promptgraph-mcp 2.4.7 → 2.5.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +3 -6
- package/ann.js +23 -51
- package/api.js +200 -0
- package/config.js +14 -0
- package/db.js +48 -0
- package/embedder.js +10 -0
- package/github-import.js +167 -27
- package/indexer.js +49 -12
- package/marketplace.js +130 -7
- package/package.json +9 -3
- package/search.js +86 -20
- package/src/filter/hard-filter.js +2 -0
- package/src/filter/train.js +3 -1
- package/src/reranker/reranker.js +27 -0
- package/src/store/flat-store.js +61 -0
- package/src/store/hnsw-store.js +187 -0
- package/src/store/index.js +19 -0
- package/src/store/vector-store.js +9 -0
- package/src/utils/rate-limiter.js +33 -0
- package/validator.js +31 -1
- package/registry/training/bad/accepts-HISTORY.md +0 -250
- package/registry/training/bad/argparse-CHANGELOG.md +0 -185
- package/registry/training/bad/balanced-match-LICENSE.md +0 -23
- package/registry/training/bad/better-sqlite3-README.md +0 -99
- package/registry/training/bad/bindings-LICENSE.md +0 -22
- package/registry/training/bad/bl-LICENSE.md +0 -13
- package/registry/training/bad/body-parser-README.md +0 -494
- package/registry/training/bad/bytes-HISTORY.md +0 -97
- package/registry/training/bad/camelcase-README.md +0 -135
- package/registry/training/bad/chai-README.md +0 -162
- package/registry/training/bad/cli-progress-LICENSE.md +0 -24
- package/registry/training/bad/content-type-HISTORY.md +0 -29
- package/registry/training/bad/cookie-SECURITY.md +0 -25
- package/registry/training/bad/cookie-signature-HISTORY.md +0 -70
- package/registry/training/bad/cors-README.md +0 -277
- package/registry/training/bad/cross-spawn-README.md +0 -89
- package/registry/training/bad/deep-extend-CHANGELOG.md +0 -46
- package/registry/training/bad/depd-HISTORY.md +0 -103
- package/registry/training/bad/esprima-README.md +0 -46
- package/registry/training/bad/etag-HISTORY.md +0 -83
- package/registry/training/bad/expect-type-SECURITY.md +0 -14
- package/registry/training/bad/finalhandler-HISTORY.md +0 -239
- package/registry/training/bad/fresh-HISTORY.md +0 -80
- package/registry/training/bad/glob-LICENSE.md +0 -63
- package/registry/training/bad/hono-README.md +0 -85
- package/registry/training/bad/http-errors-HISTORY.md +0 -186
- package/registry/training/bad/jose-LICENSE.md +0 -21
- package/registry/training/bad/jose-README.md +0 -153
- package/registry/training/bad/js-yaml-README.md +0 -299
- package/registry/training/bad/json-schema-typed-LICENSE.md +0 -57
- package/registry/training/bad/json-stringify-safe-CHANGELOG.md +0 -14
- package/registry/training/bad/lru-cache-LICENSE.md +0 -55
- package/registry/training/bad/media-typer-HISTORY.md +0 -50
- package/registry/training/bad/minimatch-LICENSE.md +0 -55
- package/registry/training/bad/minimist-CHANGELOG.md +0 -298
- package/registry/training/bad/minimist-README.md +0 -121
- package/registry/training/bad/ms-LICENSE.md +0 -21
- package/registry/training/bad/negotiator-HISTORY.md +0 -114
- package/registry/training/bad/on-finished-HISTORY.md +0 -98
- package/registry/training/bad/pkce-challenge-CHANGELOG.md +0 -114
- package/registry/training/bad/postcss-README.md +0 -28
- package/registry/training/bad/prebuild-install-CHANGELOG.md +0 -131
- package/registry/training/bad/proxy-addr-HISTORY.md +0 -161
- package/registry/training/bad/qs-CHANGELOG.md +0 -822
- package/registry/training/bad/rc-README.md +0 -227
- package/registry/training/bad/readable-stream-CONTRIBUTING.md +0 -38
- package/registry/training/bad/router-HISTORY.md +0 -228
- package/registry/training/bad/semver-README.md +0 -680
- package/registry/training/bad/send-README.md +0 -317
- package/registry/training/bad/serve-static-README.md +0 -253
- package/registry/training/bad/statuses-HISTORY.md +0 -87
- package/registry/training/bad/type-is-HISTORY.md +0 -292
- package/registry/training/bad/vary-HISTORY.md +0 -39
- package/registry/training/bad/vite-LICENSE.md +0 -2230
- package/registry/training/bad/which-CHANGELOG.md +0 -166
- package/registry/training/bad/zod-README.md +0 -191
- package/registry/training/good/skills-store-autopilot.md +0 -85
- package/registry/training/good/skills-store-bot-builder.md +0 -70
- package/registry/training/good/skills-store-chain.md +0 -136
- package/registry/training/good/skills-store-evolve.md +0 -100
- package/registry/training/good/skills-store-game.md +0 -27
- package/registry/training/good/skills-store-hunt.md +0 -102
- package/registry/training/good/skills-store-intel.md +0 -56
- package/registry/training/good/skills-store-memory-gc.md +0 -58
- package/registry/training/good/skills-store-pcsort.md +0 -207
- package/registry/training/good/skills-store-pickup.md +0 -60
- package/registry/training/good/skills-store-recon.md +0 -141
- package/registry/training/good/skills-store-remember.md +0 -64
- package/registry/training/good/skills-store-report.md +0 -117
- package/registry/training/good/skills-store-router.md +0 -225
- package/registry/training/good/skills-store-search.md +0 -168
- package/registry/training/good/skills-store-surface.md +0 -53
- package/registry/training/good/skills-store-token-scan.md +0 -141
- package/registry/training/good/skills-store-triage.md +0 -97
- package/registry/training/good/skills-store-unity.md +0 -733
- package/registry/training/good/skills-store-validate.md +0 -135
- package/registry/training/good/skills-store-web3-audit.md +0 -217
- package/src/filter/cluster.js +0 -52
- package/src/filter/dedup.js +0 -36
|
@@ -1,277 +0,0 @@
|
|
|
1
|
-
# cors
|
|
2
|
-
|
|
3
|
-
[![NPM Version][npm-image]][npm-url]
|
|
4
|
-
[![NPM Downloads][downloads-image]][downloads-url]
|
|
5
|
-
[![Build Status][github-actions-ci-image]][github-actions-ci-url]
|
|
6
|
-
[![Test Coverage][coveralls-image]][coveralls-url]
|
|
7
|
-
|
|
8
|
-
CORS is a [Node.js](https://nodejs.org/en/) middleware for [Express](https://expressjs.com/)/[Connect](https://github.com/senchalabs/connect) that sets [CORS](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CORS) response headers. These headers tell browsers which origins can read responses from your server.
|
|
9
|
-
|
|
10
|
-
> [!IMPORTANT]
|
|
11
|
-
> **How CORS Works:** This package sets response headers—it doesn't block requests. CORS is enforced by browsers: they check the headers and decide if JavaScript can read the response. Non-browser clients (curl, Postman, other servers) ignore CORS entirely. See the [MDN CORS guide](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CORS) for details.
|
|
12
|
-
|
|
13
|
-
* [Installation](#installation)
|
|
14
|
-
* [Usage](#usage)
|
|
15
|
-
* [Simple Usage](#simple-usage-enable-all-cors-requests)
|
|
16
|
-
* [Enable CORS for a Single Route](#enable-cors-for-a-single-route)
|
|
17
|
-
* [Configuring CORS](#configuring-cors)
|
|
18
|
-
* [Configuring CORS w/ Dynamic Origin](#configuring-cors-w-dynamic-origin)
|
|
19
|
-
* [Enabling CORS Pre-Flight](#enabling-cors-pre-flight)
|
|
20
|
-
* [Customizing CORS Settings Dynamically per Request](#customizing-cors-settings-dynamically-per-request)
|
|
21
|
-
* [Configuration Options](#configuration-options)
|
|
22
|
-
* [Common Misconceptions](#common-misconceptions)
|
|
23
|
-
* [License](#license)
|
|
24
|
-
* [Original Author](#original-author)
|
|
25
|
-
|
|
26
|
-
## Installation
|
|
27
|
-
|
|
28
|
-
This is a [Node.js](https://nodejs.org/en/) module available through the
|
|
29
|
-
[npm registry](https://www.npmjs.com/). Installation is done using the
|
|
30
|
-
[`npm install` command](https://docs.npmjs.com/downloading-and-installing-packages-locally):
|
|
31
|
-
|
|
32
|
-
```sh
|
|
33
|
-
$ npm install cors
|
|
34
|
-
```
|
|
35
|
-
|
|
36
|
-
## Usage
|
|
37
|
-
|
|
38
|
-
### Simple Usage (Enable *All* CORS Requests)
|
|
39
|
-
|
|
40
|
-
```javascript
|
|
41
|
-
var express = require('express')
|
|
42
|
-
var cors = require('cors')
|
|
43
|
-
var app = express()
|
|
44
|
-
|
|
45
|
-
// Adds headers: Access-Control-Allow-Origin: *
|
|
46
|
-
app.use(cors())
|
|
47
|
-
|
|
48
|
-
app.get('/products/:id', function (req, res, next) {
|
|
49
|
-
res.json({msg: 'Hello'})
|
|
50
|
-
})
|
|
51
|
-
|
|
52
|
-
app.listen(80, function () {
|
|
53
|
-
console.log('web server listening on port 80')
|
|
54
|
-
})
|
|
55
|
-
```
|
|
56
|
-
|
|
57
|
-
### Enable CORS for a Single Route
|
|
58
|
-
|
|
59
|
-
```javascript
|
|
60
|
-
var express = require('express')
|
|
61
|
-
var cors = require('cors')
|
|
62
|
-
var app = express()
|
|
63
|
-
|
|
64
|
-
// Adds headers: Access-Control-Allow-Origin: *
|
|
65
|
-
app.get('/products/:id', cors(), function (req, res, next) {
|
|
66
|
-
res.json({msg: 'Hello'})
|
|
67
|
-
})
|
|
68
|
-
|
|
69
|
-
app.listen(80, function () {
|
|
70
|
-
console.log('web server listening on port 80')
|
|
71
|
-
})
|
|
72
|
-
```
|
|
73
|
-
|
|
74
|
-
### Configuring CORS
|
|
75
|
-
|
|
76
|
-
See the [configuration options](#configuration-options) for details.
|
|
77
|
-
|
|
78
|
-
```javascript
|
|
79
|
-
var express = require('express')
|
|
80
|
-
var cors = require('cors')
|
|
81
|
-
var app = express()
|
|
82
|
-
|
|
83
|
-
var corsOptions = {
|
|
84
|
-
origin: 'http://example.com',
|
|
85
|
-
optionsSuccessStatus: 200 // some legacy browsers (IE11, various SmartTVs) choke on 204
|
|
86
|
-
}
|
|
87
|
-
|
|
88
|
-
// Adds headers: Access-Control-Allow-Origin: http://example.com, Vary: Origin
|
|
89
|
-
app.get('/products/:id', cors(corsOptions), function (req, res, next) {
|
|
90
|
-
res.json({msg: 'Hello'})
|
|
91
|
-
})
|
|
92
|
-
|
|
93
|
-
app.listen(80, function () {
|
|
94
|
-
console.log('web server listening on port 80')
|
|
95
|
-
})
|
|
96
|
-
```
|
|
97
|
-
|
|
98
|
-
### Configuring CORS w/ Dynamic Origin
|
|
99
|
-
|
|
100
|
-
This module supports validating the origin dynamically using a function provided
|
|
101
|
-
to the `origin` option. This function will be passed a string that is the origin
|
|
102
|
-
(or `undefined` if the request has no origin), and a `callback` with the signature
|
|
103
|
-
`callback(error, origin)`.
|
|
104
|
-
|
|
105
|
-
The `origin` argument to the callback can be any value allowed for the `origin`
|
|
106
|
-
option of the middleware, except a function. See the
|
|
107
|
-
[configuration options](#configuration-options) section for more information on all
|
|
108
|
-
the possible value types.
|
|
109
|
-
|
|
110
|
-
This function is designed to allow the dynamic loading of allowed origin(s) from
|
|
111
|
-
a backing datasource, like a database.
|
|
112
|
-
|
|
113
|
-
```javascript
|
|
114
|
-
var express = require('express')
|
|
115
|
-
var cors = require('cors')
|
|
116
|
-
var app = express()
|
|
117
|
-
|
|
118
|
-
var corsOptions = {
|
|
119
|
-
origin: function (origin, callback) {
|
|
120
|
-
// db.loadOrigins is an example call to load
|
|
121
|
-
// a list of origins from a backing database
|
|
122
|
-
db.loadOrigins(function (error, origins) {
|
|
123
|
-
callback(error, origins)
|
|
124
|
-
})
|
|
125
|
-
}
|
|
126
|
-
}
|
|
127
|
-
|
|
128
|
-
// Adds headers: Access-Control-Allow-Origin: <matched origin>, Vary: Origin
|
|
129
|
-
app.get('/products/:id', cors(corsOptions), function (req, res, next) {
|
|
130
|
-
res.json({msg: 'Hello'})
|
|
131
|
-
})
|
|
132
|
-
|
|
133
|
-
app.listen(80, function () {
|
|
134
|
-
console.log('web server listening on port 80')
|
|
135
|
-
})
|
|
136
|
-
```
|
|
137
|
-
|
|
138
|
-
### Enabling CORS Pre-Flight
|
|
139
|
-
|
|
140
|
-
Certain CORS requests are considered 'complex' and require an initial
|
|
141
|
-
`OPTIONS` request (called the "pre-flight request"). An example of a
|
|
142
|
-
'complex' CORS request is one that uses an HTTP verb other than
|
|
143
|
-
GET/HEAD/POST (such as DELETE) or that uses custom headers. To enable
|
|
144
|
-
pre-flighting, you must add a new OPTIONS handler for the route you want
|
|
145
|
-
to support:
|
|
146
|
-
|
|
147
|
-
```javascript
|
|
148
|
-
var express = require('express')
|
|
149
|
-
var cors = require('cors')
|
|
150
|
-
var app = express()
|
|
151
|
-
|
|
152
|
-
app.options('/products/:id', cors()) // preflight for DELETE
|
|
153
|
-
app.del('/products/:id', cors(), function (req, res, next) {
|
|
154
|
-
res.json({msg: 'Hello'})
|
|
155
|
-
})
|
|
156
|
-
|
|
157
|
-
app.listen(80, function () {
|
|
158
|
-
console.log('web server listening on port 80')
|
|
159
|
-
})
|
|
160
|
-
```
|
|
161
|
-
|
|
162
|
-
You can also enable pre-flight across-the-board like so:
|
|
163
|
-
|
|
164
|
-
```javascript
|
|
165
|
-
app.options('*', cors()) // include before other routes
|
|
166
|
-
```
|
|
167
|
-
|
|
168
|
-
NOTE: When using this middleware as an application level middleware (for
|
|
169
|
-
example, `app.use(cors())`), pre-flight requests are already handled for all
|
|
170
|
-
routes.
|
|
171
|
-
|
|
172
|
-
### Customizing CORS Settings Dynamically per Request
|
|
173
|
-
|
|
174
|
-
For APIs that require different CORS configurations for specific routes or requests, you can dynamically generate CORS options based on the incoming request. The `cors` middleware allows you to achieve this by passing a function instead of static options. This function is called for each incoming request and must use the callback pattern to return the appropriate CORS options.
|
|
175
|
-
|
|
176
|
-
The function accepts:
|
|
177
|
-
1. **`req`**:
|
|
178
|
-
- The incoming request object.
|
|
179
|
-
|
|
180
|
-
2. **`callback(error, corsOptions)`**:
|
|
181
|
-
- A function used to return the computed CORS options.
|
|
182
|
-
- **Arguments**:
|
|
183
|
-
- **`error`**: Pass `null` if there’s no error, or an error object to indicate a failure.
|
|
184
|
-
- **`corsOptions`**: An object specifying the CORS policy for the current request.
|
|
185
|
-
|
|
186
|
-
Here’s an example that handles both public routes and restricted, credential-sensitive routes:
|
|
187
|
-
|
|
188
|
-
```javascript
|
|
189
|
-
var dynamicCorsOptions = function(req, callback) {
|
|
190
|
-
var corsOptions;
|
|
191
|
-
if (req.path.startsWith('/auth/connect/')) {
|
|
192
|
-
// Access-Control-Allow-Origin: http://mydomain.com, Access-Control-Allow-Credentials: true, Vary: Origin
|
|
193
|
-
corsOptions = {
|
|
194
|
-
origin: 'http://mydomain.com',
|
|
195
|
-
credentials: true
|
|
196
|
-
};
|
|
197
|
-
} else {
|
|
198
|
-
// Access-Control-Allow-Origin: *
|
|
199
|
-
corsOptions = { origin: '*' };
|
|
200
|
-
}
|
|
201
|
-
callback(null, corsOptions);
|
|
202
|
-
};
|
|
203
|
-
|
|
204
|
-
app.use(cors(dynamicCorsOptions));
|
|
205
|
-
|
|
206
|
-
app.get('/auth/connect/twitter', function (req, res) {
|
|
207
|
-
res.send('Hello');
|
|
208
|
-
});
|
|
209
|
-
|
|
210
|
-
app.get('/public', function (req, res) {
|
|
211
|
-
res.send('Hello');
|
|
212
|
-
});
|
|
213
|
-
|
|
214
|
-
app.listen(80, function () {
|
|
215
|
-
console.log('web server listening on port 80')
|
|
216
|
-
})
|
|
217
|
-
```
|
|
218
|
-
|
|
219
|
-
## Configuration Options
|
|
220
|
-
|
|
221
|
-
* `origin`: Configures the **Access-Control-Allow-Origin** CORS header. Possible values:
|
|
222
|
-
- `Boolean` - set `origin` to `true` to reflect the [request origin](https://datatracker.ietf.org/doc/html/draft-abarth-origin-09), as defined by `req.header('Origin')`, or set it to `false` to disable CORS.
|
|
223
|
-
- `String` - set `origin` to a specific origin. For example, if you set it to
|
|
224
|
-
- `"http://example.com"` only requests from "http://example.com" will be allowed.
|
|
225
|
-
- `"*"` for all domains to be allowed.
|
|
226
|
-
- `RegExp` - set `origin` to a regular expression pattern which will be used to test the request origin. If it's a match, the request origin will be reflected. For example the pattern `/example\.com$/` will reflect any request that is coming from an origin ending with "example.com".
|
|
227
|
-
- `Array` - set `origin` to an array of valid origins. Each origin can be a `String` or a `RegExp`. For example `["http://example1.com", /\.example2\.com$/]` will accept any request from "http://example1.com" or from a subdomain of "example2.com".
|
|
228
|
-
- `Function` - set `origin` to a function implementing some custom logic. The function takes the request origin as the first parameter and a callback (called as `callback(err, origin)`, where `origin` is a non-function value of the `origin` option) as the second.
|
|
229
|
-
* `methods`: Configures the **Access-Control-Allow-Methods** CORS header. Expects a comma-delimited string (ex: 'GET,PUT,POST') or an array (ex: `['GET', 'PUT', 'POST']`).
|
|
230
|
-
* `allowedHeaders`: Configures the **Access-Control-Allow-Headers** CORS header. Expects a comma-delimited string (ex: 'Content-Type,Authorization') or an array (ex: `['Content-Type', 'Authorization']`). If not specified, defaults to reflecting the headers specified in the request's **Access-Control-Request-Headers** header.
|
|
231
|
-
* `exposedHeaders`: Configures the **Access-Control-Expose-Headers** CORS header. Expects a comma-delimited string (ex: 'Content-Range,X-Content-Range') or an array (ex: `['Content-Range', 'X-Content-Range']`). If not specified, no custom headers are exposed.
|
|
232
|
-
* `credentials`: Configures the **Access-Control-Allow-Credentials** CORS header. Set to `true` to pass the header, otherwise it is omitted.
|
|
233
|
-
* `maxAge`: Configures the **Access-Control-Max-Age** CORS header. Set to an integer to pass the header, otherwise it is omitted.
|
|
234
|
-
* `preflightContinue`: Pass the CORS preflight response to the next handler.
|
|
235
|
-
* `optionsSuccessStatus`: Provides a status code to use for successful `OPTIONS` requests, since some legacy browsers (IE11, various SmartTVs) choke on `204`.
|
|
236
|
-
|
|
237
|
-
The default configuration is the equivalent of:
|
|
238
|
-
|
|
239
|
-
```json
|
|
240
|
-
{
|
|
241
|
-
"origin": "*",
|
|
242
|
-
"methods": "GET,HEAD,PUT,PATCH,POST,DELETE",
|
|
243
|
-
"preflightContinue": false,
|
|
244
|
-
"optionsSuccessStatus": 204
|
|
245
|
-
}
|
|
246
|
-
```
|
|
247
|
-
|
|
248
|
-
## Common Misconceptions
|
|
249
|
-
|
|
250
|
-
### "CORS blocks requests from disallowed origins"
|
|
251
|
-
|
|
252
|
-
**No.** Your server receives and processes every request. CORS headers tell the browser whether JavaScript can read the response—not whether the request is allowed.
|
|
253
|
-
|
|
254
|
-
### "CORS protects my API from unauthorized access"
|
|
255
|
-
|
|
256
|
-
**No.** CORS is not access control. Any HTTP client (curl, Postman, another server) can call your API regardless of CORS settings. Use authentication and authorization to protect your API.
|
|
257
|
-
|
|
258
|
-
### "Setting `origin: 'http://example.com'` means only that domain can access my server"
|
|
259
|
-
|
|
260
|
-
**No.** It means browsers will only let JavaScript from that origin read responses. The server still responds to all requests.
|
|
261
|
-
|
|
262
|
-
## License
|
|
263
|
-
|
|
264
|
-
[MIT License](http://www.opensource.org/licenses/mit-license.php)
|
|
265
|
-
|
|
266
|
-
## Original Author
|
|
267
|
-
|
|
268
|
-
[Troy Goode](https://github.com/TroyGoode) ([troygoode@gmail.com](mailto:troygoode@gmail.com))
|
|
269
|
-
|
|
270
|
-
[coveralls-image]: https://img.shields.io/coveralls/expressjs/cors/master.svg
|
|
271
|
-
[coveralls-url]: https://coveralls.io/r/expressjs/cors?branch=master
|
|
272
|
-
[downloads-image]: https://img.shields.io/npm/dm/cors.svg
|
|
273
|
-
[downloads-url]: https://npmjs.com/package/cors
|
|
274
|
-
[github-actions-ci-image]: https://img.shields.io/github/actions/workflow/status/expressjs/cors/ci.yml?branch=master&label=ci
|
|
275
|
-
[github-actions-ci-url]: https://github.com/expressjs/cors?query=workflow%3Aci
|
|
276
|
-
[npm-image]: https://img.shields.io/npm/v/cors.svg
|
|
277
|
-
[npm-url]: https://npmjs.com/package/cors
|
|
@@ -1,89 +0,0 @@
|
|
|
1
|
-
# cross-spawn
|
|
2
|
-
|
|
3
|
-
[![NPM version][npm-image]][npm-url] [![Downloads][downloads-image]][npm-url] [![Build Status][ci-image]][ci-url] [![Build status][appveyor-image]][appveyor-url]
|
|
4
|
-
|
|
5
|
-
[npm-url]:https://npmjs.org/package/cross-spawn
|
|
6
|
-
[downloads-image]:https://img.shields.io/npm/dm/cross-spawn.svg
|
|
7
|
-
[npm-image]:https://img.shields.io/npm/v/cross-spawn.svg
|
|
8
|
-
[ci-url]:https://github.com/moxystudio/node-cross-spawn/actions/workflows/ci.yaml
|
|
9
|
-
[ci-image]:https://github.com/moxystudio/node-cross-spawn/actions/workflows/ci.yaml/badge.svg
|
|
10
|
-
[appveyor-url]:https://ci.appveyor.com/project/satazor/node-cross-spawn
|
|
11
|
-
[appveyor-image]:https://img.shields.io/appveyor/ci/satazor/node-cross-spawn/master.svg
|
|
12
|
-
|
|
13
|
-
A cross platform solution to node's spawn and spawnSync.
|
|
14
|
-
|
|
15
|
-
## Installation
|
|
16
|
-
|
|
17
|
-
Node.js version 8 and up:
|
|
18
|
-
`$ npm install cross-spawn`
|
|
19
|
-
|
|
20
|
-
Node.js version 7 and under:
|
|
21
|
-
`$ npm install cross-spawn@6`
|
|
22
|
-
|
|
23
|
-
## Why
|
|
24
|
-
|
|
25
|
-
Node has issues when using spawn on Windows:
|
|
26
|
-
|
|
27
|
-
- It ignores [PATHEXT](https://github.com/joyent/node/issues/2318)
|
|
28
|
-
- It does not support [shebangs](https://en.wikipedia.org/wiki/Shebang_(Unix))
|
|
29
|
-
- Has problems running commands with [spaces](https://github.com/nodejs/node/issues/7367)
|
|
30
|
-
- Has problems running commands with posix relative paths (e.g.: `./my-folder/my-executable`)
|
|
31
|
-
- Has an [issue](https://github.com/moxystudio/node-cross-spawn/issues/82) with command shims (files in `node_modules/.bin/`), where arguments with quotes and parenthesis would result in [invalid syntax error](https://github.com/moxystudio/node-cross-spawn/blob/e77b8f22a416db46b6196767bcd35601d7e11d54/test/index.test.js#L149)
|
|
32
|
-
- No `options.shell` support on node `<v4.8`
|
|
33
|
-
|
|
34
|
-
All these issues are handled correctly by `cross-spawn`.
|
|
35
|
-
There are some known modules, such as [win-spawn](https://github.com/ForbesLindesay/win-spawn), that try to solve this but they are either broken or provide faulty escaping of shell arguments.
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
## Usage
|
|
39
|
-
|
|
40
|
-
Exactly the same way as node's [`spawn`](https://nodejs.org/api/child_process.html#child_process_child_process_spawn_command_args_options) or [`spawnSync`](https://nodejs.org/api/child_process.html#child_process_child_process_spawnsync_command_args_options), so it's a drop in replacement.
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
```js
|
|
44
|
-
const spawn = require('cross-spawn');
|
|
45
|
-
|
|
46
|
-
// Spawn NPM asynchronously
|
|
47
|
-
const child = spawn('npm', ['list', '-g', '-depth', '0'], { stdio: 'inherit' });
|
|
48
|
-
|
|
49
|
-
// Spawn NPM synchronously
|
|
50
|
-
const result = spawn.sync('npm', ['list', '-g', '-depth', '0'], { stdio: 'inherit' });
|
|
51
|
-
```
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
## Caveats
|
|
55
|
-
|
|
56
|
-
### Using `options.shell` as an alternative to `cross-spawn`
|
|
57
|
-
|
|
58
|
-
Starting from node `v4.8`, `spawn` has a `shell` option that allows you run commands from within a shell. This new option solves
|
|
59
|
-
the [PATHEXT](https://github.com/joyent/node/issues/2318) issue but:
|
|
60
|
-
|
|
61
|
-
- It's not supported in node `<v4.8`
|
|
62
|
-
- You must manually escape the command and arguments which is very error prone, specially when passing user input
|
|
63
|
-
- There are a lot of other unresolved issues from the [Why](#why) section that you must take into account
|
|
64
|
-
|
|
65
|
-
If you are using the `shell` option to spawn a command in a cross platform way, consider using `cross-spawn` instead. You have been warned.
|
|
66
|
-
|
|
67
|
-
### `options.shell` support
|
|
68
|
-
|
|
69
|
-
While `cross-spawn` adds support for `options.shell` in node `<v4.8`, all of its enhancements are disabled.
|
|
70
|
-
|
|
71
|
-
This mimics the Node.js behavior. More specifically, the command and its arguments will not be automatically escaped nor shebang support will be offered. This is by design because if you are using `options.shell` you are probably targeting a specific platform anyway and you don't want things to get into your way.
|
|
72
|
-
|
|
73
|
-
### Shebangs support
|
|
74
|
-
|
|
75
|
-
While `cross-spawn` handles shebangs on Windows, its support is limited. More specifically, it just supports `#!/usr/bin/env <program>` where `<program>` must not contain any arguments.
|
|
76
|
-
If you would like to have the shebang support improved, feel free to contribute via a pull-request.
|
|
77
|
-
|
|
78
|
-
Remember to always test your code on Windows!
|
|
79
|
-
|
|
80
|
-
|
|
81
|
-
## Tests
|
|
82
|
-
|
|
83
|
-
`$ npm test`
|
|
84
|
-
`$ npm test -- --watch` during development
|
|
85
|
-
|
|
86
|
-
|
|
87
|
-
## License
|
|
88
|
-
|
|
89
|
-
Released under the [MIT License](https://www.opensource.org/licenses/mit-license.php).
|
|
@@ -1,46 +0,0 @@
|
|
|
1
|
-
Changelog
|
|
2
|
-
=========
|
|
3
|
-
|
|
4
|
-
v0.6.0
|
|
5
|
-
------
|
|
6
|
-
|
|
7
|
-
- Updated "devDependencies" versions to fix vulnerability alerts
|
|
8
|
-
- Dropped support of io.js and node.js v0.12.x and lower since new versions of
|
|
9
|
-
"devDependencies" couldn't work with those old node.js versions
|
|
10
|
-
(minimal supported version of node.js now is v4.0.0)
|
|
11
|
-
|
|
12
|
-
v0.5.1
|
|
13
|
-
------
|
|
14
|
-
|
|
15
|
-
- Fix prototype pollution vulnerability (thanks to @mwakerman for the PR)
|
|
16
|
-
- Avoid using deprecated Buffer API (thanks to @ChALkeR for the PR)
|
|
17
|
-
|
|
18
|
-
v0.5.0
|
|
19
|
-
------
|
|
20
|
-
|
|
21
|
-
- Auto-testing provided by Travis CI;
|
|
22
|
-
- Support older Node.JS versions (`v0.11.x` and `v0.10.x`);
|
|
23
|
-
- Removed tests files from npm package.
|
|
24
|
-
|
|
25
|
-
v0.4.2
|
|
26
|
-
------
|
|
27
|
-
|
|
28
|
-
- Fix for `null` as an argument.
|
|
29
|
-
|
|
30
|
-
v0.4.1
|
|
31
|
-
------
|
|
32
|
-
|
|
33
|
-
- Removed test code from <b>npm</b> package
|
|
34
|
-
([see pull request #21](https://github.com/unclechu/node-deep-extend/pull/21));
|
|
35
|
-
- Increased minimal version of Node from `0.4.0` to `0.12.0`
|
|
36
|
-
(because can't run tests on lesser version anyway).
|
|
37
|
-
|
|
38
|
-
v0.4.0
|
|
39
|
-
------
|
|
40
|
-
|
|
41
|
-
- **WARNING!** Broken backward compatibility with `v0.3.x`;
|
|
42
|
-
- Fixed bug with extending arrays instead of cloning;
|
|
43
|
-
- Deep cloning for arrays;
|
|
44
|
-
- Check for own property;
|
|
45
|
-
- Fixed some documentation issues;
|
|
46
|
-
- Strict JS mode.
|
|
@@ -1,103 +0,0 @@
|
|
|
1
|
-
2.0.0 / 2018-10-26
|
|
2
|
-
==================
|
|
3
|
-
|
|
4
|
-
* Drop support for Node.js 0.6
|
|
5
|
-
* Replace internal `eval` usage with `Function` constructor
|
|
6
|
-
* Use instance methods on `process` to check for listeners
|
|
7
|
-
|
|
8
|
-
1.1.2 / 2018-01-11
|
|
9
|
-
==================
|
|
10
|
-
|
|
11
|
-
* perf: remove argument reassignment
|
|
12
|
-
* Support Node.js 0.6 to 9.x
|
|
13
|
-
|
|
14
|
-
1.1.1 / 2017-07-27
|
|
15
|
-
==================
|
|
16
|
-
|
|
17
|
-
* Remove unnecessary `Buffer` loading
|
|
18
|
-
* Support Node.js 0.6 to 8.x
|
|
19
|
-
|
|
20
|
-
1.1.0 / 2015-09-14
|
|
21
|
-
==================
|
|
22
|
-
|
|
23
|
-
* Enable strict mode in more places
|
|
24
|
-
* Support io.js 3.x
|
|
25
|
-
* Support io.js 2.x
|
|
26
|
-
* Support web browser loading
|
|
27
|
-
- Requires bundler like Browserify or webpack
|
|
28
|
-
|
|
29
|
-
1.0.1 / 2015-04-07
|
|
30
|
-
==================
|
|
31
|
-
|
|
32
|
-
* Fix `TypeError`s when under `'use strict'` code
|
|
33
|
-
* Fix useless type name on auto-generated messages
|
|
34
|
-
* Support io.js 1.x
|
|
35
|
-
* Support Node.js 0.12
|
|
36
|
-
|
|
37
|
-
1.0.0 / 2014-09-17
|
|
38
|
-
==================
|
|
39
|
-
|
|
40
|
-
* No changes
|
|
41
|
-
|
|
42
|
-
0.4.5 / 2014-09-09
|
|
43
|
-
==================
|
|
44
|
-
|
|
45
|
-
* Improve call speed to functions using the function wrapper
|
|
46
|
-
* Support Node.js 0.6
|
|
47
|
-
|
|
48
|
-
0.4.4 / 2014-07-27
|
|
49
|
-
==================
|
|
50
|
-
|
|
51
|
-
* Work-around v8 generating empty stack traces
|
|
52
|
-
|
|
53
|
-
0.4.3 / 2014-07-26
|
|
54
|
-
==================
|
|
55
|
-
|
|
56
|
-
* Fix exception when global `Error.stackTraceLimit` is too low
|
|
57
|
-
|
|
58
|
-
0.4.2 / 2014-07-19
|
|
59
|
-
==================
|
|
60
|
-
|
|
61
|
-
* Correct call site for wrapped functions and properties
|
|
62
|
-
|
|
63
|
-
0.4.1 / 2014-07-19
|
|
64
|
-
==================
|
|
65
|
-
|
|
66
|
-
* Improve automatic message generation for function properties
|
|
67
|
-
|
|
68
|
-
0.4.0 / 2014-07-19
|
|
69
|
-
==================
|
|
70
|
-
|
|
71
|
-
* Add `TRACE_DEPRECATION` environment variable
|
|
72
|
-
* Remove non-standard grey color from color output
|
|
73
|
-
* Support `--no-deprecation` argument
|
|
74
|
-
* Support `--trace-deprecation` argument
|
|
75
|
-
* Support `deprecate.property(fn, prop, message)`
|
|
76
|
-
|
|
77
|
-
0.3.0 / 2014-06-16
|
|
78
|
-
==================
|
|
79
|
-
|
|
80
|
-
* Add `NO_DEPRECATION` environment variable
|
|
81
|
-
|
|
82
|
-
0.2.0 / 2014-06-15
|
|
83
|
-
==================
|
|
84
|
-
|
|
85
|
-
* Add `deprecate.property(obj, prop, message)`
|
|
86
|
-
* Remove `supports-color` dependency for node.js 0.8
|
|
87
|
-
|
|
88
|
-
0.1.0 / 2014-06-15
|
|
89
|
-
==================
|
|
90
|
-
|
|
91
|
-
* Add `deprecate.function(fn, message)`
|
|
92
|
-
* Add `process.on('deprecation', fn)` emitter
|
|
93
|
-
* Automatically generate message when omitted from `deprecate()`
|
|
94
|
-
|
|
95
|
-
0.0.1 / 2014-06-15
|
|
96
|
-
==================
|
|
97
|
-
|
|
98
|
-
* Fix warning for dynamic calls at singe call site
|
|
99
|
-
|
|
100
|
-
0.0.0 / 2014-06-15
|
|
101
|
-
==================
|
|
102
|
-
|
|
103
|
-
* Initial implementation
|
|
@@ -1,46 +0,0 @@
|
|
|
1
|
-
[](https://www.npmjs.com/package/esprima)
|
|
2
|
-
[](https://www.npmjs.com/package/esprima)
|
|
3
|
-
[](https://travis-ci.org/jquery/esprima)
|
|
4
|
-
[](https://codecov.io/github/jquery/esprima)
|
|
5
|
-
|
|
6
|
-
**Esprima** ([esprima.org](http://esprima.org), BSD license) is a high performance,
|
|
7
|
-
standard-compliant [ECMAScript](http://www.ecma-international.org/publications/standards/Ecma-262.htm)
|
|
8
|
-
parser written in ECMAScript (also popularly known as
|
|
9
|
-
[JavaScript](https://en.wikipedia.org/wiki/JavaScript)).
|
|
10
|
-
Esprima is created and maintained by [Ariya Hidayat](https://twitter.com/ariyahidayat),
|
|
11
|
-
with the help of [many contributors](https://github.com/jquery/esprima/contributors).
|
|
12
|
-
|
|
13
|
-
### Features
|
|
14
|
-
|
|
15
|
-
- Full support for ECMAScript 2017 ([ECMA-262 8th Edition](http://www.ecma-international.org/publications/standards/Ecma-262.htm))
|
|
16
|
-
- Sensible [syntax tree format](https://github.com/estree/estree/blob/master/es5.md) as standardized by [ESTree project](https://github.com/estree/estree)
|
|
17
|
-
- Experimental support for [JSX](https://facebook.github.io/jsx/), a syntax extension for [React](https://facebook.github.io/react/)
|
|
18
|
-
- Optional tracking of syntax node location (index-based and line-column)
|
|
19
|
-
- [Heavily tested](http://esprima.org/test/ci.html) (~1500 [unit tests](https://github.com/jquery/esprima/tree/master/test/fixtures) with [full code coverage](https://codecov.io/github/jquery/esprima))
|
|
20
|
-
|
|
21
|
-
### API
|
|
22
|
-
|
|
23
|
-
Esprima can be used to perform [lexical analysis](https://en.wikipedia.org/wiki/Lexical_analysis) (tokenization) or [syntactic analysis](https://en.wikipedia.org/wiki/Parsing) (parsing) of a JavaScript program.
|
|
24
|
-
|
|
25
|
-
A simple example on Node.js REPL:
|
|
26
|
-
|
|
27
|
-
```javascript
|
|
28
|
-
> var esprima = require('esprima');
|
|
29
|
-
> var program = 'const answer = 42';
|
|
30
|
-
|
|
31
|
-
> esprima.tokenize(program);
|
|
32
|
-
[ { type: 'Keyword', value: 'const' },
|
|
33
|
-
{ type: 'Identifier', value: 'answer' },
|
|
34
|
-
{ type: 'Punctuator', value: '=' },
|
|
35
|
-
{ type: 'Numeric', value: '42' } ]
|
|
36
|
-
|
|
37
|
-
> esprima.parseScript(program);
|
|
38
|
-
{ type: 'Program',
|
|
39
|
-
body:
|
|
40
|
-
[ { type: 'VariableDeclaration',
|
|
41
|
-
declarations: [Object],
|
|
42
|
-
kind: 'const' } ],
|
|
43
|
-
sourceType: 'script' }
|
|
44
|
-
```
|
|
45
|
-
|
|
46
|
-
For more information, please read the [complete documentation](http://esprima.org/doc).
|
|
@@ -1,83 +0,0 @@
|
|
|
1
|
-
1.8.1 / 2017-09-12
|
|
2
|
-
==================
|
|
3
|
-
|
|
4
|
-
* perf: replace regular expression with substring
|
|
5
|
-
|
|
6
|
-
1.8.0 / 2017-02-18
|
|
7
|
-
==================
|
|
8
|
-
|
|
9
|
-
* Use SHA1 instead of MD5 for ETag hashing
|
|
10
|
-
- Improves performance for larger entities
|
|
11
|
-
- Works with FIPS 140-2 OpenSSL configuration
|
|
12
|
-
|
|
13
|
-
1.7.0 / 2015-06-08
|
|
14
|
-
==================
|
|
15
|
-
|
|
16
|
-
* Always include entity length in ETags for hash length extensions
|
|
17
|
-
* Generate non-Stats ETags using MD5 only (no longer CRC32)
|
|
18
|
-
* Improve stat performance by removing hashing
|
|
19
|
-
* Remove base64 padding in ETags to shorten
|
|
20
|
-
* Use MD5 instead of MD4 in weak ETags over 1KB
|
|
21
|
-
|
|
22
|
-
1.6.0 / 2015-05-10
|
|
23
|
-
==================
|
|
24
|
-
|
|
25
|
-
* Improve support for JXcore
|
|
26
|
-
* Remove requirement of `atime` in the stats object
|
|
27
|
-
* Support "fake" stats objects in environments without `fs`
|
|
28
|
-
|
|
29
|
-
1.5.1 / 2014-11-19
|
|
30
|
-
==================
|
|
31
|
-
|
|
32
|
-
* deps: crc@3.2.1
|
|
33
|
-
- Minor fixes
|
|
34
|
-
|
|
35
|
-
1.5.0 / 2014-10-14
|
|
36
|
-
==================
|
|
37
|
-
|
|
38
|
-
* Improve string performance
|
|
39
|
-
* Slightly improve speed for weak ETags over 1KB
|
|
40
|
-
|
|
41
|
-
1.4.0 / 2014-09-21
|
|
42
|
-
==================
|
|
43
|
-
|
|
44
|
-
* Support "fake" stats objects
|
|
45
|
-
* Support Node.js 0.6
|
|
46
|
-
|
|
47
|
-
1.3.1 / 2014-09-14
|
|
48
|
-
==================
|
|
49
|
-
|
|
50
|
-
* Use the (new and improved) `crc` for crc32
|
|
51
|
-
|
|
52
|
-
1.3.0 / 2014-08-29
|
|
53
|
-
==================
|
|
54
|
-
|
|
55
|
-
* Default strings to strong ETags
|
|
56
|
-
* Improve speed for weak ETags over 1KB
|
|
57
|
-
|
|
58
|
-
1.2.1 / 2014-08-29
|
|
59
|
-
==================
|
|
60
|
-
|
|
61
|
-
* Use the (much faster) `buffer-crc32` for crc32
|
|
62
|
-
|
|
63
|
-
1.2.0 / 2014-08-24
|
|
64
|
-
==================
|
|
65
|
-
|
|
66
|
-
* Add support for file stat objects
|
|
67
|
-
|
|
68
|
-
1.1.0 / 2014-08-24
|
|
69
|
-
==================
|
|
70
|
-
|
|
71
|
-
* Add fast-path for empty entity
|
|
72
|
-
* Add weak ETag generation
|
|
73
|
-
* Shrink size of generated ETags
|
|
74
|
-
|
|
75
|
-
1.0.1 / 2014-08-24
|
|
76
|
-
==================
|
|
77
|
-
|
|
78
|
-
* Fix behavior of string containing Unicode
|
|
79
|
-
|
|
80
|
-
1.0.0 / 2014-05-18
|
|
81
|
-
==================
|
|
82
|
-
|
|
83
|
-
* Initial release
|
|
@@ -1,14 +0,0 @@
|
|
|
1
|
-
# Security Policy
|
|
2
|
-
|
|
3
|
-
## Supported Versions
|
|
4
|
-
|
|
5
|
-
Version 1.0.0 will be supported with security updates.
|
|
6
|
-
|
|
7
|
-
| Version | Supported |
|
|
8
|
-
| ------- | ------------------ |
|
|
9
|
-
| 1.x.x | :white_check_mark: |
|
|
10
|
-
| < 1.0 | :x: |
|
|
11
|
-
|
|
12
|
-
## Reporting a Vulnerability
|
|
13
|
-
|
|
14
|
-
To report a security vulnerability, please use the [Tidelift security contact](https://tidelift.com/security). Tidelift will coordinate the fix and disclosure.
|