npq 3.13.3 → 3.13.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -27,6 +27,11 @@ class Marshalls {
27
27
  const Marshall = require(curr)
28
28
  const marshall = new Marshall(config)
29
29
 
30
+ // Skip this marshall if it's disabled via environment variable
31
+ if (!marshall.isEnabled()) {
32
+ return prev
33
+ }
34
+
30
35
  return prev.concat({
31
36
  title: marshall.title(),
32
37
  categoryId: marshall.categoryId,
@@ -27,12 +27,15 @@ class Marshall extends BaseMarshall {
27
27
 
28
28
  return this.packageRepoUtils
29
29
  .getPackageInfo(pkg.packageName)
30
- .then((packageInfo) => {
30
+ .then(async (packageInfo) => {
31
31
  const packageName = packageInfo.name
32
- const packageVersion =
33
- pkg.packageVersion === 'latest'
34
- ? packageInfo['dist-tags'] && packageInfo['dist-tags'].latest
35
- : this.packageRepoUtils.parsePackageVersion(pkg.packageVersion).version
32
+
33
+ // Use the resolvePackageVersion method to handle version ranges properly
34
+ const packageVersion = await this.resolvePackageVersion(
35
+ pkg.packageName,
36
+ pkg.packageVersion,
37
+ packageInfo
38
+ )
36
39
 
37
40
  validationMetadata.name = packageName
38
41
  validationMetadata.version = packageVersion
@@ -41,14 +44,15 @@ class Marshall extends BaseMarshall {
41
44
  if (!validationMetadata.version) {
42
45
  throw new Error('Unable to find version or dist-tag for package')
43
46
  }
47
+
48
+ return validationMetadata
44
49
  })
45
- .then(() => {
46
- return this.fetchRegistryKeys()
47
- })
48
- .then((keys) => {
49
- return npmRegistry
50
- .getManifest(`${validationMetadata.name}@${validationMetadata.version}`)
51
- .then((manifest) => npmRegistry.verifyAttestations(manifest, keys))
50
+ .then((validationMetadata) => {
51
+ return this.fetchRegistryKeys().then((keys) => {
52
+ return npmRegistry
53
+ .getManifest(`${validationMetadata.name}@${validationMetadata.version}`)
54
+ .then((manifest) => npmRegistry.verifyAttestations(manifest, keys))
55
+ })
52
56
  })
53
57
  .then((metadata) => {
54
58
  if (!metadata || !metadata._attestations) {
@@ -25,11 +25,30 @@ class Marshall extends BaseMarshall {
25
25
  registry: 'https://registry.npmjs.org'
26
26
  })
27
27
 
28
- return this.fetchRegistryKeys()
29
- .then((keys) => {
30
- return npmRegistry
31
- .getManifest(`${pkg.packageName}@${pkg.packageVersion}`)
32
- .then((manifest) => npmRegistry.verifySignatures(manifest, keys))
28
+ return this.packageRepoUtils
29
+ .getPackageInfo(pkg.packageName)
30
+ .then(async (packageInfo) => {
31
+ // Resolve version range to specific version
32
+ const resolvedVersion = await this.resolvePackageVersion(
33
+ pkg.packageName,
34
+ pkg.packageVersion,
35
+ packageInfo
36
+ )
37
+
38
+ if (!resolvedVersion) {
39
+ throw new Error(
40
+ `Unable to resolve version ${pkg.packageVersion} for package ${pkg.packageName}`
41
+ )
42
+ }
43
+
44
+ return { packageInfo, resolvedVersion }
45
+ })
46
+ .then(({ resolvedVersion }) => {
47
+ return this.fetchRegistryKeys().then((keys) => {
48
+ return npmRegistry
49
+ .getManifest(`${pkg.packageName}@${resolvedVersion}`)
50
+ .then((manifest) => npmRegistry.verifySignatures(manifest, keys))
51
+ })
33
52
  })
34
53
  .then((metadata) => {
35
54
  return metadata
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "npq",
3
- "version": "3.13.3",
3
+ "version": "3.13.5",
4
4
  "description": "marshall your npm/npm package installs with high quality and class 🎖",
5
5
  "bin": {
6
6
  "npq": "./bin/npq.js",