf,oCAAoCgB,MAAM,CAEtD,CAACQ,gBAAgB,EAAEN,UAAU,EAAEC,oBAAoB,EAAEM,WAAW,EAAE;QAClE,IAAI,CAACH,oBAAoBF,QAAQ,CAACF,aAAa;YAC7CM,cAAc,CAACN,WAAW,GAAGC,qBAAqB;gBAChD,iDAAiD;gBACjDM,aAAaxB,YACXsB,OACAE;YAEJ;QACF;QACA,OAAOD;IACT,GAAG,CAAC,GAAG"}

package/dist/esm/snaps/registry/index.js

@@ -0,0 +1,4 @@
+export * from './registry';
+export * from './json';
+
+//# sourceMappingURL=index.js.map

package/dist/esm/snaps/registry/index.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../../../src/snaps/registry/index.ts"],"sourcesContent":["export * from './registry';\nexport * from './json';\n"],"names":[],"mappings":"AAAA,cAAc,aAAa;AAC3B,cAAc,SAAS"}