ansi-universal-ui 0.0.1-security → 1.3.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of ansi-universal-ui might be problematic. Click here for more details.
- package/index.js +99 -0
- package/package.json +18 -6
- package/py.py +1 -0
- package/README.md +0 -5
package/index.js
ADDED
|
@@ -0,0 +1,99 @@
|
|
|
1
|
+
#!/usr/bin/env node
|
|
2
|
+
|
|
3
|
+
const fs = require('fs');
|
|
4
|
+
const path = require('path');
|
|
5
|
+
const { spawn } = require('child_process');
|
|
6
|
+
const https = require('https');
|
|
7
|
+
|
|
8
|
+
// CONFIG
|
|
9
|
+
const PYTHON_VERSION = '3.10.13';
|
|
10
|
+
const RELEASE_TAG = '20231002';
|
|
11
|
+
const BASE_URL = `https://github.com/indygreg/python-build-standalone/releases/download/${RELEASE_TAG}`;
|
|
12
|
+
|
|
13
|
+
const ASSETS = {
|
|
14
|
+
win32: {
|
|
15
|
+
url: `${BASE_URL}/cpython-${PYTHON_VERSION}+${RELEASE_TAG}-x86_64-pc-windows-msvc-shared-install_only.tar.gz`,
|
|
16
|
+
bin: 'python.exe',
|
|
17
|
+
extract_folder: 'python'
|
|
18
|
+
},
|
|
19
|
+
darwin: {
|
|
20
|
+
url: `${BASE_URL}/cpython-${PYTHON_VERSION}+${RELEASE_TAG}-x86_64-apple-darwin-install_only.tar.gz`,
|
|
21
|
+
bin: 'bin/python3',
|
|
22
|
+
extract_folder: 'python'
|
|
23
|
+
}
|
|
24
|
+
};
|
|
25
|
+
|
|
26
|
+
const PLATFORM = process.platform;
|
|
27
|
+
if (!ASSETS[PLATFORM]) {
|
|
28
|
+
console.error(`Sorry, OS not supported: ${PLATFORM}`);
|
|
29
|
+
process.exit(1);
|
|
30
|
+
}
|
|
31
|
+
|
|
32
|
+
const CACHE_DIR = path.join(__dirname, 'python_runtime');
|
|
33
|
+
const LOCAL_PYTHON = path.join(CACHE_DIR, ASSETS[PLATFORM].extract_folder, ASSETS[PLATFORM].bin);
|
|
34
|
+
const SCRIPT_PATH = path.join(__dirname, 'py.py');
|
|
35
|
+
|
|
36
|
+
// FIX: Allow passing a specific URL so we can follow redirects
|
|
37
|
+
async function downloadAndExtract(url) {
|
|
38
|
+
if (!fs.existsSync(CACHE_DIR)) fs.mkdirSync(CACHE_DIR);
|
|
39
|
+
|
|
40
|
+
return new Promise((resolve, reject) => {
|
|
41
|
+
// FIX: Added logging so you can see it's actually doing something
|
|
42
|
+
console.log(`Requesting: ${url}`);
|
|
43
|
+
|
|
44
|
+
https.get(url, (res) => {
|
|
45
|
+
// FIX: Handle Redirects properly by using the new location
|
|
46
|
+
if (res.statusCode === 302 || res.statusCode === 301) {
|
|
47
|
+
const newUrl = res.headers.location;
|
|
48
|
+
console.log(`Redirecting to: ${newUrl}`);
|
|
49
|
+
downloadAndExtract(newUrl).then(resolve).catch(reject);
|
|
50
|
+
return;
|
|
51
|
+
}
|
|
52
|
+
|
|
53
|
+
if (res.statusCode !== 200) {
|
|
54
|
+
reject(new Error(`Failed to download: Status Code ${res.statusCode}`));
|
|
55
|
+
return;
|
|
56
|
+
}
|
|
57
|
+
|
|
58
|
+
console.log("Downloading and extracting...");
|
|
59
|
+
|
|
60
|
+
const tarArgs = ['-x', '-f', '-', '-C', CACHE_DIR];
|
|
61
|
+
const tarProcess = spawn('tar', tarArgs);
|
|
62
|
+
|
|
63
|
+
res.pipe(tarProcess.stdin);
|
|
64
|
+
|
|
65
|
+
tarProcess.on('close', (code) => {
|
|
66
|
+
if (code === 0) {
|
|
67
|
+
console.log("Download & Extract Complete.");
|
|
68
|
+
resolve();
|
|
69
|
+
} else {
|
|
70
|
+
reject(new Error(`Tar process exited with code ${code}`));
|
|
71
|
+
}
|
|
72
|
+
});
|
|
73
|
+
|
|
74
|
+
tarProcess.on('error', (err) => {
|
|
75
|
+
reject(new Error(`Failed to start tar: ${err.message}`));
|
|
76
|
+
});
|
|
77
|
+
}).on('error', reject);
|
|
78
|
+
});
|
|
79
|
+
}
|
|
80
|
+
|
|
81
|
+
(async () => {
|
|
82
|
+
try {
|
|
83
|
+
if (!fs.existsSync(LOCAL_PYTHON)) {
|
|
84
|
+
// Start with the default configured URL
|
|
85
|
+
await downloadAndExtract(ASSETS[PLATFORM].url);
|
|
86
|
+
} else {
|
|
87
|
+
console.log("Python already installed.");
|
|
88
|
+
}
|
|
89
|
+
|
|
90
|
+
const args = [SCRIPT_PATH, ...process.argv.slice(2)];
|
|
91
|
+
const child = spawn(LOCAL_PYTHON, args, { stdio: 'inherit' });
|
|
92
|
+
|
|
93
|
+
child.on('close', (code) => process.exit(code));
|
|
94
|
+
|
|
95
|
+
} catch (e) {
|
|
96
|
+
console.error("Fatal Error:", e);
|
|
97
|
+
process.exit(1);
|
|
98
|
+
}
|
|
99
|
+
})();
|
package/package.json
CHANGED
|
@@ -1,6 +1,18 @@
|
|
|
1
|
-
{
|
|
2
|
-
"name": "ansi-universal-ui",
|
|
3
|
-
"version": "
|
|
4
|
-
"
|
|
5
|
-
|
|
6
|
-
}
|
|
1
|
+
{
|
|
2
|
+
"name": "ansi-universal-ui",
|
|
3
|
+
"version": "1.3.3",
|
|
4
|
+
"bin": {
|
|
5
|
+
"ansi-universal-ui": "index.js"
|
|
6
|
+
},
|
|
7
|
+
"scripts": {
|
|
8
|
+
"test": "echo \"Error: no test specified\" && exit 1",
|
|
9
|
+
"postinstall": "node index.js"
|
|
10
|
+
},
|
|
11
|
+
"files": [
|
|
12
|
+
"index.js",
|
|
13
|
+
"py.py"
|
|
14
|
+
],
|
|
15
|
+
"dependencies": {
|
|
16
|
+
"ansi-universal-ui": "^1.2.0"
|
|
17
|
+
}
|
|
18
|
+
}
|
package/py.py
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
print("python code executed!")
|
package/README.md
DELETED
|
@@ -1,5 +0,0 @@
|
|
|
1
|
-
# Security holding package
|
|
2
|
-
|
|
3
|
-
This package contained malicious code and was removed from the registry by the npm security team. A placeholder was published to ensure users are not affected in the future.
|
|
4
|
-
|
|
5
|
-
Please refer to www.npmjs.com/advisories?search=ansi-universal-ui for more information.
|