registry-sync 3.2.5 → 3.3.3

package/README.md

@@ -25,13 +25,22 @@ The local copy can then be used as a simple private NPM registry without publish
     --root <path>            Path to save NPM package tarballs and metadata to
     --manifest <file>        Path to a package-lock.json or yarn.lock file to use as catalog for mirrored NPM packages
     --localUrl <url>         URL to use as root in stored package metadata (i.e. where folder defined as --root will be exposed at)
-    --binaryAbi <list>       Comma-separated list of node C++ ABI numbers to download pre-built binaries for. See NODE_MODULE_VERSION column in https://nodejs.org/en/download/releases/
-    --binaryArch <list>      Comma-separated list of CPU architectures to download pre-built binaries for. Valid values: arm, ia32, and x64
-    --binaryPlatform <list>  Comma-separated list of OS platforms to download pre-built binaries for. Valid values: linux, darwin, win32, sunos, freebsd, openbsd, and aix
-    --registryUrl [url]      Optional URL to use as NPM registry when fetching packages. Default value is https://registry.npmjs.org
-    --registryToken [string] Optional Bearer token for the registry
+    --binaryAbi <list>       Optional comma-separated list of node C++ ABI numbers to download pre-built binaries for.
+                             See NODE_MODULE_VERSION column in https://nodejs.org/en/download/releases/.
+                             Default value is from the current Node.js process.
+    --binaryArch <list>      Optional comma-separated list of CPU architectures to download pre-built binaries for.
+                             Valid values: arm, ia32, and x64.
+                             Default value is from the current Node.js process.
+    --binaryPlatform <list>  Optional comma-separated list of OS platforms to download pre-built binaries for.
+                             Valid values: linux, darwin, win32, sunos, freebsd, openbsd, and aix.
+                             Default value is from the current Node.js process.
+    --registryUrl [url]      Optional URL to use as NPM registry when fetching packages.
+                             Default value is https://registry.npmjs.org
+    --registryToken [string] Optional Bearer token for the registry.
+                             Not included by default.
     --dontEnforceHttps       Disable the default behavior of downloading tarballs over HTTPS (will use whichever protocol is defined in the registry metadata)
-    --includeDev             Include also packages found from devDependencies section of the --manifest. Not included by default.
+    --includeDev             Include also packages found from devDependencies section of the --manifest.
+                             Not included by default.
     --dryRun                 Print packages that would be downloaded but do not download them
 
 Example:
@@ -109,5 +118,5 @@ See [releases](https://github.com/heikkipora/registry-sync/releases).
 
 ## Contributing
 
-Pull requests are welcome. Kindly check that your code passes ESLint checks by running `npm run eslint` first.
+Pull requests are welcome. Kindly check that your code passes ESLint checks by running `npm run eslint:check` first.
 Integration tests can be run with `npm test`. Both are anyway run automatically by GitHub Actions.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "registry-sync",
-  "version": "3.2.5",
+  "version": "3.3.3",
   "description": "synchronize a remote npm registry for private use",
   "repository": "https://github.com/heikkipora/registry-sync",
   "bin": {
@@ -20,34 +20,35 @@
   "license": "MIT",
   "dependencies": {
     "@yarnpkg/lockfile": "1.1.0",
-    "axios": "0.21.1",
-    "commander": "8.1.0",
+    "axios": "0.24.0",
+    "commander": "8.3.0",
     "semver": "7.3.5",
     "ssri": "8.0.1",
     "tar-fs": "2.1.1"
   },
   "devDependencies": {
-    "@arkweid/lefthook": "0.7.6",
-    "@types/chai": "4.2.21",
-    "@types/lodash": "4.14.171",
+    "@arkweid/lefthook": "0.7.7",
+    "@types/chai": "4.3.0",
+    "@types/lodash": "4.14.178",
     "@types/mocha": "9.0.0",
-    "@types/node": "16.4.5",
-    "@types/semver": "7.3.8",
+    "@types/node": "17.0.5",
+    "@types/semver": "7.3.9",
     "@types/ssri": "7.1.1",
     "@types/tar-fs": "2.0.1",
     "@types/yarnpkg__lockfile": "1.1.5",
-    "@typescript-eslint/eslint-plugin": "4.28.5",
-    "@typescript-eslint/parser": "4.28.5",
+    "@typescript-eslint/eslint-plugin": "5.8.1",
+    "@typescript-eslint/parser": "5.8.1",
     "chai": "4.3.4",
-    "eslint": "7.31.0",
+    "eslint": "8.5.0",
     "eslint-config-prettier": "8.3.0",
-    "eslint-plugin-mocha": "9.0.0",
-    "express": "4.17.1",
-    "lint-staged": "11.1.1",
-    "mocha": "9.0.3",
-    "prettier": "2.3.2",
-    "ts-node": "10.1.0",
-    "typescript": "4.3.5"
+    "eslint-formatter-codeframe": "7.32.1",
+    "eslint-plugin-mocha": "10.0.3",
+    "express": "4.17.2",
+    "lint-staged": "12.1.4",
+    "mocha": "9.1.3",
+    "prettier": "2.5.1",
+    "ts-node": "10.4.0",
+    "typescript": "4.5.4"
   },
   "keywords": [
     "registry",

package/src/download.js

@@ -24,19 +24,19 @@ async function download(registryUrl, registryToken, localUrl, rootFolder, prebui
     }
     const localFolder = await ensureLocalFolderExists(name, rootFolder);
     let data = await downloadTarball(versionMetadata, enforceTarballsOverHttps, registryToken);
-    if (pregyp_1.hasPrebuiltBinaries(versionMetadata)) {
+    if ((0, pregyp_1.hasPrebuiltBinaries)(versionMetadata)) {
         const localPregypFolder = await ensureLocalFolderExists(version, localFolder);
-        await pregyp_1.downloadPrebuiltBinaries(versionMetadata, localPregypFolder, prebuiltBinaryProperties);
-        data = await metadata_1.rewriteMetadataInTarball(data, versionMetadata, localUrl, localFolder);
+        await (0, pregyp_1.downloadPrebuiltBinaries)(versionMetadata, localPregypFolder, prebuiltBinaryProperties);
+        data = await (0, metadata_1.rewriteMetadataInTarball)(data, versionMetadata, localUrl, localFolder);
     }
     await saveTarball(versionMetadata, data, localFolder);
-    metadata_1.rewriteVersionMetadata(versionMetadata, data, localUrl);
+    (0, metadata_1.rewriteVersionMetadata)(versionMetadata, data, localUrl);
     await updateMetadata(versionMetadata, registryMetadata, registryUrl, localFolder);
 }
 async function downloadTarball({ _id: id, dist }, enforceTarballsOverHttps, registryToken) {
     const tarballUrl = enforceTarballsOverHttps ? dist.tarball.replace('http://', 'https://') : dist.tarball;
-    const data = await client_1.fetchBinaryData(tarballUrl, registryToken);
-    integrity_1.verifyIntegrity(data, id, dist);
+    const data = await (0, client_1.fetchBinaryData)(tarballUrl, registryToken);
+    (0, integrity_1.verifyIntegrity)(data, id, dist);
     return data;
 }
 function saveTarball({ name, version }, data, localFolder) {
@@ -65,7 +65,7 @@ function saveMetadata(path, metadata) {
     return fs.promises.writeFile(path, json, 'utf8');
 }
 function tarballPath(name, version, localFolder) {
-    return path.join(localFolder, metadata_1.tarballFilename(name, version));
+    return path.join(localFolder, (0, metadata_1.tarballFilename)(name, version));
 }
 async function ensureLocalFolderExists(name, rootFolder) {
     const localFolder = path.resolve(rootFolder, name);
@@ -74,5 +74,5 @@ async function ensureLocalFolderExists(name, rootFolder) {
 }
 function fetchMetadataCloned(name, registryUrl, registryToken) {
     const urlSafeName = name.replace(/\//g, '%2f');
-    return client_1.fetchJsonWithCacheCloned(url.resolve(registryUrl, urlSafeName), registryToken);
+    return (0, client_1.fetchJsonWithCacheCloned)(url.resolve(registryUrl, urlSafeName), registryToken);
 }

package/src/index.js

@@ -12,9 +12,9 @@ program
     .requiredOption('--root <path>', 'Path to save NPM package tarballs and metadata to')
     .requiredOption('--manifest <file>', 'Path to a package-lock.json or yarn.lock file to use as catalog for mirrored NPM packages.')
     .requiredOption('--localUrl <url>', 'URL to use as root in stored package metadata (i.e. where folder defined as --root will be exposed at)')
-    .requiredOption('--binaryAbi <list>', 'Comma-separated list of node C++ ABI numbers to download pre-built binaries for. See NODE_MODULE_VERSION column in https://nodejs.org/en/download/releases/')
-    .requiredOption('--binaryArch <list>', 'Comma-separated list of CPU architectures to download pre-built binaries for. Valid values: arm, ia32, and x64')
-    .requiredOption('--binaryPlatform <list>', 'Comma-separated list of OS platforms to download pre-built binaries for. Valid values: linux, darwin, win32, sunos, freebsd, openbsd, and aix')
+    .option('--binaryAbi <list>', 'Comma-separated list of node C++ ABI numbers to download pre-built binaries for. See NODE_MODULE_VERSION column in https://nodejs.org/en/download/releases/')
+    .option('--binaryArch <list>', 'Comma-separated list of CPU architectures to download pre-built binaries for. Valid values: arm, ia32, and x64')
+    .option('--binaryPlatform <list>', 'Comma-separated list of OS platforms to download pre-built binaries for. Valid values: linux, darwin, win32, sunos, freebsd, openbsd, and aix')
     .option('--registryUrl [url]', 'Optional URL to use as NPM registry when fetching packages. Default value is https://registry.npmjs.org')
     .option('--registryToken [string]', 'Optional Bearer token for the registry.')
     .option('--dontEnforceHttps', 'Disable the default behavior of downloading tarballs over HTTPS (will use whichever protocol is defined in the registry metadata)')
@@ -22,9 +22,15 @@ program
     .option('--dryRun', 'Print packages that would be downloaded but do not download them')
     .parse(process.argv);
 const rawOptions = program.opts();
-const abis = rawOptions.binaryAbi.split(',').map(Number);
-const architectures = rawOptions.binaryArch.split(',');
-const platforms = rawOptions.binaryPlatform.split(',');
+// use current (abi,arch,platform) triplet as default if none is specified
+// so the user doesn't have to look them up if build is always done on the
+// same kind of machine
+const binaryAbi = rawOptions.binaryAbi || process.versions.modules;
+const binaryArch = rawOptions.binaryArch || process.arch;
+const binaryPlatform = rawOptions.binaryPlatform || process.platform;
+const abis = binaryAbi.split(',').map(Number);
+const architectures = binaryArch.split(',');
+const platforms = binaryPlatform.split(',');
 const prebuiltBinaryProperties = abis
     .map(abi => architectures.map(arch => platforms.map(platform => ({ abi, arch, platform }))).flat())
     .flat();
@@ -39,4 +45,4 @@ const options = {
     includeDevDependencies: Boolean(rawOptions.includeDev),
     dryRun: Boolean(rawOptions.dryRun)
 };
-sync_1.synchronize(options);
+(0, sync_1.synchronize)(options);

package/src/metadata.js

@@ -10,11 +10,11 @@ const stream_1 = require("stream");
 const integrity_1 = require("./integrity");
 function rewriteVersionMetadata(versionMetadata, data, localUrl) {
     versionMetadata.dist.tarball = localTarballUrl(versionMetadata, localUrl);
-    if (pregyp_1.hasPrebuiltBinaries(versionMetadata)) {
+    if ((0, pregyp_1.hasPrebuiltBinaries)(versionMetadata)) {
         versionMetadata.binary.host = localUrl.origin;
         versionMetadata.binary.remote_path = createPrebuiltBinaryRemotePath(localUrl, versionMetadata);
-        versionMetadata.dist.integrity = integrity_1.sha512(data);
-        versionMetadata.dist.shasum = integrity_1.sha1(data);
+        versionMetadata.dist.integrity = (0, integrity_1.sha512)(data);
+        versionMetadata.dist.shasum = (0, integrity_1.sha1)(data);
     }
 }
 exports.rewriteVersionMetadata = rewriteVersionMetadata;

package/src/pregyp.js

@@ -40,7 +40,7 @@ async function downloadPrebuiltBinary(localFolder, name, version, binary, abi, p
     }
 }
 function fetchPrebuiltBinary(name, version, binary, abi, platform, arch, napiVersion) {
-    return client_1.fetchBinaryData(prebuiltBinaryUrl(name, version, binary, abi, platform, arch, napiVersion), '');
+    return (0, client_1.fetchBinaryData)(prebuiltBinaryUrl(name, version, binary, abi, platform, arch, napiVersion), '');
 }
 function prebuiltBinaryFilePath(localFolder, name, version, binary, abi, platform, arch, napiVersion) {
     return path.join(localFolder, prebuiltBinaryFileName(name, version, binary, abi, platform, arch, napiVersion));

package/src/resolve.js

@@ -108,7 +108,7 @@ function resolveNpmPackagesFromYarnLockDependencies(yarnLockDependencies) {
         else {
             // Package pattern not yet recognized, continue with parsing logic from
             // https://github.com/yarnpkg/yarn/blob/953c8b6a20e360b097625d64189e6e56ed813e0f/src/package-request.js#L99
-            const { name: namePart, range: rangePart } = normalize_yarn_pattern_1.normalizeYarnPackagePattern(packagePattern);
+            const { name: namePart, range: rangePart } = (0, normalize_yarn_pattern_1.normalizeYarnPackagePattern)(packagePattern);
             if (isNonRegistryYarnPackagePattern(rangePart)) {
                 return filterMappedDependencies;
             }
@@ -163,7 +163,7 @@ async function dependenciesFromPackageLock(path, includeDevDependencies) {
     const dependencies = filename === YARN_LOCK_FILENAME
         ? await parseDependenciesFromYarnLockFile(path)
         : await parseDependenciesFromNpmLockFile(path, includeDevDependencies);
-    return dependencies.sort(sortById).filter(uniqueById);
+    return dependencies.sort(sortById).filter(uniqueById).filter(isNotLocal);
 }
 exports.dependenciesFromPackageLock = dependenciesFromPackageLock;
 function sortById(a, b) {
@@ -172,6 +172,14 @@ function sortById(a, b) {
 function uniqueById(value, index, values) {
     return values.findIndex(v => v.id === value.id) === index;
 }
+function isNotLocal(dependency) {
+    // if the version starts with the url scheme 'file:' that means that
+    // the package is fetched from the local filesystem relative to the
+    // package-lock that we were passed; it could for instance be a git
+    // submodule. this package will not be fetched through the web server
+    // that we set up anyway, so don't attempt to synchronize it
+    return !dependency.version.startsWith('file:');
+}
 function recurseNpmLockfileDependencies({ dependencies }, includeDevDependencies) {
     if (!dependencies) {
         return [];
@@ -197,7 +205,7 @@ function filterOutBundledAndDevDependencies([, props]) {
 }
 function isDeepEqual(a, b) {
     try {
-        assert_1.deepStrictEqual(a, b);
+        (0, assert_1.deepStrictEqual)(a, b);
         return true;
     }
     catch (ignored) {

package/src/sync.js

@@ -5,15 +5,15 @@ const download_1 = require("./download");
 const resolve_1 = require("./resolve");
 async function synchronize(options) {
     const cacheFilePath = `${options.rootFolder}/.registry-sync-cache.json`;
-    const packages = await resolve_1.dependenciesFromPackageLock(options.manifest, options.includeDevDependencies);
-    const newPackages = await resolve_1.dependenciesNotInCache(packages, cacheFilePath, options.prebuiltBinaryProperties);
+    const packages = await (0, resolve_1.dependenciesFromPackageLock)(options.manifest, options.includeDevDependencies);
+    const newPackages = await (0, resolve_1.dependenciesNotInCache)(packages, cacheFilePath, options.prebuiltBinaryProperties);
     if (options.dryRun) {
         console.log(newPackages.map(({ name, version }) => `${name}@${version}`).join('\n'));
         console.log(`\nWould download ${newPackages.length} packages.`);
     }
     else {
-        await download_1.downloadAll(newPackages, options);
-        await resolve_1.updateDependenciesCache(newPackages, cacheFilePath, options.prebuiltBinaryProperties);
+        await (0, download_1.downloadAll)(newPackages, options);
+        await (0, resolve_1.updateDependenciesCache)(newPackages, cacheFilePath, options.prebuiltBinaryProperties);
         console.log(`Downloaded ${newPackages.length} packages`);
     }
     return newPackages;