npm · fritzy · Aug 17, 2022 · Aug 17, 2022
@@ -18,10 +18,15 @@ const run = conf => {
     case 'tarball':
       if (!conf._[2] || conf._[2] === '-') {
         return pacote.tarball.stream(conf._[1], stream => {
-          stream.pipe(conf.testStdout ||
-          /* istanbul ignore next */ process.stdout)
+          stream.pipe(
+            conf.testStdout ||
+            /* istanbul ignore next */
+            process.stdout
+          )
           // make sure it resolves something falsey
-          return stream.promise().then(() => {})
+          return stream.promise().then(() => {
+            return false
+          })
         }, conf)
       } else {
         return pacote.tarball.file(conf._[1], conf._[2], conf)

@@ -254,6 +254,7 @@ class FetcherBase {
     cstream.on('error', err => stream.emit('error', err))
     stream.pipe(cstream)
 
+    // eslint-disable-next-line promise/catch-or-return
     cstream.promise().catch(() => {}).then(() => middleStream.end())
     return middleStream
   }
@@ -269,7 +270,10 @@ class FetcherBase {
   }
 
   // override the types getter
-  get types () {}
+  get types () {
+    return false
+  }
+
   [_assertType] () {
     if (this.types && !this.types.includes(this.spec.type)) {
       throw new TypeError(`Wrong spec type (${

@@ -239,7 +239,7 @@ class GitFetcher extends Fetcher {
     tarballOk = tarballOk &&
       h && resolved === repoUrl(h, { noCommittish: false }) && h.tarball
 
-    return cacache.tmp.withTmp(this.cache, o, tmp => {
+    return cacache.tmp.withTmp(this.cache, o, async tmp => {
       // if we're resolved, and have a tarball url, shell out to RemoteFetcher
       if (tarballOk) {
         const nameat = this.spec.name ? `${this.spec.name}@` : ''
@@ -259,16 +259,15 @@ class GitFetcher extends Fetcher {
         })
       }
 
-      return (
+      const sha = await (
         h ? this[_cloneHosted](ref, tmp)
         : this[_cloneRepo](this.spec.fetchSpec, ref, tmp)
-      ).then(sha => {
-        this.resolvedSha = sha
-        if (!this.resolved) {
-          this[_addGitSha](sha)
-        }
-      })
-        .then(() => handler(tmp))
+      )
+      this.resolvedSha = sha
+      if (!this.resolved) {
+        await this[_addGitSha](sha)
+      }
+      return handler(tmp)
     })
   }
 

@@ -41,6 +41,7 @@ class RemoteFetcher extends Fetcher {
       algorithms: [this.pickIntegrityAlgorithm()],
     }
 
+    // eslint-disable-next-line promise/always-return
     fetch(this.resolved, fetchOpts).then(res => {
       res.body.on('error',
         /* istanbul ignore next - exceedingly rare and hard to simulate */

@@ -1,6 +1,6 @@
 {
   "name": "pacote",
-  "version": "13.6.1",
+  "version": "13.6.2",
   "description": "JavaScript package downloader",
   "author": "GitHub Inc.",
   "bin": {

@@ -140,7 +140,7 @@
         "npmlog": "^6.0.2",
         "opener": "^1.5.2",
         "p-map": "^4.0.0",
-        "pacote": "^13.6.1",
+        "pacote": "^13.6.2",
         "parse-conflict-json": "^2.0.2",
         "proc-log": "^2.0.1",
         "qrcode-terminal": "^0.12.0",
@@ -5598,9 +5598,9 @@
       }
     },
     "node_modules/pacote": {
-      "version": "13.6.1",
-      "resolved": "https://registry.npmjs.org/pacote/-/pacote-13.6.1.tgz",
-      "integrity": "sha512-L+2BI1ougAPsFjXRyBhcKmfT016NscRFLv6Pz5EiNf1CCFJFU0pSKKQwsZTyAQB+sTuUL4TyFyp6J1Ork3dOqw==",
+      "version": "13.6.2",
+      "resolved": "https://registry.npmjs.org/pacote/-/pacote-13.6.2.tgz",
+      "integrity": "sha512-Gu8fU3GsvOPkak2CkbojR7vjs3k3P9cA6uazKTHdsdV0gpCEQq2opelnEv30KRQWgVzP5Vd/5umjcedma3MKtg==",
       "inBundle": true,
       "dependencies": {
         "@npmcli/git": "^3.0.0",

@@ -108,7 +108,7 @@
     "npmlog": "^6.0.2",
     "opener": "^1.5.2",
     "p-map": "^4.0.0",
-    "pacote": "^13.6.1",
+    "pacote": "^13.6.2",
     "parse-conflict-json": "^2.0.2",
     "proc-log": "^2.0.1",
     "qrcode-terminal": "^0.12.0",