@metamask/snaps-controllers 9.7.0 → 9.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (90) hide show
  1. package/CHANGELOG.md +142 -1
  2. package/dist/cronjob/CronjobController.cjs +21 -34
  3. package/dist/cronjob/CronjobController.cjs.map +1 -1
  4. package/dist/cronjob/CronjobController.mjs +21 -34
  5. package/dist/cronjob/CronjobController.mjs.map +1 -1
  6. package/dist/insights/SnapInsightsController.cjs +194 -144
  7. package/dist/insights/SnapInsightsController.cjs.map +1 -1
  8. package/dist/insights/SnapInsightsController.mjs +193 -143
  9. package/dist/insights/SnapInsightsController.mjs.map +1 -1
  10. package/dist/interface/SnapInterfaceController.cjs +90 -65
  11. package/dist/interface/SnapInterfaceController.cjs.map +1 -1
  12. package/dist/interface/SnapInterfaceController.d.cts +2 -1
  13. package/dist/interface/SnapInterfaceController.d.cts.map +1 -1
  14. package/dist/interface/SnapInterfaceController.d.mts +2 -1
  15. package/dist/interface/SnapInterfaceController.d.mts.map +1 -1
  16. package/dist/interface/SnapInterfaceController.mjs +90 -65
  17. package/dist/interface/SnapInterfaceController.mjs.map +1 -1
  18. package/dist/services/AbstractExecutionService.cjs +71 -77
  19. package/dist/services/AbstractExecutionService.cjs.map +1 -1
  20. package/dist/services/AbstractExecutionService.mjs +71 -77
  21. package/dist/services/AbstractExecutionService.mjs.map +1 -1
  22. package/dist/services/ProxyPostMessageStream.cjs +19 -26
  23. package/dist/services/ProxyPostMessageStream.cjs.map +1 -1
  24. package/dist/services/ProxyPostMessageStream.mjs +19 -26
  25. package/dist/services/ProxyPostMessageStream.mjs.map +1 -1
  26. package/dist/services/iframe/IframeExecutionService.cjs +1 -0
  27. package/dist/services/iframe/IframeExecutionService.cjs.map +1 -1
  28. package/dist/services/iframe/IframeExecutionService.mjs +1 -0
  29. package/dist/services/iframe/IframeExecutionService.mjs.map +1 -1
  30. package/dist/services/offscreen/OffscreenExecutionService.cjs +3 -16
  31. package/dist/services/offscreen/OffscreenExecutionService.cjs.map +1 -1
  32. package/dist/services/offscreen/OffscreenExecutionService.mjs +3 -16
  33. package/dist/services/offscreen/OffscreenExecutionService.mjs.map +1 -1
  34. package/dist/services/proxy/ProxyExecutionService.cjs +4 -17
  35. package/dist/services/proxy/ProxyExecutionService.cjs.map +1 -1
  36. package/dist/services/proxy/ProxyExecutionService.mjs +4 -17
  37. package/dist/services/proxy/ProxyExecutionService.mjs.map +1 -1
  38. package/dist/services/webview/WebViewExecutionService.cjs +9 -23
  39. package/dist/services/webview/WebViewExecutionService.cjs.map +1 -1
  40. package/dist/services/webview/WebViewExecutionService.mjs +9 -23
  41. package/dist/services/webview/WebViewExecutionService.mjs.map +1 -1
  42. package/dist/services/webview/WebViewMessageStream.cjs +12 -25
  43. package/dist/services/webview/WebViewMessageStream.cjs.map +1 -1
  44. package/dist/services/webview/WebViewMessageStream.d.cts +1 -2
  45. package/dist/services/webview/WebViewMessageStream.d.cts.map +1 -1
  46. package/dist/services/webview/WebViewMessageStream.d.mts +1 -2
  47. package/dist/services/webview/WebViewMessageStream.d.mts.map +1 -1
  48. package/dist/services/webview/WebViewMessageStream.mjs +12 -25
  49. package/dist/services/webview/WebViewMessageStream.mjs.map +1 -1
  50. package/dist/services/webview/index.cjs +1 -0
  51. package/dist/services/webview/index.cjs.map +1 -1
  52. package/dist/services/webview/index.d.cts +1 -0
  53. package/dist/services/webview/index.d.cts.map +1 -1
  54. package/dist/services/webview/index.d.mts +1 -0
  55. package/dist/services/webview/index.d.mts.map +1 -1
  56. package/dist/services/webview/index.mjs +1 -0
  57. package/dist/services/webview/index.mjs.map +1 -1
  58. package/dist/services/webworker/WebWorkerExecutionService.cjs +10 -23
  59. package/dist/services/webworker/WebWorkerExecutionService.cjs.map +1 -1
  60. package/dist/services/webworker/WebWorkerExecutionService.mjs +10 -23
  61. package/dist/services/webworker/WebWorkerExecutionService.mjs.map +1 -1
  62. package/dist/snaps/RequestQueue.cjs +2 -0
  63. package/dist/snaps/RequestQueue.cjs.map +1 -1
  64. package/dist/snaps/RequestQueue.mjs +2 -0
  65. package/dist/snaps/RequestQueue.mjs.map +1 -1
  66. package/dist/snaps/SnapController.cjs +1141 -1001
  67. package/dist/snaps/SnapController.cjs.map +1 -1
  68. package/dist/snaps/SnapController.mjs +1140 -1000
  69. package/dist/snaps/SnapController.mjs.map +1 -1
  70. package/dist/snaps/Timer.cjs +1 -0
  71. package/dist/snaps/Timer.cjs.map +1 -1
  72. package/dist/snaps/Timer.mjs +1 -0
  73. package/dist/snaps/Timer.mjs.map +1 -1
  74. package/dist/snaps/location/http.cjs +11 -7
  75. package/dist/snaps/location/http.cjs.map +1 -1
  76. package/dist/snaps/location/http.mjs +11 -7
  77. package/dist/snaps/location/http.mjs.map +1 -1
  78. package/dist/snaps/location/local.cjs +4 -17
  79. package/dist/snaps/location/local.cjs.map +1 -1
  80. package/dist/snaps/location/local.mjs +4 -17
  81. package/dist/snaps/location/local.mjs.map +1 -1
  82. package/dist/snaps/location/npm.cjs +25 -37
  83. package/dist/snaps/location/npm.cjs.map +1 -1
  84. package/dist/snaps/location/npm.mjs +25 -37
  85. package/dist/snaps/location/npm.mjs.map +1 -1
  86. package/dist/snaps/registry/json.cjs +172 -173
  87. package/dist/snaps/registry/json.cjs.map +1 -1
  88. package/dist/snaps/registry/json.mjs +171 -172
  89. package/dist/snaps/registry/json.mjs.map +1 -1
  90. package/package.json +38 -23
package/dist/snaps/location/npm.mjs CHANGED
@@ -1,15 +1,3 @@
1
- var __classPrivateFieldGet = (this && this.__classPrivateFieldGet) || function (receiver, state, kind, f) {
2
- if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a getter");
3
- if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot read private member from an object whose class did not declare it");
4
- return kind === "m" ? f : kind === "a" ? f.call(receiver) : f ? f.value : state.get(receiver);
5
- };
6
- var __classPrivateFieldSet = (this && this.__classPrivateFieldSet) || function (receiver, state, value, kind, f) {
7
- if (kind === "m") throw new TypeError("Private method is not writable");
8
- if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a setter");
9
- if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot write private member to an object whose class did not declare it");
10
- return (kind === "a" ? f.call(receiver, value) : f ? f.value = value : state.set(receiver, value)), value;
11
- };
12
- var _BaseNpmLocation_instances, _BaseNpmLocation_validatedManifest, _BaseNpmLocation_files, _BaseNpmLocation_lazyInit;
13
1
  function $importDefault(module) {
14
2
  if (module?.__esModule) {
15
3
  return module.default;
@@ -29,10 +17,10 @@ import { extract as tarExtract } from "tar-stream";
29
17
  export const DEFAULT_NPM_REGISTRY = new URL('https://registry.npmjs.org');
30
18
  // Base class for NPM implementation, useful for extending with custom NPM fetching logic
31
19
  export class BaseNpmLocation {
20
+ meta;
21
+ #validatedManifest;
22
+ #files;
32
23
  constructor(url, opts = {}) {
33
- _BaseNpmLocation_instances.add(this);
34
- _BaseNpmLocation_validatedManifest.set(this, void 0);
35
- _BaseNpmLocation_files.set(this, void 0);
36
24
  const allowCustomRegistries = opts.allowCustomRegistries ?? false;
37
25
  const fetchFunction = opts.fetch ?? globalThis.fetch.bind(undefined);
38
26
  const requestedRange = opts.versionRange ?? DEFAULT_REQUESTED_SNAP_VERSION;
@@ -76,22 +64,22 @@ export class BaseNpmLocation {
76
64
  };
77
65
  }
78
66
  async manifest() {
79
- if (__classPrivateFieldGet(this, _BaseNpmLocation_validatedManifest, "f")) {
80
- return __classPrivateFieldGet(this, _BaseNpmLocation_validatedManifest, "f").clone();
67
+ if (this.#validatedManifest) {
68
+ return this.#validatedManifest.clone();
81
69
  }
82
70
  const vfile = await this.fetch('snap.manifest.json');
83
71
  const result = parseJson(vfile.toString());
84
72
  vfile.result = createSnapManifest(result);
85
- __classPrivateFieldSet(this, _BaseNpmLocation_validatedManifest, vfile, "f");
73
+ this.#validatedManifest = vfile;
86
74
  return this.manifest();
87
75
  }
88
76
  async fetch(path) {
89
77
  const relativePath = normalizeRelative(path);
90
- if (!__classPrivateFieldGet(this, _BaseNpmLocation_files, "f")) {
91
- await __classPrivateFieldGet(this, _BaseNpmLocation_instances, "m", _BaseNpmLocation_lazyInit).call(this);
92
- assert(__classPrivateFieldGet(this, _BaseNpmLocation_files, "f") !== undefined);
78
+ if (!this.#files) {
79
+ await this.#lazyInit();
80
+ assert(this.#files !== undefined);
93
81
  }
94
- const vfile = __classPrivateFieldGet(this, _BaseNpmLocation_files, "f").get(relativePath);
82
+ const vfile = this.#files.get(relativePath);
95
83
  assert(vfile !== undefined, new TypeError(`File "${path}" not found in package.`));
96
84
  return vfile.clone();
97
85
  }
@@ -108,22 +96,22 @@ export class BaseNpmLocation {
108
96
  get versionRange() {
109
97
  return this.meta.requestedRange;
110
98
  }
111
- }
112
- _BaseNpmLocation_validatedManifest = new WeakMap(), _BaseNpmLocation_files = new WeakMap(), _BaseNpmLocation_instances = new WeakSet(), _BaseNpmLocation_lazyInit = async function _BaseNpmLocation_lazyInit() {
113
- assert(__classPrivateFieldGet(this, _BaseNpmLocation_files, "f") === undefined);
114
- const resolvedVersion = await this.meta.resolveVersion(this.meta.requestedRange);
115
- const { tarballURL, targetVersion } = await resolveNpmVersion(this.meta.packageName, resolvedVersion, this.meta.registry, this.meta.fetch);
116
- if (!isValidUrl(tarballURL) || !tarballURL.toString().endsWith('.tgz')) {
117
- throw new Error(`Failed to find valid tarball URL in NPM metadata for package "${this.meta.packageName}".`);
99
+ async #lazyInit() {
100
+ assert(this.#files === undefined);
101
+ const resolvedVersion = await this.meta.resolveVersion(this.meta.requestedRange);
102
+ const { tarballURL, targetVersion } = await resolveNpmVersion(this.meta.packageName, resolvedVersion, this.meta.registry, this.meta.fetch);
103
+ if (!isValidUrl(tarballURL) || !tarballURL.toString().endsWith('.tgz')) {
104
+ throw new Error(`Failed to find valid tarball URL in NPM metadata for package "${this.meta.packageName}".`);
105
+ }
106
+ // Override the tarball hostname/protocol with registryUrl hostname/protocol
107
+ const newTarballUrl = new URL(tarballURL);
108
+ newTarballUrl.hostname = this.meta.registry.hostname;
109
+ newTarballUrl.protocol = this.meta.registry.protocol;
110
+ const files = await this.fetchNpmTarball(newTarballUrl);
111
+ this.#files = files;
112
+ this.meta.version = targetVersion;
118
113
  }
119
- // Override the tarball hostname/protocol with registryUrl hostname/protocol
120
- const newTarballUrl = new URL(tarballURL);
121
- newTarballUrl.hostname = this.meta.registry.hostname;
122
- newTarballUrl.protocol = this.meta.registry.protocol;
123
- const files = await this.fetchNpmTarball(newTarballUrl);
124
- __classPrivateFieldSet(this, _BaseNpmLocation_files, files, "f");
125
- this.meta.version = targetVersion;
126
- };
114
+ }
127
115
  // Safety limit for tarballs, 250 MB in bytes
128
116
  export const TARBALL_SIZE_SAFETY_LIMIT = 262144000;
129
117
  // Main NPM implementation, contains a browser tarball fetching implementation.
package/dist/snaps/location/npm.mjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"npm.mjs","sourceRoot":"","sources":["../../../src/snaps/location/npm.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;AACA,OAAO,EACL,kBAAkB,EAClB,8BAA8B,EAC9B,gBAAgB,EAChB,UAAU,EACV,eAAe,EACf,WAAW,EACX,iBAAiB,EACjB,SAAS,EACV,8BAA8B;AAE/B,OAAO,EACL,MAAM,EACN,qBAAqB,EACrB,YAAY,EACZ,QAAQ,EACR,oBAAoB,EACrB,wBAAwB;AACzB,OAAO,EAAE,YAAY,EAAE,wBAAwB;AAC/C,OAAO,OAAM,sBAAsB;;AACnC,OAAO,iBAAgB,4BAA4B;;AACnD,OAAO,EAAE,QAAQ,EAAE,wBAAwB;AAE3C,OAAO,EAAE,uBAAuB,EAAE,oCAAoC;AACtE,OAAO,EAAE,OAAO,IAAI,UAAU,EAAE,mBAAmB;AAInD,MAAM,CAAC,MAAM,oBAAoB,GAAG,IAAI,GAAG,CAAC,4BAA4B,CAAC,CAAC;AAuB1E,yFAAyF;AACzF,MAAM,OAAgB,eAAe;IAOnC,YAAY,GAAQ,EAAE,OAAkC,EAAE;;QAJ1D,qDAA+C;QAE/C,yCAAkC;QAGhC,MAAM,qBAAqB,GAAG,IAAI,CAAC,qBAAqB,IAAI,KAAK,CAAC;QAClE,MAAM,aAAa,GAAG,IAAI,CAAC,KAAK,IAAI,UAAU,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QACrE,MAAM,cAAc,GAAG,IAAI,CAAC,YAAY,IAAI,8BAA8B,CAAC;QAC3E,MAAM,cAAc,GAAG,KAAK,EAAE,KAAkB,EAAE,EAAE,CAAC,KAAK,CAAC;QAC3D,MAAM,cAAc,GAAG,IAAI,CAAC,cAAc,IAAI,cAAc,CAAC;QAE7D,YAAY,CAAC,GAAG,CAAC,QAAQ,EAAE,EAAE,eAAe,EAAE,mBAAmB,CAAC,CAAC;QAEnE,IAAI,QAAsB,CAAC;QAC3B,IACE,GAAG,CAAC,IAAI,KAAK,EAAE;YACf,GAAG,CAAC,IAAI,KAAK,EAAE;YACf,GAAG,CAAC,QAAQ,KAAK,EAAE;YACnB,GAAG,CAAC,QAAQ,KAAK,EAAE,EACnB,CAAC;YACD,QAAQ,GAAG,oBAAoB,CAAC;QAClC,CAAC;aAAM,CAAC;YACN,QAAQ,GAAG,UAAU,CAAC;YACtB,IAAI,GAAG,CAAC,QAAQ,EAAE,CAAC;gBACjB,QAAQ,IAAI,GAAG,CAAC,QAAQ,CAAC;gBACzB,IAAI,GAAG,CAAC,QAAQ,EAAE,CAAC;oBACjB,QAAQ,IAAI,IAAI,GAAG,CAAC,QAAQ,EAAE,CAAC;gBACjC,CAAC;gBACD,QAAQ,IAAI,GAAG,CAAC;YAClB,CAAC;YACD,QAAQ,IAAI,GAAG,CAAC,IAAI,CAAC;YACrB,QAAQ,GAAG,IAAI,GAAG,CAAC,QAAQ,CAAC,CAAC;YAC7B,MAAM,CACJ,qBAAqB,EACrB,IAAI,SAAS,CACX,qDAAqD,QAAQ,CAAC,QAAQ,EAAE,IAAI,CAC7E,CACF,CAAC;QACJ,CAAC;QAED,MAAM,CACJ,QAAQ,CAAC,QAAQ,KAAK,GAAG;YACvB,QAAQ,CAAC,MAAM,KAAK,EAAE;YACtB,QAAQ,CAAC,IAAI,KAAK,EAAE,CACvB,CAAC;QAEF,MAAM,CACJ,GAAG,CAAC,QAAQ,KAAK,EAAE,IAAI,GAAG,CAAC,QAAQ,KAAK,GAAG,EAC3C,IAAI,SAAS,CAAC,4CAA4C,CAAC,CAC5D,CAAC;QACF,IAAI,WAAW,GAAG,GAAG,CAAC,QAAQ,CAAC;QAC/B,IAAI,WAAW,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;YAChC,WAAW,GAAG,WAAW,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QACrC,CAAC;QAED,IAAI,CAAC,IAAI,GAAG;YACV,cAAc;YACd,QAAQ;YACR,WAAW;YACX,KAAK,EAAE,aAAa;YACpB,cAAc;SACf,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,QAAQ;QACZ,IAAI,uBAAA,IAAI,0CAAmB,EAAE,CAAC;YAC5B,OAAO,uBAAA,IAAI,0CAAmB,CAAC,KAAK,EAAE,CAAC;QACzC,CAAC;QAED,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,oBAAoB,CAAC,CAAC;QACrD,MAAM,MAAM,GAAG,SAAS,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC,CAAC;QAC3C,KAAK,CAAC,MAAM,GAAG,kBAAkB,CAAC,MAAM,CAAC,CAAC;QAC1C,uBAAA,IAAI,sCAAsB,KAAkC,MAAA,CAAC;QAE7D,OAAO,IAAI,CAAC,QAAQ,EAAE,CAAC;IACzB,CAAC;IAED,KAAK,CAAC,KAAK,CAAC,IAAY;QACtB,MAAM,YAAY,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC;QAC7C,IAAI,CAAC,uBAAA,IAAI,8BAAO,EAAE,CAAC;YACjB,MAAM,uBAAA,IAAI,6DAAU,MAAd,IAAI,CAAY,CAAC;YACvB,MAAM,CAAC,uBAAA,IAAI,8BAAO,KAAK,SAAS,CAAC,CAAC;QACpC,CAAC;QACD,MAAM,KAAK,GAAG,uBAAA,IAAI,8BAAO,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;QAC5C,MAAM,CACJ,KAAK,KAAK,SAAS,EACnB,IAAI,SAAS,CAAC,SAAS,IAAI,yBAAyB,CAAC,CACtD,CAAC;QACF,OAAO,KAAK,CAAC,KAAK,EAAE,CAAC;IACvB,CAAC;IAED,IAAI,WAAW;QACb,OAAO,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC;IAC/B,CAAC;IAED,IAAI,OAAO;QACT,MAAM,CACJ,IAAI,CAAC,IAAI,CAAC,OAAO,KAAK,SAAS,EAC/B,6DAA6D,CAC9D,CAAC;QACF,OAAO,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC;IAC3B,CAAC;IAED,IAAI,QAAQ;QACV,OAAO,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC;IAC5B,CAAC;IAED,IAAI,YAAY;QACd,OAAO,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC;IAClC,CAAC;CAwCF;oKAtCC,KAAK;IACH,MAAM,CAAC,uBAAA,IAAI,8BAAO,KAAK,SAAS,CAAC,CAAC;IAClC,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,cAAc,CACpD,IAAI,CAAC,IAAI,CAAC,cAAc,CACzB,CAAC;IAEF,MAAM,EAAE,UAAU,EAAE,aAAa,EAAE,GAAG,MAAM,iBAAiB,CAC3D,IAAI,CAAC,IAAI,CAAC,WAAW,EACrB,eAAe,EACf,IAAI,CAAC,IAAI,CAAC,QAAQ,EAClB,IAAI,CAAC,IAAI,CAAC,KAAK,CAChB,CAAC;IAEF,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,IAAI,CAAC,UAAU,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;QACvE,MAAM,IAAI,KAAK,CACb,iEAAiE,IAAI,CAAC,IAAI,CAAC,WAAW,IAAI,CAC3F,CAAC;IACJ,CAAC;IAED,4EAA4E;IAC5E,MAAM,aAAa,GAAG,IAAI,GAAG,CAAC,UAAU,CAAC,CAAC;IAC1C,aAAa,CAAC,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC;IACrD,aAAa,CAAC,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC;IAErD,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,aAAa,CAAC,CAAC;IAExD,uBAAA,IAAI,0BAAU,KAAK,MAAA,CAAC;IACpB,IAAI,CAAC,IAAI,CAAC,OAAO,GAAG,aAAa,CAAC;AACpC,CAAC;AAYH,6CAA6C;AAC7C,MAAM,CAAC,MAAM,yBAAyB,GAAG,SAAS,CAAC;AAEnD,+EAA+E;AAC/E,MAAM,OAAO,WAAY,SAAQ,eAAe;IAC9C;;;;;;OAMG;IACH,KAAK,CAAC,eAAe,CACnB,UAAe;QAEf,kEAAkE;QAClE,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,QAAQ,EAAE,CAAC,CAAC;QACrE,IAAI,CAAC,eAAe,CAAC,EAAE,IAAI,CAAC,eAAe,CAAC,IAAI,EAAE,CAAC;YACjD,MAAM,IAAI,KAAK,CACb,wCAAwC,IAAI,CAAC,IAAI,CAAC,WAAW,IAAI,CAClE,CAAC;QACJ,CAAC;QAED,2FAA2F;QAC3F,MAAM,iBAAiB,GAAG,eAAe,CAAC,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC;QACxE,MAAM,CAAC,iBAAiB,EAAE,yCAAyC,CAAC,CAAC;QACrE,MAAM,WAAW,GAAG,QAAQ,CAAC,iBAAiB,EAAE,EAAE,CAAC,CAAC;QACpD,MAAM,CACJ,WAAW,IAAI,yBAAyB,EACxC,iCAAiC,CAClC,CAAC;QACF,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,MAAM,KAAK,GAAG,IAAI,GAAG,EAAE,CAAC;YAExB,MAAM,aAAa,GAAG,mBAAmB,CACvC,uBAAuB,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,EAClE,KAAK,CACN,CAAC;YAEF,oEAAoE;YACpE,MAAM,IAAI,GAAG,eAAe,CAAC,IAAK,CAAC;YAEnC,4EAA4E;YAC5E,iDAAiD;YACjD,4EAA4E;YAE5E,uFAAuF;YACvF,IAAI,aAAa,IAAI,IAAI,IAAI,qBAAqB,IAAI,UAAU,EAAE,CAAC;gBACjE,MAAM,mBAAmB,GAAG,IAAI,mBAAmB,CAAC,MAAM,CAAC,CAAC;gBAC5D,MAAM,kBAAkB,GAAG,IAAI,CAAC,WAAW,CAAC,mBAAmB,CAAC,CAAC;gBAEjE,QAAQ,CACN,aAAa,CAAC,kBAAkB,CAAC,EACjC,aAAa,EACb,CAAC,KAAc,EAAE,EAAE;oBACjB,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;gBACzC,CAAC,CACF,CAAC;gBACF,OAAO;YACT,CAAC;YAED,QAAQ,CACN,aAAa,CAAC,IAAI,CAAC,EACnB,YAAY,EAAE,EACd,aAAa,EACb,CAAC,KAAc,EAAE,EAAE;gBACjB,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;YACzC,CAAC,CACF,CAAC;QACJ,CAAC,CAAC,CAAC;IACL,CAAC;CACF;AAOD;;;;;;;;;;GAUG;AACH,MAAM,CAAC,KAAK,UAAU,gBAAgB,CACpC,WAAmB,EACnB,WAAgB,EAChB,aAA2B;IAE3B,MAAM,eAAe,GAAG,MAAM,aAAa,CACzC,IAAI,GAAG,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC,QAAQ,EAAE,EAC5C;QACE,OAAO,EAAE;YACP,gGAAgG;YAChG,MAAM,EAAE,KAAK,CAAC,WAAW,CAAC;gBACxB,CAAC,CAAC,0EAA0E;gBAC5E,CAAC,CAAC,kBAAkB;SACvB;KACF,CACF,CAAC;IACF,IAAI,CAAC,eAAe,CAAC,EAAE,EAAE,CAAC;QACxB,MAAM,IAAI,KAAK,CACb,oDAAoD,eAAe,CAAC,MAAM,GAAG,CAC9E,CAAC;IACJ,CAAC;IACD,MAAM,eAAe,GAAG,MAAM,eAAe,CAAC,IAAI,EAAE,CAAC;IAErD,IAAI,CAAC,QAAQ,CAAC,eAAe,CAAC,EAAE,CAAC;QAC/B,MAAM,IAAI,KAAK,CACb,4BAA4B,WAAW,sBAAsB,CAC9D,CAAC;IACJ,CAAC;IAED,OAAO,eAAqC,CAAC;AAC/C,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,uBAAuB,CAAC,WAAgB,EAAE,WAAmB;IAC3E,IAAI,aAAa,GAAG,QAAQ,CAAC;IAC7B,IAAI,WAAW,CAAC,QAAQ,KAAK,EAAE,EAAE,CAAC;QAChC,aAAa,IAAI,WAAW,CAAC,QAAQ,CAAC;QACtC,IAAI,WAAW,CAAC,QAAQ,KAAK,EAAE,EAAE,CAAC;YAChC,aAAa,IAAI,IAAI,WAAW,CAAC,QAAQ,EAAE,CAAC;QAC9C,CAAC;QACD,aAAa,IAAI,GAAG,CAAC;IACvB,CAAC;IACD,OAAO,GAAG,aAAa,GAAG,WAAW,CAAC,IAAI,IAAI,WAAW,GAAG,CAAC;AAC/D,CAAC;AAED;;;;;GAKG;AACH,SAAS,KAAK,CAAC,WAAgB;IAC7B,OAAO,WAAW,CAAC,QAAQ,EAAE,KAAK,oBAAoB,CAAC,QAAQ,EAAE,CAAC;AACpE,CAAC;AAED;;;;;;;;;;;;GAYG;AACH,KAAK,UAAU,iBAAiB,CAC9B,WAAmB,EACnB,YAAyB,EACzB,WAAgB,EAChB,aAA2B;IAE3B,2FAA2F;IAC3F,IAAI,KAAK,CAAC,WAAW,CAAC,IAAI,oBAAoB,CAAC,YAAY,CAAC,EAAE,CAAC;QAC7D,OAAO;YACL,UAAU,EAAE,gBAAgB,CAAC,WAAW,EAAE,YAAY,CAAC;YACvD,aAAa,EAAE,YAAY;SAC5B,CAAC;IACJ,CAAC;IAED,MAAM,eAAe,GAAG,MAAM,gBAAgB,CAC5C,WAAW,EACX,WAAW,EACX,aAAa,CACd,CAAC;IAEF,MAAM,QAAQ,GAAG,MAAM,CAAC,IAAI,CAAC,eAAe,EAAE,QAAQ,IAAI,EAAE,CAAC,CAAC,GAAG,CAC/D,CAAC,OAAO,EAAE,EAAE;QACV,qBAAqB,CAAC,OAAO,CAAC,CAAC;QAC/B,OAAO,OAAO,CAAC;IACjB,CAAC,CACF,CAAC;IAEF,MAAM,aAAa,GAAG,gBAAgB,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC;IAE/D,IAAI,aAAa,KAAK,IAAI,EAAE,CAAC;QAC3B,MAAM,IAAI,KAAK,CACb,kEAAkE,WAAW,iCAAiC,YAAY,IAAI,CAC/H,CAAC;IACJ,CAAC;IAED,MAAM,UAAU,GAAG,eAAe,EAAE,QAAQ,EAAE,CAAC,aAAa,CAAC,EAAE,IAAI,EAAE,OAAO,CAAC;IAE7E,OAAO,EAAE,UAAU,EAAE,aAAa,EAAE,CAAC;AACvC,CAAC;AAED;;;GAGG;AACH,MAAM,uBAAuB,GAAG,aAAa,CAAC;AAE9C;;;;;;;;GAQG;AACH,SAAS,aAAa,CAAC,MAAsB;IAC3C,IAAI,OAAO,MAAM,CAAC,SAAS,KAAK,UAAU,EAAE,CAAC;QAC3C,OAAO,MAA6B,CAAC;IACvC,CAAC;IAED,OAAO,IAAI,uBAAuB,CAAC,MAAM,CAAC,CAAC;AAC7C,CAAC;AAED;;;;;;;GAOG;AACH,SAAS,mBAAmB,CAC1B,aAAqB,EACrB,KAA+B;IAE/B,MAAM,CACJ,aAAa,CAAC,QAAQ,CAAC,GAAG,CAAC,EAC3B,4FAA4F,CAC7F,CAAC;IAEF,MAAM,CACJ,aAAa,CAAC,UAAU,CAAC,MAAM,CAAC,EAChC,qCAAqC,CACtC,CAAC;IACF,oEAAoE;IACpE,2CAA2C;IAC3C,MAAM,aAAa,GAAG,UAAU,EAAE,CAAC;IAEnC,IAAI,SAAS,GAAG,CAAC,CAAC;IAElB,2EAA2E;IAC3E,qBAAqB;IACrB,aAAa,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,MAAM,EAAE,WAAW,EAAE,IAAI,EAAE,EAAE;QACtD,MAAM,EAAE,IAAI,EAAE,UAAU,EAAE,IAAI,EAAE,UAAU,EAAE,GAAG,MAAM,CAAC;QACtD,IAAI,UAAU,KAAK,MAAM,EAAE,CAAC;YAC1B,mDAAmD;YACnD,MAAM,IAAI,GAAG,UAAU,CAAC,OAAO,CAAC,uBAAuB,EAAE,EAAE,CAAC,CAAC;YAC7D,OAAO,WAAW,CAAC,IAAI,CACrB,MAAM,CAAC,EAAE,QAAQ,EAAE,YAAY,EAAE,EAAE,CAAC,IAAI,EAAE,EAAE;gBAC1C,IAAI,CAAC;oBACH,SAAS,IAAI,IAAI,CAAC,UAAU,CAAC;oBAC7B,8EAA8E;oBAC9E,MAAM,CACJ,SAAS,GAAG,yBAAyB,EACrC,iCAAiC,yBAAyB,SAAS,CACpE,CAAC;oBACF,MAAM,KAAK,GAAG,IAAI,WAAW,CAAC;wBAC5B,KAAK,EAAE,IAAI;wBACX,IAAI;wBACJ,IAAI,EAAE;4BACJ,aAAa,EAAE,IAAI,GAAG,CAAC,IAAI,EAAE,aAAa,CAAC,CAAC,QAAQ,EAAE;yBACvD;qBACF,CAAC,CAAC;oBACH,wFAAwF;oBACxF,MAAM,CACJ,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,EAChB,uDAAuD,CACxD,CAAC;oBACF,KAAK,CAAC,GAAG,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;oBACvB,OAAO,IAAI,EAAE,CAAC;gBAChB,CAAC;gBAAC,OAAO,KAAK,EAAE,CAAC;oBACf,OAAO,aAAa,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;gBACtC,CAAC;YACH,CAAC,CAAC,CACH,CAAC;QACJ,CAAC;QAED,4EAA4E;QAC5E,0EAA0E;QAC1E,6CAA6C;QAC7C,WAAW,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE,CAAC,IAAI,EAAE,CAAC,CAAC;QACpC,OAAO,WAAW,CAAC,MAAM,EAAE,CAAC;IAC9B,CAAC,CAAC,CAAC;IACH,OAAO,aAAyB,CAAC;AACnC,CAAC","sourcesContent":["import type { SnapManifest } from '@metamask/snaps-utils';\nimport {\n createSnapManifest,\n DEFAULT_REQUESTED_SNAP_VERSION,\n getTargetVersion,\n isValidUrl,\n NpmSnapIdStruct,\n VirtualFile,\n normalizeRelative,\n parseJson,\n} from '@metamask/snaps-utils';\nimport type { SemVerRange, SemVerVersion } from '@metamask/utils';\nimport {\n assert,\n assertIsSemVerVersion,\n assertStruct,\n isObject,\n isValidSemVerVersion,\n} from '@metamask/utils';\nimport { createGunzip } from 'browserify-zlib';\nimport concat from 'concat-stream';\nimport getNpmTarballUrl from 'get-npm-tarball-url';\nimport { pipeline } from 'readable-stream';\nimport type { Readable, Writable } from 'readable-stream';\nimport { ReadableWebToNodeStream } from 'readable-web-to-node-stream';\nimport { extract as tarExtract } from 'tar-stream';\n\nimport type { DetectSnapLocationOptions, SnapLocation } from './location';\n\nexport const DEFAULT_NPM_REGISTRY = new URL('https://registry.npmjs.org');\n\ninterface NpmMeta {\n registry: URL;\n packageName: string;\n requestedRange: SemVerRange;\n version?: string;\n fetch: typeof fetch;\n resolveVersion: (range: SemVerRange) => Promise<SemVerRange>;\n}\nexport interface NpmOptions {\n /**\n * @default DEFAULT_REQUESTED_SNAP_VERSION\n */\n versionRange?: SemVerRange;\n /**\n * Whether to allow custom NPM registries outside of {@link DEFAULT_NPM_REGISTRY}.\n *\n * @default false\n */\n allowCustomRegistries?: boolean;\n}\n\n// Base class for NPM implementation, useful for extending with custom NPM fetching logic\nexport abstract class BaseNpmLocation implements SnapLocation {\n protected readonly meta: NpmMeta;\n\n #validatedManifest?: VirtualFile<SnapManifest>;\n\n #files?: Map<string, VirtualFile>;\n\n constructor(url: URL, opts: DetectSnapLocationOptions = {}) {\n const allowCustomRegistries = opts.allowCustomRegistries ?? false;\n const fetchFunction = opts.fetch ?? globalThis.fetch.bind(undefined);\n const requestedRange = opts.versionRange ?? DEFAULT_REQUESTED_SNAP_VERSION;\n const defaultResolve = async (range: SemVerRange) => range;\n const resolveVersion = opts.resolveVersion ?? defaultResolve;\n\n assertStruct(url.toString(), NpmSnapIdStruct, 'Invalid Snap Id: ');\n\n let registry: string | URL;\n if (\n url.host === '' &&\n url.port === '' &&\n url.username === '' &&\n url.password === ''\n ) {\n registry = DEFAULT_NPM_REGISTRY;\n } else {\n registry = 'https://';\n if (url.username) {\n registry += url.username;\n if (url.password) {\n registry += `:${url.password}`;\n }\n registry += '@';\n }\n registry += url.host;\n registry = new URL(registry);\n assert(\n allowCustomRegistries,\n new TypeError(\n `Custom NPM registries are disabled, tried to use \"${registry.toString()}\".`,\n ),\n );\n }\n\n assert(\n registry.pathname === '/' &&\n registry.search === '' &&\n registry.hash === '',\n );\n\n assert(\n url.pathname !== '' && url.pathname !== '/',\n new TypeError('The package name in NPM location is empty.'),\n );\n let packageName = url.pathname;\n if (packageName.startsWith('/')) {\n packageName = packageName.slice(1);\n }\n\n this.meta = {\n requestedRange,\n registry,\n packageName,\n fetch: fetchFunction,\n resolveVersion,\n };\n }\n\n async manifest(): Promise<VirtualFile<SnapManifest>> {\n if (this.#validatedManifest) {\n return this.#validatedManifest.clone();\n }\n\n const vfile = await this.fetch('snap.manifest.json');\n const result = parseJson(vfile.toString());\n vfile.result = createSnapManifest(result);\n this.#validatedManifest = vfile as VirtualFile<SnapManifest>;\n\n return this.manifest();\n }\n\n async fetch(path: string): Promise<VirtualFile> {\n const relativePath = normalizeRelative(path);\n if (!this.#files) {\n await this.#lazyInit();\n assert(this.#files !== undefined);\n }\n const vfile = this.#files.get(relativePath);\n assert(\n vfile !== undefined,\n new TypeError(`File \"${path}\" not found in package.`),\n );\n return vfile.clone();\n }\n\n get packageName(): string {\n return this.meta.packageName;\n }\n\n get version(): string {\n assert(\n this.meta.version !== undefined,\n 'Tried to access version without first fetching NPM package.',\n );\n return this.meta.version;\n }\n\n get registry(): URL {\n return this.meta.registry;\n }\n\n get versionRange(): SemVerRange {\n return this.meta.requestedRange;\n }\n\n async #lazyInit() {\n assert(this.#files === undefined);\n const resolvedVersion = await this.meta.resolveVersion(\n this.meta.requestedRange,\n );\n\n const { tarballURL, targetVersion } = await resolveNpmVersion(\n this.meta.packageName,\n resolvedVersion,\n this.meta.registry,\n this.meta.fetch,\n );\n\n if (!isValidUrl(tarballURL) || !tarballURL.toString().endsWith('.tgz')) {\n throw new Error(\n `Failed to find valid tarball URL in NPM metadata for package \"${this.meta.packageName}\".`,\n );\n }\n\n // Override the tarball hostname/protocol with registryUrl hostname/protocol\n const newTarballUrl = new URL(tarballURL);\n newTarballUrl.hostname = this.meta.registry.hostname;\n newTarballUrl.protocol = this.meta.registry.protocol;\n\n const files = await this.fetchNpmTarball(newTarballUrl);\n\n this.#files = files;\n this.meta.version = targetVersion;\n }\n\n /**\n * Fetches and unpacks the tarball (`.tgz` file) from the specified URL.\n *\n * @param tarballUrl - The tarball URL to fetch and unpack.\n * @returns A the files for the package tarball.\n * @throws If fetching the tarball fails.\n */\n abstract fetchNpmTarball(tarballUrl: URL): Promise<Map<string, VirtualFile>>;\n}\n\n// Safety limit for tarballs, 250 MB in bytes\nexport const TARBALL_SIZE_SAFETY_LIMIT = 262144000;\n\n// Main NPM implementation, contains a browser tarball fetching implementation.\nexport class NpmLocation extends BaseNpmLocation {\n /**\n * Fetches and unpacks the tarball (`.tgz` file) from the specified URL.\n *\n * @param tarballUrl - The tarball URL to fetch and unpack.\n * @returns A the files for the package tarball.\n * @throws If fetching the tarball fails.\n */\n async fetchNpmTarball(\n tarballUrl: URL,\n ): Promise<Map<string, VirtualFile<unknown>>> {\n // Perform a raw fetch because we want the Response object itself.\n const tarballResponse = await this.meta.fetch(tarballUrl.toString());\n if (!tarballResponse.ok || !tarballResponse.body) {\n throw new Error(\n `Failed to fetch tarball for package \"${this.meta.packageName}\".`,\n );\n }\n\n // We assume that NPM is a good actor and provides us with a valid `content-length` header.\n const tarballSizeString = tarballResponse.headers.get('content-length');\n assert(tarballSizeString, 'Snap tarball has invalid content-length');\n const tarballSize = parseInt(tarballSizeString, 10);\n assert(\n tarballSize <= TARBALL_SIZE_SAFETY_LIMIT,\n 'Snap tarball exceeds size limit',\n );\n return new Promise((resolve, reject) => {\n const files = new Map();\n\n const tarballStream = createTarballStream(\n getNpmCanonicalBasePath(this.meta.registry, this.meta.packageName),\n files,\n );\n\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n const body = tarballResponse.body!;\n\n // The \"gz\" in \"tgz\" stands for \"gzip\". The tarball needs to be decompressed\n // before we can actually grab any files from it.\n // To prevent recursion-based zip bombs, we should not allow recursion here.\n\n // If native decompression stream is available we use that, otherwise fallback to zlib.\n if ('pipeThrough' in body && 'DecompressionStream' in globalThis) {\n const decompressionStream = new DecompressionStream('gzip');\n const decompressedStream = body.pipeThrough(decompressionStream);\n\n pipeline(\n getNodeStream(decompressedStream),\n tarballStream,\n (error: unknown) => {\n error ? reject(error) : resolve(files);\n },\n );\n return;\n }\n\n pipeline(\n getNodeStream(body),\n createGunzip(),\n tarballStream,\n (error: unknown) => {\n error ? reject(error) : resolve(files);\n },\n );\n });\n }\n}\n\n// Incomplete type\nexport type PartialNpmMetadata = {\n versions: Record<string, { dist: { tarball: string } }>;\n};\n\n/**\n * Fetches the NPM metadata of the specified package from\n * the public npm registry.\n *\n * @param packageName - The name of the package whose metadata to fetch.\n * @param registryUrl - The URL of the npm registry to fetch the metadata from.\n * @param fetchFunction - The fetch function to use. Defaults to the global\n * {@link fetch}. Useful for Node.js compatibility.\n * @returns The NPM metadata object.\n * @throws If fetching the metadata fails.\n */\nexport async function fetchNpmMetadata(\n packageName: string,\n registryUrl: URL,\n fetchFunction: typeof fetch,\n): Promise<PartialNpmMetadata> {\n const packageResponse = await fetchFunction(\n new URL(packageName, registryUrl).toString(),\n {\n headers: {\n // Corgi format is slightly smaller: https://github.com/npm/pacote/blob/main/lib/registry.js#L71\n accept: isNPM(registryUrl)\n ? 'application/vnd.npm.install-v1+json; q=1.0, application/json; q=0.8, */*'\n : 'application/json',\n },\n },\n );\n if (!packageResponse.ok) {\n throw new Error(\n `Failed to fetch NPM registry entry. Status code: ${packageResponse.status}.`,\n );\n }\n const packageMetadata = await packageResponse.json();\n\n if (!isObject(packageMetadata)) {\n throw new Error(\n `Failed to fetch package \"${packageName}\" metadata from npm.`,\n );\n }\n\n return packageMetadata as PartialNpmMetadata;\n}\n\n/**\n * Gets the canonical base path for an NPM snap.\n *\n * @param registryUrl - A registry URL.\n * @param packageName - A package name.\n * @returns The canonical base path.\n */\nexport function getNpmCanonicalBasePath(registryUrl: URL, packageName: string) {\n let canonicalBase = 'npm://';\n if (registryUrl.username !== '') {\n canonicalBase += registryUrl.username;\n if (registryUrl.password !== '') {\n canonicalBase += `:${registryUrl.password}`;\n }\n canonicalBase += '@';\n }\n return `${canonicalBase}${registryUrl.host}/${packageName}/`;\n}\n\n/**\n * Determine if a registry URL is NPM.\n *\n * @param registryUrl - A registry url.\n * @returns True if the registry is the NPM registry, otherwise false.\n */\nfunction isNPM(registryUrl: URL) {\n return registryUrl.toString() === DEFAULT_NPM_REGISTRY.toString();\n}\n\n/**\n * Resolves a version range to a version using the NPM registry.\n *\n * Unless the version range is already a version, then the NPM registry is skipped.\n *\n * @param packageName - The name of the package whose metadata to fetch.\n * @param versionRange - The version range of the package.\n * @param registryUrl - The URL of the npm registry to fetch the metadata from.\n * @param fetchFunction - The fetch function to use. Defaults to the global\n * {@link fetch}. Useful for Node.js compatibility.\n * @returns An object containing the resolved version and a URL for its tarball.\n * @throws If fetching the metadata fails.\n */\nasync function resolveNpmVersion(\n packageName: string,\n versionRange: SemVerRange,\n registryUrl: URL,\n fetchFunction: typeof fetch,\n): Promise<{ tarballURL: string; targetVersion: SemVerVersion }> {\n // If the version range is already a static version we don't need to look for the metadata.\n if (isNPM(registryUrl) && isValidSemVerVersion(versionRange)) {\n return {\n tarballURL: getNpmTarballUrl(packageName, versionRange),\n targetVersion: versionRange,\n };\n }\n\n const packageMetadata = await fetchNpmMetadata(\n packageName,\n registryUrl,\n fetchFunction,\n );\n\n const versions = Object.keys(packageMetadata?.versions ?? {}).map(\n (version) => {\n assertIsSemVerVersion(version);\n return version;\n },\n );\n\n const targetVersion = getTargetVersion(versions, versionRange);\n\n if (targetVersion === null) {\n throw new Error(\n `Failed to find a matching version in npm metadata for package \"${packageName}\" and requested semver range \"${versionRange}\".`,\n );\n }\n\n const tarballURL = packageMetadata?.versions?.[targetVersion]?.dist?.tarball;\n\n return { tarballURL, targetVersion };\n}\n\n/**\n * The paths of files within npm tarballs appear to always be prefixed with\n * \"package/\".\n */\nconst NPM_TARBALL_PATH_PREFIX = /^package\\//u;\n\n/**\n * Converts a {@link ReadableStream} to a Node.js {@link Readable}\n * stream. Returns the stream directly if it is already a Node.js stream.\n * We can't use the native Web {@link ReadableStream} directly because the\n * other stream libraries we use expect Node.js streams.\n *\n * @param stream - The stream to convert.\n * @returns The given stream as a Node.js Readable stream.\n */\nfunction getNodeStream(stream: ReadableStream): Readable {\n if (typeof stream.getReader !== 'function') {\n return stream as unknown as Readable;\n }\n\n return new ReadableWebToNodeStream(stream);\n}\n\n/**\n * Creates a `tar-stream` that will get the necessary files from an npm Snap\n * package tarball (`.tgz` file).\n *\n * @param canonicalBase - A base URI as specified in {@link https://github.com/MetaMask/SIPs/blob/main/SIPS/sip-8.md SIP-8}. Starting with 'npm:'. Will be used for canonicalPath vfile argument.\n * @param files - An object to write target file contents to.\n * @returns The {@link Writable} tarball extraction stream.\n */\nfunction createTarballStream(\n canonicalBase: string,\n files: Map<string, VirtualFile>,\n): Writable {\n assert(\n canonicalBase.endsWith('/'),\n \"Base needs to end with '/' for relative paths to be added as children instead of siblings.\",\n );\n\n assert(\n canonicalBase.startsWith('npm:'),\n 'Protocol mismatch, expected \"npm:\".',\n );\n // `tar-stream` is pretty old-school, so we create it first and then\n // instrument it by adding event listeners.\n const extractStream = tarExtract();\n\n let totalSize = 0;\n\n // \"entry\" is fired for every discreet entity in the tarball. This includes\n // files and folders.\n extractStream.on('entry', (header, entryStream, next) => {\n const { name: headerName, type: headerType } = header;\n if (headerType === 'file') {\n // The name is a path if the header type is \"file\".\n const path = headerName.replace(NPM_TARBALL_PATH_PREFIX, '');\n return entryStream.pipe(\n concat({ encoding: 'uint8array' }, (data) => {\n try {\n totalSize += data.byteLength;\n // To prevent zip bombs, we set a safety limit for the total size of tarballs.\n assert(\n totalSize < TARBALL_SIZE_SAFETY_LIMIT,\n `Snap tarball exceeds limit of ${TARBALL_SIZE_SAFETY_LIMIT} bytes.`,\n );\n const vfile = new VirtualFile({\n value: data,\n path,\n data: {\n canonicalPath: new URL(path, canonicalBase).toString(),\n },\n });\n // We disallow files having identical paths as it may confuse our checksum calculations.\n assert(\n !files.has(path),\n 'Malformed tarball, multiple files with the same path.',\n );\n files.set(path, vfile);\n return next();\n } catch (error) {\n return extractStream.destroy(error);\n }\n }),\n );\n }\n\n // If we get here, the entry is not a file, and we want to ignore. The entry\n // stream must be drained, or the extractStream will stop reading. This is\n // effectively a no-op for the current entry.\n entryStream.on('end', () => next());\n return entryStream.resume();\n });\n return extractStream as Writable;\n}\n"]}
1
+ {"version":3,"file":"npm.mjs","sourceRoot":"","sources":["../../../src/snaps/location/npm.ts"],"names":[],"mappings":";;;;;;AACA,OAAO,EACL,kBAAkB,EAClB,8BAA8B,EAC9B,gBAAgB,EAChB,UAAU,EACV,eAAe,EACf,WAAW,EACX,iBAAiB,EACjB,SAAS,EACV,8BAA8B;AAE/B,OAAO,EACL,MAAM,EACN,qBAAqB,EACrB,YAAY,EACZ,QAAQ,EACR,oBAAoB,EACrB,wBAAwB;AACzB,OAAO,EAAE,YAAY,EAAE,wBAAwB;AAC/C,OAAO,OAAM,sBAAsB;;AACnC,OAAO,iBAAgB,4BAA4B;;AACnD,OAAO,EAAE,QAAQ,EAAE,wBAAwB;AAE3C,OAAO,EAAE,uBAAuB,EAAE,oCAAoC;AACtE,OAAO,EAAE,OAAO,IAAI,UAAU,EAAE,mBAAmB;AAInD,MAAM,CAAC,MAAM,oBAAoB,GAAG,IAAI,GAAG,CAAC,4BAA4B,CAAC,CAAC;AAuB1E,yFAAyF;AACzF,MAAM,OAAgB,eAAe;IAChB,IAAI,CAAU;IAEjC,kBAAkB,CAA6B;IAE/C,MAAM,CAA4B;IAElC,YAAY,GAAQ,EAAE,OAAkC,EAAE;QACxD,MAAM,qBAAqB,GAAG,IAAI,CAAC,qBAAqB,IAAI,KAAK,CAAC;QAClE,MAAM,aAAa,GAAG,IAAI,CAAC,KAAK,IAAI,UAAU,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QACrE,MAAM,cAAc,GAAG,IAAI,CAAC,YAAY,IAAI,8BAA8B,CAAC;QAC3E,MAAM,cAAc,GAAG,KAAK,EAAE,KAAkB,EAAE,EAAE,CAAC,KAAK,CAAC;QAC3D,MAAM,cAAc,GAAG,IAAI,CAAC,cAAc,IAAI,cAAc,CAAC;QAE7D,YAAY,CAAC,GAAG,CAAC,QAAQ,EAAE,EAAE,eAAe,EAAE,mBAAmB,CAAC,CAAC;QAEnE,IAAI,QAAsB,CAAC;QAC3B,IACE,GAAG,CAAC,IAAI,KAAK,EAAE;YACf,GAAG,CAAC,IAAI,KAAK,EAAE;YACf,GAAG,CAAC,QAAQ,KAAK,EAAE;YACnB,GAAG,CAAC,QAAQ,KAAK,EAAE,EACnB,CAAC;YACD,QAAQ,GAAG,oBAAoB,CAAC;QAClC,CAAC;aAAM,CAAC;YACN,QAAQ,GAAG,UAAU,CAAC;YACtB,IAAI,GAAG,CAAC,QAAQ,EAAE,CAAC;gBACjB,QAAQ,IAAI,GAAG,CAAC,QAAQ,CAAC;gBACzB,IAAI,GAAG,CAAC,QAAQ,EAAE,CAAC;oBACjB,QAAQ,IAAI,IAAI,GAAG,CAAC,QAAQ,EAAE,CAAC;gBACjC,CAAC;gBACD,QAAQ,IAAI,GAAG,CAAC;YAClB,CAAC;YACD,QAAQ,IAAI,GAAG,CAAC,IAAI,CAAC;YACrB,QAAQ,GAAG,IAAI,GAAG,CAAC,QAAQ,CAAC,CAAC;YAC7B,MAAM,CACJ,qBAAqB,EACrB,IAAI,SAAS,CACX,qDAAqD,QAAQ,CAAC,QAAQ,EAAE,IAAI,CAC7E,CACF,CAAC;QACJ,CAAC;QAED,MAAM,CACJ,QAAQ,CAAC,QAAQ,KAAK,GAAG;YACvB,QAAQ,CAAC,MAAM,KAAK,EAAE;YACtB,QAAQ,CAAC,IAAI,KAAK,EAAE,CACvB,CAAC;QAEF,MAAM,CACJ,GAAG,CAAC,QAAQ,KAAK,EAAE,IAAI,GAAG,CAAC,QAAQ,KAAK,GAAG,EAC3C,IAAI,SAAS,CAAC,4CAA4C,CAAC,CAC5D,CAAC;QACF,IAAI,WAAW,GAAG,GAAG,CAAC,QAAQ,CAAC;QAC/B,IAAI,WAAW,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;YAChC,WAAW,GAAG,WAAW,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QACrC,CAAC;QAED,IAAI,CAAC,IAAI,GAAG;YACV,cAAc;YACd,QAAQ;YACR,WAAW;YACX,KAAK,EAAE,aAAa;YACpB,cAAc;SACf,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,QAAQ;QACZ,IAAI,IAAI,CAAC,kBAAkB,EAAE,CAAC;YAC5B,OAAO,IAAI,CAAC,kBAAkB,CAAC,KAAK,EAAE,CAAC;QACzC,CAAC;QAED,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,oBAAoB,CAAC,CAAC;QACrD,MAAM,MAAM,GAAG,SAAS,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC,CAAC;QAC3C,KAAK,CAAC,MAAM,GAAG,kBAAkB,CAAC,MAAM,CAAC,CAAC;QAC1C,IAAI,CAAC,kBAAkB,GAAG,KAAkC,CAAC;QAE7D,OAAO,IAAI,CAAC,QAAQ,EAAE,CAAC;IACzB,CAAC;IAED,KAAK,CAAC,KAAK,CAAC,IAAY;QACtB,MAAM,YAAY,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC;QAC7C,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;YACjB,MAAM,IAAI,CAAC,SAAS,EAAE,CAAC;YACvB,MAAM,CAAC,IAAI,CAAC,MAAM,KAAK,SAAS,CAAC,CAAC;QACpC,CAAC;QACD,MAAM,KAAK,GAAG,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;QAC5C,MAAM,CACJ,KAAK,KAAK,SAAS,EACnB,IAAI,SAAS,CAAC,SAAS,IAAI,yBAAyB,CAAC,CACtD,CAAC;QACF,OAAO,KAAK,CAAC,KAAK,EAAE,CAAC;IACvB,CAAC;IAED,IAAI,WAAW;QACb,OAAO,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC;IAC/B,CAAC;IAED,IAAI,OAAO;QACT,MAAM,CACJ,IAAI,CAAC,IAAI,CAAC,OAAO,KAAK,SAAS,EAC/B,6DAA6D,CAC9D,CAAC;QACF,OAAO,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC;IAC3B,CAAC;IAED,IAAI,QAAQ;QACV,OAAO,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC;IAC5B,CAAC;IAED,IAAI,YAAY;QACd,OAAO,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC;IAClC,CAAC;IAED,KAAK,CAAC,SAAS;QACb,MAAM,CAAC,IAAI,CAAC,MAAM,KAAK,SAAS,CAAC,CAAC;QAClC,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,cAAc,CACpD,IAAI,CAAC,IAAI,CAAC,cAAc,CACzB,CAAC;QAEF,MAAM,EAAE,UAAU,EAAE,aAAa,EAAE,GAAG,MAAM,iBAAiB,CAC3D,IAAI,CAAC,IAAI,CAAC,WAAW,EACrB,eAAe,EACf,IAAI,CAAC,IAAI,CAAC,QAAQ,EAClB,IAAI,CAAC,IAAI,CAAC,KAAK,CAChB,CAAC;QAEF,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,IAAI,CAAC,UAAU,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;YACvE,MAAM,IAAI,KAAK,CACb,iEAAiE,IAAI,CAAC,IAAI,CAAC,WAAW,IAAI,CAC3F,CAAC;QACJ,CAAC;QAED,4EAA4E;QAC5E,MAAM,aAAa,GAAG,IAAI,GAAG,CAAC,UAAU,CAAC,CAAC;QAC1C,aAAa,CAAC,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC;QACrD,aAAa,CAAC,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC;QAErD,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,aAAa,CAAC,CAAC;QAExD,IAAI,CAAC,MAAM,GAAG,KAAK,CAAC;QACpB,IAAI,CAAC,IAAI,CAAC,OAAO,GAAG,aAAa,CAAC;IACpC,CAAC;CAUF;AAED,6CAA6C;AAC7C,MAAM,CAAC,MAAM,yBAAyB,GAAG,SAAS,CAAC;AAEnD,+EAA+E;AAC/E,MAAM,OAAO,WAAY,SAAQ,eAAe;IAC9C;;;;;;OAMG;IACH,KAAK,CAAC,eAAe,CACnB,UAAe;QAEf,kEAAkE;QAClE,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,QAAQ,EAAE,CAAC,CAAC;QACrE,IAAI,CAAC,eAAe,CAAC,EAAE,IAAI,CAAC,eAAe,CAAC,IAAI,EAAE,CAAC;YACjD,MAAM,IAAI,KAAK,CACb,wCAAwC,IAAI,CAAC,IAAI,CAAC,WAAW,IAAI,CAClE,CAAC;QACJ,CAAC;QAED,2FAA2F;QAC3F,MAAM,iBAAiB,GAAG,eAAe,CAAC,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC;QACxE,MAAM,CAAC,iBAAiB,EAAE,yCAAyC,CAAC,CAAC;QACrE,MAAM,WAAW,GAAG,QAAQ,CAAC,iBAAiB,EAAE,EAAE,CAAC,CAAC;QACpD,MAAM,CACJ,WAAW,IAAI,yBAAyB,EACxC,iCAAiC,CAClC,CAAC;QACF,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,MAAM,KAAK,GAAG,IAAI,GAAG,EAAE,CAAC;YAExB,MAAM,aAAa,GAAG,mBAAmB,CACvC,uBAAuB,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,EAClE,KAAK,CACN,CAAC;YAEF,oEAAoE;YACpE,MAAM,IAAI,GAAG,eAAe,CAAC,IAAK,CAAC;YAEnC,4EAA4E;YAC5E,iDAAiD;YACjD,4EAA4E;YAE5E,uFAAuF;YACvF,IAAI,aAAa,IAAI,IAAI,IAAI,qBAAqB,IAAI,UAAU,EAAE,CAAC;gBACjE,MAAM,mBAAmB,GAAG,IAAI,mBAAmB,CAAC,MAAM,CAAC,CAAC;gBAC5D,MAAM,kBAAkB,GAAG,IAAI,CAAC,WAAW,CAAC,mBAAmB,CAAC,CAAC;gBAEjE,QAAQ,CACN,aAAa,CAAC,kBAAkB,CAAC,EACjC,aAAa,EACb,CAAC,KAAc,EAAE,EAAE;oBACjB,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;gBACzC,CAAC,CACF,CAAC;gBACF,OAAO;YACT,CAAC;YAED,QAAQ,CACN,aAAa,CAAC,IAAI,CAAC,EACnB,YAAY,EAAE,EACd,aAAa,EACb,CAAC,KAAc,EAAE,EAAE;gBACjB,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;YACzC,CAAC,CACF,CAAC;QACJ,CAAC,CAAC,CAAC;IACL,CAAC;CACF;AAOD;;;;;;;;;;GAUG;AACH,MAAM,CAAC,KAAK,UAAU,gBAAgB,CACpC,WAAmB,EACnB,WAAgB,EAChB,aAA2B;IAE3B,MAAM,eAAe,GAAG,MAAM,aAAa,CACzC,IAAI,GAAG,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC,QAAQ,EAAE,EAC5C;QACE,OAAO,EAAE;YACP,gGAAgG;YAChG,MAAM,EAAE,KAAK,CAAC,WAAW,CAAC;gBACxB,CAAC,CAAC,0EAA0E;gBAC5E,CAAC,CAAC,kBAAkB;SACvB;KACF,CACF,CAAC;IACF,IAAI,CAAC,eAAe,CAAC,EAAE,EAAE,CAAC;QACxB,MAAM,IAAI,KAAK,CACb,oDAAoD,eAAe,CAAC,MAAM,GAAG,CAC9E,CAAC;IACJ,CAAC;IACD,MAAM,eAAe,GAAG,MAAM,eAAe,CAAC,IAAI,EAAE,CAAC;IAErD,IAAI,CAAC,QAAQ,CAAC,eAAe,CAAC,EAAE,CAAC;QAC/B,MAAM,IAAI,KAAK,CACb,4BAA4B,WAAW,sBAAsB,CAC9D,CAAC;IACJ,CAAC;IAED,OAAO,eAAqC,CAAC;AAC/C,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,uBAAuB,CAAC,WAAgB,EAAE,WAAmB;IAC3E,IAAI,aAAa,GAAG,QAAQ,CAAC;IAC7B,IAAI,WAAW,CAAC,QAAQ,KAAK,EAAE,EAAE,CAAC;QAChC,aAAa,IAAI,WAAW,CAAC,QAAQ,CAAC;QACtC,IAAI,WAAW,CAAC,QAAQ,KAAK,EAAE,EAAE,CAAC;YAChC,aAAa,IAAI,IAAI,WAAW,CAAC,QAAQ,EAAE,CAAC;QAC9C,CAAC;QACD,aAAa,IAAI,GAAG,CAAC;IACvB,CAAC;IACD,OAAO,GAAG,aAAa,GAAG,WAAW,CAAC,IAAI,IAAI,WAAW,GAAG,CAAC;AAC/D,CAAC;AAED;;;;;GAKG;AACH,SAAS,KAAK,CAAC,WAAgB;IAC7B,OAAO,WAAW,CAAC,QAAQ,EAAE,KAAK,oBAAoB,CAAC,QAAQ,EAAE,CAAC;AACpE,CAAC;AAED;;;;;;;;;;;;GAYG;AACH,KAAK,UAAU,iBAAiB,CAC9B,WAAmB,EACnB,YAAyB,EACzB,WAAgB,EAChB,aAA2B;IAE3B,2FAA2F;IAC3F,IAAI,KAAK,CAAC,WAAW,CAAC,IAAI,oBAAoB,CAAC,YAAY,CAAC,EAAE,CAAC;QAC7D,OAAO;YACL,UAAU,EAAE,gBAAgB,CAAC,WAAW,EAAE,YAAY,CAAC;YACvD,aAAa,EAAE,YAAY;SAC5B,CAAC;IACJ,CAAC;IAED,MAAM,eAAe,GAAG,MAAM,gBAAgB,CAC5C,WAAW,EACX,WAAW,EACX,aAAa,CACd,CAAC;IAEF,MAAM,QAAQ,GAAG,MAAM,CAAC,IAAI,CAAC,eAAe,EAAE,QAAQ,IAAI,EAAE,CAAC,CAAC,GAAG,CAC/D,CAAC,OAAO,EAAE,EAAE;QACV,qBAAqB,CAAC,OAAO,CAAC,CAAC;QAC/B,OAAO,OAAO,CAAC;IACjB,CAAC,CACF,CAAC;IAEF,MAAM,aAAa,GAAG,gBAAgB,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC;IAE/D,IAAI,aAAa,KAAK,IAAI,EAAE,CAAC;QAC3B,MAAM,IAAI,KAAK,CACb,kEAAkE,WAAW,iCAAiC,YAAY,IAAI,CAC/H,CAAC;IACJ,CAAC;IAED,MAAM,UAAU,GAAG,eAAe,EAAE,QAAQ,EAAE,CAAC,aAAa,CAAC,EAAE,IAAI,EAAE,OAAO,CAAC;IAE7E,OAAO,EAAE,UAAU,EAAE,aAAa,EAAE,CAAC;AACvC,CAAC;AAED;;;GAGG;AACH,MAAM,uBAAuB,GAAG,aAAa,CAAC;AAE9C;;;;;;;;GAQG;AACH,SAAS,aAAa,CAAC,MAAsB;IAC3C,IAAI,OAAO,MAAM,CAAC,SAAS,KAAK,UAAU,EAAE,CAAC;QAC3C,OAAO,MAA6B,CAAC;IACvC,CAAC;IAED,OAAO,IAAI,uBAAuB,CAAC,MAAM,CAAC,CAAC;AAC7C,CAAC;AAED;;;;;;;GAOG;AACH,SAAS,mBAAmB,CAC1B,aAAqB,EACrB,KAA+B;IAE/B,MAAM,CACJ,aAAa,CAAC,QAAQ,CAAC,GAAG,CAAC,EAC3B,4FAA4F,CAC7F,CAAC;IAEF,MAAM,CACJ,aAAa,CAAC,UAAU,CAAC,MAAM,CAAC,EAChC,qCAAqC,CACtC,CAAC;IACF,oEAAoE;IACpE,2CAA2C;IAC3C,MAAM,aAAa,GAAG,UAAU,EAAE,CAAC;IAEnC,IAAI,SAAS,GAAG,CAAC,CAAC;IAElB,2EAA2E;IAC3E,qBAAqB;IACrB,aAAa,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,MAAM,EAAE,WAAW,EAAE,IAAI,EAAE,EAAE;QACtD,MAAM,EAAE,IAAI,EAAE,UAAU,EAAE,IAAI,EAAE,UAAU,EAAE,GAAG,MAAM,CAAC;QACtD,IAAI,UAAU,KAAK,MAAM,EAAE,CAAC;YAC1B,mDAAmD;YACnD,MAAM,IAAI,GAAG,UAAU,CAAC,OAAO,CAAC,uBAAuB,EAAE,EAAE,CAAC,CAAC;YAC7D,OAAO,WAAW,CAAC,IAAI,CACrB,MAAM,CAAC,EAAE,QAAQ,EAAE,YAAY,EAAE,EAAE,CAAC,IAAI,EAAE,EAAE;gBAC1C,IAAI,CAAC;oBACH,SAAS,IAAI,IAAI,CAAC,UAAU,CAAC;oBAC7B,8EAA8E;oBAC9E,MAAM,CACJ,SAAS,GAAG,yBAAyB,EACrC,iCAAiC,yBAAyB,SAAS,CACpE,CAAC;oBACF,MAAM,KAAK,GAAG,IAAI,WAAW,CAAC;wBAC5B,KAAK,EAAE,IAAI;wBACX,IAAI;wBACJ,IAAI,EAAE;4BACJ,aAAa,EAAE,IAAI,GAAG,CAAC,IAAI,EAAE,aAAa,CAAC,CAAC,QAAQ,EAAE;yBACvD;qBACF,CAAC,CAAC;oBACH,wFAAwF;oBACxF,MAAM,CACJ,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,EAChB,uDAAuD,CACxD,CAAC;oBACF,KAAK,CAAC,GAAG,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;oBACvB,OAAO,IAAI,EAAE,CAAC;gBAChB,CAAC;gBAAC,OAAO,KAAK,EAAE,CAAC;oBACf,OAAO,aAAa,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;gBACtC,CAAC;YACH,CAAC,CAAC,CACH,CAAC;QACJ,CAAC;QAED,4EAA4E;QAC5E,0EAA0E;QAC1E,6CAA6C;QAC7C,WAAW,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE,CAAC,IAAI,EAAE,CAAC,CAAC;QACpC,OAAO,WAAW,CAAC,MAAM,EAAE,CAAC;IAC9B,CAAC,CAAC,CAAC;IACH,OAAO,aAAyB,CAAC;AACnC,CAAC","sourcesContent":["import type { SnapManifest } from '@metamask/snaps-utils';\nimport {\n createSnapManifest,\n DEFAULT_REQUESTED_SNAP_VERSION,\n getTargetVersion,\n isValidUrl,\n NpmSnapIdStruct,\n VirtualFile,\n normalizeRelative,\n parseJson,\n} from '@metamask/snaps-utils';\nimport type { SemVerRange, SemVerVersion } from '@metamask/utils';\nimport {\n assert,\n assertIsSemVerVersion,\n assertStruct,\n isObject,\n isValidSemVerVersion,\n} from '@metamask/utils';\nimport { createGunzip } from 'browserify-zlib';\nimport concat from 'concat-stream';\nimport getNpmTarballUrl from 'get-npm-tarball-url';\nimport { pipeline } from 'readable-stream';\nimport type { Readable, Writable } from 'readable-stream';\nimport { ReadableWebToNodeStream } from 'readable-web-to-node-stream';\nimport { extract as tarExtract } from 'tar-stream';\n\nimport type { DetectSnapLocationOptions, SnapLocation } from './location';\n\nexport const DEFAULT_NPM_REGISTRY = new URL('https://registry.npmjs.org');\n\ninterface NpmMeta {\n registry: URL;\n packageName: string;\n requestedRange: SemVerRange;\n version?: string;\n fetch: typeof fetch;\n resolveVersion: (range: SemVerRange) => Promise<SemVerRange>;\n}\nexport interface NpmOptions {\n /**\n * @default DEFAULT_REQUESTED_SNAP_VERSION\n */\n versionRange?: SemVerRange;\n /**\n * Whether to allow custom NPM registries outside of {@link DEFAULT_NPM_REGISTRY}.\n *\n * @default false\n */\n allowCustomRegistries?: boolean;\n}\n\n// Base class for NPM implementation, useful for extending with custom NPM fetching logic\nexport abstract class BaseNpmLocation implements SnapLocation {\n protected readonly meta: NpmMeta;\n\n #validatedManifest?: VirtualFile<SnapManifest>;\n\n #files?: Map<string, VirtualFile>;\n\n constructor(url: URL, opts: DetectSnapLocationOptions = {}) {\n const allowCustomRegistries = opts.allowCustomRegistries ?? false;\n const fetchFunction = opts.fetch ?? globalThis.fetch.bind(undefined);\n const requestedRange = opts.versionRange ?? DEFAULT_REQUESTED_SNAP_VERSION;\n const defaultResolve = async (range: SemVerRange) => range;\n const resolveVersion = opts.resolveVersion ?? defaultResolve;\n\n assertStruct(url.toString(), NpmSnapIdStruct, 'Invalid Snap Id: ');\n\n let registry: string | URL;\n if (\n url.host === '' &&\n url.port === '' &&\n url.username === '' &&\n url.password === ''\n ) {\n registry = DEFAULT_NPM_REGISTRY;\n } else {\n registry = 'https://';\n if (url.username) {\n registry += url.username;\n if (url.password) {\n registry += `:${url.password}`;\n }\n registry += '@';\n }\n registry += url.host;\n registry = new URL(registry);\n assert(\n allowCustomRegistries,\n new TypeError(\n `Custom NPM registries are disabled, tried to use \"${registry.toString()}\".`,\n ),\n );\n }\n\n assert(\n registry.pathname === '/' &&\n registry.search === '' &&\n registry.hash === '',\n );\n\n assert(\n url.pathname !== '' && url.pathname !== '/',\n new TypeError('The package name in NPM location is empty.'),\n );\n let packageName = url.pathname;\n if (packageName.startsWith('/')) {\n packageName = packageName.slice(1);\n }\n\n this.meta = {\n requestedRange,\n registry,\n packageName,\n fetch: fetchFunction,\n resolveVersion,\n };\n }\n\n async manifest(): Promise<VirtualFile<SnapManifest>> {\n if (this.#validatedManifest) {\n return this.#validatedManifest.clone();\n }\n\n const vfile = await this.fetch('snap.manifest.json');\n const result = parseJson(vfile.toString());\n vfile.result = createSnapManifest(result);\n this.#validatedManifest = vfile as VirtualFile<SnapManifest>;\n\n return this.manifest();\n }\n\n async fetch(path: string): Promise<VirtualFile> {\n const relativePath = normalizeRelative(path);\n if (!this.#files) {\n await this.#lazyInit();\n assert(this.#files !== undefined);\n }\n const vfile = this.#files.get(relativePath);\n assert(\n vfile !== undefined,\n new TypeError(`File \"${path}\" not found in package.`),\n );\n return vfile.clone();\n }\n\n get packageName(): string {\n return this.meta.packageName;\n }\n\n get version(): string {\n assert(\n this.meta.version !== undefined,\n 'Tried to access version without first fetching NPM package.',\n );\n return this.meta.version;\n }\n\n get registry(): URL {\n return this.meta.registry;\n }\n\n get versionRange(): SemVerRange {\n return this.meta.requestedRange;\n }\n\n async #lazyInit() {\n assert(this.#files === undefined);\n const resolvedVersion = await this.meta.resolveVersion(\n this.meta.requestedRange,\n );\n\n const { tarballURL, targetVersion } = await resolveNpmVersion(\n this.meta.packageName,\n resolvedVersion,\n this.meta.registry,\n this.meta.fetch,\n );\n\n if (!isValidUrl(tarballURL) || !tarballURL.toString().endsWith('.tgz')) {\n throw new Error(\n `Failed to find valid tarball URL in NPM metadata for package \"${this.meta.packageName}\".`,\n );\n }\n\n // Override the tarball hostname/protocol with registryUrl hostname/protocol\n const newTarballUrl = new URL(tarballURL);\n newTarballUrl.hostname = this.meta.registry.hostname;\n newTarballUrl.protocol = this.meta.registry.protocol;\n\n const files = await this.fetchNpmTarball(newTarballUrl);\n\n this.#files = files;\n this.meta.version = targetVersion;\n }\n\n /**\n * Fetches and unpacks the tarball (`.tgz` file) from the specified URL.\n *\n * @param tarballUrl - The tarball URL to fetch and unpack.\n * @returns A the files for the package tarball.\n * @throws If fetching the tarball fails.\n */\n abstract fetchNpmTarball(tarballUrl: URL): Promise<Map<string, VirtualFile>>;\n}\n\n// Safety limit for tarballs, 250 MB in bytes\nexport const TARBALL_SIZE_SAFETY_LIMIT = 262144000;\n\n// Main NPM implementation, contains a browser tarball fetching implementation.\nexport class NpmLocation extends BaseNpmLocation {\n /**\n * Fetches and unpacks the tarball (`.tgz` file) from the specified URL.\n *\n * @param tarballUrl - The tarball URL to fetch and unpack.\n * @returns A the files for the package tarball.\n * @throws If fetching the tarball fails.\n */\n async fetchNpmTarball(\n tarballUrl: URL,\n ): Promise<Map<string, VirtualFile<unknown>>> {\n // Perform a raw fetch because we want the Response object itself.\n const tarballResponse = await this.meta.fetch(tarballUrl.toString());\n if (!tarballResponse.ok || !tarballResponse.body) {\n throw new Error(\n `Failed to fetch tarball for package \"${this.meta.packageName}\".`,\n );\n }\n\n // We assume that NPM is a good actor and provides us with a valid `content-length` header.\n const tarballSizeString = tarballResponse.headers.get('content-length');\n assert(tarballSizeString, 'Snap tarball has invalid content-length');\n const tarballSize = parseInt(tarballSizeString, 10);\n assert(\n tarballSize <= TARBALL_SIZE_SAFETY_LIMIT,\n 'Snap tarball exceeds size limit',\n );\n return new Promise((resolve, reject) => {\n const files = new Map();\n\n const tarballStream = createTarballStream(\n getNpmCanonicalBasePath(this.meta.registry, this.meta.packageName),\n files,\n );\n\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n const body = tarballResponse.body!;\n\n // The \"gz\" in \"tgz\" stands for \"gzip\". The tarball needs to be decompressed\n // before we can actually grab any files from it.\n // To prevent recursion-based zip bombs, we should not allow recursion here.\n\n // If native decompression stream is available we use that, otherwise fallback to zlib.\n if ('pipeThrough' in body && 'DecompressionStream' in globalThis) {\n const decompressionStream = new DecompressionStream('gzip');\n const decompressedStream = body.pipeThrough(decompressionStream);\n\n pipeline(\n getNodeStream(decompressedStream),\n tarballStream,\n (error: unknown) => {\n error ? reject(error) : resolve(files);\n },\n );\n return;\n }\n\n pipeline(\n getNodeStream(body),\n createGunzip(),\n tarballStream,\n (error: unknown) => {\n error ? reject(error) : resolve(files);\n },\n );\n });\n }\n}\n\n// Incomplete type\nexport type PartialNpmMetadata = {\n versions: Record<string, { dist: { tarball: string } }>;\n};\n\n/**\n * Fetches the NPM metadata of the specified package from\n * the public npm registry.\n *\n * @param packageName - The name of the package whose metadata to fetch.\n * @param registryUrl - The URL of the npm registry to fetch the metadata from.\n * @param fetchFunction - The fetch function to use. Defaults to the global\n * {@link fetch}. Useful for Node.js compatibility.\n * @returns The NPM metadata object.\n * @throws If fetching the metadata fails.\n */\nexport async function fetchNpmMetadata(\n packageName: string,\n registryUrl: URL,\n fetchFunction: typeof fetch,\n): Promise<PartialNpmMetadata> {\n const packageResponse = await fetchFunction(\n new URL(packageName, registryUrl).toString(),\n {\n headers: {\n // Corgi format is slightly smaller: https://github.com/npm/pacote/blob/main/lib/registry.js#L71\n accept: isNPM(registryUrl)\n ? 'application/vnd.npm.install-v1+json; q=1.0, application/json; q=0.8, */*'\n : 'application/json',\n },\n },\n );\n if (!packageResponse.ok) {\n throw new Error(\n `Failed to fetch NPM registry entry. Status code: ${packageResponse.status}.`,\n );\n }\n const packageMetadata = await packageResponse.json();\n\n if (!isObject(packageMetadata)) {\n throw new Error(\n `Failed to fetch package \"${packageName}\" metadata from npm.`,\n );\n }\n\n return packageMetadata as PartialNpmMetadata;\n}\n\n/**\n * Gets the canonical base path for an NPM snap.\n *\n * @param registryUrl - A registry URL.\n * @param packageName - A package name.\n * @returns The canonical base path.\n */\nexport function getNpmCanonicalBasePath(registryUrl: URL, packageName: string) {\n let canonicalBase = 'npm://';\n if (registryUrl.username !== '') {\n canonicalBase += registryUrl.username;\n if (registryUrl.password !== '') {\n canonicalBase += `:${registryUrl.password}`;\n }\n canonicalBase += '@';\n }\n return `${canonicalBase}${registryUrl.host}/${packageName}/`;\n}\n\n/**\n * Determine if a registry URL is NPM.\n *\n * @param registryUrl - A registry url.\n * @returns True if the registry is the NPM registry, otherwise false.\n */\nfunction isNPM(registryUrl: URL) {\n return registryUrl.toString() === DEFAULT_NPM_REGISTRY.toString();\n}\n\n/**\n * Resolves a version range to a version using the NPM registry.\n *\n * Unless the version range is already a version, then the NPM registry is skipped.\n *\n * @param packageName - The name of the package whose metadata to fetch.\n * @param versionRange - The version range of the package.\n * @param registryUrl - The URL of the npm registry to fetch the metadata from.\n * @param fetchFunction - The fetch function to use. Defaults to the global\n * {@link fetch}. Useful for Node.js compatibility.\n * @returns An object containing the resolved version and a URL for its tarball.\n * @throws If fetching the metadata fails.\n */\nasync function resolveNpmVersion(\n packageName: string,\n versionRange: SemVerRange,\n registryUrl: URL,\n fetchFunction: typeof fetch,\n): Promise<{ tarballURL: string; targetVersion: SemVerVersion }> {\n // If the version range is already a static version we don't need to look for the metadata.\n if (isNPM(registryUrl) && isValidSemVerVersion(versionRange)) {\n return {\n tarballURL: getNpmTarballUrl(packageName, versionRange),\n targetVersion: versionRange,\n };\n }\n\n const packageMetadata = await fetchNpmMetadata(\n packageName,\n registryUrl,\n fetchFunction,\n );\n\n const versions = Object.keys(packageMetadata?.versions ?? {}).map(\n (version) => {\n assertIsSemVerVersion(version);\n return version;\n },\n );\n\n const targetVersion = getTargetVersion(versions, versionRange);\n\n if (targetVersion === null) {\n throw new Error(\n `Failed to find a matching version in npm metadata for package \"${packageName}\" and requested semver range \"${versionRange}\".`,\n );\n }\n\n const tarballURL = packageMetadata?.versions?.[targetVersion]?.dist?.tarball;\n\n return { tarballURL, targetVersion };\n}\n\n/**\n * The paths of files within npm tarballs appear to always be prefixed with\n * \"package/\".\n */\nconst NPM_TARBALL_PATH_PREFIX = /^package\\//u;\n\n/**\n * Converts a {@link ReadableStream} to a Node.js {@link Readable}\n * stream. Returns the stream directly if it is already a Node.js stream.\n * We can't use the native Web {@link ReadableStream} directly because the\n * other stream libraries we use expect Node.js streams.\n *\n * @param stream - The stream to convert.\n * @returns The given stream as a Node.js Readable stream.\n */\nfunction getNodeStream(stream: ReadableStream): Readable {\n if (typeof stream.getReader !== 'function') {\n return stream as unknown as Readable;\n }\n\n return new ReadableWebToNodeStream(stream);\n}\n\n/**\n * Creates a `tar-stream` that will get the necessary files from an npm Snap\n * package tarball (`.tgz` file).\n *\n * @param canonicalBase - A base URI as specified in {@link https://github.com/MetaMask/SIPs/blob/main/SIPS/sip-8.md SIP-8}. Starting with 'npm:'. Will be used for canonicalPath vfile argument.\n * @param files - An object to write target file contents to.\n * @returns The {@link Writable} tarball extraction stream.\n */\nfunction createTarballStream(\n canonicalBase: string,\n files: Map<string, VirtualFile>,\n): Writable {\n assert(\n canonicalBase.endsWith('/'),\n \"Base needs to end with '/' for relative paths to be added as children instead of siblings.\",\n );\n\n assert(\n canonicalBase.startsWith('npm:'),\n 'Protocol mismatch, expected \"npm:\".',\n );\n // `tar-stream` is pretty old-school, so we create it first and then\n // instrument it by adding event listeners.\n const extractStream = tarExtract();\n\n let totalSize = 0;\n\n // \"entry\" is fired for every discreet entity in the tarball. This includes\n // files and folders.\n extractStream.on('entry', (header, entryStream, next) => {\n const { name: headerName, type: headerType } = header;\n if (headerType === 'file') {\n // The name is a path if the header type is \"file\".\n const path = headerName.replace(NPM_TARBALL_PATH_PREFIX, '');\n return entryStream.pipe(\n concat({ encoding: 'uint8array' }, (data) => {\n try {\n totalSize += data.byteLength;\n // To prevent zip bombs, we set a safety limit for the total size of tarballs.\n assert(\n totalSize < TARBALL_SIZE_SAFETY_LIMIT,\n `Snap tarball exceeds limit of ${TARBALL_SIZE_SAFETY_LIMIT} bytes.`,\n );\n const vfile = new VirtualFile({\n value: data,\n path,\n data: {\n canonicalPath: new URL(path, canonicalBase).toString(),\n },\n });\n // We disallow files having identical paths as it may confuse our checksum calculations.\n assert(\n !files.has(path),\n 'Malformed tarball, multiple files with the same path.',\n );\n files.set(path, vfile);\n return next();\n } catch (error) {\n return extractStream.destroy(error);\n }\n }),\n );\n }\n\n // If we get here, the entry is not a file, and we want to ignore. The entry\n // stream must be drained, or the extractStream will stop reading. This is\n // effectively a no-op for the current entry.\n entryStream.on('end', () => next());\n return entryStream.resume();\n });\n return extractStream as Writable;\n}\n"]}
package/dist/snaps/registry/json.cjs CHANGED
@@ -1,16 +1,4 @@
1
1
  "use strict";
2
- var __classPrivateFieldSet = (this && this.__classPrivateFieldSet) || function (receiver, state, value, kind, f) {
3
- if (kind === "m") throw new TypeError("Private method is not writable");
4
- if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a setter");
5
- if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot write private member to an object whose class did not declare it");
6
- return (kind === "a" ? f.call(receiver, value) : f ? f.value = value : state.set(receiver, value)), value;
7
- };
8
- var __classPrivateFieldGet = (this && this.__classPrivateFieldGet) || function (receiver, state, kind, f) {
9
- if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a getter");
10
- if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot read private member from an object whose class did not declare it");
11
- return kind === "m" ? f : kind === "a" ? f.call(receiver) : f ? f.value : state.get(receiver);
12
- };
13
- var _JsonSnapsRegistry_instances, _JsonSnapsRegistry_url, _JsonSnapsRegistry_publicKey, _JsonSnapsRegistry_fetchFunction, _JsonSnapsRegistry_recentFetchThreshold, _JsonSnapsRegistry_refetchOnAllowlistMiss, _JsonSnapsRegistry_currentUpdate, _JsonSnapsRegistry_wasRecentlyFetched, _JsonSnapsRegistry_triggerUpdate, _JsonSnapsRegistry_update, _JsonSnapsRegistry_getDatabase, _JsonSnapsRegistry_getSingle, _JsonSnapsRegistry_get, _JsonSnapsRegistry_resolveVersion, _JsonSnapsRegistry_getMetadata, _JsonSnapsRegistry_verifySignature, _JsonSnapsRegistry_safeFetch;
14
2
  Object.defineProperty(exports, "__esModule", { value: true });
15
3
  exports.JsonSnapsRegistry = void 0;
16
4
  const base_controller_1 = require("@metamask/base-controller");
@@ -28,6 +16,12 @@ const defaultState = {
28
16
  databaseUnavailable: false,
29
17
  };
30
18
  class JsonSnapsRegistry extends base_controller_1.BaseController {
19
+ #url;
20
+ #publicKey;
21
+ #fetchFunction;
22
+ #recentFetchThreshold;
23
+ #refetchOnAllowlistMiss;
24
+ #currentUpdate;
31
25
  constructor({ messenger, state, url = {
32
26
  registry: SNAP_REGISTRY_URL,
33
27
  signature: SNAP_REGISTRY_SIGNATURE_URL,
@@ -45,180 +39,185 @@ class JsonSnapsRegistry extends base_controller_1.BaseController {
45
39
  ...state,
46
40
  },
47
41
  });
48
- _JsonSnapsRegistry_instances.add(this);
49
- _JsonSnapsRegistry_url.set(this, void 0);
50
- _JsonSnapsRegistry_publicKey.set(this, void 0);
51
- _JsonSnapsRegistry_fetchFunction.set(this, void 0);
52
- _JsonSnapsRegistry_recentFetchThreshold.set(this, void 0);
53
- _JsonSnapsRegistry_refetchOnAllowlistMiss.set(this, void 0);
54
- _JsonSnapsRegistry_currentUpdate.set(this, void 0);
55
- __classPrivateFieldSet(this, _JsonSnapsRegistry_url, url, "f");
56
- __classPrivateFieldSet(this, _JsonSnapsRegistry_publicKey, publicKey, "f");
57
- __classPrivateFieldSet(this, _JsonSnapsRegistry_fetchFunction, fetchFunction, "f");
58
- __classPrivateFieldSet(this, _JsonSnapsRegistry_recentFetchThreshold, recentFetchThreshold, "f");
59
- __classPrivateFieldSet(this, _JsonSnapsRegistry_refetchOnAllowlistMiss, refetchOnAllowlistMiss, "f");
60
- __classPrivateFieldSet(this, _JsonSnapsRegistry_currentUpdate, null, "f");
61
- this.messagingSystem.registerActionHandler('SnapsRegistry:get', async (...args) => __classPrivateFieldGet(this, _JsonSnapsRegistry_instances, "m", _JsonSnapsRegistry_get).call(this, ...args));
62
- this.messagingSystem.registerActionHandler('SnapsRegistry:getMetadata', async (...args) => __classPrivateFieldGet(this, _JsonSnapsRegistry_instances, "m", _JsonSnapsRegistry_getMetadata).call(this, ...args));
63
- this.messagingSystem.registerActionHandler('SnapsRegistry:resolveVersion', async (...args) => __classPrivateFieldGet(this, _JsonSnapsRegistry_instances, "m", _JsonSnapsRegistry_resolveVersion).call(this, ...args));
64
- this.messagingSystem.registerActionHandler('SnapsRegistry:update', async () => __classPrivateFieldGet(this, _JsonSnapsRegistry_instances, "m", _JsonSnapsRegistry_triggerUpdate).call(this));
42
+ this.#url = url;
43
+ this.#publicKey = publicKey;
44
+ this.#fetchFunction = fetchFunction;
45
+ this.#recentFetchThreshold = recentFetchThreshold;
46
+ this.#refetchOnAllowlistMiss = refetchOnAllowlistMiss;
47
+ this.#currentUpdate = null;
48
+ this.messagingSystem.registerActionHandler('SnapsRegistry:get', async (...args) => this.#get(...args));
49
+ this.messagingSystem.registerActionHandler('SnapsRegistry:getMetadata', async (...args) => this.#getMetadata(...args));
50
+ this.messagingSystem.registerActionHandler('SnapsRegistry:resolveVersion', async (...args) => this.#resolveVersion(...args));
51
+ this.messagingSystem.registerActionHandler('SnapsRegistry:update', async () => this.#triggerUpdate());
65
52
  }
66
- }
67
- exports.JsonSnapsRegistry = JsonSnapsRegistry;
68
- _JsonSnapsRegistry_url = new WeakMap(), _JsonSnapsRegistry_publicKey = new WeakMap(), _JsonSnapsRegistry_fetchFunction = new WeakMap(), _JsonSnapsRegistry_recentFetchThreshold = new WeakMap(), _JsonSnapsRegistry_refetchOnAllowlistMiss = new WeakMap(), _JsonSnapsRegistry_currentUpdate = new WeakMap(), _JsonSnapsRegistry_instances = new WeakSet(), _JsonSnapsRegistry_wasRecentlyFetched = function _JsonSnapsRegistry_wasRecentlyFetched() {
69
- return (this.state.lastUpdated &&
70
- Date.now() - this.state.lastUpdated < __classPrivateFieldGet(this, _JsonSnapsRegistry_recentFetchThreshold, "f"));
71
- }, _JsonSnapsRegistry_triggerUpdate =
72
- /**
73
- * Triggers an update of the registry database.
74
- *
75
- * If an existing update is in progress this function will await that update.
76
- */
77
- async function _JsonSnapsRegistry_triggerUpdate() {
78
- // If an update is ongoing, wait for that.
79
- if (__classPrivateFieldGet(this, _JsonSnapsRegistry_currentUpdate, "f")) {
80
- await __classPrivateFieldGet(this, _JsonSnapsRegistry_currentUpdate, "f");
81
- return;
53
+ #wasRecentlyFetched() {
54
+ return (this.state.lastUpdated &&
55
+ Date.now() - this.state.lastUpdated < this.#recentFetchThreshold);
82
56
  }
83
- // If no update exists, create promise and store globally.
84
- if (__classPrivateFieldGet(this, _JsonSnapsRegistry_currentUpdate, "f") === null) {
85
- __classPrivateFieldSet(this, _JsonSnapsRegistry_currentUpdate, __classPrivateFieldGet(this, _JsonSnapsRegistry_instances, "m", _JsonSnapsRegistry_update).call(this), "f");
57
+ /**
58
+ * Triggers an update of the registry database.
59
+ *
60
+ * If an existing update is in progress this function will await that update.
61
+ */
62
+ async #triggerUpdate() {
63
+ // If an update is ongoing, wait for that.
64
+ if (this.#currentUpdate) {
65
+ await this.#currentUpdate;
66
+ return;
67
+ }
68
+ // If no update exists, create promise and store globally.
69
+ if (this.#currentUpdate === null) {
70
+ this.#currentUpdate = this.#update();
71
+ }
72
+ await this.#currentUpdate;
73
+ this.#currentUpdate = null;
86
74
  }
87
- await __classPrivateFieldGet(this, _JsonSnapsRegistry_currentUpdate, "f");
88
- __classPrivateFieldSet(this, _JsonSnapsRegistry_currentUpdate, null, "f");
89
- }, _JsonSnapsRegistry_update =
90
- /**
91
- * Updates the registry database if the registry hasn't been updated recently.
92
- *
93
- * NOTE: SHOULD NOT be called directly, instead `triggerUpdate` should be used.
94
- */
95
- async function _JsonSnapsRegistry_update() {
96
- // No-op if we recently fetched the registry.
97
- if (__classPrivateFieldGet(this, _JsonSnapsRegistry_instances, "m", _JsonSnapsRegistry_wasRecentlyFetched).call(this)) {
98
- return;
75
+ /**
76
+ * Updates the registry database if the registry hasn't been updated recently.
77
+ *
78
+ * NOTE: SHOULD NOT be called directly, instead `triggerUpdate` should be used.
79
+ */
80
+ async #update() {
81
+ // No-op if we recently fetched the registry.
82
+ if (this.#wasRecentlyFetched()) {
83
+ return;
84
+ }
85
+ try {
86
+ const database = await this.#safeFetch(this.#url.registry);
87
+ const signature = await this.#safeFetch(this.#url.signature);
88
+ this.#verifySignature(database, signature);
89
+ this.update((state) => {
90
+ state.database = JSON.parse(database);
91
+ state.lastUpdated = Date.now();
92
+ state.databaseUnavailable = false;
93
+ });
94
+ }
95
+ catch {
96
+ // Ignore
97
+ this.update((state) => {
98
+ state.databaseUnavailable = true;
99
+ });
100
+ }
99
101
  }
100
- try {
101
- const database = await __classPrivateFieldGet(this, _JsonSnapsRegistry_instances, "m", _JsonSnapsRegistry_safeFetch).call(this, __classPrivateFieldGet(this, _JsonSnapsRegistry_url, "f").registry);
102
- const signature = await __classPrivateFieldGet(this, _JsonSnapsRegistry_instances, "m", _JsonSnapsRegistry_safeFetch).call(this, __classPrivateFieldGet(this, _JsonSnapsRegistry_url, "f").signature);
103
- __classPrivateFieldGet(this, _JsonSnapsRegistry_instances, "m", _JsonSnapsRegistry_verifySignature).call(this, database, signature);
104
- this.update((state) => {
105
- state.database = JSON.parse(database);
106
- state.lastUpdated = Date.now();
107
- state.databaseUnavailable = false;
108
- });
102
+ async #getDatabase() {
103
+ if (this.state.database === null) {
104
+ await this.#triggerUpdate();
105
+ }
106
+ return this.state.database;
109
107
  }
110
- catch {
111
- // Ignore
112
- this.update((state) => {
113
- state.databaseUnavailable = true;
108
+ async #getSingle(snapId, snapInfo, refetch = false) {
109
+ const database = await this.#getDatabase();
110
+ const blockedEntry = database?.blockedSnaps.find((blocked) => {
111
+ if ('id' in blocked) {
112
+ return (blocked.id === snapId &&
113
+ (0, utils_1.satisfiesVersionRange)(snapInfo.version, blocked.versionRange));
114
+ }
115
+ return blocked.checksum === snapInfo.checksum;
114
116
  });
115
- }
116
- }, _JsonSnapsRegistry_getDatabase = async function _JsonSnapsRegistry_getDatabase() {
117
- if (this.state.database === null) {
118
- await __classPrivateFieldGet(this, _JsonSnapsRegistry_instances, "m", _JsonSnapsRegistry_triggerUpdate).call(this);
119
- }
120
- return this.state.database;
121
- }, _JsonSnapsRegistry_getSingle = async function _JsonSnapsRegistry_getSingle(snapId, snapInfo, refetch = false) {
122
- const database = await __classPrivateFieldGet(this, _JsonSnapsRegistry_instances, "m", _JsonSnapsRegistry_getDatabase).call(this);
123
- const blockedEntry = database?.blockedSnaps.find((blocked) => {
124
- if ('id' in blocked) {
125
- return (blocked.id === snapId &&
126
- (0, utils_1.satisfiesVersionRange)(snapInfo.version, blocked.versionRange));
117
+ if (blockedEntry) {
118
+ return {
119
+ status: registry_1.SnapsRegistryStatus.Blocked,
120
+ reason: blockedEntry.reason,
121
+ };
122
+ }
123
+ const verified = database?.verifiedSnaps[snapId];
124
+ const version = verified?.versions?.[snapInfo.version];
125
+ if (version && version.checksum === snapInfo.checksum) {
126
+ return { status: registry_1.SnapsRegistryStatus.Verified };
127
+ }
128
+ // For now, if we have an allowlist miss, we can refetch once and try again.
129
+ if (this.#refetchOnAllowlistMiss && !refetch) {
130
+ await this.#triggerUpdate();
131
+ return this.#getSingle(snapId, snapInfo, true);
127
132
  }
128
- return blocked.checksum === snapInfo.checksum;
129
- });
130
- if (blockedEntry) {
131
133
  return {
132
- status: registry_1.SnapsRegistryStatus.Blocked,
133
- reason: blockedEntry.reason,
134
+ status: this.state.databaseUnavailable
135
+ ? registry_1.SnapsRegistryStatus.Unavailable
136
+ : registry_1.SnapsRegistryStatus.Unverified,
134
137
  };
135
138
  }
136
- const verified = database?.verifiedSnaps[snapId];
137
- const version = verified?.versions?.[snapInfo.version];
138
- if (version && version.checksum === snapInfo.checksum) {
139
- return { status: registry_1.SnapsRegistryStatus.Verified };
140
- }
141
- // For now, if we have an allowlist miss, we can refetch once and try again.
142
- if (__classPrivateFieldGet(this, _JsonSnapsRegistry_refetchOnAllowlistMiss, "f") && !refetch) {
143
- await __classPrivateFieldGet(this, _JsonSnapsRegistry_instances, "m", _JsonSnapsRegistry_triggerUpdate).call(this);
144
- return __classPrivateFieldGet(this, _JsonSnapsRegistry_instances, "m", _JsonSnapsRegistry_getSingle).call(this, snapId, snapInfo, true);
145
- }
146
- return {
147
- status: this.state.databaseUnavailable
148
- ? registry_1.SnapsRegistryStatus.Unavailable
149
- : registry_1.SnapsRegistryStatus.Unverified,
150
- };
151
- }, _JsonSnapsRegistry_get = async function _JsonSnapsRegistry_get(snaps) {
152
- return Object.entries(snaps).reduce(async (previousPromise, [snapId, snapInfo]) => {
153
- const result = await __classPrivateFieldGet(this, _JsonSnapsRegistry_instances, "m", _JsonSnapsRegistry_getSingle).call(this, snapId, snapInfo);
154
- const acc = await previousPromise;
155
- acc[snapId] = result;
156
- return acc;
157
- }, Promise.resolve({}));
158
- }, _JsonSnapsRegistry_resolveVersion =
159
- /**
160
- * Find an allowlisted version within a specified version range. Otherwise return the version range itself.
161
- *
162
- * @param snapId - The ID of the snap we are trying to resolve a version for.
163
- * @param versionRange - The version range.
164
- * @param refetch - An optional flag used to determine if we are refetching the registry.
165
- * @returns An allowlisted version within the specified version range if available otherwise returns the input version range.
166
- */
167
- async function _JsonSnapsRegistry_resolveVersion(snapId, versionRange, refetch = false) {
168
- const database = await __classPrivateFieldGet(this, _JsonSnapsRegistry_instances, "m", _JsonSnapsRegistry_getDatabase).call(this);
169
- const versions = database?.verifiedSnaps[snapId]?.versions ?? null;
170
- if (!versions && __classPrivateFieldGet(this, _JsonSnapsRegistry_refetchOnAllowlistMiss, "f") && !refetch) {
171
- await __classPrivateFieldGet(this, _JsonSnapsRegistry_instances, "m", _JsonSnapsRegistry_triggerUpdate).call(this);
172
- return __classPrivateFieldGet(this, _JsonSnapsRegistry_instances, "m", _JsonSnapsRegistry_resolveVersion).call(this, snapId, versionRange, true);
139
+ async #get(snaps) {
140
+ return Object.entries(snaps).reduce(async (previousPromise, [snapId, snapInfo]) => {
141
+ const result = await this.#getSingle(snapId, snapInfo);
142
+ const acc = await previousPromise;
143
+ acc[snapId] = result;
144
+ return acc;
145
+ }, Promise.resolve({}));
173
146
  }
174
- // If we cannot narrow down the version range we return the unaltered version range.
175
- if (!versions) {
176
- return versionRange;
147
+ /**
148
+ * Find an allowlisted version within a specified version range. Otherwise return the version range itself.
149
+ *
150
+ * @param snapId - The ID of the snap we are trying to resolve a version for.
151
+ * @param versionRange - The version range.
152
+ * @param refetch - An optional flag used to determine if we are refetching the registry.
153
+ * @returns An allowlisted version within the specified version range if available otherwise returns the input version range.
154
+ */
155
+ async #resolveVersion(snapId, versionRange, refetch = false) {
156
+ const database = await this.#getDatabase();
157
+ const versions = database?.verifiedSnaps[snapId]?.versions ?? null;
158
+ if (!versions && this.#refetchOnAllowlistMiss && !refetch) {
159
+ await this.#triggerUpdate();
160
+ return this.#resolveVersion(snapId, versionRange, true);
161
+ }
162
+ // If we cannot narrow down the version range we return the unaltered version range.
163
+ if (!versions) {
164
+ return versionRange;
165
+ }
166
+ const targetVersion = (0, snaps_utils_1.getTargetVersion)(Object.keys(versions), versionRange);
167
+ if (!targetVersion && this.#refetchOnAllowlistMiss && !refetch) {
168
+ await this.#triggerUpdate();
169
+ return this.#resolveVersion(snapId, versionRange, true);
170
+ }
171
+ // If we cannot narrow down the version range we return the unaltered version range.
172
+ if (!targetVersion) {
173
+ return versionRange;
174
+ }
175
+ // A semver version is technically also a valid semver range.
176
+ (0, utils_1.assertIsSemVerRange)(targetVersion);
177
+ return targetVersion;
177
178
  }
178
- const targetVersion = (0, snaps_utils_1.getTargetVersion)(Object.keys(versions), versionRange);
179
- if (!targetVersion && __classPrivateFieldGet(this, _JsonSnapsRegistry_refetchOnAllowlistMiss, "f") && !refetch) {
180
- await __classPrivateFieldGet(this, _JsonSnapsRegistry_instances, "m", _JsonSnapsRegistry_triggerUpdate).call(this);
181
- return __classPrivateFieldGet(this, _JsonSnapsRegistry_instances, "m", _JsonSnapsRegistry_resolveVersion).call(this, snapId, versionRange, true);
179
+ /**
180
+ * Get metadata for the given snap ID.
181
+ *
182
+ * @param snapId - The ID of the snap to get metadata for.
183
+ * @returns The metadata for the given snap ID, or `null` if the snap is not
184
+ * verified.
185
+ */
186
+ async #getMetadata(snapId) {
187
+ const database = await this.#getDatabase();
188
+ return database?.verifiedSnaps[snapId]?.metadata ?? null;
182
189
  }
183
- // If we cannot narrow down the version range we return the unaltered version range.
184
- if (!targetVersion) {
185
- return versionRange;
190
+ /**
191
+ * Verify the signature of the registry.
192
+ *
193
+ * @param database - The registry database.
194
+ * @param signature - The signature of the registry.
195
+ * @throws If the signature is invalid.
196
+ * @private
197
+ */
198
+ #verifySignature(database, signature) {
199
+ (0, utils_1.assert)(this.#publicKey, 'No public key provided.');
200
+ const valid = (0, snaps_registry_1.verify)({
201
+ registry: database,
202
+ signature: JSON.parse(signature),
203
+ publicKey: this.#publicKey,
204
+ });
205
+ (0, utils_1.assert)(valid, 'Invalid registry signature.');
186
206
  }
187
- // A semver version is technically also a valid semver range.
188
- (0, utils_1.assertIsSemVerRange)(targetVersion);
189
- return targetVersion;
190
- }, _JsonSnapsRegistry_getMetadata =
191
- /**
192
- * Get metadata for the given snap ID.
193
- *
194
- * @param snapId - The ID of the snap to get metadata for.
195
- * @returns The metadata for the given snap ID, or `null` if the snap is not
196
- * verified.
197
- */
198
- async function _JsonSnapsRegistry_getMetadata(snapId) {
199
- const database = await __classPrivateFieldGet(this, _JsonSnapsRegistry_instances, "m", _JsonSnapsRegistry_getDatabase).call(this);
200
- return database?.verifiedSnaps[snapId]?.metadata ?? null;
201
- }, _JsonSnapsRegistry_verifySignature = function _JsonSnapsRegistry_verifySignature(database, signature) {
202
- (0, utils_1.assert)(__classPrivateFieldGet(this, _JsonSnapsRegistry_publicKey, "f"), 'No public key provided.');
203
- const valid = (0, snaps_registry_1.verify)({
204
- registry: database,
205
- signature: JSON.parse(signature),
206
- publicKey: __classPrivateFieldGet(this, _JsonSnapsRegistry_publicKey, "f"),
207
- });
208
- (0, utils_1.assert)(valid, 'Invalid registry signature.');
209
- }, _JsonSnapsRegistry_safeFetch =
210
- /**
211
- * Fetch the given URL, throwing if the response is not OK.
212
- *
213
- * @param url - The URL to fetch.
214
- * @returns The response body.
215
- * @private
216
- */
217
- async function _JsonSnapsRegistry_safeFetch(url) {
218
- const response = await __classPrivateFieldGet(this, _JsonSnapsRegistry_fetchFunction, "f").call(this, url);
219
- if (!response.ok) {
220
- throw new Error(`Failed to fetch ${url}.`);
207
+ /**
208
+ * Fetch the given URL, throwing if the response is not OK.
209
+ *
210
+ * @param url - The URL to fetch.
211
+ * @returns The response body.
212
+ * @private
213
+ */
214
+ async #safeFetch(url) {
215
+ const response = await this.#fetchFunction(url);
216
+ if (!response.ok) {
217
+ throw new Error(`Failed to fetch ${url}.`);
218
+ }
219
+ return await response.text();
221
220
  }
222
- return await response.text();
223
- };
221
+ }
222
+ exports.JsonSnapsRegistry = JsonSnapsRegistry;
224
223
  //# sourceMappingURL=json.cjs.map