diff --git a/mock-registry/package.json b/mock-registry/package.json index 1295f931d3afa..8582d113c04f0 100644 --- a/mock-registry/package.json +++ b/mock-registry/package.json @@ -51,7 +51,7 @@ "json-stringify-safe": "^5.0.1", "nock": "^13.3.3", "npm-package-arg": "^11.0.2", - "pacote": "^18.0.5", + "pacote": "^18.0.6", "tap": "^16.3.8" } } diff --git a/node_modules/pacote/lib/dir.js b/node_modules/pacote/lib/dir.js index 6674bb0bf23a1..f3229b34e463a 100644 --- a/node_modules/pacote/lib/dir.js +++ b/node_modules/pacote/lib/dir.js @@ -1,12 +1,12 @@ -const Fetcher = require('./fetcher.js') -const FileFetcher = require('./file.js') -const { Minipass } = require('minipass') -const tarCreateOptions = require('./util/tar-create-options.js') +const { resolve } = require('node:path') const packlist = require('npm-packlist') -const tar = require('tar') -const { resolve } = require('path') const runScript = require('@npmcli/run-script') +const tar = require('tar') +const { Minipass } = require('minipass') +const Fetcher = require('./fetcher.js') +const FileFetcher = require('./file.js') const _ = require('./util/protected.js') +const tarCreateOptions = require('./util/tar-create-options.js') class DirFetcher extends Fetcher { constructor (spec, opts) { @@ -27,7 +27,7 @@ class DirFetcher extends Fetcher { return ['directory'] } - [_.prepareDir] () { + #prepareDir () { return this.manifest().then(mani => { if (!mani.scripts || !mani.scripts.prepare) { return @@ -65,7 +65,7 @@ class DirFetcher extends Fetcher { // run the prepare script, get the list of files, and tar it up // pipe to the stream, and proxy errors the chain. - this[_.prepareDir]() + this.#prepareDir() .then(async () => { if (!this.tree) { const arb = new this.Arborist({ path: this.resolved }) diff --git a/node_modules/pacote/lib/fetcher.js b/node_modules/pacote/lib/fetcher.js index ec5a807b79991..cc2c2db70c697 100644 --- a/node_modules/pacote/lib/fetcher.js +++ b/node_modules/pacote/lib/fetcher.js @@ -3,22 +3,22 @@ // It handles the unpacking and retry logic that is shared among // all of the other Fetcher types. +const { basename, dirname } = require('node:path') +const { rm, mkdir } = require('node:fs/promises') +const PackageJson = require('@npmcli/package-json') +const cacache = require('cacache') +const fsm = require('fs-minipass') +const getContents = require('@npmcli/installed-package-contents') const npa = require('npm-package-arg') +const retry = require('promise-retry') const ssri = require('ssri') -const { basename, dirname } = require('path') const tar = require('tar') +const { Minipass } = require('minipass') const { log } = require('proc-log') -const retry = require('promise-retry') -const fs = require('fs/promises') -const fsm = require('fs-minipass') -const cacache = require('cacache') +const _ = require('./util/protected.js') +const cacheDir = require('./util/cache-dir.js') const isPackageBin = require('./util/is-package-bin.js') const removeTrailingSlashes = require('./util/trailing-slashes.js') -const getContents = require('@npmcli/installed-package-contents') -const PackageJson = require('@npmcli/package-json') -const { Minipass } = require('minipass') -const cacheDir = require('./util/cache-dir.js') -const _ = require('./util/protected.js') // Pacote is only concerned with the package.json contents const packageJsonPrepare = (p) => PackageJson.prepare(p).then(pkg => pkg.content) @@ -337,12 +337,12 @@ class FetcherBase { #empty (path) { return getContents({ path, depth: 1 }).then(contents => Promise.all( - contents.map(entry => fs.rm(entry, { recursive: true, force: true })))) + contents.map(entry => rm(entry, { recursive: true, force: true })))) } async #mkdir (dest) { await this.#empty(dest) - return await fs.mkdir(dest, { recursive: true }) + return await mkdir(dest, { recursive: true }) } // extraction is always the same. the only difference is where @@ -369,7 +369,7 @@ class FetcherBase { // don't use this.#mkdir because we don't want to rimraf anything async tarballFile (dest) { const dir = dirname(dest) - await fs.mkdir(dir, { recursive: true }) + await mkdir(dir, { recursive: true }) return this.#toFile(dest) } diff --git a/node_modules/pacote/lib/file.js b/node_modules/pacote/lib/file.js index 307efedb31f7e..2021325085e4f 100644 --- a/node_modules/pacote/lib/file.js +++ b/node_modules/pacote/lib/file.js @@ -1,7 +1,7 @@ -const fsm = require('fs-minipass') +const { resolve } = require('node:path') +const { stat, chmod } = require('node:fs/promises') const cacache = require('cacache') -const { resolve } = require('path') -const { stat, chmod } = require('fs/promises') +const fsm = require('fs-minipass') const Fetcher = require('./fetcher.js') const _ = require('./util/protected.js') diff --git a/node_modules/pacote/lib/git.js b/node_modules/pacote/lib/git.js index 23f4b1d218bcc..077193a86f026 100644 --- a/node_modules/pacote/lib/git.js +++ b/node_modules/pacote/lib/git.js @@ -1,16 +1,16 @@ -const Fetcher = require('./fetcher.js') -const FileFetcher = require('./file.js') -const RemoteFetcher = require('./remote.js') -const DirFetcher = require('./dir.js') +const cacache = require('cacache') const git = require('@npmcli/git') -const pickManifest = require('npm-pick-manifest') const npa = require('npm-package-arg') +const pickManifest = require('npm-pick-manifest') const { Minipass } = require('minipass') -const cacache = require('cacache') const { log } = require('proc-log') -const npm = require('./util/npm.js') -const addGitSha = require('./util/add-git-sha.js') +const DirFetcher = require('./dir.js') +const Fetcher = require('./fetcher.js') +const FileFetcher = require('./file.js') +const RemoteFetcher = require('./remote.js') const _ = require('./util/protected.js') +const addGitSha = require('./util/add-git-sha.js') +const npm = require('./util/npm.js') const hashre = /^[a-f0-9]{40}$/ diff --git a/node_modules/pacote/lib/registry.js b/node_modules/pacote/lib/registry.js index f2b5a8a547cc9..1ecf4ee177349 100644 --- a/node_modules/pacote/lib/registry.js +++ b/node_modules/pacote/lib/registry.js @@ -1,14 +1,14 @@ -const Fetcher = require('./fetcher.js') -const RemoteFetcher = require('./remote.js') -const pacoteVersion = require('../package.json').version -const removeTrailingSlashes = require('./util/trailing-slashes.js') +const crypto = require('node:crypto') const PackageJson = require('@npmcli/package-json') const pickManifest = require('npm-pick-manifest') const ssri = require('ssri') -const crypto = require('crypto') const npa = require('npm-package-arg') const sigstore = require('sigstore') const fetch = require('npm-registry-fetch') +const Fetcher = require('./fetcher.js') +const RemoteFetcher = require('./remote.js') +const pacoteVersion = require('../package.json').version +const removeTrailingSlashes = require('./util/trailing-slashes.js') const _ = require('./util/protected.js') // Corgis are cute. 🐕🐶 @@ -20,6 +20,7 @@ const fullDoc = 'application/json' const MISSING_TIME_CUTOFF = '2015-01-01T00:00:00.000Z' class RegistryFetcher extends Fetcher { + #cacheKey constructor (spec, opts) { super(spec, opts) @@ -32,8 +33,8 @@ class RegistryFetcher extends Fetcher { this.packumentCache = this.opts.packumentCache || null this.registry = fetch.pickRegistry(spec, opts) - this.packumentUrl = removeTrailingSlashes(this.registry) + '/' + - this.spec.escapedName + this.packumentUrl = `${removeTrailingSlashes(this.registry)}/${this.spec.escapedName}` + this.#cacheKey = `${this.fullMetadata ? 'full' : 'corgi'}:${this.packumentUrl}` const parsed = new URL(this.registry) const regKey = `//${parsed.host}${parsed.pathname}` @@ -78,8 +79,8 @@ class RegistryFetcher extends Fetcher { // note this might be either an in-flight promise for a request, // or the actual packument, but we never want to make more than // one request at a time for the same thing regardless. - if (this.packumentCache?.has(this.packumentUrl)) { - return this.packumentCache.get(this.packumentUrl) + if (this.packumentCache?.has(this.#cacheKey)) { + return this.packumentCache.get(this.#cacheKey) } // npm-registry-fetch the packument @@ -99,10 +100,10 @@ class RegistryFetcher extends Fetcher { if (contentLength) { packument._contentLength = Number(contentLength) } - this.packumentCache?.set(this.packumentUrl, packument) + this.packumentCache?.set(this.#cacheKey, packument) return packument } catch (err) { - this.packumentCache?.delete(this.packumentUrl) + this.packumentCache?.delete(this.#cacheKey) if (err.code !== 'E404' || this.fullMetadata) { throw err } diff --git a/node_modules/pacote/lib/remote.js b/node_modules/pacote/lib/remote.js index 9a743322ace4e..bd321e65a1f18 100644 --- a/node_modules/pacote/lib/remote.js +++ b/node_modules/pacote/lib/remote.js @@ -1,9 +1,9 @@ -const Fetcher = require('./fetcher.js') -const FileFetcher = require('./file.js') -const pacoteVersion = require('../package.json').version const fetch = require('npm-registry-fetch') const { Minipass } = require('minipass') +const Fetcher = require('./fetcher.js') +const FileFetcher = require('./file.js') const _ = require('./util/protected.js') +const pacoteVersion = require('../package.json').version class RemoteFetcher extends Fetcher { constructor (spec, opts) { diff --git a/node_modules/pacote/lib/util/cache-dir.js b/node_modules/pacote/lib/util/cache-dir.js index ac83b1793f199..ba5683a7bb5bf 100644 --- a/node_modules/pacote/lib/util/cache-dir.js +++ b/node_modules/pacote/lib/util/cache-dir.js @@ -1,10 +1,10 @@ -const os = require('os') -const { resolve } = require('path') +const { resolve } = require('node:path') +const { tmpdir, homedir } = require('node:os') module.exports = (fakePlatform = false) => { - const temp = os.tmpdir() + const temp = tmpdir() const uidOrPid = process.getuid ? process.getuid() : process.pid - const home = os.homedir() || resolve(temp, 'npm-' + uidOrPid) + const home = homedir() || resolve(temp, 'npm-' + uidOrPid) const platform = fakePlatform || process.platform const cacheExtra = platform === 'win32' ? 'npm-cache' : '.npm' const cacheRoot = (platform === 'win32' && process.env.LOCALAPPDATA) || home diff --git a/node_modules/pacote/lib/util/protected.js b/node_modules/pacote/lib/util/protected.js index 3334550150e99..e05203b481e6a 100644 --- a/node_modules/pacote/lib/util/protected.js +++ b/node_modules/pacote/lib/util/protected.js @@ -1,11 +1,5 @@ -const readPackageJson = Symbol.for('package.Fetcher._readPackageJson') -const prepareDir = Symbol('_prepareDir') -const tarballFromResolved = Symbol.for('pacote.Fetcher._tarballFromResolved') -const cacheFetches = Symbol.for('pacote.Fetcher._cacheFetches') - module.exports = { - readPackageJson, - prepareDir, - tarballFromResolved, - cacheFetches, + cacheFetches: Symbol.for('pacote.Fetcher._cacheFetches'), + readPackageJson: Symbol.for('package.Fetcher._readPackageJson'), + tarballFromResolved: Symbol.for('pacote.Fetcher._tarballFromResolved'), } diff --git a/node_modules/pacote/package.json b/node_modules/pacote/package.json index a391df823b9c6..caadaf2db50c8 100644 --- a/node_modules/pacote/package.json +++ b/node_modules/pacote/package.json @@ -1,6 +1,6 @@ { "name": "pacote", - "version": "18.0.5", + "version": "18.0.6", "description": "JavaScript package downloader", "author": "GitHub Inc.", "bin": { diff --git a/package-lock.json b/package-lock.json index 2cab73556579b..cc4b8d61956bc 100644 --- a/package-lock.json +++ b/package-lock.json @@ -138,7 +138,7 @@ "npm-registry-fetch": "^17.0.1", "npm-user-validate": "^2.0.1", "p-map": "^4.0.0", - "pacote": "^18.0.5", + "pacote": "^18.0.6", "parse-conflict-json": "^3.0.1", "proc-log": "^4.2.0", "qrcode-terminal": "^0.12.0", @@ -234,7 +234,7 @@ "json-stringify-safe": "^5.0.1", "nock": "^13.3.3", "npm-package-arg": "^11.0.2", - "pacote": "^18.0.5", + "pacote": "^18.0.6", "tap": "^16.3.8" }, "engines": { @@ -9452,11 +9452,10 @@ } }, "node_modules/pacote": { - "version": "18.0.5", - "resolved": "https://registry.npmjs.org/pacote/-/pacote-18.0.5.tgz", - "integrity": "sha512-AtbhPJE1gFPFdIb04spfX0UprUL0xK2eOBVVQnDNbLg7/VPrK/NkqgZRv7fkPPMM/zxZukjCkuGh+tZh7arrwQ==", + "version": "18.0.6", + "resolved": "https://registry.npmjs.org/pacote/-/pacote-18.0.6.tgz", + "integrity": "sha512-+eK3G27SMwsB8kLIuj4h1FUhHtwiEUo21Tw8wNjmvdlpOEr613edv+8FUsTj/4F/VN5ywGE19X18N7CC2EJk6A==", "inBundle": true, - "license": "ISC", "dependencies": { "@npmcli/git": "^5.0.0", "@npmcli/installed-package-contents": "^2.0.1", @@ -14793,7 +14792,7 @@ "npm-package-arg": "^11.0.2", "npm-pick-manifest": "^9.0.1", "npm-registry-fetch": "^17.0.1", - "pacote": "^18.0.5", + "pacote": "^18.0.6", "parse-conflict-json": "^3.0.0", "proc-log": "^4.2.0", "proggy": "^2.0.0", @@ -14874,7 +14873,7 @@ "diff": "^5.1.0", "minimatch": "^9.0.4", "npm-package-arg": "^11.0.2", - "pacote": "^18.0.5", + "pacote": "^18.0.6", "tar": "^6.2.1" }, "devDependencies": { @@ -14894,7 +14893,7 @@ "@npmcli/run-script": "^8.1.0", "ci-info": "^4.0.0", "npm-package-arg": "^11.0.2", - "pacote": "^18.0.5", + "pacote": "^18.0.6", "proc-log": "^4.2.0", "read": "^3.0.1", "read-package-json-fast": "^3.0.2", @@ -14972,7 +14971,7 @@ "@npmcli/arborist": "^7.2.1", "@npmcli/run-script": "^8.1.0", "npm-package-arg": "^11.0.2", - "pacote": "^18.0.5" + "pacote": "^18.0.6" }, "devDependencies": { "@npmcli/eslint-config": "^4.0.0", diff --git a/package.json b/package.json index 812550018feb8..baf36809c378b 100644 --- a/package.json +++ b/package.json @@ -103,7 +103,7 @@ "npm-registry-fetch": "^17.0.1", "npm-user-validate": "^2.0.1", "p-map": "^4.0.0", - "pacote": "^18.0.5", + "pacote": "^18.0.6", "parse-conflict-json": "^3.0.1", "proc-log": "^4.2.0", "qrcode-terminal": "^0.12.0", diff --git a/workspaces/arborist/package.json b/workspaces/arborist/package.json index 102a3fad8a87b..1c20c44ff65b3 100644 --- a/workspaces/arborist/package.json +++ b/workspaces/arborist/package.json @@ -27,7 +27,7 @@ "npm-package-arg": "^11.0.2", "npm-pick-manifest": "^9.0.1", "npm-registry-fetch": "^17.0.1", - "pacote": "^18.0.5", + "pacote": "^18.0.6", "parse-conflict-json": "^3.0.0", "proc-log": "^4.2.0", "proggy": "^2.0.0", diff --git a/workspaces/libnpmdiff/package.json b/workspaces/libnpmdiff/package.json index 382f9f43e8d55..bcdab2ac140bf 100644 --- a/workspaces/libnpmdiff/package.json +++ b/workspaces/libnpmdiff/package.json @@ -52,7 +52,7 @@ "diff": "^5.1.0", "minimatch": "^9.0.4", "npm-package-arg": "^11.0.2", - "pacote": "^18.0.5", + "pacote": "^18.0.6", "tar": "^6.2.1" }, "templateOSS": { diff --git a/workspaces/libnpmexec/package.json b/workspaces/libnpmexec/package.json index cd051b4616a31..e51a948db732b 100644 --- a/workspaces/libnpmexec/package.json +++ b/workspaces/libnpmexec/package.json @@ -63,7 +63,7 @@ "@npmcli/run-script": "^8.1.0", "ci-info": "^4.0.0", "npm-package-arg": "^11.0.2", - "pacote": "^18.0.5", + "pacote": "^18.0.6", "proc-log": "^4.2.0", "read": "^3.0.1", "read-package-json-fast": "^3.0.2", diff --git a/workspaces/libnpmpack/package.json b/workspaces/libnpmpack/package.json index 2bc6553f1ec8d..ce9f3f34e6ecb 100644 --- a/workspaces/libnpmpack/package.json +++ b/workspaces/libnpmpack/package.json @@ -39,7 +39,7 @@ "@npmcli/arborist": "^7.2.1", "@npmcli/run-script": "^8.1.0", "npm-package-arg": "^11.0.2", - "pacote": "^18.0.5" + "pacote": "^18.0.6" }, "engines": { "node": "^16.14.0 || >=18.0.0"