npm - pacote - Versions diffs - 18.0.0 → 18.0.2 - Mend

pacote 18.0.0 → 18.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/lib/dir.js CHANGED Viewed

@@ -87,7 +87,7 @@ class DirFetcher extends Fetcher {
       return Promise.resolve(this.package)
     }
-    return this[_readPackageJson](this.resolved + '/package.json')
+    return this[_readPackageJson](this.resolved)
       .then(mani => this.package = {
         ...mani,
         _integrity: this.integrity && String(this.integrity),

package/lib/fetcher.js CHANGED Viewed

@@ -5,7 +5,6 @@
 const npa = require('npm-package-arg')
 const ssri = require('ssri')
-const { promisify } = require('util')
 const { basename, dirname } = require('path')
 const tar = require('tar')
 const { log } = require('proc-log')
@@ -16,12 +15,14 @@ const cacache = require('cacache')
 const isPackageBin = require('./util/is-package-bin.js')
 const removeTrailingSlashes = require('./util/trailing-slashes.js')
 const getContents = require('@npmcli/installed-package-contents')
-const readPackageJsonFast = require('read-package-json-fast')
-const readPackageJson = promisify(require('read-package-json'))
+const PackageJson = require('@npmcli/package-json')
 const { Minipass } = require('minipass')
 const cacheDir = require('./util/cache-dir.js')
+// Pacote is only concerned with the package.json contents
+const packageJsonPrepare = (p) => PackageJson.prepare(p).then(pkg => pkg.content)
+const packageJsonNormalize = (p) => PackageJson.normalize(p).then(pkg => pkg.content)
 // Private methods.
 // Child classes should not have to override these.
 // Users should never call them.
@@ -93,9 +94,9 @@ class FetcherBase {
     this.fullMetadata = this.before ? true : !!opts.fullMetadata
     this.fullReadJson = !!opts.fullReadJson
     if (this.fullReadJson) {
-      this[_readPackageJson] = readPackageJson
+      this[_readPackageJson] = packageJsonPrepare
     } else {
-      this[_readPackageJson] = readPackageJsonFast
+      this[_readPackageJson] = packageJsonNormalize
     }
     // rrh is a registry hostname or 'never' or 'always'

package/lib/file.js CHANGED Viewed

@@ -1,10 +1,11 @@
-const Fetcher = require('./fetcher.js')
 const fsm = require('fs-minipass')
 const cacache = require('cacache')
-const _tarballFromResolved = Symbol.for('pacote.Fetcher._tarballFromResolved')
-const _exeBins = Symbol('_exeBins')
 const { resolve } = require('path')
-const fs = require('fs')
+const { stat, chmod } = require('fs/promises')
+const Fetcher = require('./fetcher.js')
+const _exeBins = Symbol('_exeBins')
+const _tarballFromResolved = Symbol.for('pacote.Fetcher._tarballFromResolved')
 const _readPackageJson = Symbol.for('package.Fetcher._readPackageJson')
 class FileFetcher extends Fetcher {
@@ -26,7 +27,7 @@ class FileFetcher extends Fetcher {
     // have to unpack the tarball for this.
     return cacache.tmp.withTmp(this.cache, this.opts, dir =>
       this.extract(dir)
-        .then(() => this[_readPackageJson](dir + '/package.json'))
+        .then(() => this[_readPackageJson](dir))
         .then(mani => this.package = {
           ...mani,
           _integrity: this.integrity && String(this.integrity),
@@ -40,23 +41,23 @@ class FileFetcher extends Fetcher {
       return Promise.resolve()
     }
-    return Promise.all(Object.keys(pkg.bin).map(k => new Promise(res => {
+    return Promise.all(Object.keys(pkg.bin).map(async k => {
       const script = resolve(dest, pkg.bin[k])
       // Best effort.  Ignore errors here, the only result is that
       // a bin script is not executable.  But if it's missing or
       // something, we just leave it for a later stage to trip over
       // when we can provide a more useful contextual error.
-      fs.stat(script, (er, st) => {
-        if (er) {
-          return res()
-        }
+      try {
+        const st = await stat(script)
         const mode = st.mode | 0o111
         if (mode === st.mode) {
-          return res()
+          return
         }
-        fs.chmod(script, mode, res)
-      })
-    })))
+        await chmod(script, mode)
+      } catch {
+        // Ignore errors here
+      }
+    }))
   }
   extract (dest) {
@@ -64,7 +65,7 @@ class FileFetcher extends Fetcher {
     // but if not, read the unpacked manifest and chmod properly.
     return super.extract(dest)
       .then(result => this.package ? result
-      : this[_readPackageJson](dest + '/package.json').then(pkg =>
+      : this[_readPackageJson](dest).then(pkg =>
         this[_exeBins](pkg, dest)).then(() => result))
   }

package/lib/git.js CHANGED Viewed

@@ -156,11 +156,11 @@ class GitFetcher extends Fetcher {
   [_resolvedFromClone] () {
     // do a full or shallow clone, then look at the HEAD
     // kind of wasteful, but no other option, really
-    return this[_clone](dir => this.resolved)
+    return this[_clone](() => this.resolved)
   }
   [_prepareDir] (dir) {
-    return this[_readPackageJson](dir + '/package.json').then(mani => {
+    return this[_readPackageJson](dir).then(mani => {
       // no need if we aren't going to do any preparation.
       const scripts = mani.scripts
       if (!mani.workspaces && (!scripts || !(
@@ -312,7 +312,7 @@ class GitFetcher extends Fetcher {
     return this.spec.hosted && this.resolved
       ? FileFetcher.prototype.manifest.apply(this)
       : this[_clone](dir =>
-        this[_readPackageJson](dir + '/package.json')
+        this[_readPackageJson](dir)
           .then(mani => this.package = {
             ...mani,
             _resolved: this.resolved,

package/lib/registry.js CHANGED Viewed

@@ -3,7 +3,7 @@ const RemoteFetcher = require('./remote.js')
 const _tarballFromResolved = Symbol.for('pacote.Fetcher._tarballFromResolved')
 const pacoteVersion = require('../package.json').version
 const removeTrailingSlashes = require('./util/trailing-slashes.js')
-const rpj = require('read-package-json-fast')
+const PackageJson = require('@npmcli/package-json')
 const pickManifest = require('npm-pick-manifest')
 const ssri = require('ssri')
 const crypto = require('crypto')
@@ -127,12 +127,13 @@ class RegistryFetcher extends Fetcher {
     }
     const packument = await this.packument()
-    let mani = await pickManifest(packument, this.spec.fetchSpec, {
+    const steps = PackageJson.normalizeSteps.filter(s => s !== '_attributes')
+    const mani = await new PackageJson().fromContent(pickManifest(packument, this.spec.fetchSpec, {
       ...this.opts,
       defaultTag: this.defaultTag,
       before: this.before,
-    })
-    mani = rpj.normalize(mani)
+    })).normalize({ steps }).then(p => p.content)
     /* XXX add ETARGET and E403 revalidation of cached packuments here */
     // add _time from packument if fetched with fullMetadata

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "pacote",
-  "version": "18.0.0",
+  "version": "18.0.2",
   "description": "JavaScript package downloader",
   "author": "GitHub Inc.",
   "bin": {
@@ -46,6 +46,7 @@
   "dependencies": {
     "@npmcli/git": "^5.0.0",
     "@npmcli/installed-package-contents": "^2.0.1",
+    "@npmcli/package-json": "^5.1.0",
     "@npmcli/promise-spawn": "^7.0.0",
     "@npmcli/run-script": "^8.0.0",
     "cacache": "^18.0.0",
@@ -57,8 +58,6 @@
     "npm-registry-fetch": "^16.0.0",
     "proc-log": "^4.0.0",
     "promise-retry": "^2.0.1",
-    "read-package-json": "^7.0.0",
-    "read-package-json-fast": "^3.0.0",
     "sigstore": "^2.2.0",
     "ssri": "^10.0.0",
     "tar": "^6.1.11"