pacote 9.5.8 → 9.5.12

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. package/CHANGELOG.md +40 -0
  2. package/lib/fetchers/directory.js +2 -1
  3. package/lib/finalize-manifest.js +4 -11
  4. package/lib/util/git.js +24 -6
  5. package/package.json +5 -1
  6. package/lib/.with-tarball-stream.js.swp +0 -0
  7. package/lib/fetchers/.file.js.swp +0 -0
package/CHANGELOG.md CHANGED
@@ -2,6 +2,46 @@
2
2
 
3
3
  All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
4
4
 
5
+ <a name="9.5.12"></a>
6
+ ## [9.5.12](https://github.com/npm/pacote/compare/v9.5.11...v9.5.12) (2020-01-06)
7
+
8
+
9
+ ### Bug Fixes
10
+
11
+ * **git:** Do not drop uid/gid when executing in root-owned directory ([d2f4176](https://github.com/npm/pacote/commit/d2f4176))
12
+
13
+
14
+
15
+ <a name="9.5.11"></a>
16
+ ## [9.5.11](https://github.com/npm/pacote/compare/v9.5.10...v9.5.11) (2019-12-09)
17
+
18
+
19
+ ### Bug Fixes
20
+
21
+ * sanitize and normalize package bin field ([6f229f7](https://github.com/npm/pacote/commit/6f229f7))
22
+
23
+
24
+
25
+ <a name="9.5.10"></a>
26
+ ## [9.5.10](https://github.com/npm/pacote/compare/v9.5.9...v9.5.10) (2019-12-04)
27
+
28
+
29
+ ### Bug Fixes
30
+
31
+ * Do not drop perms in git when not root ([5f33040](https://github.com/npm/pacote/commit/5f33040)), closes [#23](https://github.com/npm/pacote/issues/23)
32
+
33
+
34
+
35
+ <a name="9.5.9"></a>
36
+ ## [9.5.9](https://github.com/npm/pacote/compare/v9.5.8...v9.5.9) (2019-10-29)
37
+
38
+
39
+ ### Bug Fixes
40
+
41
+ * include peerDependenciesMeta in manifest ([7a400d3](https://github.com/npm/pacote/commit/7a400d3)), closes [/github.com/npm/cli/pull/224#issuecomment-547666807](https://github.com//github.com/npm/cli/pull/224/issues/issuecomment-547666807)
42
+
43
+
44
+
5
45
  <a name="9.5.8"></a>
6
46
  ## [9.5.8](https://github.com/npm/pacote/compare/v9.5.7...v9.5.8) (2019-08-20)
7
47
 
package/lib/fetchers/directory.js CHANGED
@@ -9,6 +9,7 @@ const readJson = require('../util/read-json')
9
9
  const path = require('path')
10
10
  const pipe = BB.promisify(require('mississippi').pipe)
11
11
  const through = require('mississippi').through
12
+ const normalizePackageBin = require('npm-normalize-package-bin')
12
13
 
13
14
  const readFileAsync = BB.promisify(require('fs').readFile)
14
15
 
@@ -63,7 +64,7 @@ Fetcher.impl(fetchDirectory, {
63
64
  } else {
64
65
  return pkg
65
66
  }
66
- })
67
+ }).then(pkg => normalizePackageBin(pkg))
67
68
  },
68
69
 
69
70
  // As of npm@5, the npm installer doesn't pack + install directories: it just
package/lib/finalize-manifest.js CHANGED
@@ -14,6 +14,7 @@ const pipe = BB.promisify(require('mississippi').pipe)
14
14
  const ssri = require('ssri')
15
15
  const tar = require('tar')
16
16
  const readJson = require('./util/read-json')
17
+ const normalizePackageBin = require('npm-normalize-package-bin')
17
18
 
18
19
  // `finalizeManifest` takes as input the various kinds of manifests that
19
20
  // manifest handlers ('lib/fetchers/*.js#manifest()') return, and makes sure
@@ -83,6 +84,7 @@ function Manifest (pkg, fromTarball, fullMetadata) {
83
84
  this.os = pkg.os || fromTarball.os
84
85
  this.dependencies = pkg.dependencies || {}
85
86
  this.optionalDependencies = pkg.optionalDependencies || {}
87
+ this.peerDependenciesMeta = pkg.peerDependenciesMeta || {}
86
88
  this.devDependencies = pkg.devDependencies || {}
87
89
  const bundled = (
88
90
  pkg.bundledDependencies ||
@@ -104,17 +106,8 @@ function Manifest (pkg, fromTarball, fullMetadata) {
104
106
  this._shrinkwrap = pkg._shrinkwrap || fromTarball._shrinkwrap || null
105
107
  this.bin = pkg.bin || fromTarball.bin || null
106
108
 
107
- if (this.bin && Array.isArray(this.bin)) {
108
- // Code yanked from read-package-json.
109
- const m = (pkg.directories && pkg.directories.bin) || '.'
110
- this.bin = this.bin.reduce((acc, mf) => {
111
- if (mf && mf.charAt(0) !== '.') {
112
- const f = path.basename(mf)
113
- acc[f] = path.join(m, mf)
114
- }
115
- return acc
116
- }, {})
117
- }
109
+ // turn arrays and strings into a legit object, strip out bad stuff
110
+ normalizePackageBin(this)
118
111
 
119
112
  this._id = null
120
113
 
package/lib/util/git.js CHANGED
@@ -16,6 +16,7 @@ const promiseRetry = require('promise-retry')
16
16
  const uniqueFilename = require('unique-filename')
17
17
  const which = BB.promisify(require('which'))
18
18
  const semver = require('semver')
19
+ const inferOwner = require('infer-owner')
19
20
 
20
21
  const GOOD_ENV_VARS = new Set([
21
22
  'GIT_ASKPASS',
@@ -181,10 +182,24 @@ function revs (repo, opts) {
181
182
  })
182
183
  }
183
184
 
185
+ // infer the owner from the cwd git is operating in, if not the
186
+ // process cwd, but only if we're root.
187
+ // See: https://github.com/npm/cli/issues/624
188
+ module.exports._cwdOwner = cwdOwner
189
+ function cwdOwner (gitOpts, opts) {
190
+ const isRoot = process.getuid && process.getuid() === 0
191
+ if (!isRoot || !gitOpts.cwd) { return Promise.resolve() }
192
+
193
+ return BB.resolve(inferOwner(gitOpts.cwd).then(owner => {
194
+ gitOpts.uid = owner.uid
195
+ gitOpts.gid = owner.gid
196
+ }))
197
+ }
198
+
184
199
  module.exports._exec = execGit
185
200
  function execGit (gitArgs, gitOpts, opts) {
186
201
  opts = optCheck(opts)
187
- return checkGit(opts).then(gitPath => {
202
+ return BB.resolve(cwdOwner(gitOpts, opts).then(() => checkGit(opts).then(gitPath => {
188
203
  return promiseRetry((retry, number) => {
189
204
  if (number !== 1) {
190
205
  opts.log.silly('pacote', 'Retrying git command: ' + gitArgs.join(' ') + ' attempt # ' + number)
@@ -202,13 +217,13 @@ function execGit (gitArgs, gitOpts, opts) {
202
217
  maxTimeout: opts['fetch-retry-maxtimeout'],
203
218
  minTimeout: opts['fetch-retry-mintimeout']
204
219
  })
205
- })
220
+ })))
206
221
  }
207
222
 
208
223
  module.exports._spawn = spawnGit
209
224
  function spawnGit (gitArgs, gitOpts, opts) {
210
225
  opts = optCheck(opts)
211
- return checkGit(opts).then(gitPath => {
226
+ return BB.resolve(cwdOwner(gitOpts, opts).then(() => checkGit(opts).then(gitPath => {
212
227
  return promiseRetry((retry, number) => {
213
228
  if (number !== 1) {
214
229
  opts.log.silly('pacote', 'Retrying git command: ' + gitArgs.join(' ') + ' attempt # ' + number)
@@ -231,17 +246,20 @@ function spawnGit (gitArgs, gitOpts, opts) {
231
246
  return stdout
232
247
  })
233
248
  }, opts.retry)
234
- })
249
+ })))
235
250
  }
236
251
 
252
+ module.exports._mkOpts = mkOpts
237
253
  function mkOpts (_gitOpts, opts) {
238
254
  const gitOpts = {
239
255
  env: gitEnv()
240
256
  }
241
- if (+opts.uid && !isNaN(opts.uid)) {
257
+ const isRoot = process.getuid && process.getuid() === 0
258
+ // don't change child process uid/gid if not root
259
+ if (+opts.uid && !isNaN(opts.uid) && isRoot) {
242
260
  gitOpts.uid = +opts.uid
243
261
  }
244
- if (+opts.gid && !isNaN(opts.gid)) {
262
+ if (+opts.gid && !isNaN(opts.gid) && isRoot) {
245
263
  gitOpts.gid = +opts.gid
246
264
  }
247
265
  Object.assign(gitOpts, _gitOpts)
package/package.json CHANGED
@@ -1,7 +1,10 @@
1
1
  {
2
2
  "name": "pacote",
3
- "version": "9.5.8",
3
+ "version": "9.5.12",
4
4
  "description": "JavaScript package downloader",
5
+ "publishConfig": {
6
+ "tag": "v9-legacy"
7
+ },
5
8
  "main": "index.js",
6
9
  "files": [
7
10
  "*.js",
@@ -55,6 +58,7 @@
55
58
  "mississippi": "^3.0.0",
56
59
  "mkdirp": "^0.5.1",
57
60
  "normalize-package-data": "^2.4.0",
61
+ "npm-normalize-package-bin": "^1.0.0",
58
62
  "npm-package-arg": "^6.1.0",
59
63
  "npm-packlist": "^1.1.12",
60
64
  "npm-pick-manifest": "^3.0.0",
package/lib/.with-tarball-stream.js.swp DELETED
Binary file
package/lib/fetchers/.file.js.swp DELETED
Binary file