pacote 18.0.0 → 18.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/lib/dir.js CHANGED
@@ -87,7 +87,7 @@ class DirFetcher extends Fetcher {
87
87
  return Promise.resolve(this.package)
88
88
  }
89
89
 
90
- return this[_readPackageJson](this.resolved + '/package.json')
90
+ return this[_readPackageJson](this.resolved)
91
91
  .then(mani => this.package = {
92
92
  ...mani,
93
93
  _integrity: this.integrity && String(this.integrity),
package/lib/fetcher.js CHANGED
@@ -5,7 +5,6 @@
5
5
 
6
6
  const npa = require('npm-package-arg')
7
7
  const ssri = require('ssri')
8
- const { promisify } = require('util')
9
8
  const { basename, dirname } = require('path')
10
9
  const tar = require('tar')
11
10
  const { log } = require('proc-log')
@@ -16,12 +15,14 @@ const cacache = require('cacache')
16
15
  const isPackageBin = require('./util/is-package-bin.js')
17
16
  const removeTrailingSlashes = require('./util/trailing-slashes.js')
18
17
  const getContents = require('@npmcli/installed-package-contents')
19
- const readPackageJsonFast = require('read-package-json-fast')
20
- const readPackageJson = promisify(require('read-package-json'))
18
+ const PackageJson = require('@npmcli/package-json')
21
19
  const { Minipass } = require('minipass')
22
-
23
20
  const cacheDir = require('./util/cache-dir.js')
24
21
 
22
+ // Pacote is only concerned with the package.json contents
23
+ const packageJsonPrepare = (p) => PackageJson.prepare(p).then(pkg => pkg.content)
24
+ const packageJsonNormalize = (p) => PackageJson.normalize(p).then(pkg => pkg.content)
25
+
25
26
  // Private methods.
26
27
  // Child classes should not have to override these.
27
28
  // Users should never call them.
@@ -93,9 +94,9 @@ class FetcherBase {
93
94
  this.fullMetadata = this.before ? true : !!opts.fullMetadata
94
95
  this.fullReadJson = !!opts.fullReadJson
95
96
  if (this.fullReadJson) {
96
- this[_readPackageJson] = readPackageJson
97
+ this[_readPackageJson] = packageJsonPrepare
97
98
  } else {
98
- this[_readPackageJson] = readPackageJsonFast
99
+ this[_readPackageJson] = packageJsonNormalize
99
100
  }
100
101
 
101
102
  // rrh is a registry hostname or 'never' or 'always'
package/lib/file.js CHANGED
@@ -1,10 +1,11 @@
1
- const Fetcher = require('./fetcher.js')
2
1
  const fsm = require('fs-minipass')
3
2
  const cacache = require('cacache')
4
- const _tarballFromResolved = Symbol.for('pacote.Fetcher._tarballFromResolved')
5
- const _exeBins = Symbol('_exeBins')
6
3
  const { resolve } = require('path')
7
- const fs = require('fs')
4
+ const { stat, chmod } = require('fs/promises')
5
+ const Fetcher = require('./fetcher.js')
6
+
7
+ const _exeBins = Symbol('_exeBins')
8
+ const _tarballFromResolved = Symbol.for('pacote.Fetcher._tarballFromResolved')
8
9
  const _readPackageJson = Symbol.for('package.Fetcher._readPackageJson')
9
10
 
10
11
  class FileFetcher extends Fetcher {
@@ -26,7 +27,7 @@ class FileFetcher extends Fetcher {
26
27
  // have to unpack the tarball for this.
27
28
  return cacache.tmp.withTmp(this.cache, this.opts, dir =>
28
29
  this.extract(dir)
29
- .then(() => this[_readPackageJson](dir + '/package.json'))
30
+ .then(() => this[_readPackageJson](dir))
30
31
  .then(mani => this.package = {
31
32
  ...mani,
32
33
  _integrity: this.integrity && String(this.integrity),
@@ -40,23 +41,23 @@ class FileFetcher extends Fetcher {
40
41
  return Promise.resolve()
41
42
  }
42
43
 
43
- return Promise.all(Object.keys(pkg.bin).map(k => new Promise(res => {
44
+ return Promise.all(Object.keys(pkg.bin).map(async k => {
44
45
  const script = resolve(dest, pkg.bin[k])
45
46
  // Best effort. Ignore errors here, the only result is that
46
47
  // a bin script is not executable. But if it's missing or
47
48
  // something, we just leave it for a later stage to trip over
48
49
  // when we can provide a more useful contextual error.
49
- fs.stat(script, (er, st) => {
50
- if (er) {
51
- return res()
52
- }
50
+ try {
51
+ const st = await stat(script)
53
52
  const mode = st.mode | 0o111
54
53
  if (mode === st.mode) {
55
- return res()
54
+ return
56
55
  }
57
- fs.chmod(script, mode, res)
58
- })
59
- })))
56
+ await chmod(script, mode)
57
+ } catch {
58
+ // Ignore errors here
59
+ }
60
+ }))
60
61
  }
61
62
 
62
63
  extract (dest) {
@@ -64,7 +65,7 @@ class FileFetcher extends Fetcher {
64
65
  // but if not, read the unpacked manifest and chmod properly.
65
66
  return super.extract(dest)
66
67
  .then(result => this.package ? result
67
- : this[_readPackageJson](dest + '/package.json').then(pkg =>
68
+ : this[_readPackageJson](dest).then(pkg =>
68
69
  this[_exeBins](pkg, dest)).then(() => result))
69
70
  }
70
71
 
package/lib/git.js CHANGED
@@ -156,11 +156,11 @@ class GitFetcher extends Fetcher {
156
156
  [_resolvedFromClone] () {
157
157
  // do a full or shallow clone, then look at the HEAD
158
158
  // kind of wasteful, but no other option, really
159
- return this[_clone](dir => this.resolved)
159
+ return this[_clone](() => this.resolved)
160
160
  }
161
161
 
162
162
  [_prepareDir] (dir) {
163
- return this[_readPackageJson](dir + '/package.json').then(mani => {
163
+ return this[_readPackageJson](dir).then(mani => {
164
164
  // no need if we aren't going to do any preparation.
165
165
  const scripts = mani.scripts
166
166
  if (!mani.workspaces && (!scripts || !(
@@ -312,7 +312,7 @@ class GitFetcher extends Fetcher {
312
312
  return this.spec.hosted && this.resolved
313
313
  ? FileFetcher.prototype.manifest.apply(this)
314
314
  : this[_clone](dir =>
315
- this[_readPackageJson](dir + '/package.json')
315
+ this[_readPackageJson](dir)
316
316
  .then(mani => this.package = {
317
317
  ...mani,
318
318
  _resolved: this.resolved,
package/lib/registry.js CHANGED
@@ -3,7 +3,7 @@ const RemoteFetcher = require('./remote.js')
3
3
  const _tarballFromResolved = Symbol.for('pacote.Fetcher._tarballFromResolved')
4
4
  const pacoteVersion = require('../package.json').version
5
5
  const removeTrailingSlashes = require('./util/trailing-slashes.js')
6
- const rpj = require('read-package-json-fast')
6
+ const PackageJson = require('@npmcli/package-json')
7
7
  const pickManifest = require('npm-pick-manifest')
8
8
  const ssri = require('ssri')
9
9
  const crypto = require('crypto')
@@ -127,12 +127,13 @@ class RegistryFetcher extends Fetcher {
127
127
  }
128
128
 
129
129
  const packument = await this.packument()
130
- let mani = await pickManifest(packument, this.spec.fetchSpec, {
130
+ const steps = PackageJson.normalizeSteps.filter(s => s !== '_attributes')
131
+ const mani = await new PackageJson().fromContent(pickManifest(packument, this.spec.fetchSpec, {
131
132
  ...this.opts,
132
133
  defaultTag: this.defaultTag,
133
134
  before: this.before,
134
- })
135
- mani = rpj.normalize(mani)
135
+ })).normalize({ steps }).then(p => p.content)
136
+
136
137
  /* XXX add ETARGET and E403 revalidation of cached packuments here */
137
138
 
138
139
  // add _time from packument if fetched with fullMetadata
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "pacote",
3
- "version": "18.0.0",
3
+ "version": "18.0.2",
4
4
  "description": "JavaScript package downloader",
5
5
  "author": "GitHub Inc.",
6
6
  "bin": {
@@ -46,6 +46,7 @@
46
46
  "dependencies": {
47
47
  "@npmcli/git": "^5.0.0",
48
48
  "@npmcli/installed-package-contents": "^2.0.1",
49
+ "@npmcli/package-json": "^5.1.0",
49
50
  "@npmcli/promise-spawn": "^7.0.0",
50
51
  "@npmcli/run-script": "^8.0.0",
51
52
  "cacache": "^18.0.0",
@@ -57,8 +58,6 @@
57
58
  "npm-registry-fetch": "^16.0.0",
58
59
  "proc-log": "^4.0.0",
59
60
  "promise-retry": "^2.0.1",
60
- "read-package-json": "^7.0.0",
61
- "read-package-json-fast": "^3.0.0",
62
61
  "sigstore": "^2.2.0",
63
62
  "ssri": "^10.0.0",
64
63
  "tar": "^6.1.11"