npm-pkg-lint 5.1.0 → 5.1.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.js +18 -7
- package/dist/index.js.map +2 -2
- package/package.json +1 -1
package/dist/index.js
CHANGED
|
@@ -3452,13 +3452,20 @@ var require_tmp = __commonJS({
|
|
|
3452
3452
|
].join("");
|
|
3453
3453
|
return path8.join(tmpDir, opts.dir, name);
|
|
3454
3454
|
}
|
|
3455
|
+
function _assertPath(path9) {
|
|
3456
|
+
if (path9.includes("..")) {
|
|
3457
|
+
throw new Error("Relative value not allowed");
|
|
3458
|
+
}
|
|
3459
|
+
return path9;
|
|
3460
|
+
}
|
|
3455
3461
|
function _assertOptionsBase(options) {
|
|
3456
3462
|
if (!_isUndefined(options.name)) {
|
|
3457
3463
|
const name = options.name;
|
|
3458
3464
|
if (path8.isAbsolute(name)) throw new Error(`name option must not contain an absolute path, found "${name}".`);
|
|
3459
3465
|
const basename = path8.basename(name);
|
|
3460
|
-
if (basename === ".." || basename === "." || basename !== name)
|
|
3466
|
+
if (basename === ".." || basename === "." || basename !== name) {
|
|
3461
3467
|
throw new Error(`name option must not contain a path, found "${name}".`);
|
|
3468
|
+
}
|
|
3462
3469
|
}
|
|
3463
3470
|
if (!_isUndefined(options.template) && !options.template.match(TEMPLATE_PATTERN)) {
|
|
3464
3471
|
throw new Error(`Invalid template, found "${options.template}".`);
|
|
@@ -3471,15 +3478,16 @@ var require_tmp = __commonJS({
|
|
|
3471
3478
|
options.detachDescriptor = !!options.detachDescriptor;
|
|
3472
3479
|
options.discardDescriptor = !!options.discardDescriptor;
|
|
3473
3480
|
options.unsafeCleanup = !!options.unsafeCleanup;
|
|
3474
|
-
options.prefix = _isUndefined(options.prefix) ? "" : options.prefix;
|
|
3475
|
-
options.postfix = _isUndefined(options.postfix) ? "" : options.postfix;
|
|
3481
|
+
options.prefix = _isUndefined(options.prefix) ? "" : _assertPath(options.prefix);
|
|
3482
|
+
options.postfix = _isUndefined(options.postfix) ? "" : _assertPath(options.postfix);
|
|
3483
|
+
options.template = _isUndefined(options.template) ? void 0 : _assertPath(options.template);
|
|
3476
3484
|
}
|
|
3477
3485
|
function _getRelativePath(option, name, tmpDir, cb) {
|
|
3478
3486
|
if (_isUndefined(name)) return cb(null);
|
|
3479
3487
|
_resolvePath(name, tmpDir, function(err, resolvedPath) {
|
|
3480
3488
|
if (err) return cb(err);
|
|
3481
3489
|
const relativePath = path8.relative(tmpDir, resolvedPath);
|
|
3482
|
-
if (
|
|
3490
|
+
if (relativePath.startsWith("..") || path8.isAbsolute(relativePath)) {
|
|
3483
3491
|
return cb(new Error(`${option} option must be relative to "${tmpDir}", found "${relativePath}".`));
|
|
3484
3492
|
}
|
|
3485
3493
|
cb(null, relativePath);
|
|
@@ -3489,7 +3497,7 @@ var require_tmp = __commonJS({
|
|
|
3489
3497
|
if (_isUndefined(name)) return;
|
|
3490
3498
|
const resolvedPath = _resolvePathSync(name, tmpDir);
|
|
3491
3499
|
const relativePath = path8.relative(tmpDir, resolvedPath);
|
|
3492
|
-
if (
|
|
3500
|
+
if (relativePath.startsWith("..") || path8.isAbsolute(relativePath)) {
|
|
3493
3501
|
throw new Error(`${option} option must be relative to "${tmpDir}", found "${relativePath}".`);
|
|
3494
3502
|
}
|
|
3495
3503
|
return relativePath;
|
|
@@ -4539,6 +4547,7 @@ var require_range = __commonJS({
|
|
|
4539
4547
|
return this.range;
|
|
4540
4548
|
}
|
|
4541
4549
|
parseRange(range) {
|
|
4550
|
+
range = range.replace(BUILDSTRIPRE, "");
|
|
4542
4551
|
const memoOpts = (this.options.includePrerelease && FLAG_INCLUDE_PRERELEASE) | (this.options.loose && FLAG_LOOSE);
|
|
4543
4552
|
const memoKey = memoOpts + ":" + range;
|
|
4544
4553
|
const cached = cache2.get(memoKey);
|
|
@@ -4621,12 +4630,14 @@ var require_range = __commonJS({
|
|
|
4621
4630
|
var SemVer = require_semver();
|
|
4622
4631
|
var {
|
|
4623
4632
|
safeRe: re2,
|
|
4633
|
+
src,
|
|
4624
4634
|
t,
|
|
4625
4635
|
comparatorTrimReplace,
|
|
4626
4636
|
tildeTrimReplace,
|
|
4627
4637
|
caretTrimReplace
|
|
4628
4638
|
} = require_re();
|
|
4629
4639
|
var { FLAG_INCLUDE_PRERELEASE, FLAG_LOOSE } = require_constants();
|
|
4640
|
+
var BUILDSTRIPRE = new RegExp(src[t.BUILD], "g");
|
|
4630
4641
|
var isNullSet = (c) => c.value === "<0.0.0-0";
|
|
4631
4642
|
var isAny = (c) => c.value === "";
|
|
4632
4643
|
var isSatisfiable = (comparators, options) => {
|
|
@@ -5382,7 +5393,7 @@ var require_subset = __commonJS({
|
|
|
5382
5393
|
if (higher === c && higher !== gt2) {
|
|
5383
5394
|
return false;
|
|
5384
5395
|
}
|
|
5385
|
-
} else if (gt2.operator === ">=" && !
|
|
5396
|
+
} else if (gt2.operator === ">=" && !c.test(gt2.semver)) {
|
|
5386
5397
|
return false;
|
|
5387
5398
|
}
|
|
5388
5399
|
}
|
|
@@ -5397,7 +5408,7 @@ var require_subset = __commonJS({
|
|
|
5397
5408
|
if (lower === c && lower !== lt2) {
|
|
5398
5409
|
return false;
|
|
5399
5410
|
}
|
|
5400
|
-
} else if (lt2.operator === "<=" && !
|
|
5411
|
+
} else if (lt2.operator === "<=" && !c.test(lt2.semver)) {
|
|
5401
5412
|
return false;
|
|
5402
5413
|
}
|
|
5403
5414
|
}
|