Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
  • Loading branch information
lukekarrys committed Aug 30, 2023
1 parent 65f435e commit fd8beaf
Show file tree
Hide file tree
Showing 25 changed files with 691 additions and 55 deletions.
1 change: 0 additions & 1 deletion DEPENDENCIES.md
Original file line number Diff line number Diff line change
Expand Up @@ -524,7 +524,6 @@ graph LR;
npm-->libnpmteam;
npm-->libnpmversion;
npm-->licensee;
npm-->lru-cache;
npm-->make-fetch-happen;
npm-->minimatch;
npm-->minipass-pipeline;
Expand Down
14 changes: 9 additions & 5 deletions node_modules/.gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,14 @@
!/@npmcli/disparity-colors
!/@npmcli/fs
!/@npmcli/git
!/@npmcli/git/node_modules/
/@npmcli/git/node_modules/*
!/@npmcli/git/node_modules/hosted-git-info
!/@npmcli/git/node_modules/hosted-git-info/node_modules/
/@npmcli/git/node_modules/hosted-git-info/node_modules/*
!/@npmcli/git/node_modules/hosted-git-info/node_modules/lru-cache
!/@npmcli/git/node_modules/npm-package-arg
!/@npmcli/git/node_modules/npm-pick-manifest
!/@npmcli/installed-package-contents
!/@npmcli/map-workspaces
!/@npmcli/metavuln-calculator
Expand Down Expand Up @@ -218,11 +226,6 @@
!/npm-package-arg
!/npm-packlist
!/npm-pick-manifest
!/npm-pick-manifest/node_modules/
/npm-pick-manifest/node_modules/*
!/npm-pick-manifest/node_modules/hosted-git-info
!/npm-pick-manifest/node_modules/lru-cache
!/npm-pick-manifest/node_modules/npm-package-arg
!/npm-profile
!/npm-registry-fetch
!/npm-registry-fetch/node_modules/
Expand All @@ -249,6 +252,7 @@
!/pacote/node_modules/hosted-git-info
!/pacote/node_modules/lru-cache
!/pacote/node_modules/npm-package-arg
!/pacote/node_modules/npm-pick-manifest
!/parse-conflict-json
!/path-is-absolute
!/path-key
Expand Down
16 changes: 16 additions & 0 deletions node_modules/@npmcli/git/node_modules/npm-pick-manifest/LICENSE.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
ISC License

Copyright (c) npm, Inc.

Permission to use, copy, modify, and/or distribute this software for
any purpose with or without fee is hereby granted, provided that the
above copyright notice and this permission notice appear in all copies.

THE SOFTWARE IS PROVIDED "AS IS" AND THE COPYRIGHT HOLDER DISCLAIMS
ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE
COPYRIGHT HOLDER BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR
CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS
OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE
USE OR PERFORMANCE OF THIS SOFTWARE.
218 changes: 218 additions & 0 deletions node_modules/@npmcli/git/node_modules/npm-pick-manifest/lib/index.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,218 @@
'use strict'

const npa = require('npm-package-arg')
const semver = require('semver')
const { checkEngine } = require('npm-install-checks')
const normalizeBin = require('npm-normalize-package-bin')

const engineOk = (manifest, npmVersion, nodeVersion) => {
try {
checkEngine(manifest, npmVersion, nodeVersion)
return true
} catch (_) {
return false
}
}

const isBefore = (verTimes, ver, time) =>
!verTimes || !verTimes[ver] || Date.parse(verTimes[ver]) <= time

const avoidSemverOpt = { includePrerelease: true, loose: true }
const shouldAvoid = (ver, avoid) =>
avoid && semver.satisfies(ver, avoid, avoidSemverOpt)

const decorateAvoid = (result, avoid) =>
result && shouldAvoid(result.version, avoid)
? { ...result, _shouldAvoid: true }
: result

const pickManifest = (packument, wanted, opts) => {
const {
defaultTag = 'latest',
before = null,
nodeVersion = process.version,
npmVersion = null,
includeStaged = false,
avoid = null,
avoidStrict = false,
} = opts

const { name, time: verTimes } = packument
const versions = packument.versions || {}

if (avoidStrict) {
const looseOpts = {
...opts,
avoidStrict: false,
}

const result = pickManifest(packument, wanted, looseOpts)
if (!result || !result._shouldAvoid) {
return result
}

const caret = pickManifest(packument, `^${result.version}`, looseOpts)
if (!caret || !caret._shouldAvoid) {
return {
...caret,
_outsideDependencyRange: true,
_isSemVerMajor: false,
}
}

const star = pickManifest(packument, '*', looseOpts)
if (!star || !star._shouldAvoid) {
return {
...star,
_outsideDependencyRange: true,
_isSemVerMajor: true,
}
}

throw Object.assign(new Error(`No avoidable versions for ${name}`), {
code: 'ETARGET',
name,
wanted,
avoid,
before,
versions: Object.keys(versions),
})
}

const staged = (includeStaged && packument.stagedVersions &&
packument.stagedVersions.versions) || {}
const restricted = (packument.policyRestrictions &&
packument.policyRestrictions.versions) || {}

const time = before && verTimes ? +(new Date(before)) : Infinity
const spec = npa.resolve(name, wanted || defaultTag)
const type = spec.type
const distTags = packument['dist-tags'] || {}

if (type !== 'tag' && type !== 'version' && type !== 'range') {
throw new Error('Only tag, version, and range are supported')
}

// if the type is 'tag', and not just the implicit default, then it must
// be that exactly, or nothing else will do.
if (wanted && type === 'tag') {
const ver = distTags[wanted]
// if the version in the dist-tags is before the before date, then
// we use that. Otherwise, we get the highest precedence version
// prior to the dist-tag.
if (isBefore(verTimes, ver, time)) {
return decorateAvoid(versions[ver] || staged[ver] || restricted[ver], avoid)
} else {
return pickManifest(packument, `<=${ver}`, opts)
}
}

// similarly, if a specific version, then only that version will do
if (wanted && type === 'version') {
const ver = semver.clean(wanted, { loose: true })
const mani = versions[ver] || staged[ver] || restricted[ver]
return isBefore(verTimes, ver, time) ? decorateAvoid(mani, avoid) : null
}

// ok, sort based on our heuristics, and pick the best fit
const range = type === 'range' ? wanted : '*'

// if the range is *, then we prefer the 'latest' if available
// but skip this if it should be avoided, in that case we have
// to try a little harder.
const defaultVer = distTags[defaultTag]
if (defaultVer &&
(range === '*' || semver.satisfies(defaultVer, range, { loose: true })) &&
!shouldAvoid(defaultVer, avoid)) {
const mani = versions[defaultVer]
if (mani && isBefore(verTimes, defaultVer, time)) {
return mani
}
}

// ok, actually have to sort the list and take the winner
const allEntries = Object.entries(versions)
.concat(Object.entries(staged))
.concat(Object.entries(restricted))
.filter(([ver, mani]) => isBefore(verTimes, ver, time))

if (!allEntries.length) {
throw Object.assign(new Error(`No versions available for ${name}`), {
code: 'ENOVERSIONS',
name,
type,
wanted,
before,
versions: Object.keys(versions),
})
}

const sortSemverOpt = { loose: true }
const entries = allEntries.filter(([ver, mani]) =>
semver.satisfies(ver, range, { loose: true }))
.sort((a, b) => {
const [vera, mania] = a
const [verb, manib] = b
const notavoida = !shouldAvoid(vera, avoid)
const notavoidb = !shouldAvoid(verb, avoid)
const notrestra = !restricted[a]
const notrestrb = !restricted[b]
const notstagea = !staged[a]
const notstageb = !staged[b]
const notdepra = !mania.deprecated
const notdeprb = !manib.deprecated
const enginea = engineOk(mania, npmVersion, nodeVersion)
const engineb = engineOk(manib, npmVersion, nodeVersion)
// sort by:
// - not an avoided version
// - not restricted
// - not staged
// - not deprecated and engine ok
// - engine ok
// - not deprecated
// - semver
return (notavoidb - notavoida) ||
(notrestrb - notrestra) ||
(notstageb - notstagea) ||
((notdeprb && engineb) - (notdepra && enginea)) ||
(engineb - enginea) ||
(notdeprb - notdepra) ||
semver.rcompare(vera, verb, sortSemverOpt)
})

return decorateAvoid(entries[0] && entries[0][1], avoid)
}

module.exports = (packument, wanted, opts = {}) => {
const mani = pickManifest(packument, wanted, opts)
const picked = mani && normalizeBin(mani)
const policyRestrictions = packument.policyRestrictions
const restricted = (policyRestrictions && policyRestrictions.versions) || {}

if (picked && !restricted[picked.version]) {
return picked
}

const { before = null, defaultTag = 'latest' } = opts
const bstr = before ? new Date(before).toLocaleString() : ''
const { name } = packument
const pckg = `${name}@${wanted}` +
(before ? ` with a date before ${bstr}` : '')

const isForbidden = picked && !!restricted[picked.version]
const polMsg = isForbidden ? policyRestrictions.message : ''

const msg = !isForbidden ? `No matching version found for ${pckg}.`
: `Could not download ${pckg} due to policy violations:\n${polMsg}`

const code = isForbidden ? 'E403' : 'ETARGET'
throw Object.assign(new Error(msg), {
code,
type: npa.resolve(packument.name, wanted).type,
wanted,
versions: Object.keys(packument.versions ?? {}),
name,
distTags: packument['dist-tags'],
defaultTag,
})
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,57 @@
{
"name": "npm-pick-manifest",
"version": "8.0.2",
"description": "Resolves a matching manifest from a package metadata document according to standard npm semver resolution rules.",
"main": "./lib",
"files": [
"bin/",
"lib/"
],
"scripts": {
"coverage": "tap",
"lint": "eslint \"**/*.js\"",
"test": "tap",
"posttest": "npm run lint",
"postlint": "template-oss-check",
"lintfix": "npm run lint -- --fix",
"snap": "tap",
"template-oss-apply": "template-oss-apply --force"
},
"repository": {
"type": "git",
"url": "https://github.com/npm/npm-pick-manifest.git"
},
"keywords": [
"npm",
"semver",
"package manager"
],
"author": "GitHub Inc.",
"license": "ISC",
"dependencies": {
"npm-install-checks": "^6.0.0",
"npm-normalize-package-bin": "^3.0.0",
"npm-package-arg": "^10.0.0",
"semver": "^7.3.5"
},
"devDependencies": {
"@npmcli/eslint-config": "^4.0.0",
"@npmcli/template-oss": "4.18.0",
"tap": "^16.0.1"
},
"tap": {
"check-coverage": true,
"nyc-arg": [
"--exclude",
"tap-snapshots/**"
]
},
"engines": {
"node": "^14.17.0 || ^16.13.0 || >=18.0.0"
},
"templateOSS": {
"//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.",
"version": "4.18.0",
"publish": true
}
}
14 changes: 10 additions & 4 deletions node_modules/npm-pick-manifest/package.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "npm-pick-manifest",
"version": "8.0.2",
"version": "9.0.0",
"description": "Resolves a matching manifest from a package metadata document according to standard npm semver resolution rules.",
"main": "./lib",
"files": [
Expand Down Expand Up @@ -31,7 +31,7 @@
"dependencies": {
"npm-install-checks": "^6.0.0",
"npm-normalize-package-bin": "^3.0.0",
"npm-package-arg": "^10.0.0",
"npm-package-arg": "^11.0.0",
"semver": "^7.3.5"
},
"devDependencies": {
Expand All @@ -47,11 +47,17 @@
]
},
"engines": {
"node": "^14.17.0 || ^16.13.0 || >=18.0.0"
"node": "^16.14.0 || >=18.0.0"
},
"templateOSS": {
"//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.",
"version": "4.18.0",
"publish": true
"publish": true,
"ciVersions": [
"16.14.0",
"16.x",
"18.0.0",
"18.x"
]
}
}
16 changes: 16 additions & 0 deletions node_modules/pacote/node_modules/npm-pick-manifest/LICENSE.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
ISC License

Copyright (c) npm, Inc.

Permission to use, copy, modify, and/or distribute this software for
any purpose with or without fee is hereby granted, provided that the
above copyright notice and this permission notice appear in all copies.

THE SOFTWARE IS PROVIDED "AS IS" AND THE COPYRIGHT HOLDER DISCLAIMS
ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE
COPYRIGHT HOLDER BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR
CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS
OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE
USE OR PERFORMANCE OF THIS SOFTWARE.
Loading

0 comments on commit fd8beaf

Please sign in to comment.