From 7887fb3d7ba7f05abeb49dd92b76d90422cb38ca Mon Sep 17 00:00:00 2001 From: Gar Date: Tue, 9 Nov 2021 14:33:33 -0800 Subject: [PATCH] fix: don't try to open file:/// urls These are never valid in the contexts from which this lib is called. Namely these are the bugs, docs, fund, help, and repo commands, and for oauth logins. PR-URL: https://github.com/npm/cli/pull/4025 Credit: @wraithgar Close: #4025 Reviewed-by: @isaacs --- lib/utils/open-url.js | 2 +- test/lib/utils/open-url.js | 18 +++++++++++++++++- 2 files changed, 18 insertions(+), 2 deletions(-) diff --git a/lib/utils/open-url.js b/lib/utils/open-url.js index 21368efe7bc0..ddbbddccf3be 100644 --- a/lib/utils/open-url.js +++ b/lib/utils/open-url.js @@ -25,7 +25,7 @@ const open = async (npm, url, errMsg) => { } try { - if (!/^(https?|file):$/.test(new URL(url).protocol)) { + if (!/^https?:$/.test(new URL(url).protocol)) { throw new Error() } } catch (_) { diff --git a/test/lib/utils/open-url.js b/test/lib/utils/open-url.js index e4792ae5f5e3..cc63af12943a 100644 --- a/test/lib/utils/open-url.js +++ b/test/lib/utils/open-url.js @@ -41,7 +41,7 @@ t.test('opens a url', async t => { t.same(OUTPUT, [], 'printed no output') }) -t.test('returns error for non-https and non-file url', async t => { +t.test('returns error for non-https url', async t => { t.teardown(() => { openerUrl = null openerOpts = null @@ -57,6 +57,22 @@ t.test('returns error for non-https and non-file url', async t => { t.same(OUTPUT, [], 'printed no output') }) +t.test('returns error for file url', async t => { + t.teardown(() => { + openerUrl = null + openerOpts = null + OUTPUT.length = 0 + }) + await t.rejects( + openUrl(npm, 'file:///usr/local/bin/ls', 'npm home'), + /Invalid URL/, + 'got the correct error' + ) + t.equal(openerUrl, null, 'did not open') + t.same(openerOpts, null, 'did not open') + t.same(OUTPUT, [], 'printed no output') +}) + t.test('returns error for non-parseable url', async t => { t.teardown(() => { openerUrl = null