From 95b9c4162dc009912671ad86d9815700de3aa849 Mon Sep 17 00:00:00 2001 From: Luke Karrys Date: Tue, 7 May 2024 19:09:52 -0700 Subject: [PATCH 1/2] deps: semver@7.6.1 --- DEPENDENCIES.md | 2 - node_modules/.gitignore | 3 - node_modules/semver/bin/semver.js | 19 +- node_modules/semver/classes/range.js | 7 +- node_modules/semver/classes/semver.js | 2 +- node_modules/semver/internal/lrucache.js | 45 +++ .../semver/node_modules/lru-cache/LICENSE | 15 - .../semver/node_modules/lru-cache/index.js | 334 ------------------ .../node_modules/lru-cache/package.json | 34 -- node_modules/semver/package.json | 15 +- package-lock.json | 23 +- package.json | 2 +- 12 files changed, 67 insertions(+), 434 deletions(-) create mode 100644 node_modules/semver/internal/lrucache.js delete mode 100644 node_modules/semver/node_modules/lru-cache/LICENSE delete mode 100644 node_modules/semver/node_modules/lru-cache/index.js delete mode 100644 node_modules/semver/node_modules/lru-cache/package.json diff --git a/DEPENDENCIES.md b/DEPENDENCIES.md index 9cfb7eeedd687..e9b9f575c7cb7 100644 --- a/DEPENDENCIES.md +++ b/DEPENDENCIES.md @@ -417,7 +417,6 @@ graph LR; libnpmversion-->require-inject; libnpmversion-->semver; libnpmversion-->tap; - lru-cache-->yallist; make-fetch-happen-->cacache; make-fetch-happen-->http-cache-semantics; make-fetch-happen-->is-lambda; @@ -729,7 +728,6 @@ graph LR; read-->mute-stream; read-package-json-fast-->json-parse-even-better-errors; read-package-json-fast-->npm-normalize-package-bin; - semver-->lru-cache; shebang-command-->shebang-regex; sigstore-->sigstore-bundle["@sigstore/bundle"]; sigstore-->sigstore-core["@sigstore/core"]; diff --git a/node_modules/.gitignore b/node_modules/.gitignore index c5e8e1f8c9db7..643a7f949acc3 100644 --- a/node_modules/.gitignore +++ b/node_modules/.gitignore @@ -178,9 +178,6 @@ !/retry !/safer-buffer !/semver -!/semver/node_modules/ -/semver/node_modules/* -!/semver/node_modules/lru-cache !/shebang-command !/shebang-regex !/signal-exit diff --git a/node_modules/semver/bin/semver.js b/node_modules/semver/bin/semver.js index 242b7ade7314f..f62b566f74bc6 100755 --- a/node_modules/semver/bin/semver.js +++ b/node_modules/semver/bin/semver.js @@ -119,7 +119,11 @@ const main = () => { return fail() } } - return success(versions) + versions + .sort((a, b) => semver[reverse ? 'rcompare' : 'compare'](a, b, options)) + .map(v => semver.clean(v, options)) + .map(v => inc ? semver.inc(v, inc, options, identifier, identifierBase) : v) + .forEach(v => console.log(v)) } const failInc = () => { @@ -129,19 +133,6 @@ const failInc = () => { const fail = () => process.exit(1) -const success = () => { - const compare = reverse ? 'rcompare' : 'compare' - versions.sort((a, b) => { - return semver[compare](a, b, options) - }).map((v) => { - return semver.clean(v, options) - }).map((v) => { - return inc ? semver.inc(v, inc, options, identifier, identifierBase) : v - }).forEach((v, i, _) => { - console.log(v) - }) -} - const help = () => console.log( `SemVer ${version} diff --git a/node_modules/semver/classes/range.js b/node_modules/semver/classes/range.js index 7e7c41410cbfd..117b45a2b8e05 100644 --- a/node_modules/semver/classes/range.js +++ b/node_modules/semver/classes/range.js @@ -198,8 +198,8 @@ class Range { module.exports = Range -const LRU = require('lru-cache') -const cache = new LRU({ max: 1000 }) +const LRU = require('../internal/lrucache') +const cache = new LRU() const parseOptions = require('../internal/parse-options') const Comparator = require('./comparator') @@ -470,9 +470,10 @@ const replaceGTE0 = (comp, options) => { // 1.2 - 3.4.5 => >=1.2.0 <=3.4.5 // 1.2.3 - 3.4 => >=1.2.0 <3.5.0-0 Any 3.4.x will do // 1.2 - 3.4 => >=1.2.0 <3.5.0-0 +// TODO build? const hyphenReplace = incPr => ($0, from, fM, fm, fp, fpr, fb, - to, tM, tm, tp, tpr, tb) => { + to, tM, tm, tp, tpr) => { if (isX(fM)) { from = '' } else if (isX(fm)) { diff --git a/node_modules/semver/classes/semver.js b/node_modules/semver/classes/semver.js index 84e84590e3871..13e66ce441569 100644 --- a/node_modules/semver/classes/semver.js +++ b/node_modules/semver/classes/semver.js @@ -158,7 +158,7 @@ class SemVer { do { const a = this.build[i] const b = other.build[i] - debug('prerelease compare', i, a, b) + debug('build compare', i, a, b) if (a === undefined && b === undefined) { return 0 } else if (b === undefined) { diff --git a/node_modules/semver/internal/lrucache.js b/node_modules/semver/internal/lrucache.js new file mode 100644 index 0000000000000..f4a97f2e2cd97 --- /dev/null +++ b/node_modules/semver/internal/lrucache.js @@ -0,0 +1,45 @@ +class LRUCache { + constructor () { + this.max = 1000 + this.map = new Map() + } + + get (key) { + const value = this.map.get(key) + if (value === undefined) { + return undefined + } else { + // Remove the key from the map and add it to the end + this.map.delete(key) + this.map.set(key, value) + return value + } + } + + delete (key) { + if (this.map.has(key)) { + this.map.delete(key) + return true + } else { + return false + } + } + + set (key, value) { + const deleted = this.delete(key) + + if (!deleted && value !== undefined) { + // If cache is full, delete the least recently used item + if (this.map.size >= this.max) { + const firstKey = this.map.keys().next().value + this.delete(firstKey) + } + + this.map.set(key, value) + } + + return this + } +} + +module.exports = LRUCache diff --git a/node_modules/semver/node_modules/lru-cache/LICENSE b/node_modules/semver/node_modules/lru-cache/LICENSE deleted file mode 100644 index 19129e315fe59..0000000000000 --- a/node_modules/semver/node_modules/lru-cache/LICENSE +++ /dev/null @@ -1,15 +0,0 @@ -The ISC License - -Copyright (c) Isaac Z. Schlueter and Contributors - -Permission to use, copy, modify, and/or distribute this software for any -purpose with or without fee is hereby granted, provided that the above -copyright notice and this permission notice appear in all copies. - -THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR -IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. diff --git a/node_modules/semver/node_modules/lru-cache/index.js b/node_modules/semver/node_modules/lru-cache/index.js deleted file mode 100644 index 573b6b85b9779..0000000000000 --- a/node_modules/semver/node_modules/lru-cache/index.js +++ /dev/null @@ -1,334 +0,0 @@ -'use strict' - -// A linked list to keep track of recently-used-ness -const Yallist = require('yallist') - -const MAX = Symbol('max') -const LENGTH = Symbol('length') -const LENGTH_CALCULATOR = Symbol('lengthCalculator') -const ALLOW_STALE = Symbol('allowStale') -const MAX_AGE = Symbol('maxAge') -const DISPOSE = Symbol('dispose') -const NO_DISPOSE_ON_SET = Symbol('noDisposeOnSet') -const LRU_LIST = Symbol('lruList') -const CACHE = Symbol('cache') -const UPDATE_AGE_ON_GET = Symbol('updateAgeOnGet') - -const naiveLength = () => 1 - -// lruList is a yallist where the head is the youngest -// item, and the tail is the oldest. the list contains the Hit -// objects as the entries. -// Each Hit object has a reference to its Yallist.Node. This -// never changes. -// -// cache is a Map (or PseudoMap) that matches the keys to -// the Yallist.Node object. -class LRUCache { - constructor (options) { - if (typeof options === 'number') - options = { max: options } - - if (!options) - options = {} - - if (options.max && (typeof options.max !== 'number' || options.max < 0)) - throw new TypeError('max must be a non-negative number') - // Kind of weird to have a default max of Infinity, but oh well. - const max = this[MAX] = options.max || Infinity - - const lc = options.length || naiveLength - this[LENGTH_CALCULATOR] = (typeof lc !== 'function') ? naiveLength : lc - this[ALLOW_STALE] = options.stale || false - if (options.maxAge && typeof options.maxAge !== 'number') - throw new TypeError('maxAge must be a number') - this[MAX_AGE] = options.maxAge || 0 - this[DISPOSE] = options.dispose - this[NO_DISPOSE_ON_SET] = options.noDisposeOnSet || false - this[UPDATE_AGE_ON_GET] = options.updateAgeOnGet || false - this.reset() - } - - // resize the cache when the max changes. - set max (mL) { - if (typeof mL !== 'number' || mL < 0) - throw new TypeError('max must be a non-negative number') - - this[MAX] = mL || Infinity - trim(this) - } - get max () { - return this[MAX] - } - - set allowStale (allowStale) { - this[ALLOW_STALE] = !!allowStale - } - get allowStale () { - return this[ALLOW_STALE] - } - - set maxAge (mA) { - if (typeof mA !== 'number') - throw new TypeError('maxAge must be a non-negative number') - - this[MAX_AGE] = mA - trim(this) - } - get maxAge () { - return this[MAX_AGE] - } - - // resize the cache when the lengthCalculator changes. - set lengthCalculator (lC) { - if (typeof lC !== 'function') - lC = naiveLength - - if (lC !== this[LENGTH_CALCULATOR]) { - this[LENGTH_CALCULATOR] = lC - this[LENGTH] = 0 - this[LRU_LIST].forEach(hit => { - hit.length = this[LENGTH_CALCULATOR](hit.value, hit.key) - this[LENGTH] += hit.length - }) - } - trim(this) - } - get lengthCalculator () { return this[LENGTH_CALCULATOR] } - - get length () { return this[LENGTH] } - get itemCount () { return this[LRU_LIST].length } - - rforEach (fn, thisp) { - thisp = thisp || this - for (let walker = this[LRU_LIST].tail; walker !== null;) { - const prev = walker.prev - forEachStep(this, fn, walker, thisp) - walker = prev - } - } - - forEach (fn, thisp) { - thisp = thisp || this - for (let walker = this[LRU_LIST].head; walker !== null;) { - const next = walker.next - forEachStep(this, fn, walker, thisp) - walker = next - } - } - - keys () { - return this[LRU_LIST].toArray().map(k => k.key) - } - - values () { - return this[LRU_LIST].toArray().map(k => k.value) - } - - reset () { - if (this[DISPOSE] && - this[LRU_LIST] && - this[LRU_LIST].length) { - this[LRU_LIST].forEach(hit => this[DISPOSE](hit.key, hit.value)) - } - - this[CACHE] = new Map() // hash of items by key - this[LRU_LIST] = new Yallist() // list of items in order of use recency - this[LENGTH] = 0 // length of items in the list - } - - dump () { - return this[LRU_LIST].map(hit => - isStale(this, hit) ? false : { - k: hit.key, - v: hit.value, - e: hit.now + (hit.maxAge || 0) - }).toArray().filter(h => h) - } - - dumpLru () { - return this[LRU_LIST] - } - - set (key, value, maxAge) { - maxAge = maxAge || this[MAX_AGE] - - if (maxAge && typeof maxAge !== 'number') - throw new TypeError('maxAge must be a number') - - const now = maxAge ? Date.now() : 0 - const len = this[LENGTH_CALCULATOR](value, key) - - if (this[CACHE].has(key)) { - if (len > this[MAX]) { - del(this, this[CACHE].get(key)) - return false - } - - const node = this[CACHE].get(key) - const item = node.value - - // dispose of the old one before overwriting - // split out into 2 ifs for better coverage tracking - if (this[DISPOSE]) { - if (!this[NO_DISPOSE_ON_SET]) - this[DISPOSE](key, item.value) - } - - item.now = now - item.maxAge = maxAge - item.value = value - this[LENGTH] += len - item.length - item.length = len - this.get(key) - trim(this) - return true - } - - const hit = new Entry(key, value, len, now, maxAge) - - // oversized objects fall out of cache automatically. - if (hit.length > this[MAX]) { - if (this[DISPOSE]) - this[DISPOSE](key, value) - - return false - } - - this[LENGTH] += hit.length - this[LRU_LIST].unshift(hit) - this[CACHE].set(key, this[LRU_LIST].head) - trim(this) - return true - } - - has (key) { - if (!this[CACHE].has(key)) return false - const hit = this[CACHE].get(key).value - return !isStale(this, hit) - } - - get (key) { - return get(this, key, true) - } - - peek (key) { - return get(this, key, false) - } - - pop () { - const node = this[LRU_LIST].tail - if (!node) - return null - - del(this, node) - return node.value - } - - del (key) { - del(this, this[CACHE].get(key)) - } - - load (arr) { - // reset the cache - this.reset() - - const now = Date.now() - // A previous serialized cache has the most recent items first - for (let l = arr.length - 1; l >= 0; l--) { - const hit = arr[l] - const expiresAt = hit.e || 0 - if (expiresAt === 0) - // the item was created without expiration in a non aged cache - this.set(hit.k, hit.v) - else { - const maxAge = expiresAt - now - // dont add already expired items - if (maxAge > 0) { - this.set(hit.k, hit.v, maxAge) - } - } - } - } - - prune () { - this[CACHE].forEach((value, key) => get(this, key, false)) - } -} - -const get = (self, key, doUse) => { - const node = self[CACHE].get(key) - if (node) { - const hit = node.value - if (isStale(self, hit)) { - del(self, node) - if (!self[ALLOW_STALE]) - return undefined - } else { - if (doUse) { - if (self[UPDATE_AGE_ON_GET]) - node.value.now = Date.now() - self[LRU_LIST].unshiftNode(node) - } - } - return hit.value - } -} - -const isStale = (self, hit) => { - if (!hit || (!hit.maxAge && !self[MAX_AGE])) - return false - - const diff = Date.now() - hit.now - return hit.maxAge ? diff > hit.maxAge - : self[MAX_AGE] && (diff > self[MAX_AGE]) -} - -const trim = self => { - if (self[LENGTH] > self[MAX]) { - for (let walker = self[LRU_LIST].tail; - self[LENGTH] > self[MAX] && walker !== null;) { - // We know that we're about to delete this one, and also - // what the next least recently used key will be, so just - // go ahead and set it now. - const prev = walker.prev - del(self, walker) - walker = prev - } - } -} - -const del = (self, node) => { - if (node) { - const hit = node.value - if (self[DISPOSE]) - self[DISPOSE](hit.key, hit.value) - - self[LENGTH] -= hit.length - self[CACHE].delete(hit.key) - self[LRU_LIST].removeNode(node) - } -} - -class Entry { - constructor (key, value, length, now, maxAge) { - this.key = key - this.value = value - this.length = length - this.now = now - this.maxAge = maxAge || 0 - } -} - -const forEachStep = (self, fn, node, thisp) => { - let hit = node.value - if (isStale(self, hit)) { - del(self, node) - if (!self[ALLOW_STALE]) - hit = undefined - } - if (hit) - fn.call(thisp, hit.value, hit.key, self) -} - -module.exports = LRUCache diff --git a/node_modules/semver/node_modules/lru-cache/package.json b/node_modules/semver/node_modules/lru-cache/package.json deleted file mode 100644 index 43b7502c3e7c7..0000000000000 --- a/node_modules/semver/node_modules/lru-cache/package.json +++ /dev/null @@ -1,34 +0,0 @@ -{ - "name": "lru-cache", - "description": "A cache object that deletes the least-recently-used items.", - "version": "6.0.0", - "author": "Isaac Z. Schlueter ", - "keywords": [ - "mru", - "lru", - "cache" - ], - "scripts": { - "test": "tap", - "snap": "tap", - "preversion": "npm test", - "postversion": "npm publish", - "prepublishOnly": "git push origin --follow-tags" - }, - "main": "index.js", - "repository": "git://github.com/isaacs/node-lru-cache.git", - "devDependencies": { - "benchmark": "^2.1.4", - "tap": "^14.10.7" - }, - "license": "ISC", - "dependencies": { - "yallist": "^4.0.0" - }, - "files": [ - "index.js" - ], - "engines": { - "node": ">=10" - } -} diff --git a/node_modules/semver/package.json b/node_modules/semver/package.json index f00c6bddaebd9..ccf86cd0a716e 100644 --- a/node_modules/semver/package.json +++ b/node_modules/semver/package.json @@ -1,6 +1,6 @@ { "name": "semver", - "version": "7.6.0", + "version": "7.6.1", "description": "The semantic version parser used by npm.", "main": "index.js", "scripts": { @@ -14,13 +14,14 @@ }, "devDependencies": { "@npmcli/eslint-config": "^4.0.0", - "@npmcli/template-oss": "4.21.3", + "@npmcli/template-oss": "4.22.0", + "benchmark": "^2.1.4", "tap": "^16.0.0" }, "license": "ISC", "repository": { "type": "git", - "url": "https://github.com/npm/node-semver.git" + "url": "git+https://github.com/npm/node-semver.git" }, "bin": { "semver": "bin/semver.js" @@ -47,13 +48,10 @@ "engines": { "node": ">=10" }, - "dependencies": { - "lru-cache": "^6.0.0" - }, "author": "GitHub Inc.", "templateOSS": { "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.", - "version": "4.21.3", + "version": "4.22.0", "engines": ">=10", "distPaths": [ "classes/", @@ -71,7 +69,8 @@ "/ranges/", "/index.js", "/preload.js", - "/range.bnf" + "/range.bnf", + "/benchmarks" ], "publish": "true" } diff --git a/package-lock.json b/package-lock.json index de68c052c4f3c..2cab73556579b 100644 --- a/package-lock.json +++ b/package-lock.json @@ -143,7 +143,7 @@ "proc-log": "^4.2.0", "qrcode-terminal": "^0.12.0", "read": "^3.0.1", - "semver": "^7.6.0", + "semver": "^7.6.1", "spdx-expression-parse": "^4.0.0", "ssri": "^10.0.6", "supports-color": "^9.4.0", @@ -10695,13 +10695,10 @@ } }, "node_modules/semver": { - "version": "7.6.0", - "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.0.tgz", - "integrity": "sha512-EnwXhrlwXMk9gKu5/flx5sv/an57AkRplG3hTK68W7FRDN+k+OWBj65M7719OkA82XLBxrcX0KSHj+X5COhOVg==", + "version": "7.6.1", + "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.1.tgz", + "integrity": "sha512-f/vbBsu+fOiYt+lmwZV0rVwJScl46HppnOA1ZvIuBWKOTlllpyJ3bfVax76/OrhCH38dyxoDIA8K7uB963IYgA==", "inBundle": true, - "dependencies": { - "lru-cache": "^6.0.0" - }, "bin": { "semver": "bin/semver.js" }, @@ -10709,18 +10706,6 @@ "node": ">=10" } }, - "node_modules/semver/node_modules/lru-cache": { - "version": "6.0.0", - "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-6.0.0.tgz", - "integrity": "sha512-Jo6dJ04CmSjuznwJSS3pUeWmd/H0ffTlkXXgwZi+eq1UCmqQwCh+eLsYOYCwY991i2Fah4h1BEMCx4qThGbsiA==", - "inBundle": true, - "dependencies": { - "yallist": "^4.0.0" - }, - "engines": { - "node": ">=10" - } - }, "node_modules/set-blocking": { "version": "2.0.0", "resolved": "https://registry.npmjs.org/set-blocking/-/set-blocking-2.0.0.tgz", diff --git a/package.json b/package.json index fb69c11e2c089..812550018feb8 100644 --- a/package.json +++ b/package.json @@ -108,7 +108,7 @@ "proc-log": "^4.2.0", "qrcode-terminal": "^0.12.0", "read": "^3.0.1", - "semver": "^7.6.0", + "semver": "^7.6.1", "spdx-expression-parse": "^4.0.0", "ssri": "^10.0.6", "supports-color": "^9.4.0", From 668c92718fbdd6da3dc43a6b1d56df0b83190120 Mon Sep 17 00:00:00 2001 From: Luke Karrys Date: Tue, 7 May 2024 19:18:48 -0700 Subject: [PATCH 2/2] deps: pacote@18.0.6 --- mock-registry/package.json | 2 +- node_modules/pacote/lib/dir.js | 16 +++++++------- node_modules/pacote/lib/fetcher.js | 26 +++++++++++------------ node_modules/pacote/lib/file.js | 6 +++--- node_modules/pacote/lib/git.js | 16 +++++++------- node_modules/pacote/lib/registry.js | 23 ++++++++++---------- node_modules/pacote/lib/remote.js | 6 +++--- node_modules/pacote/lib/util/cache-dir.js | 8 +++---- node_modules/pacote/lib/util/protected.js | 12 +++-------- node_modules/pacote/package.json | 2 +- package-lock.json | 19 ++++++++--------- package.json | 2 +- workspaces/arborist/package.json | 2 +- workspaces/libnpmdiff/package.json | 2 +- workspaces/libnpmexec/package.json | 2 +- workspaces/libnpmpack/package.json | 2 +- 16 files changed, 70 insertions(+), 76 deletions(-) diff --git a/mock-registry/package.json b/mock-registry/package.json index 1295f931d3afa..8582d113c04f0 100644 --- a/mock-registry/package.json +++ b/mock-registry/package.json @@ -51,7 +51,7 @@ "json-stringify-safe": "^5.0.1", "nock": "^13.3.3", "npm-package-arg": "^11.0.2", - "pacote": "^18.0.5", + "pacote": "^18.0.6", "tap": "^16.3.8" } } diff --git a/node_modules/pacote/lib/dir.js b/node_modules/pacote/lib/dir.js index 6674bb0bf23a1..f3229b34e463a 100644 --- a/node_modules/pacote/lib/dir.js +++ b/node_modules/pacote/lib/dir.js @@ -1,12 +1,12 @@ -const Fetcher = require('./fetcher.js') -const FileFetcher = require('./file.js') -const { Minipass } = require('minipass') -const tarCreateOptions = require('./util/tar-create-options.js') +const { resolve } = require('node:path') const packlist = require('npm-packlist') -const tar = require('tar') -const { resolve } = require('path') const runScript = require('@npmcli/run-script') +const tar = require('tar') +const { Minipass } = require('minipass') +const Fetcher = require('./fetcher.js') +const FileFetcher = require('./file.js') const _ = require('./util/protected.js') +const tarCreateOptions = require('./util/tar-create-options.js') class DirFetcher extends Fetcher { constructor (spec, opts) { @@ -27,7 +27,7 @@ class DirFetcher extends Fetcher { return ['directory'] } - [_.prepareDir] () { + #prepareDir () { return this.manifest().then(mani => { if (!mani.scripts || !mani.scripts.prepare) { return @@ -65,7 +65,7 @@ class DirFetcher extends Fetcher { // run the prepare script, get the list of files, and tar it up // pipe to the stream, and proxy errors the chain. - this[_.prepareDir]() + this.#prepareDir() .then(async () => { if (!this.tree) { const arb = new this.Arborist({ path: this.resolved }) diff --git a/node_modules/pacote/lib/fetcher.js b/node_modules/pacote/lib/fetcher.js index ec5a807b79991..cc2c2db70c697 100644 --- a/node_modules/pacote/lib/fetcher.js +++ b/node_modules/pacote/lib/fetcher.js @@ -3,22 +3,22 @@ // It handles the unpacking and retry logic that is shared among // all of the other Fetcher types. +const { basename, dirname } = require('node:path') +const { rm, mkdir } = require('node:fs/promises') +const PackageJson = require('@npmcli/package-json') +const cacache = require('cacache') +const fsm = require('fs-minipass') +const getContents = require('@npmcli/installed-package-contents') const npa = require('npm-package-arg') +const retry = require('promise-retry') const ssri = require('ssri') -const { basename, dirname } = require('path') const tar = require('tar') +const { Minipass } = require('minipass') const { log } = require('proc-log') -const retry = require('promise-retry') -const fs = require('fs/promises') -const fsm = require('fs-minipass') -const cacache = require('cacache') +const _ = require('./util/protected.js') +const cacheDir = require('./util/cache-dir.js') const isPackageBin = require('./util/is-package-bin.js') const removeTrailingSlashes = require('./util/trailing-slashes.js') -const getContents = require('@npmcli/installed-package-contents') -const PackageJson = require('@npmcli/package-json') -const { Minipass } = require('minipass') -const cacheDir = require('./util/cache-dir.js') -const _ = require('./util/protected.js') // Pacote is only concerned with the package.json contents const packageJsonPrepare = (p) => PackageJson.prepare(p).then(pkg => pkg.content) @@ -337,12 +337,12 @@ class FetcherBase { #empty (path) { return getContents({ path, depth: 1 }).then(contents => Promise.all( - contents.map(entry => fs.rm(entry, { recursive: true, force: true })))) + contents.map(entry => rm(entry, { recursive: true, force: true })))) } async #mkdir (dest) { await this.#empty(dest) - return await fs.mkdir(dest, { recursive: true }) + return await mkdir(dest, { recursive: true }) } // extraction is always the same. the only difference is where @@ -369,7 +369,7 @@ class FetcherBase { // don't use this.#mkdir because we don't want to rimraf anything async tarballFile (dest) { const dir = dirname(dest) - await fs.mkdir(dir, { recursive: true }) + await mkdir(dir, { recursive: true }) return this.#toFile(dest) } diff --git a/node_modules/pacote/lib/file.js b/node_modules/pacote/lib/file.js index 307efedb31f7e..2021325085e4f 100644 --- a/node_modules/pacote/lib/file.js +++ b/node_modules/pacote/lib/file.js @@ -1,7 +1,7 @@ -const fsm = require('fs-minipass') +const { resolve } = require('node:path') +const { stat, chmod } = require('node:fs/promises') const cacache = require('cacache') -const { resolve } = require('path') -const { stat, chmod } = require('fs/promises') +const fsm = require('fs-minipass') const Fetcher = require('./fetcher.js') const _ = require('./util/protected.js') diff --git a/node_modules/pacote/lib/git.js b/node_modules/pacote/lib/git.js index 23f4b1d218bcc..077193a86f026 100644 --- a/node_modules/pacote/lib/git.js +++ b/node_modules/pacote/lib/git.js @@ -1,16 +1,16 @@ -const Fetcher = require('./fetcher.js') -const FileFetcher = require('./file.js') -const RemoteFetcher = require('./remote.js') -const DirFetcher = require('./dir.js') +const cacache = require('cacache') const git = require('@npmcli/git') -const pickManifest = require('npm-pick-manifest') const npa = require('npm-package-arg') +const pickManifest = require('npm-pick-manifest') const { Minipass } = require('minipass') -const cacache = require('cacache') const { log } = require('proc-log') -const npm = require('./util/npm.js') -const addGitSha = require('./util/add-git-sha.js') +const DirFetcher = require('./dir.js') +const Fetcher = require('./fetcher.js') +const FileFetcher = require('./file.js') +const RemoteFetcher = require('./remote.js') const _ = require('./util/protected.js') +const addGitSha = require('./util/add-git-sha.js') +const npm = require('./util/npm.js') const hashre = /^[a-f0-9]{40}$/ diff --git a/node_modules/pacote/lib/registry.js b/node_modules/pacote/lib/registry.js index f2b5a8a547cc9..1ecf4ee177349 100644 --- a/node_modules/pacote/lib/registry.js +++ b/node_modules/pacote/lib/registry.js @@ -1,14 +1,14 @@ -const Fetcher = require('./fetcher.js') -const RemoteFetcher = require('./remote.js') -const pacoteVersion = require('../package.json').version -const removeTrailingSlashes = require('./util/trailing-slashes.js') +const crypto = require('node:crypto') const PackageJson = require('@npmcli/package-json') const pickManifest = require('npm-pick-manifest') const ssri = require('ssri') -const crypto = require('crypto') const npa = require('npm-package-arg') const sigstore = require('sigstore') const fetch = require('npm-registry-fetch') +const Fetcher = require('./fetcher.js') +const RemoteFetcher = require('./remote.js') +const pacoteVersion = require('../package.json').version +const removeTrailingSlashes = require('./util/trailing-slashes.js') const _ = require('./util/protected.js') // Corgis are cute. 🐕🐶 @@ -20,6 +20,7 @@ const fullDoc = 'application/json' const MISSING_TIME_CUTOFF = '2015-01-01T00:00:00.000Z' class RegistryFetcher extends Fetcher { + #cacheKey constructor (spec, opts) { super(spec, opts) @@ -32,8 +33,8 @@ class RegistryFetcher extends Fetcher { this.packumentCache = this.opts.packumentCache || null this.registry = fetch.pickRegistry(spec, opts) - this.packumentUrl = removeTrailingSlashes(this.registry) + '/' + - this.spec.escapedName + this.packumentUrl = `${removeTrailingSlashes(this.registry)}/${this.spec.escapedName}` + this.#cacheKey = `${this.fullMetadata ? 'full' : 'corgi'}:${this.packumentUrl}` const parsed = new URL(this.registry) const regKey = `//${parsed.host}${parsed.pathname}` @@ -78,8 +79,8 @@ class RegistryFetcher extends Fetcher { // note this might be either an in-flight promise for a request, // or the actual packument, but we never want to make more than // one request at a time for the same thing regardless. - if (this.packumentCache?.has(this.packumentUrl)) { - return this.packumentCache.get(this.packumentUrl) + if (this.packumentCache?.has(this.#cacheKey)) { + return this.packumentCache.get(this.#cacheKey) } // npm-registry-fetch the packument @@ -99,10 +100,10 @@ class RegistryFetcher extends Fetcher { if (contentLength) { packument._contentLength = Number(contentLength) } - this.packumentCache?.set(this.packumentUrl, packument) + this.packumentCache?.set(this.#cacheKey, packument) return packument } catch (err) { - this.packumentCache?.delete(this.packumentUrl) + this.packumentCache?.delete(this.#cacheKey) if (err.code !== 'E404' || this.fullMetadata) { throw err } diff --git a/node_modules/pacote/lib/remote.js b/node_modules/pacote/lib/remote.js index 9a743322ace4e..bd321e65a1f18 100644 --- a/node_modules/pacote/lib/remote.js +++ b/node_modules/pacote/lib/remote.js @@ -1,9 +1,9 @@ -const Fetcher = require('./fetcher.js') -const FileFetcher = require('./file.js') -const pacoteVersion = require('../package.json').version const fetch = require('npm-registry-fetch') const { Minipass } = require('minipass') +const Fetcher = require('./fetcher.js') +const FileFetcher = require('./file.js') const _ = require('./util/protected.js') +const pacoteVersion = require('../package.json').version class RemoteFetcher extends Fetcher { constructor (spec, opts) { diff --git a/node_modules/pacote/lib/util/cache-dir.js b/node_modules/pacote/lib/util/cache-dir.js index ac83b1793f199..ba5683a7bb5bf 100644 --- a/node_modules/pacote/lib/util/cache-dir.js +++ b/node_modules/pacote/lib/util/cache-dir.js @@ -1,10 +1,10 @@ -const os = require('os') -const { resolve } = require('path') +const { resolve } = require('node:path') +const { tmpdir, homedir } = require('node:os') module.exports = (fakePlatform = false) => { - const temp = os.tmpdir() + const temp = tmpdir() const uidOrPid = process.getuid ? process.getuid() : process.pid - const home = os.homedir() || resolve(temp, 'npm-' + uidOrPid) + const home = homedir() || resolve(temp, 'npm-' + uidOrPid) const platform = fakePlatform || process.platform const cacheExtra = platform === 'win32' ? 'npm-cache' : '.npm' const cacheRoot = (platform === 'win32' && process.env.LOCALAPPDATA) || home diff --git a/node_modules/pacote/lib/util/protected.js b/node_modules/pacote/lib/util/protected.js index 3334550150e99..e05203b481e6a 100644 --- a/node_modules/pacote/lib/util/protected.js +++ b/node_modules/pacote/lib/util/protected.js @@ -1,11 +1,5 @@ -const readPackageJson = Symbol.for('package.Fetcher._readPackageJson') -const prepareDir = Symbol('_prepareDir') -const tarballFromResolved = Symbol.for('pacote.Fetcher._tarballFromResolved') -const cacheFetches = Symbol.for('pacote.Fetcher._cacheFetches') - module.exports = { - readPackageJson, - prepareDir, - tarballFromResolved, - cacheFetches, + cacheFetches: Symbol.for('pacote.Fetcher._cacheFetches'), + readPackageJson: Symbol.for('package.Fetcher._readPackageJson'), + tarballFromResolved: Symbol.for('pacote.Fetcher._tarballFromResolved'), } diff --git a/node_modules/pacote/package.json b/node_modules/pacote/package.json index a391df823b9c6..caadaf2db50c8 100644 --- a/node_modules/pacote/package.json +++ b/node_modules/pacote/package.json @@ -1,6 +1,6 @@ { "name": "pacote", - "version": "18.0.5", + "version": "18.0.6", "description": "JavaScript package downloader", "author": "GitHub Inc.", "bin": { diff --git a/package-lock.json b/package-lock.json index 2cab73556579b..cc4b8d61956bc 100644 --- a/package-lock.json +++ b/package-lock.json @@ -138,7 +138,7 @@ "npm-registry-fetch": "^17.0.1", "npm-user-validate": "^2.0.1", "p-map": "^4.0.0", - "pacote": "^18.0.5", + "pacote": "^18.0.6", "parse-conflict-json": "^3.0.1", "proc-log": "^4.2.0", "qrcode-terminal": "^0.12.0", @@ -234,7 +234,7 @@ "json-stringify-safe": "^5.0.1", "nock": "^13.3.3", "npm-package-arg": "^11.0.2", - "pacote": "^18.0.5", + "pacote": "^18.0.6", "tap": "^16.3.8" }, "engines": { @@ -9452,11 +9452,10 @@ } }, "node_modules/pacote": { - "version": "18.0.5", - "resolved": "https://registry.npmjs.org/pacote/-/pacote-18.0.5.tgz", - "integrity": "sha512-AtbhPJE1gFPFdIb04spfX0UprUL0xK2eOBVVQnDNbLg7/VPrK/NkqgZRv7fkPPMM/zxZukjCkuGh+tZh7arrwQ==", + "version": "18.0.6", + "resolved": "https://registry.npmjs.org/pacote/-/pacote-18.0.6.tgz", + "integrity": "sha512-+eK3G27SMwsB8kLIuj4h1FUhHtwiEUo21Tw8wNjmvdlpOEr613edv+8FUsTj/4F/VN5ywGE19X18N7CC2EJk6A==", "inBundle": true, - "license": "ISC", "dependencies": { "@npmcli/git": "^5.0.0", "@npmcli/installed-package-contents": "^2.0.1", @@ -14793,7 +14792,7 @@ "npm-package-arg": "^11.0.2", "npm-pick-manifest": "^9.0.1", "npm-registry-fetch": "^17.0.1", - "pacote": "^18.0.5", + "pacote": "^18.0.6", "parse-conflict-json": "^3.0.0", "proc-log": "^4.2.0", "proggy": "^2.0.0", @@ -14874,7 +14873,7 @@ "diff": "^5.1.0", "minimatch": "^9.0.4", "npm-package-arg": "^11.0.2", - "pacote": "^18.0.5", + "pacote": "^18.0.6", "tar": "^6.2.1" }, "devDependencies": { @@ -14894,7 +14893,7 @@ "@npmcli/run-script": "^8.1.0", "ci-info": "^4.0.0", "npm-package-arg": "^11.0.2", - "pacote": "^18.0.5", + "pacote": "^18.0.6", "proc-log": "^4.2.0", "read": "^3.0.1", "read-package-json-fast": "^3.0.2", @@ -14972,7 +14971,7 @@ "@npmcli/arborist": "^7.2.1", "@npmcli/run-script": "^8.1.0", "npm-package-arg": "^11.0.2", - "pacote": "^18.0.5" + "pacote": "^18.0.6" }, "devDependencies": { "@npmcli/eslint-config": "^4.0.0", diff --git a/package.json b/package.json index 812550018feb8..baf36809c378b 100644 --- a/package.json +++ b/package.json @@ -103,7 +103,7 @@ "npm-registry-fetch": "^17.0.1", "npm-user-validate": "^2.0.1", "p-map": "^4.0.0", - "pacote": "^18.0.5", + "pacote": "^18.0.6", "parse-conflict-json": "^3.0.1", "proc-log": "^4.2.0", "qrcode-terminal": "^0.12.0", diff --git a/workspaces/arborist/package.json b/workspaces/arborist/package.json index 102a3fad8a87b..1c20c44ff65b3 100644 --- a/workspaces/arborist/package.json +++ b/workspaces/arborist/package.json @@ -27,7 +27,7 @@ "npm-package-arg": "^11.0.2", "npm-pick-manifest": "^9.0.1", "npm-registry-fetch": "^17.0.1", - "pacote": "^18.0.5", + "pacote": "^18.0.6", "parse-conflict-json": "^3.0.0", "proc-log": "^4.2.0", "proggy": "^2.0.0", diff --git a/workspaces/libnpmdiff/package.json b/workspaces/libnpmdiff/package.json index 382f9f43e8d55..bcdab2ac140bf 100644 --- a/workspaces/libnpmdiff/package.json +++ b/workspaces/libnpmdiff/package.json @@ -52,7 +52,7 @@ "diff": "^5.1.0", "minimatch": "^9.0.4", "npm-package-arg": "^11.0.2", - "pacote": "^18.0.5", + "pacote": "^18.0.6", "tar": "^6.2.1" }, "templateOSS": { diff --git a/workspaces/libnpmexec/package.json b/workspaces/libnpmexec/package.json index cd051b4616a31..e51a948db732b 100644 --- a/workspaces/libnpmexec/package.json +++ b/workspaces/libnpmexec/package.json @@ -63,7 +63,7 @@ "@npmcli/run-script": "^8.1.0", "ci-info": "^4.0.0", "npm-package-arg": "^11.0.2", - "pacote": "^18.0.5", + "pacote": "^18.0.6", "proc-log": "^4.2.0", "read": "^3.0.1", "read-package-json-fast": "^3.0.2", diff --git a/workspaces/libnpmpack/package.json b/workspaces/libnpmpack/package.json index 2bc6553f1ec8d..ce9f3f34e6ecb 100644 --- a/workspaces/libnpmpack/package.json +++ b/workspaces/libnpmpack/package.json @@ -39,7 +39,7 @@ "@npmcli/arborist": "^7.2.1", "@npmcli/run-script": "^8.1.0", "npm-package-arg": "^11.0.2", - "pacote": "^18.0.5" + "pacote": "^18.0.6" }, "engines": { "node": "^16.14.0 || >=18.0.0"