From c784b57b654d25e8d932e6fe415b87e75dcf9026 Mon Sep 17 00:00:00 2001 From: Luke Karrys Date: Tue, 15 Aug 2023 12:14:12 -0700 Subject: [PATCH] deps: npm-package-arg@11.0.0 --- mock-registry/package.json | 2 +- node_modules/.gitignore | 15 +- .../node_modules/hosted-git-info/LICENSE | 0 .../hosted-git-info/lib/from-url.js | 0 .../node_modules/hosted-git-info/lib/hosts.js | 0 .../node_modules/hosted-git-info/lib/index.js | 0 .../hosted-git-info/lib/parse-url.js | 0 .../node_modules/hosted-git-info/package.json | 0 .../node_modules/npm-package-arg/LICENSE | 15 + .../node_modules/npm-package-arg/lib/npa.js | 431 ++++++++++++++++++ .../node_modules/npm-package-arg/package.json | 59 +++ node_modules/npm-package-arg/lib/npa.js | 47 +- node_modules/npm-package-arg/package.json | 17 +- .../node_modules/hosted-git-info/LICENSE | 13 + .../hosted-git-info/lib/from-url.js | 122 +++++ .../node_modules/hosted-git-info/lib/hosts.js | 228 +++++++++ .../node_modules/hosted-git-info/lib/index.js | 179 ++++++++ .../hosted-git-info/lib/parse-url.js | 78 ++++ .../node_modules/hosted-git-info/package.json | 59 +++ .../node_modules/npm-package-arg/LICENSE | 15 + .../node_modules/npm-package-arg/lib/npa.js | 431 ++++++++++++++++++ .../node_modules/npm-package-arg/package.json | 59 +++ .../node_modules/hosted-git-info/LICENSE | 13 + .../hosted-git-info/lib/from-url.js | 122 +++++ .../node_modules/hosted-git-info/lib/hosts.js | 228 +++++++++ .../node_modules/hosted-git-info/lib/index.js | 179 ++++++++ .../hosted-git-info/lib/parse-url.js | 78 ++++ .../node_modules/hosted-git-info/package.json | 59 +++ .../node_modules/npm-package-arg/LICENSE | 15 + .../node_modules/npm-package-arg/lib/npa.js | 431 ++++++++++++++++++ .../node_modules/npm-package-arg/package.json | 59 +++ .../node_modules/hosted-git-info/LICENSE | 13 + .../hosted-git-info/lib/from-url.js | 122 +++++ .../node_modules/hosted-git-info/lib/hosts.js | 228 +++++++++ .../node_modules/hosted-git-info/lib/index.js | 179 ++++++++ .../hosted-git-info/lib/parse-url.js | 78 ++++ .../node_modules/hosted-git-info/package.json | 59 +++ .../node_modules/npm-package-arg/LICENSE | 15 + .../node_modules/npm-package-arg/lib/npa.js | 431 ++++++++++++++++++ .../node_modules/npm-package-arg/package.json | 59 +++ package-lock.json | 161 ++++++- package.json | 2 +- workspaces/arborist/package.json | 2 +- workspaces/libnpmaccess/package.json | 2 +- workspaces/libnpmdiff/package.json | 2 +- workspaces/libnpmexec/package.json | 2 +- workspaces/libnpmpack/package.json | 2 +- workspaces/libnpmpublish/package.json | 2 +- 48 files changed, 4240 insertions(+), 73 deletions(-) rename node_modules/{npm-package-arg => init-package-json}/node_modules/hosted-git-info/LICENSE (100%) rename node_modules/{npm-package-arg => init-package-json}/node_modules/hosted-git-info/lib/from-url.js (100%) rename node_modules/{npm-package-arg => init-package-json}/node_modules/hosted-git-info/lib/hosts.js (100%) rename node_modules/{npm-package-arg => init-package-json}/node_modules/hosted-git-info/lib/index.js (100%) rename node_modules/{npm-package-arg => init-package-json}/node_modules/hosted-git-info/lib/parse-url.js (100%) rename node_modules/{npm-package-arg => init-package-json}/node_modules/hosted-git-info/package.json (100%) create mode 100644 node_modules/init-package-json/node_modules/npm-package-arg/LICENSE create mode 100644 node_modules/init-package-json/node_modules/npm-package-arg/lib/npa.js create mode 100644 node_modules/init-package-json/node_modules/npm-package-arg/package.json create mode 100644 node_modules/npm-pick-manifest/node_modules/hosted-git-info/LICENSE create mode 100644 node_modules/npm-pick-manifest/node_modules/hosted-git-info/lib/from-url.js create mode 100644 node_modules/npm-pick-manifest/node_modules/hosted-git-info/lib/hosts.js create mode 100644 node_modules/npm-pick-manifest/node_modules/hosted-git-info/lib/index.js create mode 100644 node_modules/npm-pick-manifest/node_modules/hosted-git-info/lib/parse-url.js create mode 100644 node_modules/npm-pick-manifest/node_modules/hosted-git-info/package.json create mode 100644 node_modules/npm-pick-manifest/node_modules/npm-package-arg/LICENSE create mode 100644 node_modules/npm-pick-manifest/node_modules/npm-package-arg/lib/npa.js create mode 100644 node_modules/npm-pick-manifest/node_modules/npm-package-arg/package.json create mode 100644 node_modules/npm-registry-fetch/node_modules/hosted-git-info/LICENSE create mode 100644 node_modules/npm-registry-fetch/node_modules/hosted-git-info/lib/from-url.js create mode 100644 node_modules/npm-registry-fetch/node_modules/hosted-git-info/lib/hosts.js create mode 100644 node_modules/npm-registry-fetch/node_modules/hosted-git-info/lib/index.js create mode 100644 node_modules/npm-registry-fetch/node_modules/hosted-git-info/lib/parse-url.js create mode 100644 node_modules/npm-registry-fetch/node_modules/hosted-git-info/package.json create mode 100644 node_modules/npm-registry-fetch/node_modules/npm-package-arg/LICENSE create mode 100644 node_modules/npm-registry-fetch/node_modules/npm-package-arg/lib/npa.js create mode 100644 node_modules/npm-registry-fetch/node_modules/npm-package-arg/package.json create mode 100644 node_modules/pacote/node_modules/hosted-git-info/LICENSE create mode 100644 node_modules/pacote/node_modules/hosted-git-info/lib/from-url.js create mode 100644 node_modules/pacote/node_modules/hosted-git-info/lib/hosts.js create mode 100644 node_modules/pacote/node_modules/hosted-git-info/lib/index.js create mode 100644 node_modules/pacote/node_modules/hosted-git-info/lib/parse-url.js create mode 100644 node_modules/pacote/node_modules/hosted-git-info/package.json create mode 100644 node_modules/pacote/node_modules/npm-package-arg/LICENSE create mode 100644 node_modules/pacote/node_modules/npm-package-arg/lib/npa.js create mode 100644 node_modules/pacote/node_modules/npm-package-arg/package.json diff --git a/mock-registry/package.json b/mock-registry/package.json index c7624d6d25579..fa885b2cdb548 100644 --- a/mock-registry/package.json +++ b/mock-registry/package.json @@ -55,7 +55,7 @@ "@npmcli/template-oss": "4.18.0", "json-stringify-safe": "^5.0.1", "nock": "^13.3.0", - "npm-package-arg": "^10.1.0", + "npm-package-arg": "^11.0.0", "pacote": "^16.0.0", "tap": "^16.3.4" } diff --git a/node_modules/.gitignore b/node_modules/.gitignore index 2884505632a13..71679c6fedcfd 100644 --- a/node_modules/.gitignore +++ b/node_modules/.gitignore @@ -141,6 +141,10 @@ !/inherits !/ini !/init-package-json +!/init-package-json/node_modules/ +/init-package-json/node_modules/* +!/init-package-json/node_modules/hosted-git-info +!/init-package-json/node_modules/npm-package-arg !/ip-regex !/ip !/is-cidr @@ -220,11 +224,12 @@ !/npm-install-checks !/npm-normalize-package-bin !/npm-package-arg -!/npm-package-arg/node_modules/ -/npm-package-arg/node_modules/* -!/npm-package-arg/node_modules/hosted-git-info !/npm-packlist !/npm-pick-manifest +!/npm-pick-manifest/node_modules/ +/npm-pick-manifest/node_modules/* +!/npm-pick-manifest/node_modules/hosted-git-info +!/npm-pick-manifest/node_modules/npm-package-arg !/npm-profile !/npm-registry-fetch !/npm-registry-fetch/node_modules/ @@ -233,7 +238,9 @@ /npm-registry-fetch/node_modules/@npmcli/* !/npm-registry-fetch/node_modules/@npmcli/agent !/npm-registry-fetch/node_modules/cacache +!/npm-registry-fetch/node_modules/hosted-git-info !/npm-registry-fetch/node_modules/make-fetch-happen +!/npm-registry-fetch/node_modules/npm-package-arg !/npm-user-validate !/npmlog !/once @@ -245,6 +252,8 @@ /pacote/node_modules/@npmcli/* !/pacote/node_modules/@npmcli/git !/pacote/node_modules/cacache +!/pacote/node_modules/hosted-git-info +!/pacote/node_modules/npm-package-arg !/parse-conflict-json !/path-is-absolute !/path-key diff --git a/node_modules/npm-package-arg/node_modules/hosted-git-info/LICENSE b/node_modules/init-package-json/node_modules/hosted-git-info/LICENSE similarity index 100% rename from node_modules/npm-package-arg/node_modules/hosted-git-info/LICENSE rename to node_modules/init-package-json/node_modules/hosted-git-info/LICENSE diff --git a/node_modules/npm-package-arg/node_modules/hosted-git-info/lib/from-url.js b/node_modules/init-package-json/node_modules/hosted-git-info/lib/from-url.js similarity index 100% rename from node_modules/npm-package-arg/node_modules/hosted-git-info/lib/from-url.js rename to node_modules/init-package-json/node_modules/hosted-git-info/lib/from-url.js diff --git a/node_modules/npm-package-arg/node_modules/hosted-git-info/lib/hosts.js b/node_modules/init-package-json/node_modules/hosted-git-info/lib/hosts.js similarity index 100% rename from node_modules/npm-package-arg/node_modules/hosted-git-info/lib/hosts.js rename to node_modules/init-package-json/node_modules/hosted-git-info/lib/hosts.js diff --git a/node_modules/npm-package-arg/node_modules/hosted-git-info/lib/index.js b/node_modules/init-package-json/node_modules/hosted-git-info/lib/index.js similarity index 100% rename from node_modules/npm-package-arg/node_modules/hosted-git-info/lib/index.js rename to node_modules/init-package-json/node_modules/hosted-git-info/lib/index.js diff --git a/node_modules/npm-package-arg/node_modules/hosted-git-info/lib/parse-url.js b/node_modules/init-package-json/node_modules/hosted-git-info/lib/parse-url.js similarity index 100% rename from node_modules/npm-package-arg/node_modules/hosted-git-info/lib/parse-url.js rename to node_modules/init-package-json/node_modules/hosted-git-info/lib/parse-url.js diff --git a/node_modules/npm-package-arg/node_modules/hosted-git-info/package.json b/node_modules/init-package-json/node_modules/hosted-git-info/package.json similarity index 100% rename from node_modules/npm-package-arg/node_modules/hosted-git-info/package.json rename to node_modules/init-package-json/node_modules/hosted-git-info/package.json diff --git a/node_modules/init-package-json/node_modules/npm-package-arg/LICENSE b/node_modules/init-package-json/node_modules/npm-package-arg/LICENSE new file mode 100644 index 0000000000000..19cec97b18468 --- /dev/null +++ b/node_modules/init-package-json/node_modules/npm-package-arg/LICENSE @@ -0,0 +1,15 @@ +The ISC License + +Copyright (c) npm, Inc. + +Permission to use, copy, modify, and/or distribute this software for any +purpose with or without fee is hereby granted, provided that the above +copyright notice and this permission notice appear in all copies. + +THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR +IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. diff --git a/node_modules/init-package-json/node_modules/npm-package-arg/lib/npa.js b/node_modules/init-package-json/node_modules/npm-package-arg/lib/npa.js new file mode 100644 index 0000000000000..36bd18cd9f9a6 --- /dev/null +++ b/node_modules/init-package-json/node_modules/npm-package-arg/lib/npa.js @@ -0,0 +1,431 @@ +'use strict' +module.exports = npa +module.exports.resolve = resolve +module.exports.toPurl = toPurl +module.exports.Result = Result + +const url = require('url') +const HostedGit = require('hosted-git-info') +const semver = require('semver') +const path = global.FAKE_WINDOWS ? require('path').win32 : require('path') +const validatePackageName = require('validate-npm-package-name') +const { homedir } = require('os') +const log = require('proc-log') + +const isWindows = process.platform === 'win32' || global.FAKE_WINDOWS +const hasSlashes = isWindows ? /\\|[/]/ : /[/]/ +const isURL = /^(?:git[+])?[a-z]+:/i +const isGit = /^[^@]+@[^:.]+\.[^:]+:.+$/i +const isFilename = /[.](?:tgz|tar.gz|tar)$/i + +function npa (arg, where) { + let name + let spec + if (typeof arg === 'object') { + if (arg instanceof Result && (!where || where === arg.where)) { + return arg + } else if (arg.name && arg.rawSpec) { + return npa.resolve(arg.name, arg.rawSpec, where || arg.where) + } else { + return npa(arg.raw, where || arg.where) + } + } + const nameEndsAt = arg[0] === '@' ? arg.slice(1).indexOf('@') + 1 : arg.indexOf('@') + const namePart = nameEndsAt > 0 ? arg.slice(0, nameEndsAt) : arg + if (isURL.test(arg)) { + spec = arg + } else if (isGit.test(arg)) { + spec = `git+ssh://${arg}` + } else if (namePart[0] !== '@' && (hasSlashes.test(namePart) || isFilename.test(namePart))) { + spec = arg + } else if (nameEndsAt > 0) { + name = namePart + spec = arg.slice(nameEndsAt + 1) || '*' + } else { + const valid = validatePackageName(arg) + if (valid.validForOldPackages) { + name = arg + spec = '*' + } else { + spec = arg + } + } + return resolve(name, spec, where, arg) +} + +const isFilespec = isWindows ? /^(?:[.]|~[/]|[/\\]|[a-zA-Z]:)/ : /^(?:[.]|~[/]|[/]|[a-zA-Z]:)/ + +function resolve (name, spec, where, arg) { + const res = new Result({ + raw: arg, + name: name, + rawSpec: spec, + fromArgument: arg != null, + }) + + if (name) { + res.setName(name) + } + + if (spec && (isFilespec.test(spec) || /^file:/i.test(spec))) { + return fromFile(res, where) + } else if (spec && /^npm:/i.test(spec)) { + return fromAlias(res, where) + } + + const hosted = HostedGit.fromUrl(spec, { + noGitPlus: true, + noCommittish: true, + }) + if (hosted) { + return fromHostedGit(res, hosted) + } else if (spec && isURL.test(spec)) { + return fromURL(res) + } else if (spec && (hasSlashes.test(spec) || isFilename.test(spec))) { + return fromFile(res, where) + } else { + return fromRegistry(res) + } +} + +const defaultRegistry = 'https://registry.npmjs.org' + +function toPurl (arg, reg = defaultRegistry) { + const res = npa(arg) + + if (res.type !== 'version') { + throw invalidPurlType(res.type, res.raw) + } + + // URI-encode leading @ of scoped packages + let purl = 'pkg:npm/' + res.name.replace(/^@/, '%40') + '@' + res.rawSpec + if (reg !== defaultRegistry) { + purl += '?repository_url=' + reg + } + + return purl +} + +function invalidPackageName (name, valid, raw) { + // eslint-disable-next-line max-len + const err = new Error(`Invalid package name "${name}" of package "${raw}": ${valid.errors.join('; ')}.`) + err.code = 'EINVALIDPACKAGENAME' + return err +} + +function invalidTagName (name, raw) { + // eslint-disable-next-line max-len + const err = new Error(`Invalid tag name "${name}" of package "${raw}": Tags may not have any characters that encodeURIComponent encodes.`) + err.code = 'EINVALIDTAGNAME' + return err +} + +function invalidPurlType (type, raw) { + // eslint-disable-next-line max-len + const err = new Error(`Invalid type "${type}" of package "${raw}": Purl can only be generated for "version" types.`) + err.code = 'EINVALIDPURLTYPE' + return err +} + +function Result (opts) { + this.type = opts.type + this.registry = opts.registry + this.where = opts.where + if (opts.raw == null) { + this.raw = opts.name ? opts.name + '@' + opts.rawSpec : opts.rawSpec + } else { + this.raw = opts.raw + } + + this.name = undefined + this.escapedName = undefined + this.scope = undefined + this.rawSpec = opts.rawSpec || '' + this.saveSpec = opts.saveSpec + this.fetchSpec = opts.fetchSpec + if (opts.name) { + this.setName(opts.name) + } + this.gitRange = opts.gitRange + this.gitCommittish = opts.gitCommittish + this.gitSubdir = opts.gitSubdir + this.hosted = opts.hosted +} + +Result.prototype.setName = function (name) { + const valid = validatePackageName(name) + if (!valid.validForOldPackages) { + throw invalidPackageName(name, valid, this.raw) + } + + this.name = name + this.scope = name[0] === '@' ? name.slice(0, name.indexOf('/')) : undefined + // scoped packages in couch must have slash url-encoded, e.g. @foo%2Fbar + this.escapedName = name.replace('/', '%2f') + return this +} + +Result.prototype.toString = function () { + const full = [] + if (this.name != null && this.name !== '') { + full.push(this.name) + } + const spec = this.saveSpec || this.fetchSpec || this.rawSpec + if (spec != null && spec !== '') { + full.push(spec) + } + return full.length ? full.join('@') : this.raw +} + +Result.prototype.toJSON = function () { + const result = Object.assign({}, this) + delete result.hosted + return result +} + +function setGitCommittish (res, committish) { + if (!committish) { + res.gitCommittish = null + return res + } + + // for each :: separated item: + for (const part of committish.split('::')) { + // if the item has no : the n it is a commit-ish + if (!part.includes(':')) { + if (res.gitRange) { + throw new Error('cannot override existing semver range with a committish') + } + if (res.gitCommittish) { + throw new Error('cannot override existing committish with a second committish') + } + res.gitCommittish = part + continue + } + // split on name:value + const [name, value] = part.split(':') + // if name is semver do semver lookup of ref or tag + if (name === 'semver') { + if (res.gitCommittish) { + throw new Error('cannot override existing committish with a semver range') + } + if (res.gitRange) { + throw new Error('cannot override existing semver range with a second semver range') + } + res.gitRange = decodeURIComponent(value) + continue + } + if (name === 'path') { + if (res.gitSubdir) { + throw new Error('cannot override existing path with a second path') + } + res.gitSubdir = `/${value}` + continue + } + log.warn('npm-package-arg', `ignoring unknown key "${name}"`) + } + + return res +} + +function fromFile (res, where) { + if (!where) { + where = process.cwd() + } + res.type = isFilename.test(res.rawSpec) ? 'file' : 'directory' + res.where = where + + // always put the '/' on where when resolving urls, or else + // file:foo from /path/to/bar goes to /path/to/foo, when we want + // it to be /path/to/bar/foo + + let specUrl + let resolvedUrl + const prefix = (!/^file:/.test(res.rawSpec) ? 'file:' : '') + const rawWithPrefix = prefix + res.rawSpec + let rawNoPrefix = rawWithPrefix.replace(/^file:/, '') + try { + resolvedUrl = new url.URL(rawWithPrefix, `file://${path.resolve(where)}/`) + specUrl = new url.URL(rawWithPrefix) + } catch (originalError) { + const er = new Error('Invalid file: URL, must comply with RFC 8909') + throw Object.assign(er, { + raw: res.rawSpec, + spec: res, + where, + originalError, + }) + } + + // environment switch for testing + if (process.env.NPM_PACKAGE_ARG_8909_STRICT !== '1') { + // XXX backwards compatibility lack of compliance with 8909 + // Remove when we want a breaking change to come into RFC compliance. + if (resolvedUrl.host && resolvedUrl.host !== 'localhost') { + const rawSpec = res.rawSpec.replace(/^file:\/\//, 'file:///') + resolvedUrl = new url.URL(rawSpec, `file://${path.resolve(where)}/`) + specUrl = new url.URL(rawSpec) + rawNoPrefix = rawSpec.replace(/^file:/, '') + } + // turn file:/../foo into file:../foo + // for 1, 2 or 3 leading slashes since we attempted + // in the previous step to make it a file protocol url with a leading slash + if (/^\/{1,3}\.\.?(\/|$)/.test(rawNoPrefix)) { + const rawSpec = res.rawSpec.replace(/^file:\/{1,3}/, 'file:') + resolvedUrl = new url.URL(rawSpec, `file://${path.resolve(where)}/`) + specUrl = new url.URL(rawSpec) + rawNoPrefix = rawSpec.replace(/^file:/, '') + } + // XXX end 8909 violation backwards compatibility section + } + + // file:foo - relative url to ./foo + // file:/foo - absolute path /foo + // file:///foo - absolute path to /foo, no authority host + // file://localhost/foo - absolute path to /foo, on localhost + // file://foo - absolute path to / on foo host (error!) + if (resolvedUrl.host && resolvedUrl.host !== 'localhost') { + const msg = `Invalid file: URL, must be absolute if // present` + throw Object.assign(new Error(msg), { + raw: res.rawSpec, + parsed: resolvedUrl, + }) + } + + // turn /C:/blah into just C:/blah on windows + let specPath = decodeURIComponent(specUrl.pathname) + let resolvedPath = decodeURIComponent(resolvedUrl.pathname) + if (isWindows) { + specPath = specPath.replace(/^\/+([a-z]:\/)/i, '$1') + resolvedPath = resolvedPath.replace(/^\/+([a-z]:\/)/i, '$1') + } + + // replace ~ with homedir, but keep the ~ in the saveSpec + // otherwise, make it relative to where param + if (/^\/~(\/|$)/.test(specPath)) { + res.saveSpec = `file:${specPath.substr(1)}` + resolvedPath = path.resolve(homedir(), specPath.substr(3)) + } else if (!path.isAbsolute(rawNoPrefix)) { + res.saveSpec = `file:${path.relative(where, resolvedPath)}` + } else { + res.saveSpec = `file:${path.resolve(resolvedPath)}` + } + + res.fetchSpec = path.resolve(where, resolvedPath) + return res +} + +function fromHostedGit (res, hosted) { + res.type = 'git' + res.hosted = hosted + res.saveSpec = hosted.toString({ noGitPlus: false, noCommittish: false }) + res.fetchSpec = hosted.getDefaultRepresentation() === 'shortcut' ? null : hosted.toString() + return setGitCommittish(res, hosted.committish) +} + +function unsupportedURLType (protocol, spec) { + const err = new Error(`Unsupported URL Type "${protocol}": ${spec}`) + err.code = 'EUNSUPPORTEDPROTOCOL' + return err +} + +function matchGitScp (spec) { + // git ssh specifiers are overloaded to also use scp-style git + // specifiers, so we have to parse those out and treat them special. + // They are NOT true URIs, so we can't hand them to `url.parse`. + // + // This regex looks for things that look like: + // git+ssh://git@my.custom.git.com:username/project.git#deadbeef + // + // ...and various combinations. The username in the beginning is *required*. + const matched = spec.match(/^git\+ssh:\/\/([^:#]+:[^#]+(?:\.git)?)(?:#(.*))?$/i) + return matched && !matched[1].match(/:[0-9]+\/?.*$/i) && { + fetchSpec: matched[1], + gitCommittish: matched[2] == null ? null : matched[2], + } +} + +function fromURL (res) { + // eslint-disable-next-line node/no-deprecated-api + const urlparse = url.parse(res.rawSpec) + res.saveSpec = res.rawSpec + // check the protocol, and then see if it's git or not + switch (urlparse.protocol) { + case 'git:': + case 'git+http:': + case 'git+https:': + case 'git+rsync:': + case 'git+ftp:': + case 'git+file:': + case 'git+ssh:': { + res.type = 'git' + const match = urlparse.protocol === 'git+ssh:' ? matchGitScp(res.rawSpec) + : null + if (match) { + setGitCommittish(res, match.gitCommittish) + res.fetchSpec = match.fetchSpec + } else { + setGitCommittish(res, urlparse.hash != null ? urlparse.hash.slice(1) : '') + urlparse.protocol = urlparse.protocol.replace(/^git[+]/, '') + if (urlparse.protocol === 'file:' && /^git\+file:\/\/[a-z]:/i.test(res.rawSpec)) { + // keep the drive letter : on windows file paths + urlparse.host += ':' + urlparse.hostname += ':' + } + delete urlparse.hash + res.fetchSpec = url.format(urlparse) + } + break + } + case 'http:': + case 'https:': + res.type = 'remote' + res.fetchSpec = res.saveSpec + break + + default: + throw unsupportedURLType(urlparse.protocol, res.rawSpec) + } + + return res +} + +function fromAlias (res, where) { + const subSpec = npa(res.rawSpec.substr(4), where) + if (subSpec.type === 'alias') { + throw new Error('nested aliases not supported') + } + + if (!subSpec.registry) { + throw new Error('aliases only work for registry deps') + } + + res.subSpec = subSpec + res.registry = true + res.type = 'alias' + res.saveSpec = null + res.fetchSpec = null + return res +} + +function fromRegistry (res) { + res.registry = true + const spec = res.rawSpec.trim() + // no save spec for registry components as we save based on the fetched + // version, not on the argument so this can't compute that. + res.saveSpec = null + res.fetchSpec = spec + const version = semver.valid(spec, true) + const range = semver.validRange(spec, true) + if (version) { + res.type = 'version' + } else if (range) { + res.type = 'range' + } else { + if (encodeURIComponent(spec) !== spec) { + throw invalidTagName(spec, res.raw) + } + res.type = 'tag' + } + return res +} diff --git a/node_modules/init-package-json/node_modules/npm-package-arg/package.json b/node_modules/init-package-json/node_modules/npm-package-arg/package.json new file mode 100644 index 0000000000000..bb9e71b258a93 --- /dev/null +++ b/node_modules/init-package-json/node_modules/npm-package-arg/package.json @@ -0,0 +1,59 @@ +{ + "name": "npm-package-arg", + "version": "10.1.0", + "description": "Parse the things that can be arguments to `npm install`", + "main": "./lib/npa.js", + "directories": { + "test": "test" + }, + "files": [ + "bin/", + "lib/" + ], + "dependencies": { + "hosted-git-info": "^6.0.0", + "proc-log": "^3.0.0", + "semver": "^7.3.5", + "validate-npm-package-name": "^5.0.0" + }, + "devDependencies": { + "@npmcli/eslint-config": "^4.0.0", + "@npmcli/template-oss": "4.10.0", + "tap": "^16.0.1" + }, + "scripts": { + "test": "tap", + "snap": "tap", + "npmclilint": "npmcli-lint", + "lint": "eslint \"**/*.js\"", + "lintfix": "npm run lint -- --fix", + "posttest": "npm run lint", + "postsnap": "npm run lintfix --", + "postlint": "template-oss-check", + "template-oss-apply": "template-oss-apply --force" + }, + "repository": { + "type": "git", + "url": "https://github.com/npm/npm-package-arg.git" + }, + "author": "GitHub Inc.", + "license": "ISC", + "bugs": { + "url": "https://github.com/npm/npm-package-arg/issues" + }, + "homepage": "https://github.com/npm/npm-package-arg", + "engines": { + "node": "^14.17.0 || ^16.13.0 || >=18.0.0" + }, + "tap": { + "branches": 97, + "nyc-arg": [ + "--exclude", + "tap-snapshots/**" + ] + }, + "templateOSS": { + "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.", + "version": "4.10.0" + } +} diff --git a/node_modules/npm-package-arg/lib/npa.js b/node_modules/npm-package-arg/lib/npa.js index 36bd18cd9f9a6..f5ede2326e7b4 100644 --- a/node_modules/npm-package-arg/lib/npa.js +++ b/node_modules/npm-package-arg/lib/npa.js @@ -257,40 +257,23 @@ function fromFile (res, where) { }) } - // environment switch for testing - if (process.env.NPM_PACKAGE_ARG_8909_STRICT !== '1') { - // XXX backwards compatibility lack of compliance with 8909 - // Remove when we want a breaking change to come into RFC compliance. - if (resolvedUrl.host && resolvedUrl.host !== 'localhost') { - const rawSpec = res.rawSpec.replace(/^file:\/\//, 'file:///') - resolvedUrl = new url.URL(rawSpec, `file://${path.resolve(where)}/`) - specUrl = new url.URL(rawSpec) - rawNoPrefix = rawSpec.replace(/^file:/, '') - } - // turn file:/../foo into file:../foo - // for 1, 2 or 3 leading slashes since we attempted - // in the previous step to make it a file protocol url with a leading slash - if (/^\/{1,3}\.\.?(\/|$)/.test(rawNoPrefix)) { - const rawSpec = res.rawSpec.replace(/^file:\/{1,3}/, 'file:') - resolvedUrl = new url.URL(rawSpec, `file://${path.resolve(where)}/`) - specUrl = new url.URL(rawSpec) - rawNoPrefix = rawSpec.replace(/^file:/, '') - } - // XXX end 8909 violation backwards compatibility section - } - - // file:foo - relative url to ./foo - // file:/foo - absolute path /foo - // file:///foo - absolute path to /foo, no authority host - // file://localhost/foo - absolute path to /foo, on localhost - // file://foo - absolute path to / on foo host (error!) + // XXX backwards compatibility lack of compliance with RFC 8909 if (resolvedUrl.host && resolvedUrl.host !== 'localhost') { - const msg = `Invalid file: URL, must be absolute if // present` - throw Object.assign(new Error(msg), { - raw: res.rawSpec, - parsed: resolvedUrl, - }) + const rawSpec = res.rawSpec.replace(/^file:\/\//, 'file:///') + resolvedUrl = new url.URL(rawSpec, `file://${path.resolve(where)}/`) + specUrl = new url.URL(rawSpec) + rawNoPrefix = rawSpec.replace(/^file:/, '') + } + // turn file:/../foo into file:../foo + // for 1, 2 or 3 leading slashes since we attempted + // in the previous step to make it a file protocol url with a leading slash + if (/^\/{1,3}\.\.?(\/|$)/.test(rawNoPrefix)) { + const rawSpec = res.rawSpec.replace(/^file:\/{1,3}/, 'file:') + resolvedUrl = new url.URL(rawSpec, `file://${path.resolve(where)}/`) + specUrl = new url.URL(rawSpec) + rawNoPrefix = rawSpec.replace(/^file:/, '') } + // XXX end RFC 8909 violation backwards compatibility section // turn /C:/blah into just C:/blah on windows let specPath = decodeURIComponent(specUrl.pathname) diff --git a/node_modules/npm-package-arg/package.json b/node_modules/npm-package-arg/package.json index bb9e71b258a93..9ba1d135f3ebf 100644 --- a/node_modules/npm-package-arg/package.json +++ b/node_modules/npm-package-arg/package.json @@ -1,6 +1,6 @@ { "name": "npm-package-arg", - "version": "10.1.0", + "version": "11.0.0", "description": "Parse the things that can be arguments to `npm install`", "main": "./lib/npa.js", "directories": { @@ -11,14 +11,14 @@ "lib/" ], "dependencies": { - "hosted-git-info": "^6.0.0", + "hosted-git-info": "^7.0.0", "proc-log": "^3.0.0", "semver": "^7.3.5", "validate-npm-package-name": "^5.0.0" }, "devDependencies": { "@npmcli/eslint-config": "^4.0.0", - "@npmcli/template-oss": "4.10.0", + "@npmcli/template-oss": "4.18.0", "tap": "^16.0.1" }, "scripts": { @@ -43,7 +43,7 @@ }, "homepage": "https://github.com/npm/npm-package-arg", "engines": { - "node": "^14.17.0 || ^16.13.0 || >=18.0.0" + "node": "^16.14.0 || >=18.0.0" }, "tap": { "branches": 97, @@ -54,6 +54,13 @@ }, "templateOSS": { "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.", - "version": "4.10.0" + "version": "4.18.0", + "publish": true, + "ciVersions": [ + "16.14.0", + "16.x", + "18.0.0", + "18.x" + ] } } diff --git a/node_modules/npm-pick-manifest/node_modules/hosted-git-info/LICENSE b/node_modules/npm-pick-manifest/node_modules/hosted-git-info/LICENSE new file mode 100644 index 0000000000000..45055763dc838 --- /dev/null +++ b/node_modules/npm-pick-manifest/node_modules/hosted-git-info/LICENSE @@ -0,0 +1,13 @@ +Copyright (c) 2015, Rebecca Turner + +Permission to use, copy, modify, and/or distribute this software for any +purpose with or without fee is hereby granted, provided that the above +copyright notice and this permission notice appear in all copies. + +THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH +REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND +FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, +INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR +OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +PERFORMANCE OF THIS SOFTWARE. diff --git a/node_modules/npm-pick-manifest/node_modules/hosted-git-info/lib/from-url.js b/node_modules/npm-pick-manifest/node_modules/hosted-git-info/lib/from-url.js new file mode 100644 index 0000000000000..efc1247d59d12 --- /dev/null +++ b/node_modules/npm-pick-manifest/node_modules/hosted-git-info/lib/from-url.js @@ -0,0 +1,122 @@ +'use strict' + +const parseUrl = require('./parse-url') + +// look for github shorthand inputs, such as npm/cli +const isGitHubShorthand = (arg) => { + // it cannot contain whitespace before the first # + // it cannot start with a / because that's probably an absolute file path + // but it must include a slash since repos are username/repository + // it cannot start with a . because that's probably a relative file path + // it cannot start with an @ because that's a scoped package if it passes the other tests + // it cannot contain a : before a # because that tells us that there's a protocol + // a second / may not exist before a # + const firstHash = arg.indexOf('#') + const firstSlash = arg.indexOf('/') + const secondSlash = arg.indexOf('/', firstSlash + 1) + const firstColon = arg.indexOf(':') + const firstSpace = /\s/.exec(arg) + const firstAt = arg.indexOf('@') + + const spaceOnlyAfterHash = !firstSpace || (firstHash > -1 && firstSpace.index > firstHash) + const atOnlyAfterHash = firstAt === -1 || (firstHash > -1 && firstAt > firstHash) + const colonOnlyAfterHash = firstColon === -1 || (firstHash > -1 && firstColon > firstHash) + const secondSlashOnlyAfterHash = secondSlash === -1 || (firstHash > -1 && secondSlash > firstHash) + const hasSlash = firstSlash > 0 + // if a # is found, what we really want to know is that the character + // immediately before # is not a / + const doesNotEndWithSlash = firstHash > -1 ? arg[firstHash - 1] !== '/' : !arg.endsWith('/') + const doesNotStartWithDot = !arg.startsWith('.') + + return spaceOnlyAfterHash && hasSlash && doesNotEndWithSlash && + doesNotStartWithDot && atOnlyAfterHash && colonOnlyAfterHash && + secondSlashOnlyAfterHash +} + +module.exports = (giturl, opts, { gitHosts, protocols }) => { + if (!giturl) { + return + } + + const correctedUrl = isGitHubShorthand(giturl) ? `github:${giturl}` : giturl + const parsed = parseUrl(correctedUrl, protocols) + if (!parsed) { + return + } + + const gitHostShortcut = gitHosts.byShortcut[parsed.protocol] + const gitHostDomain = gitHosts.byDomain[parsed.hostname.startsWith('www.') + ? parsed.hostname.slice(4) + : parsed.hostname] + const gitHostName = gitHostShortcut || gitHostDomain + if (!gitHostName) { + return + } + + const gitHostInfo = gitHosts[gitHostShortcut || gitHostDomain] + let auth = null + if (protocols[parsed.protocol]?.auth && (parsed.username || parsed.password)) { + auth = `${parsed.username}${parsed.password ? ':' + parsed.password : ''}` + } + + let committish = null + let user = null + let project = null + let defaultRepresentation = null + + try { + if (gitHostShortcut) { + let pathname = parsed.pathname.startsWith('/') ? parsed.pathname.slice(1) : parsed.pathname + const firstAt = pathname.indexOf('@') + // we ignore auth for shortcuts, so just trim it out + if (firstAt > -1) { + pathname = pathname.slice(firstAt + 1) + } + + const lastSlash = pathname.lastIndexOf('/') + if (lastSlash > -1) { + user = decodeURIComponent(pathname.slice(0, lastSlash)) + // we want nulls only, never empty strings + if (!user) { + user = null + } + project = decodeURIComponent(pathname.slice(lastSlash + 1)) + } else { + project = decodeURIComponent(pathname) + } + + if (project.endsWith('.git')) { + project = project.slice(0, -4) + } + + if (parsed.hash) { + committish = decodeURIComponent(parsed.hash.slice(1)) + } + + defaultRepresentation = 'shortcut' + } else { + if (!gitHostInfo.protocols.includes(parsed.protocol)) { + return + } + + const segments = gitHostInfo.extract(parsed) + if (!segments) { + return + } + + user = segments.user && decodeURIComponent(segments.user) + project = decodeURIComponent(segments.project) + committish = decodeURIComponent(segments.committish) + defaultRepresentation = protocols[parsed.protocol]?.name || parsed.protocol.slice(0, -1) + } + } catch (err) { + /* istanbul ignore else */ + if (err instanceof URIError) { + return + } else { + throw err + } + } + + return [gitHostName, user, auth, project, committish, defaultRepresentation, opts] +} diff --git a/node_modules/npm-pick-manifest/node_modules/hosted-git-info/lib/hosts.js b/node_modules/npm-pick-manifest/node_modules/hosted-git-info/lib/hosts.js new file mode 100644 index 0000000000000..013712b7842c8 --- /dev/null +++ b/node_modules/npm-pick-manifest/node_modules/hosted-git-info/lib/hosts.js @@ -0,0 +1,228 @@ +/* eslint-disable max-len */ + +'use strict' + +const maybeJoin = (...args) => args.every(arg => arg) ? args.join('') : '' +const maybeEncode = (arg) => arg ? encodeURIComponent(arg) : '' +const formatHashFragment = (f) => f.toLowerCase().replace(/^\W+|\/|\W+$/g, '').replace(/\W+/g, '-') + +const defaults = { + sshtemplate: ({ domain, user, project, committish }) => + `git@${domain}:${user}/${project}.git${maybeJoin('#', committish)}`, + sshurltemplate: ({ domain, user, project, committish }) => + `git+ssh://git@${domain}/${user}/${project}.git${maybeJoin('#', committish)}`, + edittemplate: ({ domain, user, project, committish, editpath, path }) => + `https://${domain}/${user}/${project}${maybeJoin('/', editpath, '/', maybeEncode(committish || 'HEAD'), '/', path)}`, + browsetemplate: ({ domain, user, project, committish, treepath }) => + `https://${domain}/${user}/${project}${maybeJoin('/', treepath, '/', maybeEncode(committish))}`, + browsetreetemplate: ({ domain, user, project, committish, treepath, path, fragment, hashformat }) => + `https://${domain}/${user}/${project}/${treepath}/${maybeEncode(committish || 'HEAD')}/${path}${maybeJoin('#', hashformat(fragment || ''))}`, + browseblobtemplate: ({ domain, user, project, committish, blobpath, path, fragment, hashformat }) => + `https://${domain}/${user}/${project}/${blobpath}/${maybeEncode(committish || 'HEAD')}/${path}${maybeJoin('#', hashformat(fragment || ''))}`, + docstemplate: ({ domain, user, project, treepath, committish }) => + `https://${domain}/${user}/${project}${maybeJoin('/', treepath, '/', maybeEncode(committish))}#readme`, + httpstemplate: ({ auth, domain, user, project, committish }) => + `git+https://${maybeJoin(auth, '@')}${domain}/${user}/${project}.git${maybeJoin('#', committish)}`, + filetemplate: ({ domain, user, project, committish, path }) => + `https://${domain}/${user}/${project}/raw/${maybeEncode(committish || 'HEAD')}/${path}`, + shortcuttemplate: ({ type, user, project, committish }) => + `${type}:${user}/${project}${maybeJoin('#', committish)}`, + pathtemplate: ({ user, project, committish }) => + `${user}/${project}${maybeJoin('#', committish)}`, + bugstemplate: ({ domain, user, project }) => + `https://${domain}/${user}/${project}/issues`, + hashformat: formatHashFragment, +} + +const hosts = {} +hosts.github = { + // First two are insecure and generally shouldn't be used any more, but + // they are still supported. + protocols: ['git:', 'http:', 'git+ssh:', 'git+https:', 'ssh:', 'https:'], + domain: 'github.com', + treepath: 'tree', + blobpath: 'blob', + editpath: 'edit', + filetemplate: ({ auth, user, project, committish, path }) => + `https://${maybeJoin(auth, '@')}raw.githubusercontent.com/${user}/${project}/${maybeEncode(committish || 'HEAD')}/${path}`, + gittemplate: ({ auth, domain, user, project, committish }) => + `git://${maybeJoin(auth, '@')}${domain}/${user}/${project}.git${maybeJoin('#', committish)}`, + tarballtemplate: ({ domain, user, project, committish }) => + `https://codeload.${domain}/${user}/${project}/tar.gz/${maybeEncode(committish || 'HEAD')}`, + extract: (url) => { + let [, user, project, type, committish] = url.pathname.split('/', 5) + if (type && type !== 'tree') { + return + } + + if (!type) { + committish = url.hash.slice(1) + } + + if (project && project.endsWith('.git')) { + project = project.slice(0, -4) + } + + if (!user || !project) { + return + } + + return { user, project, committish } + }, +} + +hosts.bitbucket = { + protocols: ['git+ssh:', 'git+https:', 'ssh:', 'https:'], + domain: 'bitbucket.org', + treepath: 'src', + blobpath: 'src', + editpath: '?mode=edit', + edittemplate: ({ domain, user, project, committish, treepath, path, editpath }) => + `https://${domain}/${user}/${project}${maybeJoin('/', treepath, '/', maybeEncode(committish || 'HEAD'), '/', path, editpath)}`, + tarballtemplate: ({ domain, user, project, committish }) => + `https://${domain}/${user}/${project}/get/${maybeEncode(committish || 'HEAD')}.tar.gz`, + extract: (url) => { + let [, user, project, aux] = url.pathname.split('/', 4) + if (['get'].includes(aux)) { + return + } + + if (project && project.endsWith('.git')) { + project = project.slice(0, -4) + } + + if (!user || !project) { + return + } + + return { user, project, committish: url.hash.slice(1) } + }, +} + +hosts.gitlab = { + protocols: ['git+ssh:', 'git+https:', 'ssh:', 'https:'], + domain: 'gitlab.com', + treepath: 'tree', + blobpath: 'tree', + editpath: '-/edit', + httpstemplate: ({ auth, domain, user, project, committish }) => + `git+https://${maybeJoin(auth, '@')}${domain}/${user}/${project}.git${maybeJoin('#', committish)}`, + tarballtemplate: ({ domain, user, project, committish }) => + `https://${domain}/${user}/${project}/repository/archive.tar.gz?ref=${maybeEncode(committish || 'HEAD')}`, + extract: (url) => { + const path = url.pathname.slice(1) + if (path.includes('/-/') || path.includes('/archive.tar.gz')) { + return + } + + const segments = path.split('/') + let project = segments.pop() + if (project.endsWith('.git')) { + project = project.slice(0, -4) + } + + const user = segments.join('/') + if (!user || !project) { + return + } + + return { user, project, committish: url.hash.slice(1) } + }, +} + +hosts.gist = { + protocols: ['git:', 'git+ssh:', 'git+https:', 'ssh:', 'https:'], + domain: 'gist.github.com', + editpath: 'edit', + sshtemplate: ({ domain, project, committish }) => + `git@${domain}:${project}.git${maybeJoin('#', committish)}`, + sshurltemplate: ({ domain, project, committish }) => + `git+ssh://git@${domain}/${project}.git${maybeJoin('#', committish)}`, + edittemplate: ({ domain, user, project, committish, editpath }) => + `https://${domain}/${user}/${project}${maybeJoin('/', maybeEncode(committish))}/${editpath}`, + browsetemplate: ({ domain, project, committish }) => + `https://${domain}/${project}${maybeJoin('/', maybeEncode(committish))}`, + browsetreetemplate: ({ domain, project, committish, path, hashformat }) => + `https://${domain}/${project}${maybeJoin('/', maybeEncode(committish))}${maybeJoin('#', hashformat(path))}`, + browseblobtemplate: ({ domain, project, committish, path, hashformat }) => + `https://${domain}/${project}${maybeJoin('/', maybeEncode(committish))}${maybeJoin('#', hashformat(path))}`, + docstemplate: ({ domain, project, committish }) => + `https://${domain}/${project}${maybeJoin('/', maybeEncode(committish))}`, + httpstemplate: ({ domain, project, committish }) => + `git+https://${domain}/${project}.git${maybeJoin('#', committish)}`, + filetemplate: ({ user, project, committish, path }) => + `https://gist.githubusercontent.com/${user}/${project}/raw${maybeJoin('/', maybeEncode(committish))}/${path}`, + shortcuttemplate: ({ type, project, committish }) => + `${type}:${project}${maybeJoin('#', committish)}`, + pathtemplate: ({ project, committish }) => + `${project}${maybeJoin('#', committish)}`, + bugstemplate: ({ domain, project }) => + `https://${domain}/${project}`, + gittemplate: ({ domain, project, committish }) => + `git://${domain}/${project}.git${maybeJoin('#', committish)}`, + tarballtemplate: ({ project, committish }) => + `https://codeload.github.com/gist/${project}/tar.gz/${maybeEncode(committish || 'HEAD')}`, + extract: (url) => { + let [, user, project, aux] = url.pathname.split('/', 4) + if (aux === 'raw') { + return + } + + if (!project) { + if (!user) { + return + } + + project = user + user = null + } + + if (project.endsWith('.git')) { + project = project.slice(0, -4) + } + + return { user, project, committish: url.hash.slice(1) } + }, + hashformat: function (fragment) { + return fragment && 'file-' + formatHashFragment(fragment) + }, +} + +hosts.sourcehut = { + protocols: ['git+ssh:', 'https:'], + domain: 'git.sr.ht', + treepath: 'tree', + blobpath: 'tree', + filetemplate: ({ domain, user, project, committish, path }) => + `https://${domain}/${user}/${project}/blob/${maybeEncode(committish) || 'HEAD'}/${path}`, + httpstemplate: ({ domain, user, project, committish }) => + `https://${domain}/${user}/${project}.git${maybeJoin('#', committish)}`, + tarballtemplate: ({ domain, user, project, committish }) => + `https://${domain}/${user}/${project}/archive/${maybeEncode(committish) || 'HEAD'}.tar.gz`, + bugstemplate: ({ user, project }) => + `https://todo.sr.ht/${user}/${project}`, + extract: (url) => { + let [, user, project, aux] = url.pathname.split('/', 4) + + // tarball url + if (['archive'].includes(aux)) { + return + } + + if (project && project.endsWith('.git')) { + project = project.slice(0, -4) + } + + if (!user || !project) { + return + } + + return { user, project, committish: url.hash.slice(1) } + }, +} + +for (const [name, host] of Object.entries(hosts)) { + hosts[name] = Object.assign({}, defaults, host) +} + +module.exports = hosts diff --git a/node_modules/npm-pick-manifest/node_modules/hosted-git-info/lib/index.js b/node_modules/npm-pick-manifest/node_modules/hosted-git-info/lib/index.js new file mode 100644 index 0000000000000..a7339c217e9a3 --- /dev/null +++ b/node_modules/npm-pick-manifest/node_modules/hosted-git-info/lib/index.js @@ -0,0 +1,179 @@ +'use strict' + +const LRU = require('lru-cache') +const hosts = require('./hosts.js') +const fromUrl = require('./from-url.js') +const parseUrl = require('./parse-url.js') + +const cache = new LRU({ max: 1000 }) + +class GitHost { + constructor (type, user, auth, project, committish, defaultRepresentation, opts = {}) { + Object.assign(this, GitHost.#gitHosts[type], { + type, + user, + auth, + project, + committish, + default: defaultRepresentation, + opts, + }) + } + + static #gitHosts = { byShortcut: {}, byDomain: {} } + static #protocols = { + 'git+ssh:': { name: 'sshurl' }, + 'ssh:': { name: 'sshurl' }, + 'git+https:': { name: 'https', auth: true }, + 'git:': { auth: true }, + 'http:': { auth: true }, + 'https:': { auth: true }, + 'git+http:': { auth: true }, + } + + static addHost (name, host) { + GitHost.#gitHosts[name] = host + GitHost.#gitHosts.byDomain[host.domain] = name + GitHost.#gitHosts.byShortcut[`${name}:`] = name + GitHost.#protocols[`${name}:`] = { name } + } + + static fromUrl (giturl, opts) { + if (typeof giturl !== 'string') { + return + } + + const key = giturl + JSON.stringify(opts || {}) + + if (!cache.has(key)) { + const hostArgs = fromUrl(giturl, opts, { + gitHosts: GitHost.#gitHosts, + protocols: GitHost.#protocols, + }) + cache.set(key, hostArgs ? new GitHost(...hostArgs) : undefined) + } + + return cache.get(key) + } + + static parseUrl (url) { + return parseUrl(url) + } + + #fill (template, opts) { + if (typeof template !== 'function') { + return null + } + + const options = { ...this, ...this.opts, ...opts } + + // the path should always be set so we don't end up with 'undefined' in urls + if (!options.path) { + options.path = '' + } + + // template functions will insert the leading slash themselves + if (options.path.startsWith('/')) { + options.path = options.path.slice(1) + } + + if (options.noCommittish) { + options.committish = null + } + + const result = template(options) + return options.noGitPlus && result.startsWith('git+') ? result.slice(4) : result + } + + hash () { + return this.committish ? `#${this.committish}` : '' + } + + ssh (opts) { + return this.#fill(this.sshtemplate, opts) + } + + sshurl (opts) { + return this.#fill(this.sshurltemplate, opts) + } + + browse (path, ...args) { + // not a string, treat path as opts + if (typeof path !== 'string') { + return this.#fill(this.browsetemplate, path) + } + + if (typeof args[0] !== 'string') { + return this.#fill(this.browsetreetemplate, { ...args[0], path }) + } + + return this.#fill(this.browsetreetemplate, { ...args[1], fragment: args[0], path }) + } + + // If the path is known to be a file, then browseFile should be used. For some hosts + // the url is the same as browse, but for others like GitHub a file can use both `/tree/` + // and `/blob/` in the path. When using a default committish of `HEAD` then the `/tree/` + // path will redirect to a specific commit. Using the `/blob/` path avoids this and + // does not redirect to a different commit. + browseFile (path, ...args) { + if (typeof args[0] !== 'string') { + return this.#fill(this.browseblobtemplate, { ...args[0], path }) + } + + return this.#fill(this.browseblobtemplate, { ...args[1], fragment: args[0], path }) + } + + docs (opts) { + return this.#fill(this.docstemplate, opts) + } + + bugs (opts) { + return this.#fill(this.bugstemplate, opts) + } + + https (opts) { + return this.#fill(this.httpstemplate, opts) + } + + git (opts) { + return this.#fill(this.gittemplate, opts) + } + + shortcut (opts) { + return this.#fill(this.shortcuttemplate, opts) + } + + path (opts) { + return this.#fill(this.pathtemplate, opts) + } + + tarball (opts) { + return this.#fill(this.tarballtemplate, { ...opts, noCommittish: false }) + } + + file (path, opts) { + return this.#fill(this.filetemplate, { ...opts, path }) + } + + edit (path, opts) { + return this.#fill(this.edittemplate, { ...opts, path }) + } + + getDefaultRepresentation () { + return this.default + } + + toString (opts) { + if (this.default && typeof this[this.default] === 'function') { + return this[this.default](opts) + } + + return this.sshurl(opts) + } +} + +for (const [name, host] of Object.entries(hosts)) { + GitHost.addHost(name, host) +} + +module.exports = GitHost diff --git a/node_modules/npm-pick-manifest/node_modules/hosted-git-info/lib/parse-url.js b/node_modules/npm-pick-manifest/node_modules/hosted-git-info/lib/parse-url.js new file mode 100644 index 0000000000000..7d5489c008ab4 --- /dev/null +++ b/node_modules/npm-pick-manifest/node_modules/hosted-git-info/lib/parse-url.js @@ -0,0 +1,78 @@ +const url = require('url') + +const lastIndexOfBefore = (str, char, beforeChar) => { + const startPosition = str.indexOf(beforeChar) + return str.lastIndexOf(char, startPosition > -1 ? startPosition : Infinity) +} + +const safeUrl = (u) => { + try { + return new url.URL(u) + } catch { + // this fn should never throw + } +} + +// accepts input like git:github.com:user/repo and inserts the // after the first : +const correctProtocol = (arg, protocols) => { + const firstColon = arg.indexOf(':') + const proto = arg.slice(0, firstColon + 1) + if (Object.prototype.hasOwnProperty.call(protocols, proto)) { + return arg + } + + const firstAt = arg.indexOf('@') + if (firstAt > -1) { + if (firstAt > firstColon) { + return `git+ssh://${arg}` + } else { + return arg + } + } + + const doubleSlash = arg.indexOf('//') + if (doubleSlash === firstColon + 1) { + return arg + } + + return `${arg.slice(0, firstColon + 1)}//${arg.slice(firstColon + 1)}` +} + +// attempt to correct an scp style url so that it will parse with `new URL()` +const correctUrl = (giturl) => { + // ignore @ that come after the first hash since the denotes the start + // of a committish which can contain @ characters + const firstAt = lastIndexOfBefore(giturl, '@', '#') + // ignore colons that come after the hash since that could include colons such as: + // git@github.com:user/package-2#semver:^1.0.0 + const lastColonBeforeHash = lastIndexOfBefore(giturl, ':', '#') + + if (lastColonBeforeHash > firstAt) { + // the last : comes after the first @ (or there is no @) + // like it would in: + // proto://hostname.com:user/repo + // username@hostname.com:user/repo + // :password@hostname.com:user/repo + // username:password@hostname.com:user/repo + // proto://username@hostname.com:user/repo + // proto://:password@hostname.com:user/repo + // proto://username:password@hostname.com:user/repo + // then we replace the last : with a / to create a valid path + giturl = giturl.slice(0, lastColonBeforeHash) + '/' + giturl.slice(lastColonBeforeHash + 1) + } + + if (lastIndexOfBefore(giturl, ':', '#') === -1 && giturl.indexOf('//') === -1) { + // we have no : at all + // as it would be in: + // username@hostname.com/user/repo + // then we prepend a protocol + giturl = `git+ssh://${giturl}` + } + + return giturl +} + +module.exports = (giturl, protocols) => { + const withProtocol = protocols ? correctProtocol(giturl, protocols) : giturl + return safeUrl(withProtocol) || safeUrl(correctUrl(withProtocol)) +} diff --git a/node_modules/npm-pick-manifest/node_modules/hosted-git-info/package.json b/node_modules/npm-pick-manifest/node_modules/hosted-git-info/package.json new file mode 100644 index 0000000000000..612259948afe7 --- /dev/null +++ b/node_modules/npm-pick-manifest/node_modules/hosted-git-info/package.json @@ -0,0 +1,59 @@ +{ + "name": "hosted-git-info", + "version": "6.1.1", + "description": "Provides metadata and conversions from repository urls for GitHub, Bitbucket and GitLab", + "main": "./lib/index.js", + "repository": { + "type": "git", + "url": "https://github.com/npm/hosted-git-info.git" + }, + "keywords": [ + "git", + "github", + "bitbucket", + "gitlab" + ], + "author": "GitHub Inc.", + "license": "ISC", + "bugs": { + "url": "https://github.com/npm/hosted-git-info/issues" + }, + "homepage": "https://github.com/npm/hosted-git-info", + "scripts": { + "posttest": "npm run lint", + "snap": "tap", + "test": "tap", + "test:coverage": "tap --coverage-report=html", + "lint": "eslint \"**/*.js\"", + "postlint": "template-oss-check", + "lintfix": "npm run lint -- --fix", + "template-oss-apply": "template-oss-apply --force" + }, + "dependencies": { + "lru-cache": "^7.5.1" + }, + "devDependencies": { + "@npmcli/eslint-config": "^4.0.0", + "@npmcli/template-oss": "4.7.1", + "tap": "^16.0.1" + }, + "files": [ + "bin/", + "lib/" + ], + "engines": { + "node": "^14.17.0 || ^16.13.0 || >=18.0.0" + }, + "tap": { + "color": 1, + "coverage": true, + "nyc-arg": [ + "--exclude", + "tap-snapshots/**" + ] + }, + "templateOSS": { + "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.", + "version": "4.7.1" + } +} diff --git a/node_modules/npm-pick-manifest/node_modules/npm-package-arg/LICENSE b/node_modules/npm-pick-manifest/node_modules/npm-package-arg/LICENSE new file mode 100644 index 0000000000000..19cec97b18468 --- /dev/null +++ b/node_modules/npm-pick-manifest/node_modules/npm-package-arg/LICENSE @@ -0,0 +1,15 @@ +The ISC License + +Copyright (c) npm, Inc. + +Permission to use, copy, modify, and/or distribute this software for any +purpose with or without fee is hereby granted, provided that the above +copyright notice and this permission notice appear in all copies. + +THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR +IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. diff --git a/node_modules/npm-pick-manifest/node_modules/npm-package-arg/lib/npa.js b/node_modules/npm-pick-manifest/node_modules/npm-package-arg/lib/npa.js new file mode 100644 index 0000000000000..36bd18cd9f9a6 --- /dev/null +++ b/node_modules/npm-pick-manifest/node_modules/npm-package-arg/lib/npa.js @@ -0,0 +1,431 @@ +'use strict' +module.exports = npa +module.exports.resolve = resolve +module.exports.toPurl = toPurl +module.exports.Result = Result + +const url = require('url') +const HostedGit = require('hosted-git-info') +const semver = require('semver') +const path = global.FAKE_WINDOWS ? require('path').win32 : require('path') +const validatePackageName = require('validate-npm-package-name') +const { homedir } = require('os') +const log = require('proc-log') + +const isWindows = process.platform === 'win32' || global.FAKE_WINDOWS +const hasSlashes = isWindows ? /\\|[/]/ : /[/]/ +const isURL = /^(?:git[+])?[a-z]+:/i +const isGit = /^[^@]+@[^:.]+\.[^:]+:.+$/i +const isFilename = /[.](?:tgz|tar.gz|tar)$/i + +function npa (arg, where) { + let name + let spec + if (typeof arg === 'object') { + if (arg instanceof Result && (!where || where === arg.where)) { + return arg + } else if (arg.name && arg.rawSpec) { + return npa.resolve(arg.name, arg.rawSpec, where || arg.where) + } else { + return npa(arg.raw, where || arg.where) + } + } + const nameEndsAt = arg[0] === '@' ? arg.slice(1).indexOf('@') + 1 : arg.indexOf('@') + const namePart = nameEndsAt > 0 ? arg.slice(0, nameEndsAt) : arg + if (isURL.test(arg)) { + spec = arg + } else if (isGit.test(arg)) { + spec = `git+ssh://${arg}` + } else if (namePart[0] !== '@' && (hasSlashes.test(namePart) || isFilename.test(namePart))) { + spec = arg + } else if (nameEndsAt > 0) { + name = namePart + spec = arg.slice(nameEndsAt + 1) || '*' + } else { + const valid = validatePackageName(arg) + if (valid.validForOldPackages) { + name = arg + spec = '*' + } else { + spec = arg + } + } + return resolve(name, spec, where, arg) +} + +const isFilespec = isWindows ? /^(?:[.]|~[/]|[/\\]|[a-zA-Z]:)/ : /^(?:[.]|~[/]|[/]|[a-zA-Z]:)/ + +function resolve (name, spec, where, arg) { + const res = new Result({ + raw: arg, + name: name, + rawSpec: spec, + fromArgument: arg != null, + }) + + if (name) { + res.setName(name) + } + + if (spec && (isFilespec.test(spec) || /^file:/i.test(spec))) { + return fromFile(res, where) + } else if (spec && /^npm:/i.test(spec)) { + return fromAlias(res, where) + } + + const hosted = HostedGit.fromUrl(spec, { + noGitPlus: true, + noCommittish: true, + }) + if (hosted) { + return fromHostedGit(res, hosted) + } else if (spec && isURL.test(spec)) { + return fromURL(res) + } else if (spec && (hasSlashes.test(spec) || isFilename.test(spec))) { + return fromFile(res, where) + } else { + return fromRegistry(res) + } +} + +const defaultRegistry = 'https://registry.npmjs.org' + +function toPurl (arg, reg = defaultRegistry) { + const res = npa(arg) + + if (res.type !== 'version') { + throw invalidPurlType(res.type, res.raw) + } + + // URI-encode leading @ of scoped packages + let purl = 'pkg:npm/' + res.name.replace(/^@/, '%40') + '@' + res.rawSpec + if (reg !== defaultRegistry) { + purl += '?repository_url=' + reg + } + + return purl +} + +function invalidPackageName (name, valid, raw) { + // eslint-disable-next-line max-len + const err = new Error(`Invalid package name "${name}" of package "${raw}": ${valid.errors.join('; ')}.`) + err.code = 'EINVALIDPACKAGENAME' + return err +} + +function invalidTagName (name, raw) { + // eslint-disable-next-line max-len + const err = new Error(`Invalid tag name "${name}" of package "${raw}": Tags may not have any characters that encodeURIComponent encodes.`) + err.code = 'EINVALIDTAGNAME' + return err +} + +function invalidPurlType (type, raw) { + // eslint-disable-next-line max-len + const err = new Error(`Invalid type "${type}" of package "${raw}": Purl can only be generated for "version" types.`) + err.code = 'EINVALIDPURLTYPE' + return err +} + +function Result (opts) { + this.type = opts.type + this.registry = opts.registry + this.where = opts.where + if (opts.raw == null) { + this.raw = opts.name ? opts.name + '@' + opts.rawSpec : opts.rawSpec + } else { + this.raw = opts.raw + } + + this.name = undefined + this.escapedName = undefined + this.scope = undefined + this.rawSpec = opts.rawSpec || '' + this.saveSpec = opts.saveSpec + this.fetchSpec = opts.fetchSpec + if (opts.name) { + this.setName(opts.name) + } + this.gitRange = opts.gitRange + this.gitCommittish = opts.gitCommittish + this.gitSubdir = opts.gitSubdir + this.hosted = opts.hosted +} + +Result.prototype.setName = function (name) { + const valid = validatePackageName(name) + if (!valid.validForOldPackages) { + throw invalidPackageName(name, valid, this.raw) + } + + this.name = name + this.scope = name[0] === '@' ? name.slice(0, name.indexOf('/')) : undefined + // scoped packages in couch must have slash url-encoded, e.g. @foo%2Fbar + this.escapedName = name.replace('/', '%2f') + return this +} + +Result.prototype.toString = function () { + const full = [] + if (this.name != null && this.name !== '') { + full.push(this.name) + } + const spec = this.saveSpec || this.fetchSpec || this.rawSpec + if (spec != null && spec !== '') { + full.push(spec) + } + return full.length ? full.join('@') : this.raw +} + +Result.prototype.toJSON = function () { + const result = Object.assign({}, this) + delete result.hosted + return result +} + +function setGitCommittish (res, committish) { + if (!committish) { + res.gitCommittish = null + return res + } + + // for each :: separated item: + for (const part of committish.split('::')) { + // if the item has no : the n it is a commit-ish + if (!part.includes(':')) { + if (res.gitRange) { + throw new Error('cannot override existing semver range with a committish') + } + if (res.gitCommittish) { + throw new Error('cannot override existing committish with a second committish') + } + res.gitCommittish = part + continue + } + // split on name:value + const [name, value] = part.split(':') + // if name is semver do semver lookup of ref or tag + if (name === 'semver') { + if (res.gitCommittish) { + throw new Error('cannot override existing committish with a semver range') + } + if (res.gitRange) { + throw new Error('cannot override existing semver range with a second semver range') + } + res.gitRange = decodeURIComponent(value) + continue + } + if (name === 'path') { + if (res.gitSubdir) { + throw new Error('cannot override existing path with a second path') + } + res.gitSubdir = `/${value}` + continue + } + log.warn('npm-package-arg', `ignoring unknown key "${name}"`) + } + + return res +} + +function fromFile (res, where) { + if (!where) { + where = process.cwd() + } + res.type = isFilename.test(res.rawSpec) ? 'file' : 'directory' + res.where = where + + // always put the '/' on where when resolving urls, or else + // file:foo from /path/to/bar goes to /path/to/foo, when we want + // it to be /path/to/bar/foo + + let specUrl + let resolvedUrl + const prefix = (!/^file:/.test(res.rawSpec) ? 'file:' : '') + const rawWithPrefix = prefix + res.rawSpec + let rawNoPrefix = rawWithPrefix.replace(/^file:/, '') + try { + resolvedUrl = new url.URL(rawWithPrefix, `file://${path.resolve(where)}/`) + specUrl = new url.URL(rawWithPrefix) + } catch (originalError) { + const er = new Error('Invalid file: URL, must comply with RFC 8909') + throw Object.assign(er, { + raw: res.rawSpec, + spec: res, + where, + originalError, + }) + } + + // environment switch for testing + if (process.env.NPM_PACKAGE_ARG_8909_STRICT !== '1') { + // XXX backwards compatibility lack of compliance with 8909 + // Remove when we want a breaking change to come into RFC compliance. + if (resolvedUrl.host && resolvedUrl.host !== 'localhost') { + const rawSpec = res.rawSpec.replace(/^file:\/\//, 'file:///') + resolvedUrl = new url.URL(rawSpec, `file://${path.resolve(where)}/`) + specUrl = new url.URL(rawSpec) + rawNoPrefix = rawSpec.replace(/^file:/, '') + } + // turn file:/../foo into file:../foo + // for 1, 2 or 3 leading slashes since we attempted + // in the previous step to make it a file protocol url with a leading slash + if (/^\/{1,3}\.\.?(\/|$)/.test(rawNoPrefix)) { + const rawSpec = res.rawSpec.replace(/^file:\/{1,3}/, 'file:') + resolvedUrl = new url.URL(rawSpec, `file://${path.resolve(where)}/`) + specUrl = new url.URL(rawSpec) + rawNoPrefix = rawSpec.replace(/^file:/, '') + } + // XXX end 8909 violation backwards compatibility section + } + + // file:foo - relative url to ./foo + // file:/foo - absolute path /foo + // file:///foo - absolute path to /foo, no authority host + // file://localhost/foo - absolute path to /foo, on localhost + // file://foo - absolute path to / on foo host (error!) + if (resolvedUrl.host && resolvedUrl.host !== 'localhost') { + const msg = `Invalid file: URL, must be absolute if // present` + throw Object.assign(new Error(msg), { + raw: res.rawSpec, + parsed: resolvedUrl, + }) + } + + // turn /C:/blah into just C:/blah on windows + let specPath = decodeURIComponent(specUrl.pathname) + let resolvedPath = decodeURIComponent(resolvedUrl.pathname) + if (isWindows) { + specPath = specPath.replace(/^\/+([a-z]:\/)/i, '$1') + resolvedPath = resolvedPath.replace(/^\/+([a-z]:\/)/i, '$1') + } + + // replace ~ with homedir, but keep the ~ in the saveSpec + // otherwise, make it relative to where param + if (/^\/~(\/|$)/.test(specPath)) { + res.saveSpec = `file:${specPath.substr(1)}` + resolvedPath = path.resolve(homedir(), specPath.substr(3)) + } else if (!path.isAbsolute(rawNoPrefix)) { + res.saveSpec = `file:${path.relative(where, resolvedPath)}` + } else { + res.saveSpec = `file:${path.resolve(resolvedPath)}` + } + + res.fetchSpec = path.resolve(where, resolvedPath) + return res +} + +function fromHostedGit (res, hosted) { + res.type = 'git' + res.hosted = hosted + res.saveSpec = hosted.toString({ noGitPlus: false, noCommittish: false }) + res.fetchSpec = hosted.getDefaultRepresentation() === 'shortcut' ? null : hosted.toString() + return setGitCommittish(res, hosted.committish) +} + +function unsupportedURLType (protocol, spec) { + const err = new Error(`Unsupported URL Type "${protocol}": ${spec}`) + err.code = 'EUNSUPPORTEDPROTOCOL' + return err +} + +function matchGitScp (spec) { + // git ssh specifiers are overloaded to also use scp-style git + // specifiers, so we have to parse those out and treat them special. + // They are NOT true URIs, so we can't hand them to `url.parse`. + // + // This regex looks for things that look like: + // git+ssh://git@my.custom.git.com:username/project.git#deadbeef + // + // ...and various combinations. The username in the beginning is *required*. + const matched = spec.match(/^git\+ssh:\/\/([^:#]+:[^#]+(?:\.git)?)(?:#(.*))?$/i) + return matched && !matched[1].match(/:[0-9]+\/?.*$/i) && { + fetchSpec: matched[1], + gitCommittish: matched[2] == null ? null : matched[2], + } +} + +function fromURL (res) { + // eslint-disable-next-line node/no-deprecated-api + const urlparse = url.parse(res.rawSpec) + res.saveSpec = res.rawSpec + // check the protocol, and then see if it's git or not + switch (urlparse.protocol) { + case 'git:': + case 'git+http:': + case 'git+https:': + case 'git+rsync:': + case 'git+ftp:': + case 'git+file:': + case 'git+ssh:': { + res.type = 'git' + const match = urlparse.protocol === 'git+ssh:' ? matchGitScp(res.rawSpec) + : null + if (match) { + setGitCommittish(res, match.gitCommittish) + res.fetchSpec = match.fetchSpec + } else { + setGitCommittish(res, urlparse.hash != null ? urlparse.hash.slice(1) : '') + urlparse.protocol = urlparse.protocol.replace(/^git[+]/, '') + if (urlparse.protocol === 'file:' && /^git\+file:\/\/[a-z]:/i.test(res.rawSpec)) { + // keep the drive letter : on windows file paths + urlparse.host += ':' + urlparse.hostname += ':' + } + delete urlparse.hash + res.fetchSpec = url.format(urlparse) + } + break + } + case 'http:': + case 'https:': + res.type = 'remote' + res.fetchSpec = res.saveSpec + break + + default: + throw unsupportedURLType(urlparse.protocol, res.rawSpec) + } + + return res +} + +function fromAlias (res, where) { + const subSpec = npa(res.rawSpec.substr(4), where) + if (subSpec.type === 'alias') { + throw new Error('nested aliases not supported') + } + + if (!subSpec.registry) { + throw new Error('aliases only work for registry deps') + } + + res.subSpec = subSpec + res.registry = true + res.type = 'alias' + res.saveSpec = null + res.fetchSpec = null + return res +} + +function fromRegistry (res) { + res.registry = true + const spec = res.rawSpec.trim() + // no save spec for registry components as we save based on the fetched + // version, not on the argument so this can't compute that. + res.saveSpec = null + res.fetchSpec = spec + const version = semver.valid(spec, true) + const range = semver.validRange(spec, true) + if (version) { + res.type = 'version' + } else if (range) { + res.type = 'range' + } else { + if (encodeURIComponent(spec) !== spec) { + throw invalidTagName(spec, res.raw) + } + res.type = 'tag' + } + return res +} diff --git a/node_modules/npm-pick-manifest/node_modules/npm-package-arg/package.json b/node_modules/npm-pick-manifest/node_modules/npm-package-arg/package.json new file mode 100644 index 0000000000000..bb9e71b258a93 --- /dev/null +++ b/node_modules/npm-pick-manifest/node_modules/npm-package-arg/package.json @@ -0,0 +1,59 @@ +{ + "name": "npm-package-arg", + "version": "10.1.0", + "description": "Parse the things that can be arguments to `npm install`", + "main": "./lib/npa.js", + "directories": { + "test": "test" + }, + "files": [ + "bin/", + "lib/" + ], + "dependencies": { + "hosted-git-info": "^6.0.0", + "proc-log": "^3.0.0", + "semver": "^7.3.5", + "validate-npm-package-name": "^5.0.0" + }, + "devDependencies": { + "@npmcli/eslint-config": "^4.0.0", + "@npmcli/template-oss": "4.10.0", + "tap": "^16.0.1" + }, + "scripts": { + "test": "tap", + "snap": "tap", + "npmclilint": "npmcli-lint", + "lint": "eslint \"**/*.js\"", + "lintfix": "npm run lint -- --fix", + "posttest": "npm run lint", + "postsnap": "npm run lintfix --", + "postlint": "template-oss-check", + "template-oss-apply": "template-oss-apply --force" + }, + "repository": { + "type": "git", + "url": "https://github.com/npm/npm-package-arg.git" + }, + "author": "GitHub Inc.", + "license": "ISC", + "bugs": { + "url": "https://github.com/npm/npm-package-arg/issues" + }, + "homepage": "https://github.com/npm/npm-package-arg", + "engines": { + "node": "^14.17.0 || ^16.13.0 || >=18.0.0" + }, + "tap": { + "branches": 97, + "nyc-arg": [ + "--exclude", + "tap-snapshots/**" + ] + }, + "templateOSS": { + "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.", + "version": "4.10.0" + } +} diff --git a/node_modules/npm-registry-fetch/node_modules/hosted-git-info/LICENSE b/node_modules/npm-registry-fetch/node_modules/hosted-git-info/LICENSE new file mode 100644 index 0000000000000..45055763dc838 --- /dev/null +++ b/node_modules/npm-registry-fetch/node_modules/hosted-git-info/LICENSE @@ -0,0 +1,13 @@ +Copyright (c) 2015, Rebecca Turner + +Permission to use, copy, modify, and/or distribute this software for any +purpose with or without fee is hereby granted, provided that the above +copyright notice and this permission notice appear in all copies. + +THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH +REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND +FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, +INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR +OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +PERFORMANCE OF THIS SOFTWARE. diff --git a/node_modules/npm-registry-fetch/node_modules/hosted-git-info/lib/from-url.js b/node_modules/npm-registry-fetch/node_modules/hosted-git-info/lib/from-url.js new file mode 100644 index 0000000000000..efc1247d59d12 --- /dev/null +++ b/node_modules/npm-registry-fetch/node_modules/hosted-git-info/lib/from-url.js @@ -0,0 +1,122 @@ +'use strict' + +const parseUrl = require('./parse-url') + +// look for github shorthand inputs, such as npm/cli +const isGitHubShorthand = (arg) => { + // it cannot contain whitespace before the first # + // it cannot start with a / because that's probably an absolute file path + // but it must include a slash since repos are username/repository + // it cannot start with a . because that's probably a relative file path + // it cannot start with an @ because that's a scoped package if it passes the other tests + // it cannot contain a : before a # because that tells us that there's a protocol + // a second / may not exist before a # + const firstHash = arg.indexOf('#') + const firstSlash = arg.indexOf('/') + const secondSlash = arg.indexOf('/', firstSlash + 1) + const firstColon = arg.indexOf(':') + const firstSpace = /\s/.exec(arg) + const firstAt = arg.indexOf('@') + + const spaceOnlyAfterHash = !firstSpace || (firstHash > -1 && firstSpace.index > firstHash) + const atOnlyAfterHash = firstAt === -1 || (firstHash > -1 && firstAt > firstHash) + const colonOnlyAfterHash = firstColon === -1 || (firstHash > -1 && firstColon > firstHash) + const secondSlashOnlyAfterHash = secondSlash === -1 || (firstHash > -1 && secondSlash > firstHash) + const hasSlash = firstSlash > 0 + // if a # is found, what we really want to know is that the character + // immediately before # is not a / + const doesNotEndWithSlash = firstHash > -1 ? arg[firstHash - 1] !== '/' : !arg.endsWith('/') + const doesNotStartWithDot = !arg.startsWith('.') + + return spaceOnlyAfterHash && hasSlash && doesNotEndWithSlash && + doesNotStartWithDot && atOnlyAfterHash && colonOnlyAfterHash && + secondSlashOnlyAfterHash +} + +module.exports = (giturl, opts, { gitHosts, protocols }) => { + if (!giturl) { + return + } + + const correctedUrl = isGitHubShorthand(giturl) ? `github:${giturl}` : giturl + const parsed = parseUrl(correctedUrl, protocols) + if (!parsed) { + return + } + + const gitHostShortcut = gitHosts.byShortcut[parsed.protocol] + const gitHostDomain = gitHosts.byDomain[parsed.hostname.startsWith('www.') + ? parsed.hostname.slice(4) + : parsed.hostname] + const gitHostName = gitHostShortcut || gitHostDomain + if (!gitHostName) { + return + } + + const gitHostInfo = gitHosts[gitHostShortcut || gitHostDomain] + let auth = null + if (protocols[parsed.protocol]?.auth && (parsed.username || parsed.password)) { + auth = `${parsed.username}${parsed.password ? ':' + parsed.password : ''}` + } + + let committish = null + let user = null + let project = null + let defaultRepresentation = null + + try { + if (gitHostShortcut) { + let pathname = parsed.pathname.startsWith('/') ? parsed.pathname.slice(1) : parsed.pathname + const firstAt = pathname.indexOf('@') + // we ignore auth for shortcuts, so just trim it out + if (firstAt > -1) { + pathname = pathname.slice(firstAt + 1) + } + + const lastSlash = pathname.lastIndexOf('/') + if (lastSlash > -1) { + user = decodeURIComponent(pathname.slice(0, lastSlash)) + // we want nulls only, never empty strings + if (!user) { + user = null + } + project = decodeURIComponent(pathname.slice(lastSlash + 1)) + } else { + project = decodeURIComponent(pathname) + } + + if (project.endsWith('.git')) { + project = project.slice(0, -4) + } + + if (parsed.hash) { + committish = decodeURIComponent(parsed.hash.slice(1)) + } + + defaultRepresentation = 'shortcut' + } else { + if (!gitHostInfo.protocols.includes(parsed.protocol)) { + return + } + + const segments = gitHostInfo.extract(parsed) + if (!segments) { + return + } + + user = segments.user && decodeURIComponent(segments.user) + project = decodeURIComponent(segments.project) + committish = decodeURIComponent(segments.committish) + defaultRepresentation = protocols[parsed.protocol]?.name || parsed.protocol.slice(0, -1) + } + } catch (err) { + /* istanbul ignore else */ + if (err instanceof URIError) { + return + } else { + throw err + } + } + + return [gitHostName, user, auth, project, committish, defaultRepresentation, opts] +} diff --git a/node_modules/npm-registry-fetch/node_modules/hosted-git-info/lib/hosts.js b/node_modules/npm-registry-fetch/node_modules/hosted-git-info/lib/hosts.js new file mode 100644 index 0000000000000..013712b7842c8 --- /dev/null +++ b/node_modules/npm-registry-fetch/node_modules/hosted-git-info/lib/hosts.js @@ -0,0 +1,228 @@ +/* eslint-disable max-len */ + +'use strict' + +const maybeJoin = (...args) => args.every(arg => arg) ? args.join('') : '' +const maybeEncode = (arg) => arg ? encodeURIComponent(arg) : '' +const formatHashFragment = (f) => f.toLowerCase().replace(/^\W+|\/|\W+$/g, '').replace(/\W+/g, '-') + +const defaults = { + sshtemplate: ({ domain, user, project, committish }) => + `git@${domain}:${user}/${project}.git${maybeJoin('#', committish)}`, + sshurltemplate: ({ domain, user, project, committish }) => + `git+ssh://git@${domain}/${user}/${project}.git${maybeJoin('#', committish)}`, + edittemplate: ({ domain, user, project, committish, editpath, path }) => + `https://${domain}/${user}/${project}${maybeJoin('/', editpath, '/', maybeEncode(committish || 'HEAD'), '/', path)}`, + browsetemplate: ({ domain, user, project, committish, treepath }) => + `https://${domain}/${user}/${project}${maybeJoin('/', treepath, '/', maybeEncode(committish))}`, + browsetreetemplate: ({ domain, user, project, committish, treepath, path, fragment, hashformat }) => + `https://${domain}/${user}/${project}/${treepath}/${maybeEncode(committish || 'HEAD')}/${path}${maybeJoin('#', hashformat(fragment || ''))}`, + browseblobtemplate: ({ domain, user, project, committish, blobpath, path, fragment, hashformat }) => + `https://${domain}/${user}/${project}/${blobpath}/${maybeEncode(committish || 'HEAD')}/${path}${maybeJoin('#', hashformat(fragment || ''))}`, + docstemplate: ({ domain, user, project, treepath, committish }) => + `https://${domain}/${user}/${project}${maybeJoin('/', treepath, '/', maybeEncode(committish))}#readme`, + httpstemplate: ({ auth, domain, user, project, committish }) => + `git+https://${maybeJoin(auth, '@')}${domain}/${user}/${project}.git${maybeJoin('#', committish)}`, + filetemplate: ({ domain, user, project, committish, path }) => + `https://${domain}/${user}/${project}/raw/${maybeEncode(committish || 'HEAD')}/${path}`, + shortcuttemplate: ({ type, user, project, committish }) => + `${type}:${user}/${project}${maybeJoin('#', committish)}`, + pathtemplate: ({ user, project, committish }) => + `${user}/${project}${maybeJoin('#', committish)}`, + bugstemplate: ({ domain, user, project }) => + `https://${domain}/${user}/${project}/issues`, + hashformat: formatHashFragment, +} + +const hosts = {} +hosts.github = { + // First two are insecure and generally shouldn't be used any more, but + // they are still supported. + protocols: ['git:', 'http:', 'git+ssh:', 'git+https:', 'ssh:', 'https:'], + domain: 'github.com', + treepath: 'tree', + blobpath: 'blob', + editpath: 'edit', + filetemplate: ({ auth, user, project, committish, path }) => + `https://${maybeJoin(auth, '@')}raw.githubusercontent.com/${user}/${project}/${maybeEncode(committish || 'HEAD')}/${path}`, + gittemplate: ({ auth, domain, user, project, committish }) => + `git://${maybeJoin(auth, '@')}${domain}/${user}/${project}.git${maybeJoin('#', committish)}`, + tarballtemplate: ({ domain, user, project, committish }) => + `https://codeload.${domain}/${user}/${project}/tar.gz/${maybeEncode(committish || 'HEAD')}`, + extract: (url) => { + let [, user, project, type, committish] = url.pathname.split('/', 5) + if (type && type !== 'tree') { + return + } + + if (!type) { + committish = url.hash.slice(1) + } + + if (project && project.endsWith('.git')) { + project = project.slice(0, -4) + } + + if (!user || !project) { + return + } + + return { user, project, committish } + }, +} + +hosts.bitbucket = { + protocols: ['git+ssh:', 'git+https:', 'ssh:', 'https:'], + domain: 'bitbucket.org', + treepath: 'src', + blobpath: 'src', + editpath: '?mode=edit', + edittemplate: ({ domain, user, project, committish, treepath, path, editpath }) => + `https://${domain}/${user}/${project}${maybeJoin('/', treepath, '/', maybeEncode(committish || 'HEAD'), '/', path, editpath)}`, + tarballtemplate: ({ domain, user, project, committish }) => + `https://${domain}/${user}/${project}/get/${maybeEncode(committish || 'HEAD')}.tar.gz`, + extract: (url) => { + let [, user, project, aux] = url.pathname.split('/', 4) + if (['get'].includes(aux)) { + return + } + + if (project && project.endsWith('.git')) { + project = project.slice(0, -4) + } + + if (!user || !project) { + return + } + + return { user, project, committish: url.hash.slice(1) } + }, +} + +hosts.gitlab = { + protocols: ['git+ssh:', 'git+https:', 'ssh:', 'https:'], + domain: 'gitlab.com', + treepath: 'tree', + blobpath: 'tree', + editpath: '-/edit', + httpstemplate: ({ auth, domain, user, project, committish }) => + `git+https://${maybeJoin(auth, '@')}${domain}/${user}/${project}.git${maybeJoin('#', committish)}`, + tarballtemplate: ({ domain, user, project, committish }) => + `https://${domain}/${user}/${project}/repository/archive.tar.gz?ref=${maybeEncode(committish || 'HEAD')}`, + extract: (url) => { + const path = url.pathname.slice(1) + if (path.includes('/-/') || path.includes('/archive.tar.gz')) { + return + } + + const segments = path.split('/') + let project = segments.pop() + if (project.endsWith('.git')) { + project = project.slice(0, -4) + } + + const user = segments.join('/') + if (!user || !project) { + return + } + + return { user, project, committish: url.hash.slice(1) } + }, +} + +hosts.gist = { + protocols: ['git:', 'git+ssh:', 'git+https:', 'ssh:', 'https:'], + domain: 'gist.github.com', + editpath: 'edit', + sshtemplate: ({ domain, project, committish }) => + `git@${domain}:${project}.git${maybeJoin('#', committish)}`, + sshurltemplate: ({ domain, project, committish }) => + `git+ssh://git@${domain}/${project}.git${maybeJoin('#', committish)}`, + edittemplate: ({ domain, user, project, committish, editpath }) => + `https://${domain}/${user}/${project}${maybeJoin('/', maybeEncode(committish))}/${editpath}`, + browsetemplate: ({ domain, project, committish }) => + `https://${domain}/${project}${maybeJoin('/', maybeEncode(committish))}`, + browsetreetemplate: ({ domain, project, committish, path, hashformat }) => + `https://${domain}/${project}${maybeJoin('/', maybeEncode(committish))}${maybeJoin('#', hashformat(path))}`, + browseblobtemplate: ({ domain, project, committish, path, hashformat }) => + `https://${domain}/${project}${maybeJoin('/', maybeEncode(committish))}${maybeJoin('#', hashformat(path))}`, + docstemplate: ({ domain, project, committish }) => + `https://${domain}/${project}${maybeJoin('/', maybeEncode(committish))}`, + httpstemplate: ({ domain, project, committish }) => + `git+https://${domain}/${project}.git${maybeJoin('#', committish)}`, + filetemplate: ({ user, project, committish, path }) => + `https://gist.githubusercontent.com/${user}/${project}/raw${maybeJoin('/', maybeEncode(committish))}/${path}`, + shortcuttemplate: ({ type, project, committish }) => + `${type}:${project}${maybeJoin('#', committish)}`, + pathtemplate: ({ project, committish }) => + `${project}${maybeJoin('#', committish)}`, + bugstemplate: ({ domain, project }) => + `https://${domain}/${project}`, + gittemplate: ({ domain, project, committish }) => + `git://${domain}/${project}.git${maybeJoin('#', committish)}`, + tarballtemplate: ({ project, committish }) => + `https://codeload.github.com/gist/${project}/tar.gz/${maybeEncode(committish || 'HEAD')}`, + extract: (url) => { + let [, user, project, aux] = url.pathname.split('/', 4) + if (aux === 'raw') { + return + } + + if (!project) { + if (!user) { + return + } + + project = user + user = null + } + + if (project.endsWith('.git')) { + project = project.slice(0, -4) + } + + return { user, project, committish: url.hash.slice(1) } + }, + hashformat: function (fragment) { + return fragment && 'file-' + formatHashFragment(fragment) + }, +} + +hosts.sourcehut = { + protocols: ['git+ssh:', 'https:'], + domain: 'git.sr.ht', + treepath: 'tree', + blobpath: 'tree', + filetemplate: ({ domain, user, project, committish, path }) => + `https://${domain}/${user}/${project}/blob/${maybeEncode(committish) || 'HEAD'}/${path}`, + httpstemplate: ({ domain, user, project, committish }) => + `https://${domain}/${user}/${project}.git${maybeJoin('#', committish)}`, + tarballtemplate: ({ domain, user, project, committish }) => + `https://${domain}/${user}/${project}/archive/${maybeEncode(committish) || 'HEAD'}.tar.gz`, + bugstemplate: ({ user, project }) => + `https://todo.sr.ht/${user}/${project}`, + extract: (url) => { + let [, user, project, aux] = url.pathname.split('/', 4) + + // tarball url + if (['archive'].includes(aux)) { + return + } + + if (project && project.endsWith('.git')) { + project = project.slice(0, -4) + } + + if (!user || !project) { + return + } + + return { user, project, committish: url.hash.slice(1) } + }, +} + +for (const [name, host] of Object.entries(hosts)) { + hosts[name] = Object.assign({}, defaults, host) +} + +module.exports = hosts diff --git a/node_modules/npm-registry-fetch/node_modules/hosted-git-info/lib/index.js b/node_modules/npm-registry-fetch/node_modules/hosted-git-info/lib/index.js new file mode 100644 index 0000000000000..a7339c217e9a3 --- /dev/null +++ b/node_modules/npm-registry-fetch/node_modules/hosted-git-info/lib/index.js @@ -0,0 +1,179 @@ +'use strict' + +const LRU = require('lru-cache') +const hosts = require('./hosts.js') +const fromUrl = require('./from-url.js') +const parseUrl = require('./parse-url.js') + +const cache = new LRU({ max: 1000 }) + +class GitHost { + constructor (type, user, auth, project, committish, defaultRepresentation, opts = {}) { + Object.assign(this, GitHost.#gitHosts[type], { + type, + user, + auth, + project, + committish, + default: defaultRepresentation, + opts, + }) + } + + static #gitHosts = { byShortcut: {}, byDomain: {} } + static #protocols = { + 'git+ssh:': { name: 'sshurl' }, + 'ssh:': { name: 'sshurl' }, + 'git+https:': { name: 'https', auth: true }, + 'git:': { auth: true }, + 'http:': { auth: true }, + 'https:': { auth: true }, + 'git+http:': { auth: true }, + } + + static addHost (name, host) { + GitHost.#gitHosts[name] = host + GitHost.#gitHosts.byDomain[host.domain] = name + GitHost.#gitHosts.byShortcut[`${name}:`] = name + GitHost.#protocols[`${name}:`] = { name } + } + + static fromUrl (giturl, opts) { + if (typeof giturl !== 'string') { + return + } + + const key = giturl + JSON.stringify(opts || {}) + + if (!cache.has(key)) { + const hostArgs = fromUrl(giturl, opts, { + gitHosts: GitHost.#gitHosts, + protocols: GitHost.#protocols, + }) + cache.set(key, hostArgs ? new GitHost(...hostArgs) : undefined) + } + + return cache.get(key) + } + + static parseUrl (url) { + return parseUrl(url) + } + + #fill (template, opts) { + if (typeof template !== 'function') { + return null + } + + const options = { ...this, ...this.opts, ...opts } + + // the path should always be set so we don't end up with 'undefined' in urls + if (!options.path) { + options.path = '' + } + + // template functions will insert the leading slash themselves + if (options.path.startsWith('/')) { + options.path = options.path.slice(1) + } + + if (options.noCommittish) { + options.committish = null + } + + const result = template(options) + return options.noGitPlus && result.startsWith('git+') ? result.slice(4) : result + } + + hash () { + return this.committish ? `#${this.committish}` : '' + } + + ssh (opts) { + return this.#fill(this.sshtemplate, opts) + } + + sshurl (opts) { + return this.#fill(this.sshurltemplate, opts) + } + + browse (path, ...args) { + // not a string, treat path as opts + if (typeof path !== 'string') { + return this.#fill(this.browsetemplate, path) + } + + if (typeof args[0] !== 'string') { + return this.#fill(this.browsetreetemplate, { ...args[0], path }) + } + + return this.#fill(this.browsetreetemplate, { ...args[1], fragment: args[0], path }) + } + + // If the path is known to be a file, then browseFile should be used. For some hosts + // the url is the same as browse, but for others like GitHub a file can use both `/tree/` + // and `/blob/` in the path. When using a default committish of `HEAD` then the `/tree/` + // path will redirect to a specific commit. Using the `/blob/` path avoids this and + // does not redirect to a different commit. + browseFile (path, ...args) { + if (typeof args[0] !== 'string') { + return this.#fill(this.browseblobtemplate, { ...args[0], path }) + } + + return this.#fill(this.browseblobtemplate, { ...args[1], fragment: args[0], path }) + } + + docs (opts) { + return this.#fill(this.docstemplate, opts) + } + + bugs (opts) { + return this.#fill(this.bugstemplate, opts) + } + + https (opts) { + return this.#fill(this.httpstemplate, opts) + } + + git (opts) { + return this.#fill(this.gittemplate, opts) + } + + shortcut (opts) { + return this.#fill(this.shortcuttemplate, opts) + } + + path (opts) { + return this.#fill(this.pathtemplate, opts) + } + + tarball (opts) { + return this.#fill(this.tarballtemplate, { ...opts, noCommittish: false }) + } + + file (path, opts) { + return this.#fill(this.filetemplate, { ...opts, path }) + } + + edit (path, opts) { + return this.#fill(this.edittemplate, { ...opts, path }) + } + + getDefaultRepresentation () { + return this.default + } + + toString (opts) { + if (this.default && typeof this[this.default] === 'function') { + return this[this.default](opts) + } + + return this.sshurl(opts) + } +} + +for (const [name, host] of Object.entries(hosts)) { + GitHost.addHost(name, host) +} + +module.exports = GitHost diff --git a/node_modules/npm-registry-fetch/node_modules/hosted-git-info/lib/parse-url.js b/node_modules/npm-registry-fetch/node_modules/hosted-git-info/lib/parse-url.js new file mode 100644 index 0000000000000..7d5489c008ab4 --- /dev/null +++ b/node_modules/npm-registry-fetch/node_modules/hosted-git-info/lib/parse-url.js @@ -0,0 +1,78 @@ +const url = require('url') + +const lastIndexOfBefore = (str, char, beforeChar) => { + const startPosition = str.indexOf(beforeChar) + return str.lastIndexOf(char, startPosition > -1 ? startPosition : Infinity) +} + +const safeUrl = (u) => { + try { + return new url.URL(u) + } catch { + // this fn should never throw + } +} + +// accepts input like git:github.com:user/repo and inserts the // after the first : +const correctProtocol = (arg, protocols) => { + const firstColon = arg.indexOf(':') + const proto = arg.slice(0, firstColon + 1) + if (Object.prototype.hasOwnProperty.call(protocols, proto)) { + return arg + } + + const firstAt = arg.indexOf('@') + if (firstAt > -1) { + if (firstAt > firstColon) { + return `git+ssh://${arg}` + } else { + return arg + } + } + + const doubleSlash = arg.indexOf('//') + if (doubleSlash === firstColon + 1) { + return arg + } + + return `${arg.slice(0, firstColon + 1)}//${arg.slice(firstColon + 1)}` +} + +// attempt to correct an scp style url so that it will parse with `new URL()` +const correctUrl = (giturl) => { + // ignore @ that come after the first hash since the denotes the start + // of a committish which can contain @ characters + const firstAt = lastIndexOfBefore(giturl, '@', '#') + // ignore colons that come after the hash since that could include colons such as: + // git@github.com:user/package-2#semver:^1.0.0 + const lastColonBeforeHash = lastIndexOfBefore(giturl, ':', '#') + + if (lastColonBeforeHash > firstAt) { + // the last : comes after the first @ (or there is no @) + // like it would in: + // proto://hostname.com:user/repo + // username@hostname.com:user/repo + // :password@hostname.com:user/repo + // username:password@hostname.com:user/repo + // proto://username@hostname.com:user/repo + // proto://:password@hostname.com:user/repo + // proto://username:password@hostname.com:user/repo + // then we replace the last : with a / to create a valid path + giturl = giturl.slice(0, lastColonBeforeHash) + '/' + giturl.slice(lastColonBeforeHash + 1) + } + + if (lastIndexOfBefore(giturl, ':', '#') === -1 && giturl.indexOf('//') === -1) { + // we have no : at all + // as it would be in: + // username@hostname.com/user/repo + // then we prepend a protocol + giturl = `git+ssh://${giturl}` + } + + return giturl +} + +module.exports = (giturl, protocols) => { + const withProtocol = protocols ? correctProtocol(giturl, protocols) : giturl + return safeUrl(withProtocol) || safeUrl(correctUrl(withProtocol)) +} diff --git a/node_modules/npm-registry-fetch/node_modules/hosted-git-info/package.json b/node_modules/npm-registry-fetch/node_modules/hosted-git-info/package.json new file mode 100644 index 0000000000000..612259948afe7 --- /dev/null +++ b/node_modules/npm-registry-fetch/node_modules/hosted-git-info/package.json @@ -0,0 +1,59 @@ +{ + "name": "hosted-git-info", + "version": "6.1.1", + "description": "Provides metadata and conversions from repository urls for GitHub, Bitbucket and GitLab", + "main": "./lib/index.js", + "repository": { + "type": "git", + "url": "https://github.com/npm/hosted-git-info.git" + }, + "keywords": [ + "git", + "github", + "bitbucket", + "gitlab" + ], + "author": "GitHub Inc.", + "license": "ISC", + "bugs": { + "url": "https://github.com/npm/hosted-git-info/issues" + }, + "homepage": "https://github.com/npm/hosted-git-info", + "scripts": { + "posttest": "npm run lint", + "snap": "tap", + "test": "tap", + "test:coverage": "tap --coverage-report=html", + "lint": "eslint \"**/*.js\"", + "postlint": "template-oss-check", + "lintfix": "npm run lint -- --fix", + "template-oss-apply": "template-oss-apply --force" + }, + "dependencies": { + "lru-cache": "^7.5.1" + }, + "devDependencies": { + "@npmcli/eslint-config": "^4.0.0", + "@npmcli/template-oss": "4.7.1", + "tap": "^16.0.1" + }, + "files": [ + "bin/", + "lib/" + ], + "engines": { + "node": "^14.17.0 || ^16.13.0 || >=18.0.0" + }, + "tap": { + "color": 1, + "coverage": true, + "nyc-arg": [ + "--exclude", + "tap-snapshots/**" + ] + }, + "templateOSS": { + "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.", + "version": "4.7.1" + } +} diff --git a/node_modules/npm-registry-fetch/node_modules/npm-package-arg/LICENSE b/node_modules/npm-registry-fetch/node_modules/npm-package-arg/LICENSE new file mode 100644 index 0000000000000..19cec97b18468 --- /dev/null +++ b/node_modules/npm-registry-fetch/node_modules/npm-package-arg/LICENSE @@ -0,0 +1,15 @@ +The ISC License + +Copyright (c) npm, Inc. + +Permission to use, copy, modify, and/or distribute this software for any +purpose with or without fee is hereby granted, provided that the above +copyright notice and this permission notice appear in all copies. + +THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR +IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. diff --git a/node_modules/npm-registry-fetch/node_modules/npm-package-arg/lib/npa.js b/node_modules/npm-registry-fetch/node_modules/npm-package-arg/lib/npa.js new file mode 100644 index 0000000000000..36bd18cd9f9a6 --- /dev/null +++ b/node_modules/npm-registry-fetch/node_modules/npm-package-arg/lib/npa.js @@ -0,0 +1,431 @@ +'use strict' +module.exports = npa +module.exports.resolve = resolve +module.exports.toPurl = toPurl +module.exports.Result = Result + +const url = require('url') +const HostedGit = require('hosted-git-info') +const semver = require('semver') +const path = global.FAKE_WINDOWS ? require('path').win32 : require('path') +const validatePackageName = require('validate-npm-package-name') +const { homedir } = require('os') +const log = require('proc-log') + +const isWindows = process.platform === 'win32' || global.FAKE_WINDOWS +const hasSlashes = isWindows ? /\\|[/]/ : /[/]/ +const isURL = /^(?:git[+])?[a-z]+:/i +const isGit = /^[^@]+@[^:.]+\.[^:]+:.+$/i +const isFilename = /[.](?:tgz|tar.gz|tar)$/i + +function npa (arg, where) { + let name + let spec + if (typeof arg === 'object') { + if (arg instanceof Result && (!where || where === arg.where)) { + return arg + } else if (arg.name && arg.rawSpec) { + return npa.resolve(arg.name, arg.rawSpec, where || arg.where) + } else { + return npa(arg.raw, where || arg.where) + } + } + const nameEndsAt = arg[0] === '@' ? arg.slice(1).indexOf('@') + 1 : arg.indexOf('@') + const namePart = nameEndsAt > 0 ? arg.slice(0, nameEndsAt) : arg + if (isURL.test(arg)) { + spec = arg + } else if (isGit.test(arg)) { + spec = `git+ssh://${arg}` + } else if (namePart[0] !== '@' && (hasSlashes.test(namePart) || isFilename.test(namePart))) { + spec = arg + } else if (nameEndsAt > 0) { + name = namePart + spec = arg.slice(nameEndsAt + 1) || '*' + } else { + const valid = validatePackageName(arg) + if (valid.validForOldPackages) { + name = arg + spec = '*' + } else { + spec = arg + } + } + return resolve(name, spec, where, arg) +} + +const isFilespec = isWindows ? /^(?:[.]|~[/]|[/\\]|[a-zA-Z]:)/ : /^(?:[.]|~[/]|[/]|[a-zA-Z]:)/ + +function resolve (name, spec, where, arg) { + const res = new Result({ + raw: arg, + name: name, + rawSpec: spec, + fromArgument: arg != null, + }) + + if (name) { + res.setName(name) + } + + if (spec && (isFilespec.test(spec) || /^file:/i.test(spec))) { + return fromFile(res, where) + } else if (spec && /^npm:/i.test(spec)) { + return fromAlias(res, where) + } + + const hosted = HostedGit.fromUrl(spec, { + noGitPlus: true, + noCommittish: true, + }) + if (hosted) { + return fromHostedGit(res, hosted) + } else if (spec && isURL.test(spec)) { + return fromURL(res) + } else if (spec && (hasSlashes.test(spec) || isFilename.test(spec))) { + return fromFile(res, where) + } else { + return fromRegistry(res) + } +} + +const defaultRegistry = 'https://registry.npmjs.org' + +function toPurl (arg, reg = defaultRegistry) { + const res = npa(arg) + + if (res.type !== 'version') { + throw invalidPurlType(res.type, res.raw) + } + + // URI-encode leading @ of scoped packages + let purl = 'pkg:npm/' + res.name.replace(/^@/, '%40') + '@' + res.rawSpec + if (reg !== defaultRegistry) { + purl += '?repository_url=' + reg + } + + return purl +} + +function invalidPackageName (name, valid, raw) { + // eslint-disable-next-line max-len + const err = new Error(`Invalid package name "${name}" of package "${raw}": ${valid.errors.join('; ')}.`) + err.code = 'EINVALIDPACKAGENAME' + return err +} + +function invalidTagName (name, raw) { + // eslint-disable-next-line max-len + const err = new Error(`Invalid tag name "${name}" of package "${raw}": Tags may not have any characters that encodeURIComponent encodes.`) + err.code = 'EINVALIDTAGNAME' + return err +} + +function invalidPurlType (type, raw) { + // eslint-disable-next-line max-len + const err = new Error(`Invalid type "${type}" of package "${raw}": Purl can only be generated for "version" types.`) + err.code = 'EINVALIDPURLTYPE' + return err +} + +function Result (opts) { + this.type = opts.type + this.registry = opts.registry + this.where = opts.where + if (opts.raw == null) { + this.raw = opts.name ? opts.name + '@' + opts.rawSpec : opts.rawSpec + } else { + this.raw = opts.raw + } + + this.name = undefined + this.escapedName = undefined + this.scope = undefined + this.rawSpec = opts.rawSpec || '' + this.saveSpec = opts.saveSpec + this.fetchSpec = opts.fetchSpec + if (opts.name) { + this.setName(opts.name) + } + this.gitRange = opts.gitRange + this.gitCommittish = opts.gitCommittish + this.gitSubdir = opts.gitSubdir + this.hosted = opts.hosted +} + +Result.prototype.setName = function (name) { + const valid = validatePackageName(name) + if (!valid.validForOldPackages) { + throw invalidPackageName(name, valid, this.raw) + } + + this.name = name + this.scope = name[0] === '@' ? name.slice(0, name.indexOf('/')) : undefined + // scoped packages in couch must have slash url-encoded, e.g. @foo%2Fbar + this.escapedName = name.replace('/', '%2f') + return this +} + +Result.prototype.toString = function () { + const full = [] + if (this.name != null && this.name !== '') { + full.push(this.name) + } + const spec = this.saveSpec || this.fetchSpec || this.rawSpec + if (spec != null && spec !== '') { + full.push(spec) + } + return full.length ? full.join('@') : this.raw +} + +Result.prototype.toJSON = function () { + const result = Object.assign({}, this) + delete result.hosted + return result +} + +function setGitCommittish (res, committish) { + if (!committish) { + res.gitCommittish = null + return res + } + + // for each :: separated item: + for (const part of committish.split('::')) { + // if the item has no : the n it is a commit-ish + if (!part.includes(':')) { + if (res.gitRange) { + throw new Error('cannot override existing semver range with a committish') + } + if (res.gitCommittish) { + throw new Error('cannot override existing committish with a second committish') + } + res.gitCommittish = part + continue + } + // split on name:value + const [name, value] = part.split(':') + // if name is semver do semver lookup of ref or tag + if (name === 'semver') { + if (res.gitCommittish) { + throw new Error('cannot override existing committish with a semver range') + } + if (res.gitRange) { + throw new Error('cannot override existing semver range with a second semver range') + } + res.gitRange = decodeURIComponent(value) + continue + } + if (name === 'path') { + if (res.gitSubdir) { + throw new Error('cannot override existing path with a second path') + } + res.gitSubdir = `/${value}` + continue + } + log.warn('npm-package-arg', `ignoring unknown key "${name}"`) + } + + return res +} + +function fromFile (res, where) { + if (!where) { + where = process.cwd() + } + res.type = isFilename.test(res.rawSpec) ? 'file' : 'directory' + res.where = where + + // always put the '/' on where when resolving urls, or else + // file:foo from /path/to/bar goes to /path/to/foo, when we want + // it to be /path/to/bar/foo + + let specUrl + let resolvedUrl + const prefix = (!/^file:/.test(res.rawSpec) ? 'file:' : '') + const rawWithPrefix = prefix + res.rawSpec + let rawNoPrefix = rawWithPrefix.replace(/^file:/, '') + try { + resolvedUrl = new url.URL(rawWithPrefix, `file://${path.resolve(where)}/`) + specUrl = new url.URL(rawWithPrefix) + } catch (originalError) { + const er = new Error('Invalid file: URL, must comply with RFC 8909') + throw Object.assign(er, { + raw: res.rawSpec, + spec: res, + where, + originalError, + }) + } + + // environment switch for testing + if (process.env.NPM_PACKAGE_ARG_8909_STRICT !== '1') { + // XXX backwards compatibility lack of compliance with 8909 + // Remove when we want a breaking change to come into RFC compliance. + if (resolvedUrl.host && resolvedUrl.host !== 'localhost') { + const rawSpec = res.rawSpec.replace(/^file:\/\//, 'file:///') + resolvedUrl = new url.URL(rawSpec, `file://${path.resolve(where)}/`) + specUrl = new url.URL(rawSpec) + rawNoPrefix = rawSpec.replace(/^file:/, '') + } + // turn file:/../foo into file:../foo + // for 1, 2 or 3 leading slashes since we attempted + // in the previous step to make it a file protocol url with a leading slash + if (/^\/{1,3}\.\.?(\/|$)/.test(rawNoPrefix)) { + const rawSpec = res.rawSpec.replace(/^file:\/{1,3}/, 'file:') + resolvedUrl = new url.URL(rawSpec, `file://${path.resolve(where)}/`) + specUrl = new url.URL(rawSpec) + rawNoPrefix = rawSpec.replace(/^file:/, '') + } + // XXX end 8909 violation backwards compatibility section + } + + // file:foo - relative url to ./foo + // file:/foo - absolute path /foo + // file:///foo - absolute path to /foo, no authority host + // file://localhost/foo - absolute path to /foo, on localhost + // file://foo - absolute path to / on foo host (error!) + if (resolvedUrl.host && resolvedUrl.host !== 'localhost') { + const msg = `Invalid file: URL, must be absolute if // present` + throw Object.assign(new Error(msg), { + raw: res.rawSpec, + parsed: resolvedUrl, + }) + } + + // turn /C:/blah into just C:/blah on windows + let specPath = decodeURIComponent(specUrl.pathname) + let resolvedPath = decodeURIComponent(resolvedUrl.pathname) + if (isWindows) { + specPath = specPath.replace(/^\/+([a-z]:\/)/i, '$1') + resolvedPath = resolvedPath.replace(/^\/+([a-z]:\/)/i, '$1') + } + + // replace ~ with homedir, but keep the ~ in the saveSpec + // otherwise, make it relative to where param + if (/^\/~(\/|$)/.test(specPath)) { + res.saveSpec = `file:${specPath.substr(1)}` + resolvedPath = path.resolve(homedir(), specPath.substr(3)) + } else if (!path.isAbsolute(rawNoPrefix)) { + res.saveSpec = `file:${path.relative(where, resolvedPath)}` + } else { + res.saveSpec = `file:${path.resolve(resolvedPath)}` + } + + res.fetchSpec = path.resolve(where, resolvedPath) + return res +} + +function fromHostedGit (res, hosted) { + res.type = 'git' + res.hosted = hosted + res.saveSpec = hosted.toString({ noGitPlus: false, noCommittish: false }) + res.fetchSpec = hosted.getDefaultRepresentation() === 'shortcut' ? null : hosted.toString() + return setGitCommittish(res, hosted.committish) +} + +function unsupportedURLType (protocol, spec) { + const err = new Error(`Unsupported URL Type "${protocol}": ${spec}`) + err.code = 'EUNSUPPORTEDPROTOCOL' + return err +} + +function matchGitScp (spec) { + // git ssh specifiers are overloaded to also use scp-style git + // specifiers, so we have to parse those out and treat them special. + // They are NOT true URIs, so we can't hand them to `url.parse`. + // + // This regex looks for things that look like: + // git+ssh://git@my.custom.git.com:username/project.git#deadbeef + // + // ...and various combinations. The username in the beginning is *required*. + const matched = spec.match(/^git\+ssh:\/\/([^:#]+:[^#]+(?:\.git)?)(?:#(.*))?$/i) + return matched && !matched[1].match(/:[0-9]+\/?.*$/i) && { + fetchSpec: matched[1], + gitCommittish: matched[2] == null ? null : matched[2], + } +} + +function fromURL (res) { + // eslint-disable-next-line node/no-deprecated-api + const urlparse = url.parse(res.rawSpec) + res.saveSpec = res.rawSpec + // check the protocol, and then see if it's git or not + switch (urlparse.protocol) { + case 'git:': + case 'git+http:': + case 'git+https:': + case 'git+rsync:': + case 'git+ftp:': + case 'git+file:': + case 'git+ssh:': { + res.type = 'git' + const match = urlparse.protocol === 'git+ssh:' ? matchGitScp(res.rawSpec) + : null + if (match) { + setGitCommittish(res, match.gitCommittish) + res.fetchSpec = match.fetchSpec + } else { + setGitCommittish(res, urlparse.hash != null ? urlparse.hash.slice(1) : '') + urlparse.protocol = urlparse.protocol.replace(/^git[+]/, '') + if (urlparse.protocol === 'file:' && /^git\+file:\/\/[a-z]:/i.test(res.rawSpec)) { + // keep the drive letter : on windows file paths + urlparse.host += ':' + urlparse.hostname += ':' + } + delete urlparse.hash + res.fetchSpec = url.format(urlparse) + } + break + } + case 'http:': + case 'https:': + res.type = 'remote' + res.fetchSpec = res.saveSpec + break + + default: + throw unsupportedURLType(urlparse.protocol, res.rawSpec) + } + + return res +} + +function fromAlias (res, where) { + const subSpec = npa(res.rawSpec.substr(4), where) + if (subSpec.type === 'alias') { + throw new Error('nested aliases not supported') + } + + if (!subSpec.registry) { + throw new Error('aliases only work for registry deps') + } + + res.subSpec = subSpec + res.registry = true + res.type = 'alias' + res.saveSpec = null + res.fetchSpec = null + return res +} + +function fromRegistry (res) { + res.registry = true + const spec = res.rawSpec.trim() + // no save spec for registry components as we save based on the fetched + // version, not on the argument so this can't compute that. + res.saveSpec = null + res.fetchSpec = spec + const version = semver.valid(spec, true) + const range = semver.validRange(spec, true) + if (version) { + res.type = 'version' + } else if (range) { + res.type = 'range' + } else { + if (encodeURIComponent(spec) !== spec) { + throw invalidTagName(spec, res.raw) + } + res.type = 'tag' + } + return res +} diff --git a/node_modules/npm-registry-fetch/node_modules/npm-package-arg/package.json b/node_modules/npm-registry-fetch/node_modules/npm-package-arg/package.json new file mode 100644 index 0000000000000..bb9e71b258a93 --- /dev/null +++ b/node_modules/npm-registry-fetch/node_modules/npm-package-arg/package.json @@ -0,0 +1,59 @@ +{ + "name": "npm-package-arg", + "version": "10.1.0", + "description": "Parse the things that can be arguments to `npm install`", + "main": "./lib/npa.js", + "directories": { + "test": "test" + }, + "files": [ + "bin/", + "lib/" + ], + "dependencies": { + "hosted-git-info": "^6.0.0", + "proc-log": "^3.0.0", + "semver": "^7.3.5", + "validate-npm-package-name": "^5.0.0" + }, + "devDependencies": { + "@npmcli/eslint-config": "^4.0.0", + "@npmcli/template-oss": "4.10.0", + "tap": "^16.0.1" + }, + "scripts": { + "test": "tap", + "snap": "tap", + "npmclilint": "npmcli-lint", + "lint": "eslint \"**/*.js\"", + "lintfix": "npm run lint -- --fix", + "posttest": "npm run lint", + "postsnap": "npm run lintfix --", + "postlint": "template-oss-check", + "template-oss-apply": "template-oss-apply --force" + }, + "repository": { + "type": "git", + "url": "https://github.com/npm/npm-package-arg.git" + }, + "author": "GitHub Inc.", + "license": "ISC", + "bugs": { + "url": "https://github.com/npm/npm-package-arg/issues" + }, + "homepage": "https://github.com/npm/npm-package-arg", + "engines": { + "node": "^14.17.0 || ^16.13.0 || >=18.0.0" + }, + "tap": { + "branches": 97, + "nyc-arg": [ + "--exclude", + "tap-snapshots/**" + ] + }, + "templateOSS": { + "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.", + "version": "4.10.0" + } +} diff --git a/node_modules/pacote/node_modules/hosted-git-info/LICENSE b/node_modules/pacote/node_modules/hosted-git-info/LICENSE new file mode 100644 index 0000000000000..45055763dc838 --- /dev/null +++ b/node_modules/pacote/node_modules/hosted-git-info/LICENSE @@ -0,0 +1,13 @@ +Copyright (c) 2015, Rebecca Turner + +Permission to use, copy, modify, and/or distribute this software for any +purpose with or without fee is hereby granted, provided that the above +copyright notice and this permission notice appear in all copies. + +THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH +REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND +FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, +INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR +OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +PERFORMANCE OF THIS SOFTWARE. diff --git a/node_modules/pacote/node_modules/hosted-git-info/lib/from-url.js b/node_modules/pacote/node_modules/hosted-git-info/lib/from-url.js new file mode 100644 index 0000000000000..efc1247d59d12 --- /dev/null +++ b/node_modules/pacote/node_modules/hosted-git-info/lib/from-url.js @@ -0,0 +1,122 @@ +'use strict' + +const parseUrl = require('./parse-url') + +// look for github shorthand inputs, such as npm/cli +const isGitHubShorthand = (arg) => { + // it cannot contain whitespace before the first # + // it cannot start with a / because that's probably an absolute file path + // but it must include a slash since repos are username/repository + // it cannot start with a . because that's probably a relative file path + // it cannot start with an @ because that's a scoped package if it passes the other tests + // it cannot contain a : before a # because that tells us that there's a protocol + // a second / may not exist before a # + const firstHash = arg.indexOf('#') + const firstSlash = arg.indexOf('/') + const secondSlash = arg.indexOf('/', firstSlash + 1) + const firstColon = arg.indexOf(':') + const firstSpace = /\s/.exec(arg) + const firstAt = arg.indexOf('@') + + const spaceOnlyAfterHash = !firstSpace || (firstHash > -1 && firstSpace.index > firstHash) + const atOnlyAfterHash = firstAt === -1 || (firstHash > -1 && firstAt > firstHash) + const colonOnlyAfterHash = firstColon === -1 || (firstHash > -1 && firstColon > firstHash) + const secondSlashOnlyAfterHash = secondSlash === -1 || (firstHash > -1 && secondSlash > firstHash) + const hasSlash = firstSlash > 0 + // if a # is found, what we really want to know is that the character + // immediately before # is not a / + const doesNotEndWithSlash = firstHash > -1 ? arg[firstHash - 1] !== '/' : !arg.endsWith('/') + const doesNotStartWithDot = !arg.startsWith('.') + + return spaceOnlyAfterHash && hasSlash && doesNotEndWithSlash && + doesNotStartWithDot && atOnlyAfterHash && colonOnlyAfterHash && + secondSlashOnlyAfterHash +} + +module.exports = (giturl, opts, { gitHosts, protocols }) => { + if (!giturl) { + return + } + + const correctedUrl = isGitHubShorthand(giturl) ? `github:${giturl}` : giturl + const parsed = parseUrl(correctedUrl, protocols) + if (!parsed) { + return + } + + const gitHostShortcut = gitHosts.byShortcut[parsed.protocol] + const gitHostDomain = gitHosts.byDomain[parsed.hostname.startsWith('www.') + ? parsed.hostname.slice(4) + : parsed.hostname] + const gitHostName = gitHostShortcut || gitHostDomain + if (!gitHostName) { + return + } + + const gitHostInfo = gitHosts[gitHostShortcut || gitHostDomain] + let auth = null + if (protocols[parsed.protocol]?.auth && (parsed.username || parsed.password)) { + auth = `${parsed.username}${parsed.password ? ':' + parsed.password : ''}` + } + + let committish = null + let user = null + let project = null + let defaultRepresentation = null + + try { + if (gitHostShortcut) { + let pathname = parsed.pathname.startsWith('/') ? parsed.pathname.slice(1) : parsed.pathname + const firstAt = pathname.indexOf('@') + // we ignore auth for shortcuts, so just trim it out + if (firstAt > -1) { + pathname = pathname.slice(firstAt + 1) + } + + const lastSlash = pathname.lastIndexOf('/') + if (lastSlash > -1) { + user = decodeURIComponent(pathname.slice(0, lastSlash)) + // we want nulls only, never empty strings + if (!user) { + user = null + } + project = decodeURIComponent(pathname.slice(lastSlash + 1)) + } else { + project = decodeURIComponent(pathname) + } + + if (project.endsWith('.git')) { + project = project.slice(0, -4) + } + + if (parsed.hash) { + committish = decodeURIComponent(parsed.hash.slice(1)) + } + + defaultRepresentation = 'shortcut' + } else { + if (!gitHostInfo.protocols.includes(parsed.protocol)) { + return + } + + const segments = gitHostInfo.extract(parsed) + if (!segments) { + return + } + + user = segments.user && decodeURIComponent(segments.user) + project = decodeURIComponent(segments.project) + committish = decodeURIComponent(segments.committish) + defaultRepresentation = protocols[parsed.protocol]?.name || parsed.protocol.slice(0, -1) + } + } catch (err) { + /* istanbul ignore else */ + if (err instanceof URIError) { + return + } else { + throw err + } + } + + return [gitHostName, user, auth, project, committish, defaultRepresentation, opts] +} diff --git a/node_modules/pacote/node_modules/hosted-git-info/lib/hosts.js b/node_modules/pacote/node_modules/hosted-git-info/lib/hosts.js new file mode 100644 index 0000000000000..013712b7842c8 --- /dev/null +++ b/node_modules/pacote/node_modules/hosted-git-info/lib/hosts.js @@ -0,0 +1,228 @@ +/* eslint-disable max-len */ + +'use strict' + +const maybeJoin = (...args) => args.every(arg => arg) ? args.join('') : '' +const maybeEncode = (arg) => arg ? encodeURIComponent(arg) : '' +const formatHashFragment = (f) => f.toLowerCase().replace(/^\W+|\/|\W+$/g, '').replace(/\W+/g, '-') + +const defaults = { + sshtemplate: ({ domain, user, project, committish }) => + `git@${domain}:${user}/${project}.git${maybeJoin('#', committish)}`, + sshurltemplate: ({ domain, user, project, committish }) => + `git+ssh://git@${domain}/${user}/${project}.git${maybeJoin('#', committish)}`, + edittemplate: ({ domain, user, project, committish, editpath, path }) => + `https://${domain}/${user}/${project}${maybeJoin('/', editpath, '/', maybeEncode(committish || 'HEAD'), '/', path)}`, + browsetemplate: ({ domain, user, project, committish, treepath }) => + `https://${domain}/${user}/${project}${maybeJoin('/', treepath, '/', maybeEncode(committish))}`, + browsetreetemplate: ({ domain, user, project, committish, treepath, path, fragment, hashformat }) => + `https://${domain}/${user}/${project}/${treepath}/${maybeEncode(committish || 'HEAD')}/${path}${maybeJoin('#', hashformat(fragment || ''))}`, + browseblobtemplate: ({ domain, user, project, committish, blobpath, path, fragment, hashformat }) => + `https://${domain}/${user}/${project}/${blobpath}/${maybeEncode(committish || 'HEAD')}/${path}${maybeJoin('#', hashformat(fragment || ''))}`, + docstemplate: ({ domain, user, project, treepath, committish }) => + `https://${domain}/${user}/${project}${maybeJoin('/', treepath, '/', maybeEncode(committish))}#readme`, + httpstemplate: ({ auth, domain, user, project, committish }) => + `git+https://${maybeJoin(auth, '@')}${domain}/${user}/${project}.git${maybeJoin('#', committish)}`, + filetemplate: ({ domain, user, project, committish, path }) => + `https://${domain}/${user}/${project}/raw/${maybeEncode(committish || 'HEAD')}/${path}`, + shortcuttemplate: ({ type, user, project, committish }) => + `${type}:${user}/${project}${maybeJoin('#', committish)}`, + pathtemplate: ({ user, project, committish }) => + `${user}/${project}${maybeJoin('#', committish)}`, + bugstemplate: ({ domain, user, project }) => + `https://${domain}/${user}/${project}/issues`, + hashformat: formatHashFragment, +} + +const hosts = {} +hosts.github = { + // First two are insecure and generally shouldn't be used any more, but + // they are still supported. + protocols: ['git:', 'http:', 'git+ssh:', 'git+https:', 'ssh:', 'https:'], + domain: 'github.com', + treepath: 'tree', + blobpath: 'blob', + editpath: 'edit', + filetemplate: ({ auth, user, project, committish, path }) => + `https://${maybeJoin(auth, '@')}raw.githubusercontent.com/${user}/${project}/${maybeEncode(committish || 'HEAD')}/${path}`, + gittemplate: ({ auth, domain, user, project, committish }) => + `git://${maybeJoin(auth, '@')}${domain}/${user}/${project}.git${maybeJoin('#', committish)}`, + tarballtemplate: ({ domain, user, project, committish }) => + `https://codeload.${domain}/${user}/${project}/tar.gz/${maybeEncode(committish || 'HEAD')}`, + extract: (url) => { + let [, user, project, type, committish] = url.pathname.split('/', 5) + if (type && type !== 'tree') { + return + } + + if (!type) { + committish = url.hash.slice(1) + } + + if (project && project.endsWith('.git')) { + project = project.slice(0, -4) + } + + if (!user || !project) { + return + } + + return { user, project, committish } + }, +} + +hosts.bitbucket = { + protocols: ['git+ssh:', 'git+https:', 'ssh:', 'https:'], + domain: 'bitbucket.org', + treepath: 'src', + blobpath: 'src', + editpath: '?mode=edit', + edittemplate: ({ domain, user, project, committish, treepath, path, editpath }) => + `https://${domain}/${user}/${project}${maybeJoin('/', treepath, '/', maybeEncode(committish || 'HEAD'), '/', path, editpath)}`, + tarballtemplate: ({ domain, user, project, committish }) => + `https://${domain}/${user}/${project}/get/${maybeEncode(committish || 'HEAD')}.tar.gz`, + extract: (url) => { + let [, user, project, aux] = url.pathname.split('/', 4) + if (['get'].includes(aux)) { + return + } + + if (project && project.endsWith('.git')) { + project = project.slice(0, -4) + } + + if (!user || !project) { + return + } + + return { user, project, committish: url.hash.slice(1) } + }, +} + +hosts.gitlab = { + protocols: ['git+ssh:', 'git+https:', 'ssh:', 'https:'], + domain: 'gitlab.com', + treepath: 'tree', + blobpath: 'tree', + editpath: '-/edit', + httpstemplate: ({ auth, domain, user, project, committish }) => + `git+https://${maybeJoin(auth, '@')}${domain}/${user}/${project}.git${maybeJoin('#', committish)}`, + tarballtemplate: ({ domain, user, project, committish }) => + `https://${domain}/${user}/${project}/repository/archive.tar.gz?ref=${maybeEncode(committish || 'HEAD')}`, + extract: (url) => { + const path = url.pathname.slice(1) + if (path.includes('/-/') || path.includes('/archive.tar.gz')) { + return + } + + const segments = path.split('/') + let project = segments.pop() + if (project.endsWith('.git')) { + project = project.slice(0, -4) + } + + const user = segments.join('/') + if (!user || !project) { + return + } + + return { user, project, committish: url.hash.slice(1) } + }, +} + +hosts.gist = { + protocols: ['git:', 'git+ssh:', 'git+https:', 'ssh:', 'https:'], + domain: 'gist.github.com', + editpath: 'edit', + sshtemplate: ({ domain, project, committish }) => + `git@${domain}:${project}.git${maybeJoin('#', committish)}`, + sshurltemplate: ({ domain, project, committish }) => + `git+ssh://git@${domain}/${project}.git${maybeJoin('#', committish)}`, + edittemplate: ({ domain, user, project, committish, editpath }) => + `https://${domain}/${user}/${project}${maybeJoin('/', maybeEncode(committish))}/${editpath}`, + browsetemplate: ({ domain, project, committish }) => + `https://${domain}/${project}${maybeJoin('/', maybeEncode(committish))}`, + browsetreetemplate: ({ domain, project, committish, path, hashformat }) => + `https://${domain}/${project}${maybeJoin('/', maybeEncode(committish))}${maybeJoin('#', hashformat(path))}`, + browseblobtemplate: ({ domain, project, committish, path, hashformat }) => + `https://${domain}/${project}${maybeJoin('/', maybeEncode(committish))}${maybeJoin('#', hashformat(path))}`, + docstemplate: ({ domain, project, committish }) => + `https://${domain}/${project}${maybeJoin('/', maybeEncode(committish))}`, + httpstemplate: ({ domain, project, committish }) => + `git+https://${domain}/${project}.git${maybeJoin('#', committish)}`, + filetemplate: ({ user, project, committish, path }) => + `https://gist.githubusercontent.com/${user}/${project}/raw${maybeJoin('/', maybeEncode(committish))}/${path}`, + shortcuttemplate: ({ type, project, committish }) => + `${type}:${project}${maybeJoin('#', committish)}`, + pathtemplate: ({ project, committish }) => + `${project}${maybeJoin('#', committish)}`, + bugstemplate: ({ domain, project }) => + `https://${domain}/${project}`, + gittemplate: ({ domain, project, committish }) => + `git://${domain}/${project}.git${maybeJoin('#', committish)}`, + tarballtemplate: ({ project, committish }) => + `https://codeload.github.com/gist/${project}/tar.gz/${maybeEncode(committish || 'HEAD')}`, + extract: (url) => { + let [, user, project, aux] = url.pathname.split('/', 4) + if (aux === 'raw') { + return + } + + if (!project) { + if (!user) { + return + } + + project = user + user = null + } + + if (project.endsWith('.git')) { + project = project.slice(0, -4) + } + + return { user, project, committish: url.hash.slice(1) } + }, + hashformat: function (fragment) { + return fragment && 'file-' + formatHashFragment(fragment) + }, +} + +hosts.sourcehut = { + protocols: ['git+ssh:', 'https:'], + domain: 'git.sr.ht', + treepath: 'tree', + blobpath: 'tree', + filetemplate: ({ domain, user, project, committish, path }) => + `https://${domain}/${user}/${project}/blob/${maybeEncode(committish) || 'HEAD'}/${path}`, + httpstemplate: ({ domain, user, project, committish }) => + `https://${domain}/${user}/${project}.git${maybeJoin('#', committish)}`, + tarballtemplate: ({ domain, user, project, committish }) => + `https://${domain}/${user}/${project}/archive/${maybeEncode(committish) || 'HEAD'}.tar.gz`, + bugstemplate: ({ user, project }) => + `https://todo.sr.ht/${user}/${project}`, + extract: (url) => { + let [, user, project, aux] = url.pathname.split('/', 4) + + // tarball url + if (['archive'].includes(aux)) { + return + } + + if (project && project.endsWith('.git')) { + project = project.slice(0, -4) + } + + if (!user || !project) { + return + } + + return { user, project, committish: url.hash.slice(1) } + }, +} + +for (const [name, host] of Object.entries(hosts)) { + hosts[name] = Object.assign({}, defaults, host) +} + +module.exports = hosts diff --git a/node_modules/pacote/node_modules/hosted-git-info/lib/index.js b/node_modules/pacote/node_modules/hosted-git-info/lib/index.js new file mode 100644 index 0000000000000..a7339c217e9a3 --- /dev/null +++ b/node_modules/pacote/node_modules/hosted-git-info/lib/index.js @@ -0,0 +1,179 @@ +'use strict' + +const LRU = require('lru-cache') +const hosts = require('./hosts.js') +const fromUrl = require('./from-url.js') +const parseUrl = require('./parse-url.js') + +const cache = new LRU({ max: 1000 }) + +class GitHost { + constructor (type, user, auth, project, committish, defaultRepresentation, opts = {}) { + Object.assign(this, GitHost.#gitHosts[type], { + type, + user, + auth, + project, + committish, + default: defaultRepresentation, + opts, + }) + } + + static #gitHosts = { byShortcut: {}, byDomain: {} } + static #protocols = { + 'git+ssh:': { name: 'sshurl' }, + 'ssh:': { name: 'sshurl' }, + 'git+https:': { name: 'https', auth: true }, + 'git:': { auth: true }, + 'http:': { auth: true }, + 'https:': { auth: true }, + 'git+http:': { auth: true }, + } + + static addHost (name, host) { + GitHost.#gitHosts[name] = host + GitHost.#gitHosts.byDomain[host.domain] = name + GitHost.#gitHosts.byShortcut[`${name}:`] = name + GitHost.#protocols[`${name}:`] = { name } + } + + static fromUrl (giturl, opts) { + if (typeof giturl !== 'string') { + return + } + + const key = giturl + JSON.stringify(opts || {}) + + if (!cache.has(key)) { + const hostArgs = fromUrl(giturl, opts, { + gitHosts: GitHost.#gitHosts, + protocols: GitHost.#protocols, + }) + cache.set(key, hostArgs ? new GitHost(...hostArgs) : undefined) + } + + return cache.get(key) + } + + static parseUrl (url) { + return parseUrl(url) + } + + #fill (template, opts) { + if (typeof template !== 'function') { + return null + } + + const options = { ...this, ...this.opts, ...opts } + + // the path should always be set so we don't end up with 'undefined' in urls + if (!options.path) { + options.path = '' + } + + // template functions will insert the leading slash themselves + if (options.path.startsWith('/')) { + options.path = options.path.slice(1) + } + + if (options.noCommittish) { + options.committish = null + } + + const result = template(options) + return options.noGitPlus && result.startsWith('git+') ? result.slice(4) : result + } + + hash () { + return this.committish ? `#${this.committish}` : '' + } + + ssh (opts) { + return this.#fill(this.sshtemplate, opts) + } + + sshurl (opts) { + return this.#fill(this.sshurltemplate, opts) + } + + browse (path, ...args) { + // not a string, treat path as opts + if (typeof path !== 'string') { + return this.#fill(this.browsetemplate, path) + } + + if (typeof args[0] !== 'string') { + return this.#fill(this.browsetreetemplate, { ...args[0], path }) + } + + return this.#fill(this.browsetreetemplate, { ...args[1], fragment: args[0], path }) + } + + // If the path is known to be a file, then browseFile should be used. For some hosts + // the url is the same as browse, but for others like GitHub a file can use both `/tree/` + // and `/blob/` in the path. When using a default committish of `HEAD` then the `/tree/` + // path will redirect to a specific commit. Using the `/blob/` path avoids this and + // does not redirect to a different commit. + browseFile (path, ...args) { + if (typeof args[0] !== 'string') { + return this.#fill(this.browseblobtemplate, { ...args[0], path }) + } + + return this.#fill(this.browseblobtemplate, { ...args[1], fragment: args[0], path }) + } + + docs (opts) { + return this.#fill(this.docstemplate, opts) + } + + bugs (opts) { + return this.#fill(this.bugstemplate, opts) + } + + https (opts) { + return this.#fill(this.httpstemplate, opts) + } + + git (opts) { + return this.#fill(this.gittemplate, opts) + } + + shortcut (opts) { + return this.#fill(this.shortcuttemplate, opts) + } + + path (opts) { + return this.#fill(this.pathtemplate, opts) + } + + tarball (opts) { + return this.#fill(this.tarballtemplate, { ...opts, noCommittish: false }) + } + + file (path, opts) { + return this.#fill(this.filetemplate, { ...opts, path }) + } + + edit (path, opts) { + return this.#fill(this.edittemplate, { ...opts, path }) + } + + getDefaultRepresentation () { + return this.default + } + + toString (opts) { + if (this.default && typeof this[this.default] === 'function') { + return this[this.default](opts) + } + + return this.sshurl(opts) + } +} + +for (const [name, host] of Object.entries(hosts)) { + GitHost.addHost(name, host) +} + +module.exports = GitHost diff --git a/node_modules/pacote/node_modules/hosted-git-info/lib/parse-url.js b/node_modules/pacote/node_modules/hosted-git-info/lib/parse-url.js new file mode 100644 index 0000000000000..7d5489c008ab4 --- /dev/null +++ b/node_modules/pacote/node_modules/hosted-git-info/lib/parse-url.js @@ -0,0 +1,78 @@ +const url = require('url') + +const lastIndexOfBefore = (str, char, beforeChar) => { + const startPosition = str.indexOf(beforeChar) + return str.lastIndexOf(char, startPosition > -1 ? startPosition : Infinity) +} + +const safeUrl = (u) => { + try { + return new url.URL(u) + } catch { + // this fn should never throw + } +} + +// accepts input like git:github.com:user/repo and inserts the // after the first : +const correctProtocol = (arg, protocols) => { + const firstColon = arg.indexOf(':') + const proto = arg.slice(0, firstColon + 1) + if (Object.prototype.hasOwnProperty.call(protocols, proto)) { + return arg + } + + const firstAt = arg.indexOf('@') + if (firstAt > -1) { + if (firstAt > firstColon) { + return `git+ssh://${arg}` + } else { + return arg + } + } + + const doubleSlash = arg.indexOf('//') + if (doubleSlash === firstColon + 1) { + return arg + } + + return `${arg.slice(0, firstColon + 1)}//${arg.slice(firstColon + 1)}` +} + +// attempt to correct an scp style url so that it will parse with `new URL()` +const correctUrl = (giturl) => { + // ignore @ that come after the first hash since the denotes the start + // of a committish which can contain @ characters + const firstAt = lastIndexOfBefore(giturl, '@', '#') + // ignore colons that come after the hash since that could include colons such as: + // git@github.com:user/package-2#semver:^1.0.0 + const lastColonBeforeHash = lastIndexOfBefore(giturl, ':', '#') + + if (lastColonBeforeHash > firstAt) { + // the last : comes after the first @ (or there is no @) + // like it would in: + // proto://hostname.com:user/repo + // username@hostname.com:user/repo + // :password@hostname.com:user/repo + // username:password@hostname.com:user/repo + // proto://username@hostname.com:user/repo + // proto://:password@hostname.com:user/repo + // proto://username:password@hostname.com:user/repo + // then we replace the last : with a / to create a valid path + giturl = giturl.slice(0, lastColonBeforeHash) + '/' + giturl.slice(lastColonBeforeHash + 1) + } + + if (lastIndexOfBefore(giturl, ':', '#') === -1 && giturl.indexOf('//') === -1) { + // we have no : at all + // as it would be in: + // username@hostname.com/user/repo + // then we prepend a protocol + giturl = `git+ssh://${giturl}` + } + + return giturl +} + +module.exports = (giturl, protocols) => { + const withProtocol = protocols ? correctProtocol(giturl, protocols) : giturl + return safeUrl(withProtocol) || safeUrl(correctUrl(withProtocol)) +} diff --git a/node_modules/pacote/node_modules/hosted-git-info/package.json b/node_modules/pacote/node_modules/hosted-git-info/package.json new file mode 100644 index 0000000000000..612259948afe7 --- /dev/null +++ b/node_modules/pacote/node_modules/hosted-git-info/package.json @@ -0,0 +1,59 @@ +{ + "name": "hosted-git-info", + "version": "6.1.1", + "description": "Provides metadata and conversions from repository urls for GitHub, Bitbucket and GitLab", + "main": "./lib/index.js", + "repository": { + "type": "git", + "url": "https://github.com/npm/hosted-git-info.git" + }, + "keywords": [ + "git", + "github", + "bitbucket", + "gitlab" + ], + "author": "GitHub Inc.", + "license": "ISC", + "bugs": { + "url": "https://github.com/npm/hosted-git-info/issues" + }, + "homepage": "https://github.com/npm/hosted-git-info", + "scripts": { + "posttest": "npm run lint", + "snap": "tap", + "test": "tap", + "test:coverage": "tap --coverage-report=html", + "lint": "eslint \"**/*.js\"", + "postlint": "template-oss-check", + "lintfix": "npm run lint -- --fix", + "template-oss-apply": "template-oss-apply --force" + }, + "dependencies": { + "lru-cache": "^7.5.1" + }, + "devDependencies": { + "@npmcli/eslint-config": "^4.0.0", + "@npmcli/template-oss": "4.7.1", + "tap": "^16.0.1" + }, + "files": [ + "bin/", + "lib/" + ], + "engines": { + "node": "^14.17.0 || ^16.13.0 || >=18.0.0" + }, + "tap": { + "color": 1, + "coverage": true, + "nyc-arg": [ + "--exclude", + "tap-snapshots/**" + ] + }, + "templateOSS": { + "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.", + "version": "4.7.1" + } +} diff --git a/node_modules/pacote/node_modules/npm-package-arg/LICENSE b/node_modules/pacote/node_modules/npm-package-arg/LICENSE new file mode 100644 index 0000000000000..19cec97b18468 --- /dev/null +++ b/node_modules/pacote/node_modules/npm-package-arg/LICENSE @@ -0,0 +1,15 @@ +The ISC License + +Copyright (c) npm, Inc. + +Permission to use, copy, modify, and/or distribute this software for any +purpose with or without fee is hereby granted, provided that the above +copyright notice and this permission notice appear in all copies. + +THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR +IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. diff --git a/node_modules/pacote/node_modules/npm-package-arg/lib/npa.js b/node_modules/pacote/node_modules/npm-package-arg/lib/npa.js new file mode 100644 index 0000000000000..36bd18cd9f9a6 --- /dev/null +++ b/node_modules/pacote/node_modules/npm-package-arg/lib/npa.js @@ -0,0 +1,431 @@ +'use strict' +module.exports = npa +module.exports.resolve = resolve +module.exports.toPurl = toPurl +module.exports.Result = Result + +const url = require('url') +const HostedGit = require('hosted-git-info') +const semver = require('semver') +const path = global.FAKE_WINDOWS ? require('path').win32 : require('path') +const validatePackageName = require('validate-npm-package-name') +const { homedir } = require('os') +const log = require('proc-log') + +const isWindows = process.platform === 'win32' || global.FAKE_WINDOWS +const hasSlashes = isWindows ? /\\|[/]/ : /[/]/ +const isURL = /^(?:git[+])?[a-z]+:/i +const isGit = /^[^@]+@[^:.]+\.[^:]+:.+$/i +const isFilename = /[.](?:tgz|tar.gz|tar)$/i + +function npa (arg, where) { + let name + let spec + if (typeof arg === 'object') { + if (arg instanceof Result && (!where || where === arg.where)) { + return arg + } else if (arg.name && arg.rawSpec) { + return npa.resolve(arg.name, arg.rawSpec, where || arg.where) + } else { + return npa(arg.raw, where || arg.where) + } + } + const nameEndsAt = arg[0] === '@' ? arg.slice(1).indexOf('@') + 1 : arg.indexOf('@') + const namePart = nameEndsAt > 0 ? arg.slice(0, nameEndsAt) : arg + if (isURL.test(arg)) { + spec = arg + } else if (isGit.test(arg)) { + spec = `git+ssh://${arg}` + } else if (namePart[0] !== '@' && (hasSlashes.test(namePart) || isFilename.test(namePart))) { + spec = arg + } else if (nameEndsAt > 0) { + name = namePart + spec = arg.slice(nameEndsAt + 1) || '*' + } else { + const valid = validatePackageName(arg) + if (valid.validForOldPackages) { + name = arg + spec = '*' + } else { + spec = arg + } + } + return resolve(name, spec, where, arg) +} + +const isFilespec = isWindows ? /^(?:[.]|~[/]|[/\\]|[a-zA-Z]:)/ : /^(?:[.]|~[/]|[/]|[a-zA-Z]:)/ + +function resolve (name, spec, where, arg) { + const res = new Result({ + raw: arg, + name: name, + rawSpec: spec, + fromArgument: arg != null, + }) + + if (name) { + res.setName(name) + } + + if (spec && (isFilespec.test(spec) || /^file:/i.test(spec))) { + return fromFile(res, where) + } else if (spec && /^npm:/i.test(spec)) { + return fromAlias(res, where) + } + + const hosted = HostedGit.fromUrl(spec, { + noGitPlus: true, + noCommittish: true, + }) + if (hosted) { + return fromHostedGit(res, hosted) + } else if (spec && isURL.test(spec)) { + return fromURL(res) + } else if (spec && (hasSlashes.test(spec) || isFilename.test(spec))) { + return fromFile(res, where) + } else { + return fromRegistry(res) + } +} + +const defaultRegistry = 'https://registry.npmjs.org' + +function toPurl (arg, reg = defaultRegistry) { + const res = npa(arg) + + if (res.type !== 'version') { + throw invalidPurlType(res.type, res.raw) + } + + // URI-encode leading @ of scoped packages + let purl = 'pkg:npm/' + res.name.replace(/^@/, '%40') + '@' + res.rawSpec + if (reg !== defaultRegistry) { + purl += '?repository_url=' + reg + } + + return purl +} + +function invalidPackageName (name, valid, raw) { + // eslint-disable-next-line max-len + const err = new Error(`Invalid package name "${name}" of package "${raw}": ${valid.errors.join('; ')}.`) + err.code = 'EINVALIDPACKAGENAME' + return err +} + +function invalidTagName (name, raw) { + // eslint-disable-next-line max-len + const err = new Error(`Invalid tag name "${name}" of package "${raw}": Tags may not have any characters that encodeURIComponent encodes.`) + err.code = 'EINVALIDTAGNAME' + return err +} + +function invalidPurlType (type, raw) { + // eslint-disable-next-line max-len + const err = new Error(`Invalid type "${type}" of package "${raw}": Purl can only be generated for "version" types.`) + err.code = 'EINVALIDPURLTYPE' + return err +} + +function Result (opts) { + this.type = opts.type + this.registry = opts.registry + this.where = opts.where + if (opts.raw == null) { + this.raw = opts.name ? opts.name + '@' + opts.rawSpec : opts.rawSpec + } else { + this.raw = opts.raw + } + + this.name = undefined + this.escapedName = undefined + this.scope = undefined + this.rawSpec = opts.rawSpec || '' + this.saveSpec = opts.saveSpec + this.fetchSpec = opts.fetchSpec + if (opts.name) { + this.setName(opts.name) + } + this.gitRange = opts.gitRange + this.gitCommittish = opts.gitCommittish + this.gitSubdir = opts.gitSubdir + this.hosted = opts.hosted +} + +Result.prototype.setName = function (name) { + const valid = validatePackageName(name) + if (!valid.validForOldPackages) { + throw invalidPackageName(name, valid, this.raw) + } + + this.name = name + this.scope = name[0] === '@' ? name.slice(0, name.indexOf('/')) : undefined + // scoped packages in couch must have slash url-encoded, e.g. @foo%2Fbar + this.escapedName = name.replace('/', '%2f') + return this +} + +Result.prototype.toString = function () { + const full = [] + if (this.name != null && this.name !== '') { + full.push(this.name) + } + const spec = this.saveSpec || this.fetchSpec || this.rawSpec + if (spec != null && spec !== '') { + full.push(spec) + } + return full.length ? full.join('@') : this.raw +} + +Result.prototype.toJSON = function () { + const result = Object.assign({}, this) + delete result.hosted + return result +} + +function setGitCommittish (res, committish) { + if (!committish) { + res.gitCommittish = null + return res + } + + // for each :: separated item: + for (const part of committish.split('::')) { + // if the item has no : the n it is a commit-ish + if (!part.includes(':')) { + if (res.gitRange) { + throw new Error('cannot override existing semver range with a committish') + } + if (res.gitCommittish) { + throw new Error('cannot override existing committish with a second committish') + } + res.gitCommittish = part + continue + } + // split on name:value + const [name, value] = part.split(':') + // if name is semver do semver lookup of ref or tag + if (name === 'semver') { + if (res.gitCommittish) { + throw new Error('cannot override existing committish with a semver range') + } + if (res.gitRange) { + throw new Error('cannot override existing semver range with a second semver range') + } + res.gitRange = decodeURIComponent(value) + continue + } + if (name === 'path') { + if (res.gitSubdir) { + throw new Error('cannot override existing path with a second path') + } + res.gitSubdir = `/${value}` + continue + } + log.warn('npm-package-arg', `ignoring unknown key "${name}"`) + } + + return res +} + +function fromFile (res, where) { + if (!where) { + where = process.cwd() + } + res.type = isFilename.test(res.rawSpec) ? 'file' : 'directory' + res.where = where + + // always put the '/' on where when resolving urls, or else + // file:foo from /path/to/bar goes to /path/to/foo, when we want + // it to be /path/to/bar/foo + + let specUrl + let resolvedUrl + const prefix = (!/^file:/.test(res.rawSpec) ? 'file:' : '') + const rawWithPrefix = prefix + res.rawSpec + let rawNoPrefix = rawWithPrefix.replace(/^file:/, '') + try { + resolvedUrl = new url.URL(rawWithPrefix, `file://${path.resolve(where)}/`) + specUrl = new url.URL(rawWithPrefix) + } catch (originalError) { + const er = new Error('Invalid file: URL, must comply with RFC 8909') + throw Object.assign(er, { + raw: res.rawSpec, + spec: res, + where, + originalError, + }) + } + + // environment switch for testing + if (process.env.NPM_PACKAGE_ARG_8909_STRICT !== '1') { + // XXX backwards compatibility lack of compliance with 8909 + // Remove when we want a breaking change to come into RFC compliance. + if (resolvedUrl.host && resolvedUrl.host !== 'localhost') { + const rawSpec = res.rawSpec.replace(/^file:\/\//, 'file:///') + resolvedUrl = new url.URL(rawSpec, `file://${path.resolve(where)}/`) + specUrl = new url.URL(rawSpec) + rawNoPrefix = rawSpec.replace(/^file:/, '') + } + // turn file:/../foo into file:../foo + // for 1, 2 or 3 leading slashes since we attempted + // in the previous step to make it a file protocol url with a leading slash + if (/^\/{1,3}\.\.?(\/|$)/.test(rawNoPrefix)) { + const rawSpec = res.rawSpec.replace(/^file:\/{1,3}/, 'file:') + resolvedUrl = new url.URL(rawSpec, `file://${path.resolve(where)}/`) + specUrl = new url.URL(rawSpec) + rawNoPrefix = rawSpec.replace(/^file:/, '') + } + // XXX end 8909 violation backwards compatibility section + } + + // file:foo - relative url to ./foo + // file:/foo - absolute path /foo + // file:///foo - absolute path to /foo, no authority host + // file://localhost/foo - absolute path to /foo, on localhost + // file://foo - absolute path to / on foo host (error!) + if (resolvedUrl.host && resolvedUrl.host !== 'localhost') { + const msg = `Invalid file: URL, must be absolute if // present` + throw Object.assign(new Error(msg), { + raw: res.rawSpec, + parsed: resolvedUrl, + }) + } + + // turn /C:/blah into just C:/blah on windows + let specPath = decodeURIComponent(specUrl.pathname) + let resolvedPath = decodeURIComponent(resolvedUrl.pathname) + if (isWindows) { + specPath = specPath.replace(/^\/+([a-z]:\/)/i, '$1') + resolvedPath = resolvedPath.replace(/^\/+([a-z]:\/)/i, '$1') + } + + // replace ~ with homedir, but keep the ~ in the saveSpec + // otherwise, make it relative to where param + if (/^\/~(\/|$)/.test(specPath)) { + res.saveSpec = `file:${specPath.substr(1)}` + resolvedPath = path.resolve(homedir(), specPath.substr(3)) + } else if (!path.isAbsolute(rawNoPrefix)) { + res.saveSpec = `file:${path.relative(where, resolvedPath)}` + } else { + res.saveSpec = `file:${path.resolve(resolvedPath)}` + } + + res.fetchSpec = path.resolve(where, resolvedPath) + return res +} + +function fromHostedGit (res, hosted) { + res.type = 'git' + res.hosted = hosted + res.saveSpec = hosted.toString({ noGitPlus: false, noCommittish: false }) + res.fetchSpec = hosted.getDefaultRepresentation() === 'shortcut' ? null : hosted.toString() + return setGitCommittish(res, hosted.committish) +} + +function unsupportedURLType (protocol, spec) { + const err = new Error(`Unsupported URL Type "${protocol}": ${spec}`) + err.code = 'EUNSUPPORTEDPROTOCOL' + return err +} + +function matchGitScp (spec) { + // git ssh specifiers are overloaded to also use scp-style git + // specifiers, so we have to parse those out and treat them special. + // They are NOT true URIs, so we can't hand them to `url.parse`. + // + // This regex looks for things that look like: + // git+ssh://git@my.custom.git.com:username/project.git#deadbeef + // + // ...and various combinations. The username in the beginning is *required*. + const matched = spec.match(/^git\+ssh:\/\/([^:#]+:[^#]+(?:\.git)?)(?:#(.*))?$/i) + return matched && !matched[1].match(/:[0-9]+\/?.*$/i) && { + fetchSpec: matched[1], + gitCommittish: matched[2] == null ? null : matched[2], + } +} + +function fromURL (res) { + // eslint-disable-next-line node/no-deprecated-api + const urlparse = url.parse(res.rawSpec) + res.saveSpec = res.rawSpec + // check the protocol, and then see if it's git or not + switch (urlparse.protocol) { + case 'git:': + case 'git+http:': + case 'git+https:': + case 'git+rsync:': + case 'git+ftp:': + case 'git+file:': + case 'git+ssh:': { + res.type = 'git' + const match = urlparse.protocol === 'git+ssh:' ? matchGitScp(res.rawSpec) + : null + if (match) { + setGitCommittish(res, match.gitCommittish) + res.fetchSpec = match.fetchSpec + } else { + setGitCommittish(res, urlparse.hash != null ? urlparse.hash.slice(1) : '') + urlparse.protocol = urlparse.protocol.replace(/^git[+]/, '') + if (urlparse.protocol === 'file:' && /^git\+file:\/\/[a-z]:/i.test(res.rawSpec)) { + // keep the drive letter : on windows file paths + urlparse.host += ':' + urlparse.hostname += ':' + } + delete urlparse.hash + res.fetchSpec = url.format(urlparse) + } + break + } + case 'http:': + case 'https:': + res.type = 'remote' + res.fetchSpec = res.saveSpec + break + + default: + throw unsupportedURLType(urlparse.protocol, res.rawSpec) + } + + return res +} + +function fromAlias (res, where) { + const subSpec = npa(res.rawSpec.substr(4), where) + if (subSpec.type === 'alias') { + throw new Error('nested aliases not supported') + } + + if (!subSpec.registry) { + throw new Error('aliases only work for registry deps') + } + + res.subSpec = subSpec + res.registry = true + res.type = 'alias' + res.saveSpec = null + res.fetchSpec = null + return res +} + +function fromRegistry (res) { + res.registry = true + const spec = res.rawSpec.trim() + // no save spec for registry components as we save based on the fetched + // version, not on the argument so this can't compute that. + res.saveSpec = null + res.fetchSpec = spec + const version = semver.valid(spec, true) + const range = semver.validRange(spec, true) + if (version) { + res.type = 'version' + } else if (range) { + res.type = 'range' + } else { + if (encodeURIComponent(spec) !== spec) { + throw invalidTagName(spec, res.raw) + } + res.type = 'tag' + } + return res +} diff --git a/node_modules/pacote/node_modules/npm-package-arg/package.json b/node_modules/pacote/node_modules/npm-package-arg/package.json new file mode 100644 index 0000000000000..bb9e71b258a93 --- /dev/null +++ b/node_modules/pacote/node_modules/npm-package-arg/package.json @@ -0,0 +1,59 @@ +{ + "name": "npm-package-arg", + "version": "10.1.0", + "description": "Parse the things that can be arguments to `npm install`", + "main": "./lib/npa.js", + "directories": { + "test": "test" + }, + "files": [ + "bin/", + "lib/" + ], + "dependencies": { + "hosted-git-info": "^6.0.0", + "proc-log": "^3.0.0", + "semver": "^7.3.5", + "validate-npm-package-name": "^5.0.0" + }, + "devDependencies": { + "@npmcli/eslint-config": "^4.0.0", + "@npmcli/template-oss": "4.10.0", + "tap": "^16.0.1" + }, + "scripts": { + "test": "tap", + "snap": "tap", + "npmclilint": "npmcli-lint", + "lint": "eslint \"**/*.js\"", + "lintfix": "npm run lint -- --fix", + "posttest": "npm run lint", + "postsnap": "npm run lintfix --", + "postlint": "template-oss-check", + "template-oss-apply": "template-oss-apply --force" + }, + "repository": { + "type": "git", + "url": "https://github.com/npm/npm-package-arg.git" + }, + "author": "GitHub Inc.", + "license": "ISC", + "bugs": { + "url": "https://github.com/npm/npm-package-arg/issues" + }, + "homepage": "https://github.com/npm/npm-package-arg", + "engines": { + "node": "^14.17.0 || ^16.13.0 || >=18.0.0" + }, + "tap": { + "branches": 97, + "nyc-arg": [ + "--exclude", + "tap-snapshots/**" + ] + }, + "templateOSS": { + "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.", + "version": "4.10.0" + } +} diff --git a/package-lock.json b/package-lock.json index 0d171a58688a3..f6716731f65bf 100644 --- a/package-lock.json +++ b/package-lock.json @@ -131,7 +131,7 @@ "nopt": "^7.2.0", "npm-audit-report": "^5.0.0", "npm-install-checks": "^6.2.0", - "npm-package-arg": "^10.1.0", + "npm-package-arg": "^11.0.0", "npm-pick-manifest": "^8.0.2", "npm-profile": "^8.0.0", "npm-registry-fetch": "^15.0.0", @@ -229,7 +229,7 @@ "@npmcli/template-oss": "4.18.0", "json-stringify-safe": "^5.0.1", "nock": "^13.3.0", - "npm-package-arg": "^10.1.0", + "npm-package-arg": "^11.0.0", "pacote": "^16.0.0", "tap": "^16.3.4" }, @@ -2706,6 +2706,21 @@ "node": "^14.17.0 || ^16.13.0 || >=18.0.0" } }, + "node_modules/@npmcli/template-oss/node_modules/npm-package-arg": { + "version": "10.1.0", + "resolved": "https://registry.npmjs.org/npm-package-arg/-/npm-package-arg-10.1.0.tgz", + "integrity": "sha512-uFyyCEmgBfZTtrKk/5xDfHp6+MdrqGotX/VoOyEEl3mBwiEE5FlBaePanazJSVMPT7vKepcjYBY2ztg9A3yPIA==", + "dev": true, + "dependencies": { + "hosted-git-info": "^6.0.0", + "proc-log": "^3.0.0", + "semver": "^7.3.5", + "validate-npm-package-name": "^5.0.0" + }, + "engines": { + "node": "^14.17.0 || ^16.13.0 || >=18.0.0" + } + }, "node_modules/@octokit/auth-token": { "version": "3.0.3", "resolved": "https://registry.npmjs.org/@octokit/auth-token/-/auth-token-3.0.3.tgz", @@ -6764,6 +6779,33 @@ "node": "^14.17.0 || ^16.13.0 || >=18.0.0" } }, + "node_modules/init-package-json/node_modules/hosted-git-info": { + "version": "6.1.1", + "resolved": "https://registry.npmjs.org/hosted-git-info/-/hosted-git-info-6.1.1.tgz", + "integrity": "sha512-r0EI+HBMcXadMrugk0GCQ+6BQV39PiWAZVfq7oIckeGiN7sjRGyQxPdft3nQekFTCQbYxLBH+/axZMeH8UX6+w==", + "inBundle": true, + "dependencies": { + "lru-cache": "^7.5.1" + }, + "engines": { + "node": "^14.17.0 || ^16.13.0 || >=18.0.0" + } + }, + "node_modules/init-package-json/node_modules/npm-package-arg": { + "version": "10.1.0", + "resolved": "https://registry.npmjs.org/npm-package-arg/-/npm-package-arg-10.1.0.tgz", + "integrity": "sha512-uFyyCEmgBfZTtrKk/5xDfHp6+MdrqGotX/VoOyEEl3mBwiEE5FlBaePanazJSVMPT7vKepcjYBY2ztg9A3yPIA==", + "inBundle": true, + "dependencies": { + "hosted-git-info": "^6.0.0", + "proc-log": "^3.0.0", + "semver": "^7.3.5", + "validate-npm-package-name": "^5.0.0" + }, + "engines": { + "node": "^14.17.0 || ^16.13.0 || >=18.0.0" + } + }, "node_modules/internal-slot": { "version": "1.0.5", "resolved": "https://registry.npmjs.org/internal-slot/-/internal-slot-1.0.5.tgz", @@ -9796,30 +9838,18 @@ } }, "node_modules/npm-package-arg": { - "version": "10.1.0", - "resolved": "https://registry.npmjs.org/npm-package-arg/-/npm-package-arg-10.1.0.tgz", - "integrity": "sha512-uFyyCEmgBfZTtrKk/5xDfHp6+MdrqGotX/VoOyEEl3mBwiEE5FlBaePanazJSVMPT7vKepcjYBY2ztg9A3yPIA==", + "version": "11.0.0", + "resolved": "https://registry.npmjs.org/npm-package-arg/-/npm-package-arg-11.0.0.tgz", + "integrity": "sha512-D8sItaQ8n6VlBUFed3DLz2sCpkabRAjaiLkTamDppvh8lmmAPirzNfBuhJd/2rlmoxZ2S9mOHmIEvzV2z2jOeA==", "inBundle": true, "dependencies": { - "hosted-git-info": "^6.0.0", + "hosted-git-info": "^7.0.0", "proc-log": "^3.0.0", "semver": "^7.3.5", "validate-npm-package-name": "^5.0.0" }, "engines": { - "node": "^14.17.0 || ^16.13.0 || >=18.0.0" - } - }, - "node_modules/npm-package-arg/node_modules/hosted-git-info": { - "version": "6.1.1", - "resolved": "https://registry.npmjs.org/hosted-git-info/-/hosted-git-info-6.1.1.tgz", - "integrity": "sha512-r0EI+HBMcXadMrugk0GCQ+6BQV39PiWAZVfq7oIckeGiN7sjRGyQxPdft3nQekFTCQbYxLBH+/axZMeH8UX6+w==", - "inBundle": true, - "dependencies": { - "lru-cache": "^7.5.1" - }, - "engines": { - "node": "^14.17.0 || ^16.13.0 || >=18.0.0" + "node": "^16.14.0 || >=18.0.0" } }, "node_modules/npm-packlist": { @@ -9849,6 +9879,33 @@ "node": "^14.17.0 || ^16.13.0 || >=18.0.0" } }, + "node_modules/npm-pick-manifest/node_modules/hosted-git-info": { + "version": "6.1.1", + "resolved": "https://registry.npmjs.org/hosted-git-info/-/hosted-git-info-6.1.1.tgz", + "integrity": "sha512-r0EI+HBMcXadMrugk0GCQ+6BQV39PiWAZVfq7oIckeGiN7sjRGyQxPdft3nQekFTCQbYxLBH+/axZMeH8UX6+w==", + "inBundle": true, + "dependencies": { + "lru-cache": "^7.5.1" + }, + "engines": { + "node": "^14.17.0 || ^16.13.0 || >=18.0.0" + } + }, + "node_modules/npm-pick-manifest/node_modules/npm-package-arg": { + "version": "10.1.0", + "resolved": "https://registry.npmjs.org/npm-package-arg/-/npm-package-arg-10.1.0.tgz", + "integrity": "sha512-uFyyCEmgBfZTtrKk/5xDfHp6+MdrqGotX/VoOyEEl3mBwiEE5FlBaePanazJSVMPT7vKepcjYBY2ztg9A3yPIA==", + "inBundle": true, + "dependencies": { + "hosted-git-info": "^6.0.0", + "proc-log": "^3.0.0", + "semver": "^7.3.5", + "validate-npm-package-name": "^5.0.0" + }, + "engines": { + "node": "^14.17.0 || ^16.13.0 || >=18.0.0" + } + }, "node_modules/npm-profile": { "version": "8.0.0", "resolved": "https://registry.npmjs.org/npm-profile/-/npm-profile-8.0.0.tgz", @@ -9916,6 +9973,18 @@ "node": "^14.17.0 || ^16.13.0 || >=18.0.0" } }, + "node_modules/npm-registry-fetch/node_modules/hosted-git-info": { + "version": "6.1.1", + "resolved": "https://registry.npmjs.org/hosted-git-info/-/hosted-git-info-6.1.1.tgz", + "integrity": "sha512-r0EI+HBMcXadMrugk0GCQ+6BQV39PiWAZVfq7oIckeGiN7sjRGyQxPdft3nQekFTCQbYxLBH+/axZMeH8UX6+w==", + "inBundle": true, + "dependencies": { + "lru-cache": "^7.5.1" + }, + "engines": { + "node": "^14.17.0 || ^16.13.0 || >=18.0.0" + } + }, "node_modules/npm-registry-fetch/node_modules/make-fetch-happen": { "version": "12.0.0", "resolved": "https://registry.npmjs.org/make-fetch-happen/-/make-fetch-happen-12.0.0.tgz", @@ -9938,6 +10007,21 @@ "node": "^16.13.0 || >=18.0.0" } }, + "node_modules/npm-registry-fetch/node_modules/npm-package-arg": { + "version": "10.1.0", + "resolved": "https://registry.npmjs.org/npm-package-arg/-/npm-package-arg-10.1.0.tgz", + "integrity": "sha512-uFyyCEmgBfZTtrKk/5xDfHp6+MdrqGotX/VoOyEEl3mBwiEE5FlBaePanazJSVMPT7vKepcjYBY2ztg9A3yPIA==", + "inBundle": true, + "dependencies": { + "hosted-git-info": "^6.0.0", + "proc-log": "^3.0.0", + "semver": "^7.3.5", + "validate-npm-package-name": "^5.0.0" + }, + "engines": { + "node": "^14.17.0 || ^16.13.0 || >=18.0.0" + } + }, "node_modules/npm-run-path": { "version": "4.0.1", "resolved": "https://registry.npmjs.org/npm-run-path/-/npm-run-path-4.0.1.tgz", @@ -10545,6 +10629,33 @@ "node": "^14.17.0 || ^16.13.0 || >=18.0.0" } }, + "node_modules/pacote/node_modules/hosted-git-info": { + "version": "6.1.1", + "resolved": "https://registry.npmjs.org/hosted-git-info/-/hosted-git-info-6.1.1.tgz", + "integrity": "sha512-r0EI+HBMcXadMrugk0GCQ+6BQV39PiWAZVfq7oIckeGiN7sjRGyQxPdft3nQekFTCQbYxLBH+/axZMeH8UX6+w==", + "inBundle": true, + "dependencies": { + "lru-cache": "^7.5.1" + }, + "engines": { + "node": "^14.17.0 || ^16.13.0 || >=18.0.0" + } + }, + "node_modules/pacote/node_modules/npm-package-arg": { + "version": "10.1.0", + "resolved": "https://registry.npmjs.org/npm-package-arg/-/npm-package-arg-10.1.0.tgz", + "integrity": "sha512-uFyyCEmgBfZTtrKk/5xDfHp6+MdrqGotX/VoOyEEl3mBwiEE5FlBaePanazJSVMPT7vKepcjYBY2ztg9A3yPIA==", + "inBundle": true, + "dependencies": { + "hosted-git-info": "^6.0.0", + "proc-log": "^3.0.0", + "semver": "^7.3.5", + "validate-npm-package-name": "^5.0.0" + }, + "engines": { + "node": "^14.17.0 || ^16.13.0 || >=18.0.0" + } + }, "node_modules/parent-module": { "version": "1.0.1", "resolved": "https://registry.npmjs.org/parent-module/-/parent-module-1.0.1.tgz", @@ -16128,7 +16239,7 @@ "minimatch": "^9.0.0", "nopt": "^7.0.0", "npm-install-checks": "^6.2.0", - "npm-package-arg": "^10.1.0", + "npm-package-arg": "^11.0.0", "npm-pick-manifest": "^8.0.2", "npm-registry-fetch": "^15.0.0", "npmlog": "^7.0.1", @@ -16188,7 +16299,7 @@ "version": "7.0.2", "license": "ISC", "dependencies": { - "npm-package-arg": "^10.1.0", + "npm-package-arg": "^11.0.0", "npm-registry-fetch": "^15.0.0" }, "devDependencies": { @@ -16212,7 +16323,7 @@ "binary-extensions": "^2.2.0", "diff": "^5.1.0", "minimatch": "^9.0.0", - "npm-package-arg": "^10.1.0", + "npm-package-arg": "^11.0.0", "pacote": "^16.0.0", "tar": "^6.1.13" }, @@ -16232,7 +16343,7 @@ "@npmcli/arborist": "^6.3.0", "@npmcli/run-script": "^6.0.0", "ci-info": "^3.7.1", - "npm-package-arg": "^10.1.0", + "npm-package-arg": "^11.0.0", "npmlog": "^7.0.1", "pacote": "^16.0.0", "proc-log": "^3.0.0", @@ -16311,7 +16422,7 @@ "dependencies": { "@npmcli/arborist": "^6.3.0", "@npmcli/run-script": "^6.0.0", - "npm-package-arg": "^10.1.0", + "npm-package-arg": "^11.0.0", "pacote": "^16.0.0" }, "devDependencies": { @@ -16331,7 +16442,7 @@ "dependencies": { "ci-info": "^3.6.1", "normalize-package-data": "^6.0.0", - "npm-package-arg": "^10.1.0", + "npm-package-arg": "^11.0.0", "npm-registry-fetch": "^15.0.0", "proc-log": "^3.0.0", "semver": "^7.3.7", diff --git a/package.json b/package.json index b56506563983d..6c5504b8f3520 100644 --- a/package.json +++ b/package.json @@ -96,7 +96,7 @@ "nopt": "^7.2.0", "npm-audit-report": "^5.0.0", "npm-install-checks": "^6.2.0", - "npm-package-arg": "^10.1.0", + "npm-package-arg": "^11.0.0", "npm-pick-manifest": "^8.0.2", "npm-profile": "^8.0.0", "npm-registry-fetch": "^15.0.0", diff --git a/workspaces/arborist/package.json b/workspaces/arborist/package.json index a8948c001e389..0a33240ee91ea 100644 --- a/workspaces/arborist/package.json +++ b/workspaces/arborist/package.json @@ -22,7 +22,7 @@ "minimatch": "^9.0.0", "nopt": "^7.0.0", "npm-install-checks": "^6.2.0", - "npm-package-arg": "^10.1.0", + "npm-package-arg": "^11.0.0", "npm-pick-manifest": "^8.0.2", "npm-registry-fetch": "^15.0.0", "npmlog": "^7.0.1", diff --git a/workspaces/libnpmaccess/package.json b/workspaces/libnpmaccess/package.json index 3ad8bab6f80ef..a78674049c784 100644 --- a/workspaces/libnpmaccess/package.json +++ b/workspaces/libnpmaccess/package.json @@ -29,7 +29,7 @@ "bugs": "https://github.com/npm/libnpmaccess/issues", "homepage": "https://npmjs.com/package/libnpmaccess", "dependencies": { - "npm-package-arg": "^10.1.0", + "npm-package-arg": "^11.0.0", "npm-registry-fetch": "^15.0.0" }, "engines": { diff --git a/workspaces/libnpmdiff/package.json b/workspaces/libnpmdiff/package.json index ced4ae5443650..1bdcba1f3b5dc 100644 --- a/workspaces/libnpmdiff/package.json +++ b/workspaces/libnpmdiff/package.json @@ -52,7 +52,7 @@ "binary-extensions": "^2.2.0", "diff": "^5.1.0", "minimatch": "^9.0.0", - "npm-package-arg": "^10.1.0", + "npm-package-arg": "^11.0.0", "pacote": "^16.0.0", "tar": "^6.1.13" }, diff --git a/workspaces/libnpmexec/package.json b/workspaces/libnpmexec/package.json index 90b2e6b2e74d0..a6501d3169caa 100644 --- a/workspaces/libnpmexec/package.json +++ b/workspaces/libnpmexec/package.json @@ -62,7 +62,7 @@ "@npmcli/arborist": "^6.3.0", "@npmcli/run-script": "^6.0.0", "ci-info": "^3.7.1", - "npm-package-arg": "^10.1.0", + "npm-package-arg": "^11.0.0", "npmlog": "^7.0.1", "pacote": "^16.0.0", "proc-log": "^3.0.0", diff --git a/workspaces/libnpmpack/package.json b/workspaces/libnpmpack/package.json index e9b915466acc4..f5e98878096f9 100644 --- a/workspaces/libnpmpack/package.json +++ b/workspaces/libnpmpack/package.json @@ -38,7 +38,7 @@ "dependencies": { "@npmcli/arborist": "^6.3.0", "@npmcli/run-script": "^6.0.0", - "npm-package-arg": "^10.1.0", + "npm-package-arg": "^11.0.0", "pacote": "^16.0.0" }, "engines": { diff --git a/workspaces/libnpmpublish/package.json b/workspaces/libnpmpublish/package.json index f2c117a0bef5c..0cb19f7950fe4 100644 --- a/workspaces/libnpmpublish/package.json +++ b/workspaces/libnpmpublish/package.json @@ -40,7 +40,7 @@ "dependencies": { "ci-info": "^3.6.1", "normalize-package-data": "^6.0.0", - "npm-package-arg": "^10.1.0", + "npm-package-arg": "^11.0.0", "npm-registry-fetch": "^15.0.0", "proc-log": "^3.0.0", "semver": "^7.3.7",