pacote 7.2.0 → 7.3.3

package/CHANGELOG.md

@@ -2,6 +2,51 @@
 
 All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
 
+<a name="7.3.3"></a>
+## [7.3.3](https://github.com/zkat/pacote/compare/v7.3.2...v7.3.3) (2018-02-15)
+
+
+### Bug Fixes
+
+* **tarball:** another attempt at fixing opts.resolved ([aff3b6a](https://github.com/zkat/pacote/commit/aff3b6a))
+
+
+
+<a name="7.3.2"></a>
+## [7.3.2](https://github.com/zkat/pacote/compare/v7.3.1...v7.3.2) (2018-02-15)
+
+
+### Bug Fixes
+
+* **tarball:** opts.resolved impl was triggering extra registry lookups ([0a4729d](https://github.com/zkat/pacote/commit/0a4729d))
+
+
+
+<a name="7.3.1"></a>
+## [7.3.1](https://github.com/zkat/pacote/compare/v7.3.0...v7.3.1) (2018-02-14)
+
+
+### Bug Fixes
+
+* **tarball:** stop using mississippi.pipe() in tarball.js and extract.js ([f5c1da9](https://github.com/zkat/pacote/commit/f5c1da9))
+
+
+
+<a name="7.3.0"></a>
+# [7.3.0](https://github.com/zkat/pacote/compare/v7.2.0...v7.3.0) (2018-02-07)
+
+
+### Bug Fixes
+
+* **git:** fix resolution of prerelease versions ([#130](https://github.com/zkat/pacote/issues/130)) ([83be46b](https://github.com/zkat/pacote/commit/83be46b)), closes [#129](https://github.com/zkat/pacote/issues/129)
+
+
+### Features
+
+* **extract:** append _resolved and _integrity automatically ([#134](https://github.com/zkat/pacote/issues/134)) ([6886b65](https://github.com/zkat/pacote/commit/6886b65))
+
+
+
 <a name="7.2.0"></a>
 # [7.2.0](https://github.com/zkat/pacote/compare/v7.1.1...v7.2.0) (2018-01-19)
 

package/extract.js

@@ -4,12 +4,18 @@ const BB = require('bluebird')
 
 const cacache = require('cacache')
 const extractStream = require('./lib/extract-stream')
+const fs = require('fs')
 const mkdirp = BB.promisify(require('mkdirp'))
 const npa = require('npm-package-arg')
 const optCheck = require('./lib/util/opt-check')
+const path = require('path')
 const retry = require('promise-retry')
 const rimraf = BB.promisify(require('rimraf'))
 
+const truncateAsync = BB.promisify(fs.truncate)
+const readFileAsync = BB.promisify(fs.readFile)
+const appendFileAsync = BB.promisify(fs.appendFile)
+
 module.exports = extract
 function extract (spec, dest, opts) {
   opts = optCheck(opts)
@@ -60,7 +66,7 @@ function extract (spec, dest, opts) {
 
 function extractByDigest (start, spec, dest, opts) {
   return mkdirp(dest).then(() => {
-    const xtractor = extractStream(dest, opts)
+    const xtractor = extractStream(spec, dest, opts)
     const cached = cacache.get.stream.byDigest(opts.cache, opts.integrity, opts)
     cached.pipe(xtractor)
     return new BB((resolve, reject) => {
@@ -80,18 +86,48 @@ function extractByDigest (start, spec, dest, opts) {
 
 let fetch
 function extractByManifest (start, spec, dest, opts) {
+  let integrity = opts.integrity
+  let resolved = opts.resolved
   return mkdirp(dest).then(() => {
-    const xtractor = extractStream(dest, opts)
+    const xtractor = extractStream(spec, dest, opts)
     if (!fetch) {
       fetch = require('./lib/fetch')
     }
     const tardata = fetch.tarball(spec, opts)
+    if (!resolved) {
+      tardata.on('manifest', m => {
+        resolved = m._resolved
+      })
+      tardata.on('integrity', i => {
+        integrity = i
+      })
+    }
     tardata.pipe(xtractor)
     return new BB((resolve, reject) => {
       tardata.on('error', reject)
       xtractor.on('error', reject)
       xtractor.on('close', resolve)
     })
+  }).then(() => {
+    if (!opts.resolved) {
+      const pjson = path.join(dest, 'package.json')
+      return readFileAsync(pjson, 'utf8')
+      .then(str => {
+        return truncateAsync(pjson)
+        .then(() => {
+          return appendFileAsync(pjson, str.replace(
+            /}\s*$/,
+            `\n,"_resolved": ${
+              JSON.stringify(resolved || '')
+            }\n,"_integrity": ${
+              JSON.stringify(integrity || '')
+            }\n,"_from": ${
+              JSON.stringify(spec.toString())
+            }\n}`
+          ))
+        })
+      })
+    }
   }).then(() => {
     opts.log.silly('pacote', `${spec} extracted in ${Date.now() - start}ms`)
   }).catch(err => {

package/lib/extract-stream.js

@@ -1,5 +1,6 @@
 'use strict'
 
+const PassThrough = require('stream').PassThrough
 const path = require('path')
 const tar = require('tar')
 
@@ -10,7 +11,29 @@ function computeMode (fileMode, optMode, umask) {
   return (fileMode | optMode) & ~(umask || 0)
 }
 
-function extractStream (dest, opts) {
+function pkgJsonTransform (spec, opts) {
+  return entry => {
+    if (entry.path === 'package.json') {
+      const transformed = new PassThrough()
+      let str = ''
+      entry.on('end', () => transformed.end(str.replace(
+        /}\s*$/,
+        `\n,"_resolved": ${
+          JSON.stringify(opts.resolved || '')
+        }\n,"_integrity": ${
+          JSON.stringify(opts.integrity || '')
+        }\n,"_from": ${
+          JSON.stringify(spec.toString())
+        }\n}`
+      )))
+      entry.on('error', e => transformed.emit('error'))
+      entry.on('data', d => { str += d })
+      return transformed
+    }
+  }
+}
+
+function extractStream (spec, dest, opts) {
   opts = opts || {}
   const sawIgnores = new Set()
   return tar.x({
@@ -20,6 +43,7 @@ function extractStream (dest, opts) {
     onwarn: msg => opts.log && opts.log.warn('tar', msg),
     uid: opts.uid,
     gid: opts.gid,
+    transform: opts.resolved && pkgJsonTransform(spec, opts),
     onentry (entry) {
       if (entry.type.toLowerCase() === 'file') {
         entry.mode = computeMode(entry.mode, opts.fmode, opts.umask)

package/lib/fetchers/registry/tarball.js

@@ -7,31 +7,40 @@ const manifest = require('./manifest')
 const optCheck = require('../../util/opt-check')
 const PassThrough = require('stream').PassThrough
 const pickRegistry = require('./pick-registry')
-const pipe = BB.promisify(require('mississippi').pipe)
 const ssri = require('ssri')
 const url = require('url')
 
 module.exports = tarball
 function tarball (spec, opts) {
   opts = optCheck(opts)
+  const registry = pickRegistry(spec, opts)
   const stream = new PassThrough()
-  const p = (opts.resolved && opts.integrity && spec.type === 'version')
-  ? BB.resolve({
-    name: spec.name,
-    version: spec.fetchSpec,
-    _integrity: opts.integrity,
-    _resolved: opts.resolved,
-    _fakeChild: true
-  })
-  : manifest(spec, opts)
-  p.then(manifest => {
-    !manifest._fakeChild && stream.emit('manifest', manifest)
-    return pipe(
-      fromManifest(manifest, spec, opts).on(
-        'integrity', i => stream.emit('integrity', i)
-      ),
-      stream
+  let mani
+  if (
+    opts.resolved &&
+    // spec.type === 'version' &&
+    opts.resolved.indexOf(registry) === 0
+  ) {
+    // fakeChild is a shortcut to avoid looking up a manifest!
+    mani = BB.resolve({
+      name: spec.name,
+      version: spec.fetchSpec,
+      _integrity: opts.integrity,
+      _resolved: opts.resolved,
+      _fakeChild: true
+    })
+  } else {
+    // We can't trust opts.resolved if it's going to a separate host.
+    mani = manifest(spec, opts)
+  }
+
+  mani.then(mani => {
+    !mani._fakeChild && stream.emit('manifest', mani)
+    const fetchStream = fromManifest(mani, spec, opts).on(
+      'integrity', i => stream.emit('integrity', i)
     )
+    fetchStream.on('error', err => stream.emit('error', err))
+    fetchStream.pipe(stream)
   }).catch(err => stream.emit('error', err))
   return stream
 }
@@ -42,33 +51,27 @@ function fromManifest (manifest, spec, opts) {
   opts.scope = spec.scope || opts.scope
   const stream = new PassThrough()
   const registry = pickRegistry(spec, opts)
-  getTarballUrl(spec, registry, manifest, opts)
-  .then(uri => {
-    return fetch(uri, registry, Object.assign({
-      headers: {
-        'pacote-req-type': 'tarball',
-        'pacote-pkg-id': `registry:${
-          spec.type === 'remote'
-          ? spec
-          : `${manifest.name}@${manifest.version}`
-        }`
-      },
-      integrity: manifest._integrity,
-      algorithms: [
-        manifest._integrity
-        ? ssri.parse(manifest._integrity).pickAlgorithm()
-        : 'sha1'
-      ],
-      spec
-    }, opts))
-    .then(res => {
-      const hash = res.headers.get('x-local-cache-hash')
-      if (hash) {
-        stream.emit('integrity', decodeURIComponent(hash))
-      }
-      res.body.on('error', err => stream.emit('error', err))
-      res.body.pipe(stream)
-    })
+  const uri = getTarballUrl(spec, registry, manifest, opts)
+  fetch(uri, registry, Object.assign({
+    headers: {
+      'pacote-req-type': 'tarball',
+      'pacote-pkg-id': `registry:${manifest.name}@${uri}`
+    },
+    integrity: manifest._integrity,
+    algorithms: [
+      manifest._integrity
+      ? ssri.parse(manifest._integrity).pickAlgorithm()
+      : 'sha1'
+    ],
+    spec
+  }, opts))
+  .then(res => {
+    const hash = res.headers.get('x-local-cache-hash')
+    if (hash) {
+      stream.emit('integrity', decodeURIComponent(hash))
+    }
+    res.body.on('error', err => stream.emit('error', err))
+    res.body.pipe(stream)
   })
   .catch(err => stream.emit('error', err))
   return stream
@@ -76,38 +79,23 @@ function fromManifest (manifest, spec, opts) {
 
 function getTarballUrl (spec, registry, mani, opts) {
   const reg = url.parse(registry)
-  const tarball = url.parse(opts.resolved || mani._resolved)
-  return (
-    // We cannot trust the _resolved field on manifests as-is: there can only
-    // be one registry per "scope" on any individual npm run, so we have to
-    // take any previously resolved fields and check them against the current
-    // registry -- if they don't match, we need to do a manifest fetch from
-    // the correct registry to get the tarball URL we're trying to reference.
-    (reg.hostname === tarball.hostname)
-    ? Promise.resolve(Object.assign(mani, {
-      _resolved: opts.resolved || mani._resolved
-    }))
-    : manifest(spec, opts)
-  )
-  .then(mani => {
-    const tarball = url.parse(mani._resolved)
-    // https://github.com/npm/npm/pull/9471
-    //
-    // TL;DR: Some alternative registries host tarballs on http and packuments
-    // on https, and vice-versa. There's also a case where people who can't use
-    // SSL to access the npm registry, for example, might use
-    // `--registry=http://registry.npmjs.org/`. In this case, we need to
-    // rewrite `tarball` to match the protocol.
-    //
-    if (reg.hostname === tarball.hostname && reg.protocol !== tarball.protocol) {
-      tarball.protocol = reg.protocol
-      // Ports might be same host different protocol!
-      if (reg.port !== tarball.port) {
-        delete tarball.host
-        tarball.port = reg.port
-      }
-      delete tarball.href
+  const tarball = url.parse(mani._resolved)
+  // https://github.com/npm/npm/pull/9471
+  //
+  // TL;DR: Some alternative registries host tarballs on http and packuments
+  // on https, and vice-versa. There's also a case where people who can't use
+  // SSL to access the npm registry, for example, might use
+  // `--registry=http://registry.npmjs.org/`. In this case, we need to
+  // rewrite `tarball` to match the protocol.
+  //
+  if (reg.hostname === tarball.hostname && reg.protocol !== tarball.protocol) {
+    tarball.protocol = reg.protocol
+    // Ports might be same host different protocol!
+    if (reg.port !== tarball.port) {
+      delete tarball.host
+      tarball.port = reg.port
     }
-    return Promise.resolve(url.format(tarball))
-  })
+    delete tarball.href
+  }
+  return url.format(tarball)
 }

package/lib/util/git.js

@@ -14,6 +14,7 @@ const path = require('path')
 const pinflight = require('promise-inflight')
 const uniqueFilename = require('unique-filename')
 const which = BB.promisify(require('which'))
+const semver = require('semver')
 
 const GOOD_ENV_VARS = new Set([
   'GIT_ASKPASS',
@@ -141,9 +142,9 @@ function revs (repo, opts) {
           }
 
           if (type === 'tag') {
-            const match = ref.match(/v?(\d+\.\d+\.\d+)$/)
-            if (match) {
-              revs.versions[match[1]] = doc
+            const match = ref.match(/v?(\d+\.\d+\.\d+(?:[-+].+)?)$/)
+            if (match && semver.valid(match[1], true)) {
+              revs.versions[semver.clean(match[1], true)] = doc
             }
           }
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "pacote",
-  "version": "7.2.0",
+  "version": "7.3.3",
   "description": "JavaScript package downloader",
   "main": "index.js",
   "files": [
@@ -11,7 +11,7 @@
     "prerelease": "npm t",
     "release": "standard-version -s",
     "postrelease": "npm publish && git push --follow-tags",
-    "pretest": "standard lib test *.js",
+    "pretest": "standard",
     "test": "nyc --all -- tap -J test/*.js",
     "test-docker": "docker run -it --rm --name pacotest -v \"$PWD\":/tmp -w /tmp node:latest npm test",
     "update-coc": "weallbehave -o . && git add CODE_OF_CONDUCT.md && git commit -m 'docs(coc): updated CODE_OF_CONDUCT.md'",
@@ -48,7 +48,7 @@
     "lru-cache": "^4.1.1",
     "make-fetch-happen": "^2.6.0",
     "minimatch": "^3.0.4",
-    "mississippi": "^1.2.0",
+    "mississippi": "^2.0.0",
     "normalize-package-data": "^2.4.0",
     "npm-package-arg": "^6.0.0",
     "npm-packlist": "^1.1.10",
@@ -58,15 +58,15 @@
     "promise-retry": "^1.1.1",
     "protoduck": "^5.0.0",
     "safe-buffer": "^5.1.1",
-    "semver": "^5.4.1",
-    "ssri": "^5.1.0",
-    "tar": "^4.2.0",
+    "semver": "^5.5.0",
+    "ssri": "^5.2.1",
+    "tar": "^4.3.3",
     "unique-filename": "^1.1.0",
     "which": "^1.3.0"
   },
   "devDependencies": {
     "mkdirp": "^0.5.1",
-    "nock": "^9.1.5",
+    "nock": "^9.1.6",
     "npmlog": "^4.1.2",
     "nyc": "^11.4.1",
     "require-inject": "^1.4.2",
@@ -74,7 +74,7 @@
     "standard": "^10.0.3",
     "standard-version": "^4.3.0",
     "tacks": "^1.2.6",
-    "tap": "^11.0.1",
+    "tap": "^11.1.0",
     "tar-stream": "^1.5.5",
     "weallbehave": "^1.2.0",
     "weallcontribute": "^1.0.7"

package/tarball.js

@@ -10,7 +10,6 @@ const npa = require('npm-package-arg')
 const optCheck = require('./lib/util/opt-check')
 const PassThrough = require('stream').PassThrough
 const path = require('path')
-const pipe = BB.promisify(require('mississippi').pipe)
 const pipeline = require('mississippi').pipeline
 const ssri = require('ssri')
 const url = require('url')
@@ -106,12 +105,16 @@ function tarballStream (spec, opts) {
       }
     })
     .then(
-      tarStream => pipe(tarStream, stream),
+      tarStream => tarStream
+      .on('error', err => stream.emit('error', err))
+      .pipe(stream),
       err => stream.emit('error', err)
     )
   } else {
     opts.log.silly('tarball', `no integrity hash provided for ${spec} - fetching by manifest`)
-    pipe(tarballByManifest(startTime, spec, opts), stream)
+    tarballByManifest(startTime, spec, opts)
+    .on('error', err => stream.emit('error', err))
+    .pipe(stream)
   }
   return stream
 }
@@ -129,20 +132,28 @@ function tarballToFile (spec, dest, opts) {
         opts.log.silly('tarball', `cached content for ${spec} copied (${Date.now() - startTime}ms)`)
       }, err => {
         if (err.code === 'ENOENT') {
-          return pipe(
-            tarballByManifest(startTime, spec, opts),
-            fs.createWriteStream(dest)
-          )
+          return new BB((resolve, reject) => {
+            const tardata = tarballByManifest(startTime, spec, opts)
+            const writer = fs.createWriteStream(dest)
+            tardata.on('error', reject)
+            writer.on('error', reject)
+            writer.on('close', resolve)
+            tardata.pipe(writer)
+          })
         } else {
           throw err
         }
       })
     } else {
       opts.log.silly('tarball', `no integrity hash provided for ${spec} - fetching by manifest`)
-      return pipe(
-        tarballByManifest(startTime, spec, opts),
-        fs.createWriteStream(dest)
-      )
+      return new BB((resolve, reject) => {
+        const tardata = tarballByManifest(startTime, spec, opts)
+        const writer = fs.createWriteStream(dest)
+        tardata.on('error', reject)
+        writer.on('error', reject)
+        writer.on('close', resolve)
+        tardata.pipe(writer)
+      })
     }
   })
 }