From b1863bf87adeb6deec83869f0f7bb1df4a5731ef Mon Sep 17 00:00:00 2001 From: Gar Date: Tue, 5 Apr 2022 13:36:33 -0700 Subject: [PATCH] deps: pacote@13.1.1 --- .../@npmcli/promise-spawn/LICENSE | 15 - node_modules/@npmcli/promise-spawn/index.js | 75 -- .../@npmcli => }/promise-spawn/lib/index.js | 0 .../@npmcli/promise-spawn/package.json | 30 +- .../@npmcli/promise-spawn/LICENSE | 15 - .../@npmcli/promise-spawn/lib/index.js | 75 -- .../@npmcli/promise-spawn/package.json | 48 - node_modules/ignore-walk/{ => lib}/index.js | 26 +- .../node_modules/brace-expansion/LICENSE | 21 + .../node_modules/brace-expansion/index.js | 203 ++++ .../node_modules/brace-expansion/package.json | 46 + .../node_modules/minimatch/LICENSE | 15 + .../node_modules/minimatch/lib/path.js | 4 + .../node_modules/minimatch/minimatch.js | 901 ++++++++++++++++++ .../node_modules/minimatch/package.json | 32 + node_modules/ignore-walk/package.json | 41 +- node_modules/npm-packlist/bin/index.js | 29 +- node_modules/npm-packlist/lib/index.js | 99 +- node_modules/npm-packlist/package.json | 31 +- node_modules/pacote/lib/bin.js | 2 +- node_modules/pacote/lib/fetcher.js | 11 +- node_modules/pacote/lib/remote.js | 4 +- .../pacote/lib/util/trailing-slashes.js | 2 +- .../pacote/node_modules/ssri/LICENSE.md | 16 + .../pacote/node_modules/ssri/lib/index.js | 499 ++++++++++ .../node_modules/ssri}/package.json | 59 +- node_modules/pacote/package.json | 35 +- package-lock.json | 198 ++-- package.json | 2 +- 29 files changed, 2046 insertions(+), 488 deletions(-) delete mode 100644 node_modules/@npmcli/git/node_modules/@npmcli/promise-spawn/LICENSE delete mode 100644 node_modules/@npmcli/promise-spawn/index.js rename node_modules/@npmcli/{git/node_modules/@npmcli => }/promise-spawn/lib/index.js (100%) delete mode 100644 node_modules/@npmcli/run-script/node_modules/@npmcli/promise-spawn/LICENSE delete mode 100644 node_modules/@npmcli/run-script/node_modules/@npmcli/promise-spawn/lib/index.js delete mode 100644 node_modules/@npmcli/run-script/node_modules/@npmcli/promise-spawn/package.json rename node_modules/ignore-walk/{ => lib}/index.js (91%) create mode 100644 node_modules/ignore-walk/node_modules/brace-expansion/LICENSE create mode 100644 node_modules/ignore-walk/node_modules/brace-expansion/index.js create mode 100644 node_modules/ignore-walk/node_modules/brace-expansion/package.json create mode 100644 node_modules/ignore-walk/node_modules/minimatch/LICENSE create mode 100644 node_modules/ignore-walk/node_modules/minimatch/lib/path.js create mode 100644 node_modules/ignore-walk/node_modules/minimatch/minimatch.js create mode 100644 node_modules/ignore-walk/node_modules/minimatch/package.json create mode 100644 node_modules/pacote/node_modules/ssri/LICENSE.md create mode 100644 node_modules/pacote/node_modules/ssri/lib/index.js rename node_modules/{@npmcli/git/node_modules/@npmcli/promise-spawn => pacote/node_modules/ssri}/package.json (56%) diff --git a/node_modules/@npmcli/git/node_modules/@npmcli/promise-spawn/LICENSE b/node_modules/@npmcli/git/node_modules/@npmcli/promise-spawn/LICENSE deleted file mode 100644 index 8f90f96f4c6c5..0000000000000 --- a/node_modules/@npmcli/git/node_modules/@npmcli/promise-spawn/LICENSE +++ /dev/null @@ -1,15 +0,0 @@ -The ISC License - -Copyright (c) npm, Inc. - -Permission to use, copy, modify, and/or distribute this software for any -purpose with or without fee is hereby granted, provided that the above -copyright notice and this permission notice appear in all copies. - -THE SOFTWARE IS PROVIDED "AS IS" AND THE NPM DISCLAIMS ALL WARRANTIES WITH -REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND -FITNESS. IN NO EVENT SHALL THE NPM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, -OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, -DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS -ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS -SOFTWARE. diff --git a/node_modules/@npmcli/promise-spawn/index.js b/node_modules/@npmcli/promise-spawn/index.js deleted file mode 100644 index 6ad51b8e08ccf..0000000000000 --- a/node_modules/@npmcli/promise-spawn/index.js +++ /dev/null @@ -1,75 +0,0 @@ -const {spawn} = require('child_process') - -const inferOwner = require('infer-owner') - -const isPipe = (stdio = 'pipe', fd) => - stdio === 'pipe' || stdio === null ? true - : Array.isArray(stdio) ? isPipe(stdio[fd], fd) - : false - -// 'extra' object is for decorating the error a bit more -const promiseSpawn = (cmd, args, opts, extra = {}) => { - const cwd = opts.cwd || process.cwd() - const isRoot = process.getuid && process.getuid() === 0 - const { uid, gid } = isRoot ? inferOwner.sync(cwd) : {} - return promiseSpawnUid(cmd, args, { - ...opts, - cwd, - uid, - gid - }, extra) -} - -const stdioResult = (stdout, stderr, {stdioString, stdio}) => - stdioString ? { - stdout: isPipe(stdio, 1) ? Buffer.concat(stdout).toString() : null, - stderr: isPipe(stdio, 2) ? Buffer.concat(stderr).toString() : null, - } - : { - stdout: isPipe(stdio, 1) ? Buffer.concat(stdout) : null, - stderr: isPipe(stdio, 2) ? Buffer.concat(stderr) : null, - } - -const promiseSpawnUid = (cmd, args, opts, extra) => { - let proc - const p = new Promise((res, rej) => { - proc = spawn(cmd, args, opts) - const stdout = [] - const stderr = [] - const reject = er => rej(Object.assign(er, { - cmd, - args, - ...stdioResult(stdout, stderr, opts), - ...extra, - })) - proc.on('error', reject) - if (proc.stdout) { - proc.stdout.on('data', c => stdout.push(c)).on('error', reject) - proc.stdout.on('error', er => reject(er)) - } - if (proc.stderr) { - proc.stderr.on('data', c => stderr.push(c)).on('error', reject) - proc.stderr.on('error', er => reject(er)) - } - proc.on('close', (code, signal) => { - const result = { - cmd, - args, - code, - signal, - ...stdioResult(stdout, stderr, opts), - ...extra - } - if (code || signal) - rej(Object.assign(new Error('command failed'), result)) - else - res(result) - }) - }) - - p.stdin = proc.stdin - p.process = proc - return p -} - -module.exports = promiseSpawn diff --git a/node_modules/@npmcli/git/node_modules/@npmcli/promise-spawn/lib/index.js b/node_modules/@npmcli/promise-spawn/lib/index.js similarity index 100% rename from node_modules/@npmcli/git/node_modules/@npmcli/promise-spawn/lib/index.js rename to node_modules/@npmcli/promise-spawn/lib/index.js diff --git a/node_modules/@npmcli/promise-spawn/package.json b/node_modules/@npmcli/promise-spawn/package.json index be7342f56a0d8..4521b56d50560 100644 --- a/node_modules/@npmcli/promise-spawn/package.json +++ b/node_modules/@npmcli/promise-spawn/package.json @@ -1,30 +1,46 @@ { "name": "@npmcli/promise-spawn", - "version": "1.3.2", + "version": "3.0.0", "files": [ - "index.js" + "bin/", + "lib/" ], + "main": "./lib/index.js", "description": "spawn processes the way the npm cli likes to do", "repository": { "type": "git", - "url": "git+https://github.com/npm/promise-spawn" + "url": "https://github.com/npm/promise-spawn.git" }, - "author": "Isaac Z. Schlueter (https://izs.me)", + "author": "GitHub Inc.", "license": "ISC", "scripts": { "test": "tap", "snap": "tap", "preversion": "npm test", "postversion": "npm publish", - "prepublishOnly": "git push origin --follow-tags" + "prepublishOnly": "git push origin --follow-tags", + "lint": "eslint \"**/*.js\"", + "lintfix": "npm run lint -- --fix", + "posttest": "npm run lint", + "postsnap": "npm run lintfix --", + "postlint": "template-oss-check", + "template-oss-apply": "template-oss-apply --force" }, "tap": { "check-coverage": true }, "devDependencies": { + "@npmcli/eslint-config": "^3.0.1", + "@npmcli/template-oss": "3.2.2", "minipass": "^3.1.1", - "require-inject": "^1.4.4", - "tap": "^14.10.6" + "tap": "^16.0.1" + }, + "engines": { + "node": "^12.13.0 || ^14.15.0 || >=16.0.0" + }, + "templateOSS": { + "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.", + "version": "3.2.2" }, "dependencies": { "infer-owner": "^1.0.4" diff --git a/node_modules/@npmcli/run-script/node_modules/@npmcli/promise-spawn/LICENSE b/node_modules/@npmcli/run-script/node_modules/@npmcli/promise-spawn/LICENSE deleted file mode 100644 index 8f90f96f4c6c5..0000000000000 --- a/node_modules/@npmcli/run-script/node_modules/@npmcli/promise-spawn/LICENSE +++ /dev/null @@ -1,15 +0,0 @@ -The ISC License - -Copyright (c) npm, Inc. - -Permission to use, copy, modify, and/or distribute this software for any -purpose with or without fee is hereby granted, provided that the above -copyright notice and this permission notice appear in all copies. - -THE SOFTWARE IS PROVIDED "AS IS" AND THE NPM DISCLAIMS ALL WARRANTIES WITH -REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND -FITNESS. IN NO EVENT SHALL THE NPM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, -OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, -DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS -ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS -SOFTWARE. diff --git a/node_modules/@npmcli/run-script/node_modules/@npmcli/promise-spawn/lib/index.js b/node_modules/@npmcli/run-script/node_modules/@npmcli/promise-spawn/lib/index.js deleted file mode 100644 index 84ddc83d10bab..0000000000000 --- a/node_modules/@npmcli/run-script/node_modules/@npmcli/promise-spawn/lib/index.js +++ /dev/null @@ -1,75 +0,0 @@ -const { spawn } = require('child_process') -const inferOwner = require('infer-owner') - -const isPipe = (stdio = 'pipe', fd) => - stdio === 'pipe' || stdio === null ? true - : Array.isArray(stdio) ? isPipe(stdio[fd], fd) - : false - -// 'extra' object is for decorating the error a bit more -const promiseSpawn = (cmd, args, opts = {}, extra = {}) => { - const cwd = opts.cwd || process.cwd() - const isRoot = process.getuid && process.getuid() === 0 - const { uid, gid } = isRoot ? inferOwner.sync(cwd) : {} - return promiseSpawnUid(cmd, args, { - ...opts, - cwd, - uid, - gid, - }, extra) -} - -const stdioResult = (stdout, stderr, { stdioString, stdio }) => - stdioString ? { - stdout: isPipe(stdio, 1) ? Buffer.concat(stdout).toString() : null, - stderr: isPipe(stdio, 2) ? Buffer.concat(stderr).toString() : null, - } - : { - stdout: isPipe(stdio, 1) ? Buffer.concat(stdout) : null, - stderr: isPipe(stdio, 2) ? Buffer.concat(stderr) : null, - } - -const promiseSpawnUid = (cmd, args, opts, extra) => { - let proc - const p = new Promise((res, rej) => { - proc = spawn(cmd, args, opts) - const stdout = [] - const stderr = [] - const reject = er => rej(Object.assign(er, { - cmd, - args, - ...stdioResult(stdout, stderr, opts), - ...extra, - })) - proc.on('error', reject) - if (proc.stdout) { - proc.stdout.on('data', c => stdout.push(c)).on('error', reject) - proc.stdout.on('error', er => reject(er)) - } - if (proc.stderr) { - proc.stderr.on('data', c => stderr.push(c)).on('error', reject) - proc.stderr.on('error', er => reject(er)) - } - proc.on('close', (code, signal) => { - const result = { - cmd, - args, - code, - signal, - ...stdioResult(stdout, stderr, opts), - ...extra, - } - if (code || signal) { - rej(Object.assign(new Error('command failed'), result)) - } else { - res(result) - } - }) - }) - - p.stdin = proc.stdin - p.process = proc - return p -} - -module.exports = promiseSpawn diff --git a/node_modules/@npmcli/run-script/node_modules/@npmcli/promise-spawn/package.json b/node_modules/@npmcli/run-script/node_modules/@npmcli/promise-spawn/package.json deleted file mode 100644 index 4521b56d50560..0000000000000 --- a/node_modules/@npmcli/run-script/node_modules/@npmcli/promise-spawn/package.json +++ /dev/null @@ -1,48 +0,0 @@ -{ - "name": "@npmcli/promise-spawn", - "version": "3.0.0", - "files": [ - "bin/", - "lib/" - ], - "main": "./lib/index.js", - "description": "spawn processes the way the npm cli likes to do", - "repository": { - "type": "git", - "url": "https://github.com/npm/promise-spawn.git" - }, - "author": "GitHub Inc.", - "license": "ISC", - "scripts": { - "test": "tap", - "snap": "tap", - "preversion": "npm test", - "postversion": "npm publish", - "prepublishOnly": "git push origin --follow-tags", - "lint": "eslint \"**/*.js\"", - "lintfix": "npm run lint -- --fix", - "posttest": "npm run lint", - "postsnap": "npm run lintfix --", - "postlint": "template-oss-check", - "template-oss-apply": "template-oss-apply --force" - }, - "tap": { - "check-coverage": true - }, - "devDependencies": { - "@npmcli/eslint-config": "^3.0.1", - "@npmcli/template-oss": "3.2.2", - "minipass": "^3.1.1", - "tap": "^16.0.1" - }, - "engines": { - "node": "^12.13.0 || ^14.15.0 || >=16.0.0" - }, - "templateOSS": { - "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.", - "version": "3.2.2" - }, - "dependencies": { - "infer-owner": "^1.0.4" - } -} diff --git a/node_modules/ignore-walk/index.js b/node_modules/ignore-walk/lib/index.js similarity index 91% rename from node_modules/ignore-walk/index.js rename to node_modules/ignore-walk/lib/index.js index 13fc954c54798..40a0726c3257f 100644 --- a/node_modules/ignore-walk/index.js +++ b/node_modules/ignore-walk/lib/index.js @@ -64,7 +64,7 @@ class Walker extends EE { this.entries = entries if (entries.length === 0) { if (this.includeEmpty) { - this.result.add(this.path.substr(this.root.length + 1)) + this.result.add(this.path.slice(this.root.length + 1)) } this.emit('done', this.result) } else { @@ -108,7 +108,9 @@ class Walker extends EE { } const rules = data.split(/\r?\n/) .filter(line => !/^#|^$/.test(line.trim())) - .map(r => new Minimatch(r, mmopt)) + .map(rule => { + return new Minimatch(rule.trim(), mmopt) + }) this.ignoreRules[file] = rules @@ -156,7 +158,7 @@ class Walker extends EE { const abs = this.path + '/' + entry if (!st.isDirectory()) { if (file) { - this.result.add(abs.substr(this.root.length + 1)) + this.result.add(abs.slice(this.root.length + 1)) } then() } else { @@ -171,21 +173,21 @@ class Walker extends EE { stat ({ entry, file, dir }, then) { const abs = this.path + '/' + entry - fs.lstat(abs, (er, st) => { - if (er) { - this.emit('error', er) + fs.lstat(abs, (lstatErr, lstatResult) => { + if (lstatErr) { + this.emit('error', lstatErr) } else { - const isSymbolicLink = st.isSymbolicLink() + const isSymbolicLink = lstatResult.isSymbolicLink() if (this.follow && isSymbolicLink) { - fs.stat(abs, (er, st) => { - if (er) { - this.emit('error', er) + fs.stat(abs, (statErr, statResult) => { + if (statErr) { + this.emit('error', statErr) } else { - this.onstat({ st, entry, file, dir, isSymbolicLink }, then) + this.onstat({ st: statResult, entry, file, dir, isSymbolicLink }, then) } }) } else { - this.onstat({ st, entry, file, dir, isSymbolicLink }, then) + this.onstat({ st: lstatResult, entry, file, dir, isSymbolicLink }, then) } } }) diff --git a/node_modules/ignore-walk/node_modules/brace-expansion/LICENSE b/node_modules/ignore-walk/node_modules/brace-expansion/LICENSE new file mode 100644 index 0000000000000..de3226673c387 --- /dev/null +++ b/node_modules/ignore-walk/node_modules/brace-expansion/LICENSE @@ -0,0 +1,21 @@ +MIT License + +Copyright (c) 2013 Julian Gruber + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/node_modules/ignore-walk/node_modules/brace-expansion/index.js b/node_modules/ignore-walk/node_modules/brace-expansion/index.js new file mode 100644 index 0000000000000..4af9ddee463f4 --- /dev/null +++ b/node_modules/ignore-walk/node_modules/brace-expansion/index.js @@ -0,0 +1,203 @@ +var balanced = require('balanced-match'); + +module.exports = expandTop; + +var escSlash = '\0SLASH'+Math.random()+'\0'; +var escOpen = '\0OPEN'+Math.random()+'\0'; +var escClose = '\0CLOSE'+Math.random()+'\0'; +var escComma = '\0COMMA'+Math.random()+'\0'; +var escPeriod = '\0PERIOD'+Math.random()+'\0'; + +function numeric(str) { + return parseInt(str, 10) == str + ? parseInt(str, 10) + : str.charCodeAt(0); +} + +function escapeBraces(str) { + return str.split('\\\\').join(escSlash) + .split('\\{').join(escOpen) + .split('\\}').join(escClose) + .split('\\,').join(escComma) + .split('\\.').join(escPeriod); +} + +function unescapeBraces(str) { + return str.split(escSlash).join('\\') + .split(escOpen).join('{') + .split(escClose).join('}') + .split(escComma).join(',') + .split(escPeriod).join('.'); +} + + +// Basically just str.split(","), but handling cases +// where we have nested braced sections, which should be +// treated as individual members, like {a,{b,c},d} +function parseCommaParts(str) { + if (!str) + return ['']; + + var parts = []; + var m = balanced('{', '}', str); + + if (!m) + return str.split(','); + + var pre = m.pre; + var body = m.body; + var post = m.post; + var p = pre.split(','); + + p[p.length-1] += '{' + body + '}'; + var postParts = parseCommaParts(post); + if (post.length) { + p[p.length-1] += postParts.shift(); + p.push.apply(p, postParts); + } + + parts.push.apply(parts, p); + + return parts; +} + +function expandTop(str) { + if (!str) + return []; + + // I don't know why Bash 4.3 does this, but it does. + // Anything starting with {} will have the first two bytes preserved + // but *only* at the top level, so {},a}b will not expand to anything, + // but a{},b}c will be expanded to [a}c,abc]. + // One could argue that this is a bug in Bash, but since the goal of + // this module is to match Bash's rules, we escape a leading {} + if (str.substr(0, 2) === '{}') { + str = '\\{\\}' + str.substr(2); + } + + return expand(escapeBraces(str), true).map(unescapeBraces); +} + +function embrace(str) { + return '{' + str + '}'; +} +function isPadded(el) { + return /^-?0\d/.test(el); +} + +function lte(i, y) { + return i <= y; +} +function gte(i, y) { + return i >= y; +} + +function expand(str, isTop) { + var expansions = []; + + var m = balanced('{', '}', str); + if (!m) return [str]; + + // no need to expand pre, since it is guaranteed to be free of brace-sets + var pre = m.pre; + var post = m.post.length + ? expand(m.post, false) + : ['']; + + if (/\$$/.test(m.pre)) { + for (var k = 0; k < post.length; k++) { + var expansion = pre+ '{' + m.body + '}' + post[k]; + expansions.push(expansion); + } + } else { + var isNumericSequence = /^-?\d+\.\.-?\d+(?:\.\.-?\d+)?$/.test(m.body); + var isAlphaSequence = /^[a-zA-Z]\.\.[a-zA-Z](?:\.\.-?\d+)?$/.test(m.body); + var isSequence = isNumericSequence || isAlphaSequence; + var isOptions = m.body.indexOf(',') >= 0; + if (!isSequence && !isOptions) { + // {a},b} + if (m.post.match(/,.*\}/)) { + str = m.pre + '{' + m.body + escClose + m.post; + return expand(str); + } + return [str]; + } + + var n; + if (isSequence) { + n = m.body.split(/\.\./); + } else { + n = parseCommaParts(m.body); + if (n.length === 1) { + // x{{a,b}}y ==> x{a}y x{b}y + n = expand(n[0], false).map(embrace); + if (n.length === 1) { + return post.map(function(p) { + return m.pre + n[0] + p; + }); + } + } + } + + // at this point, n is the parts, and we know it's not a comma set + // with a single entry. + var N; + + if (isSequence) { + var x = numeric(n[0]); + var y = numeric(n[1]); + var width = Math.max(n[0].length, n[1].length) + var incr = n.length == 3 + ? Math.abs(numeric(n[2])) + : 1; + var test = lte; + var reverse = y < x; + if (reverse) { + incr *= -1; + test = gte; + } + var pad = n.some(isPadded); + + N = []; + + for (var i = x; test(i, y); i += incr) { + var c; + if (isAlphaSequence) { + c = String.fromCharCode(i); + if (c === '\\') + c = ''; + } else { + c = String(i); + if (pad) { + var need = width - c.length; + if (need > 0) { + var z = new Array(need + 1).join('0'); + if (i < 0) + c = '-' + z + c.slice(1); + else + c = z + c; + } + } + } + N.push(c); + } + } else { + N = []; + + for (var j = 0; j < n.length; j++) { + N.push.apply(N, expand(n[j], false)); + } + } + + for (var j = 0; j < N.length; j++) { + for (var k = 0; k < post.length; k++) { + var expansion = pre + N[j] + post[k]; + if (!isTop || isSequence || expansion) + expansions.push(expansion); + } + } + } + + return expansions; +} + diff --git a/node_modules/ignore-walk/node_modules/brace-expansion/package.json b/node_modules/ignore-walk/node_modules/brace-expansion/package.json new file mode 100644 index 0000000000000..7097d41e39de5 --- /dev/null +++ b/node_modules/ignore-walk/node_modules/brace-expansion/package.json @@ -0,0 +1,46 @@ +{ + "name": "brace-expansion", + "description": "Brace expansion as known from sh/bash", + "version": "2.0.1", + "repository": { + "type": "git", + "url": "git://github.com/juliangruber/brace-expansion.git" + }, + "homepage": "https://github.com/juliangruber/brace-expansion", + "main": "index.js", + "scripts": { + "test": "tape test/*.js", + "gentest": "bash test/generate.sh", + "bench": "matcha test/perf/bench.js" + }, + "dependencies": { + "balanced-match": "^1.0.0" + }, + "devDependencies": { + "@c4312/matcha": "^1.3.1", + "tape": "^4.6.0" + }, + "keywords": [], + "author": { + "name": "Julian Gruber", + "email": "mail@juliangruber.com", + "url": "http://juliangruber.com" + }, + "license": "MIT", + "testling": { + "files": "test/*.js", + "browsers": [ + "ie/8..latest", + "firefox/20..latest", + "firefox/nightly", + "chrome/25..latest", + "chrome/canary", + "opera/12..latest", + "opera/next", + "safari/5.1..latest", + "ipad/6.0..latest", + "iphone/6.0..latest", + "android-browser/4.2..latest" + ] + } +} diff --git a/node_modules/ignore-walk/node_modules/minimatch/LICENSE b/node_modules/ignore-walk/node_modules/minimatch/LICENSE new file mode 100644 index 0000000000000..9517b7d995bb0 --- /dev/null +++ b/node_modules/ignore-walk/node_modules/minimatch/LICENSE @@ -0,0 +1,15 @@ +The ISC License + +Copyright (c) 2011-2022 Isaac Z. Schlueter and Contributors + +Permission to use, copy, modify, and/or distribute this software for any +purpose with or without fee is hereby granted, provided that the above +copyright notice and this permission notice appear in all copies. + +THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR +IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. diff --git a/node_modules/ignore-walk/node_modules/minimatch/lib/path.js b/node_modules/ignore-walk/node_modules/minimatch/lib/path.js new file mode 100644 index 0000000000000..ffe453d9e0557 --- /dev/null +++ b/node_modules/ignore-walk/node_modules/minimatch/lib/path.js @@ -0,0 +1,4 @@ +const isWindows = typeof process === 'object' && + process && + process.platform === 'win32' +module.exports = isWindows ? { sep: '\\' } : { sep: '/' } diff --git a/node_modules/ignore-walk/node_modules/minimatch/minimatch.js b/node_modules/ignore-walk/node_modules/minimatch/minimatch.js new file mode 100644 index 0000000000000..f3b491dd1073e --- /dev/null +++ b/node_modules/ignore-walk/node_modules/minimatch/minimatch.js @@ -0,0 +1,901 @@ +const minimatch = module.exports = (p, pattern, options = {}) => { + assertValidPattern(pattern) + + // shortcut: comments match nothing. + if (!options.nocomment && pattern.charAt(0) === '#') { + return false + } + + return new Minimatch(pattern, options).match(p) +} + +module.exports = minimatch + +const path = require('./lib/path.js') +minimatch.sep = path.sep + +const GLOBSTAR = Symbol('globstar **') +minimatch.GLOBSTAR = GLOBSTAR +const expand = require('brace-expansion') + +const plTypes = { + '!': { open: '(?:(?!(?:', close: '))[^/]*?)'}, + '?': { open: '(?:', close: ')?' }, + '+': { open: '(?:', close: ')+' }, + '*': { open: '(?:', close: ')*' }, + '@': { open: '(?:', close: ')' } +} + +// any single thing other than / +// don't need to escape / when using new RegExp() +const qmark = '[^/]' + +// * => any number of characters +const star = qmark + '*?' + +// ** when dots are allowed. Anything goes, except .. and . +// not (^ or / followed by one or two dots followed by $ or /), +// followed by anything, any number of times. +const twoStarDot = '(?:(?!(?:\\\/|^)(?:\\.{1,2})($|\\\/)).)*?' + +// not a ^ or / followed by a dot, +// followed by anything, any number of times. +const twoStarNoDot = '(?:(?!(?:\\\/|^)\\.).)*?' + +// "abc" -> { a:true, b:true, c:true } +const charSet = s => s.split('').reduce((set, c) => { + set[c] = true + return set +}, {}) + +// characters that need to be escaped in RegExp. +const reSpecials = charSet('().*{}+?[]^$\\!') + +// characters that indicate we have to add the pattern start +const addPatternStartSet = charSet('[.(') + +// normalizes slashes. +const slashSplit = /\/+/ + +minimatch.filter = (pattern, options = {}) => + (p, i, list) => minimatch(p, pattern, options) + +const ext = (a, b = {}) => { + const t = {} + Object.keys(a).forEach(k => t[k] = a[k]) + Object.keys(b).forEach(k => t[k] = b[k]) + return t +} + +minimatch.defaults = def => { + if (!def || typeof def !== 'object' || !Object.keys(def).length) { + return minimatch + } + + const orig = minimatch + + const m = (p, pattern, options) => orig(p, pattern, ext(def, options)) + m.Minimatch = class Minimatch extends orig.Minimatch { + constructor (pattern, options) { + super(pattern, ext(def, options)) + } + } + m.Minimatch.defaults = options => orig.defaults(ext(def, options)).Minimatch + m.filter = (pattern, options) => orig.filter(pattern, ext(def, options)) + m.defaults = options => orig.defaults(ext(def, options)) + m.makeRe = (pattern, options) => orig.makeRe(pattern, ext(def, options)) + m.braceExpand = (pattern, options) => orig.braceExpand(pattern, ext(def, options)) + m.match = (list, pattern, options) => orig.match(list, pattern, ext(def, options)) + + return m +} + + + + + +// Brace expansion: +// a{b,c}d -> abd acd +// a{b,}c -> abc ac +// a{0..3}d -> a0d a1d a2d a3d +// a{b,c{d,e}f}g -> abg acdfg acefg +// a{b,c}d{e,f}g -> abdeg acdeg abdeg abdfg +// +// Invalid sets are not expanded. +// a{2..}b -> a{2..}b +// a{b}c -> a{b}c +minimatch.braceExpand = (pattern, options) => braceExpand(pattern, options) + +const braceExpand = (pattern, options = {}) => { + assertValidPattern(pattern) + + // Thanks to Yeting Li for + // improving this regexp to avoid a ReDOS vulnerability. + if (options.nobrace || !/\{(?:(?!\{).)*\}/.test(pattern)) { + // shortcut. no need to expand. + return [pattern] + } + + return expand(pattern) +} + +const MAX_PATTERN_LENGTH = 1024 * 64 +const assertValidPattern = pattern => { + if (typeof pattern !== 'string') { + throw new TypeError('invalid pattern') + } + + if (pattern.length > MAX_PATTERN_LENGTH) { + throw new TypeError('pattern is too long') + } +} + +// parse a component of the expanded set. +// At this point, no pattern may contain "/" in it +// so we're going to return a 2d array, where each entry is the full +// pattern, split on '/', and then turned into a regular expression. +// A regexp is made at the end which joins each array with an +// escaped /, and another full one which joins each regexp with |. +// +// Following the lead of Bash 4.1, note that "**" only has special meaning +// when it is the *only* thing in a path portion. Otherwise, any series +// of * is equivalent to a single *. Globstar behavior is enabled by +// default, and can be disabled by setting options.noglobstar. +const SUBPARSE = Symbol('subparse') + +minimatch.makeRe = (pattern, options) => + new Minimatch(pattern, options || {}).makeRe() + +minimatch.match = (list, pattern, options = {}) => { + const mm = new Minimatch(pattern, options) + list = list.filter(f => mm.match(f)) + if (mm.options.nonull && !list.length) { + list.push(pattern) + } + return list +} + +// replace stuff like \* with * +const globUnescape = s => s.replace(/\\(.)/g, '$1') +const regExpEscape = s => s.replace(/[-[\]{}()*+?.,\\^$|#\s]/g, '\\$&') + +class Minimatch { + constructor (pattern, options) { + assertValidPattern(pattern) + + if (!options) options = {} + + this.options = options + this.set = [] + this.pattern = pattern + this.regexp = null + this.negate = false + this.comment = false + this.empty = false + this.partial = !!options.partial + + // make the set of regexps etc. + this.make() + } + + debug () {} + + make () { + const pattern = this.pattern + const options = this.options + + // empty patterns and comments match nothing. + if (!options.nocomment && pattern.charAt(0) === '#') { + this.comment = true + return + } + if (!pattern) { + this.empty = true + return + } + + // step 1: figure out negation, etc. + this.parseNegate() + + // step 2: expand braces + let set = this.globSet = this.braceExpand() + + if (options.debug) this.debug = (...args) => console.error(...args) + + this.debug(this.pattern, set) + + // step 3: now we have a set, so turn each one into a series of path-portion + // matching patterns. + // These will be regexps, except in the case of "**", which is + // set to the GLOBSTAR object for globstar behavior, + // and will not contain any / characters + set = this.globParts = set.map(s => s.split(slashSplit)) + + this.debug(this.pattern, set) + + // glob --> regexps + set = set.map((s, si, set) => s.map(this.parse, this)) + + this.debug(this.pattern, set) + + // filter out everything that didn't compile properly. + set = set.filter(s => s.indexOf(false) === -1) + + this.debug(this.pattern, set) + + this.set = set + } + + parseNegate () { + if (this.options.nonegate) return + + const pattern = this.pattern + let negate = false + let negateOffset = 0 + + for (let i = 0; i < pattern.length && pattern.charAt(i) === '!'; i++) { + negate = !negate + negateOffset++ + } + + if (negateOffset) this.pattern = pattern.substr(negateOffset) + this.negate = negate + } + + // set partial to true to test if, for example, + // "/a/b" matches the start of "/*/b/*/d" + // Partial means, if you run out of file before you run + // out of pattern, then that's fine, as long as all + // the parts match. + matchOne (file, pattern, partial) { + var options = this.options + + this.debug('matchOne', + { 'this': this, file: file, pattern: pattern }) + + this.debug('matchOne', file.length, pattern.length) + + for (var fi = 0, + pi = 0, + fl = file.length, + pl = pattern.length + ; (fi < fl) && (pi < pl) + ; fi++, pi++) { + this.debug('matchOne loop') + var p = pattern[pi] + var f = file[fi] + + this.debug(pattern, p, f) + + // should be impossible. + // some invalid regexp stuff in the set. + /* istanbul ignore if */ + if (p === false) return false + + if (p === GLOBSTAR) { + this.debug('GLOBSTAR', [pattern, p, f]) + + // "**" + // a/**/b/**/c would match the following: + // a/b/x/y/z/c + // a/x/y/z/b/c + // a/b/x/b/x/c + // a/b/c + // To do this, take the rest of the pattern after + // the **, and see if it would match the file remainder. + // If so, return success. + // If not, the ** "swallows" a segment, and try again. + // This is recursively awful. + // + // a/**/b/**/c matching a/b/x/y/z/c + // - a matches a + // - doublestar + // - matchOne(b/x/y/z/c, b/**/c) + // - b matches b + // - doublestar + // - matchOne(x/y/z/c, c) -> no + // - matchOne(y/z/c, c) -> no + // - matchOne(z/c, c) -> no + // - matchOne(c, c) yes, hit + var fr = fi + var pr = pi + 1 + if (pr === pl) { + this.debug('** at the end') + // a ** at the end will just swallow the rest. + // We have found a match. + // however, it will not swallow /.x, unless + // options.dot is set. + // . and .. are *never* matched by **, for explosively + // exponential reasons. + for (; fi < fl; fi++) { + if (file[fi] === '.' || file[fi] === '..' || + (!options.dot && file[fi].charAt(0) === '.')) return false + } + return true + } + + // ok, let's see if we can swallow whatever we can. + while (fr < fl) { + var swallowee = file[fr] + + this.debug('\nglobstar while', file, fr, pattern, pr, swallowee) + + // XXX remove this slice. Just pass the start index. + if (this.matchOne(file.slice(fr), pattern.slice(pr), partial)) { + this.debug('globstar found match!', fr, fl, swallowee) + // found a match. + return true + } else { + // can't swallow "." or ".." ever. + // can only swallow ".foo" when explicitly asked. + if (swallowee === '.' || swallowee === '..' || + (!options.dot && swallowee.charAt(0) === '.')) { + this.debug('dot detected!', file, fr, pattern, pr) + break + } + + // ** swallows a segment, and continue. + this.debug('globstar swallow a segment, and continue') + fr++ + } + } + + // no match was found. + // However, in partial mode, we can't say this is necessarily over. + // If there's more *pattern* left, then + /* istanbul ignore if */ + if (partial) { + // ran out of file + this.debug('\n>>> no match, partial?', file, fr, pattern, pr) + if (fr === fl) return true + } + return false + } + + // something other than ** + // non-magic patterns just have to match exactly + // patterns with magic have been turned into regexps. + var hit + if (typeof p === 'string') { + hit = f === p + this.debug('string match', p, f, hit) + } else { + hit = f.match(p) + this.debug('pattern match', p, f, hit) + } + + if (!hit) return false + } + + // Note: ending in / means that we'll get a final "" + // at the end of the pattern. This can only match a + // corresponding "" at the end of the file. + // If the file ends in /, then it can only match a + // a pattern that ends in /, unless the pattern just + // doesn't have any more for it. But, a/b/ should *not* + // match "a/b/*", even though "" matches against the + // [^/]*? pattern, except in partial mode, where it might + // simply not be reached yet. + // However, a/b/ should still satisfy a/* + + // now either we fell off the end of the pattern, or we're done. + if (fi === fl && pi === pl) { + // ran out of pattern and filename at the same time. + // an exact hit! + return true + } else if (fi === fl) { + // ran out of file, but still had pattern left. + // this is ok if we're doing the match as part of + // a glob fs traversal. + return partial + } else /* istanbul ignore else */ if (pi === pl) { + // ran out of pattern, still have file left. + // this is only acceptable if we're on the very last + // empty segment of a file with a trailing slash. + // a/* should match a/b/ + return (fi === fl - 1) && (file[fi] === '') + } + + // should be unreachable. + /* istanbul ignore next */ + throw new Error('wtf?') + } + + braceExpand () { + return braceExpand(this.pattern, this.options) + } + + parse (pattern, isSub) { + assertValidPattern(pattern) + + const options = this.options + + // shortcuts + if (pattern === '**') { + if (!options.noglobstar) + return GLOBSTAR + else + pattern = '*' + } + if (pattern === '') return '' + + let re = '' + let hasMagic = !!options.nocase + let escaping = false + // ? => one single character + const patternListStack = [] + const negativeLists = [] + let stateChar + let inClass = false + let reClassStart = -1 + let classStart = -1 + let cs + let pl + let sp + // . and .. never match anything that doesn't start with ., + // even when options.dot is set. + const patternStart = pattern.charAt(0) === '.' ? '' // anything + // not (start or / followed by . or .. followed by / or end) + : options.dot ? '(?!(?:^|\\\/)\\.{1,2}(?:$|\\\/))' + : '(?!\\.)' + + const clearStateChar = () => { + if (stateChar) { + // we had some state-tracking character + // that wasn't consumed by this pass. + switch (stateChar) { + case '*': + re += star + hasMagic = true + break + case '?': + re += qmark + hasMagic = true + break + default: + re += '\\' + stateChar + break + } + this.debug('clearStateChar %j %j', stateChar, re) + stateChar = false + } + } + + for (let i = 0, c; (i < pattern.length) && (c = pattern.charAt(i)); i++) { + this.debug('%s\t%s %s %j', pattern, i, re, c) + + // skip over any that are escaped. + if (escaping) { + /* istanbul ignore next - completely not allowed, even escaped. */ + if (c === '/') { + return false + } + + if (reSpecials[c]) { + re += '\\' + } + re += c + escaping = false + continue + } + + switch (c) { + /* istanbul ignore next */ + case '/': { + // Should already be path-split by now. + return false + } + + case '\\': + clearStateChar() + escaping = true + continue + + // the various stateChar values + // for the "extglob" stuff. + case '?': + case '*': + case '+': + case '@': + case '!': + this.debug('%s\t%s %s %j <-- stateChar', pattern, i, re, c) + + // all of those are literals inside a class, except that + // the glob [!a] means [^a] in regexp + if (inClass) { + this.debug(' in class') + if (c === '!' && i === classStart + 1) c = '^' + re += c + continue + } + + // if we already have a stateChar, then it means + // that there was something like ** or +? in there. + // Handle the stateChar, then proceed with this one. + this.debug('call clearStateChar %j', stateChar) + clearStateChar() + stateChar = c + // if extglob is disabled, then +(asdf|foo) isn't a thing. + // just clear the statechar *now*, rather than even diving into + // the patternList stuff. + if (options.noext) clearStateChar() + continue + + case '(': + if (inClass) { + re += '(' + continue + } + + if (!stateChar) { + re += '\\(' + continue + } + + patternListStack.push({ + type: stateChar, + start: i - 1, + reStart: re.length, + open: plTypes[stateChar].open, + close: plTypes[stateChar].close + }) + // negation is (?:(?!js)[^/]*) + re += stateChar === '!' ? '(?:(?!(?:' : '(?:' + this.debug('plType %j %j', stateChar, re) + stateChar = false + continue + + case ')': + if (inClass || !patternListStack.length) { + re += '\\)' + continue + } + + clearStateChar() + hasMagic = true + pl = patternListStack.pop() + // negation is (?:(?!js)[^/]*) + // The others are (?:) + re += pl.close + if (pl.type === '!') { + negativeLists.push(pl) + } + pl.reEnd = re.length + continue + + case '|': + if (inClass || !patternListStack.length) { + re += '\\|' + continue + } + + clearStateChar() + re += '|' + continue + + // these are mostly the same in regexp and glob + case '[': + // swallow any state-tracking char before the [ + clearStateChar() + + if (inClass) { + re += '\\' + c + continue + } + + inClass = true + classStart = i + reClassStart = re.length + re += c + continue + + case ']': + // a right bracket shall lose its special + // meaning and represent itself in + // a bracket expression if it occurs + // first in the list. -- POSIX.2 2.8.3.2 + if (i === classStart + 1 || !inClass) { + re += '\\' + c + continue + } + + // handle the case where we left a class open. + // "[z-a]" is valid, equivalent to "\[z-a\]" + // split where the last [ was, make sure we don't have + // an invalid re. if so, re-walk the contents of the + // would-be class to re-translate any characters that + // were passed through as-is + // TODO: It would probably be faster to determine this + // without a try/catch and a new RegExp, but it's tricky + // to do safely. For now, this is safe and works. + cs = pattern.substring(classStart + 1, i) + try { + RegExp('[' + cs + ']') + } catch (er) { + // not a valid class! + sp = this.parse(cs, SUBPARSE) + re = re.substr(0, reClassStart) + '\\[' + sp[0] + '\\]' + hasMagic = hasMagic || sp[1] + inClass = false + continue + } + + // finish up the class. + hasMagic = true + inClass = false + re += c + continue + + default: + // swallow any state char that wasn't consumed + clearStateChar() + + if (reSpecials[c] && !(c === '^' && inClass)) { + re += '\\' + } + + re += c + break + + } // switch + } // for + + // handle the case where we left a class open. + // "[abc" is valid, equivalent to "\[abc" + if (inClass) { + // split where the last [ was, and escape it + // this is a huge pita. We now have to re-walk + // the contents of the would-be class to re-translate + // any characters that were passed through as-is + cs = pattern.substr(classStart + 1) + sp = this.parse(cs, SUBPARSE) + re = re.substr(0, reClassStart) + '\\[' + sp[0] + hasMagic = hasMagic || sp[1] + } + + // handle the case where we had a +( thing at the *end* + // of the pattern. + // each pattern list stack adds 3 chars, and we need to go through + // and escape any | chars that were passed through as-is for the regexp. + // Go through and escape them, taking care not to double-escape any + // | chars that were already escaped. + for (pl = patternListStack.pop(); pl; pl = patternListStack.pop()) { + let tail + tail = re.slice(pl.reStart + pl.open.length) + this.debug('setting tail', re, pl) + // maybe some even number of \, then maybe 1 \, followed by a | + tail = tail.replace(/((?:\\{2}){0,64})(\\?)\|/g, (_, $1, $2) => { + /* istanbul ignore else - should already be done */ + if (!$2) { + // the | isn't already escaped, so escape it. + $2 = '\\' + } + + // need to escape all those slashes *again*, without escaping the + // one that we need for escaping the | character. As it works out, + // escaping an even number of slashes can be done by simply repeating + // it exactly after itself. That's why this trick works. + // + // I am sorry that you have to see this. + return $1 + $1 + $2 + '|' + }) + + this.debug('tail=%j\n %s', tail, tail, pl, re) + const t = pl.type === '*' ? star + : pl.type === '?' ? qmark + : '\\' + pl.type + + hasMagic = true + re = re.slice(0, pl.reStart) + t + '\\(' + tail + } + + // handle trailing things that only matter at the very end. + clearStateChar() + if (escaping) { + // trailing \\ + re += '\\\\' + } + + // only need to apply the nodot start if the re starts with + // something that could conceivably capture a dot + const addPatternStart = addPatternStartSet[re.charAt(0)] + + // Hack to work around lack of negative lookbehind in JS + // A pattern like: *.!(x).!(y|z) needs to ensure that a name + // like 'a.xyz.yz' doesn't match. So, the first negative + // lookahead, has to look ALL the way ahead, to the end of + // the pattern. + for (let n = negativeLists.length - 1; n > -1; n--) { + const nl = negativeLists[n] + + const nlBefore = re.slice(0, nl.reStart) + const nlFirst = re.slice(nl.reStart, nl.reEnd - 8) + let nlAfter = re.slice(nl.reEnd) + const nlLast = re.slice(nl.reEnd - 8, nl.reEnd) + nlAfter + + // Handle nested stuff like *(*.js|!(*.json)), where open parens + // mean that we should *not* include the ) in the bit that is considered + // "after" the negated section. + const openParensBefore = nlBefore.split('(').length - 1 + let cleanAfter = nlAfter + for (let i = 0; i < openParensBefore; i++) { + cleanAfter = cleanAfter.replace(/\)[+*?]?/, '') + } + nlAfter = cleanAfter + + const dollar = nlAfter === '' && isSub !== SUBPARSE ? '$' : '' + re = nlBefore + nlFirst + nlAfter + dollar + nlLast + } + + // if the re is not "" at this point, then we need to make sure + // it doesn't match against an empty path part. + // Otherwise a/* will match a/, which it should not. + if (re !== '' && hasMagic) { + re = '(?=.)' + re + } + + if (addPatternStart) { + re = patternStart + re + } + + // parsing just a piece of a larger pattern. + if (isSub === SUBPARSE) { + return [re, hasMagic] + } + + // skip the regexp for non-magical patterns + // unescape anything in it, though, so that it'll be + // an exact match against a file etc. + if (!hasMagic) { + return globUnescape(pattern) + } + + const flags = options.nocase ? 'i' : '' + try { + return Object.assign(new RegExp('^' + re + '$', flags), { + _glob: pattern, + _src: re, + }) + } catch (er) /* istanbul ignore next - should be impossible */ { + // If it was an invalid regular expression, then it can't match + // anything. This trick looks for a character after the end of + // the string, which is of course impossible, except in multi-line + // mode, but it's not a /m regex. + return new RegExp('$.') + } + } + + makeRe () { + if (this.regexp || this.regexp === false) return this.regexp + + // at this point, this.set is a 2d array of partial + // pattern strings, or "**". + // + // It's better to use .match(). This function shouldn't + // be used, really, but it's pretty convenient sometimes, + // when you just want to work with a regex. + const set = this.set + + if (!set.length) { + this.regexp = false + return this.regexp + } + const options = this.options + + const twoStar = options.noglobstar ? star + : options.dot ? twoStarDot + : twoStarNoDot + const flags = options.nocase ? 'i' : '' + + // coalesce globstars and regexpify non-globstar patterns + // if it's the only item, then we just do one twoStar + // if it's the first, and there are more, prepend (\/|twoStar\/)? to next + // if it's the last, append (\/twoStar|) to previous + // if it's in the middle, append (\/|\/twoStar\/) to previous + // then filter out GLOBSTAR symbols + let re = set.map(pattern => { + pattern = pattern.map(p => + typeof p === 'string' ? regExpEscape(p) + : p === GLOBSTAR ? GLOBSTAR + : p._src + ).reduce((set, p) => { + if (!(set[set.length - 1] === GLOBSTAR && p === GLOBSTAR)) { + set.push(p) + } + return set + }, []) + pattern.forEach((p, i) => { + if (p !== GLOBSTAR || pattern[i-1] === GLOBSTAR) { + return + } + if (i === 0) { + if (pattern.length > 1) { + pattern[i+1] = '(?:\\\/|' + twoStar + '\\\/)?' + pattern[i+1] + } else { + pattern[i] = twoStar + } + } else if (i === pattern.length - 1) { + pattern[i-1] += '(?:\\\/|' + twoStar + ')?' + } else { + pattern[i-1] += '(?:\\\/|\\\/' + twoStar + '\\\/)' + pattern[i+1] + pattern[i+1] = GLOBSTAR + } + }) + return pattern.filter(p => p !== GLOBSTAR).join('/') + }).join('|') + + // must match entire pattern + // ending in a * or ** will make it less strict. + re = '^(?:' + re + ')$' + + // can match anything, as long as it's not this. + if (this.negate) re = '^(?!' + re + ').*$' + + try { + this.regexp = new RegExp(re, flags) + } catch (ex) /* istanbul ignore next - should be impossible */ { + this.regexp = false + } + return this.regexp + } + + match (f, partial = this.partial) { + this.debug('match', f, this.pattern) + // short-circuit in the case of busted things. + // comments, etc. + if (this.comment) return false + if (this.empty) return f === '' + + if (f === '/' && partial) return true + + const options = this.options + + // windows: need to use /, not \ + if (path.sep !== '/') { + f = f.split(path.sep).join('/') + } + + // treat the test path as a set of pathparts. + f = f.split(slashSplit) + this.debug(this.pattern, 'split', f) + + // just ONE of the pattern sets in this.set needs to match + // in order for it to be valid. If negating, then just one + // match means that we have failed. + // Either way, return on the first hit. + + const set = this.set + this.debug(this.pattern, 'set', set) + + // Find the basename of the path by looking for the last non-empty segment + let filename + for (let i = f.length - 1; i >= 0; i--) { + filename = f[i] + if (filename) break + } + + for (let i = 0; i < set.length; i++) { + const pattern = set[i] + let file = f + if (options.matchBase && pattern.length === 1) { + file = [filename] + } + const hit = this.matchOne(file, pattern, partial) + if (hit) { + if (options.flipNegate) return true + return !this.negate + } + } + + // didn't get any hits. this is success if it's a negative + // pattern, failure otherwise. + if (options.flipNegate) return false + return this.negate + } + + static defaults (def) { + return minimatch.defaults(def).Minimatch + } +} + +minimatch.Minimatch = Minimatch diff --git a/node_modules/ignore-walk/node_modules/minimatch/package.json b/node_modules/ignore-walk/node_modules/minimatch/package.json new file mode 100644 index 0000000000000..2cc856968c0b2 --- /dev/null +++ b/node_modules/ignore-walk/node_modules/minimatch/package.json @@ -0,0 +1,32 @@ +{ + "author": "Isaac Z. Schlueter (http://blog.izs.me)", + "name": "minimatch", + "description": "a glob matcher in javascript", + "version": "5.0.1", + "repository": { + "type": "git", + "url": "git://github.com/isaacs/minimatch.git" + }, + "main": "minimatch.js", + "scripts": { + "test": "tap", + "snap": "tap", + "preversion": "npm test", + "postversion": "npm publish", + "prepublishOnly": "git push origin --follow-tags" + }, + "engines": { + "node": ">=10" + }, + "dependencies": { + "brace-expansion": "^2.0.1" + }, + "devDependencies": { + "tap": "^15.1.6" + }, + "license": "ISC", + "files": [ + "minimatch.js", + "lib" + ] +} diff --git a/node_modules/ignore-walk/package.json b/node_modules/ignore-walk/package.json index ec6923d19aae9..1bf96eb211bbc 100644 --- a/node_modules/ignore-walk/package.json +++ b/node_modules/ignore-walk/package.json @@ -1,26 +1,31 @@ { "name": "ignore-walk", - "version": "4.0.1", + "version": "5.0.1", "description": "Nested/recursive `.gitignore`/`.npmignore` parsing and filtering.", - "main": "index.js", + "main": "lib/index.js", "devDependencies": { - "@npmcli/lint": "^1.0.2", - "mkdirp": "^0.5.1", - "mutate-fs": "^1.1.0", - "rimraf": "^2.6.1", - "tap": "^15.0.6" + "@npmcli/eslint-config": "^3.0.1", + "@npmcli/template-oss": "3.2.2", + "mkdirp": "^1.0.4", + "mutate-fs": "^2.1.1", + "rimraf": "^3.0.2", + "tap": "^16.0.1" }, "scripts": { "test": "tap", - "posttest": "npm run lint --", - "lint": "npm run npmclilint -- \"*.*js\" \"test/**/*.*js\"", + "posttest": "npm run lint", + "lint": "eslint \"**/*.js\"", "eslint": "eslint", "lintfix": "npm run lint -- --fix", "preversion": "npm test", "postversion": "npm publish", "postpublish": "git push origin --follow-tags", "npmclilint": "npmcli-lint", - "postsnap": "npm run lintfix --" + "postsnap": "npm run lintfix --", + "postlint": "template-oss-check", + "template-oss-apply": "template-oss-apply --force", + "prepublishOnly": "git push origin --follow-tags", + "snap": "tap" }, "keywords": [ "ignorefile", @@ -30,17 +35,18 @@ ".npmignore", "glob" ], - "author": "Isaac Z. Schlueter (http://blog.izs.me/)", + "author": "GitHub Inc.", "license": "ISC", "repository": { "type": "git", - "url": "git+https://github.com/isaacs/ignore-walk.git" + "url": "https://github.com/npm/ignore-walk.git" }, "files": [ - "index.js" + "bin/", + "lib/" ], "dependencies": { - "minimatch": "^3.0.4" + "minimatch": "^5.0.1" }, "tap": { "test-env": "LC_ALL=sk", @@ -49,6 +55,11 @@ "jobs": 1 }, "engines": { - "node": ">=10" + "node": "^12.13.0 || ^14.15.0 || >=16.0.0" + }, + "templateOSS": { + "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.", + "version": "3.2.2", + "windowsCI": false } } diff --git a/node_modules/npm-packlist/bin/index.js b/node_modules/npm-packlist/bin/index.js index a42f5b74ce80e..48a6b879aa823 100755 --- a/node_modules/npm-packlist/bin/index.js +++ b/node_modules/npm-packlist/bin/index.js @@ -1,4 +1,7 @@ #!/usr/bin/env node +'use strict' + +const packlist = require('../') const dirs = [] let doSort = false @@ -15,12 +18,22 @@ process.argv.slice(2).forEach(arg => { const sort = list => doSort ? list.sort((a, b) => a.localeCompare(b, 'en')) : list -const packlist = require('../') -if (!dirs.length) { - console.log(sort(packlist.sync({ path: process.cwd() })).join('\n')) -} else { - dirs.forEach(path => { - console.log(`> ${path}`) - console.log(sort(packlist.sync({ path })).join('\n')) - }) +const main = async () => { + if (!dirs.length) { + const results = await packlist({ path: process.cwd() }) + console.log(sort(results).join('\n')) + } else { + for (const dir of dirs) { + console.group(`> ${dir}`) + const results = await packlist({ path: dir }) + console.log(sort(results).join('\n')) + console.groupEnd() + } + } } + +// coverage disabled for catch handler because we don't need to test that +main().catch(/* istanbul ignore next */(err) => { + process.exitCode = 1 + console.error(err.stack) +}) diff --git a/node_modules/npm-packlist/lib/index.js b/node_modules/npm-packlist/lib/index.js index 1b67e4e71e04d..30d99dc873f26 100644 --- a/node_modules/npm-packlist/lib/index.js +++ b/node_modules/npm-packlist/lib/index.js @@ -7,11 +7,9 @@ const bundleWalk = require('npm-bundled') const BundleWalker = bundleWalk.BundleWalker -const BundleWalkerSync = bundleWalk.BundleWalkerSync const ignoreWalk = require('ignore-walk') const IgnoreWalker = ignoreWalk.Walker -const IgnoreWalkerSync = ignoreWalk.WalkerSync const rootBuiltinRules = Symbol('root-builtin-rules') const packageNecessaryRules = Symbol('package-necessary-rules') @@ -34,6 +32,24 @@ const packageMustHavesRE = new RegExp(`^(${packageMustHaveFileNames})(\\..*[^~$] const fs = require('fs') const glob = require('glob') +const pathHasPkg = (input) => { + if (!input.startsWith('node_modules/')) { + return false + } + + const segments = input.slice('node_modules/'.length).split('/', 2) + return segments[0].startsWith('@') + ? segments.length === 2 + : true +} + +const pkgFromPath = (input) => { + const segments = input.slice('node_modules/'.length).split('/', 2) + return segments[0].startsWith('@') + ? segments.join('/') + : segments[0] +} + const defaultRules = [ '.npmignore', '.gitignore', @@ -65,8 +81,7 @@ const defaultRules = [ // There may be others, but :?|<> are handled by node-tar const nameIsBadForWindows = file => /\*/.test(file) -// a decorator that applies our custom rules to an ignore walker -const npmWalker = Class => class Walker extends Class { +class Walker extends IgnoreWalker { constructor (opt) { opt = opt || {} @@ -90,7 +105,7 @@ const npmWalker = Class => class Walker extends Class { // hierarchy (ie, not in test/foo/node_modules/ or something). const followRe = /^(?:\/node_modules\/(?:@[^/]+\/[^/]+|[^/]+)\/)*\/node_modules(?:\/@[^/]+)?$/ const rootPath = opt.parent ? opt.parent.root : opt.path - const followTestPath = opt.path.replace(/\\/g, '/').substr(rootPath.length) + const followTestPath = opt.path.replace(/\\/g, '/').slice(rootPath.length) opt.follow = followRe.test(followTestPath) super(opt) @@ -224,7 +239,7 @@ const npmWalker = Class => class Walker extends Class { const patterns = Array.from(new Set(pkg.files)).reduce((set, pattern) => { const excl = pattern.match(/^!+/) if (excl) { - pattern = pattern.substr(excl[0].length) + pattern = pattern.slice(excl[0].length) } // strip off any / from the start of the pattern. /foo => foo pattern = pattern.replace(/^\/+/, '') @@ -248,8 +263,8 @@ const npmWalker = Class => class Walker extends Class { processResults(results) } } - const processResults = results => { - for (const { negate, fileList } of results) { + const processResults = processed => { + for (const { negate, fileList } of processed) { if (negate) { fileList.forEach(f => { f = f.replace(/\/+$/, '') @@ -283,11 +298,11 @@ const npmWalker = Class => class Walker extends Class { filterEntry (entry, partial) { // get the partial path from the root of the walk - const p = this.path.substr(this.root.length + 1) - const pkgre = /^node_modules\/(@[^/]+\/?[^/]+|[^/]+)(\/.*)?$/ + const p = this.path.slice(this.root.length + 1) const { isProject } = this - const pkg = isProject && pkgre.test(entry) ? - entry.replace(pkgre, '$1') : null + const pkg = isProject && pathHasPkg(entry) + ? pkgFromPath(entry) + : null const rootNM = isProject && entry === 'node_modules' const rootPJ = isProject && entry === 'package.json' @@ -399,11 +414,19 @@ const npmWalker = Class => class Walker extends Class { } sort (a, b) { - return sort(a, b) + // optimize for compressibility + // extname, then basename, then locale alphabetically + // https://twitter.com/isntitvacant/status/1131094910923231232 + const exta = path.extname(a).toLowerCase() + const extb = path.extname(b).toLowerCase() + const basea = path.basename(a).toLowerCase() + const baseb = path.basename(b).toLowerCase() + + return exta.localeCompare(extb, 'en') || + basea.localeCompare(baseb, 'en') || + a.localeCompare(b, 'en') } -} -class Walker extends npmWalker(IgnoreWalker) { globFiles (pattern, cb) { glob(pattern, { dot: true, cwd: this.path, nocase: true }, cb) } @@ -418,26 +441,6 @@ class Walker extends npmWalker(IgnoreWalker) { } } -class WalkerSync extends npmWalker(IgnoreWalkerSync) { - globFiles (pattern, cb) { - cb(null, glob.sync(pattern, { dot: true, cwd: this.path, nocase: true })) - } - - readPackageJson (entries) { - const p = this.path + '/package.json' - try { - this.onReadPackageJson(entries, null, fs.readFileSync(p)) - } catch (er) { - this.onReadPackageJson(entries, er) - } - } - - walker (entry, opt, then) { - new WalkerSync(this.walkerOpt(entry, opt)).start() - then() - } -} - const walk = (options, callback) => { options = options || {} const p = new Promise((resolve, reject) => { @@ -452,31 +455,5 @@ const walk = (options, callback) => { return callback ? p.then(res => callback(null, res), callback) : p } -const walkSync = options => { - options = options || {} - const bw = new BundleWalkerSync(options).start() - options.bundled = bw.result - options.packageJsonCache = bw.packageJsonCache - const walker = new WalkerSync(options) - walker.start() - return walker.result -} - -// optimize for compressibility -// extname, then basename, then locale alphabetically -// https://twitter.com/isntitvacant/status/1131094910923231232 -const sort = (a, b) => { - const exta = path.extname(a).toLowerCase() - const extb = path.extname(b).toLowerCase() - const basea = path.basename(a).toLowerCase() - const baseb = path.basename(b).toLowerCase() - - return exta.localeCompare(extb, 'en') || - basea.localeCompare(baseb, 'en') || - a.localeCompare(b, 'en') -} - module.exports = walk -walk.sync = walkSync walk.Walker = Walker -walk.WalkerSync = WalkerSync diff --git a/node_modules/npm-packlist/package.json b/node_modules/npm-packlist/package.json index ab270f60713b6..632524d789ca8 100644 --- a/node_modules/npm-packlist/package.json +++ b/node_modules/npm-packlist/package.json @@ -1,6 +1,6 @@ { "name": "npm-packlist", - "version": "4.0.0", + "version": "5.0.0", "description": "Get a list of the files to add from a folder into an npm package", "directories": { "test": "test" @@ -8,20 +8,21 @@ "main": "lib", "dependencies": { "glob": "^7.2.0", - "ignore-walk": "^4.0.1", + "ignore-walk": "^5.0.1", "npm-bundled": "^1.1.2", "npm-normalize-package-bin": "^1.0.1" }, "author": "GitHub Inc.", "license": "ISC", "files": [ - "bin", - "lib" + "bin/", + "lib/" ], "devDependencies": { - "@npmcli/template-oss": "^2.9.2", + "@npmcli/eslint-config": "^3.0.1", + "@npmcli/template-oss": "3.2.2", "mutate-fs": "^2.1.1", - "tap": "^15.1.6" + "tap": "^16.0.1" }, "scripts": { "test": "tap", @@ -32,33 +33,29 @@ "postversion": "npm publish", "prepublishOnly": "git push origin --follow-tags", "eslint": "eslint", - "lint": "eslint '**/*.js'", + "lint": "eslint \"**/*.js\"", "lintfix": "npm run lint -- --fix", "npmclilint": "npmcli-lint", - "postlint": "npm-template-check", - "template-copy": "npm-template-copy --force" + "postlint": "template-oss-check", + "template-oss-apply": "template-oss-apply --force" }, "repository": { "type": "git", - "url": "git+https://github.com/npm/npm-packlist.git" + "url": "https://github.com/npm/npm-packlist.git" }, "tap": { "test-env": [ "LC_ALL=sk" - ], - "check-coverage": true, - "nyc-arg": [ - "--include=index.js", - "--include=bin/index.js" ] }, "bin": { "npm-packlist": "bin/index.js" }, "engines": { - "node": "^12.13.0 || ^14.15.0 || >=16" + "node": "^12.13.0 || ^14.15.0 || >=16.0.0" }, "templateOSS": { - "version": "2.9.2" + "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.", + "version": "3.2.2" } } diff --git a/node_modules/pacote/lib/bin.js b/node_modules/pacote/lib/bin.js index 369304adaa879..4a1f911e42bc5 100755 --- a/node_modules/pacote/lib/bin.js +++ b/node_modules/pacote/lib/bin.js @@ -110,7 +110,7 @@ const parseArg = arg => { const k = split.shift() const v = split.join('=') const no = /^no-/.test(k) && !v - const key = (no ? k.substr(3) : k) + const key = (no ? k.slice(3) : k) .replace(/^tag$/, 'defaultTag') .replace(/-([a-z])/g, (_, c) => c.toUpperCase()) const value = v ? v.replace(/^~/, process.env.HOME) : !no diff --git a/node_modules/pacote/lib/fetcher.js b/node_modules/pacote/lib/fetcher.js index 78b13a9637c4f..65e97e205204e 100644 --- a/node_modules/pacote/lib/fetcher.js +++ b/node_modules/pacote/lib/fetcher.js @@ -105,6 +105,9 @@ class FetcherBase { this[_readPackageJson] = readPackageJsonFast } + // config values: npmjs (default), never + this.replaceRegistryHost = opts.replaceRegistryHost === 'never' ? 'never' : 'npmjs' + this.defaultTag = opts.defaultTag || 'latest' this.registry = removeTrailingSlashes(opts.registry || 'https://registry.npmjs.org') @@ -325,18 +328,18 @@ class FetcherBase { } return this.resolve().then(() => retry(tryAgain => streamHandler(this[_istream](this[_tarballFromResolved]())) - .catch(er => { + .catch(streamErr => { // Most likely data integrity. A cache ENOENT error is unlikely // here, since we're definitely not reading from the cache, but it // IS possible that the fetch subsystem accessed the cache, and the // entry got blown away or something. Try one more time to be sure. - if (this.isRetriableError(er)) { + if (this.isRetriableError(streamErr)) { log.warn('tarball', `tarball data for ${ this.spec } (${this.integrity}) seems to be corrupted. Trying again.`) - return this.cleanupCached().then(() => tryAgain(er)) + return this.cleanupCached().then(() => tryAgain(streamErr)) } - throw er + throw streamErr }), { retries: 1, minTimeout: 0, maxTimeout: 0 })) } diff --git a/node_modules/pacote/lib/remote.js b/node_modules/pacote/lib/remote.js index 5cabfe4fcda44..3404ea9474944 100644 --- a/node_modules/pacote/lib/remote.js +++ b/node_modules/pacote/lib/remote.js @@ -13,7 +13,9 @@ class RemoteFetcher extends Fetcher { constructor (spec, opts) { super(spec, opts) this.resolved = this.spec.fetchSpec - if (magic.test(this.resolved) && !magic.test(this.registry + '/')) { + if (this.replaceRegistryHost === 'npmjs' + && magic.test(this.resolved) + && !magic.test(this.registry + '/')) { this.resolved = this.resolved.replace(magic, this.registry + '/') } diff --git a/node_modules/pacote/lib/util/trailing-slashes.js b/node_modules/pacote/lib/util/trailing-slashes.js index ff75dfd9c0fbc..c50cb6173b92e 100644 --- a/node_modules/pacote/lib/util/trailing-slashes.js +++ b/node_modules/pacote/lib/util/trailing-slashes.js @@ -2,7 +2,7 @@ const removeTrailingSlashes = (input) => { // in order to avoid regexp redos detection let output = input while (output.endsWith('/')) { - output = output.substr(0, output.length - 1) + output = output.slice(0, -1) } return output } diff --git a/node_modules/pacote/node_modules/ssri/LICENSE.md b/node_modules/pacote/node_modules/ssri/LICENSE.md new file mode 100644 index 0000000000000..e335388869f50 --- /dev/null +++ b/node_modules/pacote/node_modules/ssri/LICENSE.md @@ -0,0 +1,16 @@ +ISC License + +Copyright 2021 (c) npm, Inc. + +Permission to use, copy, modify, and/or distribute this software for +any purpose with or without fee is hereby granted, provided that the +above copyright notice and this permission notice appear in all copies. + +THE SOFTWARE IS PROVIDED "AS IS" AND THE COPYRIGHT HOLDER DISCLAIMS +ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE +COPYRIGHT HOLDER BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR +CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS +OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE +USE OR PERFORMANCE OF THIS SOFTWARE. diff --git a/node_modules/pacote/node_modules/ssri/lib/index.js b/node_modules/pacote/node_modules/ssri/lib/index.js new file mode 100644 index 0000000000000..e2732fd072b12 --- /dev/null +++ b/node_modules/pacote/node_modules/ssri/lib/index.js @@ -0,0 +1,499 @@ +'use strict' + +const crypto = require('crypto') +const MiniPass = require('minipass') + +const SPEC_ALGORITHMS = ['sha256', 'sha384', 'sha512'] + +// TODO: this should really be a hardcoded list of algorithms we support, +// rather than [a-z0-9]. +const BASE64_REGEX = /^[a-z0-9+/]+(?:=?=?)$/i +const SRI_REGEX = /^([a-z0-9]+)-([^?]+)([?\S*]*)$/ +const STRICT_SRI_REGEX = /^([a-z0-9]+)-([A-Za-z0-9+/=]{44,88})(\?[\x21-\x7E]*)?$/ +const VCHAR_REGEX = /^[\x21-\x7E]+$/ + +const defaultOpts = { + algorithms: ['sha512'], + error: false, + options: [], + pickAlgorithm: getPrioritizedHash, + sep: ' ', + single: false, + strict: false, +} + +const ssriOpts = (opts = {}) => ({ ...defaultOpts, ...opts }) + +const getOptString = options => !options || !options.length + ? '' + : `?${options.join('?')}` + +const _onEnd = Symbol('_onEnd') +const _getOptions = Symbol('_getOptions') +class IntegrityStream extends MiniPass { + constructor (opts) { + super() + this.size = 0 + this.opts = opts + + // may be overridden later, but set now for class consistency + this[_getOptions]() + + // options used for calculating stream. can't be changed. + const { algorithms = defaultOpts.algorithms } = opts + this.algorithms = Array.from( + new Set(algorithms.concat(this.algorithm ? [this.algorithm] : [])) + ) + this.hashes = this.algorithms.map(crypto.createHash) + } + + [_getOptions] () { + const { + integrity, + size, + options, + } = { ...defaultOpts, ...this.opts } + + // For verification + this.sri = integrity ? parse(integrity, this.opts) : null + this.expectedSize = size + this.goodSri = this.sri ? !!Object.keys(this.sri).length : false + this.algorithm = this.goodSri ? this.sri.pickAlgorithm(this.opts) : null + this.digests = this.goodSri ? this.sri[this.algorithm] : null + this.optString = getOptString(options) + } + + emit (ev, data) { + if (ev === 'end') { + this[_onEnd]() + } + return super.emit(ev, data) + } + + write (data) { + this.size += data.length + this.hashes.forEach(h => h.update(data)) + return super.write(data) + } + + [_onEnd] () { + if (!this.goodSri) { + this[_getOptions]() + } + const newSri = parse(this.hashes.map((h, i) => { + return `${this.algorithms[i]}-${h.digest('base64')}${this.optString}` + }).join(' '), this.opts) + // Integrity verification mode + const match = this.goodSri && newSri.match(this.sri, this.opts) + if (typeof this.expectedSize === 'number' && this.size !== this.expectedSize) { + /* eslint-disable-next-line max-len */ + const err = new Error(`stream size mismatch when checking ${this.sri}.\n Wanted: ${this.expectedSize}\n Found: ${this.size}`) + err.code = 'EBADSIZE' + err.found = this.size + err.expected = this.expectedSize + err.sri = this.sri + this.emit('error', err) + } else if (this.sri && !match) { + /* eslint-disable-next-line max-len */ + const err = new Error(`${this.sri} integrity checksum failed when using ${this.algorithm}: wanted ${this.digests} but got ${newSri}. (${this.size} bytes)`) + err.code = 'EINTEGRITY' + err.found = newSri + err.expected = this.digests + err.algorithm = this.algorithm + err.sri = this.sri + this.emit('error', err) + } else { + this.emit('size', this.size) + this.emit('integrity', newSri) + match && this.emit('verified', match) + } + } +} + +class Hash { + get isHash () { + return true + } + + constructor (hash, opts) { + opts = ssriOpts(opts) + const strict = !!opts.strict + this.source = hash.trim() + + // set default values so that we make V8 happy to + // always see a familiar object template. + this.digest = '' + this.algorithm = '' + this.options = [] + + // 3.1. Integrity metadata (called "Hash" by ssri) + // https://w3c.github.io/webappsec-subresource-integrity/#integrity-metadata-description + const match = this.source.match( + strict + ? STRICT_SRI_REGEX + : SRI_REGEX + ) + if (!match) { + return + } + if (strict && !SPEC_ALGORITHMS.some(a => a === match[1])) { + return + } + this.algorithm = match[1] + this.digest = match[2] + + const rawOpts = match[3] + if (rawOpts) { + this.options = rawOpts.slice(1).split('?') + } + } + + hexDigest () { + return this.digest && Buffer.from(this.digest, 'base64').toString('hex') + } + + toJSON () { + return this.toString() + } + + toString (opts) { + opts = ssriOpts(opts) + if (opts.strict) { + // Strict mode enforces the standard as close to the foot of the + // letter as it can. + if (!( + // The spec has very restricted productions for algorithms. + // https://www.w3.org/TR/CSP2/#source-list-syntax + SPEC_ALGORITHMS.some(x => x === this.algorithm) && + // Usually, if someone insists on using a "different" base64, we + // leave it as-is, since there's multiple standards, and the + // specified is not a URL-safe variant. + // https://www.w3.org/TR/CSP2/#base64_value + this.digest.match(BASE64_REGEX) && + // Option syntax is strictly visual chars. + // https://w3c.github.io/webappsec-subresource-integrity/#grammardef-option-expression + // https://tools.ietf.org/html/rfc5234#appendix-B.1 + this.options.every(opt => opt.match(VCHAR_REGEX)) + )) { + return '' + } + } + const options = this.options && this.options.length + ? `?${this.options.join('?')}` + : '' + return `${this.algorithm}-${this.digest}${options}` + } +} + +class Integrity { + get isIntegrity () { + return true + } + + toJSON () { + return this.toString() + } + + isEmpty () { + return Object.keys(this).length === 0 + } + + toString (opts) { + opts = ssriOpts(opts) + let sep = opts.sep || ' ' + if (opts.strict) { + // Entries must be separated by whitespace, according to spec. + sep = sep.replace(/\S+/g, ' ') + } + return Object.keys(this).map(k => { + return this[k].map(hash => { + return Hash.prototype.toString.call(hash, opts) + }).filter(x => x.length).join(sep) + }).filter(x => x.length).join(sep) + } + + concat (integrity, opts) { + opts = ssriOpts(opts) + const other = typeof integrity === 'string' + ? integrity + : stringify(integrity, opts) + return parse(`${this.toString(opts)} ${other}`, opts) + } + + hexDigest () { + return parse(this, { single: true }).hexDigest() + } + + // add additional hashes to an integrity value, but prevent + // *changing* an existing integrity hash. + merge (integrity, opts) { + opts = ssriOpts(opts) + const other = parse(integrity, opts) + for (const algo in other) { + if (this[algo]) { + if (!this[algo].find(hash => + other[algo].find(otherhash => + hash.digest === otherhash.digest))) { + throw new Error('hashes do not match, cannot update integrity') + } + } else { + this[algo] = other[algo] + } + } + } + + match (integrity, opts) { + opts = ssriOpts(opts) + const other = parse(integrity, opts) + const algo = other.pickAlgorithm(opts) + return ( + this[algo] && + other[algo] && + this[algo].find(hash => + other[algo].find(otherhash => + hash.digest === otherhash.digest + ) + ) + ) || false + } + + pickAlgorithm (opts) { + opts = ssriOpts(opts) + const pickAlgorithm = opts.pickAlgorithm + const keys = Object.keys(this) + return keys.reduce((acc, algo) => { + return pickAlgorithm(acc, algo) || acc + }) + } +} + +module.exports.parse = parse +function parse (sri, opts) { + if (!sri) { + return null + } + opts = ssriOpts(opts) + if (typeof sri === 'string') { + return _parse(sri, opts) + } else if (sri.algorithm && sri.digest) { + const fullSri = new Integrity() + fullSri[sri.algorithm] = [sri] + return _parse(stringify(fullSri, opts), opts) + } else { + return _parse(stringify(sri, opts), opts) + } +} + +function _parse (integrity, opts) { + // 3.4.3. Parse metadata + // https://w3c.github.io/webappsec-subresource-integrity/#parse-metadata + if (opts.single) { + return new Hash(integrity, opts) + } + const hashes = integrity.trim().split(/\s+/).reduce((acc, string) => { + const hash = new Hash(string, opts) + if (hash.algorithm && hash.digest) { + const algo = hash.algorithm + if (!acc[algo]) { + acc[algo] = [] + } + acc[algo].push(hash) + } + return acc + }, new Integrity()) + return hashes.isEmpty() ? null : hashes +} + +module.exports.stringify = stringify +function stringify (obj, opts) { + opts = ssriOpts(opts) + if (obj.algorithm && obj.digest) { + return Hash.prototype.toString.call(obj, opts) + } else if (typeof obj === 'string') { + return stringify(parse(obj, opts), opts) + } else { + return Integrity.prototype.toString.call(obj, opts) + } +} + +module.exports.fromHex = fromHex +function fromHex (hexDigest, algorithm, opts) { + opts = ssriOpts(opts) + const optString = getOptString(opts.options) + return parse( + `${algorithm}-${ + Buffer.from(hexDigest, 'hex').toString('base64') + }${optString}`, opts + ) +} + +module.exports.fromData = fromData +function fromData (data, opts) { + opts = ssriOpts(opts) + const algorithms = opts.algorithms + const optString = getOptString(opts.options) + return algorithms.reduce((acc, algo) => { + const digest = crypto.createHash(algo).update(data).digest('base64') + const hash = new Hash( + `${algo}-${digest}${optString}`, + opts + ) + /* istanbul ignore else - it would be VERY strange if the string we + * just calculated with an algo did not have an algo or digest. + */ + if (hash.algorithm && hash.digest) { + const hashAlgo = hash.algorithm + if (!acc[hashAlgo]) { + acc[hashAlgo] = [] + } + acc[hashAlgo].push(hash) + } + return acc + }, new Integrity()) +} + +module.exports.fromStream = fromStream +function fromStream (stream, opts) { + opts = ssriOpts(opts) + const istream = integrityStream(opts) + return new Promise((resolve, reject) => { + stream.pipe(istream) + stream.on('error', reject) + istream.on('error', reject) + let sri + istream.on('integrity', s => { + sri = s + }) + istream.on('end', () => resolve(sri)) + istream.on('data', () => {}) + }) +} + +module.exports.checkData = checkData +function checkData (data, sri, opts) { + opts = ssriOpts(opts) + sri = parse(sri, opts) + if (!sri || !Object.keys(sri).length) { + if (opts.error) { + throw Object.assign( + new Error('No valid integrity hashes to check against'), { + code: 'EINTEGRITY', + } + ) + } else { + return false + } + } + const algorithm = sri.pickAlgorithm(opts) + const digest = crypto.createHash(algorithm).update(data).digest('base64') + const newSri = parse({ algorithm, digest }) + const match = newSri.match(sri, opts) + if (match || !opts.error) { + return match + } else if (typeof opts.size === 'number' && (data.length !== opts.size)) { + /* eslint-disable-next-line max-len */ + const err = new Error(`data size mismatch when checking ${sri}.\n Wanted: ${opts.size}\n Found: ${data.length}`) + err.code = 'EBADSIZE' + err.found = data.length + err.expected = opts.size + err.sri = sri + throw err + } else { + /* eslint-disable-next-line max-len */ + const err = new Error(`Integrity checksum failed when using ${algorithm}: Wanted ${sri}, but got ${newSri}. (${data.length} bytes)`) + err.code = 'EINTEGRITY' + err.found = newSri + err.expected = sri + err.algorithm = algorithm + err.sri = sri + throw err + } +} + +module.exports.checkStream = checkStream +function checkStream (stream, sri, opts) { + opts = ssriOpts(opts) + opts.integrity = sri + sri = parse(sri, opts) + if (!sri || !Object.keys(sri).length) { + return Promise.reject(Object.assign( + new Error('No valid integrity hashes to check against'), { + code: 'EINTEGRITY', + } + )) + } + const checker = integrityStream(opts) + return new Promise((resolve, reject) => { + stream.pipe(checker) + stream.on('error', reject) + checker.on('error', reject) + let verified + checker.on('verified', s => { + verified = s + }) + checker.on('end', () => resolve(verified)) + checker.on('data', () => {}) + }) +} + +module.exports.integrityStream = integrityStream +function integrityStream (opts = {}) { + return new IntegrityStream(opts) +} + +module.exports.create = createIntegrity +function createIntegrity (opts) { + opts = ssriOpts(opts) + const algorithms = opts.algorithms + const optString = getOptString(opts.options) + + const hashes = algorithms.map(crypto.createHash) + + return { + update: function (chunk, enc) { + hashes.forEach(h => h.update(chunk, enc)) + return this + }, + digest: function (enc) { + const integrity = algorithms.reduce((acc, algo) => { + const digest = hashes.shift().digest('base64') + const hash = new Hash( + `${algo}-${digest}${optString}`, + opts + ) + /* istanbul ignore else - it would be VERY strange if the hash we + * just calculated with an algo did not have an algo or digest. + */ + if (hash.algorithm && hash.digest) { + const hashAlgo = hash.algorithm + if (!acc[hashAlgo]) { + acc[hashAlgo] = [] + } + acc[hashAlgo].push(hash) + } + return acc + }, new Integrity()) + + return integrity + }, + } +} + +const NODE_HASHES = new Set(crypto.getHashes()) + +// This is a Best Effortâ„¢ at a reasonable priority for hash algos +const DEFAULT_PRIORITY = [ + 'md5', 'whirlpool', 'sha1', 'sha224', 'sha256', 'sha384', 'sha512', + // TODO - it's unclear _which_ of these Node will actually use as its name + // for the algorithm, so we guesswork it based on the OpenSSL names. + 'sha3', + 'sha3-256', 'sha3-384', 'sha3-512', + 'sha3_256', 'sha3_384', 'sha3_512', +].filter(algo => NODE_HASHES.has(algo)) + +function getPrioritizedHash (algo1, algo2) { + /* eslint-disable-next-line max-len */ + return DEFAULT_PRIORITY.indexOf(algo1.toLowerCase()) >= DEFAULT_PRIORITY.indexOf(algo2.toLowerCase()) + ? algo1 + : algo2 +} diff --git a/node_modules/@npmcli/git/node_modules/@npmcli/promise-spawn/package.json b/node_modules/pacote/node_modules/ssri/package.json similarity index 56% rename from node_modules/@npmcli/git/node_modules/@npmcli/promise-spawn/package.json rename to node_modules/pacote/node_modules/ssri/package.json index 4521b56d50560..84448afc3cf04 100644 --- a/node_modules/@npmcli/git/node_modules/@npmcli/promise-spawn/package.json +++ b/node_modules/pacote/node_modules/ssri/package.json @@ -1,38 +1,56 @@ { - "name": "@npmcli/promise-spawn", - "version": "3.0.0", + "name": "ssri", + "version": "9.0.0", + "description": "Standard Subresource Integrity library -- parses, serializes, generates, and verifies integrity metadata according to the SRI spec.", + "main": "lib/index.js", "files": [ "bin/", "lib/" ], - "main": "./lib/index.js", - "description": "spawn processes the way the npm cli likes to do", - "repository": { - "type": "git", - "url": "https://github.com/npm/promise-spawn.git" - }, - "author": "GitHub Inc.", - "license": "ISC", "scripts": { - "test": "tap", - "snap": "tap", - "preversion": "npm test", - "postversion": "npm publish", + "prerelease": "npm t", + "postrelease": "npm publish", "prepublishOnly": "git push origin --follow-tags", - "lint": "eslint \"**/*.js\"", - "lintfix": "npm run lint -- --fix", "posttest": "npm run lint", - "postsnap": "npm run lintfix --", + "test": "tap", + "coverage": "tap", + "lint": "eslint \"**/*.js\"", "postlint": "template-oss-check", - "template-oss-apply": "template-oss-apply --force" + "template-oss-apply": "template-oss-apply --force", + "lintfix": "npm run lint -- --fix", + "preversion": "npm test", + "postversion": "npm publish", + "snap": "tap" }, "tap": { "check-coverage": true }, + "repository": { + "type": "git", + "url": "https://github.com/npm/ssri.git" + }, + "keywords": [ + "w3c", + "web", + "security", + "integrity", + "checksum", + "hashing", + "subresource integrity", + "sri", + "sri hash", + "sri string", + "sri generator", + "html" + ], + "author": "GitHub Inc.", + "license": "ISC", + "dependencies": { + "minipass": "^3.1.1" + }, "devDependencies": { "@npmcli/eslint-config": "^3.0.1", "@npmcli/template-oss": "3.2.2", - "minipass": "^3.1.1", "tap": "^16.0.1" }, "engines": { @@ -41,8 +59,5 @@ "templateOSS": { "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.", "version": "3.2.2" - }, - "dependencies": { - "infer-owner": "^1.0.4" } } diff --git a/node_modules/pacote/package.json b/node_modules/pacote/package.json index f49c23147a80c..af8166d4ea19e 100644 --- a/node_modules/pacote/package.json +++ b/node_modules/pacote/package.json @@ -1,6 +1,6 @@ { "name": "pacote", - "version": "13.0.5", + "version": "13.1.1", "description": "JavaScript package downloader", "author": "GitHub Inc.", "bin": { @@ -14,25 +14,28 @@ "preversion": "npm test", "postversion": "npm publish", "prepublishOnly": "git push origin --follow-tags", - "lint": "eslint '**/*.js'", - "postlint": "npm-template-check", + "lint": "eslint \"**/*.js\"", + "postlint": "template-oss-check", "lintfix": "npm run lint -- --fix", "posttest": "npm run lint", - "template-copy": "npm-template-copy --force" + "template-oss-apply": "template-oss-apply --force" }, "tap": { "timeout": 300, "coverage-map": "map.js" }, "devDependencies": { - "@npmcli/template-oss": "^2.9.2", + "@npmcli/eslint-config": "^3.0.1", + "@npmcli/template-oss": "3.2.2", + "hosted-git-info": "^5.0.0", "mutate-fs": "^2.1.1", + "nock": "^13.2.4", "npm-registry-mock": "^1.3.1", - "tap": "^15.1.6" + "tap": "^16.0.1" }, "files": [ - "bin", - "lib" + "bin/", + "lib/" ], "keywords": [ "packages", @@ -42,7 +45,7 @@ "dependencies": { "@npmcli/git": "^3.0.0", "@npmcli/installed-package-contents": "^1.0.7", - "@npmcli/promise-spawn": "^1.2.0", + "@npmcli/promise-spawn": "^3.0.0", "@npmcli/run-script": "^3.0.1", "cacache": "^16.0.0", "chownr": "^2.0.0", @@ -51,7 +54,7 @@ "minipass": "^3.1.6", "mkdirp": "^1.0.4", "npm-package-arg": "^9.0.0", - "npm-packlist": "^4.0.0", + "npm-packlist": "^5.0.0", "npm-pick-manifest": "^7.0.0", "npm-registry-fetch": "^13.0.1", "proc-log": "^2.0.0", @@ -59,15 +62,19 @@ "read-package-json": "^5.0.0", "read-package-json-fast": "^2.0.3", "rimraf": "^3.0.2", - "ssri": "^8.0.1", + "ssri": "^9.0.0", "tar": "^6.1.11" }, "engines": { - "node": "^12.13.0 || ^14.15.0 || >=16" + "node": "^12.13.0 || ^14.15.0 || >=16.0.0" + }, + "repository": { + "type": "git", + "url": "https://github.com/npm/pacote.git" }, - "repository": "git@github.com:npm/pacote", "templateOSS": { - "version": "2.9.2", + "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.", + "version": "3.2.2", "windowsCI": false } } diff --git a/package-lock.json b/package-lock.json index 2301b725fccdc..b7d147da30398 100644 --- a/package-lock.json +++ b/package-lock.json @@ -141,7 +141,7 @@ "npm-user-validate": "^1.0.1", "npmlog": "^6.0.1", "opener": "^1.5.2", - "pacote": "^13.0.5", + "pacote": "^13.1.1", "parse-conflict-json": "^2.0.2", "proc-log": "^2.0.1", "qrcode-terminal": "^0.12.0", @@ -196,18 +196,6 @@ "node": ">=16.0.0" } }, - "docs/node_modules/@npmcli/promise-spawn": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/@npmcli/promise-spawn/-/promise-spawn-3.0.0.tgz", - "integrity": "sha512-s9SgS+p3a9Eohe68cSI3fi+hpcZUmXq5P7w0kMlAsWVtR7XbK3ptkZqKT2cK1zLDObJ3sR+8P59sJE0w/KTL1g==", - "dev": true, - "dependencies": { - "infer-owner": "^1.0.4" - }, - "engines": { - "node": "^12.13.0 || ^14.15.0 || >=16.0.0" - } - }, "node_modules/@babel/code-frame": { "version": "7.16.7", "dev": true, @@ -912,18 +900,6 @@ "node": "^12.13.0 || ^14.15.0 || >=16.0.0" } }, - "node_modules/@npmcli/git/node_modules/@npmcli/promise-spawn": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/@npmcli/promise-spawn/-/promise-spawn-3.0.0.tgz", - "integrity": "sha512-s9SgS+p3a9Eohe68cSI3fi+hpcZUmXq5P7w0kMlAsWVtR7XbK3ptkZqKT2cK1zLDObJ3sR+8P59sJE0w/KTL1g==", - "inBundle": true, - "dependencies": { - "infer-owner": "^1.0.4" - }, - "engines": { - "node": "^12.13.0 || ^14.15.0 || >=16.0.0" - } - }, "node_modules/@npmcli/installed-package-contents": { "version": "1.0.7", "inBundle": true, @@ -1026,12 +1002,15 @@ } }, "node_modules/@npmcli/promise-spawn": { - "version": "1.3.2", - "resolved": "https://registry.npmjs.org/@npmcli/promise-spawn/-/promise-spawn-1.3.2.tgz", - "integrity": "sha512-QyAGYo/Fbj4MXeGdJcFzZ+FkDkomfRBrPM+9QYJSg+PxgAUL+LU3FneQk37rKR2/zjqkCV1BLHccX98wRXG3Sg==", + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/@npmcli/promise-spawn/-/promise-spawn-3.0.0.tgz", + "integrity": "sha512-s9SgS+p3a9Eohe68cSI3fi+hpcZUmXq5P7w0kMlAsWVtR7XbK3ptkZqKT2cK1zLDObJ3sR+8P59sJE0w/KTL1g==", "inBundle": true, "dependencies": { "infer-owner": "^1.0.4" + }, + "engines": { + "node": "^12.13.0 || ^14.15.0 || >=16.0.0" } }, "node_modules/@npmcli/run-script": { @@ -1049,18 +1028,6 @@ "node": "^12.13.0 || ^14.15.0 || >=16.0.0" } }, - "node_modules/@npmcli/run-script/node_modules/@npmcli/promise-spawn": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/@npmcli/promise-spawn/-/promise-spawn-3.0.0.tgz", - "integrity": "sha512-s9SgS+p3a9Eohe68cSI3fi+hpcZUmXq5P7w0kMlAsWVtR7XbK3ptkZqKT2cK1zLDObJ3sR+8P59sJE0w/KTL1g==", - "inBundle": true, - "dependencies": { - "infer-owner": "^1.0.4" - }, - "engines": { - "node": "^12.13.0 || ^14.15.0 || >=16.0.0" - } - }, "node_modules/@npmcli/template-oss": { "version": "3.2.2", "resolved": "https://registry.npmjs.org/@npmcli/template-oss/-/template-oss-3.2.2.tgz", @@ -3580,11 +3547,33 @@ } }, "node_modules/ignore-walk": { - "version": "4.0.1", + "version": "5.0.1", + "resolved": "https://registry.npmjs.org/ignore-walk/-/ignore-walk-5.0.1.tgz", + "integrity": "sha512-yemi4pMf51WKT7khInJqAvsIGzoqYXblnsz0ql8tM+yi1EKYTY1evX4NAbJrLL/Aanr2HyZeluqU+Oi7MGHokw==", "inBundle": true, - "license": "ISC", "dependencies": { - "minimatch": "^3.0.4" + "minimatch": "^5.0.1" + }, + "engines": { + "node": "^12.13.0 || ^14.15.0 || >=16.0.0" + } + }, + "node_modules/ignore-walk/node_modules/brace-expansion": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz", + "integrity": "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==", + "inBundle": true, + "dependencies": { + "balanced-match": "^1.0.0" + } + }, + "node_modules/ignore-walk/node_modules/minimatch": { + "version": "5.0.1", + "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-5.0.1.tgz", + "integrity": "sha512-nLDxIFRyhDblz3qMuq+SoRZED4+miJ/G+tdDrjkkkRnjAsBexeGpgjLEQ0blJy7rHhR2b93rhQY4SvyWu9v03g==", + "inBundle": true, + "dependencies": { + "brace-expansion": "^2.0.1" }, "engines": { "node": ">=10" @@ -5043,12 +5032,13 @@ } }, "node_modules/npm-packlist": { - "version": "4.0.0", + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/npm-packlist/-/npm-packlist-5.0.0.tgz", + "integrity": "sha512-uU20UwM4Hogfab1Q7htJbhcyafM9lGHxOrDjkKvR2S3z7Ds0uRaESk0cXctczk+ABT4DZWNwjB10xlurFdEwZg==", "inBundle": true, - "license": "ISC", "dependencies": { "glob": "^7.2.0", - "ignore-walk": "^4.0.1", + "ignore-walk": "^5.0.1", "npm-bundled": "^1.1.2", "npm-normalize-package-bin": "^1.0.1" }, @@ -5056,7 +5046,7 @@ "npm-packlist": "bin/index.js" }, "engines": { - "node": "^12.13.0 || ^14.15.0 || >=16" + "node": "^12.13.0 || ^14.15.0 || >=16.0.0" } }, "node_modules/npm-pick-manifest": { @@ -5406,13 +5396,14 @@ } }, "node_modules/pacote": { - "version": "13.0.5", + "version": "13.1.1", + "resolved": "https://registry.npmjs.org/pacote/-/pacote-13.1.1.tgz", + "integrity": "sha512-MTT3k1OhUo+IpvoHGp25OwsRU0L+kJQM236OCywxvY4OIJ/YfloNW2/Yc3HMASH10BkfZaGMVK/pxybB7fWcLw==", "inBundle": true, - "license": "ISC", "dependencies": { "@npmcli/git": "^3.0.0", "@npmcli/installed-package-contents": "^1.0.7", - "@npmcli/promise-spawn": "^1.2.0", + "@npmcli/promise-spawn": "^3.0.0", "@npmcli/run-script": "^3.0.1", "cacache": "^16.0.0", "chownr": "^2.0.0", @@ -5421,7 +5412,7 @@ "minipass": "^3.1.6", "mkdirp": "^1.0.4", "npm-package-arg": "^9.0.0", - "npm-packlist": "^4.0.0", + "npm-packlist": "^5.0.0", "npm-pick-manifest": "^7.0.0", "npm-registry-fetch": "^13.0.1", "proc-log": "^2.0.0", @@ -5429,14 +5420,26 @@ "read-package-json": "^5.0.0", "read-package-json-fast": "^2.0.3", "rimraf": "^3.0.2", - "ssri": "^8.0.1", + "ssri": "^9.0.0", "tar": "^6.1.11" }, "bin": { "pacote": "lib/bin.js" }, "engines": { - "node": "^12.13.0 || ^14.15.0 || >=16" + "node": "^12.13.0 || ^14.15.0 || >=16.0.0" + } + }, + "node_modules/pacote/node_modules/ssri": { + "version": "9.0.0", + "resolved": "https://registry.npmjs.org/ssri/-/ssri-9.0.0.tgz", + "integrity": "sha512-Y1Z6J8UYnexKFN1R/hxUaYoY2LVdKEzziPmVAFKiKX8fiwvCJTVzn/xYE9TEWod5OVyNfIHHuVfIEuBClL/uJQ==", + "inBundle": true, + "dependencies": { + "minipass": "^3.1.1" + }, + "engines": { + "node": "^12.13.0 || ^14.15.0 || >=16.0.0" } }, "node_modules/parent-module": { @@ -10398,16 +10401,6 @@ "promise-retry": "^2.0.1", "semver": "^7.3.5", "which": "^2.0.2" - }, - "dependencies": { - "@npmcli/promise-spawn": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/@npmcli/promise-spawn/-/promise-spawn-3.0.0.tgz", - "integrity": "sha512-s9SgS+p3a9Eohe68cSI3fi+hpcZUmXq5P7w0kMlAsWVtR7XbK3ptkZqKT2cK1zLDObJ3sR+8P59sJE0w/KTL1g==", - "requires": { - "infer-owner": "^1.0.4" - } - } } }, "@npmcli/installed-package-contents": { @@ -10477,9 +10470,9 @@ } }, "@npmcli/promise-spawn": { - "version": "1.3.2", - "resolved": "https://registry.npmjs.org/@npmcli/promise-spawn/-/promise-spawn-1.3.2.tgz", - "integrity": "sha512-QyAGYo/Fbj4MXeGdJcFzZ+FkDkomfRBrPM+9QYJSg+PxgAUL+LU3FneQk37rKR2/zjqkCV1BLHccX98wRXG3Sg==", + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/@npmcli/promise-spawn/-/promise-spawn-3.0.0.tgz", + "integrity": "sha512-s9SgS+p3a9Eohe68cSI3fi+hpcZUmXq5P7w0kMlAsWVtR7XbK3ptkZqKT2cK1zLDObJ3sR+8P59sJE0w/KTL1g==", "requires": { "infer-owner": "^1.0.4" } @@ -10493,16 +10486,6 @@ "@npmcli/promise-spawn": "^3.0.0", "node-gyp": "^9.0.0", "read-package-json-fast": "^2.0.3" - }, - "dependencies": { - "@npmcli/promise-spawn": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/@npmcli/promise-spawn/-/promise-spawn-3.0.0.tgz", - "integrity": "sha512-s9SgS+p3a9Eohe68cSI3fi+hpcZUmXq5P7w0kMlAsWVtR7XbK3ptkZqKT2cK1zLDObJ3sR+8P59sJE0w/KTL1g==", - "requires": { - "infer-owner": "^1.0.4" - } - } } }, "@npmcli/template-oss": { @@ -11267,7 +11250,7 @@ "@mdx-js/mdx": "^1.6.22", "@npmcli/eslint-config": "^3.0.1", "@npmcli/fs": "^2.1.0", - "@npmcli/promise-spawn": "3.0.0", + "@npmcli/promise-spawn": "^3.0.0", "@npmcli/template-oss": "3.2.2", "cmark-gfm": "^0.9.0", "jsdom": "^18.1.0", @@ -11275,17 +11258,6 @@ "tap": "^15.2.3", "which": "^2.0.2", "yaml": "^1.10.0" - }, - "dependencies": { - "@npmcli/promise-spawn": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/@npmcli/promise-spawn/-/promise-spawn-3.0.0.tgz", - "integrity": "sha512-s9SgS+p3a9Eohe68cSI3fi+hpcZUmXq5P7w0kMlAsWVtR7XbK3ptkZqKT2cK1zLDObJ3sR+8P59sJE0w/KTL1g==", - "dev": true, - "requires": { - "infer-owner": "^1.0.4" - } - } } }, "doctrine": { @@ -12115,9 +12087,29 @@ "peer": true }, "ignore-walk": { - "version": "4.0.1", + "version": "5.0.1", + "resolved": "https://registry.npmjs.org/ignore-walk/-/ignore-walk-5.0.1.tgz", + "integrity": "sha512-yemi4pMf51WKT7khInJqAvsIGzoqYXblnsz0ql8tM+yi1EKYTY1evX4NAbJrLL/Aanr2HyZeluqU+Oi7MGHokw==", "requires": { - "minimatch": "^3.0.4" + "minimatch": "^5.0.1" + }, + "dependencies": { + "brace-expansion": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz", + "integrity": "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==", + "requires": { + "balanced-match": "^1.0.0" + } + }, + "minimatch": { + "version": "5.0.1", + "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-5.0.1.tgz", + "integrity": "sha512-nLDxIFRyhDblz3qMuq+SoRZED4+miJ/G+tdDrjkkkRnjAsBexeGpgjLEQ0blJy7rHhR2b93rhQY4SvyWu9v03g==", + "requires": { + "brace-expansion": "^2.0.1" + } + } } }, "import-fresh": { @@ -13128,10 +13120,12 @@ } }, "npm-packlist": { - "version": "4.0.0", + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/npm-packlist/-/npm-packlist-5.0.0.tgz", + "integrity": "sha512-uU20UwM4Hogfab1Q7htJbhcyafM9lGHxOrDjkKvR2S3z7Ds0uRaESk0cXctczk+ABT4DZWNwjB10xlurFdEwZg==", "requires": { "glob": "^7.2.0", - "ignore-walk": "^4.0.1", + "ignore-walk": "^5.0.1", "npm-bundled": "^1.1.2", "npm-normalize-package-bin": "^1.0.1" } @@ -13358,11 +13352,13 @@ } }, "pacote": { - "version": "13.0.5", + "version": "13.1.1", + "resolved": "https://registry.npmjs.org/pacote/-/pacote-13.1.1.tgz", + "integrity": "sha512-MTT3k1OhUo+IpvoHGp25OwsRU0L+kJQM236OCywxvY4OIJ/YfloNW2/Yc3HMASH10BkfZaGMVK/pxybB7fWcLw==", "requires": { "@npmcli/git": "^3.0.0", "@npmcli/installed-package-contents": "^1.0.7", - "@npmcli/promise-spawn": "^1.2.0", + "@npmcli/promise-spawn": "^3.0.0", "@npmcli/run-script": "^3.0.1", "cacache": "^16.0.0", "chownr": "^2.0.0", @@ -13371,7 +13367,7 @@ "minipass": "^3.1.6", "mkdirp": "^1.0.4", "npm-package-arg": "^9.0.0", - "npm-packlist": "^4.0.0", + "npm-packlist": "^5.0.0", "npm-pick-manifest": "^7.0.0", "npm-registry-fetch": "^13.0.1", "proc-log": "^2.0.0", @@ -13379,8 +13375,18 @@ "read-package-json": "^5.0.0", "read-package-json-fast": "^2.0.3", "rimraf": "^3.0.2", - "ssri": "^8.0.1", + "ssri": "^9.0.0", "tar": "^6.1.11" + }, + "dependencies": { + "ssri": { + "version": "9.0.0", + "resolved": "https://registry.npmjs.org/ssri/-/ssri-9.0.0.tgz", + "integrity": "sha512-Y1Z6J8UYnexKFN1R/hxUaYoY2LVdKEzziPmVAFKiKX8fiwvCJTVzn/xYE9TEWod5OVyNfIHHuVfIEuBClL/uJQ==", + "requires": { + "minipass": "^3.1.1" + } + } } }, "parent-module": { diff --git a/package.json b/package.json index bf4f4536f0007..4e8b7163aab77 100644 --- a/package.json +++ b/package.json @@ -108,7 +108,7 @@ "npm-user-validate": "^1.0.1", "npmlog": "^6.0.1", "opener": "^1.5.2", - "pacote": "^13.0.5", + "pacote": "^13.1.1", "parse-conflict-json": "^2.0.2", "proc-log": "^2.0.1", "qrcode-terminal": "^0.12.0",