From 8f7abbe4c3ceba451eb422c6328d623e7c8eeed5 Mon Sep 17 00:00:00 2001 From: Luke Karrys Date: Thu, 25 Aug 2022 12:50:48 -0700 Subject: [PATCH] deps: npm-packlist@5.1.3 --- DEPENDENCIES.md | 2 + .../node_modules/npm-bundled/LICENSE | 15 ++ .../node_modules/npm-bundled/lib/index.js | 254 ++++++++++++++++++ .../npm-normalize-package-bin/LICENSE | 15 ++ .../npm-normalize-package-bin/index.js | 60 +++++ .../npm-normalize-package-bin/package.json | 21 ++ .../npm-normalize-package-bin/test/array.js | 37 +++ .../npm-normalize-package-bin/test/nobin.js | 35 +++ .../npm-normalize-package-bin/test/object.js | 141 ++++++++++ .../npm-normalize-package-bin/test/string.js | 37 +++ .../node_modules/npm-bundled/package.json | 47 ++++ .../npm-normalize-package-bin/LICENSE | 15 ++ .../npm-normalize-package-bin/lib/index.js | 64 +++++ .../npm-normalize-package-bin/package.json | 41 +++ node_modules/npm-packlist/package.json | 10 +- package-lock.json | 37 ++- 16 files changed, 821 insertions(+), 10 deletions(-) create mode 100644 node_modules/npm-packlist/node_modules/npm-bundled/LICENSE create mode 100644 node_modules/npm-packlist/node_modules/npm-bundled/lib/index.js create mode 100644 node_modules/npm-packlist/node_modules/npm-bundled/node_modules/npm-normalize-package-bin/LICENSE create mode 100644 node_modules/npm-packlist/node_modules/npm-bundled/node_modules/npm-normalize-package-bin/index.js create mode 100644 node_modules/npm-packlist/node_modules/npm-bundled/node_modules/npm-normalize-package-bin/package.json create mode 100644 node_modules/npm-packlist/node_modules/npm-bundled/node_modules/npm-normalize-package-bin/test/array.js create mode 100644 node_modules/npm-packlist/node_modules/npm-bundled/node_modules/npm-normalize-package-bin/test/nobin.js create mode 100644 node_modules/npm-packlist/node_modules/npm-bundled/node_modules/npm-normalize-package-bin/test/object.js create mode 100644 node_modules/npm-packlist/node_modules/npm-bundled/node_modules/npm-normalize-package-bin/test/string.js create mode 100644 node_modules/npm-packlist/node_modules/npm-bundled/package.json create mode 100644 node_modules/npm-packlist/node_modules/npm-normalize-package-bin/LICENSE create mode 100644 node_modules/npm-packlist/node_modules/npm-normalize-package-bin/lib/index.js create mode 100644 node_modules/npm-packlist/node_modules/npm-normalize-package-bin/package.json diff --git a/DEPENDENCIES.md b/DEPENDENCIES.md index 1ddd85b3d411d..4a38c6f488714 100644 --- a/DEPENDENCIES.md +++ b/DEPENDENCIES.md @@ -106,6 +106,7 @@ graph LR; npm-->npm-audit-report; npm-->npm-install-checks; npm-->npm-package-arg; + npm-->npm-packlist; npm-->npm-profile; npm-->npm-registry-fetch; npm-->npm-user-validate; @@ -510,6 +511,7 @@ graph LR; npm-->npm-audit-report; npm-->npm-install-checks; npm-->npm-package-arg; + npm-->npm-packlist; npm-->npm-pick-manifest; npm-->npm-profile; npm-->npm-registry-fetch; diff --git a/node_modules/npm-packlist/node_modules/npm-bundled/LICENSE b/node_modules/npm-packlist/node_modules/npm-bundled/LICENSE new file mode 100644 index 0000000000000..20a4762540923 --- /dev/null +++ b/node_modules/npm-packlist/node_modules/npm-bundled/LICENSE @@ -0,0 +1,15 @@ +The ISC License + +Copyright (c) npm, Inc. and Contributors + +Permission to use, copy, modify, and/or distribute this software for any +purpose with or without fee is hereby granted, provided that the above +copyright notice and this permission notice appear in all copies. + +THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR +IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. diff --git a/node_modules/npm-packlist/node_modules/npm-bundled/lib/index.js b/node_modules/npm-packlist/node_modules/npm-bundled/lib/index.js new file mode 100644 index 0000000000000..4f54ca647c087 --- /dev/null +++ b/node_modules/npm-packlist/node_modules/npm-bundled/lib/index.js @@ -0,0 +1,254 @@ +'use strict' + +// walk the tree of deps starting from the top level list of bundled deps +// Any deps at the top level that are depended on by a bundled dep that +// does not have that dep in its own node_modules folder are considered +// bundled deps as well. This list of names can be passed to npm-packlist +// as the "bundled" argument. Additionally, packageJsonCache is shared so +// packlist doesn't have to re-read files already consumed in this pass + +const fs = require('fs') +const path = require('path') +const EE = require('events').EventEmitter +// we don't care about the package bins, but we share a pj cache +// with other modules that DO care about it, so keep it nice. +const normalizePackageBin = require('npm-normalize-package-bin') + +class BundleWalker extends EE { + constructor (opt) { + opt = opt || {} + super(opt) + this.path = path.resolve(opt.path || process.cwd()) + + this.parent = opt.parent || null + if (this.parent) { + this.result = this.parent.result + // only collect results in node_modules folders at the top level + // since the node_modules in a bundled dep is included always + if (!this.parent.parent) { + const base = path.basename(this.path) + const scope = path.basename(path.dirname(this.path)) + this.result.add(/^@/.test(scope) ? scope + '/' + base : base) + } + this.root = this.parent.root + this.packageJsonCache = this.parent.packageJsonCache + } else { + this.result = new Set() + this.root = this.path + this.packageJsonCache = opt.packageJsonCache || new Map() + } + + this.seen = new Set() + this.didDone = false + this.children = 0 + this.node_modules = [] + this.package = null + this.bundle = null + } + + addListener (ev, fn) { + return this.on(ev, fn) + } + + on (ev, fn) { + const ret = super.on(ev, fn) + if (ev === 'done' && this.didDone) { + this.emit('done', this.result) + } + return ret + } + + done () { + if (!this.didDone) { + this.didDone = true + if (!this.parent) { + const res = Array.from(this.result) + this.result = res + this.emit('done', res) + } else { + this.emit('done') + } + } + } + + start () { + const pj = path.resolve(this.path, 'package.json') + if (this.packageJsonCache.has(pj)) { + this.onPackage(this.packageJsonCache.get(pj)) + } else { + this.readPackageJson(pj) + } + return this + } + + readPackageJson (pj) { + fs.readFile(pj, (er, data) => + er ? this.done() : this.onPackageJson(pj, data)) + } + + onPackageJson (pj, data) { + try { + this.package = normalizePackageBin(JSON.parse(data + '')) + } catch (er) { + return this.done() + } + this.packageJsonCache.set(pj, this.package) + this.onPackage(this.package) + } + + allDepsBundled (pkg) { + return Object.keys(pkg.dependencies || {}).concat( + Object.keys(pkg.optionalDependencies || {})) + } + + onPackage (pkg) { + // all deps are bundled if we got here as a child. + // otherwise, only bundle bundledDeps + // Get a unique-ified array with a short-lived Set + const bdRaw = this.parent ? this.allDepsBundled(pkg) + : pkg.bundleDependencies || pkg.bundledDependencies || [] + + const bd = Array.from(new Set( + Array.isArray(bdRaw) ? bdRaw + : bdRaw === true ? this.allDepsBundled(pkg) + : Object.keys(bdRaw))) + + if (!bd.length) { + return this.done() + } + + this.bundle = bd + this.readModules() + } + + readModules () { + readdirNodeModules(this.path + '/node_modules', (er, nm) => + er ? this.onReaddir([]) : this.onReaddir(nm)) + } + + onReaddir (nm) { + // keep track of what we have, in case children need it + this.node_modules = nm + + this.bundle.forEach(dep => this.childDep(dep)) + if (this.children === 0) { + this.done() + } + } + + childDep (dep) { + if (this.node_modules.indexOf(dep) !== -1) { + if (!this.seen.has(dep)) { + this.seen.add(dep) + this.child(dep) + } + } else if (this.parent) { + this.parent.childDep(dep) + } + } + + child (dep) { + const p = this.path + '/node_modules/' + dep + this.children += 1 + const child = new BundleWalker({ + path: p, + parent: this, + }) + child.on('done', _ => { + if (--this.children === 0) { + this.done() + } + }) + child.start() + } +} + +class BundleWalkerSync extends BundleWalker { + start () { + super.start() + this.done() + return this + } + + readPackageJson (pj) { + try { + this.onPackageJson(pj, fs.readFileSync(pj)) + } catch { + // empty catch + } + return this + } + + readModules () { + try { + this.onReaddir(readdirNodeModulesSync(this.path + '/node_modules')) + } catch { + this.onReaddir([]) + } + } + + child (dep) { + new BundleWalkerSync({ + path: this.path + '/node_modules/' + dep, + parent: this, + }).start() + } +} + +const readdirNodeModules = (nm, cb) => { + fs.readdir(nm, (er, set) => { + if (er) { + cb(er) + } else { + const scopes = set.filter(f => /^@/.test(f)) + if (!scopes.length) { + cb(null, set) + } else { + const unscoped = set.filter(f => !/^@/.test(f)) + let count = scopes.length + scopes.forEach(scope => { + fs.readdir(nm + '/' + scope, (readdirEr, pkgs) => { + if (readdirEr || !pkgs.length) { + unscoped.push(scope) + } else { + unscoped.push.apply(unscoped, pkgs.map(p => scope + '/' + p)) + } + if (--count === 0) { + cb(null, unscoped) + } + }) + }) + } + } + }) +} + +const readdirNodeModulesSync = nm => { + const set = fs.readdirSync(nm) + const unscoped = set.filter(f => !/^@/.test(f)) + const scopes = set.filter(f => /^@/.test(f)).map(scope => { + try { + const pkgs = fs.readdirSync(nm + '/' + scope) + return pkgs.length ? pkgs.map(p => scope + '/' + p) : [scope] + } catch (er) { + return [scope] + } + }).reduce((a, b) => a.concat(b), []) + return unscoped.concat(scopes) +} + +const walk = (options, callback) => { + const p = new Promise((resolve, reject) => { + new BundleWalker(options).on('done', resolve).on('error', reject).start() + }) + return callback ? p.then(res => callback(null, res), callback) : p +} + +const walkSync = options => { + return new BundleWalkerSync(options).start().result +} + +module.exports = walk +walk.sync = walkSync +walk.BundleWalker = BundleWalker +walk.BundleWalkerSync = BundleWalkerSync diff --git a/node_modules/npm-packlist/node_modules/npm-bundled/node_modules/npm-normalize-package-bin/LICENSE b/node_modules/npm-packlist/node_modules/npm-bundled/node_modules/npm-normalize-package-bin/LICENSE new file mode 100644 index 0000000000000..19cec97b18468 --- /dev/null +++ b/node_modules/npm-packlist/node_modules/npm-bundled/node_modules/npm-normalize-package-bin/LICENSE @@ -0,0 +1,15 @@ +The ISC License + +Copyright (c) npm, Inc. + +Permission to use, copy, modify, and/or distribute this software for any +purpose with or without fee is hereby granted, provided that the above +copyright notice and this permission notice appear in all copies. + +THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR +IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. diff --git a/node_modules/npm-packlist/node_modules/npm-bundled/node_modules/npm-normalize-package-bin/index.js b/node_modules/npm-packlist/node_modules/npm-bundled/node_modules/npm-normalize-package-bin/index.js new file mode 100644 index 0000000000000..5a738ff82e1e3 --- /dev/null +++ b/node_modules/npm-packlist/node_modules/npm-bundled/node_modules/npm-normalize-package-bin/index.js @@ -0,0 +1,60 @@ +// pass in a manifest with a 'bin' field here, and it'll turn it +// into a properly santized bin object +const {join, basename} = require('path') + +const normalize = pkg => + !pkg.bin ? removeBin(pkg) + : typeof pkg.bin === 'string' ? normalizeString(pkg) + : Array.isArray(pkg.bin) ? normalizeArray(pkg) + : typeof pkg.bin === 'object' ? normalizeObject(pkg) + : removeBin(pkg) + +const normalizeString = pkg => { + if (!pkg.name) + return removeBin(pkg) + pkg.bin = { [pkg.name]: pkg.bin } + return normalizeObject(pkg) +} + +const normalizeArray = pkg => { + pkg.bin = pkg.bin.reduce((acc, k) => { + acc[basename(k)] = k + return acc + }, {}) + return normalizeObject(pkg) +} + +const removeBin = pkg => { + delete pkg.bin + return pkg +} + +const normalizeObject = pkg => { + const orig = pkg.bin + const clean = {} + let hasBins = false + Object.keys(orig).forEach(binKey => { + const base = join('/', basename(binKey.replace(/\\|:/g, '/'))).substr(1) + + if (typeof orig[binKey] !== 'string' || !base) + return + + const binTarget = join('/', orig[binKey]) + .replace(/\\/g, '/').substr(1) + + if (!binTarget) + return + + clean[base] = binTarget + hasBins = true + }) + + if (hasBins) + pkg.bin = clean + else + delete pkg.bin + + return pkg +} + +module.exports = normalize diff --git a/node_modules/npm-packlist/node_modules/npm-bundled/node_modules/npm-normalize-package-bin/package.json b/node_modules/npm-packlist/node_modules/npm-bundled/node_modules/npm-normalize-package-bin/package.json new file mode 100644 index 0000000000000..a331a682e74e0 --- /dev/null +++ b/node_modules/npm-packlist/node_modules/npm-bundled/node_modules/npm-normalize-package-bin/package.json @@ -0,0 +1,21 @@ +{ + "name": "npm-normalize-package-bin", + "version": "1.0.1", + "description": "Turn any flavor of allowable package.json bin into a normalized object", + "repository": "git+https://github.com/npm/npm-normalize-package-bin", + "author": "Isaac Z. Schlueter (https://izs.me)", + "license": "ISC", + "scripts": { + "test": "tap", + "snap": "tap", + "preversion": "npm test", + "postversion": "npm publish", + "postpublish": "git push origin --follow-tags" + }, + "tap": { + "check-coverage": true + }, + "devDependencies": { + "tap": "^14.10.2" + } +} diff --git a/node_modules/npm-packlist/node_modules/npm-bundled/node_modules/npm-normalize-package-bin/test/array.js b/node_modules/npm-packlist/node_modules/npm-bundled/node_modules/npm-normalize-package-bin/test/array.js new file mode 100644 index 0000000000000..63dafa8913741 --- /dev/null +++ b/node_modules/npm-packlist/node_modules/npm-bundled/node_modules/npm-normalize-package-bin/test/array.js @@ -0,0 +1,37 @@ +const normalize = require('../') +const t = require('tap') + +t.test('benign array', async t => { + const pkg = { name: 'hello', version: 'world', bin: ['./x/y', 'y/z', './a'] } + const expect = { name: 'hello', version: 'world', bin: { + y: 'x/y', + z: 'y/z', + a: 'a', + } } + t.strictSame(normalize(pkg), expect) + t.strictSame(normalize(normalize(pkg)), expect, 'double sanitize ok') +}) + +t.test('conflicting array', async t => { + const pkg = { name: 'hello', version: 'world', bin: ['./x/y', 'z/y', './a'] } + const expect = { name: 'hello', version: 'world', bin: { + y: 'z/y', + a: 'a', + } } + t.strictSame(normalize(pkg), expect) + t.strictSame(normalize(normalize(pkg)), expect, 'double sanitize ok') +}) + +t.test('slashy array', async t => { + const pkg = { name: 'hello', version: 'world', bin: [ '/etc/passwd' ] } + const expect = { name: 'hello', version: 'world', bin: { passwd: 'etc/passwd' } } + t.strictSame(normalize(pkg), expect) + t.strictSame(normalize(normalize(pkg)), expect, 'double sanitize ok') +}) + +t.test('dotty array', async t => { + const pkg = { name: 'hello', version: 'world', bin: ['../../../../etc/passwd'] } + const expect = { name: 'hello', version: 'world', bin: { passwd: 'etc/passwd' } } + t.strictSame(normalize(pkg), expect) + t.strictSame(normalize(normalize(pkg)), expect, 'double sanitize ok') +}) diff --git a/node_modules/npm-packlist/node_modules/npm-bundled/node_modules/npm-normalize-package-bin/test/nobin.js b/node_modules/npm-packlist/node_modules/npm-bundled/node_modules/npm-normalize-package-bin/test/nobin.js new file mode 100644 index 0000000000000..536d7eb22f68a --- /dev/null +++ b/node_modules/npm-packlist/node_modules/npm-bundled/node_modules/npm-normalize-package-bin/test/nobin.js @@ -0,0 +1,35 @@ +const normalize = require('../') +const t = require('tap') + +// all of these just delete the bins, so expect the same value +const expect = { name: 'hello', version: 'world' } + +t.test('no bin in object', async t => { + const pkg = { name: 'hello', version: 'world' } + t.strictSame(normalize(pkg), expect) + t.strictSame(normalize(normalize(pkg)), expect, 'double sanitize ok') +}) + +t.test('empty string bin in object', async t => { + const pkg = { name: 'hello', version: 'world', bin: '' } + t.strictSame(normalize(pkg), expect) + t.strictSame(normalize(normalize(pkg)), expect, 'double sanitize ok') +}) + +t.test('false bin in object', async t => { + const pkg = { name: 'hello', version: 'world', bin: false } + t.strictSame(normalize(pkg), expect) + t.strictSame(normalize(normalize(pkg)), expect, 'double sanitize ok') +}) + +t.test('null bin in object', async t => { + const pkg = { name: 'hello', version: 'world', bin: null } + t.strictSame(normalize(pkg), expect) + t.strictSame(normalize(normalize(pkg)), expect, 'double sanitize ok') +}) + +t.test('number bin', async t => { + const pkg = { name: 'hello', version: 'world', bin: 42069 } + t.strictSame(normalize(pkg), expect) + t.strictSame(normalize(normalize(pkg)), expect, 'double sanitize ok') +}) diff --git a/node_modules/npm-packlist/node_modules/npm-bundled/node_modules/npm-normalize-package-bin/test/object.js b/node_modules/npm-packlist/node_modules/npm-bundled/node_modules/npm-normalize-package-bin/test/object.js new file mode 100644 index 0000000000000..00d23684fb75b --- /dev/null +++ b/node_modules/npm-packlist/node_modules/npm-bundled/node_modules/npm-normalize-package-bin/test/object.js @@ -0,0 +1,141 @@ +const normalize = require('../') +const t = require('tap') + +t.test('benign object', async t => { + // just clean up the ./ in the targets and remove anything weird + const pkg = { name: 'hello', version: 'world', bin: { + y: './x/y', + z: './y/z', + a: './a', + } } + const expect = { name: 'hello', version: 'world', bin: { + y: 'x/y', + z: 'y/z', + a: 'a', + } } + t.strictSame(normalize(pkg), expect) + t.strictSame(normalize(normalize(pkg)), expect, 'double sanitize ok') +}) + +t.test('empty and non-string targets', async t => { + // just clean up the ./ in the targets and remove anything weird + const pkg = { name: 'hello', version: 'world', bin: { + z: './././', + y: '', + './x': 'x.js', + re: /asdf/, + foo: { bar: 'baz' }, + false: false, + null: null, + array: [1,2,3], + func: function () {}, + } } + const expect = { name: 'hello', version: 'world', bin: { + x: 'x.js', + } } + t.strictSame(normalize(pkg), expect) + t.strictSame(normalize(normalize(pkg)), expect, 'double sanitize ok') +}) + +t.test('slashy object', async t => { + const pkg = { name: 'hello', version: 'world', bin: { + '/path/foo': '/etc/passwd', + 'bar': '/etc/passwd', + '/etc/glorb/baz': '/etc/passwd', + '/etc/passwd:/bin/usr/exec': '/etc/passwd', + } } + const expect = { + name: 'hello', + version: 'world', + bin: { + foo: 'etc/passwd', + bar: 'etc/passwd', + baz: 'etc/passwd', + exec: 'etc/passwd', + } + } + t.strictSame(normalize(pkg), expect) + t.strictSame(normalize(normalize(pkg)), expect, 'double sanitize ok') +}) + +t.test('dotty object', async t => { + const pkg = { + name: 'hello', + version: 'world', + bin: { + 'nodots': '../../../../etc/passwd', + '../../../../../../dots': '../../../../etc/passwd', + '.././../\\./..//C:\\./': 'this is removed', + '.././../\\./..//C:\\/': 'super safe programming language', + '.././../\\./..//C:\\x\\y\\z/': 'xyz', + } } + const expect = { name: 'hello', version: 'world', bin: { + nodots: 'etc/passwd', + dots: 'etc/passwd', + C: 'super safe programming language', + z: 'xyz', + } } + t.strictSame(normalize(pkg), expect) + t.strictSame(normalize(normalize(pkg)), expect, 'double sanitize ok') +}) + +t.test('weird object', async t => { + const pkg = { name: 'hello', version: 'world', bin: /asdf/ } + const expect = { name: 'hello', version: 'world' } + t.strictSame(normalize(pkg), expect) + t.strictSame(normalize(normalize(pkg)), expect, 'double sanitize ok') +}) + +t.test('oddball keys', async t => { + const pkg = { + bin: { + '~': 'target', + '£': 'target', + 'ζ': 'target', + 'ぎ': 'target', + '操': 'target', + '🎱': 'target', + '💎': 'target', + '💸': 'target', + '🦉': 'target', + 'сheck-dom': 'target', + 'Ωpm': 'target', + 'ζλ': 'target', + 'мга': 'target', + 'пше': 'target', + 'тзч': 'target', + 'тзь': 'target', + 'нфкт': 'target', + 'ссср': 'target', + '君の名は': 'target', + '君の名は': 'target', + } + } + + const expect = { + bin: { + '~': 'target', + '£': 'target', + 'ζ': 'target', + 'ぎ': 'target', + '操': 'target', + '🎱': 'target', + '💎': 'target', + '💸': 'target', + '🦉': 'target', + 'сheck-dom': 'target', + 'Ωpm': 'target', + 'ζλ': 'target', + 'мга': 'target', + 'пше': 'target', + 'тзч': 'target', + 'тзь': 'target', + 'нфкт': 'target', + 'ссср': 'target', + '君の名は': 'target', + }, + } + + t.strictSame(normalize(pkg), expect) + t.strictSame(normalize(normalize(pkg)), expect, 'double sanitize ok') +}) diff --git a/node_modules/npm-packlist/node_modules/npm-bundled/node_modules/npm-normalize-package-bin/test/string.js b/node_modules/npm-packlist/node_modules/npm-bundled/node_modules/npm-normalize-package-bin/test/string.js new file mode 100644 index 0000000000000..b6de8f8f589b5 --- /dev/null +++ b/node_modules/npm-packlist/node_modules/npm-bundled/node_modules/npm-normalize-package-bin/test/string.js @@ -0,0 +1,37 @@ +const normalize = require('../') +const t = require('tap') + +t.test('benign string', async t => { + const pkg = { name: 'hello', version: 'world', bin: 'hello.js' } + const expect = { name: 'hello', version: 'world', bin: { hello: 'hello.js' } } + t.strictSame(normalize(pkg), expect) + t.strictSame(normalize(normalize(pkg)), expect, 'double sanitize ok') +}) + +t.test('slashy string', async t => { + const pkg = { name: 'hello', version: 'world', bin: '/etc/passwd' } + const expect = { name: 'hello', version: 'world', bin: { hello: 'etc/passwd' } } + t.strictSame(normalize(pkg), expect) + t.strictSame(normalize(normalize(pkg)), expect, 'double sanitize ok') +}) + +t.test('dotty string', async t => { + const pkg = { name: 'hello', version: 'world', bin: '../../../../etc/passwd' } + const expect = { name: 'hello', version: 'world', bin: { hello: 'etc/passwd' } } + t.strictSame(normalize(pkg), expect) + t.strictSame(normalize(normalize(pkg)), expect, 'double sanitize ok') +}) + +t.test('double path', async t => { + const pkg = { name: 'hello', version: 'world', bin: '/etc/passwd:/bin/usr/exec' } + const expect = { name: 'hello', version: 'world', bin: { hello: 'etc/passwd:/bin/usr/exec' } } + t.strictSame(normalize(pkg), expect) + t.strictSame(normalize(normalize(pkg)), expect, 'double sanitize ok') +}) + +t.test('string with no name', async t => { + const pkg = { bin: 'foobar.js' } + const expect = {} + t.strictSame(normalize(pkg), expect) + t.strictSame(normalize(normalize(pkg)), expect, 'double sanitize ok') +}) diff --git a/node_modules/npm-packlist/node_modules/npm-bundled/package.json b/node_modules/npm-packlist/node_modules/npm-bundled/package.json new file mode 100644 index 0000000000000..36b63fbdda77d --- /dev/null +++ b/node_modules/npm-packlist/node_modules/npm-bundled/package.json @@ -0,0 +1,47 @@ +{ + "name": "npm-bundled", + "version": "2.0.0", + "description": "list things in node_modules that are bundledDependencies, or transitive dependencies thereof", + "main": "lib/index.js", + "repository": { + "type": "git", + "url": "https://github.com/npm/npm-bundled.git" + }, + "author": "GitHub Inc.", + "license": "ISC", + "devDependencies": { + "@npmcli/eslint-config": "^3.1.0", + "@npmcli/template-oss": "3.5.0", + "mkdirp": "^1.0.4", + "mutate-fs": "^2.1.1", + "rimraf": "^3.0.2", + "tap": "^16.3.0" + }, + "scripts": { + "test": "tap", + "preversion": "npm test", + "postversion": "npm publish", + "postpublish": "git push origin --all; git push origin --tags", + "lint": "eslint \"**/*.js\"", + "postlint": "template-oss-check", + "template-oss-apply": "template-oss-apply --force", + "lintfix": "npm run lint -- --fix", + "prepublishOnly": "git push origin --follow-tags", + "snap": "tap", + "posttest": "npm run lint" + }, + "files": [ + "bin/", + "lib/" + ], + "dependencies": { + "npm-normalize-package-bin": "^1.0.1" + }, + "engines": { + "node": "^12.13.0 || ^14.15.0 || >=16.0.0" + }, + "templateOSS": { + "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.", + "version": "3.5.0" + } +} diff --git a/node_modules/npm-packlist/node_modules/npm-normalize-package-bin/LICENSE b/node_modules/npm-packlist/node_modules/npm-normalize-package-bin/LICENSE new file mode 100644 index 0000000000000..19cec97b18468 --- /dev/null +++ b/node_modules/npm-packlist/node_modules/npm-normalize-package-bin/LICENSE @@ -0,0 +1,15 @@ +The ISC License + +Copyright (c) npm, Inc. + +Permission to use, copy, modify, and/or distribute this software for any +purpose with or without fee is hereby granted, provided that the above +copyright notice and this permission notice appear in all copies. + +THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR +IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. diff --git a/node_modules/npm-packlist/node_modules/npm-normalize-package-bin/lib/index.js b/node_modules/npm-packlist/node_modules/npm-normalize-package-bin/lib/index.js new file mode 100644 index 0000000000000..d6f0a581b9e66 --- /dev/null +++ b/node_modules/npm-packlist/node_modules/npm-normalize-package-bin/lib/index.js @@ -0,0 +1,64 @@ +// pass in a manifest with a 'bin' field here, and it'll turn it +// into a properly santized bin object +const { join, basename } = require('path') + +const normalize = pkg => + !pkg.bin ? removeBin(pkg) + : typeof pkg.bin === 'string' ? normalizeString(pkg) + : Array.isArray(pkg.bin) ? normalizeArray(pkg) + : typeof pkg.bin === 'object' ? normalizeObject(pkg) + : removeBin(pkg) + +const normalizeString = pkg => { + if (!pkg.name) { + return removeBin(pkg) + } + pkg.bin = { [pkg.name]: pkg.bin } + return normalizeObject(pkg) +} + +const normalizeArray = pkg => { + pkg.bin = pkg.bin.reduce((acc, k) => { + acc[basename(k)] = k + return acc + }, {}) + return normalizeObject(pkg) +} + +const removeBin = pkg => { + delete pkg.bin + return pkg +} + +const normalizeObject = pkg => { + const orig = pkg.bin + const clean = {} + let hasBins = false + Object.keys(orig).forEach(binKey => { + const base = join('/', basename(binKey.replace(/\\|:/g, '/'))).slice(1) + + if (typeof orig[binKey] !== 'string' || !base) { + return + } + + const binTarget = join('/', orig[binKey]) + .replace(/\\/g, '/').slice(1) + + if (!binTarget) { + return + } + + clean[base] = binTarget + hasBins = true + }) + + if (hasBins) { + pkg.bin = clean + } else { + delete pkg.bin + } + + return pkg +} + +module.exports = normalize diff --git a/node_modules/npm-packlist/node_modules/npm-normalize-package-bin/package.json b/node_modules/npm-packlist/node_modules/npm-normalize-package-bin/package.json new file mode 100644 index 0000000000000..02de808d9b702 --- /dev/null +++ b/node_modules/npm-packlist/node_modules/npm-normalize-package-bin/package.json @@ -0,0 +1,41 @@ +{ + "name": "npm-normalize-package-bin", + "version": "2.0.0", + "description": "Turn any flavor of allowable package.json bin into a normalized object", + "main": "lib/index.js", + "repository": { + "type": "git", + "url": "https://github.com/npm/npm-normalize-package-bin.git" + }, + "author": "GitHub Inc.", + "license": "ISC", + "scripts": { + "test": "tap", + "snap": "tap", + "preversion": "npm test", + "postversion": "npm publish", + "postpublish": "git push origin --follow-tags", + "lint": "eslint \"**/*.js\"", + "postlint": "template-oss-check", + "template-oss-apply": "template-oss-apply --force", + "lintfix": "npm run lint -- --fix", + "prepublishOnly": "git push origin --follow-tags", + "posttest": "npm run lint" + }, + "devDependencies": { + "@npmcli/eslint-config": "^3.1.0", + "@npmcli/template-oss": "3.5.0", + "tap": "^16.3.0" + }, + "files": [ + "bin/", + "lib/" + ], + "engines": { + "node": "^12.13.0 || ^14.15.0 || >=16.0.0" + }, + "templateOSS": { + "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.", + "version": "3.5.0" + } +} diff --git a/node_modules/npm-packlist/package.json b/node_modules/npm-packlist/package.json index 4c63caf21e810..c3c8817202a39 100644 --- a/node_modules/npm-packlist/package.json +++ b/node_modules/npm-packlist/package.json @@ -1,6 +1,6 @@ { "name": "npm-packlist", - "version": "5.1.1", + "version": "5.1.3", "description": "Get a list of the files to add from a folder into an npm package", "directories": { "test": "test" @@ -9,8 +9,8 @@ "dependencies": { "glob": "^8.0.1", "ignore-walk": "^5.0.1", - "npm-bundled": "^1.1.2", - "npm-normalize-package-bin": "^1.0.1" + "npm-bundled": "^2.0.0", + "npm-normalize-package-bin": "^2.0.0" }, "author": "GitHub Inc.", "license": "ISC", @@ -20,7 +20,7 @@ ], "devDependencies": { "@npmcli/eslint-config": "^3.0.1", - "@npmcli/template-oss": "3.5.0", + "@npmcli/template-oss": "3.6.0", "mutate-fs": "^2.1.1", "tap": "^16.0.1" }, @@ -56,6 +56,6 @@ }, "templateOSS": { "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.", - "version": "3.5.0" + "version": "3.6.0" } } diff --git a/package-lock.json b/package-lock.json index 63159b716e7f1..0b9b5bad640dc 100644 --- a/package-lock.json +++ b/package-lock.json @@ -5498,15 +5498,15 @@ } }, "node_modules/npm-packlist": { - "version": "5.1.1", - "resolved": "https://registry.npmjs.org/npm-packlist/-/npm-packlist-5.1.1.tgz", - "integrity": "sha512-UfpSvQ5YKwctmodvPPkK6Fwk603aoVsf8AEbmVKAEECrfvL8SSe1A2YIwrJ6xmTHAITKPwwZsWo7WwEbNk0kxw==", + "version": "5.1.3", + "resolved": "https://registry.npmjs.org/npm-packlist/-/npm-packlist-5.1.3.tgz", + "integrity": "sha512-263/0NGrn32YFYi4J533qzrQ/krmmrWwhKkzwTuM4f/07ug51odoaNjUexxO4vxlzURHcmYMH1QjvHjsNDKLVg==", "inBundle": true, "dependencies": { "glob": "^8.0.1", "ignore-walk": "^5.0.1", - "npm-bundled": "^1.1.2", - "npm-normalize-package-bin": "^1.0.1" + "npm-bundled": "^2.0.0", + "npm-normalize-package-bin": "^2.0.0" }, "bin": { "npm-packlist": "bin/index.js" @@ -5515,6 +5515,33 @@ "node": "^12.13.0 || ^14.15.0 || >=16.0.0" } }, + "node_modules/npm-packlist/node_modules/npm-bundled": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/npm-bundled/-/npm-bundled-2.0.0.tgz", + "integrity": "sha512-ZnkDgpakv39F6w9D6uZNmmXohXEHW5EC1MDziHvXeLeyBmJ/FpfM1n+v8PkQ2Y1TcNHzuAVTZQIgabkgskR77A==", + "inBundle": true, + "dependencies": { + "npm-normalize-package-bin": "^1.0.1" + }, + "engines": { + "node": "^12.13.0 || ^14.15.0 || >=16.0.0" + } + }, + "node_modules/npm-packlist/node_modules/npm-bundled/node_modules/npm-normalize-package-bin": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/npm-normalize-package-bin/-/npm-normalize-package-bin-1.0.1.tgz", + "integrity": "sha512-EPfafl6JL5/rU+ot6P3gRSCpPDW5VmIzX959Ob1+ySFUuuYHWHekXpwdUZcKP5C+DS4GEtdJluwBjnsNDl+fSA==", + "inBundle": true + }, + "node_modules/npm-packlist/node_modules/npm-normalize-package-bin": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/npm-normalize-package-bin/-/npm-normalize-package-bin-2.0.0.tgz", + "integrity": "sha512-awzfKUO7v0FscrSpRoogyNm0sajikhBWpU0QMrW09AMi9n1PoKU6WaIqUzuJSQnpciZZmJ/jMZ2Egfmb/9LiWQ==", + "inBundle": true, + "engines": { + "node": "^12.13.0 || ^14.15.0 || >=16.0.0" + } + }, "node_modules/npm-pick-manifest": { "version": "7.0.2", "resolved": "https://registry.npmjs.org/npm-pick-manifest/-/npm-pick-manifest-7.0.2.tgz",