From b06e89f434fe8f104e71d4d8b5c98f1e866efdfa Mon Sep 17 00:00:00 2001 From: Ruy Adorno Date: Mon, 4 Apr 2022 18:39:30 -0400 Subject: [PATCH] fix(install): do not install invalid package name Throws an usage error if finding an invalid argument in global install. Fixes: https://github.com/npm/cli/issues/3029 --- lib/commands/install.js | 6 ++++++ test/lib/commands/install.js | 17 +++++++++++++++++ 2 files changed, 23 insertions(+) diff --git a/lib/commands/install.js b/lib/commands/install.js index 0a5c827bcc97b..d1f6d1481dddc 100644 --- a/lib/commands/install.js +++ b/lib/commands/install.js @@ -139,6 +139,12 @@ class Install extends ArboristWorkspaceCmd { args = ['.'] } + // throw usage error if trying to install empty package + // name to global space, e.g: `npm i -g ""` + if (where === globalTop && !args.every(Boolean)) { + throw this.usageError() + } + const opts = { ...this.npm.flatOptions, auditLevel: null, diff --git a/test/lib/commands/install.js b/test/lib/commands/install.js index afb6adb4fb0a5..9b2d52f6edd21 100644 --- a/test/lib/commands/install.js +++ b/test/lib/commands/install.js @@ -139,6 +139,23 @@ t.test('should install globally using Arborist', async t => { t.strictSame(SCRIPTS, [], 'no scripts when installing globally') }) +t.test('should not install invalid global package name', async t => { + const { npm } = await loadMockNpm(t, { + '@npmcli/run-script': () => {}, + '../../lib/utils/reify-finish.js': async () => {}, + '@npmcli/arborist': function (args) { + throw new Error('should not reify') + }, + }) + npm.config.set('global', true) + npm.globalPrefix = path.resolve(t.testdir({})) + await t.rejects( + npm.exec('install', ['']), + /Usage:/, + 'should not install invalid package name' + ) +}) + t.test('npm i -g npm engines check success', async t => { const { npm } = await loadMockNpm(t, { '../../lib/utils/reify-finish.js': async () => {},