diff --git a/node_modules/.gitignore b/node_modules/.gitignore index 3ae7e8b9f1132..380d0b268bf7f 100644 --- a/node_modules/.gitignore +++ b/node_modules/.gitignore @@ -157,22 +157,15 @@ !/npm-packlist !/npm-pick-manifest !/npm-profile -!/npm-profile/node_modules/ -/npm-profile/node_modules/* -!/npm-profile/node_modules/@npmcli/ -/npm-profile/node_modules/@npmcli/* -!/npm-profile/node_modules/@npmcli/redact -!/npm-profile/node_modules/npm-registry-fetch !/npm-registry-fetch +!/npm-registry-fetch/node_modules/ +/npm-registry-fetch/node_modules/* +!/npm-registry-fetch/node_modules/@npmcli/ +/npm-registry-fetch/node_modules/@npmcli/* +!/npm-registry-fetch/node_modules/@npmcli/redact !/npm-user-validate !/p-map !/pacote -!/pacote/node_modules/ -/pacote/node_modules/* -!/pacote/node_modules/@npmcli/ -/pacote/node_modules/@npmcli/* -!/pacote/node_modules/@npmcli/redact -!/pacote/node_modules/npm-registry-fetch !/parse-conflict-json !/path-key !/path-scurry diff --git a/node_modules/npm-profile/node_modules/npm-registry-fetch/LICENSE.md b/node_modules/npm-profile/node_modules/npm-registry-fetch/LICENSE.md deleted file mode 100644 index 5fc208ff122e0..0000000000000 --- a/node_modules/npm-profile/node_modules/npm-registry-fetch/LICENSE.md +++ /dev/null @@ -1,20 +0,0 @@ - - -ISC License - -Copyright npm, Inc. - -Permission to use, copy, modify, and/or distribute this -software for any purpose with or without fee is hereby -granted, provided that the above copyright notice and this -permission notice appear in all copies. - -THE SOFTWARE IS PROVIDED "AS IS" AND NPM DISCLAIMS ALL -WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL -IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO -EVENT SHALL NPM BE LIABLE FOR ANY SPECIAL, DIRECT, -INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, -WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER -TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE -USE OR PERFORMANCE OF THIS SOFTWARE. diff --git a/node_modules/npm-profile/node_modules/npm-registry-fetch/lib/auth.js b/node_modules/npm-profile/node_modules/npm-registry-fetch/lib/auth.js deleted file mode 100644 index 9270025fa8d90..0000000000000 --- a/node_modules/npm-profile/node_modules/npm-registry-fetch/lib/auth.js +++ /dev/null @@ -1,181 +0,0 @@ -'use strict' -const fs = require('fs') -const npa = require('npm-package-arg') -const { URL } = require('url') - -// Find the longest registry key that is used for some kind of auth -// in the options. Returns the registry key and the auth config. -const regFromURI = (uri, opts) => { - const parsed = new URL(uri) - // try to find a config key indicating we have auth for this registry - // can be one of :_authToken, :_auth, :_password and :username, or - // :certfile and :keyfile - // We walk up the "path" until we're left with just //[:], - // stopping when we reach '//'. - let regKey = `//${parsed.host}${parsed.pathname}` - while (regKey.length > '//'.length) { - const authKey = hasAuth(regKey, opts) - // got some auth for this URI - if (authKey) { - return { regKey, authKey } - } - - // can be either //host/some/path/:_auth or //host/some/path:_auth - // walk up by removing EITHER what's after the slash OR the slash itself - regKey = regKey.replace(/([^/]+|\/)$/, '') - } - return { regKey: false, authKey: null } -} - -// Not only do we want to know if there is auth, but if we are calling `npm -// logout` we want to know what config value specifically provided it. This is -// so we can look up where the config came from to delete it (i.e. user vs -// project) -const hasAuth = (regKey, opts) => { - if (opts[`${regKey}:_authToken`]) { - return '_authToken' - } - if (opts[`${regKey}:_auth`]) { - return '_auth' - } - if (opts[`${regKey}:username`] && opts[`${regKey}:_password`]) { - // 'password' can be inferred to also be present - return 'username' - } - if (opts[`${regKey}:certfile`] && opts[`${regKey}:keyfile`]) { - // 'keyfile' can be inferred to also be present - return 'certfile' - } - return false -} - -const sameHost = (a, b) => { - const parsedA = new URL(a) - const parsedB = new URL(b) - return parsedA.host === parsedB.host -} - -const getRegistry = opts => { - const { spec } = opts - const { scope: specScope, subSpec } = spec ? npa(spec) : {} - const subSpecScope = subSpec && subSpec.scope - const scope = subSpec ? subSpecScope : specScope - const scopeReg = scope && opts[`${scope}:registry`] - return scopeReg || opts.registry -} - -const maybeReadFile = file => { - try { - return fs.readFileSync(file, 'utf8') - } catch (er) { - if (er.code !== 'ENOENT') { - throw er - } - return null - } -} - -const getAuth = (uri, opts = {}) => { - const { forceAuth } = opts - if (!uri) { - throw new Error('URI is required') - } - const { regKey, authKey } = regFromURI(uri, forceAuth || opts) - - // we are only allowed to use what's in forceAuth if specified - if (forceAuth && !regKey) { - return new Auth({ - // if we force auth we don't want to refer back to anything in config - regKey: false, - authKey: null, - scopeAuthKey: null, - token: forceAuth._authToken || forceAuth.token, - username: forceAuth.username, - password: forceAuth._password || forceAuth.password, - auth: forceAuth._auth || forceAuth.auth, - certfile: forceAuth.certfile, - keyfile: forceAuth.keyfile, - }) - } - - // no auth for this URI, but might have it for the registry - if (!regKey) { - const registry = getRegistry(opts) - if (registry && uri !== registry && sameHost(uri, registry)) { - return getAuth(registry, opts) - } else if (registry !== opts.registry) { - // If making a tarball request to a different base URI than the - // registry where we logged in, but the same auth SHOULD be sent - // to that artifact host, then we track where it was coming in from, - // and warn the user if we get a 4xx error on it. - const { regKey: scopeAuthKey, authKey: _authKey } = regFromURI(registry, opts) - return new Auth({ scopeAuthKey, regKey: scopeAuthKey, authKey: _authKey }) - } - } - - const { - [`${regKey}:_authToken`]: token, - [`${regKey}:username`]: username, - [`${regKey}:_password`]: password, - [`${regKey}:_auth`]: auth, - [`${regKey}:certfile`]: certfile, - [`${regKey}:keyfile`]: keyfile, - } = opts - - return new Auth({ - scopeAuthKey: null, - regKey, - authKey, - token, - auth, - username, - password, - certfile, - keyfile, - }) -} - -class Auth { - constructor ({ - token, - auth, - username, - password, - scopeAuthKey, - certfile, - keyfile, - regKey, - authKey, - }) { - // same as regKey but only present for scoped auth. Should have been named scopeRegKey - this.scopeAuthKey = scopeAuthKey - // `${regKey}:${authKey}` will get you back to the auth config that gave us auth - this.regKey = regKey - this.authKey = authKey - this.token = null - this.auth = null - this.isBasicAuth = false - this.cert = null - this.key = null - if (token) { - this.token = token - } else if (auth) { - this.auth = auth - } else if (username && password) { - const p = Buffer.from(password, 'base64').toString('utf8') - this.auth = Buffer.from(`${username}:${p}`, 'utf8').toString('base64') - this.isBasicAuth = true - } - // mTLS may be used in conjunction with another auth method above - if (certfile && keyfile) { - const cert = maybeReadFile(certfile, 'utf-8') - const key = maybeReadFile(keyfile, 'utf-8') - if (cert && key) { - this.cert = cert - this.key = key - } - } - } -} - -module.exports = getAuth diff --git a/node_modules/npm-profile/node_modules/npm-registry-fetch/lib/check-response.js b/node_modules/npm-profile/node_modules/npm-registry-fetch/lib/check-response.js deleted file mode 100644 index 65eea2963b0b4..0000000000000 --- a/node_modules/npm-profile/node_modules/npm-registry-fetch/lib/check-response.js +++ /dev/null @@ -1,100 +0,0 @@ -'use strict' - -const errors = require('./errors.js') -const { Response } = require('minipass-fetch') -const defaultOpts = require('./default-opts.js') -const { log } = require('proc-log') -const { redact: cleanUrl } = require('@npmcli/redact') - -/* eslint-disable-next-line max-len */ -const moreInfoUrl = 'https://github.com/npm/cli/wiki/No-auth-for-URI,-but-auth-present-for-scoped-registry' -const checkResponse = - async ({ method, uri, res, startTime, auth, opts }) => { - opts = { ...defaultOpts, ...opts } - if (res.headers.has('npm-notice') && !res.headers.has('x-local-cache')) { - log.notice('', res.headers.get('npm-notice')) - } - - if (res.status >= 400) { - logRequest(method, res, startTime) - if (auth && auth.scopeAuthKey && !auth.token && !auth.auth) { - // we didn't have auth for THIS request, but we do have auth for - // requests to the registry indicated by the spec's scope value. - // Warn the user. - log.warn('registry', `No auth for URI, but auth present for scoped registry. - -URI: ${uri} -Scoped Registry Key: ${auth.scopeAuthKey} - -More info here: ${moreInfoUrl}`) - } - return checkErrors(method, res, startTime, opts) - } else { - res.body.on('end', () => logRequest(method, res, startTime, opts)) - if (opts.ignoreBody) { - res.body.resume() - return new Response(null, res) - } - return res - } - } -module.exports = checkResponse - -function logRequest (method, res, startTime) { - const elapsedTime = Date.now() - startTime - const attempt = res.headers.get('x-fetch-attempts') - const attemptStr = attempt && attempt > 1 ? ` attempt #${attempt}` : '' - const cacheStatus = res.headers.get('x-local-cache-status') - const cacheStr = cacheStatus ? ` (cache ${cacheStatus})` : '' - const urlStr = cleanUrl(res.url) - - log.http( - 'fetch', - `${method.toUpperCase()} ${res.status} ${urlStr} ${elapsedTime}ms${attemptStr}${cacheStr}` - ) -} - -function checkErrors (method, res, startTime, opts) { - return res.buffer() - .catch(() => null) - .then(body => { - let parsed = body - try { - parsed = JSON.parse(body.toString('utf8')) - } catch { - // ignore errors - } - if (res.status === 401 && res.headers.get('www-authenticate')) { - const auth = res.headers.get('www-authenticate') - .split(/,\s*/) - .map(s => s.toLowerCase()) - if (auth.indexOf('ipaddress') !== -1) { - throw new errors.HttpErrorAuthIPAddress( - method, res, parsed, opts.spec - ) - } else if (auth.indexOf('otp') !== -1) { - throw new errors.HttpErrorAuthOTP( - method, res, parsed, opts.spec - ) - } else { - throw new errors.HttpErrorAuthUnknown( - method, res, parsed, opts.spec - ) - } - } else if ( - res.status === 401 && - body != null && - /one-time pass/.test(body.toString('utf8')) - ) { - // Heuristic for malformed OTP responses that don't include the - // www-authenticate header. - throw new errors.HttpErrorAuthOTP( - method, res, parsed, opts.spec - ) - } else { - throw new errors.HttpErrorGeneral( - method, res, parsed, opts.spec - ) - } - }) -} diff --git a/node_modules/npm-profile/node_modules/npm-registry-fetch/lib/default-opts.js b/node_modules/npm-profile/node_modules/npm-registry-fetch/lib/default-opts.js deleted file mode 100644 index f0847f0b507e2..0000000000000 --- a/node_modules/npm-profile/node_modules/npm-registry-fetch/lib/default-opts.js +++ /dev/null @@ -1,19 +0,0 @@ -const pkg = require('../package.json') -module.exports = { - maxSockets: 12, - method: 'GET', - registry: 'https://registry.npmjs.org/', - timeout: 5 * 60 * 1000, // 5 minutes - strictSSL: true, - noProxy: process.env.NOPROXY, - userAgent: `${pkg.name - }@${ - pkg.version - }/node@${ - process.version - }+${ - process.arch - } (${ - process.platform - })`, -} diff --git a/node_modules/npm-profile/node_modules/npm-registry-fetch/lib/errors.js b/node_modules/npm-profile/node_modules/npm-registry-fetch/lib/errors.js deleted file mode 100644 index cf5ddba6f300c..0000000000000 --- a/node_modules/npm-profile/node_modules/npm-registry-fetch/lib/errors.js +++ /dev/null @@ -1,80 +0,0 @@ -'use strict' - -const url = require('url') - -function packageName (href) { - try { - let basePath = new url.URL(href).pathname.slice(1) - if (!basePath.match(/^-/)) { - basePath = basePath.split('/') - var index = basePath.indexOf('_rewrite') - if (index === -1) { - index = basePath.length - 1 - } else { - index++ - } - return decodeURIComponent(basePath[index]) - } - } catch (_) { - // this is ok - } -} - -class HttpErrorBase extends Error { - constructor (method, res, body, spec) { - super() - this.name = this.constructor.name - this.headers = res.headers.raw() - this.statusCode = res.status - this.code = `E${res.status}` - this.method = method - this.uri = res.url - this.body = body - this.pkgid = spec ? spec.toString() : packageName(res.url) - } -} -module.exports.HttpErrorBase = HttpErrorBase - -class HttpErrorGeneral extends HttpErrorBase { - constructor (method, res, body, spec) { - super(method, res, body, spec) - this.message = `${res.status} ${res.statusText} - ${ - this.method.toUpperCase() - } ${ - this.spec || this.uri - }${ - (body && body.error) ? ' - ' + body.error : '' - }` - Error.captureStackTrace(this, HttpErrorGeneral) - } -} -module.exports.HttpErrorGeneral = HttpErrorGeneral - -class HttpErrorAuthOTP extends HttpErrorBase { - constructor (method, res, body, spec) { - super(method, res, body, spec) - this.message = 'OTP required for authentication' - this.code = 'EOTP' - Error.captureStackTrace(this, HttpErrorAuthOTP) - } -} -module.exports.HttpErrorAuthOTP = HttpErrorAuthOTP - -class HttpErrorAuthIPAddress extends HttpErrorBase { - constructor (method, res, body, spec) { - super(method, res, body, spec) - this.message = 'Login is not allowed from your IP address' - this.code = 'EAUTHIP' - Error.captureStackTrace(this, HttpErrorAuthIPAddress) - } -} -module.exports.HttpErrorAuthIPAddress = HttpErrorAuthIPAddress - -class HttpErrorAuthUnknown extends HttpErrorBase { - constructor (method, res, body, spec) { - super(method, res, body, spec) - this.message = 'Unable to authenticate, need: ' + res.headers.get('www-authenticate') - Error.captureStackTrace(this, HttpErrorAuthUnknown) - } -} -module.exports.HttpErrorAuthUnknown = HttpErrorAuthUnknown diff --git a/node_modules/npm-profile/node_modules/npm-registry-fetch/lib/index.js b/node_modules/npm-profile/node_modules/npm-registry-fetch/lib/index.js deleted file mode 100644 index bce6e6b1aae0a..0000000000000 --- a/node_modules/npm-profile/node_modules/npm-registry-fetch/lib/index.js +++ /dev/null @@ -1,247 +0,0 @@ -'use strict' - -const { HttpErrorAuthOTP } = require('./errors.js') -const checkResponse = require('./check-response.js') -const getAuth = require('./auth.js') -const fetch = require('make-fetch-happen') -const JSONStream = require('minipass-json-stream') -const npa = require('npm-package-arg') -const qs = require('querystring') -const url = require('url') -const zlib = require('minizlib') -const { Minipass } = require('minipass') - -const defaultOpts = require('./default-opts.js') - -// WhatWG URL throws if it's not fully resolved -const urlIsValid = u => { - try { - return !!new url.URL(u) - } catch (_) { - return false - } -} - -module.exports = regFetch -function regFetch (uri, /* istanbul ignore next */ opts_ = {}) { - const opts = { - ...defaultOpts, - ...opts_, - } - - // if we did not get a fully qualified URI, then we look at the registry - // config or relevant scope to resolve it. - const uriValid = urlIsValid(uri) - let registry = opts.registry || defaultOpts.registry - if (!uriValid) { - registry = opts.registry = ( - (opts.spec && pickRegistry(opts.spec, opts)) || - opts.registry || - registry - ) - uri = `${ - registry.trim().replace(/\/?$/g, '') - }/${ - uri.trim().replace(/^\//, '') - }` - // asserts that this is now valid - new url.URL(uri) - } - - const method = opts.method || 'GET' - - // through that takes into account the scope, the prefix of `uri`, etc - const startTime = Date.now() - const auth = getAuth(uri, opts) - const headers = getHeaders(uri, auth, opts) - let body = opts.body - const bodyIsStream = Minipass.isStream(body) - const bodyIsPromise = body && - typeof body === 'object' && - typeof body.then === 'function' - - if ( - body && !bodyIsStream && !bodyIsPromise && typeof body !== 'string' && !Buffer.isBuffer(body) - ) { - headers['content-type'] = headers['content-type'] || 'application/json' - body = JSON.stringify(body) - } else if (body && !headers['content-type']) { - headers['content-type'] = 'application/octet-stream' - } - - if (opts.gzip) { - headers['content-encoding'] = 'gzip' - if (bodyIsStream) { - const gz = new zlib.Gzip() - body.on('error', /* istanbul ignore next: unlikely and hard to test */ - err => gz.emit('error', err)) - body = body.pipe(gz) - } else if (!bodyIsPromise) { - body = new zlib.Gzip().end(body).concat() - } - } - - const parsed = new url.URL(uri) - - if (opts.query) { - const q = typeof opts.query === 'string' ? qs.parse(opts.query) - : opts.query - - Object.keys(q).forEach(key => { - if (q[key] !== undefined) { - parsed.searchParams.set(key, q[key]) - } - }) - uri = url.format(parsed) - } - - if (parsed.searchParams.get('write') === 'true' && method === 'GET') { - // do not cache, because this GET is fetching a rev that will be - // used for a subsequent PUT or DELETE, so we need to conditionally - // update cache. - opts.offline = false - opts.preferOffline = false - opts.preferOnline = true - } - - const doFetch = async fetchBody => { - const p = fetch(uri, { - agent: opts.agent, - algorithms: opts.algorithms, - body: fetchBody, - cache: getCacheMode(opts), - cachePath: opts.cache, - ca: opts.ca, - cert: auth.cert || opts.cert, - headers, - integrity: opts.integrity, - key: auth.key || opts.key, - localAddress: opts.localAddress, - maxSockets: opts.maxSockets, - memoize: opts.memoize, - method: method, - noProxy: opts.noProxy, - proxy: opts.httpsProxy || opts.proxy, - retry: opts.retry ? opts.retry : { - retries: opts.fetchRetries, - factor: opts.fetchRetryFactor, - minTimeout: opts.fetchRetryMintimeout, - maxTimeout: opts.fetchRetryMaxtimeout, - }, - strictSSL: opts.strictSSL, - timeout: opts.timeout || 30 * 1000, - }).then(res => checkResponse({ - method, - uri, - res, - registry, - startTime, - auth, - opts, - })) - - if (typeof opts.otpPrompt === 'function') { - return p.catch(async er => { - if (er instanceof HttpErrorAuthOTP) { - let otp - // if otp fails to complete, we fail with that failure - try { - otp = await opts.otpPrompt() - } catch (_) { - // ignore this error - } - // if no otp provided, or otpPrompt errored, throw the original HTTP error - if (!otp) { - throw er - } - return regFetch(uri, { ...opts, otp }) - } - throw er - }) - } else { - return p - } - } - - return Promise.resolve(body).then(doFetch) -} - -module.exports.getAuth = getAuth - -module.exports.json = fetchJSON -function fetchJSON (uri, opts) { - return regFetch(uri, opts).then(res => res.json()) -} - -module.exports.json.stream = fetchJSONStream -function fetchJSONStream (uri, jsonPath, - /* istanbul ignore next */ opts_ = {}) { - const opts = { ...defaultOpts, ...opts_ } - const parser = JSONStream.parse(jsonPath, opts.mapJSON) - regFetch(uri, opts).then(res => - res.body.on('error', - /* istanbul ignore next: unlikely and difficult to test */ - er => parser.emit('error', er)).pipe(parser) - ).catch(er => parser.emit('error', er)) - return parser -} - -module.exports.pickRegistry = pickRegistry -function pickRegistry (spec, opts = {}) { - spec = npa(spec) - let registry = spec.scope && - opts[spec.scope.replace(/^@?/, '@') + ':registry'] - - if (!registry && opts.scope) { - registry = opts[opts.scope.replace(/^@?/, '@') + ':registry'] - } - - if (!registry) { - registry = opts.registry || defaultOpts.registry - } - - return registry -} - -function getCacheMode (opts) { - return opts.offline ? 'only-if-cached' - : opts.preferOffline ? 'force-cache' - : opts.preferOnline ? 'no-cache' - : 'default' -} - -function getHeaders (uri, auth, opts) { - const headers = Object.assign({ - 'user-agent': opts.userAgent, - }, opts.headers || {}) - - if (opts.authType) { - headers['npm-auth-type'] = opts.authType - } - - if (opts.scope) { - headers['npm-scope'] = opts.scope - } - - if (opts.npmSession) { - headers['npm-session'] = opts.npmSession - } - - if (opts.npmCommand) { - headers['npm-command'] = opts.npmCommand - } - - // If a tarball is hosted on a different place than the manifest, only send - // credentials on `alwaysAuth` - if (auth.token) { - headers.authorization = `Bearer ${auth.token}` - } else if (auth.auth) { - headers.authorization = `Basic ${auth.auth}` - } - - if (opts.otp) { - headers['npm-otp'] = opts.otp - } - - return headers -} diff --git a/node_modules/npm-profile/node_modules/npm-registry-fetch/package.json b/node_modules/npm-profile/node_modules/npm-registry-fetch/package.json deleted file mode 100644 index 52820a6a206ec..0000000000000 --- a/node_modules/npm-profile/node_modules/npm-registry-fetch/package.json +++ /dev/null @@ -1,68 +0,0 @@ -{ - "name": "npm-registry-fetch", - "version": "17.0.0", - "description": "Fetch-based http client for use with npm registry APIs", - "main": "lib", - "files": [ - "bin/", - "lib/" - ], - "scripts": { - "eslint": "eslint", - "lint": "eslint \"**/*.{js,cjs,ts,mjs,jsx,tsx}\"", - "lintfix": "npm run lint -- --fix", - "test": "tap", - "posttest": "npm run lint", - "npmclilint": "npmcli-lint", - "postsnap": "npm run lintfix --", - "postlint": "template-oss-check", - "snap": "tap", - "template-oss-apply": "template-oss-apply --force" - }, - "repository": { - "type": "git", - "url": "https://github.com/npm/npm-registry-fetch.git" - }, - "keywords": [ - "npm", - "registry", - "fetch" - ], - "author": "GitHub Inc.", - "license": "ISC", - "dependencies": { - "@npmcli/redact": "^2.0.0", - "make-fetch-happen": "^13.0.0", - "minipass": "^7.0.2", - "minipass-fetch": "^3.0.0", - "minipass-json-stream": "^1.0.1", - "minizlib": "^2.1.2", - "npm-package-arg": "^11.0.0", - "proc-log": "^4.0.0" - }, - "devDependencies": { - "@npmcli/eslint-config": "^4.0.0", - "@npmcli/template-oss": "4.21.4", - "cacache": "^18.0.0", - "nock": "^13.2.4", - "require-inject": "^1.4.4", - "ssri": "^10.0.0", - "tap": "^16.0.1" - }, - "tap": { - "check-coverage": true, - "test-ignore": "test[\\\\/](util|cache)[\\\\/]", - "nyc-arg": [ - "--exclude", - "tap-snapshots/**" - ] - }, - "engines": { - "node": "^16.14.0 || >=18.0.0" - }, - "templateOSS": { - "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.", - "version": "4.21.4", - "publish": "true" - } -} diff --git a/node_modules/npm-registry-fetch/lib/index.js b/node_modules/npm-registry-fetch/lib/index.js index 1d77a77024bf5..bce6e6b1aae0a 100644 --- a/node_modules/npm-registry-fetch/lib/index.js +++ b/node_modules/npm-registry-fetch/lib/index.js @@ -10,7 +10,6 @@ const qs = require('querystring') const url = require('url') const zlib = require('minizlib') const { Minipass } = require('minipass') -const { redact: cleanUrl } = require('@npmcli/redact') const defaultOpts = require('./default-opts.js') @@ -246,7 +245,3 @@ function getHeaders (uri, auth, opts) { return headers } - -// export cleanUrl to avoid a breaking change -// TODO: next semver major remove this. Consumers should use @npmcli/redact instead -module.exports.cleanUrl = cleanUrl diff --git a/node_modules/npm-profile/node_modules/@npmcli/redact/LICENSE b/node_modules/npm-registry-fetch/node_modules/@npmcli/redact/LICENSE similarity index 100% rename from node_modules/npm-profile/node_modules/@npmcli/redact/LICENSE rename to node_modules/npm-registry-fetch/node_modules/@npmcli/redact/LICENSE diff --git a/node_modules/npm-profile/node_modules/@npmcli/redact/lib/deep-map.js b/node_modules/npm-registry-fetch/node_modules/@npmcli/redact/lib/deep-map.js similarity index 100% rename from node_modules/npm-profile/node_modules/@npmcli/redact/lib/deep-map.js rename to node_modules/npm-registry-fetch/node_modules/@npmcli/redact/lib/deep-map.js diff --git a/node_modules/npm-profile/node_modules/@npmcli/redact/lib/index.js b/node_modules/npm-registry-fetch/node_modules/@npmcli/redact/lib/index.js similarity index 100% rename from node_modules/npm-profile/node_modules/@npmcli/redact/lib/index.js rename to node_modules/npm-registry-fetch/node_modules/@npmcli/redact/lib/index.js diff --git a/node_modules/npm-profile/node_modules/@npmcli/redact/lib/matchers.js b/node_modules/npm-registry-fetch/node_modules/@npmcli/redact/lib/matchers.js similarity index 100% rename from node_modules/npm-profile/node_modules/@npmcli/redact/lib/matchers.js rename to node_modules/npm-registry-fetch/node_modules/@npmcli/redact/lib/matchers.js diff --git a/node_modules/npm-profile/node_modules/@npmcli/redact/lib/server.js b/node_modules/npm-registry-fetch/node_modules/@npmcli/redact/lib/server.js similarity index 100% rename from node_modules/npm-profile/node_modules/@npmcli/redact/lib/server.js rename to node_modules/npm-registry-fetch/node_modules/@npmcli/redact/lib/server.js diff --git a/node_modules/npm-profile/node_modules/@npmcli/redact/lib/utils.js b/node_modules/npm-registry-fetch/node_modules/@npmcli/redact/lib/utils.js similarity index 100% rename from node_modules/npm-profile/node_modules/@npmcli/redact/lib/utils.js rename to node_modules/npm-registry-fetch/node_modules/@npmcli/redact/lib/utils.js diff --git a/node_modules/npm-profile/node_modules/@npmcli/redact/package.json b/node_modules/npm-registry-fetch/node_modules/@npmcli/redact/package.json similarity index 100% rename from node_modules/npm-profile/node_modules/@npmcli/redact/package.json rename to node_modules/npm-registry-fetch/node_modules/@npmcli/redact/package.json diff --git a/node_modules/npm-registry-fetch/package.json b/node_modules/npm-registry-fetch/package.json index 4e450868a77f7..52820a6a206ec 100644 --- a/node_modules/npm-registry-fetch/package.json +++ b/node_modules/npm-registry-fetch/package.json @@ -1,6 +1,6 @@ { "name": "npm-registry-fetch", - "version": "16.2.1", + "version": "17.0.0", "description": "Fetch-based http client for use with npm registry APIs", "main": "lib", "files": [ @@ -31,7 +31,7 @@ "author": "GitHub Inc.", "license": "ISC", "dependencies": { - "@npmcli/redact": "^1.1.0", + "@npmcli/redact": "^2.0.0", "make-fetch-happen": "^13.0.0", "minipass": "^7.0.2", "minipass-fetch": "^3.0.0", @@ -42,7 +42,7 @@ }, "devDependencies": { "@npmcli/eslint-config": "^4.0.0", - "@npmcli/template-oss": "4.21.3", + "@npmcli/template-oss": "4.21.4", "cacache": "^18.0.0", "nock": "^13.2.4", "require-inject": "^1.4.4", @@ -62,7 +62,7 @@ }, "templateOSS": { "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.", - "version": "4.21.3", + "version": "4.21.4", "publish": "true" } } diff --git a/node_modules/pacote/node_modules/@npmcli/redact/LICENSE b/node_modules/pacote/node_modules/@npmcli/redact/LICENSE deleted file mode 100644 index c21644115c85d..0000000000000 --- a/node_modules/pacote/node_modules/@npmcli/redact/LICENSE +++ /dev/null @@ -1,21 +0,0 @@ -MIT License - -Copyright (c) 2024 npm - -Permission is hereby granted, free of charge, to any person obtaining a copy -of this software and associated documentation files (the "Software"), to deal -in the Software without restriction, including without limitation the rights -to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -copies of the Software, and to permit persons to whom the Software is -furnished to do so, subject to the following conditions: - -The above copyright notice and this permission notice shall be included in all -copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -SOFTWARE. diff --git a/node_modules/pacote/node_modules/@npmcli/redact/lib/deep-map.js b/node_modules/pacote/node_modules/@npmcli/redact/lib/deep-map.js deleted file mode 100644 index ad042dbdfc534..0000000000000 --- a/node_modules/pacote/node_modules/@npmcli/redact/lib/deep-map.js +++ /dev/null @@ -1,59 +0,0 @@ -const deepMap = (input, handler = v => v, path = ['$'], seen = new Set([input])) => { - if (Array.isArray(input)) { - const result = [] - for (let i = 0; i < input.length; i++) { - const element = input[i] - const elementPath = [...path, i] - if (element instanceof Object) { - if (!seen.has(element)) { // avoid getting stuck in circular reference - seen.add(element) - result.push(deepMap(handler(element, elementPath), handler, elementPath, seen)) - } - } else { - result.push(handler(element, elementPath)) - } - } - return result - } - - if (input === null) { - return null - } else if (typeof input === 'object' || typeof input === 'function') { - const result = {} - - if (input instanceof Error) { - // `name` property is not included in `Object.getOwnPropertyNames(error)` - result.errorType = input.name - } - - for (const propertyName of Object.getOwnPropertyNames(input)) { - // skip logging internal properties - if (propertyName.startsWith('_')) { - continue - } - - try { - const property = input[propertyName] - const propertyPath = [...path, propertyName] - if (property instanceof Object) { - if (!seen.has(property)) { // avoid getting stuck in circular reference - seen.add(property) - result[propertyName] = deepMap( - handler(property, propertyPath), handler, propertyPath, seen - ) - } - } else { - result[propertyName] = handler(property, propertyPath) - } - } catch (err) { - // a getter may throw an error - result[propertyName] = `[error getting value: ${err.message}]` - } - } - return result - } - - return handler(input, path) -} - -module.exports = { deepMap } diff --git a/node_modules/pacote/node_modules/@npmcli/redact/lib/index.js b/node_modules/pacote/node_modules/@npmcli/redact/lib/index.js deleted file mode 100644 index 9b10c7f6a0081..0000000000000 --- a/node_modules/pacote/node_modules/@npmcli/redact/lib/index.js +++ /dev/null @@ -1,44 +0,0 @@ -const matchers = require('./matchers') -const { redactUrlPassword } = require('./utils') - -const REPLACE = '***' - -const redact = (value) => { - if (typeof value !== 'string' || !value) { - return value - } - return redactUrlPassword(value, REPLACE) - .replace(matchers.NPM_SECRET.pattern, `npm_${REPLACE}`) - .replace(matchers.UUID.pattern, REPLACE) -} - -// split on \s|= similar to how nopt parses options -const splitAndRedact = (str) => { - // stateful regex, don't move out of this scope - const splitChars = /[\s=]/g - - let match = null - let result = '' - let index = 0 - while (match = splitChars.exec(str)) { - result += redact(str.slice(index, match.index)) + match[0] - index = splitChars.lastIndex - } - - return result + redact(str.slice(index)) -} - -// replaces auth info in an array of arguments or in a strings -const redactLog = (arg) => { - if (typeof arg === 'string') { - return splitAndRedact(arg) - } else if (Array.isArray(arg)) { - return arg.map((a) => typeof a === 'string' ? splitAndRedact(a) : a) - } - return arg -} - -module.exports = { - redact, - redactLog, -} diff --git a/node_modules/pacote/node_modules/@npmcli/redact/lib/matchers.js b/node_modules/pacote/node_modules/@npmcli/redact/lib/matchers.js deleted file mode 100644 index fe9b9071de8a1..0000000000000 --- a/node_modules/pacote/node_modules/@npmcli/redact/lib/matchers.js +++ /dev/null @@ -1,81 +0,0 @@ -const TYPE_REGEX = 'regex' -const TYPE_URL = 'url' -const TYPE_PATH = 'path' - -const NPM_SECRET = { - type: TYPE_REGEX, - pattern: /\b(npms?_)[a-zA-Z0-9]{36,48}\b/gi, - replacement: `[REDACTED_NPM_SECRET]`, -} - -const AUTH_HEADER = { - type: TYPE_REGEX, - pattern: /\b(Basic\s+|Bearer\s+)[\w+=\-.]+\b/gi, - replacement: `[REDACTED_AUTH_HEADER]`, -} - -const JSON_WEB_TOKEN = { - type: TYPE_REGEX, - pattern: /\b[A-Za-z0-9-_]{10,}(?!\.\d+\.)\.[A-Za-z0-9-_]{3,}\.[A-Za-z0-9-_]{20,}\b/gi, - replacement: `[REDACTED_JSON_WEB_TOKEN]`, -} - -const UUID = { - type: TYPE_REGEX, - pattern: /\b[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}\b/gi, - replacement: `[REDACTED_UUID]`, -} - -const URL_MATCHER = { - type: TYPE_REGEX, - pattern: /(?:https?|ftp):\/\/[^\s/"$.?#].[^\s"]*/gi, - replacement: '[REDACTED_URL]', -} - -const DEEP_HEADER_AUTHORIZATION = { - type: TYPE_PATH, - predicate: ({ path }) => path.endsWith('.headers.authorization'), - replacement: '[REDACTED_HEADER_AUTHORIZATION]', -} - -const DEEP_HEADER_SET_COOKIE = { - type: TYPE_PATH, - predicate: ({ path }) => path.endsWith('.headers.set-cookie'), - replacement: '[REDACTED_HEADER_SET_COOKIE]', -} - -const REWRITE_REQUEST = { - type: TYPE_PATH, - predicate: ({ path }) => path.endsWith('.request'), - replacement: (input) => ({ - method: input?.method, - path: input?.path, - headers: input?.headers, - url: input?.url, - }), -} - -const REWRITE_RESPONSE = { - type: TYPE_PATH, - predicate: ({ path }) => path.endsWith('.response'), - replacement: (input) => ({ - data: input?.data, - status: input?.status, - headers: input?.headers, - }), -} - -module.exports = { - TYPE_REGEX, - TYPE_URL, - TYPE_PATH, - NPM_SECRET, - AUTH_HEADER, - JSON_WEB_TOKEN, - UUID, - URL_MATCHER, - DEEP_HEADER_AUTHORIZATION, - DEEP_HEADER_SET_COOKIE, - REWRITE_REQUEST, - REWRITE_RESPONSE, -} diff --git a/node_modules/pacote/node_modules/@npmcli/redact/lib/server.js b/node_modules/pacote/node_modules/@npmcli/redact/lib/server.js deleted file mode 100644 index 669e834da6131..0000000000000 --- a/node_modules/pacote/node_modules/@npmcli/redact/lib/server.js +++ /dev/null @@ -1,34 +0,0 @@ -const { - AUTH_HEADER, - JSON_WEB_TOKEN, - NPM_SECRET, - DEEP_HEADER_AUTHORIZATION, - DEEP_HEADER_SET_COOKIE, - REWRITE_REQUEST, - REWRITE_RESPONSE, -} = require('./matchers') - -const { - redactUrlMatcher, - redactUrlPasswordMatcher, - redactMatchers, -} = require('./utils') - -const { deepMap } = require('./deep-map') - -const _redact = redactMatchers( - NPM_SECRET, - AUTH_HEADER, - JSON_WEB_TOKEN, - DEEP_HEADER_AUTHORIZATION, - DEEP_HEADER_SET_COOKIE, - REWRITE_REQUEST, - REWRITE_RESPONSE, - redactUrlMatcher( - redactUrlPasswordMatcher() - ) -) - -const redact = (input) => deepMap(input, (value, path) => _redact(value, { path })) - -module.exports = { redact } diff --git a/node_modules/pacote/node_modules/@npmcli/redact/lib/utils.js b/node_modules/pacote/node_modules/@npmcli/redact/lib/utils.js deleted file mode 100644 index 8395ab25fc373..0000000000000 --- a/node_modules/pacote/node_modules/@npmcli/redact/lib/utils.js +++ /dev/null @@ -1,202 +0,0 @@ -const { - URL_MATCHER, - TYPE_URL, - TYPE_REGEX, - TYPE_PATH, -} = require('./matchers') - -/** - * creates a string of asterisks, - * this forces a minimum asterisk for security purposes - */ -const asterisk = (length = 0) => { - length = typeof length === 'string' ? length.length : length - if (length < 8) { - return '*'.repeat(8) - } - return '*'.repeat(length) -} - -/** - * escapes all special regex chars - * @see https://stackoverflow.com/a/9310752 - * @see https://github.com/tc39/proposal-regex-escaping - */ -const escapeRegExp = (text) => { - return text.replace(/[-[\]{}()*+?.,\\^$|#\s]/g, `\\$&`) -} - -/** - * provieds a regex "or" of the url versions of a string - */ -const urlEncodeRegexGroup = (value) => { - const decoded = decodeURIComponent(value) - const encoded = encodeURIComponent(value) - const union = [...new Set([encoded, decoded, value])].map(escapeRegExp).join('|') - return union -} - -/** - * a tagged template literal that returns a regex ensures all variables are excaped - */ -const urlEncodeRegexTag = (strings, ...values) => { - let pattern = '' - for (let i = 0; i < values.length; i++) { - pattern += strings[i] + `(${urlEncodeRegexGroup(values[i])})` - } - pattern += strings[strings.length - 1] - return new RegExp(pattern) -} - -/** - * creates a matcher for redacting url hostname - */ -const redactUrlHostnameMatcher = ({ hostname, replacement } = {}) => ({ - type: TYPE_URL, - predicate: ({ url }) => url.hostname === hostname, - pattern: ({ url }) => { - return urlEncodeRegexTag`(^${url.protocol}//${url.username}:.+@)?${url.hostname}` - }, - replacement: `$1${replacement || asterisk()}`, -}) - -/** - * creates a matcher for redacting url search / query parameter values - */ -const redactUrlSearchParamsMatcher = ({ param, replacement } = {}) => ({ - type: TYPE_URL, - predicate: ({ url }) => url.searchParams.has(param), - pattern: ({ url }) => urlEncodeRegexTag`(${param}=)${url.searchParams.get(param)}`, - replacement: `$1${replacement || asterisk()}`, -}) - -/** creates a matcher for redacting the url password */ -const redactUrlPasswordMatcher = ({ replacement } = {}) => ({ - type: TYPE_URL, - predicate: ({ url }) => url.password, - pattern: ({ url }) => urlEncodeRegexTag`(^${url.protocol}//${url.username}:)${url.password}`, - replacement: `$1${replacement || asterisk()}`, -}) - -const redactUrlReplacement = (...matchers) => (subValue) => { - try { - const url = new URL(subValue) - return redactMatchers(...matchers)(subValue, { url }) - } catch (err) { - return subValue - } -} - -/** - * creates a matcher / submatcher for urls, this function allows you to first - * collect all urls within a larger string and then pass those urls to a - * submatcher - * - * @example - * console.log("this will first match all urls, then pass those urls to the password patcher") - * redactMatchers(redactUrlMatcher(redactUrlPasswordMatcher())) - * - * @example - * console.log( - * "this will assume you are passing in a string that is a url, and will redact the password" - * ) - * redactMatchers(redactUrlPasswordMatcher()) - * - */ -const redactUrlMatcher = (...matchers) => { - return { - ...URL_MATCHER, - replacement: redactUrlReplacement(...matchers), - } -} - -const matcherFunctions = { - [TYPE_REGEX]: (matcher) => (value) => { - if (typeof value === 'string') { - value = value.replace(matcher.pattern, matcher.replacement) - } - return value - }, - [TYPE_URL]: (matcher) => (value, ctx) => { - if (typeof value === 'string') { - try { - const url = ctx?.url || new URL(value) - const { predicate, pattern } = matcher - const predicateValue = predicate({ url }) - if (predicateValue) { - value = value.replace(pattern({ url }), matcher.replacement) - } - } catch (_e) { - return value - } - } - return value - }, - [TYPE_PATH]: (matcher) => (value, ctx) => { - const rawPath = ctx?.path - const path = rawPath.join('.').toLowerCase() - const { predicate, replacement } = matcher - const replace = typeof replacement === 'function' ? replacement : () => replacement - const shouldRun = predicate({ rawPath, path }) - if (shouldRun) { - value = replace(value, { rawPath, path }) - } - return value - }, -} - -/** converts a matcher to a function */ -const redactMatcher = (matcher) => { - return matcherFunctions[matcher.type](matcher) -} - -/** converts a series of matchers to a function */ -const redactMatchers = (...matchers) => (value, ctx) => { - const flatMatchers = matchers.flat() - return flatMatchers.reduce((result, matcher) => { - const fn = (typeof matcher === 'function') ? matcher : redactMatcher(matcher) - return fn(result, ctx) - }, value) -} - -/** - * replacement handler, keeping $1 (if it exists) and replacing the - * rest of the string with asterisks, maintaining string length - */ -const redactDynamicReplacement = () => (value, start) => { - if (typeof start === 'number') { - return asterisk(value) - } - return start + asterisk(value.substring(start.length).length) -} - -/** - * replacement handler, keeping $1 (if it exists) and replacing the - * rest of the string with a fixed number of asterisks - */ -const redactFixedReplacement = (length) => (_value, start) => { - if (typeof start === 'number') { - return asterisk(length) - } - return start + asterisk(length) -} - -const redactUrlPassword = (value, replacement) => { - return redactMatchers(redactUrlPasswordMatcher({ replacement }))(value) -} - -module.exports = { - asterisk, - escapeRegExp, - urlEncodeRegexGroup, - urlEncodeRegexTag, - redactUrlHostnameMatcher, - redactUrlSearchParamsMatcher, - redactUrlPasswordMatcher, - redactUrlMatcher, - redactUrlReplacement, - redactDynamicReplacement, - redactFixedReplacement, - redactMatchers, - redactUrlPassword, -} diff --git a/node_modules/pacote/node_modules/@npmcli/redact/package.json b/node_modules/pacote/node_modules/@npmcli/redact/package.json deleted file mode 100644 index 2bcee9ea0884b..0000000000000 --- a/node_modules/pacote/node_modules/@npmcli/redact/package.json +++ /dev/null @@ -1,51 +0,0 @@ -{ - "name": "@npmcli/redact", - "version": "2.0.0", - "description": "Redact sensitive npm information from output", - "main": "lib/index.js", - "exports": { - ".": "./lib/index.js", - "./server": "./lib/server.js", - "./package.json": "./package.json" - }, - "scripts": { - "test": "tap", - "lint": "eslint \"**/*.{js,cjs,ts,mjs,jsx,tsx}\"", - "postlint": "template-oss-check", - "template-oss-apply": "template-oss-apply --force", - "lintfix": "npm run lint -- --fix", - "snap": "tap", - "posttest": "npm run lint" - }, - "keywords": [], - "author": "GitHub Inc.", - "license": "ISC", - "files": [ - "bin/", - "lib/" - ], - "repository": { - "type": "git", - "url": "https://github.com/npm/redact.git" - }, - "templateOSS": { - "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.", - "version": "4.21.3", - "publish": true - }, - "tap": { - "nyc-arg": [ - "--exclude", - "tap-snapshots/**" - ], - "timeout": 120 - }, - "devDependencies": { - "@npmcli/eslint-config": "^4.0.2", - "@npmcli/template-oss": "4.21.3", - "tap": "^16.3.10" - }, - "engines": { - "node": "^16.14.0 || >=18.0.0" - } -} diff --git a/node_modules/pacote/node_modules/npm-registry-fetch/LICENSE.md b/node_modules/pacote/node_modules/npm-registry-fetch/LICENSE.md deleted file mode 100644 index 5fc208ff122e0..0000000000000 --- a/node_modules/pacote/node_modules/npm-registry-fetch/LICENSE.md +++ /dev/null @@ -1,20 +0,0 @@ - - -ISC License - -Copyright npm, Inc. - -Permission to use, copy, modify, and/or distribute this -software for any purpose with or without fee is hereby -granted, provided that the above copyright notice and this -permission notice appear in all copies. - -THE SOFTWARE IS PROVIDED "AS IS" AND NPM DISCLAIMS ALL -WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL -IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO -EVENT SHALL NPM BE LIABLE FOR ANY SPECIAL, DIRECT, -INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, -WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER -TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE -USE OR PERFORMANCE OF THIS SOFTWARE. diff --git a/node_modules/pacote/node_modules/npm-registry-fetch/lib/auth.js b/node_modules/pacote/node_modules/npm-registry-fetch/lib/auth.js deleted file mode 100644 index 9270025fa8d90..0000000000000 --- a/node_modules/pacote/node_modules/npm-registry-fetch/lib/auth.js +++ /dev/null @@ -1,181 +0,0 @@ -'use strict' -const fs = require('fs') -const npa = require('npm-package-arg') -const { URL } = require('url') - -// Find the longest registry key that is used for some kind of auth -// in the options. Returns the registry key and the auth config. -const regFromURI = (uri, opts) => { - const parsed = new URL(uri) - // try to find a config key indicating we have auth for this registry - // can be one of :_authToken, :_auth, :_password and :username, or - // :certfile and :keyfile - // We walk up the "path" until we're left with just //[:], - // stopping when we reach '//'. - let regKey = `//${parsed.host}${parsed.pathname}` - while (regKey.length > '//'.length) { - const authKey = hasAuth(regKey, opts) - // got some auth for this URI - if (authKey) { - return { regKey, authKey } - } - - // can be either //host/some/path/:_auth or //host/some/path:_auth - // walk up by removing EITHER what's after the slash OR the slash itself - regKey = regKey.replace(/([^/]+|\/)$/, '') - } - return { regKey: false, authKey: null } -} - -// Not only do we want to know if there is auth, but if we are calling `npm -// logout` we want to know what config value specifically provided it. This is -// so we can look up where the config came from to delete it (i.e. user vs -// project) -const hasAuth = (regKey, opts) => { - if (opts[`${regKey}:_authToken`]) { - return '_authToken' - } - if (opts[`${regKey}:_auth`]) { - return '_auth' - } - if (opts[`${regKey}:username`] && opts[`${regKey}:_password`]) { - // 'password' can be inferred to also be present - return 'username' - } - if (opts[`${regKey}:certfile`] && opts[`${regKey}:keyfile`]) { - // 'keyfile' can be inferred to also be present - return 'certfile' - } - return false -} - -const sameHost = (a, b) => { - const parsedA = new URL(a) - const parsedB = new URL(b) - return parsedA.host === parsedB.host -} - -const getRegistry = opts => { - const { spec } = opts - const { scope: specScope, subSpec } = spec ? npa(spec) : {} - const subSpecScope = subSpec && subSpec.scope - const scope = subSpec ? subSpecScope : specScope - const scopeReg = scope && opts[`${scope}:registry`] - return scopeReg || opts.registry -} - -const maybeReadFile = file => { - try { - return fs.readFileSync(file, 'utf8') - } catch (er) { - if (er.code !== 'ENOENT') { - throw er - } - return null - } -} - -const getAuth = (uri, opts = {}) => { - const { forceAuth } = opts - if (!uri) { - throw new Error('URI is required') - } - const { regKey, authKey } = regFromURI(uri, forceAuth || opts) - - // we are only allowed to use what's in forceAuth if specified - if (forceAuth && !regKey) { - return new Auth({ - // if we force auth we don't want to refer back to anything in config - regKey: false, - authKey: null, - scopeAuthKey: null, - token: forceAuth._authToken || forceAuth.token, - username: forceAuth.username, - password: forceAuth._password || forceAuth.password, - auth: forceAuth._auth || forceAuth.auth, - certfile: forceAuth.certfile, - keyfile: forceAuth.keyfile, - }) - } - - // no auth for this URI, but might have it for the registry - if (!regKey) { - const registry = getRegistry(opts) - if (registry && uri !== registry && sameHost(uri, registry)) { - return getAuth(registry, opts) - } else if (registry !== opts.registry) { - // If making a tarball request to a different base URI than the - // registry where we logged in, but the same auth SHOULD be sent - // to that artifact host, then we track where it was coming in from, - // and warn the user if we get a 4xx error on it. - const { regKey: scopeAuthKey, authKey: _authKey } = regFromURI(registry, opts) - return new Auth({ scopeAuthKey, regKey: scopeAuthKey, authKey: _authKey }) - } - } - - const { - [`${regKey}:_authToken`]: token, - [`${regKey}:username`]: username, - [`${regKey}:_password`]: password, - [`${regKey}:_auth`]: auth, - [`${regKey}:certfile`]: certfile, - [`${regKey}:keyfile`]: keyfile, - } = opts - - return new Auth({ - scopeAuthKey: null, - regKey, - authKey, - token, - auth, - username, - password, - certfile, - keyfile, - }) -} - -class Auth { - constructor ({ - token, - auth, - username, - password, - scopeAuthKey, - certfile, - keyfile, - regKey, - authKey, - }) { - // same as regKey but only present for scoped auth. Should have been named scopeRegKey - this.scopeAuthKey = scopeAuthKey - // `${regKey}:${authKey}` will get you back to the auth config that gave us auth - this.regKey = regKey - this.authKey = authKey - this.token = null - this.auth = null - this.isBasicAuth = false - this.cert = null - this.key = null - if (token) { - this.token = token - } else if (auth) { - this.auth = auth - } else if (username && password) { - const p = Buffer.from(password, 'base64').toString('utf8') - this.auth = Buffer.from(`${username}:${p}`, 'utf8').toString('base64') - this.isBasicAuth = true - } - // mTLS may be used in conjunction with another auth method above - if (certfile && keyfile) { - const cert = maybeReadFile(certfile, 'utf-8') - const key = maybeReadFile(keyfile, 'utf-8') - if (cert && key) { - this.cert = cert - this.key = key - } - } - } -} - -module.exports = getAuth diff --git a/node_modules/pacote/node_modules/npm-registry-fetch/lib/check-response.js b/node_modules/pacote/node_modules/npm-registry-fetch/lib/check-response.js deleted file mode 100644 index 65eea2963b0b4..0000000000000 --- a/node_modules/pacote/node_modules/npm-registry-fetch/lib/check-response.js +++ /dev/null @@ -1,100 +0,0 @@ -'use strict' - -const errors = require('./errors.js') -const { Response } = require('minipass-fetch') -const defaultOpts = require('./default-opts.js') -const { log } = require('proc-log') -const { redact: cleanUrl } = require('@npmcli/redact') - -/* eslint-disable-next-line max-len */ -const moreInfoUrl = 'https://github.com/npm/cli/wiki/No-auth-for-URI,-but-auth-present-for-scoped-registry' -const checkResponse = - async ({ method, uri, res, startTime, auth, opts }) => { - opts = { ...defaultOpts, ...opts } - if (res.headers.has('npm-notice') && !res.headers.has('x-local-cache')) { - log.notice('', res.headers.get('npm-notice')) - } - - if (res.status >= 400) { - logRequest(method, res, startTime) - if (auth && auth.scopeAuthKey && !auth.token && !auth.auth) { - // we didn't have auth for THIS request, but we do have auth for - // requests to the registry indicated by the spec's scope value. - // Warn the user. - log.warn('registry', `No auth for URI, but auth present for scoped registry. - -URI: ${uri} -Scoped Registry Key: ${auth.scopeAuthKey} - -More info here: ${moreInfoUrl}`) - } - return checkErrors(method, res, startTime, opts) - } else { - res.body.on('end', () => logRequest(method, res, startTime, opts)) - if (opts.ignoreBody) { - res.body.resume() - return new Response(null, res) - } - return res - } - } -module.exports = checkResponse - -function logRequest (method, res, startTime) { - const elapsedTime = Date.now() - startTime - const attempt = res.headers.get('x-fetch-attempts') - const attemptStr = attempt && attempt > 1 ? ` attempt #${attempt}` : '' - const cacheStatus = res.headers.get('x-local-cache-status') - const cacheStr = cacheStatus ? ` (cache ${cacheStatus})` : '' - const urlStr = cleanUrl(res.url) - - log.http( - 'fetch', - `${method.toUpperCase()} ${res.status} ${urlStr} ${elapsedTime}ms${attemptStr}${cacheStr}` - ) -} - -function checkErrors (method, res, startTime, opts) { - return res.buffer() - .catch(() => null) - .then(body => { - let parsed = body - try { - parsed = JSON.parse(body.toString('utf8')) - } catch { - // ignore errors - } - if (res.status === 401 && res.headers.get('www-authenticate')) { - const auth = res.headers.get('www-authenticate') - .split(/,\s*/) - .map(s => s.toLowerCase()) - if (auth.indexOf('ipaddress') !== -1) { - throw new errors.HttpErrorAuthIPAddress( - method, res, parsed, opts.spec - ) - } else if (auth.indexOf('otp') !== -1) { - throw new errors.HttpErrorAuthOTP( - method, res, parsed, opts.spec - ) - } else { - throw new errors.HttpErrorAuthUnknown( - method, res, parsed, opts.spec - ) - } - } else if ( - res.status === 401 && - body != null && - /one-time pass/.test(body.toString('utf8')) - ) { - // Heuristic for malformed OTP responses that don't include the - // www-authenticate header. - throw new errors.HttpErrorAuthOTP( - method, res, parsed, opts.spec - ) - } else { - throw new errors.HttpErrorGeneral( - method, res, parsed, opts.spec - ) - } - }) -} diff --git a/node_modules/pacote/node_modules/npm-registry-fetch/lib/default-opts.js b/node_modules/pacote/node_modules/npm-registry-fetch/lib/default-opts.js deleted file mode 100644 index f0847f0b507e2..0000000000000 --- a/node_modules/pacote/node_modules/npm-registry-fetch/lib/default-opts.js +++ /dev/null @@ -1,19 +0,0 @@ -const pkg = require('../package.json') -module.exports = { - maxSockets: 12, - method: 'GET', - registry: 'https://registry.npmjs.org/', - timeout: 5 * 60 * 1000, // 5 minutes - strictSSL: true, - noProxy: process.env.NOPROXY, - userAgent: `${pkg.name - }@${ - pkg.version - }/node@${ - process.version - }+${ - process.arch - } (${ - process.platform - })`, -} diff --git a/node_modules/pacote/node_modules/npm-registry-fetch/lib/errors.js b/node_modules/pacote/node_modules/npm-registry-fetch/lib/errors.js deleted file mode 100644 index cf5ddba6f300c..0000000000000 --- a/node_modules/pacote/node_modules/npm-registry-fetch/lib/errors.js +++ /dev/null @@ -1,80 +0,0 @@ -'use strict' - -const url = require('url') - -function packageName (href) { - try { - let basePath = new url.URL(href).pathname.slice(1) - if (!basePath.match(/^-/)) { - basePath = basePath.split('/') - var index = basePath.indexOf('_rewrite') - if (index === -1) { - index = basePath.length - 1 - } else { - index++ - } - return decodeURIComponent(basePath[index]) - } - } catch (_) { - // this is ok - } -} - -class HttpErrorBase extends Error { - constructor (method, res, body, spec) { - super() - this.name = this.constructor.name - this.headers = res.headers.raw() - this.statusCode = res.status - this.code = `E${res.status}` - this.method = method - this.uri = res.url - this.body = body - this.pkgid = spec ? spec.toString() : packageName(res.url) - } -} -module.exports.HttpErrorBase = HttpErrorBase - -class HttpErrorGeneral extends HttpErrorBase { - constructor (method, res, body, spec) { - super(method, res, body, spec) - this.message = `${res.status} ${res.statusText} - ${ - this.method.toUpperCase() - } ${ - this.spec || this.uri - }${ - (body && body.error) ? ' - ' + body.error : '' - }` - Error.captureStackTrace(this, HttpErrorGeneral) - } -} -module.exports.HttpErrorGeneral = HttpErrorGeneral - -class HttpErrorAuthOTP extends HttpErrorBase { - constructor (method, res, body, spec) { - super(method, res, body, spec) - this.message = 'OTP required for authentication' - this.code = 'EOTP' - Error.captureStackTrace(this, HttpErrorAuthOTP) - } -} -module.exports.HttpErrorAuthOTP = HttpErrorAuthOTP - -class HttpErrorAuthIPAddress extends HttpErrorBase { - constructor (method, res, body, spec) { - super(method, res, body, spec) - this.message = 'Login is not allowed from your IP address' - this.code = 'EAUTHIP' - Error.captureStackTrace(this, HttpErrorAuthIPAddress) - } -} -module.exports.HttpErrorAuthIPAddress = HttpErrorAuthIPAddress - -class HttpErrorAuthUnknown extends HttpErrorBase { - constructor (method, res, body, spec) { - super(method, res, body, spec) - this.message = 'Unable to authenticate, need: ' + res.headers.get('www-authenticate') - Error.captureStackTrace(this, HttpErrorAuthUnknown) - } -} -module.exports.HttpErrorAuthUnknown = HttpErrorAuthUnknown diff --git a/node_modules/pacote/node_modules/npm-registry-fetch/lib/index.js b/node_modules/pacote/node_modules/npm-registry-fetch/lib/index.js deleted file mode 100644 index bce6e6b1aae0a..0000000000000 --- a/node_modules/pacote/node_modules/npm-registry-fetch/lib/index.js +++ /dev/null @@ -1,247 +0,0 @@ -'use strict' - -const { HttpErrorAuthOTP } = require('./errors.js') -const checkResponse = require('./check-response.js') -const getAuth = require('./auth.js') -const fetch = require('make-fetch-happen') -const JSONStream = require('minipass-json-stream') -const npa = require('npm-package-arg') -const qs = require('querystring') -const url = require('url') -const zlib = require('minizlib') -const { Minipass } = require('minipass') - -const defaultOpts = require('./default-opts.js') - -// WhatWG URL throws if it's not fully resolved -const urlIsValid = u => { - try { - return !!new url.URL(u) - } catch (_) { - return false - } -} - -module.exports = regFetch -function regFetch (uri, /* istanbul ignore next */ opts_ = {}) { - const opts = { - ...defaultOpts, - ...opts_, - } - - // if we did not get a fully qualified URI, then we look at the registry - // config or relevant scope to resolve it. - const uriValid = urlIsValid(uri) - let registry = opts.registry || defaultOpts.registry - if (!uriValid) { - registry = opts.registry = ( - (opts.spec && pickRegistry(opts.spec, opts)) || - opts.registry || - registry - ) - uri = `${ - registry.trim().replace(/\/?$/g, '') - }/${ - uri.trim().replace(/^\//, '') - }` - // asserts that this is now valid - new url.URL(uri) - } - - const method = opts.method || 'GET' - - // through that takes into account the scope, the prefix of `uri`, etc - const startTime = Date.now() - const auth = getAuth(uri, opts) - const headers = getHeaders(uri, auth, opts) - let body = opts.body - const bodyIsStream = Minipass.isStream(body) - const bodyIsPromise = body && - typeof body === 'object' && - typeof body.then === 'function' - - if ( - body && !bodyIsStream && !bodyIsPromise && typeof body !== 'string' && !Buffer.isBuffer(body) - ) { - headers['content-type'] = headers['content-type'] || 'application/json' - body = JSON.stringify(body) - } else if (body && !headers['content-type']) { - headers['content-type'] = 'application/octet-stream' - } - - if (opts.gzip) { - headers['content-encoding'] = 'gzip' - if (bodyIsStream) { - const gz = new zlib.Gzip() - body.on('error', /* istanbul ignore next: unlikely and hard to test */ - err => gz.emit('error', err)) - body = body.pipe(gz) - } else if (!bodyIsPromise) { - body = new zlib.Gzip().end(body).concat() - } - } - - const parsed = new url.URL(uri) - - if (opts.query) { - const q = typeof opts.query === 'string' ? qs.parse(opts.query) - : opts.query - - Object.keys(q).forEach(key => { - if (q[key] !== undefined) { - parsed.searchParams.set(key, q[key]) - } - }) - uri = url.format(parsed) - } - - if (parsed.searchParams.get('write') === 'true' && method === 'GET') { - // do not cache, because this GET is fetching a rev that will be - // used for a subsequent PUT or DELETE, so we need to conditionally - // update cache. - opts.offline = false - opts.preferOffline = false - opts.preferOnline = true - } - - const doFetch = async fetchBody => { - const p = fetch(uri, { - agent: opts.agent, - algorithms: opts.algorithms, - body: fetchBody, - cache: getCacheMode(opts), - cachePath: opts.cache, - ca: opts.ca, - cert: auth.cert || opts.cert, - headers, - integrity: opts.integrity, - key: auth.key || opts.key, - localAddress: opts.localAddress, - maxSockets: opts.maxSockets, - memoize: opts.memoize, - method: method, - noProxy: opts.noProxy, - proxy: opts.httpsProxy || opts.proxy, - retry: opts.retry ? opts.retry : { - retries: opts.fetchRetries, - factor: opts.fetchRetryFactor, - minTimeout: opts.fetchRetryMintimeout, - maxTimeout: opts.fetchRetryMaxtimeout, - }, - strictSSL: opts.strictSSL, - timeout: opts.timeout || 30 * 1000, - }).then(res => checkResponse({ - method, - uri, - res, - registry, - startTime, - auth, - opts, - })) - - if (typeof opts.otpPrompt === 'function') { - return p.catch(async er => { - if (er instanceof HttpErrorAuthOTP) { - let otp - // if otp fails to complete, we fail with that failure - try { - otp = await opts.otpPrompt() - } catch (_) { - // ignore this error - } - // if no otp provided, or otpPrompt errored, throw the original HTTP error - if (!otp) { - throw er - } - return regFetch(uri, { ...opts, otp }) - } - throw er - }) - } else { - return p - } - } - - return Promise.resolve(body).then(doFetch) -} - -module.exports.getAuth = getAuth - -module.exports.json = fetchJSON -function fetchJSON (uri, opts) { - return regFetch(uri, opts).then(res => res.json()) -} - -module.exports.json.stream = fetchJSONStream -function fetchJSONStream (uri, jsonPath, - /* istanbul ignore next */ opts_ = {}) { - const opts = { ...defaultOpts, ...opts_ } - const parser = JSONStream.parse(jsonPath, opts.mapJSON) - regFetch(uri, opts).then(res => - res.body.on('error', - /* istanbul ignore next: unlikely and difficult to test */ - er => parser.emit('error', er)).pipe(parser) - ).catch(er => parser.emit('error', er)) - return parser -} - -module.exports.pickRegistry = pickRegistry -function pickRegistry (spec, opts = {}) { - spec = npa(spec) - let registry = spec.scope && - opts[spec.scope.replace(/^@?/, '@') + ':registry'] - - if (!registry && opts.scope) { - registry = opts[opts.scope.replace(/^@?/, '@') + ':registry'] - } - - if (!registry) { - registry = opts.registry || defaultOpts.registry - } - - return registry -} - -function getCacheMode (opts) { - return opts.offline ? 'only-if-cached' - : opts.preferOffline ? 'force-cache' - : opts.preferOnline ? 'no-cache' - : 'default' -} - -function getHeaders (uri, auth, opts) { - const headers = Object.assign({ - 'user-agent': opts.userAgent, - }, opts.headers || {}) - - if (opts.authType) { - headers['npm-auth-type'] = opts.authType - } - - if (opts.scope) { - headers['npm-scope'] = opts.scope - } - - if (opts.npmSession) { - headers['npm-session'] = opts.npmSession - } - - if (opts.npmCommand) { - headers['npm-command'] = opts.npmCommand - } - - // If a tarball is hosted on a different place than the manifest, only send - // credentials on `alwaysAuth` - if (auth.token) { - headers.authorization = `Bearer ${auth.token}` - } else if (auth.auth) { - headers.authorization = `Basic ${auth.auth}` - } - - if (opts.otp) { - headers['npm-otp'] = opts.otp - } - - return headers -} diff --git a/node_modules/pacote/node_modules/npm-registry-fetch/package.json b/node_modules/pacote/node_modules/npm-registry-fetch/package.json deleted file mode 100644 index 52820a6a206ec..0000000000000 --- a/node_modules/pacote/node_modules/npm-registry-fetch/package.json +++ /dev/null @@ -1,68 +0,0 @@ -{ - "name": "npm-registry-fetch", - "version": "17.0.0", - "description": "Fetch-based http client for use with npm registry APIs", - "main": "lib", - "files": [ - "bin/", - "lib/" - ], - "scripts": { - "eslint": "eslint", - "lint": "eslint \"**/*.{js,cjs,ts,mjs,jsx,tsx}\"", - "lintfix": "npm run lint -- --fix", - "test": "tap", - "posttest": "npm run lint", - "npmclilint": "npmcli-lint", - "postsnap": "npm run lintfix --", - "postlint": "template-oss-check", - "snap": "tap", - "template-oss-apply": "template-oss-apply --force" - }, - "repository": { - "type": "git", - "url": "https://github.com/npm/npm-registry-fetch.git" - }, - "keywords": [ - "npm", - "registry", - "fetch" - ], - "author": "GitHub Inc.", - "license": "ISC", - "dependencies": { - "@npmcli/redact": "^2.0.0", - "make-fetch-happen": "^13.0.0", - "minipass": "^7.0.2", - "minipass-fetch": "^3.0.0", - "minipass-json-stream": "^1.0.1", - "minizlib": "^2.1.2", - "npm-package-arg": "^11.0.0", - "proc-log": "^4.0.0" - }, - "devDependencies": { - "@npmcli/eslint-config": "^4.0.0", - "@npmcli/template-oss": "4.21.4", - "cacache": "^18.0.0", - "nock": "^13.2.4", - "require-inject": "^1.4.4", - "ssri": "^10.0.0", - "tap": "^16.0.1" - }, - "tap": { - "check-coverage": true, - "test-ignore": "test[\\\\/](util|cache)[\\\\/]", - "nyc-arg": [ - "--exclude", - "tap-snapshots/**" - ] - }, - "engines": { - "node": "^16.14.0 || >=18.0.0" - }, - "templateOSS": { - "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.", - "version": "4.21.4", - "publish": "true" - } -} diff --git a/package-lock.json b/package-lock.json index 6c881bfccc26f..6693448b04e90 100644 --- a/package-lock.json +++ b/package-lock.json @@ -135,7 +135,7 @@ "npm-package-arg": "^11.0.2", "npm-pick-manifest": "^9.0.0", "npm-profile": "^9.0.2", - "npm-registry-fetch": "^16.2.1", + "npm-registry-fetch": "^17.0.0", "npm-user-validate": "^2.0.0", "p-map": "^4.0.0", "pacote": "^18.0.3", @@ -9024,16 +9024,7 @@ "node": "^16.14.0 || >=18.0.0" } }, - "node_modules/npm-profile/node_modules/@npmcli/redact": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/@npmcli/redact/-/redact-2.0.0.tgz", - "integrity": "sha512-SEjCPAVHWYUIQR+Yn03kJmrJjZDtJLYpj300m3HV9OTRZNpC5YpbMsM3eTkECyT4aWj8lDr9WeY6TWefpubtYQ==", - "inBundle": true, - "engines": { - "node": "^16.14.0 || >=18.0.0" - } - }, - "node_modules/npm-profile/node_modules/npm-registry-fetch": { + "node_modules/npm-registry-fetch": { "version": "17.0.0", "resolved": "https://registry.npmjs.org/npm-registry-fetch/-/npm-registry-fetch-17.0.0.tgz", "integrity": "sha512-JoOpdYqru846tJX96Jn2jyYVpc1TD1o6Oox80rjVIDAZqIsS2n+nNx+/Qd02LlQm/itGhsBgzP1VUKACLQHD+Q==", @@ -9052,21 +9043,11 @@ "node": "^16.14.0 || >=18.0.0" } }, - "node_modules/npm-registry-fetch": { - "version": "16.2.1", - "resolved": "https://registry.npmjs.org/npm-registry-fetch/-/npm-registry-fetch-16.2.1.tgz", - "integrity": "sha512-8l+7jxhim55S85fjiDGJ1rZXBWGtRLi1OSb4Z3BPLObPuIaeKRlPRiYMSHU4/81ck3t71Z+UwDDl47gcpmfQQA==", + "node_modules/npm-registry-fetch/node_modules/@npmcli/redact": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/@npmcli/redact/-/redact-2.0.0.tgz", + "integrity": "sha512-SEjCPAVHWYUIQR+Yn03kJmrJjZDtJLYpj300m3HV9OTRZNpC5YpbMsM3eTkECyT4aWj8lDr9WeY6TWefpubtYQ==", "inBundle": true, - "dependencies": { - "@npmcli/redact": "^1.1.0", - "make-fetch-happen": "^13.0.0", - "minipass": "^7.0.2", - "minipass-fetch": "^3.0.0", - "minipass-json-stream": "^1.0.1", - "minizlib": "^2.1.2", - "npm-package-arg": "^11.0.0", - "proc-log": "^4.0.0" - }, "engines": { "node": "^16.14.0 || >=18.0.0" } @@ -9629,34 +9610,6 @@ "node": "^16.14.0 || >=18.0.0" } }, - "node_modules/pacote/node_modules/@npmcli/redact": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/@npmcli/redact/-/redact-2.0.0.tgz", - "integrity": "sha512-SEjCPAVHWYUIQR+Yn03kJmrJjZDtJLYpj300m3HV9OTRZNpC5YpbMsM3eTkECyT4aWj8lDr9WeY6TWefpubtYQ==", - "inBundle": true, - "engines": { - "node": "^16.14.0 || >=18.0.0" - } - }, - "node_modules/pacote/node_modules/npm-registry-fetch": { - "version": "17.0.0", - "resolved": "https://registry.npmjs.org/npm-registry-fetch/-/npm-registry-fetch-17.0.0.tgz", - "integrity": "sha512-JoOpdYqru846tJX96Jn2jyYVpc1TD1o6Oox80rjVIDAZqIsS2n+nNx+/Qd02LlQm/itGhsBgzP1VUKACLQHD+Q==", - "inBundle": true, - "dependencies": { - "@npmcli/redact": "^2.0.0", - "make-fetch-happen": "^13.0.0", - "minipass": "^7.0.2", - "minipass-fetch": "^3.0.0", - "minipass-json-stream": "^1.0.1", - "minizlib": "^2.1.2", - "npm-package-arg": "^11.0.0", - "proc-log": "^4.0.0" - }, - "engines": { - "node": "^16.14.0 || >=18.0.0" - } - }, "node_modules/parent-module": { "version": "1.0.1", "resolved": "https://registry.npmjs.org/parent-module/-/parent-module-1.0.1.tgz", @@ -15039,7 +14992,7 @@ "npm-install-checks": "^6.2.0", "npm-package-arg": "^11.0.2", "npm-pick-manifest": "^9.0.0", - "npm-registry-fetch": "^16.2.1", + "npm-registry-fetch": "^17.0.0", "pacote": "^18.0.1", "parse-conflict-json": "^3.0.0", "proc-log": "^4.2.0", @@ -15098,7 +15051,7 @@ "license": "ISC", "dependencies": { "npm-package-arg": "^11.0.2", - "npm-registry-fetch": "^16.2.1" + "npm-registry-fetch": "^17.0.0" }, "devDependencies": { "@npmcli/eslint-config": "^4.0.0", @@ -15182,7 +15135,7 @@ "license": "ISC", "dependencies": { "aproba": "^2.0.0", - "npm-registry-fetch": "^16.2.1" + "npm-registry-fetch": "^17.0.0" }, "devDependencies": { "@npmcli/eslint-config": "^4.0.0", @@ -15199,7 +15152,7 @@ "license": "ISC", "dependencies": { "aproba": "^2.0.0", - "npm-registry-fetch": "^16.2.1" + "npm-registry-fetch": "^17.0.0" }, "devDependencies": { "@npmcli/eslint-config": "^4.0.0", @@ -15239,7 +15192,7 @@ "ci-info": "^4.0.0", "normalize-package-data": "^6.0.0", "npm-package-arg": "^11.0.2", - "npm-registry-fetch": "^16.2.1", + "npm-registry-fetch": "^17.0.0", "proc-log": "^4.2.0", "semver": "^7.3.7", "sigstore": "^2.2.0", @@ -15261,7 +15214,7 @@ "version": "7.0.3", "license": "ISC", "dependencies": { - "npm-registry-fetch": "^16.2.1" + "npm-registry-fetch": "^17.0.0" }, "devDependencies": { "@npmcli/eslint-config": "^4.0.0", @@ -15278,7 +15231,7 @@ "license": "ISC", "dependencies": { "aproba": "^2.0.0", - "npm-registry-fetch": "^16.2.1" + "npm-registry-fetch": "^17.0.0" }, "devDependencies": { "@npmcli/eslint-config": "^4.0.0", diff --git a/package.json b/package.json index 05a34416ce305..7808fdaea3b7f 100644 --- a/package.json +++ b/package.json @@ -100,7 +100,7 @@ "npm-package-arg": "^11.0.2", "npm-pick-manifest": "^9.0.0", "npm-profile": "^9.0.2", - "npm-registry-fetch": "^16.2.1", + "npm-registry-fetch": "^17.0.0", "npm-user-validate": "^2.0.0", "p-map": "^4.0.0", "pacote": "^18.0.3", diff --git a/workspaces/arborist/package.json b/workspaces/arborist/package.json index 26625d046e1e7..c28e4e96203b0 100644 --- a/workspaces/arborist/package.json +++ b/workspaces/arborist/package.json @@ -25,7 +25,7 @@ "npm-install-checks": "^6.2.0", "npm-package-arg": "^11.0.2", "npm-pick-manifest": "^9.0.0", - "npm-registry-fetch": "^16.2.1", + "npm-registry-fetch": "^17.0.0", "pacote": "^18.0.1", "parse-conflict-json": "^3.0.0", "proc-log": "^4.2.0", diff --git a/workspaces/libnpmaccess/package.json b/workspaces/libnpmaccess/package.json index 5c925784f0cab..e1731a5ebe273 100644 --- a/workspaces/libnpmaccess/package.json +++ b/workspaces/libnpmaccess/package.json @@ -30,7 +30,7 @@ "homepage": "https://npmjs.com/package/libnpmaccess", "dependencies": { "npm-package-arg": "^11.0.2", - "npm-registry-fetch": "^16.2.1" + "npm-registry-fetch": "^17.0.0" }, "engines": { "node": "^16.14.0 || >=18.0.0" diff --git a/workspaces/libnpmhook/package.json b/workspaces/libnpmhook/package.json index a2adca517cc96..6d1cc8c674e53 100644 --- a/workspaces/libnpmhook/package.json +++ b/workspaces/libnpmhook/package.json @@ -31,7 +31,7 @@ "license": "ISC", "dependencies": { "aproba": "^2.0.0", - "npm-registry-fetch": "^16.2.1" + "npm-registry-fetch": "^17.0.0" }, "devDependencies": { "@npmcli/eslint-config": "^4.0.0", diff --git a/workspaces/libnpmorg/package.json b/workspaces/libnpmorg/package.json index ce206c626ce68..8815c79c36363 100644 --- a/workspaces/libnpmorg/package.json +++ b/workspaces/libnpmorg/package.json @@ -42,7 +42,7 @@ "homepage": "https://npmjs.com/package/libnpmorg", "dependencies": { "aproba": "^2.0.0", - "npm-registry-fetch": "^16.2.1" + "npm-registry-fetch": "^17.0.0" }, "engines": { "node": "^16.14.0 || >=18.0.0" diff --git a/workspaces/libnpmpublish/package.json b/workspaces/libnpmpublish/package.json index 0c3a38c566f64..031396b1a46df 100644 --- a/workspaces/libnpmpublish/package.json +++ b/workspaces/libnpmpublish/package.json @@ -41,7 +41,7 @@ "ci-info": "^4.0.0", "normalize-package-data": "^6.0.0", "npm-package-arg": "^11.0.2", - "npm-registry-fetch": "^16.2.1", + "npm-registry-fetch": "^17.0.0", "proc-log": "^4.2.0", "semver": "^7.3.7", "sigstore": "^2.2.0", diff --git a/workspaces/libnpmsearch/package.json b/workspaces/libnpmsearch/package.json index 7c7261a7b848e..03c12602296e4 100644 --- a/workspaces/libnpmsearch/package.json +++ b/workspaces/libnpmsearch/package.json @@ -38,7 +38,7 @@ "bugs": "https://github.com/npm/libnpmsearch/issues", "homepage": "https://npmjs.com/package/libnpmsearch", "dependencies": { - "npm-registry-fetch": "^16.2.1" + "npm-registry-fetch": "^17.0.0" }, "engines": { "node": "^16.14.0 || >=18.0.0" diff --git a/workspaces/libnpmteam/package.json b/workspaces/libnpmteam/package.json index a7943acb5e7ae..f4145d66253c2 100644 --- a/workspaces/libnpmteam/package.json +++ b/workspaces/libnpmteam/package.json @@ -32,7 +32,7 @@ "homepage": "https://npmjs.com/package/libnpmteam", "dependencies": { "aproba": "^2.0.0", - "npm-registry-fetch": "^16.2.1" + "npm-registry-fetch": "^17.0.0" }, "engines": { "node": "^16.14.0 || >=18.0.0"