-
Notifications
You must be signed in to change notification settings - Fork 3.2k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
ee4b3e0
commit 9027266
Showing
56 changed files
with
2,937 additions
and
30 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
15 changes: 15 additions & 0 deletions
15
node_modules/@npmcli/metavuln-calculator/node_modules/@npmcli/run-script/LICENSE
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
The ISC License | ||
|
||
Copyright (c) npm, Inc. | ||
|
||
Permission to use, copy, modify, and/or distribute this software for any | ||
purpose with or without fee is hereby granted, provided that the above | ||
copyright notice and this permission notice appear in all copies. | ||
|
||
THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES | ||
WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF | ||
MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR | ||
ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES | ||
WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN | ||
ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR | ||
IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
11 changes: 11 additions & 0 deletions
11
...ules/@npmcli/metavuln-calculator/node_modules/@npmcli/run-script/lib/is-server-package.js
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
const { stat } = require('node:fs/promises') | ||
const { resolve } = require('node:path') | ||
|
||
module.exports = async path => { | ||
try { | ||
const st = await stat(resolve(path, 'server.js')) | ||
return st.isFile() | ||
} catch (er) { | ||
return false | ||
} | ||
} |
40 changes: 40 additions & 0 deletions
40
...odules/@npmcli/metavuln-calculator/node_modules/@npmcli/run-script/lib/make-spawn-args.js
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,40 @@ | ||
/* eslint camelcase: "off" */ | ||
const setPATH = require('./set-path.js') | ||
const { resolve } = require('path') | ||
const npm_config_node_gyp = require.resolve('node-gyp/bin/node-gyp.js') | ||
|
||
const makeSpawnArgs = options => { | ||
const { | ||
event, | ||
path, | ||
scriptShell = true, | ||
binPaths, | ||
env, | ||
stdio, | ||
cmd, | ||
args, | ||
stdioString, | ||
} = options | ||
|
||
const spawnEnv = setPATH(path, binPaths, { | ||
// we need to at least save the PATH environment var | ||
...process.env, | ||
...env, | ||
npm_package_json: resolve(path, 'package.json'), | ||
npm_lifecycle_event: event, | ||
npm_lifecycle_script: cmd, | ||
npm_config_node_gyp, | ||
}) | ||
|
||
const spawnOpts = { | ||
env: spawnEnv, | ||
stdioString, | ||
stdio, | ||
cwd: path, | ||
shell: scriptShell, | ||
} | ||
|
||
return [cmd, args, spawnOpts] | ||
} | ||
|
||
module.exports = makeSpawnArgs |
2 changes: 2 additions & 0 deletions
2
...les/@npmcli/metavuln-calculator/node_modules/@npmcli/run-script/lib/node-gyp-bin/node-gyp
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
#!/usr/bin/env sh | ||
node "$npm_config_node_gyp" "$@" |
1 change: 1 addition & 0 deletions
1
...@npmcli/metavuln-calculator/node_modules/@npmcli/run-script/lib/node-gyp-bin/node-gyp.cmd
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
@node "%npm_config_node_gyp%" %* |
29 changes: 29 additions & 0 deletions
29
node_modules/@npmcli/metavuln-calculator/node_modules/@npmcli/run-script/lib/package-envs.js
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,29 @@ | ||
const packageEnvs = (vals, prefix, env = {}) => { | ||
for (const [key, val] of Object.entries(vals)) { | ||
if (val === undefined) { | ||
continue | ||
} else if (val === null || val === false) { | ||
env[`${prefix}${key}`] = '' | ||
} else if (Array.isArray(val)) { | ||
val.forEach((item, index) => { | ||
packageEnvs({ [`${key}_${index}`]: item }, `${prefix}`, env) | ||
}) | ||
} else if (typeof val === 'object') { | ||
packageEnvs(val, `${prefix}${key}_`, env) | ||
} else { | ||
env[`${prefix}${key}`] = String(val) | ||
} | ||
} | ||
return env | ||
} | ||
|
||
// https://github.com/npm/rfcs/pull/183 defines which fields we put into the environment | ||
module.exports = pkg => { | ||
return packageEnvs({ | ||
name: pkg.name, | ||
version: pkg.version, | ||
config: pkg.config, | ||
engines: pkg.engines, | ||
bin: pkg.bin, | ||
}, 'npm_package_') | ||
} |
114 changes: 114 additions & 0 deletions
114
...modules/@npmcli/metavuln-calculator/node_modules/@npmcli/run-script/lib/run-script-pkg.js
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,114 @@ | ||
const makeSpawnArgs = require('./make-spawn-args.js') | ||
const promiseSpawn = require('@npmcli/promise-spawn') | ||
const packageEnvs = require('./package-envs.js') | ||
const { isNodeGypPackage, defaultGypInstallScript } = require('@npmcli/node-gyp') | ||
const signalManager = require('./signal-manager.js') | ||
const isServerPackage = require('./is-server-package.js') | ||
|
||
// you wouldn't like me when I'm angry... | ||
const bruce = (id, event, cmd, args) => { | ||
let banner = id | ||
? `\n> ${id} ${event}\n` | ||
: `\n> ${event}\n` | ||
banner += `> ${cmd.trim().replace(/\n/g, '\n> ')}` | ||
if (args.length) { | ||
banner += ` ${args.join(' ')}` | ||
} | ||
banner += '\n' | ||
return banner | ||
} | ||
|
||
const runScriptPkg = async options => { | ||
const { | ||
event, | ||
path, | ||
scriptShell, | ||
binPaths = false, | ||
env = {}, | ||
stdio = 'pipe', | ||
pkg, | ||
args = [], | ||
stdioString, | ||
// note: only used when stdio:inherit | ||
banner = true, | ||
// how long to wait for a process.kill signal | ||
// only exposed here so that we can make the test go a bit faster. | ||
signalTimeout = 500, | ||
} = options | ||
|
||
const { scripts = {}, gypfile } = pkg | ||
let cmd = null | ||
if (options.cmd) { | ||
cmd = options.cmd | ||
} else if (pkg.scripts && pkg.scripts[event]) { | ||
cmd = pkg.scripts[event] | ||
} else if ( | ||
// If there is no preinstall or install script, default to rebuilding node-gyp packages. | ||
event === 'install' && | ||
!scripts.install && | ||
!scripts.preinstall && | ||
gypfile !== false && | ||
await isNodeGypPackage(path) | ||
) { | ||
cmd = defaultGypInstallScript | ||
} else if (event === 'start' && await isServerPackage(path)) { | ||
cmd = 'node server.js' | ||
} | ||
|
||
if (!cmd) { | ||
return { code: 0, signal: null } | ||
} | ||
|
||
if (stdio === 'inherit' && banner !== false) { | ||
// we're dumping to the parent's stdout, so print the banner | ||
console.log(bruce(pkg._id, event, cmd, args)) | ||
} | ||
|
||
const [spawnShell, spawnArgs, spawnOpts] = makeSpawnArgs({ | ||
event, | ||
path, | ||
scriptShell, | ||
binPaths, | ||
env: { ...env, ...packageEnvs(pkg) }, | ||
stdio, | ||
cmd, | ||
args, | ||
stdioString, | ||
}) | ||
|
||
const p = promiseSpawn(spawnShell, spawnArgs, spawnOpts, { | ||
event, | ||
script: cmd, | ||
pkgid: pkg._id, | ||
path, | ||
}) | ||
|
||
if (stdio === 'inherit') { | ||
signalManager.add(p.process) | ||
} | ||
|
||
if (p.stdin) { | ||
p.stdin.end() | ||
} | ||
|
||
return p.catch(er => { | ||
const { signal } = er | ||
// coverage disabled because win32 never emits signals | ||
/* istanbul ignore next */ | ||
if (stdio === 'inherit' && signal) { | ||
// by the time we reach here, the child has already exited. we send the | ||
// signal back to ourselves again so that npm will exit with the same | ||
// status as the child | ||
process.kill(process.pid, signal) | ||
|
||
// just in case we don't die, reject after 500ms | ||
// this also keeps the node process open long enough to actually | ||
// get the signal, rather than terminating gracefully. | ||
return new Promise((res, rej) => setTimeout(() => rej(er), signalTimeout)) | ||
} else { | ||
throw er | ||
} | ||
}) | ||
} | ||
|
||
module.exports = runScriptPkg |
15 changes: 15 additions & 0 deletions
15
node_modules/@npmcli/metavuln-calculator/node_modules/@npmcli/run-script/lib/run-script.js
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
const PackageJson = require('@npmcli/package-json') | ||
const runScriptPkg = require('./run-script-pkg.js') | ||
const validateOptions = require('./validate-options.js') | ||
const isServerPackage = require('./is-server-package.js') | ||
|
||
const runScript = async options => { | ||
validateOptions(options) | ||
if (options.pkg) { | ||
return runScriptPkg(options) | ||
} | ||
const { content: pkg } = await PackageJson.normalize(options.path) | ||
return runScriptPkg({ ...options, pkg }) | ||
} | ||
|
||
module.exports = Object.assign(runScript, { isServerPackage }) |
45 changes: 45 additions & 0 deletions
45
node_modules/@npmcli/metavuln-calculator/node_modules/@npmcli/run-script/lib/set-path.js
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,45 @@ | ||
const { resolve, dirname, delimiter } = require('path') | ||
// the path here is relative, even though it does not need to be | ||
// in order to make the posix tests pass in windows | ||
const nodeGypPath = resolve(__dirname, '../lib/node-gyp-bin') | ||
|
||
// Windows typically calls its PATH environ 'Path', but this is not | ||
// guaranteed, nor is it guaranteed to be the only one. Merge them | ||
// all together in the order they appear in the object. | ||
const setPATH = (projectPath, binPaths, env) => { | ||
const PATH = Object.keys(env).filter(p => /^path$/i.test(p) && env[p]) | ||
.map(p => env[p].split(delimiter)) | ||
.reduce((set, p) => set.concat(p.filter(concatted => !set.includes(concatted))), []) | ||
.join(delimiter) | ||
|
||
const pathArr = [] | ||
if (binPaths) { | ||
pathArr.push(...binPaths) | ||
} | ||
// unshift the ./node_modules/.bin from every folder | ||
// walk up until dirname() does nothing, at the root | ||
// XXX we should specify a cwd that we don't go above | ||
let p = projectPath | ||
let pp | ||
do { | ||
pathArr.push(resolve(p, 'node_modules', '.bin')) | ||
pp = p | ||
p = dirname(p) | ||
} while (p !== pp) | ||
pathArr.push(nodeGypPath, PATH) | ||
|
||
const pathVal = pathArr.join(delimiter) | ||
|
||
// XXX include the node-gyp-bin path somehow? Probably better for | ||
// npm or arborist or whoever to just provide that by putting it in | ||
// the PATH environ, since that's preserved anyway. | ||
for (const key of Object.keys(env)) { | ||
if (/^path$/i.test(key)) { | ||
env[key] = pathVal | ||
} | ||
} | ||
|
||
return env | ||
} | ||
|
||
module.exports = setPATH |
50 changes: 50 additions & 0 deletions
50
...modules/@npmcli/metavuln-calculator/node_modules/@npmcli/run-script/lib/signal-manager.js
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,50 @@ | ||
const runningProcs = new Set() | ||
let handlersInstalled = false | ||
|
||
const forwardedSignals = [ | ||
'SIGINT', | ||
'SIGTERM', | ||
] | ||
|
||
// no-op, this is so receiving the signal doesn't cause us to exit immediately | ||
// instead, we exit after all children have exited when we re-send the signal | ||
// to ourselves. see the catch handler at the bottom of run-script-pkg.js | ||
const handleSignal = signal => { | ||
for (const proc of runningProcs) { | ||
proc.kill(signal) | ||
} | ||
} | ||
|
||
const setupListeners = () => { | ||
for (const signal of forwardedSignals) { | ||
process.on(signal, handleSignal) | ||
} | ||
handlersInstalled = true | ||
} | ||
|
||
const cleanupListeners = () => { | ||
if (runningProcs.size === 0) { | ||
for (const signal of forwardedSignals) { | ||
process.removeListener(signal, handleSignal) | ||
} | ||
handlersInstalled = false | ||
} | ||
} | ||
|
||
const add = proc => { | ||
runningProcs.add(proc) | ||
if (!handlersInstalled) { | ||
setupListeners() | ||
} | ||
|
||
proc.once('exit', () => { | ||
runningProcs.delete(proc) | ||
cleanupListeners() | ||
}) | ||
} | ||
|
||
module.exports = { | ||
add, | ||
handleSignal, | ||
forwardedSignals, | ||
} |
Oops, something went wrong.