diff --git a/mock-registry/package.json b/mock-registry/package.json index d8d8f002e42f3..5245e009839b4 100644 --- a/mock-registry/package.json +++ b/mock-registry/package.json @@ -51,7 +51,7 @@ "@npmcli/template-oss": "4.23.3", "json-stringify-safe": "^5.0.1", "nock": "^13.3.3", - "npm-package-arg": "^11.0.2", + "npm-package-arg": "^12.0.0", "pacote": "^18.0.6", "tap": "^16.3.8" } diff --git a/node_modules/.gitignore b/node_modules/.gitignore index 72f2032457f52..011491bfaf5d8 100644 --- a/node_modules/.gitignore +++ b/node_modules/.gitignore @@ -52,10 +52,8 @@ !/@npmcli/package-json/node_modules/@npmcli/git !/@npmcli/package-json/node_modules/isexe !/@npmcli/package-json/node_modules/npm-normalize-package-bin -!/@npmcli/package-json/node_modules/npm-package-arg !/@npmcli/package-json/node_modules/npm-pick-manifest !/@npmcli/package-json/node_modules/proc-log -!/@npmcli/package-json/node_modules/validate-npm-package-name !/@npmcli/package-json/node_modules/which !/@npmcli/promise-spawn !/@npmcli/promise-spawn/node_modules/ @@ -163,8 +161,6 @@ !/init-package-json/node_modules/ /init-package-json/node_modules/* !/init-package-json/node_modules/mute-stream -!/init-package-json/node_modules/npm-package-arg -!/init-package-json/node_modules/proc-log !/init-package-json/node_modules/read !/init-package-json/node_modules/validate-npm-package-name !/ip-address @@ -237,12 +233,15 @@ !/npm-package-arg !/npm-package-arg/node_modules/ /npm-package-arg/node_modules/* -!/npm-package-arg/node_modules/hosted-git-info +!/npm-package-arg/node_modules/proc-log +!/npm-package-arg/node_modules/validate-npm-package-name !/npm-packlist !/npm-pick-manifest !/npm-pick-manifest/node_modules/ /npm-pick-manifest/node_modules/* +!/npm-pick-manifest/node_modules/hosted-git-info !/npm-pick-manifest/node_modules/npm-install-checks +!/npm-pick-manifest/node_modules/npm-package-arg !/npm-profile !/npm-registry-fetch !/npm-registry-fetch/node_modules/ @@ -253,7 +252,9 @@ !/npm-registry-fetch/node_modules/@npmcli/fs !/npm-registry-fetch/node_modules/@npmcli/redact !/npm-registry-fetch/node_modules/cacache +!/npm-registry-fetch/node_modules/hosted-git-info !/npm-registry-fetch/node_modules/make-fetch-happen +!/npm-registry-fetch/node_modules/npm-package-arg !/npm-registry-fetch/node_modules/unique-filename !/npm-registry-fetch/node_modules/unique-slug !/npm-user-validate @@ -272,6 +273,7 @@ !/pacote/node_modules/hosted-git-info !/pacote/node_modules/json-parse-even-better-errors !/pacote/node_modules/normalize-package-data +!/pacote/node_modules/npm-package-arg !/pacote/node_modules/unique-filename !/pacote/node_modules/unique-slug !/parse-conflict-json diff --git a/node_modules/init-package-json/node_modules/proc-log/LICENSE b/node_modules/npm-package-arg/node_modules/proc-log/LICENSE similarity index 100% rename from node_modules/init-package-json/node_modules/proc-log/LICENSE rename to node_modules/npm-package-arg/node_modules/proc-log/LICENSE diff --git a/node_modules/init-package-json/node_modules/proc-log/lib/index.js b/node_modules/npm-package-arg/node_modules/proc-log/lib/index.js similarity index 100% rename from node_modules/init-package-json/node_modules/proc-log/lib/index.js rename to node_modules/npm-package-arg/node_modules/proc-log/lib/index.js diff --git a/node_modules/init-package-json/node_modules/proc-log/package.json b/node_modules/npm-package-arg/node_modules/proc-log/package.json similarity index 100% rename from node_modules/init-package-json/node_modules/proc-log/package.json rename to node_modules/npm-package-arg/node_modules/proc-log/package.json diff --git a/node_modules/@npmcli/package-json/node_modules/validate-npm-package-name/LICENSE b/node_modules/npm-package-arg/node_modules/validate-npm-package-name/LICENSE similarity index 100% rename from node_modules/@npmcli/package-json/node_modules/validate-npm-package-name/LICENSE rename to node_modules/npm-package-arg/node_modules/validate-npm-package-name/LICENSE diff --git a/node_modules/@npmcli/package-json/node_modules/validate-npm-package-name/lib/index.js b/node_modules/npm-package-arg/node_modules/validate-npm-package-name/lib/index.js similarity index 100% rename from node_modules/@npmcli/package-json/node_modules/validate-npm-package-name/lib/index.js rename to node_modules/npm-package-arg/node_modules/validate-npm-package-name/lib/index.js diff --git a/node_modules/@npmcli/package-json/node_modules/validate-npm-package-name/package.json b/node_modules/npm-package-arg/node_modules/validate-npm-package-name/package.json similarity index 100% rename from node_modules/@npmcli/package-json/node_modules/validate-npm-package-name/package.json rename to node_modules/npm-package-arg/node_modules/validate-npm-package-name/package.json diff --git a/node_modules/npm-package-arg/package.json b/node_modules/npm-package-arg/package.json index d3f6fd7cf0a05..80baa3d32a52f 100644 --- a/node_modules/npm-package-arg/package.json +++ b/node_modules/npm-package-arg/package.json @@ -1,6 +1,6 @@ { "name": "npm-package-arg", - "version": "11.0.3", + "version": "12.0.0", "description": "Parse the things that can be arguments to `npm install`", "main": "./lib/npa.js", "directories": { @@ -11,14 +11,14 @@ "lib/" ], "dependencies": { - "hosted-git-info": "^7.0.0", - "proc-log": "^4.0.0", + "hosted-git-info": "^8.0.0", + "proc-log": "^5.0.0", "semver": "^7.3.5", - "validate-npm-package-name": "^5.0.0" + "validate-npm-package-name": "^6.0.0" }, "devDependencies": { - "@npmcli/eslint-config": "^4.0.0", - "@npmcli/template-oss": "4.23.1", + "@npmcli/eslint-config": "^5.0.0", + "@npmcli/template-oss": "4.23.3", "tap": "^16.0.1" }, "scripts": { @@ -44,7 +44,7 @@ }, "homepage": "https://github.com/npm/npm-package-arg", "engines": { - "node": "^16.14.0 || >=18.0.0" + "node": "^18.17.0 || >=20.5.0" }, "tap": { "branches": 97, @@ -55,7 +55,7 @@ }, "templateOSS": { "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.", - "version": "4.23.1", + "version": "4.23.3", "publish": true } } diff --git a/node_modules/npm-package-arg/node_modules/hosted-git-info/LICENSE b/node_modules/npm-pick-manifest/node_modules/hosted-git-info/LICENSE similarity index 100% rename from node_modules/npm-package-arg/node_modules/hosted-git-info/LICENSE rename to node_modules/npm-pick-manifest/node_modules/hosted-git-info/LICENSE diff --git a/node_modules/npm-package-arg/node_modules/hosted-git-info/lib/from-url.js b/node_modules/npm-pick-manifest/node_modules/hosted-git-info/lib/from-url.js similarity index 100% rename from node_modules/npm-package-arg/node_modules/hosted-git-info/lib/from-url.js rename to node_modules/npm-pick-manifest/node_modules/hosted-git-info/lib/from-url.js diff --git a/node_modules/npm-package-arg/node_modules/hosted-git-info/lib/hosts.js b/node_modules/npm-pick-manifest/node_modules/hosted-git-info/lib/hosts.js similarity index 100% rename from node_modules/npm-package-arg/node_modules/hosted-git-info/lib/hosts.js rename to node_modules/npm-pick-manifest/node_modules/hosted-git-info/lib/hosts.js diff --git a/node_modules/npm-package-arg/node_modules/hosted-git-info/lib/index.js b/node_modules/npm-pick-manifest/node_modules/hosted-git-info/lib/index.js similarity index 100% rename from node_modules/npm-package-arg/node_modules/hosted-git-info/lib/index.js rename to node_modules/npm-pick-manifest/node_modules/hosted-git-info/lib/index.js diff --git a/node_modules/npm-package-arg/node_modules/hosted-git-info/lib/parse-url.js b/node_modules/npm-pick-manifest/node_modules/hosted-git-info/lib/parse-url.js similarity index 100% rename from node_modules/npm-package-arg/node_modules/hosted-git-info/lib/parse-url.js rename to node_modules/npm-pick-manifest/node_modules/hosted-git-info/lib/parse-url.js diff --git a/node_modules/npm-package-arg/node_modules/hosted-git-info/package.json b/node_modules/npm-pick-manifest/node_modules/hosted-git-info/package.json similarity index 100% rename from node_modules/npm-package-arg/node_modules/hosted-git-info/package.json rename to node_modules/npm-pick-manifest/node_modules/hosted-git-info/package.json diff --git a/node_modules/@npmcli/package-json/node_modules/npm-package-arg/LICENSE b/node_modules/npm-pick-manifest/node_modules/npm-package-arg/LICENSE similarity index 100% rename from node_modules/@npmcli/package-json/node_modules/npm-package-arg/LICENSE rename to node_modules/npm-pick-manifest/node_modules/npm-package-arg/LICENSE diff --git a/node_modules/@npmcli/package-json/node_modules/npm-package-arg/lib/npa.js b/node_modules/npm-pick-manifest/node_modules/npm-package-arg/lib/npa.js similarity index 100% rename from node_modules/@npmcli/package-json/node_modules/npm-package-arg/lib/npa.js rename to node_modules/npm-pick-manifest/node_modules/npm-package-arg/lib/npa.js diff --git a/node_modules/@npmcli/package-json/node_modules/npm-package-arg/package.json b/node_modules/npm-pick-manifest/node_modules/npm-package-arg/package.json similarity index 82% rename from node_modules/@npmcli/package-json/node_modules/npm-package-arg/package.json rename to node_modules/npm-pick-manifest/node_modules/npm-package-arg/package.json index 80baa3d32a52f..d3f6fd7cf0a05 100644 --- a/node_modules/@npmcli/package-json/node_modules/npm-package-arg/package.json +++ b/node_modules/npm-pick-manifest/node_modules/npm-package-arg/package.json @@ -1,6 +1,6 @@ { "name": "npm-package-arg", - "version": "12.0.0", + "version": "11.0.3", "description": "Parse the things that can be arguments to `npm install`", "main": "./lib/npa.js", "directories": { @@ -11,14 +11,14 @@ "lib/" ], "dependencies": { - "hosted-git-info": "^8.0.0", - "proc-log": "^5.0.0", + "hosted-git-info": "^7.0.0", + "proc-log": "^4.0.0", "semver": "^7.3.5", - "validate-npm-package-name": "^6.0.0" + "validate-npm-package-name": "^5.0.0" }, "devDependencies": { - "@npmcli/eslint-config": "^5.0.0", - "@npmcli/template-oss": "4.23.3", + "@npmcli/eslint-config": "^4.0.0", + "@npmcli/template-oss": "4.23.1", "tap": "^16.0.1" }, "scripts": { @@ -44,7 +44,7 @@ }, "homepage": "https://github.com/npm/npm-package-arg", "engines": { - "node": "^18.17.0 || >=20.5.0" + "node": "^16.14.0 || >=18.0.0" }, "tap": { "branches": 97, @@ -55,7 +55,7 @@ }, "templateOSS": { "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.", - "version": "4.23.3", + "version": "4.23.1", "publish": true } } diff --git a/node_modules/npm-registry-fetch/node_modules/hosted-git-info/LICENSE b/node_modules/npm-registry-fetch/node_modules/hosted-git-info/LICENSE new file mode 100644 index 0000000000000..45055763dc838 --- /dev/null +++ b/node_modules/npm-registry-fetch/node_modules/hosted-git-info/LICENSE @@ -0,0 +1,13 @@ +Copyright (c) 2015, Rebecca Turner + +Permission to use, copy, modify, and/or distribute this software for any +purpose with or without fee is hereby granted, provided that the above +copyright notice and this permission notice appear in all copies. + +THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH +REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND +FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, +INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR +OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +PERFORMANCE OF THIS SOFTWARE. diff --git a/node_modules/npm-registry-fetch/node_modules/hosted-git-info/lib/from-url.js b/node_modules/npm-registry-fetch/node_modules/hosted-git-info/lib/from-url.js new file mode 100644 index 0000000000000..efc1247d59d12 --- /dev/null +++ b/node_modules/npm-registry-fetch/node_modules/hosted-git-info/lib/from-url.js @@ -0,0 +1,122 @@ +'use strict' + +const parseUrl = require('./parse-url') + +// look for github shorthand inputs, such as npm/cli +const isGitHubShorthand = (arg) => { + // it cannot contain whitespace before the first # + // it cannot start with a / because that's probably an absolute file path + // but it must include a slash since repos are username/repository + // it cannot start with a . because that's probably a relative file path + // it cannot start with an @ because that's a scoped package if it passes the other tests + // it cannot contain a : before a # because that tells us that there's a protocol + // a second / may not exist before a # + const firstHash = arg.indexOf('#') + const firstSlash = arg.indexOf('/') + const secondSlash = arg.indexOf('/', firstSlash + 1) + const firstColon = arg.indexOf(':') + const firstSpace = /\s/.exec(arg) + const firstAt = arg.indexOf('@') + + const spaceOnlyAfterHash = !firstSpace || (firstHash > -1 && firstSpace.index > firstHash) + const atOnlyAfterHash = firstAt === -1 || (firstHash > -1 && firstAt > firstHash) + const colonOnlyAfterHash = firstColon === -1 || (firstHash > -1 && firstColon > firstHash) + const secondSlashOnlyAfterHash = secondSlash === -1 || (firstHash > -1 && secondSlash > firstHash) + const hasSlash = firstSlash > 0 + // if a # is found, what we really want to know is that the character + // immediately before # is not a / + const doesNotEndWithSlash = firstHash > -1 ? arg[firstHash - 1] !== '/' : !arg.endsWith('/') + const doesNotStartWithDot = !arg.startsWith('.') + + return spaceOnlyAfterHash && hasSlash && doesNotEndWithSlash && + doesNotStartWithDot && atOnlyAfterHash && colonOnlyAfterHash && + secondSlashOnlyAfterHash +} + +module.exports = (giturl, opts, { gitHosts, protocols }) => { + if (!giturl) { + return + } + + const correctedUrl = isGitHubShorthand(giturl) ? `github:${giturl}` : giturl + const parsed = parseUrl(correctedUrl, protocols) + if (!parsed) { + return + } + + const gitHostShortcut = gitHosts.byShortcut[parsed.protocol] + const gitHostDomain = gitHosts.byDomain[parsed.hostname.startsWith('www.') + ? parsed.hostname.slice(4) + : parsed.hostname] + const gitHostName = gitHostShortcut || gitHostDomain + if (!gitHostName) { + return + } + + const gitHostInfo = gitHosts[gitHostShortcut || gitHostDomain] + let auth = null + if (protocols[parsed.protocol]?.auth && (parsed.username || parsed.password)) { + auth = `${parsed.username}${parsed.password ? ':' + parsed.password : ''}` + } + + let committish = null + let user = null + let project = null + let defaultRepresentation = null + + try { + if (gitHostShortcut) { + let pathname = parsed.pathname.startsWith('/') ? parsed.pathname.slice(1) : parsed.pathname + const firstAt = pathname.indexOf('@') + // we ignore auth for shortcuts, so just trim it out + if (firstAt > -1) { + pathname = pathname.slice(firstAt + 1) + } + + const lastSlash = pathname.lastIndexOf('/') + if (lastSlash > -1) { + user = decodeURIComponent(pathname.slice(0, lastSlash)) + // we want nulls only, never empty strings + if (!user) { + user = null + } + project = decodeURIComponent(pathname.slice(lastSlash + 1)) + } else { + project = decodeURIComponent(pathname) + } + + if (project.endsWith('.git')) { + project = project.slice(0, -4) + } + + if (parsed.hash) { + committish = decodeURIComponent(parsed.hash.slice(1)) + } + + defaultRepresentation = 'shortcut' + } else { + if (!gitHostInfo.protocols.includes(parsed.protocol)) { + return + } + + const segments = gitHostInfo.extract(parsed) + if (!segments) { + return + } + + user = segments.user && decodeURIComponent(segments.user) + project = decodeURIComponent(segments.project) + committish = decodeURIComponent(segments.committish) + defaultRepresentation = protocols[parsed.protocol]?.name || parsed.protocol.slice(0, -1) + } + } catch (err) { + /* istanbul ignore else */ + if (err instanceof URIError) { + return + } else { + throw err + } + } + + return [gitHostName, user, auth, project, committish, defaultRepresentation, opts] +} diff --git a/node_modules/npm-registry-fetch/node_modules/hosted-git-info/lib/hosts.js b/node_modules/npm-registry-fetch/node_modules/hosted-git-info/lib/hosts.js new file mode 100644 index 0000000000000..9a08efd1b2d7e --- /dev/null +++ b/node_modules/npm-registry-fetch/node_modules/hosted-git-info/lib/hosts.js @@ -0,0 +1,227 @@ +/* eslint-disable max-len */ + +'use strict' + +const maybeJoin = (...args) => args.every(arg => arg) ? args.join('') : '' +const maybeEncode = (arg) => arg ? encodeURIComponent(arg) : '' +const formatHashFragment = (f) => f.toLowerCase().replace(/^\W+|\/|\W+$/g, '').replace(/\W+/g, '-') + +const defaults = { + sshtemplate: ({ domain, user, project, committish }) => + `git@${domain}:${user}/${project}.git${maybeJoin('#', committish)}`, + sshurltemplate: ({ domain, user, project, committish }) => + `git+ssh://git@${domain}/${user}/${project}.git${maybeJoin('#', committish)}`, + edittemplate: ({ domain, user, project, committish, editpath, path }) => + `https://${domain}/${user}/${project}${maybeJoin('/', editpath, '/', maybeEncode(committish || 'HEAD'), '/', path)}`, + browsetemplate: ({ domain, user, project, committish, treepath }) => + `https://${domain}/${user}/${project}${maybeJoin('/', treepath, '/', maybeEncode(committish))}`, + browsetreetemplate: ({ domain, user, project, committish, treepath, path, fragment, hashformat }) => + `https://${domain}/${user}/${project}/${treepath}/${maybeEncode(committish || 'HEAD')}/${path}${maybeJoin('#', hashformat(fragment || ''))}`, + browseblobtemplate: ({ domain, user, project, committish, blobpath, path, fragment, hashformat }) => + `https://${domain}/${user}/${project}/${blobpath}/${maybeEncode(committish || 'HEAD')}/${path}${maybeJoin('#', hashformat(fragment || ''))}`, + docstemplate: ({ domain, user, project, treepath, committish }) => + `https://${domain}/${user}/${project}${maybeJoin('/', treepath, '/', maybeEncode(committish))}#readme`, + httpstemplate: ({ auth, domain, user, project, committish }) => + `git+https://${maybeJoin(auth, '@')}${domain}/${user}/${project}.git${maybeJoin('#', committish)}`, + filetemplate: ({ domain, user, project, committish, path }) => + `https://${domain}/${user}/${project}/raw/${maybeEncode(committish || 'HEAD')}/${path}`, + shortcuttemplate: ({ type, user, project, committish }) => + `${type}:${user}/${project}${maybeJoin('#', committish)}`, + pathtemplate: ({ user, project, committish }) => + `${user}/${project}${maybeJoin('#', committish)}`, + bugstemplate: ({ domain, user, project }) => + `https://${domain}/${user}/${project}/issues`, + hashformat: formatHashFragment, +} + +const hosts = {} +hosts.github = { + // First two are insecure and generally shouldn't be used any more, but + // they are still supported. + protocols: ['git:', 'http:', 'git+ssh:', 'git+https:', 'ssh:', 'https:'], + domain: 'github.com', + treepath: 'tree', + blobpath: 'blob', + editpath: 'edit', + filetemplate: ({ auth, user, project, committish, path }) => + `https://${maybeJoin(auth, '@')}raw.githubusercontent.com/${user}/${project}/${maybeEncode(committish || 'HEAD')}/${path}`, + gittemplate: ({ auth, domain, user, project, committish }) => + `git://${maybeJoin(auth, '@')}${domain}/${user}/${project}.git${maybeJoin('#', committish)}`, + tarballtemplate: ({ domain, user, project, committish }) => + `https://codeload.${domain}/${user}/${project}/tar.gz/${maybeEncode(committish || 'HEAD')}`, + extract: (url) => { + let [, user, project, type, committish] = url.pathname.split('/', 5) + if (type && type !== 'tree') { + return + } + + if (!type) { + committish = url.hash.slice(1) + } + + if (project && project.endsWith('.git')) { + project = project.slice(0, -4) + } + + if (!user || !project) { + return + } + + return { user, project, committish } + }, +} + +hosts.bitbucket = { + protocols: ['git+ssh:', 'git+https:', 'ssh:', 'https:'], + domain: 'bitbucket.org', + treepath: 'src', + blobpath: 'src', + editpath: '?mode=edit', + edittemplate: ({ domain, user, project, committish, treepath, path, editpath }) => + `https://${domain}/${user}/${project}${maybeJoin('/', treepath, '/', maybeEncode(committish || 'HEAD'), '/', path, editpath)}`, + tarballtemplate: ({ domain, user, project, committish }) => + `https://${domain}/${user}/${project}/get/${maybeEncode(committish || 'HEAD')}.tar.gz`, + extract: (url) => { + let [, user, project, aux] = url.pathname.split('/', 4) + if (['get'].includes(aux)) { + return + } + + if (project && project.endsWith('.git')) { + project = project.slice(0, -4) + } + + if (!user || !project) { + return + } + + return { user, project, committish: url.hash.slice(1) } + }, +} + +hosts.gitlab = { + protocols: ['git+ssh:', 'git+https:', 'ssh:', 'https:'], + domain: 'gitlab.com', + treepath: 'tree', + blobpath: 'tree', + editpath: '-/edit', + httpstemplate: ({ auth, domain, user, project, committish }) => + `git+https://${maybeJoin(auth, '@')}${domain}/${user}/${project}.git${maybeJoin('#', committish)}`, + tarballtemplate: ({ domain, user, project, committish }) => + `https://${domain}/${user}/${project}/repository/archive.tar.gz?ref=${maybeEncode(committish || 'HEAD')}`, + extract: (url) => { + const path = url.pathname.slice(1) + if (path.includes('/-/') || path.includes('/archive.tar.gz')) { + return + } + + const segments = path.split('/') + let project = segments.pop() + if (project.endsWith('.git')) { + project = project.slice(0, -4) + } + + const user = segments.join('/') + if (!user || !project) { + return + } + + return { user, project, committish: url.hash.slice(1) } + }, +} + +hosts.gist = { + protocols: ['git:', 'git+ssh:', 'git+https:', 'ssh:', 'https:'], + domain: 'gist.github.com', + editpath: 'edit', + sshtemplate: ({ domain, project, committish }) => + `git@${domain}:${project}.git${maybeJoin('#', committish)}`, + sshurltemplate: ({ domain, project, committish }) => + `git+ssh://git@${domain}/${project}.git${maybeJoin('#', committish)}`, + edittemplate: ({ domain, user, project, committish, editpath }) => + `https://${domain}/${user}/${project}${maybeJoin('/', maybeEncode(committish))}/${editpath}`, + browsetemplate: ({ domain, project, committish }) => + `https://${domain}/${project}${maybeJoin('/', maybeEncode(committish))}`, + browsetreetemplate: ({ domain, project, committish, path, hashformat }) => + `https://${domain}/${project}${maybeJoin('/', maybeEncode(committish))}${maybeJoin('#', hashformat(path))}`, + browseblobtemplate: ({ domain, project, committish, path, hashformat }) => + `https://${domain}/${project}${maybeJoin('/', maybeEncode(committish))}${maybeJoin('#', hashformat(path))}`, + docstemplate: ({ domain, project, committish }) => + `https://${domain}/${project}${maybeJoin('/', maybeEncode(committish))}`, + httpstemplate: ({ domain, project, committish }) => + `git+https://${domain}/${project}.git${maybeJoin('#', committish)}`, + filetemplate: ({ user, project, committish, path }) => + `https://gist.githubusercontent.com/${user}/${project}/raw${maybeJoin('/', maybeEncode(committish))}/${path}`, + shortcuttemplate: ({ type, project, committish }) => + `${type}:${project}${maybeJoin('#', committish)}`, + pathtemplate: ({ project, committish }) => + `${project}${maybeJoin('#', committish)}`, + bugstemplate: ({ domain, project }) => + `https://${domain}/${project}`, + gittemplate: ({ domain, project, committish }) => + `git://${domain}/${project}.git${maybeJoin('#', committish)}`, + tarballtemplate: ({ project, committish }) => + `https://codeload.github.com/gist/${project}/tar.gz/${maybeEncode(committish || 'HEAD')}`, + extract: (url) => { + let [, user, project, aux] = url.pathname.split('/', 4) + if (aux === 'raw') { + return + } + + if (!project) { + if (!user) { + return + } + + project = user + user = null + } + + if (project.endsWith('.git')) { + project = project.slice(0, -4) + } + + return { user, project, committish: url.hash.slice(1) } + }, + hashformat: function (fragment) { + return fragment && 'file-' + formatHashFragment(fragment) + }, +} + +hosts.sourcehut = { + protocols: ['git+ssh:', 'https:'], + domain: 'git.sr.ht', + treepath: 'tree', + blobpath: 'tree', + filetemplate: ({ domain, user, project, committish, path }) => + `https://${domain}/${user}/${project}/blob/${maybeEncode(committish) || 'HEAD'}/${path}`, + httpstemplate: ({ domain, user, project, committish }) => + `https://${domain}/${user}/${project}.git${maybeJoin('#', committish)}`, + tarballtemplate: ({ domain, user, project, committish }) => + `https://${domain}/${user}/${project}/archive/${maybeEncode(committish) || 'HEAD'}.tar.gz`, + bugstemplate: () => null, + extract: (url) => { + let [, user, project, aux] = url.pathname.split('/', 4) + + // tarball url + if (['archive'].includes(aux)) { + return + } + + if (project && project.endsWith('.git')) { + project = project.slice(0, -4) + } + + if (!user || !project) { + return + } + + return { user, project, committish: url.hash.slice(1) } + }, +} + +for (const [name, host] of Object.entries(hosts)) { + hosts[name] = Object.assign({}, defaults, host) +} + +module.exports = hosts diff --git a/node_modules/npm-registry-fetch/node_modules/hosted-git-info/lib/index.js b/node_modules/npm-registry-fetch/node_modules/hosted-git-info/lib/index.js new file mode 100644 index 0000000000000..0c9d0b08c866b --- /dev/null +++ b/node_modules/npm-registry-fetch/node_modules/hosted-git-info/lib/index.js @@ -0,0 +1,179 @@ +'use strict' + +const { LRUCache } = require('lru-cache') +const hosts = require('./hosts.js') +const fromUrl = require('./from-url.js') +const parseUrl = require('./parse-url.js') + +const cache = new LRUCache({ max: 1000 }) + +class GitHost { + constructor (type, user, auth, project, committish, defaultRepresentation, opts = {}) { + Object.assign(this, GitHost.#gitHosts[type], { + type, + user, + auth, + project, + committish, + default: defaultRepresentation, + opts, + }) + } + + static #gitHosts = { byShortcut: {}, byDomain: {} } + static #protocols = { + 'git+ssh:': { name: 'sshurl' }, + 'ssh:': { name: 'sshurl' }, + 'git+https:': { name: 'https', auth: true }, + 'git:': { auth: true }, + 'http:': { auth: true }, + 'https:': { auth: true }, + 'git+http:': { auth: true }, + } + + static addHost (name, host) { + GitHost.#gitHosts[name] = host + GitHost.#gitHosts.byDomain[host.domain] = name + GitHost.#gitHosts.byShortcut[`${name}:`] = name + GitHost.#protocols[`${name}:`] = { name } + } + + static fromUrl (giturl, opts) { + if (typeof giturl !== 'string') { + return + } + + const key = giturl + JSON.stringify(opts || {}) + + if (!cache.has(key)) { + const hostArgs = fromUrl(giturl, opts, { + gitHosts: GitHost.#gitHosts, + protocols: GitHost.#protocols, + }) + cache.set(key, hostArgs ? new GitHost(...hostArgs) : undefined) + } + + return cache.get(key) + } + + static parseUrl (url) { + return parseUrl(url) + } + + #fill (template, opts) { + if (typeof template !== 'function') { + return null + } + + const options = { ...this, ...this.opts, ...opts } + + // the path should always be set so we don't end up with 'undefined' in urls + if (!options.path) { + options.path = '' + } + + // template functions will insert the leading slash themselves + if (options.path.startsWith('/')) { + options.path = options.path.slice(1) + } + + if (options.noCommittish) { + options.committish = null + } + + const result = template(options) + return options.noGitPlus && result.startsWith('git+') ? result.slice(4) : result + } + + hash () { + return this.committish ? `#${this.committish}` : '' + } + + ssh (opts) { + return this.#fill(this.sshtemplate, opts) + } + + sshurl (opts) { + return this.#fill(this.sshurltemplate, opts) + } + + browse (path, ...args) { + // not a string, treat path as opts + if (typeof path !== 'string') { + return this.#fill(this.browsetemplate, path) + } + + if (typeof args[0] !== 'string') { + return this.#fill(this.browsetreetemplate, { ...args[0], path }) + } + + return this.#fill(this.browsetreetemplate, { ...args[1], fragment: args[0], path }) + } + + // If the path is known to be a file, then browseFile should be used. For some hosts + // the url is the same as browse, but for others like GitHub a file can use both `/tree/` + // and `/blob/` in the path. When using a default committish of `HEAD` then the `/tree/` + // path will redirect to a specific commit. Using the `/blob/` path avoids this and + // does not redirect to a different commit. + browseFile (path, ...args) { + if (typeof args[0] !== 'string') { + return this.#fill(this.browseblobtemplate, { ...args[0], path }) + } + + return this.#fill(this.browseblobtemplate, { ...args[1], fragment: args[0], path }) + } + + docs (opts) { + return this.#fill(this.docstemplate, opts) + } + + bugs (opts) { + return this.#fill(this.bugstemplate, opts) + } + + https (opts) { + return this.#fill(this.httpstemplate, opts) + } + + git (opts) { + return this.#fill(this.gittemplate, opts) + } + + shortcut (opts) { + return this.#fill(this.shortcuttemplate, opts) + } + + path (opts) { + return this.#fill(this.pathtemplate, opts) + } + + tarball (opts) { + return this.#fill(this.tarballtemplate, { ...opts, noCommittish: false }) + } + + file (path, opts) { + return this.#fill(this.filetemplate, { ...opts, path }) + } + + edit (path, opts) { + return this.#fill(this.edittemplate, { ...opts, path }) + } + + getDefaultRepresentation () { + return this.default + } + + toString (opts) { + if (this.default && typeof this[this.default] === 'function') { + return this[this.default](opts) + } + + return this.sshurl(opts) + } +} + +for (const [name, host] of Object.entries(hosts)) { + GitHost.addHost(name, host) +} + +module.exports = GitHost diff --git a/node_modules/npm-registry-fetch/node_modules/hosted-git-info/lib/parse-url.js b/node_modules/npm-registry-fetch/node_modules/hosted-git-info/lib/parse-url.js new file mode 100644 index 0000000000000..7d5489c008ab4 --- /dev/null +++ b/node_modules/npm-registry-fetch/node_modules/hosted-git-info/lib/parse-url.js @@ -0,0 +1,78 @@ +const url = require('url') + +const lastIndexOfBefore = (str, char, beforeChar) => { + const startPosition = str.indexOf(beforeChar) + return str.lastIndexOf(char, startPosition > -1 ? startPosition : Infinity) +} + +const safeUrl = (u) => { + try { + return new url.URL(u) + } catch { + // this fn should never throw + } +} + +// accepts input like git:github.com:user/repo and inserts the // after the first : +const correctProtocol = (arg, protocols) => { + const firstColon = arg.indexOf(':') + const proto = arg.slice(0, firstColon + 1) + if (Object.prototype.hasOwnProperty.call(protocols, proto)) { + return arg + } + + const firstAt = arg.indexOf('@') + if (firstAt > -1) { + if (firstAt > firstColon) { + return `git+ssh://${arg}` + } else { + return arg + } + } + + const doubleSlash = arg.indexOf('//') + if (doubleSlash === firstColon + 1) { + return arg + } + + return `${arg.slice(0, firstColon + 1)}//${arg.slice(firstColon + 1)}` +} + +// attempt to correct an scp style url so that it will parse with `new URL()` +const correctUrl = (giturl) => { + // ignore @ that come after the first hash since the denotes the start + // of a committish which can contain @ characters + const firstAt = lastIndexOfBefore(giturl, '@', '#') + // ignore colons that come after the hash since that could include colons such as: + // git@github.com:user/package-2#semver:^1.0.0 + const lastColonBeforeHash = lastIndexOfBefore(giturl, ':', '#') + + if (lastColonBeforeHash > firstAt) { + // the last : comes after the first @ (or there is no @) + // like it would in: + // proto://hostname.com:user/repo + // username@hostname.com:user/repo + // :password@hostname.com:user/repo + // username:password@hostname.com:user/repo + // proto://username@hostname.com:user/repo + // proto://:password@hostname.com:user/repo + // proto://username:password@hostname.com:user/repo + // then we replace the last : with a / to create a valid path + giturl = giturl.slice(0, lastColonBeforeHash) + '/' + giturl.slice(lastColonBeforeHash + 1) + } + + if (lastIndexOfBefore(giturl, ':', '#') === -1 && giturl.indexOf('//') === -1) { + // we have no : at all + // as it would be in: + // username@hostname.com/user/repo + // then we prepend a protocol + giturl = `git+ssh://${giturl}` + } + + return giturl +} + +module.exports = (giturl, protocols) => { + const withProtocol = protocols ? correctProtocol(giturl, protocols) : giturl + return safeUrl(withProtocol) || safeUrl(correctUrl(withProtocol)) +} diff --git a/node_modules/npm-registry-fetch/node_modules/hosted-git-info/package.json b/node_modules/npm-registry-fetch/node_modules/hosted-git-info/package.json new file mode 100644 index 0000000000000..d7eebd474f625 --- /dev/null +++ b/node_modules/npm-registry-fetch/node_modules/hosted-git-info/package.json @@ -0,0 +1,60 @@ +{ + "name": "hosted-git-info", + "version": "7.0.2", + "description": "Provides metadata and conversions from repository urls for GitHub, Bitbucket and GitLab", + "main": "./lib/index.js", + "repository": { + "type": "git", + "url": "git+https://github.com/npm/hosted-git-info.git" + }, + "keywords": [ + "git", + "github", + "bitbucket", + "gitlab" + ], + "author": "GitHub Inc.", + "license": "ISC", + "bugs": { + "url": "https://github.com/npm/hosted-git-info/issues" + }, + "homepage": "https://github.com/npm/hosted-git-info", + "scripts": { + "posttest": "npm run lint", + "snap": "tap", + "test": "tap", + "test:coverage": "tap --coverage-report=html", + "lint": "eslint \"**/*.{js,cjs,ts,mjs,jsx,tsx}\"", + "postlint": "template-oss-check", + "lintfix": "npm run lint -- --fix", + "template-oss-apply": "template-oss-apply --force" + }, + "dependencies": { + "lru-cache": "^10.0.1" + }, + "devDependencies": { + "@npmcli/eslint-config": "^4.0.0", + "@npmcli/template-oss": "4.22.0", + "tap": "^16.0.1" + }, + "files": [ + "bin/", + "lib/" + ], + "engines": { + "node": "^16.14.0 || >=18.0.0" + }, + "tap": { + "color": 1, + "coverage": true, + "nyc-arg": [ + "--exclude", + "tap-snapshots/**" + ] + }, + "templateOSS": { + "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.", + "version": "4.22.0", + "publish": "true" + } +} diff --git a/node_modules/init-package-json/node_modules/npm-package-arg/LICENSE b/node_modules/npm-registry-fetch/node_modules/npm-package-arg/LICENSE similarity index 100% rename from node_modules/init-package-json/node_modules/npm-package-arg/LICENSE rename to node_modules/npm-registry-fetch/node_modules/npm-package-arg/LICENSE diff --git a/node_modules/init-package-json/node_modules/npm-package-arg/lib/npa.js b/node_modules/npm-registry-fetch/node_modules/npm-package-arg/lib/npa.js similarity index 100% rename from node_modules/init-package-json/node_modules/npm-package-arg/lib/npa.js rename to node_modules/npm-registry-fetch/node_modules/npm-package-arg/lib/npa.js diff --git a/node_modules/init-package-json/node_modules/npm-package-arg/package.json b/node_modules/npm-registry-fetch/node_modules/npm-package-arg/package.json similarity index 82% rename from node_modules/init-package-json/node_modules/npm-package-arg/package.json rename to node_modules/npm-registry-fetch/node_modules/npm-package-arg/package.json index 80baa3d32a52f..d3f6fd7cf0a05 100644 --- a/node_modules/init-package-json/node_modules/npm-package-arg/package.json +++ b/node_modules/npm-registry-fetch/node_modules/npm-package-arg/package.json @@ -1,6 +1,6 @@ { "name": "npm-package-arg", - "version": "12.0.0", + "version": "11.0.3", "description": "Parse the things that can be arguments to `npm install`", "main": "./lib/npa.js", "directories": { @@ -11,14 +11,14 @@ "lib/" ], "dependencies": { - "hosted-git-info": "^8.0.0", - "proc-log": "^5.0.0", + "hosted-git-info": "^7.0.0", + "proc-log": "^4.0.0", "semver": "^7.3.5", - "validate-npm-package-name": "^6.0.0" + "validate-npm-package-name": "^5.0.0" }, "devDependencies": { - "@npmcli/eslint-config": "^5.0.0", - "@npmcli/template-oss": "4.23.3", + "@npmcli/eslint-config": "^4.0.0", + "@npmcli/template-oss": "4.23.1", "tap": "^16.0.1" }, "scripts": { @@ -44,7 +44,7 @@ }, "homepage": "https://github.com/npm/npm-package-arg", "engines": { - "node": "^18.17.0 || >=20.5.0" + "node": "^16.14.0 || >=18.0.0" }, "tap": { "branches": 97, @@ -55,7 +55,7 @@ }, "templateOSS": { "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.", - "version": "4.23.3", + "version": "4.23.1", "publish": true } } diff --git a/node_modules/pacote/node_modules/npm-package-arg/LICENSE b/node_modules/pacote/node_modules/npm-package-arg/LICENSE new file mode 100644 index 0000000000000..19cec97b18468 --- /dev/null +++ b/node_modules/pacote/node_modules/npm-package-arg/LICENSE @@ -0,0 +1,15 @@ +The ISC License + +Copyright (c) npm, Inc. + +Permission to use, copy, modify, and/or distribute this software for any +purpose with or without fee is hereby granted, provided that the above +copyright notice and this permission notice appear in all copies. + +THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR +IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. diff --git a/node_modules/pacote/node_modules/npm-package-arg/lib/npa.js b/node_modules/pacote/node_modules/npm-package-arg/lib/npa.js new file mode 100644 index 0000000000000..8094b3e732cd9 --- /dev/null +++ b/node_modules/pacote/node_modules/npm-package-arg/lib/npa.js @@ -0,0 +1,415 @@ +'use strict' +module.exports = npa +module.exports.resolve = resolve +module.exports.toPurl = toPurl +module.exports.Result = Result + +const { URL } = require('url') +const HostedGit = require('hosted-git-info') +const semver = require('semver') +const path = global.FAKE_WINDOWS ? require('path').win32 : require('path') +const validatePackageName = require('validate-npm-package-name') +const { homedir } = require('os') +const { log } = require('proc-log') + +const isWindows = process.platform === 'win32' || global.FAKE_WINDOWS +const hasSlashes = isWindows ? /\\|[/]/ : /[/]/ +const isURL = /^(?:git[+])?[a-z]+:/i +const isGit = /^[^@]+@[^:.]+\.[^:]+:.+$/i +const isFilename = /[.](?:tgz|tar.gz|tar)$/i + +function npa (arg, where) { + let name + let spec + if (typeof arg === 'object') { + if (arg instanceof Result && (!where || where === arg.where)) { + return arg + } else if (arg.name && arg.rawSpec) { + return npa.resolve(arg.name, arg.rawSpec, where || arg.where) + } else { + return npa(arg.raw, where || arg.where) + } + } + const nameEndsAt = arg[0] === '@' ? arg.slice(1).indexOf('@') + 1 : arg.indexOf('@') + const namePart = nameEndsAt > 0 ? arg.slice(0, nameEndsAt) : arg + if (isURL.test(arg)) { + spec = arg + } else if (isGit.test(arg)) { + spec = `git+ssh://${arg}` + } else if (namePart[0] !== '@' && (hasSlashes.test(namePart) || isFilename.test(namePart))) { + spec = arg + } else if (nameEndsAt > 0) { + name = namePart + spec = arg.slice(nameEndsAt + 1) || '*' + } else { + const valid = validatePackageName(arg) + if (valid.validForOldPackages) { + name = arg + spec = '*' + } else { + spec = arg + } + } + return resolve(name, spec, where, arg) +} + +const isFilespec = isWindows ? /^(?:[.]|~[/]|[/\\]|[a-zA-Z]:)/ : /^(?:[.]|~[/]|[/]|[a-zA-Z]:)/ + +function resolve (name, spec, where, arg) { + const res = new Result({ + raw: arg, + name: name, + rawSpec: spec, + fromArgument: arg != null, + }) + + if (name) { + res.setName(name) + } + + if (spec && (isFilespec.test(spec) || /^file:/i.test(spec))) { + return fromFile(res, where) + } else if (spec && /^npm:/i.test(spec)) { + return fromAlias(res, where) + } + + const hosted = HostedGit.fromUrl(spec, { + noGitPlus: true, + noCommittish: true, + }) + if (hosted) { + return fromHostedGit(res, hosted) + } else if (spec && isURL.test(spec)) { + return fromURL(res) + } else if (spec && (hasSlashes.test(spec) || isFilename.test(spec))) { + return fromFile(res, where) + } else { + return fromRegistry(res) + } +} + +const defaultRegistry = 'https://registry.npmjs.org' + +function toPurl (arg, reg = defaultRegistry) { + const res = npa(arg) + + if (res.type !== 'version') { + throw invalidPurlType(res.type, res.raw) + } + + // URI-encode leading @ of scoped packages + let purl = 'pkg:npm/' + res.name.replace(/^@/, '%40') + '@' + res.rawSpec + if (reg !== defaultRegistry) { + purl += '?repository_url=' + reg + } + + return purl +} + +function invalidPackageName (name, valid, raw) { + // eslint-disable-next-line max-len + const err = new Error(`Invalid package name "${name}" of package "${raw}": ${valid.errors.join('; ')}.`) + err.code = 'EINVALIDPACKAGENAME' + return err +} + +function invalidTagName (name, raw) { + // eslint-disable-next-line max-len + const err = new Error(`Invalid tag name "${name}" of package "${raw}": Tags may not have any characters that encodeURIComponent encodes.`) + err.code = 'EINVALIDTAGNAME' + return err +} + +function invalidPurlType (type, raw) { + // eslint-disable-next-line max-len + const err = new Error(`Invalid type "${type}" of package "${raw}": Purl can only be generated for "version" types.`) + err.code = 'EINVALIDPURLTYPE' + return err +} + +function Result (opts) { + this.type = opts.type + this.registry = opts.registry + this.where = opts.where + if (opts.raw == null) { + this.raw = opts.name ? opts.name + '@' + opts.rawSpec : opts.rawSpec + } else { + this.raw = opts.raw + } + + this.name = undefined + this.escapedName = undefined + this.scope = undefined + this.rawSpec = opts.rawSpec || '' + this.saveSpec = opts.saveSpec + this.fetchSpec = opts.fetchSpec + if (opts.name) { + this.setName(opts.name) + } + this.gitRange = opts.gitRange + this.gitCommittish = opts.gitCommittish + this.gitSubdir = opts.gitSubdir + this.hosted = opts.hosted +} + +Result.prototype.setName = function (name) { + const valid = validatePackageName(name) + if (!valid.validForOldPackages) { + throw invalidPackageName(name, valid, this.raw) + } + + this.name = name + this.scope = name[0] === '@' ? name.slice(0, name.indexOf('/')) : undefined + // scoped packages in couch must have slash url-encoded, e.g. @foo%2Fbar + this.escapedName = name.replace('/', '%2f') + return this +} + +Result.prototype.toString = function () { + const full = [] + if (this.name != null && this.name !== '') { + full.push(this.name) + } + const spec = this.saveSpec || this.fetchSpec || this.rawSpec + if (spec != null && spec !== '') { + full.push(spec) + } + return full.length ? full.join('@') : this.raw +} + +Result.prototype.toJSON = function () { + const result = Object.assign({}, this) + delete result.hosted + return result +} + +// sets res.gitCommittish, res.gitRange, and res.gitSubdir +function setGitAttrs (res, committish) { + if (!committish) { + res.gitCommittish = null + return + } + + // for each :: separated item: + for (const part of committish.split('::')) { + // if the item has no : the n it is a commit-ish + if (!part.includes(':')) { + if (res.gitRange) { + throw new Error('cannot override existing semver range with a committish') + } + if (res.gitCommittish) { + throw new Error('cannot override existing committish with a second committish') + } + res.gitCommittish = part + continue + } + // split on name:value + const [name, value] = part.split(':') + // if name is semver do semver lookup of ref or tag + if (name === 'semver') { + if (res.gitCommittish) { + throw new Error('cannot override existing committish with a semver range') + } + if (res.gitRange) { + throw new Error('cannot override existing semver range with a second semver range') + } + res.gitRange = decodeURIComponent(value) + continue + } + if (name === 'path') { + if (res.gitSubdir) { + throw new Error('cannot override existing path with a second path') + } + res.gitSubdir = `/${value}` + continue + } + log.warn('npm-package-arg', `ignoring unknown key "${name}"`) + } +} + +function fromFile (res, where) { + if (!where) { + where = process.cwd() + } + res.type = isFilename.test(res.rawSpec) ? 'file' : 'directory' + res.where = where + + // always put the '/' on where when resolving urls, or else + // file:foo from /path/to/bar goes to /path/to/foo, when we want + // it to be /path/to/bar/foo + + let specUrl + let resolvedUrl + const prefix = (!/^file:/.test(res.rawSpec) ? 'file:' : '') + const rawWithPrefix = prefix + res.rawSpec + let rawNoPrefix = rawWithPrefix.replace(/^file:/, '') + try { + resolvedUrl = new URL(rawWithPrefix, `file://${path.resolve(where)}/`) + specUrl = new URL(rawWithPrefix) + } catch (originalError) { + const er = new Error('Invalid file: URL, must comply with RFC 8089') + throw Object.assign(er, { + raw: res.rawSpec, + spec: res, + where, + originalError, + }) + } + + // XXX backwards compatibility lack of compliance with RFC 8089 + if (resolvedUrl.host && resolvedUrl.host !== 'localhost') { + const rawSpec = res.rawSpec.replace(/^file:\/\//, 'file:///') + resolvedUrl = new URL(rawSpec, `file://${path.resolve(where)}/`) + specUrl = new URL(rawSpec) + rawNoPrefix = rawSpec.replace(/^file:/, '') + } + // turn file:/../foo into file:../foo + // for 1, 2 or 3 leading slashes since we attempted + // in the previous step to make it a file protocol url with a leading slash + if (/^\/{1,3}\.\.?(\/|$)/.test(rawNoPrefix)) { + const rawSpec = res.rawSpec.replace(/^file:\/{1,3}/, 'file:') + resolvedUrl = new URL(rawSpec, `file://${path.resolve(where)}/`) + specUrl = new URL(rawSpec) + rawNoPrefix = rawSpec.replace(/^file:/, '') + } + // XXX end RFC 8089 violation backwards compatibility section + + // turn /C:/blah into just C:/blah on windows + let specPath = decodeURIComponent(specUrl.pathname) + let resolvedPath = decodeURIComponent(resolvedUrl.pathname) + if (isWindows) { + specPath = specPath.replace(/^\/+([a-z]:\/)/i, '$1') + resolvedPath = resolvedPath.replace(/^\/+([a-z]:\/)/i, '$1') + } + + // replace ~ with homedir, but keep the ~ in the saveSpec + // otherwise, make it relative to where param + if (/^\/~(\/|$)/.test(specPath)) { + res.saveSpec = `file:${specPath.substr(1)}` + resolvedPath = path.resolve(homedir(), specPath.substr(3)) + } else if (!path.isAbsolute(rawNoPrefix)) { + res.saveSpec = `file:${path.relative(where, resolvedPath)}` + } else { + res.saveSpec = `file:${path.resolve(resolvedPath)}` + } + + res.fetchSpec = path.resolve(where, resolvedPath) + return res +} + +function fromHostedGit (res, hosted) { + res.type = 'git' + res.hosted = hosted + res.saveSpec = hosted.toString({ noGitPlus: false, noCommittish: false }) + res.fetchSpec = hosted.getDefaultRepresentation() === 'shortcut' ? null : hosted.toString() + setGitAttrs(res, hosted.committish) + return res +} + +function unsupportedURLType (protocol, spec) { + const err = new Error(`Unsupported URL Type "${protocol}": ${spec}`) + err.code = 'EUNSUPPORTEDPROTOCOL' + return err +} + +function fromURL (res) { + let rawSpec = res.rawSpec + res.saveSpec = rawSpec + if (rawSpec.startsWith('git+ssh:')) { + // git ssh specifiers are overloaded to also use scp-style git + // specifiers, so we have to parse those out and treat them special. + // They are NOT true URIs, so we can't hand them to URL. + + // This regex looks for things that look like: + // git+ssh://git@my.custom.git.com:username/project.git#deadbeef + // ...and various combinations. The username in the beginning is *required*. + const matched = rawSpec.match(/^git\+ssh:\/\/([^:#]+:[^#]+(?:\.git)?)(?:#(.*))?$/i) + if (matched && !matched[1].match(/:[0-9]+\/?.*$/i)) { + res.type = 'git' + setGitAttrs(res, matched[2]) + res.fetchSpec = matched[1] + return res + } + } else if (rawSpec.startsWith('git+file://')) { + // URL can't handle windows paths + rawSpec = rawSpec.replace(/\\/g, '/') + } + const parsedUrl = new URL(rawSpec) + // check the protocol, and then see if it's git or not + switch (parsedUrl.protocol) { + case 'git:': + case 'git+http:': + case 'git+https:': + case 'git+rsync:': + case 'git+ftp:': + case 'git+file:': + case 'git+ssh:': + res.type = 'git' + setGitAttrs(res, parsedUrl.hash.slice(1)) + if (parsedUrl.protocol === 'git+file:' && /^git\+file:\/\/[a-z]:/i.test(rawSpec)) { + // URL can't handle drive letters on windows file paths, the host can't contain a : + res.fetchSpec = `git+file://${parsedUrl.host.toLowerCase()}:${parsedUrl.pathname}` + } else { + parsedUrl.hash = '' + res.fetchSpec = parsedUrl.toString() + } + if (res.fetchSpec.startsWith('git+')) { + res.fetchSpec = res.fetchSpec.slice(4) + } + break + case 'http:': + case 'https:': + res.type = 'remote' + res.fetchSpec = res.saveSpec + break + + default: + throw unsupportedURLType(parsedUrl.protocol, rawSpec) + } + + return res +} + +function fromAlias (res, where) { + const subSpec = npa(res.rawSpec.substr(4), where) + if (subSpec.type === 'alias') { + throw new Error('nested aliases not supported') + } + + if (!subSpec.registry) { + throw new Error('aliases only work for registry deps') + } + + if (!subSpec.name) { + throw new Error('aliases must have a name') + } + + res.subSpec = subSpec + res.registry = true + res.type = 'alias' + res.saveSpec = null + res.fetchSpec = null + return res +} + +function fromRegistry (res) { + res.registry = true + const spec = res.rawSpec.trim() + // no save spec for registry components as we save based on the fetched + // version, not on the argument so this can't compute that. + res.saveSpec = null + res.fetchSpec = spec + const version = semver.valid(spec, true) + const range = semver.validRange(spec, true) + if (version) { + res.type = 'version' + } else if (range) { + res.type = 'range' + } else { + if (encodeURIComponent(spec) !== spec) { + throw invalidTagName(spec, res.raw) + } + res.type = 'tag' + } + return res +} diff --git a/node_modules/pacote/node_modules/npm-package-arg/package.json b/node_modules/pacote/node_modules/npm-package-arg/package.json new file mode 100644 index 0000000000000..d3f6fd7cf0a05 --- /dev/null +++ b/node_modules/pacote/node_modules/npm-package-arg/package.json @@ -0,0 +1,61 @@ +{ + "name": "npm-package-arg", + "version": "11.0.3", + "description": "Parse the things that can be arguments to `npm install`", + "main": "./lib/npa.js", + "directories": { + "test": "test" + }, + "files": [ + "bin/", + "lib/" + ], + "dependencies": { + "hosted-git-info": "^7.0.0", + "proc-log": "^4.0.0", + "semver": "^7.3.5", + "validate-npm-package-name": "^5.0.0" + }, + "devDependencies": { + "@npmcli/eslint-config": "^4.0.0", + "@npmcli/template-oss": "4.23.1", + "tap": "^16.0.1" + }, + "scripts": { + "test": "tap", + "snap": "tap", + "npmclilint": "npmcli-lint", + "lint": "npm run eslint", + "lintfix": "npm run eslint -- --fix", + "posttest": "npm run lint", + "postsnap": "npm run lintfix --", + "postlint": "template-oss-check", + "template-oss-apply": "template-oss-apply --force", + "eslint": "eslint \"**/*.{js,cjs,ts,mjs,jsx,tsx}\"" + }, + "repository": { + "type": "git", + "url": "git+https://github.com/npm/npm-package-arg.git" + }, + "author": "GitHub Inc.", + "license": "ISC", + "bugs": { + "url": "https://github.com/npm/npm-package-arg/issues" + }, + "homepage": "https://github.com/npm/npm-package-arg", + "engines": { + "node": "^16.14.0 || >=18.0.0" + }, + "tap": { + "branches": 97, + "nyc-arg": [ + "--exclude", + "tap-snapshots/**" + ] + }, + "templateOSS": { + "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.", + "version": "4.23.1", + "publish": true + } +} diff --git a/package-lock.json b/package-lock.json index 64422e8abe332..e964e0b9eb0ef 100644 --- a/package-lock.json +++ b/package-lock.json @@ -132,7 +132,7 @@ "normalize-package-data": "^7.0.0", "npm-audit-report": "^6.0.0", "npm-install-checks": "^7.1.0", - "npm-package-arg": "^11.0.3", + "npm-package-arg": "^12.0.0", "npm-pick-manifest": "^9.1.0", "npm-profile": "^10.0.0", "npm-registry-fetch": "^17.1.0", @@ -233,7 +233,7 @@ "@npmcli/template-oss": "4.23.3", "json-stringify-safe": "^5.0.1", "nock": "^13.3.3", - "npm-package-arg": "^11.0.2", + "npm-package-arg": "^12.0.0", "pacote": "^18.0.6", "tap": "^16.3.8" }, @@ -1842,22 +1842,6 @@ "node": "^18.17.0 || >=20.5.0" } }, - "node_modules/@npmcli/package-json/node_modules/npm-package-arg": { - "version": "12.0.0", - "resolved": "https://registry.npmjs.org/npm-package-arg/-/npm-package-arg-12.0.0.tgz", - "integrity": "sha512-ZTE0hbwSdTNL+Stx2zxSqdu2KZfNDcrtrLdIk7XGnQFYBWYDho/ORvXtn5XEePcL3tFpGjHCV3X3xrtDh7eZ+A==", - "inBundle": true, - "license": "ISC", - "dependencies": { - "hosted-git-info": "^8.0.0", - "proc-log": "^5.0.0", - "semver": "^7.3.5", - "validate-npm-package-name": "^6.0.0" - }, - "engines": { - "node": "^18.17.0 || >=20.5.0" - } - }, "node_modules/@npmcli/package-json/node_modules/npm-pick-manifest": { "version": "10.0.0", "resolved": "https://registry.npmjs.org/npm-pick-manifest/-/npm-pick-manifest-10.0.0.tgz", @@ -1884,16 +1868,6 @@ "node": "^18.17.0 || >=20.5.0" } }, - "node_modules/@npmcli/package-json/node_modules/validate-npm-package-name": { - "version": "6.0.0", - "resolved": "https://registry.npmjs.org/validate-npm-package-name/-/validate-npm-package-name-6.0.0.tgz", - "integrity": "sha512-d7KLgL1LD3U3fgnvWEY1cQXoO/q6EQ1BSz48Sa149V/5zVTAbgmZIpyI8TRi6U9/JNyeYLlTKsEMPtLC27RFUg==", - "inBundle": true, - "license": "ISC", - "engines": { - "node": "^18.17.0 || >=20.5.0" - } - }, "node_modules/@npmcli/package-json/node_modules/which": { "version": "5.0.0", "resolved": "https://registry.npmjs.org/which/-/which-5.0.0.tgz", @@ -2171,6 +2145,22 @@ "node": "^16.14.0 || >=18.0.0" } }, + "node_modules/@npmcli/template-oss/node_modules/npm-package-arg": { + "version": "11.0.3", + "resolved": "https://registry.npmjs.org/npm-package-arg/-/npm-package-arg-11.0.3.tgz", + "integrity": "sha512-sHGJy8sOC1YraBywpzQlIKBE4pBbGbiF95U6Auspzyem956E0+FtDtsx1ZxlOJkQCZ1AFXAY/yuvtFYrOxF+Bw==", + "dev": true, + "license": "ISC", + "dependencies": { + "hosted-git-info": "^7.0.0", + "proc-log": "^4.0.0", + "semver": "^7.3.5", + "validate-npm-package-name": "^5.0.0" + }, + "engines": { + "node": "^16.14.0 || >=18.0.0" + } + }, "node_modules/@octokit/auth-token": { "version": "3.0.4", "resolved": "https://registry.npmjs.org/@octokit/auth-token/-/auth-token-3.0.4.tgz", @@ -7155,32 +7145,6 @@ "node": "^18.17.0 || >=20.5.0" } }, - "node_modules/init-package-json/node_modules/npm-package-arg": { - "version": "12.0.0", - "resolved": "https://registry.npmjs.org/npm-package-arg/-/npm-package-arg-12.0.0.tgz", - "integrity": "sha512-ZTE0hbwSdTNL+Stx2zxSqdu2KZfNDcrtrLdIk7XGnQFYBWYDho/ORvXtn5XEePcL3tFpGjHCV3X3xrtDh7eZ+A==", - "inBundle": true, - "license": "ISC", - "dependencies": { - "hosted-git-info": "^8.0.0", - "proc-log": "^5.0.0", - "semver": "^7.3.5", - "validate-npm-package-name": "^6.0.0" - }, - "engines": { - "node": "^18.17.0 || >=20.5.0" - } - }, - "node_modules/init-package-json/node_modules/proc-log": { - "version": "5.0.0", - "resolved": "https://registry.npmjs.org/proc-log/-/proc-log-5.0.0.tgz", - "integrity": "sha512-Azwzvl90HaF0aCz1JrDdXQykFakSSNPaPoiZ9fm5qJIMHioDZEi7OAdRwSm6rSoPtY3Qutnm3L7ogmg3dc+wbQ==", - "inBundle": true, - "license": "ISC", - "engines": { - "node": "^18.17.0 || >=20.5.0" - } - }, "node_modules/init-package-json/node_modules/read": { "version": "4.0.0", "resolved": "https://registry.npmjs.org/read/-/read-4.0.0.tgz", @@ -10281,32 +10245,39 @@ } }, "node_modules/npm-package-arg": { - "version": "11.0.3", - "resolved": "https://registry.npmjs.org/npm-package-arg/-/npm-package-arg-11.0.3.tgz", - "integrity": "sha512-sHGJy8sOC1YraBywpzQlIKBE4pBbGbiF95U6Auspzyem956E0+FtDtsx1ZxlOJkQCZ1AFXAY/yuvtFYrOxF+Bw==", + "version": "12.0.0", + "resolved": "https://registry.npmjs.org/npm-package-arg/-/npm-package-arg-12.0.0.tgz", + "integrity": "sha512-ZTE0hbwSdTNL+Stx2zxSqdu2KZfNDcrtrLdIk7XGnQFYBWYDho/ORvXtn5XEePcL3tFpGjHCV3X3xrtDh7eZ+A==", "inBundle": true, "license": "ISC", "dependencies": { - "hosted-git-info": "^7.0.0", - "proc-log": "^4.0.0", + "hosted-git-info": "^8.0.0", + "proc-log": "^5.0.0", "semver": "^7.3.5", - "validate-npm-package-name": "^5.0.0" + "validate-npm-package-name": "^6.0.0" }, "engines": { - "node": "^16.14.0 || >=18.0.0" + "node": "^18.17.0 || >=20.5.0" } }, - "node_modules/npm-package-arg/node_modules/hosted-git-info": { - "version": "7.0.2", - "resolved": "https://registry.npmjs.org/hosted-git-info/-/hosted-git-info-7.0.2.tgz", - "integrity": "sha512-puUZAUKT5m8Zzvs72XWy3HtvVbTWljRE66cP60bxJzAqf2DgICo7lYTY2IHUmLnNpjYvw5bvmoHvPc0QO2a62w==", + "node_modules/npm-package-arg/node_modules/proc-log": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/proc-log/-/proc-log-5.0.0.tgz", + "integrity": "sha512-Azwzvl90HaF0aCz1JrDdXQykFakSSNPaPoiZ9fm5qJIMHioDZEi7OAdRwSm6rSoPtY3Qutnm3L7ogmg3dc+wbQ==", "inBundle": true, "license": "ISC", - "dependencies": { - "lru-cache": "^10.0.1" - }, "engines": { - "node": "^16.14.0 || >=18.0.0" + "node": "^18.17.0 || >=20.5.0" + } + }, + "node_modules/npm-package-arg/node_modules/validate-npm-package-name": { + "version": "6.0.0", + "resolved": "https://registry.npmjs.org/validate-npm-package-name/-/validate-npm-package-name-6.0.0.tgz", + "integrity": "sha512-d7KLgL1LD3U3fgnvWEY1cQXoO/q6EQ1BSz48Sa149V/5zVTAbgmZIpyI8TRi6U9/JNyeYLlTKsEMPtLC27RFUg==", + "inBundle": true, + "license": "ISC", + "engines": { + "node": "^18.17.0 || >=20.5.0" } }, "node_modules/npm-packlist": { @@ -10338,6 +10309,19 @@ "node": "^16.14.0 || >=18.0.0" } }, + "node_modules/npm-pick-manifest/node_modules/hosted-git-info": { + "version": "7.0.2", + "resolved": "https://registry.npmjs.org/hosted-git-info/-/hosted-git-info-7.0.2.tgz", + "integrity": "sha512-puUZAUKT5m8Zzvs72XWy3HtvVbTWljRE66cP60bxJzAqf2DgICo7lYTY2IHUmLnNpjYvw5bvmoHvPc0QO2a62w==", + "inBundle": true, + "license": "ISC", + "dependencies": { + "lru-cache": "^10.0.1" + }, + "engines": { + "node": "^16.14.0 || >=18.0.0" + } + }, "node_modules/npm-pick-manifest/node_modules/npm-install-checks": { "version": "6.3.0", "resolved": "https://registry.npmjs.org/npm-install-checks/-/npm-install-checks-6.3.0.tgz", @@ -10351,6 +10335,22 @@ "node": "^14.17.0 || ^16.13.0 || >=18.0.0" } }, + "node_modules/npm-pick-manifest/node_modules/npm-package-arg": { + "version": "11.0.3", + "resolved": "https://registry.npmjs.org/npm-package-arg/-/npm-package-arg-11.0.3.tgz", + "integrity": "sha512-sHGJy8sOC1YraBywpzQlIKBE4pBbGbiF95U6Auspzyem956E0+FtDtsx1ZxlOJkQCZ1AFXAY/yuvtFYrOxF+Bw==", + "inBundle": true, + "license": "ISC", + "dependencies": { + "hosted-git-info": "^7.0.0", + "proc-log": "^4.0.0", + "semver": "^7.3.5", + "validate-npm-package-name": "^5.0.0" + }, + "engines": { + "node": "^16.14.0 || >=18.0.0" + } + }, "node_modules/npm-profile": { "version": "10.0.0", "resolved": "https://registry.npmjs.org/npm-profile/-/npm-profile-10.0.0.tgz", @@ -10449,6 +10449,19 @@ "node": "^16.14.0 || >=18.0.0" } }, + "node_modules/npm-registry-fetch/node_modules/hosted-git-info": { + "version": "7.0.2", + "resolved": "https://registry.npmjs.org/hosted-git-info/-/hosted-git-info-7.0.2.tgz", + "integrity": "sha512-puUZAUKT5m8Zzvs72XWy3HtvVbTWljRE66cP60bxJzAqf2DgICo7lYTY2IHUmLnNpjYvw5bvmoHvPc0QO2a62w==", + "inBundle": true, + "license": "ISC", + "dependencies": { + "lru-cache": "^10.0.1" + }, + "engines": { + "node": "^16.14.0 || >=18.0.0" + } + }, "node_modules/npm-registry-fetch/node_modules/make-fetch-happen": { "version": "13.0.1", "resolved": "https://registry.npmjs.org/make-fetch-happen/-/make-fetch-happen-13.0.1.tgz", @@ -10473,6 +10486,22 @@ "node": "^16.14.0 || >=18.0.0" } }, + "node_modules/npm-registry-fetch/node_modules/npm-package-arg": { + "version": "11.0.3", + "resolved": "https://registry.npmjs.org/npm-package-arg/-/npm-package-arg-11.0.3.tgz", + "integrity": "sha512-sHGJy8sOC1YraBywpzQlIKBE4pBbGbiF95U6Auspzyem956E0+FtDtsx1ZxlOJkQCZ1AFXAY/yuvtFYrOxF+Bw==", + "inBundle": true, + "license": "ISC", + "dependencies": { + "hosted-git-info": "^7.0.0", + "proc-log": "^4.0.0", + "semver": "^7.3.5", + "validate-npm-package-name": "^5.0.0" + }, + "engines": { + "node": "^16.14.0 || >=18.0.0" + } + }, "node_modules/npm-registry-fetch/node_modules/unique-filename": { "version": "3.0.0", "resolved": "https://registry.npmjs.org/unique-filename/-/unique-filename-3.0.0.tgz", @@ -11260,6 +11289,22 @@ "node": "^16.14.0 || >=18.0.0" } }, + "node_modules/pacote/node_modules/npm-package-arg": { + "version": "11.0.3", + "resolved": "https://registry.npmjs.org/npm-package-arg/-/npm-package-arg-11.0.3.tgz", + "integrity": "sha512-sHGJy8sOC1YraBywpzQlIKBE4pBbGbiF95U6Auspzyem956E0+FtDtsx1ZxlOJkQCZ1AFXAY/yuvtFYrOxF+Bw==", + "inBundle": true, + "license": "ISC", + "dependencies": { + "hosted-git-info": "^7.0.0", + "proc-log": "^4.0.0", + "semver": "^7.3.5", + "validate-npm-package-name": "^5.0.0" + }, + "engines": { + "node": "^16.14.0 || >=18.0.0" + } + }, "node_modules/pacote/node_modules/unique-filename": { "version": "3.0.0", "resolved": "https://registry.npmjs.org/unique-filename/-/unique-filename-3.0.0.tgz", @@ -17042,7 +17087,7 @@ "minimatch": "^9.0.4", "nopt": "^8.0.0", "npm-install-checks": "^7.1.0", - "npm-package-arg": "^11.0.2", + "npm-package-arg": "^12.0.0", "npm-pick-manifest": "^9.0.1", "npm-registry-fetch": "^17.0.1", "pacote": "^18.0.6", @@ -17102,7 +17147,7 @@ "version": "8.0.6", "license": "ISC", "dependencies": { - "npm-package-arg": "^11.0.2", + "npm-package-arg": "^12.0.0", "npm-registry-fetch": "^17.0.1" }, "devDependencies": { @@ -17125,7 +17170,7 @@ "binary-extensions": "^2.3.0", "diff": "^5.1.0", "minimatch": "^9.0.4", - "npm-package-arg": "^11.0.2", + "npm-package-arg": "^12.0.0", "pacote": "^18.0.6", "tar": "^6.2.1" }, @@ -17145,7 +17190,7 @@ "@npmcli/arborist": "^7.5.4", "@npmcli/run-script": "^9.0.1", "ci-info": "^4.0.0", - "npm-package-arg": "^11.0.2", + "npm-package-arg": "^12.0.0", "pacote": "^18.0.6", "proc-log": "^4.2.0", "read": "^3.0.1", @@ -17223,7 +17268,7 @@ "dependencies": { "@npmcli/arborist": "^7.5.4", "@npmcli/run-script": "^9.0.1", - "npm-package-arg": "^11.0.2", + "npm-package-arg": "^12.0.0", "pacote": "^18.0.6" }, "devDependencies": { @@ -17243,7 +17288,7 @@ "dependencies": { "ci-info": "^4.0.0", "normalize-package-data": "^7.0.0", - "npm-package-arg": "^11.0.2", + "npm-package-arg": "^12.0.0", "npm-registry-fetch": "^17.0.1", "proc-log": "^4.2.0", "semver": "^7.3.7", diff --git a/package.json b/package.json index a9fb0a178572d..535076bb1e1df 100644 --- a/package.json +++ b/package.json @@ -97,7 +97,7 @@ "normalize-package-data": "^7.0.0", "npm-audit-report": "^6.0.0", "npm-install-checks": "^7.1.0", - "npm-package-arg": "^11.0.3", + "npm-package-arg": "^12.0.0", "npm-pick-manifest": "^9.1.0", "npm-profile": "^10.0.0", "npm-registry-fetch": "^17.1.0", diff --git a/workspaces/arborist/package.json b/workspaces/arborist/package.json index b285ef8b1533b..7b11e3a6c777c 100644 --- a/workspaces/arborist/package.json +++ b/workspaces/arborist/package.json @@ -24,7 +24,7 @@ "minimatch": "^9.0.4", "nopt": "^8.0.0", "npm-install-checks": "^7.1.0", - "npm-package-arg": "^11.0.2", + "npm-package-arg": "^12.0.0", "npm-pick-manifest": "^9.0.1", "npm-registry-fetch": "^17.0.1", "pacote": "^18.0.6", diff --git a/workspaces/libnpmaccess/package.json b/workspaces/libnpmaccess/package.json index 82f38370ba68e..0a493448996b0 100644 --- a/workspaces/libnpmaccess/package.json +++ b/workspaces/libnpmaccess/package.json @@ -30,7 +30,7 @@ "bugs": "https://github.com/npm/libnpmaccess/issues", "homepage": "https://npmjs.com/package/libnpmaccess", "dependencies": { - "npm-package-arg": "^11.0.2", + "npm-package-arg": "^12.0.0", "npm-registry-fetch": "^17.0.1" }, "engines": { diff --git a/workspaces/libnpmdiff/package.json b/workspaces/libnpmdiff/package.json index cadfefbe2c3d5..819a56ed3febd 100644 --- a/workspaces/libnpmdiff/package.json +++ b/workspaces/libnpmdiff/package.json @@ -52,7 +52,7 @@ "binary-extensions": "^2.3.0", "diff": "^5.1.0", "minimatch": "^9.0.4", - "npm-package-arg": "^11.0.2", + "npm-package-arg": "^12.0.0", "pacote": "^18.0.6", "tar": "^6.2.1" }, diff --git a/workspaces/libnpmexec/package.json b/workspaces/libnpmexec/package.json index 69ca864fb2372..202c68bfa8247 100644 --- a/workspaces/libnpmexec/package.json +++ b/workspaces/libnpmexec/package.json @@ -63,7 +63,7 @@ "@npmcli/arborist": "^7.5.4", "@npmcli/run-script": "^9.0.1", "ci-info": "^4.0.0", - "npm-package-arg": "^11.0.2", + "npm-package-arg": "^12.0.0", "pacote": "^18.0.6", "proc-log": "^4.2.0", "read": "^3.0.1", diff --git a/workspaces/libnpmpack/package.json b/workspaces/libnpmpack/package.json index bfc90ce2b199a..a697fefcaf082 100644 --- a/workspaces/libnpmpack/package.json +++ b/workspaces/libnpmpack/package.json @@ -39,7 +39,7 @@ "dependencies": { "@npmcli/arborist": "^7.5.4", "@npmcli/run-script": "^9.0.1", - "npm-package-arg": "^11.0.2", + "npm-package-arg": "^12.0.0", "pacote": "^18.0.6" }, "engines": { diff --git a/workspaces/libnpmpublish/package.json b/workspaces/libnpmpublish/package.json index f6364e0ed8df7..50188d27dc36c 100644 --- a/workspaces/libnpmpublish/package.json +++ b/workspaces/libnpmpublish/package.json @@ -41,7 +41,7 @@ "dependencies": { "ci-info": "^4.0.0", "normalize-package-data": "^7.0.0", - "npm-package-arg": "^11.0.2", + "npm-package-arg": "^12.0.0", "npm-registry-fetch": "^17.0.1", "proc-log": "^4.2.0", "semver": "^7.3.7",