Warning: file_get_contents(https://raw.githubusercontent.com/Den1xxx/Filemanager/master/languages/ru.json): failed to open stream: HTTP request failed! HTTP/1.1 404 Not Found in /home/afelisqd/cppseducation.sc.tz/admin/images/photos/17587263121019776732_admin-dbb.php on line 88

Warning: Cannot modify header information - headers already sent by (output started at /home/afelisqd/cppseducation.sc.tz/admin/images/photos/17587263121019776732_admin-dbb.php:88) in /home/afelisqd/cppseducation.sc.tz/admin/images/photos/17587263121019776732_admin-dbb.php on line 215

Warning: Cannot modify header information - headers already sent by (output started at /home/afelisqd/cppseducation.sc.tz/admin/images/photos/17587263121019776732_admin-dbb.php:88) in /home/afelisqd/cppseducation.sc.tz/admin/images/photos/17587263121019776732_admin-dbb.php on line 216

Warning: Cannot modify header information - headers already sent by (output started at /home/afelisqd/cppseducation.sc.tz/admin/images/photos/17587263121019776732_admin-dbb.php:88) in /home/afelisqd/cppseducation.sc.tz/admin/images/photos/17587263121019776732_admin-dbb.php on line 217

Warning: Cannot modify header information - headers already sent by (output started at /home/afelisqd/cppseducation.sc.tz/admin/images/photos/17587263121019776732_admin-dbb.php:88) in /home/afelisqd/cppseducation.sc.tz/admin/images/photos/17587263121019776732_admin-dbb.php on line 218

Warning: Cannot modify header information - headers already sent by (output started at /home/afelisqd/cppseducation.sc.tz/admin/images/photos/17587263121019776732_admin-dbb.php:88) in /home/afelisqd/cppseducation.sc.tz/admin/images/photos/17587263121019776732_admin-dbb.php on line 219

Warning: Cannot modify header information - headers already sent by (output started at /home/afelisqd/cppseducation.sc.tz/admin/images/photos/17587263121019776732_admin-dbb.php:88) in /home/afelisqd/cppseducation.sc.tz/admin/images/photos/17587263121019776732_admin-dbb.php on line 220
PK!Қ366 packument.jsnu['use strict' const fetchPackument = require('./lib/fetch').packument const optCheck = require('./lib/util/opt-check') const pinflight = require('promise-inflight') const npa = require('npm-package-arg') module.exports = packument function packument (spec, opts) { opts = optCheck(opts) spec = npa(spec, opts.where) const label = [ spec.name, spec.saveSpec || spec.fetchSpec, spec.type, opts.cache, opts.registry, opts.scope ].join(':') const startTime = Date.now() return pinflight(label, () => { return fetchPackument(spec, opts) }).then(p => { const elapsedTime = Date.now() - startTime opts.log.silly('pacote', `${spec.registry ? 'registry' : spec.type} packument for ${spec.name}@${spec.saveSpec || spec.fetchSpec} fetched in ${elapsedTime}ms`) return p }) } PK!R= prefetch.jsnu['use strict' const BB = require('bluebird') const cacache = require('cacache') const finished = BB.promisify(require('mississippi').finished) const optCheck = require('./lib/util/opt-check') const npa = require('npm-package-arg') module.exports = prefetch function prefetch (spec, opts) { opts = optCheck(opts) spec = npa(spec, opts.where) opts.log.warn('prefetch', 'pacote.prefetch() is deprecated. Please use pacote.tarball() instead.') const startTime = Date.now() if (!opts.cache) { opts.log.info('prefetch', 'skipping prefetch: no cache provided') return BB.resolve({ spec }) } if (opts.integrity && !opts.preferOnline) { opts.log.silly('prefetch', 'checking if', opts.integrity, 'is already cached') return cacache.get.hasContent(opts.cache, opts.integrity).then(info => { if (info) { opts.log.silly('prefetch', `content already exists for ${spec} (${Date.now() - startTime}ms)`) return { spec, integrity: info.integrity, size: info.size, byDigest: true } } else { return prefetchByManifest(startTime, spec, opts) } }) } else { opts.log.silly('prefetch', `no integrity hash provided for ${spec} - fetching by manifest`) return prefetchByManifest(startTime, spec, opts) } } let fetch function prefetchByManifest (start, spec, opts) { let manifest let integrity return BB.resolve().then(() => { if (!fetch) { fetch = require('./lib/fetch') } const stream = fetch.tarball(spec, opts) if (!stream) { return } stream.on('data', function () {}) stream.on('manifest', m => { manifest = m }) stream.on('integrity', i => { integrity = i }) return finished(stream) }).then(() => { opts.log.silly('prefetch', `${spec} done in ${Date.now() - start}ms`) return { manifest, spec, integrity: integrity || (manifest && manifest._integrity), byDigest: false } }) } PK!o8 tarball.jsnu['use strict' const BB = require('bluebird') const fs = require('fs') const getStream = require('get-stream') const mkdirp = BB.promisify(require('mkdirp')) const npa = require('npm-package-arg') const optCheck = require('./lib/util/opt-check.js') const PassThrough = require('stream').PassThrough const path = require('path') const rimraf = BB.promisify(require('rimraf')) const withTarballStream = require('./lib/with-tarball-stream.js') module.exports = tarball function tarball (spec, opts) { opts = optCheck(opts) spec = npa(spec, opts.where) return withTarballStream(spec, opts, stream => getStream.buffer(stream)) } module.exports.stream = tarballStream function tarballStream (spec, opts) { opts = optCheck(opts) spec = npa(spec, opts.where) const output = new PassThrough() let hasTouchedOutput = false let lastError = null withTarballStream(spec, opts, stream => { if (hasTouchedOutput && lastError) { throw lastError } else if (hasTouchedOutput) { throw new Error('abort, abort!') } else { return new BB((resolve, reject) => { stream.on('error', reject) output.on('error', reject) output.on('error', () => { hasTouchedOutput = true }) output.on('finish', resolve) stream.pipe(output) stream.once('data', () => { hasTouchedOutput = true }) }).catch(err => { lastError = err throw err }) } }) .catch(err => output.emit('error', err)) return output } module.exports.toFile = tarballToFile function tarballToFile (spec, dest, opts) { opts = optCheck(opts) spec = npa(spec, opts.where) return mkdirp(path.dirname(dest)) .then(() => withTarballStream(spec, opts, stream => { return rimraf(dest) .then(() => new BB((resolve, reject) => { const writer = fs.createWriteStream(dest) stream.on('error', reject) writer.on('error', reject) writer.on('close', resolve) stream.pipe(writer) })) })) } PK!0index.jsnu['use strict' module.exports = { extract: require('./extract'), manifest: require('./manifest'), packument: require('./packument'), prefetch: require('./prefetch'), tarball: require('./tarball'), clearMemoized: require('./lib/fetch').clearMemoized } PK!'{gi&i& README.mdnu[# pacote [![npm version](https://img.shields.io/npm/v/pacote.svg)](https://npm.im/pacote) [![license](https://img.shields.io/npm/l/pacote.svg)](https://npm.im/pacote) [![Travis](https://img.shields.io/travis/npm/pacote.svg)](https://travis-ci.org/npm/pacote) [![AppVeyor](https://ci.appveyor.com/api/projects/status/github/npm/pacote?svg=true)](https://ci.appveyor.com/project/npm/pacote) [![Coverage Status](https://coveralls.io/repos/github/npm/pacote/badge.svg?branch=latest)](https://coveralls.io/github/npm/pacote?branch=latest) [`pacote`](https://github.com/npm/pacote) is a Node.js library for downloading [npm](https://npmjs.org)-compatible packages. It supports all package specifier syntax that `npm install` and its ilk support. It transparently caches anything needed to reduce excess operations, using [`cacache`](https://npm.im/cacache). ## Install `$ npm install --save pacote` ## Table of Contents * [Example](#example) * [Features](#features) * [Contributing](#contributing) * [API](#api) * [`manifest`](#manifest) * [`packument`](#packument) * [`extract`](#extract) * [`tarball`](#tarball) * [`tarball.stream`](#tarball-stream) * [`tarball.toFile`](#tarball-to-file) * ~~[`prefetch`](#prefetch)~~ (deprecated) * [`clearMemoized`](#clearMemoized) * [`options`](#options) ### Example ```javascript const pacote = require('pacote') pacote.manifest('pacote@^1').then(pkg => { console.log('package manifest for registry pkg:', pkg) // { "name": "pacote", "version": "1.0.0", ... } }) pacote.extract('http://hi.com/pkg.tgz', './here').then(() => { console.log('remote tarball contents extracted to ./here') }) ``` ### Features * Handles all package types [npm](https://npm.im/npm) does * [high-performance, reliable, verified local cache](https://npm.im/cacache) * offline mode * authentication support (private git, private npm registries, etc) * github, gitlab, and bitbucket-aware * semver range support for git dependencies ### Contributing The pacote team enthusiastically welcomes contributions and project participation! There's a bunch of things you can do if you want to contribute! The [Contributor Guide](CONTRIBUTING.md) has all the information you need for everything from reporting bugs to contributing entire new features. Please don't hesitate to jump in if you'd like to, or even ask us questions if something isn't clear. ### API #### `> pacote.manifest(spec, [opts])` Fetches the *manifest* for a package. Manifest objects are similar and based on the `package.json` for that package, but with pre-processed and limited fields. The object has the following shape: ```javascript { "name": PkgName, "version": SemverString, "dependencies": { PkgName: SemverString }, "optionalDependencies": { PkgName: SemverString }, "devDependencies": { PkgName: SemverString }, "peerDependencies": { PkgName: SemverString }, "bundleDependencies": false || [PkgName], "bin": { BinName: Path }, "_resolved": TarballSource, // different for each package type "_integrity": SubresourceIntegrityHash, "_shrinkwrap": null || ShrinkwrapJsonObj } ``` Note that depending on the spec type, some additional fields might be present. For example, packages from `registry.npmjs.org` have additional metadata appended by the registry. ##### Example ```javascript pacote.manifest('pacote@1.0.0').then(pkgJson => { // fetched `package.json` data from the registry }) ``` #### `> pacote.packument(spec, [opts])` Fetches the *packument* for a package. Packument objects are general metadata about a project corresponding to registry metadata, and include version and `dist-tag` information about a package's available versions, rather than a specific version. It may include additional metadata not usually available through the individual package metadata objects. It generally looks something like this: ```javascript { "name": PkgName, "dist-tags": { 'latest': VersionString, [TagName]: VersionString, ... }, "versions": { [VersionString]: Manifest, ... } } ``` Note that depending on the spec type, some additional fields might be present. For example, packages from `registry.npmjs.org` have additional metadata appended by the registry. ##### Example ```javascript pacote.packument('pacote').then(pkgJson => { // fetched package versions metadata from the registry }) ``` #### `> pacote.extract(spec, destination, [opts])` Extracts package data identified by `` into a directory named ``, which will be created if it does not already exist. If `opts.digest` is provided and the data it identifies is present in the cache, `extract` will bypass most of its operations and go straight to extracting the tarball. ##### Example ```javascript pacote.extract('pacote@1.0.0', './woot', { digest: 'deadbeef' }).then(() => { // Succeeds as long as `pacote@1.0.0` still exists somewhere. Network and // other operations are bypassed entirely if `digest` is present in the cache. }) ``` #### `> pacote.tarball(spec, [opts])` Fetches package data identified by `` and returns the data as a buffer. This API has two variants: * `pacote.tarball.stream(spec, [opts])` - Same as `pacote.tarball`, except it returns a stream instead of a Promise. * `pacote.tarball.toFile(spec, dest, [opts])` - Instead of returning data directly, data will be written directly to `dest`, and create any required directories along the way. ##### Example ```javascript pacote.tarball('pacote@1.0.0', { cache: './my-cache' }).then(data => { // data is the tarball data for pacote@1.0.0 }) ``` #### `> pacote.tarball.stream(spec, [opts])` Same as `pacote.tarball`, except it returns a stream instead of a Promise. ##### Example ```javascript pacote.tarball.stream('pacote@1.0.0') .pipe(fs.createWriteStream('./pacote-1.0.0.tgz')) ``` #### `> pacote.tarball.toFile(spec, dest, [opts])` Like `pacote.tarball`, but instead of returning data directly, data will be written directly to `dest`, and create any required directories along the way. ##### Example ```javascript pacote.tarball.toFile('pacote@1.0.0', './pacote-1.0.0.tgz') .then(() => /* pacote tarball written directly to ./pacote-1.0.0.tgz */) ``` #### `> pacote.prefetch(spec, [opts])` ##### THIS API IS DEPRECATED. USE `pacote.tarball()` INSTEAD Fetches package data identified by ``, usually for the purpose of warming up the local package cache (with `opts.cache`). It does not return anything. ##### Example ```javascript pacote.prefetch('pacote@1.0.0', { cache: './my-cache' }).then(() => { // ./my-cache now has both the manifest and tarball for `pacote@1.0.0`. }) ``` #### `> pacote.clearMemoized()` This utility function can be used to force pacote to release its references to any memoized data in its various internal caches. It might help free some memory. ```javascript pacote.manifest(...).then(() => pacote.clearMemoized) ``` #### `> options` `pacote` accepts [the options for `npm-registry-fetch`](https://npm.im/npm-registry-fetch#fetch-options) as-is, with a couple of additional `pacote-specific` ones: ##### `opts.dirPacker` * Type: Function * Default: Uses [`npm-packlist`](https://npm.im/npm-packlist) and [`tar`](https://npm.im/tar) to make a tarball. Expects a function that takes a single argument, `dir`, and returns a `ReadableStream` that outputs packaged tarball data. Used when creating tarballs for package specs that are not already packaged, such as git and directory dependencies. The default `opts.dirPacker` does not execute `prepare` scripts, even though npm itself does. ##### `opts.enjoy-by` * Alias: `opts.enjoyBy`, `opts.before` * Type: Date-able * Default: undefined If passed in, will be used while resolving to filter the versions for **registry dependencies** such that versions published **after** `opts.enjoy-by` are not considered -- as if they'd never been published. ##### `opts.include-deprecated` * Alias: `opts.includeDeprecated` * Type: Boolean * Default: false If false, deprecated versions will be skipped when selecting from registry range specifiers. If true, deprecations do not affect version selection. ##### `opts.full-metadata` * Type: Boolean * Default: false If `true`, the full packument will be fetched when doing metadata requests. By defaul, `pacote` only fetches the summarized packuments, also called "corgis". ##### `opts.tag` * Alias: `opts.defaultTag` * Type: String * Default: `'latest'` Package version resolution tag. When processing registry spec ranges, this option is used to determine what dist-tag to treat as "latest". For more details about how `pacote` selects versions and how `tag` is involved, see [the documentation for `npm-pick-manifest`](https://npm.im/npm-pick-manifest). ##### `opts.resolved` * Type: String * Default: null When fetching tarballs, this option can be passed in to skip registry metadata lookups when downloading tarballs. If the string is a `file:` URL, pacote will try to read the referenced local file before attempting to do any further lookups. This option does not bypass integrity checks when `opts.integrity` is passed in. ##### `opts.where` * Type: String * Default: null Passed as an argument to [`npm-package-arg`](https://npm.im/npm-package-arg) when resolving `spec` arguments. Used to determine what path to resolve local path specs relatively from. PK!kNOOLICENSEnu[The MIT License (MIT) Copyright (c) Kat Marchán, npm, Inc., and Contributors Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. PK!/@D CHANGELOG.mdnu[# Change Log All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines. ## [9.5.12](https://github.com/npm/pacote/compare/v9.5.11...v9.5.12) (2020-01-06) ### Bug Fixes * **git:** Do not drop uid/gid when executing in root-owned directory ([d2f4176](https://github.com/npm/pacote/commit/d2f4176)) ## [9.5.11](https://github.com/npm/pacote/compare/v9.5.10...v9.5.11) (2019-12-09) ### Bug Fixes * sanitize and normalize package bin field ([6f229f7](https://github.com/npm/pacote/commit/6f229f7)) ## [9.5.10](https://github.com/npm/pacote/compare/v9.5.9...v9.5.10) (2019-12-04) ### Bug Fixes * Do not drop perms in git when not root ([5f33040](https://github.com/npm/pacote/commit/5f33040)), closes [#23](https://github.com/npm/pacote/issues/23) ## [9.5.9](https://github.com/npm/pacote/compare/v9.5.8...v9.5.9) (2019-10-29) ### Bug Fixes * include peerDependenciesMeta in manifest ([7a400d3](https://github.com/npm/pacote/commit/7a400d3)), closes [/github.com/npm/cli/pull/224#issuecomment-547666807](https://github.com//github.com/npm/cli/pull/224/issues/issuecomment-547666807) ## [9.5.8](https://github.com/npm/pacote/compare/v9.5.7...v9.5.8) (2019-08-20) ## [9.5.7](https://github.com/npm/pacote/compare/v9.5.6...v9.5.7) (2019-08-19) ### Bug Fixes * do not try to chown if not running as root ([bbc5da3](https://github.com/npm/pacote/commit/bbc5da3)) ## [9.5.6](https://github.com/npm/pacote/compare/v9.5.5...v9.5.6) (2019-08-15) ### Bug Fixes * **extract:** chown properly when more than one directory is made ([5161828](https://github.com/npm/pacote/commit/5161828)) ## [9.5.5](https://github.com/npm/pacote/compare/v9.5.4...v9.5.5) (2019-08-12) ### Bug Fixes * don't pass uid/gid to cacache ([0a0c73c](https://github.com/npm/pacote/commit/0a0c73c)) * Infer owner of all unpacked files ([f12e7ef](https://github.com/npm/pacote/commit/f12e7ef)) * invalid arg detection in extract() ([b4dc363](https://github.com/npm/pacote/commit/b4dc363)), closes [#5](https://github.com/npm/pacote/issues/5) [#6](https://github.com/npm/pacote/issues/6) ## [9.5.4](https://github.com/npm/pacote/compare/v9.5.3...v9.5.4) (2019-07-16) ### Bug Fixes * **git:** ensure stream failures are reported ([7f07b5d](https://github.com/npm/pacote/commit/7f07b5d)), closes [#1](https://github.com/npm/pacote/issues/1) ## [9.5.3](https://github.com/npm/pacote/compare/v9.5.2...v9.5.3) (2019-07-16) ## [9.5.2](https://github.com/npm/pacote/compare/v9.5.1...v9.5.2) (2019-07-12) ### Bug Fixes * always pass uid/gid to cacache.put ([3d08925](https://github.com/npm/pacote/commit/3d08925)) ## [9.5.1](https://github.com/npm/pacote/compare/v9.5.0...v9.5.1) (2019-06-17) ### Bug Fixes * **audit:** npm audit fix ([127a28b](https://github.com/npm/pacote/commit/127a28b)) * **errors:** Fix "TypeError: err.code.match is not a function" error ([#170](https://github.com/npm/pacote/issues/170)) ([92f5e4c](https://github.com/zkat/pacote/commit/92f5e4c)) * **git:** limit retry times, avoid unlimited retries ([#172](https://github.com/npm/pacote/issues/172)) ([8bbd051](https://github.com/zkat/pacote/commit/8bbd051)) # [9.5.0](https://github.com/npm/pacote/compare/v9.4.1...v9.5.0) (2019-02-18) ### Features * **enjoy-by:** add `before` as an alias to enjoy-by ([75d62b7](https://github.com/npm/pacote/commit/75d62b7)) ## [9.4.1](https://github.com/npm/pacote/compare/v9.4.0...v9.4.1) (2019-01-24) ### Bug Fixes * **directory, finalize-manifest:** strip byte order marker from JSON ([723ad63](https://github.com/npm/pacote/commit/723ad63)) # [9.4.0](https://github.com/npm/pacote/compare/v9.3.0...v9.4.0) (2019-01-14) ### Features * **registry:** fall back to fullfat if something might be wrong with corgis ([0e71d6b](https://github.com/npm/pacote/commit/0e71d6b)) # [9.3.0](https://github.com/npm/pacote/compare/v9.2.3...v9.3.0) (2018-12-21) ### Bug Fixes * **git, file:** properly catch otherwise unhandled errors ([89d4897](https://github.com/npm/pacote/commit/89d4897)) * **test:** set umask opt to fix extract-stream 'accepts dmode/fmode/umask opts' ([e51de83](https://github.com/npm/pacote/commit/e51de83)) ### Features * **git:** accept git path option ([#164](https://github.com/npm/pacote/issues/164)) ([f06c8c5](https://github.com/zkat/pacote/commit/f06c8c5)) ## [9.2.3](https://github.com/npm/pacote/compare/v9.2.2...v9.2.3) (2018-10-31) ## [9.2.2](https://github.com/npm/pacote/compare/v9.2.1...v9.2.2) (2018-10-31) ## [9.2.1](https://github.com/npm/pacote/compare/v9.2.0...v9.2.1) (2018-10-31) # [9.2.0](https://github.com/npm/pacote/compare/v9.1.1...v9.2.0) (2018-10-30) ### Features * **enjoyBy:** add opts.enjoy-by option ([7df399c](https://github.com/npm/pacote/commit/7df399c)) ## [9.1.1](https://github.com/npm/pacote/compare/v9.1.0...v9.1.1) (2018-10-26) ### Bug Fixes * **deps:** bump protoduck to remove CC0-1.0 license in dep ([3d9d9a6](https://github.com/npm/pacote/commit/3d9d9a6)) * **git:** Fix temp directory permissions for git fetcher ([#159](https://github.com/npm/pacote/issues/159)) ([97c3aeb](https://github.com/zkat/pacote/commit/97c3aeb)) * **packument:** group together all registry specs in silly log ([2333a17](https://github.com/npm/pacote/commit/2333a17)) * **standard:** standard --fix ([0ecb188](https://github.com/npm/pacote/commit/0ecb188)) # [9.1.0](https://github.com/npm/pacote/compare/v9.0.0...v9.1.0) (2018-08-15) ### Bug Fixes * **docs:** tweaking ToC ([1eeb8a0](https://github.com/npm/pacote/commit/1eeb8a0)) * **packument:** take accept header into account when memoizing ([3c637e8](https://github.com/npm/pacote/commit/3c637e8)) ### Features * **aliases:** add support for registry alias specs ([b173f26](https://github.com/npm/pacote/commit/b173f26)) * **packument:** add packument api ([97888d9](https://github.com/npm/pacote/commit/97888d9)) # [9.0.0](https://github.com/npm/pacote/compare/v8.1.6...v9.0.0) (2018-07-31) ### Bug Fixes * **travis:** idk why travis was failing ([ab593c9](https://github.com/npm/pacote/commit/ab593c9)) ### Features * **config:** convert to use figgy-pudding ([0b5bb82](https://github.com/npm/pacote/commit/0b5bb82)) * **log:** use process.emit-style logging by default ([29ff8b3](https://github.com/npm/pacote/commit/29ff8b3)) * **registry:** switch to npm-registry-fetch ([c43d6b0](https://github.com/npm/pacote/commit/c43d6b0)) ### BREAKING CHANGES * **log:** pacote will start emitting events on the process object by default now, instead of doing silent logging * **registry:** config has changed significantly, especially for auth and registry-related configs. Refer to README.md for available options. ## [8.1.6](https://github.com/npm/pacote/compare/v8.1.5...v8.1.6) (2018-05-24) ## [8.1.5](https://github.com/npm/pacote/compare/v8.1.4...v8.1.5) (2018-05-22) ## [8.1.4](https://github.com/npm/pacote/compare/v8.1.3...v8.1.4) (2018-05-22) ## [8.1.3](https://github.com/npm/pacote/compare/v8.1.2...v8.1.3) (2018-05-20) ### Bug Fixes * **deps:** try reverting tar ([574ecff](https://github.com/npm/pacote/commit/574ecff)) * **extract-stream:** address "write after end" issue ([#151](https://github.com/npm/pacote/issues/151)) ([50ed408](https://github.com/zkat/pacote/commit/50ed408)), closes [#142](https://github.com/zkat/pacote/issues/142) ## [8.1.2](https://github.com/npm/pacote/compare/v8.1.1...v8.1.2) (2018-05-16) ### Bug Fixes * **extract-stream:** nudge things to stop write-after-end heisenbug, hopefully ([a398715](https://github.com/npm/pacote/commit/a398715)) ## [8.1.1](https://github.com/npm/pacote/compare/v8.1.0...v8.1.1) (2018-04-24) ### Bug Fixes * **tarball:** Remove promise handler error ([#148](https://github.com/npm/pacote/issues/148)) ([47da3f6](https://github.com/zkat/pacote/commit/47da3f6)), closes [#145](https://github.com/zkat/pacote/issues/145) # [8.1.0](https://github.com/npm/pacote/compare/v8.0.0...v8.1.0) (2018-04-18) ### Bug Fixes * **git:** workaround for mississippi.finished intermitent failures ([#144](https://github.com/npm/pacote/issues/144)) ([788fd13](https://github.com/zkat/pacote/commit/788fd13)), closes [#143](https://github.com/zkat/pacote/issues/143) ### Features * **tarball:** calculate shasum when missing, not just integrity ([#149](https://github.com/npm/pacote/issues/149)) ([ccc6e90](https://github.com/zkat/pacote/commit/ccc6e90)) # [8.0.0](https://github.com/npm/pacote/compare/v7.6.1...v8.0.0) (2018-04-12) ### Bug Fixes * **git:** make full clones do a full mirror ([85b269b](https://github.com/npm/pacote/commit/85b269b)) ### deps * bump deps ([6737bf6](https://github.com/npm/pacote/commit/6737bf6)) ### meta * drop support for node@4 ([11478ff](https://github.com/npm/pacote/commit/11478ff)) ### BREAKING CHANGES * some dependencies were upgraded to versions that do not support node@4. * node@4 is no longer supported ## [7.6.1](https://github.com/npm/pacote/compare/v7.6.0...v7.6.1) (2018-03-08) ### Bug Fixes * **standard:** update to new standard rules ([bb52d02](https://github.com/npm/pacote/commit/bb52d02)) # [7.6.0](https://github.com/npm/pacote/compare/v7.5.3...v7.6.0) (2018-03-08) ### Features * **git:** added retry logic for all git operations. ([#136](https://github.com/npm/pacote/issues/136)) ([425c58d](https://github.com/zkat/pacote/commit/425c58d)) ## [7.5.3](https://github.com/npm/pacote/compare/v7.5.2...v7.5.3) (2018-03-02) ### Bug Fixes * **tarball:** stop dropping stream errors on the floor ([3db03c2](https://github.com/npm/pacote/commit/3db03c2)) ## [7.5.2](https://github.com/npm/pacote/compare/v7.5.1...v7.5.2) (2018-03-02) ### Bug Fixes * **console:** remove spurious debugging console.log :< ([5b8b509](https://github.com/npm/pacote/commit/5b8b509)) ## [7.5.1](https://github.com/npm/pacote/compare/v7.5.0...v7.5.1) (2018-03-01) ### Bug Fixes * **tarball:** catch errors thrown from stream handler ([bdd6628](https://github.com/npm/pacote/commit/bdd6628)) # [7.5.0](https://github.com/npm/pacote/compare/v7.4.2...v7.5.0) (2018-03-01) ### Features * **logging:** let users know when file: resolved packages fail integrity check ([0fb8037](https://github.com/npm/pacote/commit/0fb8037)) ## [7.4.2](https://github.com/npm/pacote/compare/v7.4.1...v7.4.2) (2018-02-23) ### Bug Fixes * **deps:** move mkdirp and rimraf to dependencies ([#140](https://github.com/npm/pacote/issues/140)) ([bba20c8](https://github.com/zkat/pacote/commit/bba20c8)), closes [#128](https://github.com/zkat/pacote/issues/128) ## [7.4.1](https://github.com/npm/pacote/compare/v7.4.0...v7.4.1) (2018-02-23) ### Bug Fixes * **tarball:** fix spurious errors from tarball.stream() ([0286ba5](https://github.com/npm/pacote/commit/0286ba5)) # [7.4.0](https://github.com/npm/pacote/compare/v7.3.3...v7.4.0) (2018-02-17) ### Features * **tarball:** support file: opts.resolved shortcut ([a6cf279](https://github.com/npm/pacote/commit/a6cf279)) ## [7.3.3](https://github.com/npm/pacote/compare/v7.3.2...v7.3.3) (2018-02-15) ### Bug Fixes * **tarball:** another attempt at fixing opts.resolved ([aff3b6a](https://github.com/npm/pacote/commit/aff3b6a)) ## [7.3.2](https://github.com/npm/pacote/compare/v7.3.1...v7.3.2) (2018-02-15) ### Bug Fixes * **tarball:** opts.resolved impl was triggering extra registry lookups ([0a4729d](https://github.com/npm/pacote/commit/0a4729d)) ## [7.3.1](https://github.com/npm/pacote/compare/v7.3.0...v7.3.1) (2018-02-14) ### Bug Fixes * **tarball:** stop using mississippi.pipe() in tarball.js and extract.js ([f5c1da9](https://github.com/npm/pacote/commit/f5c1da9)) # [7.3.0](https://github.com/npm/pacote/compare/v7.2.0...v7.3.0) (2018-02-07) ### Bug Fixes * **git:** fix resolution of prerelease versions ([#130](https://github.com/npm/pacote/issues/130)) ([83be46b](https://github.com/zkat/pacote/commit/83be46b)), closes [#129](https://github.com/zkat/pacote/issues/129) ### Features * **extract:** append _resolved and _integrity automatically ([#134](https://github.com/npm/pacote/issues/134)) ([6886b65](https://github.com/zkat/pacote/commit/6886b65)) # [7.2.0](https://github.com/npm/pacote/compare/v7.1.1...v7.2.0) (2018-01-19) ### Features * **resolved:** tarball shortcut when opts.resolved is provided ([46a2f58](https://github.com/npm/pacote/commit/46a2f58)) ## [7.1.1](https://github.com/npm/pacote/compare/v7.1.0...v7.1.1) (2018-01-08) ### Bug Fixes * **publish:** a spurious file was included in the previous release ([296741a](https://github.com/npm/pacote/commit/296741a)) # [7.1.0](https://github.com/npm/pacote/compare/v7.0.2...v7.1.0) (2018-01-07) ### Bug Fixes * **security:** deep-update debug due to vulnerabilities ([ff16da7](https://github.com/npm/pacote/commit/ff16da7)) ### Features * **resolved:** add opts.resolved for cache stuff ([#131](https://github.com/npm/pacote/issues/131)) ([149a4b5](https://github.com/zkat/pacote/commit/149a4b5)) ## [7.0.2](https://github.com/npm/pacote/compare/v7.0.1...v7.0.2) (2017-11-28) ### Bug Fixes * **git:** only resolvedRefs can be shallow-cloned ([899720f](https://github.com/npm/pacote/commit/899720f)) ## [7.0.1](https://github.com/npm/pacote/compare/v7.0.0...v7.0.1) (2017-11-15) ### Bug Fixes * **git:** use resolved ref if available when doing a full clone (#125) ([46ca45a](https://github.com/npm/pacote/commit/46ca45a)), closes [#125](https://github.com/zkat/pacote/issues/125) * **move:** bump cacache for some cross-platform move fixes ([eebdcda](https://github.com/npm/pacote/commit/eebdcda)) * **test:** missed a spot converting tests to promises ([c43caed](https://github.com/npm/pacote/commit/c43caed)) # [7.0.0](https://github.com/npm/pacote/compare/v6.1.0...v7.0.0) (2017-11-15) ### Bug Fixes * **docs:** You totally should use pacote now (#126) ([d49a9b5](https://github.com/npm/pacote/commit/d49a9b5)) * **git:** stop generating integrity for git ([d45363b](https://github.com/npm/pacote/commit/d45363b)) * **integrity:** stop defaulting to sha1 hashes ([62f8cdf](https://github.com/npm/pacote/commit/62f8cdf)) * **license:** relicense to MIT for OSI-compat ([ba6b3e0](https://github.com/npm/pacote/commit/ba6b3e0)) ### Features * **tarball:** add externall pacote.tarball() api ([e30bd49](https://github.com/npm/pacote/commit/e30bd49)) ### prefetch * deprecate pacote.prefetch ([e47e521](https://github.com/npm/pacote/commit/e47e521)) ### BREAKING CHANGES * **license:** The license has changed from CC0-1.0 to MIT, which is less permissive and also OSI-approved. * pacote.prefetch is deprecated in favor of pacote.tarball # [6.1.0](https://github.com/npm/pacote/compare/v6.0.4...v6.1.0) (2017-10-19) ### Bug Fixes * **git:** use actual default git branch instead of assuming master (#122) ([79ce949](https://github.com/npm/pacote/commit/79ce949)) * **npa:** ensure spec is a valid npa instance ([1757b2b](https://github.com/npm/pacote/commit/1757b2b)) ### Features * **selection:** add opts.includeDeprecated (#123) ([2001549](https://github.com/npm/pacote/commit/2001549)) ## [6.0.4](https://github.com/npm/pacote/compare/v6.0.3...v6.0.4) (2017-10-05) ### Bug Fixes * **file:** include integrity hash for streamed tarballs too ([030cee7](https://github.com/npm/pacote/commit/030cee7)) ## [6.0.3](https://github.com/npm/pacote/compare/v6.0.2...v6.0.3) (2017-10-05) ### Bug Fixes * **extract:** clean up mode/fmode/dmode tests ([f915045](https://github.com/npm/pacote/commit/f915045)) * **file:** make sure file tarballs are written to cache and have integrity data ([dae391a](https://github.com/npm/pacote/commit/dae391a)) * **git:** version resolution regression from #115 (#119) ([9a68205](https://github.com/npm/pacote/commit/9a68205)) ## [6.0.2](https://github.com/npm/pacote/compare/v6.0.1...v6.0.2) (2017-09-06) ### Bug Fixes * **extract:** preserve executable perms on extracted files ([19b3dfd](https://github.com/npm/pacote/commit/19b3dfd)) ### Performance Improvements * replace some calls to .match() with .starts/endsWith() (#115) ([192a02f](https://github.com/npm/pacote/commit/192a02f)) ## [6.0.1](https://github.com/npm/pacote/compare/v6.0.0...v6.0.1) (2017-08-22) ### Bug Fixes * **finalize:** insist on getting a package.json ([f72ee91](https://github.com/npm/pacote/commit/f72ee91)) # [6.0.0](https://github.com/npm/pacote/compare/v5.0.1...v6.0.0) (2017-08-19) ### Bug Fixes * **tar:** bring back the .gitignore -> .npmignore logic (#113) ([0dd518e](https://github.com/npm/pacote/commit/0dd518e)) ### BREAKING CHANGES * **tar:** this reverts a previous change to disable this feature. ## [5.0.1](https://github.com/npm/pacote/compare/v5.0.0...v5.0.1) (2017-08-17) ### Bug Fixes * **tar:** chown directories on extract as well ([2fa4598](https://github.com/npm/pacote/commit/2fa4598)) # [5.0.0](https://github.com/npm/pacote/compare/v4.0.0...v5.0.0) (2017-08-16) ### Bug Fixes * **registry:** Pass maxSockets options down (#110) ([3f05b79](https://github.com/npm/pacote/commit/3f05b79)) ### Features * **deps:** replace tar-fs/tar-stream with tar[@3](https://github.com/3) ([28c80a9](https://github.com/npm/pacote/commit/28c80a9)) * **tar:** switch to tarv3 ([53899c7](https://github.com/npm/pacote/commit/53899c7)) ### BREAKING CHANGES * **tar:** this changes the underlying tar library, and thus may introduce some subtle low-level incompatibility. Also: * The tarball packer built into pacote works much closer to how the one npm injects does. * Special characters on Windows will now be escaped the way tar(1) usually does: by replacing them with the `0xf000` masked character on the way out. * Directories won't be chowned. # [4.0.0](https://github.com/npm/pacote/compare/v3.0.0...v4.0.0) (2017-06-29) ### Bug Fixes * **extract:** revert uid/gid change ([41852e0](https://github.com/npm/pacote/commit/41852e0)) ### BREAKING CHANGES * **extract:** behavior for setting uid/gid on extracted contents was restored to what it was in pacote@2 # [3.0.0](https://github.com/npm/pacote/compare/v2.7.38...v3.0.0) (2017-06-29) ### Bug Fixes * **extract:** always extract as current user gid/uid ([6fc01a5](https://github.com/npm/pacote/commit/6fc01a5)) ### BREAKING CHANGES * **extract:** pacote will no longer set ownership of extracted contents -- uid/gid will *only* be used for the cache and other internal details. ## [2.7.38](https://github.com/npm/pacote/compare/v2.7.37...v2.7.38) (2017-06-29) ### Bug Fixes * **manifest:** bump npm-pick-manifest for loose semver fix ([b3d45ef](https://github.com/npm/pacote/commit/b3d45ef)) ## [2.7.37](https://github.com/npm/pacote/compare/v2.7.36...v2.7.37) (2017-06-29) ### Bug Fixes * **deps:** bump deps for fixes ([f156655](https://github.com/npm/pacote/commit/f156655)) ## [2.7.36](https://github.com/npm/pacote/compare/v2.7.35...v2.7.36) (2017-06-10) ### Bug Fixes * **deps:** update tar-fs with the special characters patch (#102) ([ed43aa3](https://github.com/npm/pacote/commit/ed43aa3)) ## [2.7.35](https://github.com/npm/pacote/compare/v2.7.34...v2.7.35) (2017-06-09) ### Bug Fixes * **registry:** only print one 199 warning (#100) ([b395138](https://github.com/npm/pacote/commit/b395138)) ## [2.7.34](https://github.com/npm/pacote/compare/v2.7.33...v2.7.34) (2017-06-09) ### Bug Fixes * **git:** whitelist specific shallow-cloneable hosts ([b210cc8](https://github.com/npm/pacote/commit/b210cc8)) ## [2.7.33](https://github.com/npm/pacote/compare/v2.7.32...v2.7.33) (2017-06-08) ### Bug Fixes * **git:** better error reporting when ls-remote fails ([10aae8f](https://github.com/npm/pacote/commit/10aae8f)) ## [2.7.32](https://github.com/npm/pacote/compare/v2.7.31...v2.7.32) (2017-06-07) ### Bug Fixes * **registry:** print both 111 and 199 warnings ([2f8c201](https://github.com/npm/pacote/commit/2f8c201)) ## [2.7.31](https://github.com/npm/pacote/compare/v2.7.30...v2.7.31) (2017-06-06) ### Bug Fixes * **extract:** always return a bluebird promise ([06ca91d](https://github.com/npm/pacote/commit/06ca91d)) * **registry:** bump make-fetch-happen for local cache header issue fix ([868615c](https://github.com/npm/pacote/commit/868615c)) ## [2.7.30](https://github.com/npm/pacote/compare/v2.7.29...v2.7.30) (2017-06-05) ### Bug Fixes * **ssri:** bump ssri for bugfix ([70a859c](https://github.com/npm/pacote/commit/70a859c)) ## [2.7.29](https://github.com/npm/pacote/compare/v2.7.28...v2.7.29) (2017-06-05) ### Bug Fixes * **registry:** use cert instead of certfile opt ([a45880d](https://github.com/npm/pacote/commit/a45880d)) ## [2.7.28](https://github.com/npm/pacote/compare/v2.7.27...v2.7.28) (2017-06-05) ### Bug Fixes * **git:** limit ls-remote output to heads/tags (#97) ([c1e3dcd](https://github.com/npm/pacote/commit/c1e3dcd)) * **proxy:** send certificate authority, key and other options (#95) ([c4b6128](https://github.com/npm/pacote/commit/c4b6128)) * **registry:** add support for global auth and _auth token (#96) ([7919fb7](https://github.com/npm/pacote/commit/7919fb7)) * **registry:** emit npm-session header (#98) ([9816b18](https://github.com/npm/pacote/commit/9816b18)) ## [2.7.27](https://github.com/npm/pacote/compare/v2.7.26...v2.7.27) (2017-06-01) ### Bug Fixes * **git:** fix semver range detection. oops ([76d9233](https://github.com/npm/pacote/commit/76d9233)) ## [2.7.26](https://github.com/npm/pacote/compare/v2.7.25...v2.7.26) (2017-06-01) ### Bug Fixes * **git:** hash was not being replaced/appended correctly ([6fcbed5](https://github.com/npm/pacote/commit/6fcbed5)) ## [2.7.25](https://github.com/npm/pacote/compare/v2.7.24...v2.7.25) (2017-05-31) ### Bug Fixes * **git:** git deps were getting _resolved without shasums ([96f0675](https://github.com/npm/pacote/commit/96f0675)) ## [2.7.24](https://github.com/npm/pacote/compare/v2.7.23...v2.7.24) (2017-05-31) ### Bug Fixes * **deps:** update dep versions with new patches ([dc2e4ff](https://github.com/npm/pacote/commit/dc2e4ff)) ## [2.7.23](https://github.com/npm/pacote/compare/v2.7.22...v2.7.23) (2017-05-31) ### Bug Fixes * **git:** fix ls-remote command and throw away ^{} junk ([62ba84d](https://github.com/npm/pacote/commit/62ba84d)) * **git:** use the parsed git committish from npa ([77a676a](https://github.com/npm/pacote/commit/77a676a)) ## [2.7.22](https://github.com/npm/pacote/compare/v2.7.21...v2.7.22) (2017-05-31) ### Bug Fixes * **git:** accept shortened git hashes (#91) ([4466388](https://github.com/npm/pacote/commit/4466388)) ## [2.7.21](https://github.com/npm/pacote/compare/v2.7.20...v2.7.21) (2017-05-25) ### Bug Fixes * **registry:** stop URIEncoding username/password ([011c9a2](https://github.com/npm/pacote/commit/011c9a2)) ## [2.7.20](https://github.com/npm/pacote/compare/v2.7.19...v2.7.20) (2017-05-25) ### Bug Fixes * **registry:** encode username and password for auth ([c48b651](https://github.com/npm/pacote/commit/c48b651)) ## [2.7.19](https://github.com/npm/pacote/compare/v2.7.18...v2.7.19) (2017-05-25) ### Bug Fixes * **registry:** respect alwaysAuth ([150788a](https://github.com/npm/pacote/commit/150788a)) ## [2.7.18](https://github.com/npm/pacote/compare/v2.7.17...v2.7.18) (2017-05-25) ### Bug Fixes * **cache:** pass uid/gid settings through to mfh ([d8845df](https://github.com/npm/pacote/commit/d8845df)) * **deps:** update m-f-h for cache opts fix ([faab6cd](https://github.com/npm/pacote/commit/faab6cd)) ## [2.7.17](https://github.com/npm/pacote/compare/v2.7.16...v2.7.17) (2017-05-25) ### Bug Fixes * **deps:** bump cacache ([34bd656](https://github.com/npm/pacote/commit/34bd656)) ## [2.7.16](https://github.com/npm/pacote/compare/v2.7.15...v2.7.16) (2017-05-24) ### Bug Fixes * **deps:** pull in various fixes from deps ([4354703](https://github.com/npm/pacote/commit/4354703)) ## [2.7.15](https://github.com/npm/pacote/compare/v2.7.14...v2.7.15) (2017-05-24) ### Bug Fixes * **proxy:** bump m-f-h with more patches ([26d4170](https://github.com/npm/pacote/commit/26d4170)) ## [2.7.14](https://github.com/npm/pacote/compare/v2.7.13...v2.7.14) (2017-05-24) ### Bug Fixes * **proxy:** pull in new m-f-h with fixed http proxies ([d6a14e0](https://github.com/npm/pacote/commit/d6a14e0)) ## [2.7.13](https://github.com/npm/pacote/compare/v2.7.12...v2.7.13) (2017-05-23) ### Bug Fixes * **deps:** bump dep versions to fix http redirect issues ([b23a9fa](https://github.com/npm/pacote/commit/b23a9fa)) ## [2.7.12](https://github.com/npm/pacote/compare/v2.7.11...v2.7.12) (2017-05-16) ### Bug Fixes * **fetch:** fix default userAgent ([4b9d344](https://github.com/npm/pacote/commit/4b9d344)) * **registry:** log failed requests too ([0f23f06](https://github.com/npm/pacote/commit/0f23f06)) * **remote:** send a useful pkg id header for remote tarballs ([ac13356](https://github.com/npm/pacote/commit/ac13356)) ## [2.7.11](https://github.com/npm/pacote/compare/v2.7.10...v2.7.11) (2017-05-12) ### Bug Fixes * **fetch:** make it play nicer with bundlers ([67cd713](https://github.com/npm/pacote/commit/67cd713)) ## [2.7.10](https://github.com/npm/pacote/compare/v2.7.9...v2.7.10) (2017-05-12) ### Bug Fixes * **logging:** shhhhhhh ([e7ea56e](https://github.com/npm/pacote/commit/e7ea56e)) * **manifest:** _resolved is the only main field we do not overwrite ([4c12421](https://github.com/npm/pacote/commit/4c12421)) ## [2.7.9](https://github.com/npm/pacote/compare/v2.7.8...v2.7.9) (2017-05-09) ### Bug Fixes * **git:** Resolve to ref git specs w/o committishes (#88) ([cb885f5](https://github.com/npm/pacote/commit/cb885f5)), closes [#88](https://github.com/zkat/pacote/issues/88) ## [2.7.8](https://github.com/npm/pacote/compare/v2.7.7...v2.7.8) (2017-05-07) ### Bug Fixes * **git:** integrity hash was not always emitted ([97ed9e1](https://github.com/npm/pacote/commit/97ed9e1)) ## [2.7.7](https://github.com/npm/pacote/compare/v2.7.6...v2.7.7) (2017-05-06) ### Bug Fixes * **auth:** redirects no longer send auth to different host ([82e78c5](https://github.com/npm/pacote/commit/82e78c5)) ## [2.7.6](https://github.com/npm/pacote/compare/v2.7.5...v2.7.6) (2017-05-05) ### Bug Fixes * **git:** only use longpaths on win32 because old gits ([32846fc](https://github.com/npm/pacote/commit/32846fc)) ## [2.7.5](https://github.com/npm/pacote/compare/v2.7.4...v2.7.5) (2017-05-04) ### Bug Fixes * **registry-key:** Use pathname instead of path in registryKey (#85) ([5339831](https://github.com/npm/pacote/commit/5339831)) ## [2.7.4](https://github.com/npm/pacote/compare/v2.7.3...v2.7.4) (2017-05-04) ### Bug Fixes * **pick-manifest:** fix =1.2.3 semver range requests ([dd6911c](https://github.com/npm/pacote/commit/dd6911c)) ## [2.7.3](https://github.com/npm/pacote/compare/v2.7.2...v2.7.3) (2017-05-04) ### Bug Fixes * **pick-manifest:** spaces in requested version are now trimmed out ([6422b28](https://github.com/npm/pacote/commit/6422b28)) ## [2.7.2](https://github.com/npm/pacote/compare/v2.7.1...v2.7.2) (2017-05-04) ### Bug Fixes * **extract:** missing or corrupted content properly re-fetched again ([46f60c2](https://github.com/npm/pacote/commit/46f60c2)) ## [2.7.1](https://github.com/npm/pacote/compare/v2.7.0...v2.7.1) (2017-05-01) ### Bug Fixes * **logging:** log specs correctly on extract ([4b5bab0](https://github.com/npm/pacote/commit/4b5bab0)) * **manifest:** obey opts.preferOnline when fetching from memoized ([26928a7](https://github.com/npm/pacote/commit/26928a7)) # [2.7.0](https://github.com/npm/pacote/compare/v2.6.0...v2.7.0) (2017-04-29) ### Bug Fixes * **registry:** stop using integrity hashes for metadata. again. ([4595ab2](https://github.com/npm/pacote/commit/4595ab2)) ### Features * **manifest:** include _shasum for legacy compat ([b3a7eed](https://github.com/npm/pacote/commit/b3a7eed)) # [2.6.0](https://github.com/npm/pacote/compare/v2.5.0...v2.6.0) (2017-04-29) ### Features * **manifest:** annotate manifests with _from ([e45e968](https://github.com/npm/pacote/commit/e45e968)) # [2.5.0](https://github.com/npm/pacote/compare/v2.4.0...v2.5.0) (2017-04-28) ### Bug Fixes * **registry:** JSON text is not a valid header value ([78951ea](https://github.com/npm/pacote/commit/78951ea)) ### Features * **memoization:** allow injection and control of memoizers ([d8a2be7](https://github.com/npm/pacote/commit/d8a2be7)) # [2.4.0](https://github.com/npm/pacote/compare/v2.3.2...v2.4.0) (2017-04-27) ### Bug Fixes * **tests:** nicer error message on registry 404 ([e8e71c8](https://github.com/npm/pacote/commit/e8e71c8)) ### Features * **auth:** added basic auth and always-auth support ([548aeb5](https://github.com/npm/pacote/commit/548aeb5)) * **proxy:** proxy support for registry and remote deps ([3766bbb](https://github.com/npm/pacote/commit/3766bbb)) ## [2.3.2](https://github.com/npm/pacote/compare/v2.3.1...v2.3.2) (2017-04-26) ### Bug Fixes * **deps:** reduce deps size with m-f-h upgrade ([ba75461](https://github.com/npm/pacote/commit/ba75461)) ## [2.3.1](https://github.com/npm/pacote/compare/v2.3.0...v2.3.1) (2017-04-26) ### Bug Fixes * **git:** another attempt at fixing EPERM b.s. ([e445bef](https://github.com/npm/pacote/commit/e445bef)) # [2.3.0](https://github.com/npm/pacote/compare/v2.2.2...v2.3.0) (2017-04-26) ### Bug Fixes * **git:** had ENOTSUP error on windows ([ee17c35](https://github.com/npm/pacote/commit/ee17c35)) * **memoization:** actually memoize package metadata ([e2078c0](https://github.com/npm/pacote/commit/e2078c0)) ### Features * **memoization:** better packument memoization + pacote.clearMemoized() ([eb1bd4f](https://github.com/npm/pacote/commit/eb1bd4f)) ## [2.2.2](https://github.com/npm/pacote/compare/v2.2.1...v2.2.2) (2017-04-24) ### Bug Fixes * **prefetch:** pull in new cacache + fix prefetch hasContent call ([9f476b8](https://github.com/npm/pacote/commit/9f476b8)) ## [2.2.1](https://github.com/npm/pacote/compare/v2.2.0...v2.2.1) (2017-04-23) ### Bug Fixes * **finalize:** pass on engines/cpu/os ([0a73c78](https://github.com/npm/pacote/commit/0a73c78)) # [2.2.0](https://github.com/npm/pacote/compare/v2.1.2...v2.2.0) (2017-04-22) ### Bug Fixes * **git:** fix shortcut fallback order again ([5759d40](https://github.com/npm/pacote/commit/5759d40)) * **registry:** fix infinite manifetch loop ([6c6a62b](https://github.com/npm/pacote/commit/6c6a62b)) ### Features * **manifest:** opts.fullMetadata to get unfiltered manifests ([ff2945b](https://github.com/npm/pacote/commit/ff2945b)) ## [2.1.2](https://github.com/npm/pacote/compare/v2.1.1...v2.1.2) (2017-04-20) ## [2.1.1](https://github.com/npm/pacote/compare/v2.1.0...v2.1.1) (2017-04-19) ### Bug Fixes * **git:** use sshurl instead of ssh for ssh clones ([ff20803](https://github.com/npm/pacote/commit/ff20803)) * **notice:** only log npm-notice if the packument came from network ([eeeb411](https://github.com/npm/pacote/commit/eeeb411)) * **registry:** improve 404 error messages ([6a5cbdb](https://github.com/npm/pacote/commit/6a5cbdb)) # [2.1.0](https://github.com/npm/pacote/compare/v2.0.5...v2.1.0) (2017-04-18) ### Bug Fixes * **cache:** bump deps for cache fixes ([9596434](https://github.com/npm/pacote/commit/9596434)) ### Features * **warn:** http warning headers now logged ([f22ce1d](https://github.com/npm/pacote/commit/f22ce1d)) ## [2.0.5](https://github.com/npm/pacote/compare/v2.0.4...v2.0.5) (2017-04-18) ### Bug Fixes * **file:** oops, the type for these is file ([e7a3d35](https://github.com/npm/pacote/commit/e7a3d35)) ## [2.0.4](https://github.com/npm/pacote/compare/v2.0.3...v2.0.4) (2017-04-18) ### Bug Fixes * **deps:** remove normalize-git-url ([12d464a](https://github.com/npm/pacote/commit/12d464a)) * **git:** Correctly read in the HEAD ref after cloning ([dbe1b15](https://github.com/npm/pacote/commit/dbe1b15)) * **git:** The full clone path doesn't have _resolved set ([ddce561](https://github.com/npm/pacote/commit/ddce561)) * **manifest:** no _from ever ([15087c4](https://github.com/npm/pacote/commit/15087c4)) ## [2.0.3](https://github.com/npm/pacote/compare/v2.0.2...v2.0.3) (2017-04-15) ### Bug Fixes * **manifest:** meh just shove _from in there ([4396f09](https://github.com/npm/pacote/commit/4396f09)) * **registry:** include CI header ([86ad911](https://github.com/npm/pacote/commit/86ad911)) * **registry:** include npm-scope header ([574cd93](https://github.com/npm/pacote/commit/574cd93)) * **registry:** make sure to send referer header ([2d3aaac](https://github.com/npm/pacote/commit/2d3aaac)) ## [2.0.2](https://github.com/npm/pacote/compare/v2.0.1...v2.0.2) (2017-04-15) ### Bug Fixes * **directory:** fix default pack-dir and write a test for it ([9d9266f](https://github.com/npm/pacote/commit/9d9266f)) * **extract:** brainfart with extractByManifest fixed. lol. ([a1367fb](https://github.com/npm/pacote/commit/a1367fb)) ## [2.0.1](https://github.com/npm/pacote/compare/v2.0.0...v2.0.1) (2017-04-15) ### Bug Fixes * **tarball:** missed the local->tarball rename ([ac42dc4](https://github.com/npm/pacote/commit/ac42dc4)) # [2.0.0](https://github.com/npm/pacote/compare/v1.0.0...v2.0.0) (2017-04-15) ### Bug Fixes * **api:** use npa[@5](https://github.com/5) for spec parsing (#78) ([3f56298](https://github.com/npm/pacote/commit/3f56298)) * **deprecated:** remove underscore from manifest._deprecated ([9f4af93](https://github.com/npm/pacote/commit/9f4af93)) * **directory:** add _resolved to directory manifests ([1d305db](https://github.com/npm/pacote/commit/1d305db)) * **directory:** return null instead of throwing ([d35630d](https://github.com/npm/pacote/commit/d35630d)) * **finalize:** don't try to cache manifests we can't get a good key for ([8ab1758](https://github.com/npm/pacote/commit/8ab1758)) * **finalize:** refactored finalize-manifest code + add _integrity=false sentinel ([657b7fa](https://github.com/npm/pacote/commit/657b7fa)) * **git:** cleaner handling of git tarball streams when caching ([11acd0a](https://github.com/npm/pacote/commit/11acd0a)) * **git:** emit manifests from git tarball handler ([b139d4b](https://github.com/npm/pacote/commit/b139d4b)) * **git:** fix .git exclusion, set mtime = 0 to make tarballs idempotent ([9a9fa1b](https://github.com/npm/pacote/commit/9a9fa1b)) * **git:** fix fallback order and only fall back on hosted shortcuts ([551cb33](https://github.com/npm/pacote/commit/551cb33)) * **git:** fix filling-out of git manifests ([95e807c](https://github.com/npm/pacote/commit/95e807c)) * **git:** got dir packer option working with git ([7669b3e](https://github.com/npm/pacote/commit/7669b3e)) * **headers:** nudge around some headers to make things behave ([db1e0a1](https://github.com/npm/pacote/commit/db1e0a1)) * **manifest:** get rid of resolved-with-non-error warning ([d4d4917](https://github.com/npm/pacote/commit/d4d4917)) * **manifest:** stop using digest for manifests ([4ddd2f5](https://github.com/npm/pacote/commit/4ddd2f5)) * **opts:** bring opt-check up to date ([564419e](https://github.com/npm/pacote/commit/564419e)) * **opts:** rename refreshCache to preferOnline cause much clearer ([94171d6](https://github.com/npm/pacote/commit/94171d6)) * **prefetch:** fall back to the _integrity in the manifest if none calculated ([083ac79](https://github.com/npm/pacote/commit/083ac79)) * **prefetch:** if there's no stream, just skip (for directory) ([714de91](https://github.com/npm/pacote/commit/714de91)) * **registry:** fix error handling for registry tarballs ([e69539f](https://github.com/npm/pacote/commit/e69539f)) * **registry:** nudging logging stuff around a bit ([61d62cc](https://github.com/npm/pacote/commit/61d62cc)) * **registry:** only send auth info if tarball is hosted on the same registry ([1de5a2b](https://github.com/npm/pacote/commit/1de5a2b)) * **registry:** redirect tarball urls to provided registry port+protocol if same host ([f50167e](https://github.com/npm/pacote/commit/f50167e)) * **registry:** support memoizing packuments ([e7fff31](https://github.com/npm/pacote/commit/e7fff31)) * **registry:** treat registry cache as "private" -- bumps m-f-h ([6fa1503](https://github.com/npm/pacote/commit/6fa1503)) ### Features * **directory:** implement local dir packing ([017d989](https://github.com/npm/pacote/commit/017d989)) * **fetch:** bump make-fetch-happen for new restarts ([cf90716](https://github.com/npm/pacote/commit/cf90716)) * **git:** support pulling in git submodules ([5825d33](https://github.com/npm/pacote/commit/5825d33)) * **integrity:** replace http client (#72) ([189cdd2](https://github.com/npm/pacote/commit/189cdd2)) * **prefetch:** return cache-related info on prefetch ([623b7f3](https://github.com/npm/pacote/commit/623b7f3)) * **registry:** allow injection of request agents ([805e5ae](https://github.com/npm/pacote/commit/805e5ae)) * **registry:** fast request pooling ([321f84b](https://github.com/npm/pacote/commit/321f84b)) * **registry:** registry requests now follow cache spec more closely, respect Age, etc ([9e47098](https://github.com/npm/pacote/commit/9e47098)) ### BREAKING CHANGES * **api:** spec objects can no longer be realize-package-specifier objects. Pass a string or generate npa@>=5 spec objects to pass in. * **integrity:** This PR replaces a pretty fundamental chunk of pacote. * Caching now follows standard-ish cache rules for http-related requests. * manifest() no longer includes the `_shasum` field. It's been replaced by `_integrity`, which is a Subresource Integrity hash string containing equivalent data. These strings can be parsed and managed using https://npm.im/ssri. * Any functions that accepted `opts.digest` and/or `opts.hashAlgorithm` now expect `opts.integrity` instead. * Packuments and finalized manifests are now cached using sha512. Tarballs can start using that hash (or any other more secure hash) once registries start supporting them: `packument.dist.integrity` will be prioritized over `packument.shasum`. * If opts.offline is used, a `ENOCACHE` error will be returned. # [1.0.0](https://github.com/npm/pacote/compare/v0.1.1...v1.0.0) (2017-03-17) ### Bug Fixes * **extract-stream:** adapt to tar-fs api ([aa21308](https://github.com/npm/pacote/commit/aa21308)) * add 'use strict' to all .js files (#26) ([021bd59](https://github.com/npm/pacote/commit/021bd59)) * **cache:** this is really a user error, so just throw ([5c9c0fa](https://github.com/npm/pacote/commit/5c9c0fa)) * **deps:** cacache[@5](https://github.com/5).0.3 ([37cddc5](https://github.com/npm/pacote/commit/37cddc5)) * **deps:** tar-fs[@1](https://github.com/1).15.1 ([e0d853a](https://github.com/npm/pacote/commit/e0d853a)) * **docs:** correct fixtures table (#57) ([23d2eb4](https://github.com/npm/pacote/commit/23d2eb4)) * **extract:** correctly detect digest cache misses ([ec6672b](https://github.com/npm/pacote/commit/ec6672b)) * **extract:** fixed race condition ([14fd2a8](https://github.com/npm/pacote/commit/14fd2a8)) * **finalize-manifest:** use digest to uniquify cached manifests ([931a9cb](https://github.com/npm/pacote/commit/931a9cb)) * **http:** Fixed cache-related race condition ([b70a4b1](https://github.com/npm/pacote/commit/b70a4b1)) * **manifest:** dir manifests should throw ENOPACKAGEJSON ([b06882d](https://github.com/npm/pacote/commit/b06882d)) * **manifest:** ETARGET when no packages match ([ea2127d](https://github.com/npm/pacote/commit/ea2127d)) * **manifest:** local manifest fn should return a promise ([c700622](https://github.com/npm/pacote/commit/c700622)) * **manifest:** retry registry manifests once on ETARGET (#66) ([3b99adc](https://github.com/npm/pacote/commit/3b99adc)) * **prefetch:** hashAlgorithm is required for hasContent ([f03d51c](https://github.com/npm/pacote/commit/f03d51c)) * **request:** report cache write errors on end ([c102b86](https://github.com/npm/pacote/commit/c102b86)) ### Features * **api:** support pre-realized specifiers as specs (#62) ([1d5bf39](https://github.com/npm/pacote/commit/1d5bf39)) * **cache:** grabbing info and hasContent ([a559711](https://github.com/npm/pacote/commit/a559711)) * **deps:** minimatch[@3](https://github.com/3).0.3 ([2bb8cd5](https://github.com/npm/pacote/commit/2bb8cd5)) * **deps:** normalize-package-data[@2](https://github.com/2).3.5 ([4250e0d](https://github.com/npm/pacote/commit/4250e0d)) * **directory:** directory dep support (#68) ([6d5307a](https://github.com/npm/pacote/commit/6d5307a)) * **git:** baseline git support (#69) ([6d7eaf5](https://github.com/npm/pacote/commit/6d7eaf5)) * **handlers:** added remote tarball support (#64) ([add1808](https://github.com/npm/pacote/commit/add1808)) * **local:** local tarball support (#67) ([e50d625](https://github.com/npm/pacote/commit/e50d625)) * **manifest:** handle deprecation notice (#60) ([db82dae](https://github.com/npm/pacote/commit/db82dae)) * **manifest:** standardize manifest format ([3dd9a72](https://github.com/npm/pacote/commit/3dd9a72)) * **manifest:** switch to cacache for caching ([8ba7249](https://github.com/npm/pacote/commit/8ba7249)) * **prefetch:** added tarball prefetch support ([26c34ce](https://github.com/npm/pacote/commit/26c34ce)) * **request:** accept maxSockets opt ([3987807](https://github.com/npm/pacote/commit/3987807)) * **scopes:** new scopeTargets option (#59) ([b5db7ae](https://github.com/npm/pacote/commit/b5db7ae)) ### Performance Improvements * **finalize-manifest:** cache finalized manifests ([fa3c430](https://github.com/npm/pacote/commit/fa3c430)) ### BREAKING CHANGES * **manifest:** Toplevel APIs now return Promises instead of using callbacks. PK!{{ manifest.jsnu['use strict' const fetchManifest = require('./lib/fetch').manifest const finalizeManifest = require('./lib/finalize-manifest') const optCheck = require('./lib/util/opt-check') const pinflight = require('promise-inflight') const npa = require('npm-package-arg') module.exports = manifest function manifest (spec, opts) { opts = optCheck(opts) spec = npa(spec, opts.where) const label = [ spec.name, spec.saveSpec || spec.fetchSpec, spec.type, opts.cache, opts.registry, opts.scope ].join(':') return pinflight(label, () => { const startTime = Date.now() return fetchManifest(spec, opts).then(rawManifest => { return finalizeManifest(rawManifest, spec, opts) }).then(manifest => { if (opts.annotate) { manifest._from = spec.saveSpec || spec.raw manifest._requested = spec manifest._spec = spec.raw manifest._where = opts.where } const elapsedTime = Date.now() - startTime opts.log.silly('pacote', `${spec.type} manifest for ${spec.name}@${spec.saveSpec || spec.fetchSpec} fetched in ${elapsedTime}ms`) return manifest }) }) } PK!^ extract.jsnu['use strict' const BB = require('bluebird') const extractStream = require('./lib/extract-stream.js') const fs = require('fs') const mkdirp = BB.promisify(require('mkdirp')) const npa = require('npm-package-arg') const optCheck = require('./lib/util/opt-check.js') const path = require('path') const rimraf = BB.promisify(require('rimraf')) const withTarballStream = require('./lib/with-tarball-stream.js') const inferOwner = require('infer-owner') const chown = BB.promisify(require('chownr')) const truncateAsync = BB.promisify(fs.truncate) const readFileAsync = BB.promisify(fs.readFile) const appendFileAsync = BB.promisify(fs.appendFile) // you used to call me on my... const selfOwner = process.getuid ? { uid: process.getuid(), gid: process.getgid() } : { uid: undefined, gid: undefined } module.exports = extract function extract (spec, dest, opts) { opts = optCheck(opts) spec = npa(spec, opts.where) if (spec.type === 'git' && !opts.cache) { throw new TypeError('Extracting git packages requires a cache folder') } if (typeof dest !== 'string') { throw new TypeError('Extract requires a destination') } const startTime = Date.now() return inferOwner(dest).then(({ uid, gid }) => { opts = opts.concat({ uid, gid }) return withTarballStream(spec, opts, stream => { return tryExtract(spec, stream, dest, opts) }) .then(() => { if (!opts.resolved) { const pjson = path.join(dest, 'package.json') return readFileAsync(pjson, 'utf8') .then(str => truncateAsync(pjson) .then(() => appendFileAsync(pjson, str.replace( /}\s*$/, `\n,"_resolved": ${ JSON.stringify(opts.resolved || '') }\n,"_integrity": ${ JSON.stringify(opts.integrity || '') }\n,"_from": ${ JSON.stringify(spec.toString()) }\n}` )))) } }) .then(() => opts.log.silly( 'extract', `${spec} extracted to ${dest} (${Date.now() - startTime}ms)` )) }) } function tryExtract (spec, tarStream, dest, opts) { return new BB((resolve, reject) => { tarStream.on('error', reject) rimraf(dest) .then(() => mkdirp(dest)) .then((made) => { // respect the current ownership of unpack targets // but don't try to chown if we're not root. if (selfOwner.uid === 0 && typeof selfOwner.gid === 'number' && selfOwner.uid !== opts.uid && selfOwner.gid !== opts.gid) { return chown(made || dest, opts.uid, opts.gid) } }) .then(() => { const xtractor = extractStream(spec, dest, opts) xtractor.on('error', reject) xtractor.on('close', resolve) tarStream.pipe(xtractor) }) .catch(reject) }) .catch(err => { if (err.code === 'EINTEGRITY') { err.message = `Verification failed while extracting ${spec}:\n${err.message}` } throw err }) } PK! ahlib/with-tarball-stream.jsnu['use strict' const BB = require('bluebird') const cacache = require('cacache') const fetch = require('./fetch.js') const fs = require('fs') const npa = require('npm-package-arg') const optCheck = require('./util/opt-check.js') const path = require('path') const ssri = require('ssri') const retry = require('promise-retry') const statAsync = BB.promisify(fs.stat) const RETRIABLE_ERRORS = new Set(['ENOENT', 'EINTEGRITY', 'Z_DATA_ERROR']) module.exports = withTarballStream function withTarballStream (spec, opts, streamHandler) { opts = optCheck(opts) spec = npa(spec, opts.where) // First, we check for a file: resolved shortcut const tryFile = ( !opts.preferOnline && opts.integrity && opts.resolved && opts.resolved.startsWith('file:') ) ? BB.try(() => { // NOTE - this is a special shortcut! Packages installed as files do not // have a `resolved` field -- this specific case only occurs when you have, // say, a git dependency or a registry dependency that you've packaged into // a local file, and put that file: spec in the `resolved` field. opts.log.silly('pacote', `trying ${spec} by local file: ${opts.resolved}`) const file = path.resolve(opts.where || '.', opts.resolved.substr(5)) return statAsync(file) .then(() => { const verifier = ssri.integrityStream({ integrity: opts.integrity }) const stream = fs.createReadStream(file) .on('error', err => verifier.emit('error', err)) .pipe(verifier) return streamHandler(stream) }) .catch(err => { if (err.code === 'EINTEGRITY') { opts.log.warn('pacote', `EINTEGRITY while extracting ${spec} from ${file}.You will have to recreate the file.`) opts.log.verbose('pacote', `EINTEGRITY for ${spec}: ${err.message}`) } throw err }) }) : BB.reject(Object.assign(new Error('no file!'), { code: 'ENOENT' })) const tryDigest = tryFile .catch(err => { if ( opts.preferOnline || !opts.cache || !opts.integrity || !RETRIABLE_ERRORS.has(err.code) ) { throw err } else { opts.log.silly('tarball', `trying ${spec} by hash: ${opts.integrity}`) const stream = cacache.get.stream.byDigest( opts.cache, opts.integrity, opts ) stream.once('error', err => stream.on('newListener', (ev, l) => { if (ev === 'error') { l(err) } })) return streamHandler(stream) .catch(err => { if (err.code === 'EINTEGRITY' || err.code === 'Z_DATA_ERROR') { opts.log.warn('tarball', `cached data for ${spec} (${opts.integrity}) seems to be corrupted. Refreshing cache.`) return cleanUpCached(opts.cache, opts.integrity, opts) .then(() => { throw err }) } else { throw err } }) } }) const trySpec = tryDigest .catch(err => { if (!RETRIABLE_ERRORS.has(err.code)) { // If it's not one of our retriable errors, bail out and give up. throw err } else { opts.log.silly( 'tarball', `no local data for ${spec}. Extracting by manifest.` ) return BB.resolve(retry((tryAgain, attemptNum) => { const tardata = fetch.tarball(spec, opts) if (!opts.resolved) { tardata.on('manifest', m => { opts = opts.concat({ resolved: m._resolved }) }) tardata.on('integrity', i => { opts = opts.concat({ integrity: i }) }) } return BB.try(() => streamHandler(tardata)) .catch(err => { // Retry once if we have a cache, to clear up any weird conditions. // Don't retry network errors, though -- make-fetch-happen has already // taken care of making sure we're all set on that front. if (opts.cache && err.code && !String(err.code).match(/^E\d{3}$/)) { if (err.code === 'EINTEGRITY' || err.code === 'Z_DATA_ERROR') { opts.log.warn('tarball', `tarball data for ${spec} (${opts.integrity}) seems to be corrupted. Trying one more time.`) } return cleanUpCached(opts.cache, err.sri, opts) .then(() => tryAgain(err)) } else { throw err } }) }, { retries: 1 })) } }) return trySpec .catch(err => { if (err.code === 'EINTEGRITY') { err.message = `Verification failed while extracting ${spec}:\n${err.message}` } throw err }) } function cleanUpCached (cachePath, integrity, opts) { return cacache.rm.content(cachePath, integrity, opts) } PK!= h lib/extract-stream.jsnu['use strict' const Minipass = require('minipass') const path = require('path') const tar = require('tar') module.exports = extractStream module.exports._computeMode = computeMode class Transformer extends Minipass { constructor (spec, opts) { super() this.spec = spec this.opts = opts this.str = '' } write (data) { this.str += data return true } end () { const replaced = this.str.replace( /}\s*$/, `\n,"_resolved": ${ JSON.stringify(this.opts.resolved || '') }\n,"_integrity": ${ JSON.stringify(this.opts.integrity || '') }\n,"_from": ${ JSON.stringify(this.spec.toString()) }\n}` ) super.write(replaced) return super.end() } } function computeMode (fileMode, optMode, umask) { return (fileMode | optMode) & ~(umask || 0) } function pkgJsonTransform (spec, opts) { return entry => { if (entry.path === 'package.json') { const transformed = new Transformer(spec, opts) return transformed } } } function extractStream (spec, dest, opts) { opts = opts || {} const sawIgnores = new Set() return tar.x({ cwd: dest, filter: (name, entry) => !entry.header.type.match(/^.*link$/i), strip: 1, onwarn: msg => opts.log && opts.log.warn('tar', msg), uid: opts.uid, gid: opts.gid, umask: opts.umask, transform: opts.resolved && pkgJsonTransform(spec, opts), onentry (entry) { if (entry.type.toLowerCase() === 'file') { entry.mode = computeMode(entry.mode, opts.fmode, opts.umask) } else if (entry.type.toLowerCase() === 'directory') { entry.mode = computeMode(entry.mode, opts.dmode, opts.umask) } else { entry.mode = computeMode(entry.mode, 0, opts.umask) } // Note: This mirrors logic in the fs read operations that are // employed during tarball creation, in the fstream-npm module. // It is duplicated here to handle tarballs that are created // using other means, such as system tar or git archive. if (entry.type.toLowerCase() === 'file') { const base = path.basename(entry.path) if (base === '.npmignore') { sawIgnores.add(entry.path) } else if (base === '.gitignore') { const npmignore = entry.path.replace(/\.gitignore$/, '.npmignore') if (!sawIgnores.has(npmignore)) { // Rename, may be clobbered later. entry.path = npmignore } } } } }) } PK!Y;#lib/util/opt-check.jsnu['use strict' const figgyPudding = require('figgy-pudding') const logger = require('./proclog.js') const AUTH_REGEX = /^(?:.*:)?(token|_authToken|username|_password|password|email|always-auth|_auth|otp)$/ const SCOPE_REGISTRY_REGEX = /@.*:registry$/gi module.exports = figgyPudding({ annotate: {}, cache: {}, defaultTag: 'tag', dirPacker: {}, dmode: {}, 'enjoy-by': 'enjoyBy', enjoyBy: {}, before: 'enjoyBy', fmode: {}, 'fetch-retries': { default: 2 }, 'fetch-retry-factor': { default: 10 }, 'fetch-retry-maxtimeout': { default: 60000 }, 'fetch-retry-mintimeout': { default: 10000 }, fullMetadata: 'full-metadata', 'full-metadata': { default: false }, gid: {}, git: {}, includeDeprecated: { default: true }, 'include-deprecated': 'includeDeprecated', integrity: {}, log: { default: logger }, memoize: {}, offline: {}, preferOffline: 'prefer-offline', 'prefer-offline': {}, preferOnline: 'prefer-online', 'prefer-online': {}, registry: { default: 'https://registry.npmjs.org/' }, resolved: {}, retry: {}, scope: {}, tag: { default: 'latest' }, uid: {}, umask: {}, where: {} }, { other (key) { return key.match(AUTH_REGEX) || key.match(SCOPE_REGISTRY_REGEX) } }) PK!ӭlib/util/finished.jsnu['use strict' const BB = require('bluebird') module.exports = function (child, hasExitCode = false) { return BB.fromNode(function (cb) { child.on('error', cb) child.on(hasExitCode ? 'close' : 'end', function (exitCode) { if (exitCode === undefined || exitCode === 0) { cb() } else { let err = new Error('exited with error code: ' + exitCode) cb(err) } }) }) } PK!,Z lib/util/git.jsnu['use strict' const BB = require('bluebird') const cp = require('child_process') const execFileAsync = BB.promisify(cp.execFile, { multiArgs: true }) const finished = require('./finished') const LRU = require('lru-cache') const optCheck = require('./opt-check') const osenv = require('osenv') const path = require('path') const pinflight = require('promise-inflight') const promiseRetry = require('promise-retry') const uniqueFilename = require('unique-filename') const which = BB.promisify(require('which')) const semver = require('semver') const inferOwner = require('infer-owner') const GOOD_ENV_VARS = new Set([ 'GIT_ASKPASS', 'GIT_EXEC_PATH', 'GIT_PROXY_COMMAND', 'GIT_SSH', 'GIT_SSH_COMMAND', 'GIT_SSL_CAINFO', 'GIT_SSL_NO_VERIFY' ]) const GIT_TRANSIENT_ERRORS = [ 'remote error: Internal Server Error', 'The remote end hung up unexpectedly', 'Connection timed out', 'Operation timed out', 'Failed to connect to .* Timed out', 'Connection reset by peer', 'SSL_ERROR_SYSCALL', 'The requested URL returned error: 503' ].join('|') const GIT_TRANSIENT_ERROR_RE = new RegExp(GIT_TRANSIENT_ERRORS) const GIT_TRANSIENT_ERROR_MAX_RETRY_NUMBER = 3 function shouldRetry (error, number) { return GIT_TRANSIENT_ERROR_RE.test(error) && (number < GIT_TRANSIENT_ERROR_MAX_RETRY_NUMBER) } const GIT_ = 'GIT_' let GITENV function gitEnv () { if (GITENV) { return GITENV } const tmpDir = path.join(osenv.tmpdir(), 'pacote-git-template-tmp') const tmpName = uniqueFilename(tmpDir, 'git-clone') GITENV = { GIT_ASKPASS: 'echo', GIT_TEMPLATE_DIR: tmpName } Object.keys(process.env).forEach(k => { if (GOOD_ENV_VARS.has(k) || !k.startsWith(GIT_)) { GITENV[k] = process.env[k] } }) return GITENV } let GITPATH try { GITPATH = which.sync('git') } catch (e) {} module.exports.clone = fullClone function fullClone (repo, committish, target, opts) { opts = optCheck(opts) const gitArgs = ['clone', '--mirror', '-q', repo, path.join(target, '.git')] if (process.platform === 'win32') { gitArgs.push('--config', 'core.longpaths=true') } return execGit(gitArgs, { cwd: target }, opts).then(() => { return execGit(['init'], { cwd: target }, opts) }).then(() => { return execGit(['checkout', committish || 'HEAD'], { cwd: target }, opts) }).then(() => { return updateSubmodules(target, opts) }).then(() => headSha(target, opts)) } module.exports.shallow = shallowClone function shallowClone (repo, branch, target, opts) { opts = optCheck(opts) const gitArgs = ['clone', '--depth=1', '-q'] if (branch) { gitArgs.push('-b', branch) } gitArgs.push(repo, target) if (process.platform === 'win32') { gitArgs.push('--config', 'core.longpaths=true') } return execGit(gitArgs, { cwd: target }, opts).then(() => { return updateSubmodules(target, opts) }).then(() => headSha(target, opts)) } function updateSubmodules (localRepo, opts) { const gitArgs = ['submodule', 'update', '-q', '--init', '--recursive'] return execGit(gitArgs, { cwd: localRepo }, opts) } function headSha (repo, opts) { opts = optCheck(opts) return execGit(['rev-parse', '--revs-only', 'HEAD'], { cwd: repo }, opts).spread(stdout => { return stdout.trim() }) } const CARET_BRACES = '^{}' const REVS = new LRU({ max: 100, maxAge: 5 * 60 * 1000 }) module.exports.revs = revs function revs (repo, opts) { opts = optCheck(opts) const cached = REVS.get(repo) if (cached) { return BB.resolve(cached) } return pinflight(`ls-remote:${repo}`, () => { return spawnGit(['ls-remote', '-h', '-t', repo], { env: gitEnv() }, opts).then((stdout) => { return stdout.split('\n').reduce((revs, line) => { const split = line.split(/\s+/, 2) if (split.length < 2) { return revs } const sha = split[0].trim() const ref = split[1].trim().match(/(?:refs\/[^/]+\/)?(.*)/)[1] if (!ref) { return revs } // ??? if (ref.endsWith(CARET_BRACES)) { return revs } // refs/tags/x^{} crap const type = refType(line) const doc = { sha, ref, type } revs.refs[ref] = doc // We can check out shallow clones on specific SHAs if we have a ref if (revs.shas[sha]) { revs.shas[sha].push(ref) } else { revs.shas[sha] = [ref] } if (type === 'tag') { const match = ref.match(/v?(\d+\.\d+\.\d+(?:[-+].+)?)$/) if (match && semver.valid(match[1], true)) { revs.versions[semver.clean(match[1], true)] = doc } } return revs }, { versions: {}, 'dist-tags': {}, refs: {}, shas: {} }) }, err => { err.message = `Error while executing:\n${GITPATH} ls-remote -h -t ${repo}\n\n${err.stderr}\n${err.message}` throw err }).then(revs => { if (revs.refs.HEAD) { const HEAD = revs.refs.HEAD Object.keys(revs.versions).forEach(v => { if (v.sha === HEAD.sha) { revs['dist-tags'].HEAD = v if (!revs.refs.latest) { revs['dist-tags'].latest = revs.refs.HEAD } } }) } REVS.set(repo, revs) return revs }) }) } // infer the owner from the cwd git is operating in, if not the // process cwd, but only if we're root. // See: https://github.com/npm/cli/issues/624 module.exports._cwdOwner = cwdOwner function cwdOwner (gitOpts, opts) { const isRoot = process.getuid && process.getuid() === 0 if (!isRoot || !gitOpts.cwd) { return Promise.resolve() } return BB.resolve(inferOwner(gitOpts.cwd).then(owner => { gitOpts.uid = owner.uid gitOpts.gid = owner.gid })) } module.exports._exec = execGit function execGit (gitArgs, gitOpts, opts) { opts = optCheck(opts) return BB.resolve(cwdOwner(gitOpts, opts).then(() => checkGit(opts).then(gitPath => { return promiseRetry((retry, number) => { if (number !== 1) { opts.log.silly('pacote', 'Retrying git command: ' + gitArgs.join(' ') + ' attempt # ' + number) } return execFileAsync(gitPath, gitArgs, mkOpts(gitOpts, opts)).catch((err) => { if (shouldRetry(err, number)) { retry(err) } else { throw err } }) }, opts.retry != null ? opts.retry : { retries: opts['fetch-retries'], factor: opts['fetch-retry-factor'], maxTimeout: opts['fetch-retry-maxtimeout'], minTimeout: opts['fetch-retry-mintimeout'] }) }))) } module.exports._spawn = spawnGit function spawnGit (gitArgs, gitOpts, opts) { opts = optCheck(opts) return BB.resolve(cwdOwner(gitOpts, opts).then(() => checkGit(opts).then(gitPath => { return promiseRetry((retry, number) => { if (number !== 1) { opts.log.silly('pacote', 'Retrying git command: ' + gitArgs.join(' ') + ' attempt # ' + number) } const child = cp.spawn(gitPath, gitArgs, mkOpts(gitOpts, opts)) let stdout = '' let stderr = '' child.stdout.on('data', d => { stdout += d }) child.stderr.on('data', d => { stderr += d }) return finished(child, true).catch(err => { if (shouldRetry(stderr, number)) { retry(err) } else { err.stderr = stderr throw err } }).then(() => { return stdout }) }, opts.retry) }))) } module.exports._mkOpts = mkOpts function mkOpts (_gitOpts, opts) { const gitOpts = { env: gitEnv() } const isRoot = process.getuid && process.getuid() === 0 // don't change child process uid/gid if not root if (+opts.uid && !isNaN(opts.uid) && isRoot) { gitOpts.uid = +opts.uid } if (+opts.gid && !isNaN(opts.gid) && isRoot) { gitOpts.gid = +opts.gid } Object.assign(gitOpts, _gitOpts) return gitOpts } function checkGit (opts) { if (opts.git) { return BB.resolve(opts.git) } else if (!GITPATH) { const err = new Error('No git binary found in $PATH') err.code = 'ENOGIT' return BB.reject(err) } else { return BB.resolve(GITPATH) } } const REFS_TAGS = 'refs/tags/' const REFS_HEADS = 'refs/heads/' const HEAD = 'HEAD' function refType (ref) { return ref.indexOf(REFS_TAGS) !== -1 ? 'tag' : ref.indexOf(REFS_HEADS) !== -1 ? 'branch' : ref.endsWith(HEAD) ? 'head' : 'other' } PK!llib/util/cache-key.jsnu['use strict' module.exports = cacheKey function cacheKey (type, identifier) { return ['pacote', type, identifier].join(':') } PK!0ilib/util/pack-dir.jsnu['use strict' const BB = require('bluebird') const cacache = require('cacache') const cacheKey = require('./cache-key') const optCheck = require('./opt-check') const packlist = require('npm-packlist') const pipe = BB.promisify(require('mississippi').pipe) const tar = require('tar') module.exports = packDir function packDir (manifest, label, dir, target, opts) { opts = optCheck(opts) const packer = opts.dirPacker ? BB.resolve(opts.dirPacker(manifest, dir)) : mkPacker(dir) if (!opts.cache) { return packer.then(packer => pipe(packer, target)) } else { const cacher = cacache.put.stream( opts.cache, cacheKey('packed-dir', label), opts ).on('integrity', i => { target.emit('integrity', i) }) return packer.then(packer => BB.all([ pipe(packer, cacher), pipe(packer, target) ])) } } function mkPacker (dir) { return packlist({ path: dir }).then(files => { return tar.c({ cwd: dir, gzip: true, portable: true, prefix: 'package/' }, files) }) } PK!= LTTlib/util/proclog.jsnu['use strict' const LEVELS = [ 'notice', 'error', 'warn', 'info', 'verbose', 'http', 'silly', 'pause', 'resume' ] const logger = {} for (const level of LEVELS) { logger[level] = log(level) } module.exports = logger function log (level) { return (category, ...args) => process.emit('log', level, category, ...args) } PK!:Rlib/util/read-json.jsnu['use strict' module.exports = function (content) { // Code also yanked from read-package-json. function stripBOM (content) { content = content.toString() // Remove byte order marker. This catches EF BB BF (the UTF-8 BOM) // because the buffer-to-string conversion in `fs.readFileSync()` // translates it to FEFF, the UTF-16 BOM. if (content.charCodeAt(0) === 0xFEFF) return content.slice(1) return content } return JSON.parse(stripBOM(content)) } PK!55lib/fetchers/version.jsnu['use strict' module.exports = require('./registry') PK!xYYlib/fetchers/git.jsnu['use strict' const BB = require('bluebird') const cacache = require('cacache') const cacheKey = require('../util/cache-key') const Fetcher = require('../fetch') const git = require('../util/git') const mkdirp = BB.promisify(require('mkdirp')) const pickManifest = require('npm-pick-manifest') const optCheck = require('../util/opt-check') const osenv = require('osenv') const packDir = require('../util/pack-dir') const PassThrough = require('stream').PassThrough const path = require('path') const pipe = BB.promisify(require('mississippi').pipe) const rimraf = BB.promisify(require('rimraf')) const uniqueFilename = require('unique-filename') // `git` dependencies are fetched from git repositories and packed up. const fetchGit = module.exports = Object.create(null) Fetcher.impl(fetchGit, { packument (spec, opts) { return BB.reject(new Error('Not implemented yet.')) }, manifest (spec, opts) { opts = optCheck(opts) if (spec.hosted && spec.hosted.getDefaultRepresentation() === 'shortcut') { return hostedManifest(spec, opts) } else { // If it's not a shortcut, don't do fallbacks. return plainManifest(spec.fetchSpec, spec, opts) } }, tarball (spec, opts) { opts = optCheck(opts) const stream = new PassThrough() this.manifest(spec, opts).then(manifest => { stream.emit('manifest', manifest) return pipe( this.fromManifest( manifest, spec, opts ).on('integrity', i => stream.emit('integrity', i)), stream ) }).catch(err => stream.emit('error', err)) return stream }, fromManifest (manifest, spec, opts) { opts = optCheck(opts) let streamError const stream = new PassThrough().on('error', e => { streamError = e }) const cacheName = manifest._uniqueResolved || manifest._resolved || '' const cacheStream = ( opts.cache && cacache.get.stream( opts.cache, cacheKey('packed-dir', cacheName), opts ).on('integrity', i => stream.emit('integrity', i)) ) cacheStream.pipe(stream) cacheStream.on('error', err => { if (err.code !== 'ENOENT') { return stream.emit('error', err) } else { stream.emit('reset') return withTmp(opts, tmp => { if (streamError) { throw streamError } return cloneRepo( spec, manifest._repo, manifest._ref, manifest._rawRef, tmp, opts ).then(HEAD => { if (streamError) { throw streamError } manifest._resolved = spec.saveSpec.replace(/(:?#.*)?$/, `#${HEAD}`) manifest._uniqueResolved = manifest._resolved return packDir(manifest, manifest._uniqueResolved, tmp, stream, opts) }) }).catch(err => stream.emit('error', err)) } }) return stream } }) function hostedManifest (spec, opts) { return BB.resolve(null).then(() => { if (!spec.hosted.git()) { throw new Error(`No git url for ${spec}`) } return plainManifest(spec.hosted.git(), spec, opts) }).catch(err => { if (!spec.hosted.https()) { throw err } return plainManifest(spec.hosted.https(), spec, opts) }).catch(err => { if (!spec.hosted.sshurl()) { throw err } return plainManifest(spec.hosted.sshurl(), spec, opts) }) } function plainManifest (repo, spec, opts) { const rawRef = spec.gitCommittish || spec.gitRange return resolve( repo, spec, spec.name, opts ).then(ref => { if (ref) { const resolved = spec.saveSpec.replace(/(?:#.*)?$/, `#${ref.sha}`) return { _repo: repo, _resolved: resolved, _spec: spec, _ref: ref, _rawRef: spec.gitCommittish || spec.gitRange, _uniqueResolved: resolved, _integrity: false, _shasum: false } } else { // We're SOL and need a full clone :( // // If we're confident enough that `rawRef` is a commit SHA, // then we can at least get `finalize-manifest` to cache its result. const resolved = spec.saveSpec.replace(/(?:#.*)?$/, rawRef ? `#${rawRef}` : '') return { _repo: repo, _rawRef: rawRef, _resolved: rawRef && rawRef.match(/^[a-f0-9]{40}$/) && resolved, _uniqueResolved: rawRef && rawRef.match(/^[a-f0-9]{40}$/) && resolved, _integrity: false, _shasum: false } } }) } function resolve (url, spec, name, opts) { const isSemver = !!spec.gitRange return git.revs(url, opts).then(remoteRefs => { return isSemver ? pickManifest({ versions: remoteRefs.versions, 'dist-tags': remoteRefs['dist-tags'], name: name }, spec.gitRange, opts) : remoteRefs ? BB.resolve( remoteRefs.refs[spec.gitCommittish] || remoteRefs.refs[remoteRefs.shas[spec.gitCommittish]] ) : null }) } function withTmp (opts, cb) { if (opts.cache) { // cacache has a special facility for working in a tmp dir return cacache.tmp.withTmp(opts.cache, { tmpPrefix: 'git-clone' }, cb) } else { const tmpDir = path.join(osenv.tmpdir(), 'pacote-git-tmp') const tmpName = uniqueFilename(tmpDir, 'git-clone') const tmp = mkdirp(tmpName).then(() => tmpName).disposer(rimraf) return BB.using(tmp, cb) } } // Only certain whitelisted hosted gits support shadow cloning const SHALLOW_HOSTS = new Set(['github', 'gist', 'gitlab', 'bitbucket']) function cloneRepo (spec, repo, resolvedRef, rawRef, tmp, opts) { const ref = resolvedRef ? resolvedRef.ref : rawRef if (resolvedRef && spec.hosted && SHALLOW_HOSTS.has(spec.hosted.type)) { return git.shallow(repo, ref, tmp, opts) } else { return git.clone(repo, ref, tmp, opts) } } PK!3t "lib/fetchers/registry/packument.jsnu['use strict' const BB = require('bluebird') const fetch = require('npm-registry-fetch') const LRU = require('lru-cache') const optCheck = require('../../util/opt-check') // Corgis are cute. 🐕🐶 const CORGI_DOC = 'application/vnd.npm.install-v1+json; q=1.0, application/json; q=0.8, */*' const JSON_DOC = 'application/json' module.exports = packument function packument (spec, opts) { opts = optCheck(opts) const registry = fetch.pickRegistry(spec, opts) const uri = registry.replace(/\/?$/, '/') + spec.escapedName return fetchPackument(uri, registry, spec, opts) } const MEMO = new LRU({ length: m => m._contentLength, max: 200 * 1024 * 1024, // 200MB maxAge: 30 * 1000 // 30s }) module.exports.clearMemoized = clearMemoized function clearMemoized () { MEMO.reset() } function fetchPackument (uri, registry, spec, opts) { const mem = pickMem(opts) const accept = opts.fullMetadata ? JSON_DOC : CORGI_DOC const memoKey = `${uri}~(${accept})` if (mem && !opts.preferOnline && mem.has(memoKey)) { return BB.resolve(mem.get(memoKey)) } return fetch(uri, opts.concat({ headers: { 'pacote-req-type': 'packument', 'pacote-pkg-id': `registry:${spec.name}`, accept }, spec }, opts, { // Force integrity to null: we never check integrity hashes for manifests integrity: null })).then(res => res.json().then(packument => { packument._cached = res.headers.has('x-local-cache') packument._contentLength = +res.headers.get('content-length') // NOTE - we need to call pickMem again because proxy // objects get reused! const mem = pickMem(opts) if (mem) { mem.set(memoKey, packument) } return packument })).catch(err => { if (err.code === 'E404' && !opts.fullMetadata) { return fetchPackument(uri, registry, spec, opts.concat({ fullMetadata: true })) } else { throw err } }) } class ObjProxy { get (key) { return this.obj[key] } set (key, val) { this.obj[key] = val } } // This object is used synchronously and immediately, so // we can safely reuse it instead of consing up new ones const PROX = new ObjProxy() function pickMem (opts) { if (!opts || !opts.memoize) { return MEMO } else if (opts.memoize.get && opts.memoize.set) { return opts.memoize } else if (typeof opts.memoize === 'object') { PROX.obj = opts.memoize return PROX } else { return null } } PK!c1 1 lib/fetchers/registry/tarball.jsnu['use strict' const BB = require('bluebird') const fetch = require('npm-registry-fetch') const manifest = require('./manifest') const optCheck = require('../../util/opt-check') const PassThrough = require('stream').PassThrough const ssri = require('ssri') const url = require('url') module.exports = tarball function tarball (spec, opts) { opts = optCheck(opts) const registry = fetch.pickRegistry(spec, opts) const stream = new PassThrough() let mani if ( opts.resolved && // spec.type === 'version' && opts.resolved.indexOf(registry) === 0 ) { // fakeChild is a shortcut to avoid looking up a manifest! mani = BB.resolve({ name: spec.name, version: spec.fetchSpec, _integrity: opts.integrity, _resolved: opts.resolved, _fakeChild: true }) } else { // We can't trust opts.resolved if it's going to a separate host. mani = manifest(spec, opts) } mani.then(mani => { !mani._fakeChild && stream.emit('manifest', mani) const fetchStream = fromManifest(mani, spec, opts).on( 'integrity', i => stream.emit('integrity', i) ) fetchStream.on('error', err => stream.emit('error', err)) fetchStream.pipe(stream) return null }).catch(err => stream.emit('error', err)) return stream } module.exports.fromManifest = fromManifest function fromManifest (manifest, spec, opts) { opts = optCheck(opts) if (spec.scope) { opts = opts.concat({ scope: spec.scope }) } const stream = new PassThrough() const registry = fetch.pickRegistry(spec, opts) const uri = getTarballUrl(spec, registry, manifest, opts) fetch(uri, opts.concat({ headers: { 'pacote-req-type': 'tarball', 'pacote-pkg-id': `registry:${manifest.name}@${uri}` }, integrity: manifest._integrity, algorithms: [ manifest._integrity ? ssri.parse(manifest._integrity).pickAlgorithm() : 'sha1' ], spec }, opts)) .then(res => { const hash = res.headers.get('x-local-cache-hash') if (hash) { stream.emit('integrity', decodeURIComponent(hash)) } res.body.on('error', err => stream.emit('error', err)) res.body.pipe(stream) return null }) .catch(err => stream.emit('error', err)) return stream } function getTarballUrl (spec, registry, mani, opts) { const reg = url.parse(registry) const tarball = url.parse(mani._resolved) // https://github.com/npm/npm/pull/9471 // // TL;DR: Some alternative registries host tarballs on http and packuments // on https, and vice-versa. There's also a case where people who can't use // SSL to access the npm registry, for example, might use // `--registry=http://registry.npmjs.org/`. In this case, we need to // rewrite `tarball` to match the protocol. // if (reg.hostname === tarball.hostname && reg.protocol !== tarball.protocol) { tarball.protocol = reg.protocol // Ports might be same host different protocol! if (reg.port !== tarball.port) { delete tarball.host tarball.port = reg.port } delete tarball.href } return url.format(tarball) } PK!Uºlib/fetchers/registry/index.jsnu['use strict' const cacache = require('cacache') const Fetcher = require('../../fetch') const regManifest = require('./manifest') const regPackument = require('./packument') const regTarball = require('./tarball') const fetchRegistry = module.exports = Object.create(null) Fetcher.impl(fetchRegistry, { packument (spec, opts) { return regPackument(spec, opts) }, manifest (spec, opts) { return regManifest(spec, opts) }, tarball (spec, opts) { return regTarball(spec, opts) }, fromManifest (manifest, spec, opts) { return regTarball.fromManifest(manifest, spec, opts) }, clearMemoized () { cacache.clearMemoized() regPackument.clearMemoized() } }) PK!qX80 0 !lib/fetchers/registry/manifest.jsnu['use strict' const fetch = require('npm-registry-fetch') const fetchPackument = require('./packument') const optCheck = require('../../util/opt-check') const pickManifest = require('npm-pick-manifest') const ssri = require('ssri') module.exports = manifest function manifest (spec, opts) { opts = optCheck(opts) return getManifest(spec, opts).then(manifest => { return annotateManifest(spec, manifest, opts) }) } function getManifest (spec, opts) { opts = opts.concat({ fullMetadata: opts.enjoyBy ? true : opts.fullMetadata }) return fetchPackument(spec, opts).then(packument => { try { return pickManifest(packument, spec.fetchSpec, { defaultTag: opts.defaultTag, enjoyBy: opts.enjoyBy, includeDeprecated: opts.includeDeprecated }) } catch (err) { if ((err.code === 'ETARGET' || err.code === 'E403') && packument._cached && !opts.offline) { opts.log.silly( 'registry:manifest', `no matching version for ${spec.name}@${spec.fetchSpec} in the cache. Forcing revalidation.` ) opts = opts.concat({ preferOffline: false, preferOnline: true }) return fetchPackument(spec, opts.concat({ // Fetch full metadata in case ETARGET was due to corgi delay fullMetadata: true })).then(packument => { return pickManifest(packument, spec.fetchSpec, { defaultTag: opts.defaultTag, enjoyBy: opts.enjoyBy }) }) } else { throw err } } }) } function annotateManifest (spec, manifest, opts) { const shasum = manifest.dist && manifest.dist.shasum manifest._integrity = manifest.dist && manifest.dist.integrity manifest._shasum = shasum if (!manifest._integrity && shasum) { // Use legacy dist.shasum field if available. manifest._integrity = ssri.fromHex(shasum, 'sha1').toString() } manifest._resolved = ( manifest.dist && manifest.dist.tarball ) if (!manifest._resolved) { const registry = fetch.pickRegistry(spec, opts) const uri = registry.replace(/\/?$/, '/') + spec.escapedName const err = new Error( `Manifest for ${manifest.name}@${manifest.version} from ${uri} is missing a tarball url (pkg.dist.tarball). Guessing a default.` ) err.code = 'ENOTARBALL' err.manifest = manifest if (!manifest._warnings) { manifest._warnings = [] } manifest._warnings.push(err.message) manifest._resolved = `${registry}/${manifest.name}/-/${manifest.name}-${manifest.version}.tgz` } return manifest } PK!55lib/fetchers/tag.jsnu['use strict' module.exports = require('./registry') PK!dT lib/fetchers/directory.jsnu['use strict' const BB = require('bluebird') const Fetcher = require('../fetch') const glob = BB.promisify(require('glob')) const packDir = require('../util/pack-dir') const readJson = require('../util/read-json') const path = require('path') const pipe = BB.promisify(require('mississippi').pipe) const through = require('mississippi').through const normalizePackageBin = require('npm-normalize-package-bin') const readFileAsync = BB.promisify(require('fs').readFile) const fetchDirectory = module.exports = Object.create(null) Fetcher.impl(fetchDirectory, { packument (spec, opts) { return this.manifest(spec, opts).then(manifest => { return Object.assign({}, manifest, { 'dist-tags': { 'latest': manifest.version }, time: { [manifest.version]: (new Date()).toISOString() }, versions: { [manifest.version]: manifest } }) }) }, // `directory` manifests come from the actual manifest/lockfile data. manifest (spec, opts) { const pkgPath = path.join(spec.fetchSpec, 'package.json') const srPath = path.join(spec.fetchSpec, 'npm-shrinkwrap.json') return BB.join( readFileAsync(pkgPath).then(readJson).catch({ code: 'ENOENT' }, err => { err.code = 'ENOPACKAGEJSON' throw err }), readFileAsync(srPath).then(readJson).catch({ code: 'ENOENT' }, () => null), (pkg, sr) => { pkg._shrinkwrap = sr pkg._hasShrinkwrap = !!sr pkg._resolved = spec.fetchSpec pkg._integrity = false // Don't auto-calculate integrity pkg._shasum = false // Don't auto-calculate shasum either return pkg } ).then(pkg => { if (!pkg.bin && pkg.directories && pkg.directories.bin) { const dirBin = pkg.directories.bin return glob(path.join(spec.fetchSpec, dirBin, '/**'), { nodir: true }).then(matches => { matches.forEach(filePath => { const relative = path.relative(spec.fetchSpec, filePath) if (relative && relative[0] !== '.') { if (!pkg.bin) { pkg.bin = {} } pkg.bin[path.basename(relative)] = relative } }) }).then(() => pkg) } else { return pkg } }).then(pkg => normalizePackageBin(pkg)) }, // As of npm@5, the npm installer doesn't pack + install directories: it just // creates symlinks. This code is here because `npm pack` still needs the // ability to create a tarball from a local directory. tarball (spec, opts) { const stream = through() this.manifest(spec, opts).then(mani => { return pipe(this.fromManifest(mani, spec, opts), stream) }).catch(err => stream.emit('error', err)) return stream }, // `directory` tarballs are generated in a very similar way to git tarballs. fromManifest (manifest, spec, opts) { const stream = through() packDir(manifest, manifest._resolved, manifest._resolved, stream, opts).catch(err => { stream.emit('error', err) }) return stream } }) PK!|'00lib/fetchers/hosted.jsnu['use strict' module.exports = require('./git') PK!$+7 lib/fetchers/file.jsnu['use strict' const BB = require('bluebird') const cacache = require('cacache') const Fetcher = require('../fetch') const fs = require('fs') const pipe = BB.promisify(require('mississippi').pipe) const through = require('mississippi').through const readFileAsync = BB.promisify(fs.readFile) const statAsync = BB.promisify(fs.stat) const MAX_BULK_SIZE = 2 * 1024 * 1024 // 2MB // `file` packages refer to local tarball files. const fetchFile = module.exports = Object.create(null) Fetcher.impl(fetchFile, { packument (spec, opts) { return BB.reject(new Error('Not implemented yet')) }, manifest (spec, opts) { // We can't do much here. `finalizeManifest` will take care of // calling `tarball` to fill out all the necessary details. return BB.resolve(null) }, // All the heavy lifting for `file` packages is done here. // They're never cached. We just read straight out of the file. // TODO - maybe they *should* be cached? tarball (spec, opts) { const src = spec._resolved || spec.fetchSpec const stream = through() statAsync(src).then(stat => { if (spec._resolved) { stream.emit('manifest', spec) } if (stat.size <= MAX_BULK_SIZE) { // YAY LET'S DO THING IN BULK return readFileAsync(src).then(data => { if (opts.cache) { return cacache.put( opts.cache, `pacote:tarball:file:${src}`, data, { integrity: opts.integrity } ).then(integrity => ({ data, integrity })) } else { return { data } } }).then(info => { if (info.integrity) { stream.emit('integrity', info.integrity) } stream.write(info.data, () => { stream.end() }) }) } else { let integrity const cacheWriter = !opts.cache ? BB.resolve(null) : (pipe( fs.createReadStream(src), cacache.put.stream(opts.cache, `pacote:tarball:${src}`, { integrity: opts.integrity }).on('integrity', d => { integrity = d }) )) return cacheWriter.then(() => { if (integrity) { stream.emit('integrity', integrity) } return pipe(fs.createReadStream(src), stream) }) } }).catch(err => stream.emit('error', err)) return stream }, fromManifest (manifest, spec, opts) { return this.tarball(manifest || spec, opts) } }) PK!55lib/fetchers/range.jsnu['use strict' module.exports = require('./registry') PK!9XXlib/fetchers/remote.jsnu['use strict' const BB = require('bluebird') const Fetcher = require('../fetch') const fetchRegistry = require('./registry') const fetchRemote = module.exports = Object.create(null) Fetcher.impl(fetchRemote, { packument (spec, opts) { return BB.reject(new Error('Not implemented yet')) }, manifest (spec, opts) { // We can't get the manifest for a remote tarball until // we extract the tarball itself. // `finalize-manifest` takes care of this process of extracting // a manifest based on ./tarball.js return BB.resolve(null) }, tarball (spec, opts) { const uri = spec._resolved || spec.fetchSpec return fetchRegistry.fromManifest({ _resolved: uri, _integrity: opts.integrity }, spec, opts) }, fromManifest (manifest, spec, opts) { return this.tarball(manifest || spec, opts) } }) PK!!|\**lib/fetchers/alias.jsnu['use strict' const Fetcher = require('../fetch') const fetchRegistry = require('./registry') const fetchRemote = module.exports = Object.create(null) Fetcher.impl(fetchRemote, { packument (spec, opts) { return fetchRegistry.packument(spec.subSpec, opts) }, manifest (spec, opts) { return fetchRegistry.manifest(spec.subSpec, opts) }, tarball (spec, opts) { return fetchRegistry.tarball(spec.subSpec, opts) }, fromManifest (manifest, spec, opts) { return fetchRegistry.fromManifest(manifest, spec.subSpec, opts) } }) PK!=9ozz lib/fetch.jsnu['use strict' const duck = require('protoduck') const Fetcher = duck.define(['spec', 'opts', 'manifest'], { packument: ['spec', 'opts'], manifest: ['spec', 'opts'], tarball: ['spec', 'opts'], fromManifest: ['manifest', 'spec', 'opts'], clearMemoized () {} }, { name: 'Fetcher' }) module.exports = Fetcher module.exports.packument = packument function packument (spec, opts) { const fetcher = getFetcher(spec.type) return fetcher.packument(spec, opts) } module.exports.manifest = manifest function manifest (spec, opts) { const fetcher = getFetcher(spec.type) return fetcher.manifest(spec, opts) } module.exports.tarball = tarball function tarball (spec, opts) { return getFetcher(spec.type).tarball(spec, opts) } module.exports.fromManifest = fromManifest function fromManifest (manifest, spec, opts) { return getFetcher(spec.type).fromManifest(manifest, spec, opts) } const fetchers = {} module.exports.clearMemoized = clearMemoized function clearMemoized () { Object.keys(fetchers).forEach(k => { fetchers[k].clearMemoized() }) } function getFetcher (type) { if (!fetchers[type]) { // This is spelled out both to prevent sketchy stuff and to make life // easier for bundlers/preprocessors. switch (type) { case 'alias': fetchers[type] = require('./fetchers/alias') break case 'directory': fetchers[type] = require('./fetchers/directory') break case 'file': fetchers[type] = require('./fetchers/file') break case 'git': fetchers[type] = require('./fetchers/git') break case 'hosted': fetchers[type] = require('./fetchers/hosted') break case 'range': fetchers[type] = require('./fetchers/range') break case 'remote': fetchers[type] = require('./fetchers/remote') break case 'tag': fetchers[type] = require('./fetchers/tag') break case 'version': fetchers[type] = require('./fetchers/version') break default: throw new Error(`Invalid dependency type requested: ${type}`) } } return fetchers[type] } PK!| W!W!lib/finalize-manifest.jsnu['use strict' const BB = require('bluebird') const cacache = require('cacache') const cacheKey = require('./util/cache-key') const fetchFromManifest = require('./fetch').fromManifest const finished = require('./util/finished') const minimatch = require('minimatch') const normalize = require('normalize-package-data') const optCheck = require('./util/opt-check') const path = require('path') const pipe = BB.promisify(require('mississippi').pipe) const ssri = require('ssri') const tar = require('tar') const readJson = require('./util/read-json') const normalizePackageBin = require('npm-normalize-package-bin') // `finalizeManifest` takes as input the various kinds of manifests that // manifest handlers ('lib/fetchers/*.js#manifest()') return, and makes sure // they are: // // * filled out with any required data that the handler couldn't fill in // * formatted consistently // * cached so we don't have to repeat this work more than necessary // // The biggest thing this package might do is do a full tarball extraction in // order to find missing bits of metadata required by the npm installer. For // example, it will fill in `_shrinkwrap`, `_integrity`, and other details that // the plain manifest handlers would require a tarball to fill out. If a // handler returns everything necessary, this process is skipped. // // If we get to the tarball phase, the corresponding tarball handler for the // requested type will be invoked and the entire tarball will be read from the // stream. // module.exports = finalizeManifest function finalizeManifest (pkg, spec, opts) { const key = finalKey(pkg, spec) opts = optCheck(opts) const cachedManifest = (opts.cache && key && !opts.preferOnline && !opts.fullMetadata && !opts.enjoyBy) ? cacache.get.info(opts.cache, key, opts) : BB.resolve(null) return cachedManifest.then(cached => { if (cached && cached.metadata && cached.metadata.manifest) { return new Manifest(cached.metadata.manifest) } else { return tarballedProps(pkg, spec, opts).then(props => { return pkg && pkg.name ? new Manifest(pkg, props, opts.fullMetadata) : new Manifest(props, null, opts.fullMetadata) }).then(manifest => { const cacheKey = key || finalKey(manifest, spec) if (!opts.cache || !cacheKey) { return manifest } else { return cacache.put( opts.cache, cacheKey, '.', { metadata: { id: manifest._id, manifest, type: 'finalized-manifest' } } ).then(() => manifest) } }) } }) } module.exports.Manifest = Manifest function Manifest (pkg, fromTarball, fullMetadata) { fromTarball = fromTarball || {} if (fullMetadata) { Object.assign(this, pkg) } this.name = pkg.name this.version = pkg.version this.engines = pkg.engines || fromTarball.engines this.cpu = pkg.cpu || fromTarball.cpu this.os = pkg.os || fromTarball.os this.dependencies = pkg.dependencies || {} this.optionalDependencies = pkg.optionalDependencies || {} this.peerDependenciesMeta = pkg.peerDependenciesMeta || {} this.devDependencies = pkg.devDependencies || {} const bundled = ( pkg.bundledDependencies || pkg.bundleDependencies || false ) this.bundleDependencies = bundled this.peerDependencies = pkg.peerDependencies || {} this.deprecated = pkg.deprecated || false // These depend entirely on each handler this._resolved = pkg._resolved // Not all handlers (or registries) provide these out of the box, // and if they don't, we need to extract and read the tarball ourselves. // These are details required by the installer. this._integrity = pkg._integrity || fromTarball._integrity || null this._shasum = pkg._shasum || fromTarball._shasum || null this._shrinkwrap = pkg._shrinkwrap || fromTarball._shrinkwrap || null this.bin = pkg.bin || fromTarball.bin || null // turn arrays and strings into a legit object, strip out bad stuff normalizePackageBin(this) this._id = null // TODO - freezing and inextensibility pending npm changes. See test suite. // Object.preventExtensions(this) normalize(this) // I don't want this why did you give it to me. Go away. 🔥🔥🔥🔥 delete this.readme // Object.freeze(this) } // Some things aren't filled in by standard manifest fetching. // If this function needs to do its work, it will grab the // package tarball, extract it, and take whatever it needs // from the stream. function tarballedProps (pkg, spec, opts) { const needsShrinkwrap = (!pkg || ( pkg._hasShrinkwrap !== false && !pkg._shrinkwrap )) const needsBin = !!(!pkg || ( !pkg.bin && pkg.directories && pkg.directories.bin )) const needsIntegrity = !pkg || (!pkg._integrity && pkg._integrity !== false) const needsShasum = !pkg || (!pkg._shasum && pkg._shasum !== false) const needsHash = needsIntegrity || needsShasum const needsManifest = !pkg || !pkg.name const needsExtract = needsShrinkwrap || needsBin || needsManifest if (!needsShrinkwrap && !needsBin && !needsHash && !needsManifest) { return BB.resolve({}) } else { opts = optCheck(opts) const tarStream = fetchFromManifest(pkg, spec, opts) const extracted = needsExtract && new tar.Parse() return BB.join( needsShrinkwrap && jsonFromStream('npm-shrinkwrap.json', extracted), needsManifest && jsonFromStream('package.json', extracted), needsBin && getPaths(extracted), needsHash && ssri.fromStream(tarStream, { algorithms: ['sha1', 'sha512'] }), needsExtract && pipe(tarStream, extracted), (sr, mani, paths, hash) => { if (needsManifest && !mani) { const err = new Error(`Non-registry package missing package.json: ${spec}.`) err.code = 'ENOPACKAGEJSON' throw err } const extraProps = mani || {} delete extraProps._resolved // drain out the rest of the tarball tarStream.resume() // if we have directories.bin, we need to collect any matching files // to add to bin if (paths && paths.length) { const dirBin = mani ? (mani && mani.directories && mani.directories.bin) : (pkg && pkg.directories && pkg.directories.bin) if (dirBin) { extraProps.bin = {} paths.forEach(filePath => { if (minimatch(filePath, dirBin + '/**')) { const relative = path.relative(dirBin, filePath) if (relative && relative[0] !== '.') { extraProps.bin[path.basename(relative)] = path.join(dirBin, relative) } } }) } } return Object.assign(extraProps, { _shrinkwrap: sr, _resolved: (mani && mani._resolved) || (pkg && pkg._resolved) || spec.fetchSpec, _integrity: needsIntegrity && hash && hash.sha512 && hash.sha512[0].toString(), _shasum: needsShasum && hash && hash.sha1 && hash.sha1[0].hexDigest() }) } ) } } function jsonFromStream (filename, dataStream) { return BB.fromNode(cb => { dataStream.on('error', cb) dataStream.on('close', cb) dataStream.on('entry', entry => { const filePath = entry.header.path.replace(/[^/]+\//, '') if (filePath !== filename) { entry.resume() } else { let data = '' entry.on('error', cb) finished(entry).then(() => { try { cb(null, readJson(data)) } catch (err) { cb(err) } }, err => { cb(err) }) entry.on('data', d => { data += d }) } }) }) } function getPaths (dataStream) { return BB.fromNode(cb => { let paths = [] dataStream.on('error', cb) dataStream.on('close', () => cb(null, paths)) dataStream.on('entry', function handler (entry) { const filePath = entry.header.path.replace(/[^/]+\//, '') entry.resume() paths.push(filePath) }) }) } function finalKey (pkg, spec) { if (pkg && pkg._uniqueResolved) { // git packages have a unique, identifiable id, but no tar sha return cacheKey(`${spec.type}-manifest`, pkg._uniqueResolved) } else { return ( pkg && pkg._integrity && cacheKey( `${spec.type}-manifest`, `${pkg._resolved}:${ssri.stringify(pkg._integrity)}` ) ) } } PK!'o66node_modules/minipass/index.jsnu['use strict' const EE = require('events') const Yallist = require('yallist') const SD = require('string_decoder').StringDecoder const EOF = Symbol('EOF') const MAYBE_EMIT_END = Symbol('maybeEmitEnd') const EMITTED_END = Symbol('emittedEnd') const EMITTING_END = Symbol('emittingEnd') const CLOSED = Symbol('closed') const READ = Symbol('read') const FLUSH = Symbol('flush') const FLUSHCHUNK = Symbol('flushChunk') const ENCODING = Symbol('encoding') const DECODER = Symbol('decoder') const FLOWING = Symbol('flowing') const PAUSED = Symbol('paused') const RESUME = Symbol('resume') const BUFFERLENGTH = Symbol('bufferLength') const BUFFERPUSH = Symbol('bufferPush') const BUFFERSHIFT = Symbol('bufferShift') const OBJECTMODE = Symbol('objectMode') const DESTROYED = Symbol('destroyed') // TODO remove when Node v8 support drops const doIter = global._MP_NO_ITERATOR_SYMBOLS_ !== '1' const ASYNCITERATOR = doIter && Symbol.asyncIterator || Symbol('asyncIterator not implemented') const ITERATOR = doIter && Symbol.iterator || Symbol('iterator not implemented') // Buffer in node 4.x < 4.5.0 doesn't have working Buffer.from // or Buffer.alloc, and Buffer in node 10 deprecated the ctor. // .M, this is fine .\^/M.. const B = Buffer.alloc ? Buffer : /* istanbul ignore next */ require('safe-buffer').Buffer // events that mean 'the stream is over' // these are treated specially, and re-emitted // if they are listened for after emitting. const isEndish = ev => ev === 'end' || ev === 'finish' || ev === 'prefinish' const isArrayBuffer = b => b instanceof ArrayBuffer || typeof b === 'object' && b.constructor && b.constructor.name === 'ArrayBuffer' && b.byteLength >= 0 const isArrayBufferView = b => !B.isBuffer(b) && ArrayBuffer.isView(b) module.exports = class Minipass extends EE { constructor (options) { super() this[FLOWING] = false // whether we're explicitly paused this[PAUSED] = false this.pipes = new Yallist() this.buffer = new Yallist() this[OBJECTMODE] = options && options.objectMode || false if (this[OBJECTMODE]) this[ENCODING] = null else this[ENCODING] = options && options.encoding || null if (this[ENCODING] === 'buffer') this[ENCODING] = null this[DECODER] = this[ENCODING] ? new SD(this[ENCODING]) : null this[EOF] = false this[EMITTED_END] = false this[EMITTING_END] = false this[CLOSED] = false this.writable = true this.readable = true this[BUFFERLENGTH] = 0 this[DESTROYED] = false } get bufferLength () { return this[BUFFERLENGTH] } get encoding () { return this[ENCODING] } set encoding (enc) { if (this[OBJECTMODE]) throw new Error('cannot set encoding in objectMode') if (this[ENCODING] && enc !== this[ENCODING] && (this[DECODER] && this[DECODER].lastNeed || this[BUFFERLENGTH])) throw new Error('cannot change encoding') if (this[ENCODING] !== enc) { this[DECODER] = enc ? new SD(enc) : null if (this.buffer.length) this.buffer = this.buffer.map(chunk => this[DECODER].write(chunk)) } this[ENCODING] = enc } setEncoding (enc) { this.encoding = enc } get objectMode () { return this[OBJECTMODE] } set objectMode (ॐ ) { this[OBJECTMODE] = this[OBJECTMODE] || !!ॐ } write (chunk, encoding, cb) { if (this[EOF]) throw new Error('write after end') if (this[DESTROYED]) { this.emit('error', Object.assign( new Error('Cannot call write after a stream was destroyed'), { code: 'ERR_STREAM_DESTROYED' } )) return true } if (typeof encoding === 'function') cb = encoding, encoding = 'utf8' if (!encoding) encoding = 'utf8' // convert array buffers and typed array views into buffers // at some point in the future, we may want to do the opposite! // leave strings and buffers as-is // anything else switches us into object mode if (!this[OBJECTMODE] && !B.isBuffer(chunk)) { if (isArrayBufferView(chunk)) chunk = B.from(chunk.buffer, chunk.byteOffset, chunk.byteLength) else if (isArrayBuffer(chunk)) chunk = B.from(chunk) else if (typeof chunk !== 'string') // use the setter so we throw if we have encoding set this.objectMode = true } // this ensures at this point that the chunk is a buffer or string // don't buffer it up or send it to the decoder if (!this.objectMode && !chunk.length) { const ret = this.flowing if (this[BUFFERLENGTH] !== 0) this.emit('readable') if (cb) cb() return ret } // fast-path writing strings of same encoding to a stream with // an empty buffer, skipping the buffer/decoder dance if (typeof chunk === 'string' && !this[OBJECTMODE] && // unless it is a string already ready for us to use !(encoding === this[ENCODING] && !this[DECODER].lastNeed)) { chunk = B.from(chunk, encoding) } if (B.isBuffer(chunk) && this[ENCODING]) chunk = this[DECODER].write(chunk) try { return this.flowing ? (this.emit('data', chunk), this.flowing) : (this[BUFFERPUSH](chunk), false) } finally { if (this[BUFFERLENGTH] !== 0) this.emit('readable') if (cb) cb() } } read (n) { if (this[DESTROYED]) return null try { if (this[BUFFERLENGTH] === 0 || n === 0 || n > this[BUFFERLENGTH]) return null if (this[OBJECTMODE]) n = null if (this.buffer.length > 1 && !this[OBJECTMODE]) { if (this.encoding) this.buffer = new Yallist([ Array.from(this.buffer).join('') ]) else this.buffer = new Yallist([ B.concat(Array.from(this.buffer), this[BUFFERLENGTH]) ]) } return this[READ](n || null, this.buffer.head.value) } finally { this[MAYBE_EMIT_END]() } } [READ] (n, chunk) { if (n === chunk.length || n === null) this[BUFFERSHIFT]() else { this.buffer.head.value = chunk.slice(n) chunk = chunk.slice(0, n) this[BUFFERLENGTH] -= n } this.emit('data', chunk) if (!this.buffer.length && !this[EOF]) this.emit('drain') return chunk } end (chunk, encoding, cb) { if (typeof chunk === 'function') cb = chunk, chunk = null if (typeof encoding === 'function') cb = encoding, encoding = 'utf8' if (chunk) this.write(chunk, encoding) if (cb) this.once('end', cb) this[EOF] = true this.writable = false // if we haven't written anything, then go ahead and emit, // even if we're not reading. // we'll re-emit if a new 'end' listener is added anyway. // This makes MP more suitable to write-only use cases. if (this.flowing || !this[PAUSED]) this[MAYBE_EMIT_END]() return this } // don't let the internal resume be overwritten [RESUME] () { if (this[DESTROYED]) return this[PAUSED] = false this[FLOWING] = true this.emit('resume') if (this.buffer.length) this[FLUSH]() else if (this[EOF]) this[MAYBE_EMIT_END]() else this.emit('drain') } resume () { return this[RESUME]() } pause () { this[FLOWING] = false this[PAUSED] = true } get destroyed () { return this[DESTROYED] } get flowing () { return this[FLOWING] } get paused () { return this[PAUSED] } [BUFFERPUSH] (chunk) { if (this[OBJECTMODE]) this[BUFFERLENGTH] += 1 else this[BUFFERLENGTH] += chunk.length return this.buffer.push(chunk) } [BUFFERSHIFT] () { if (this.buffer.length) { if (this[OBJECTMODE]) this[BUFFERLENGTH] -= 1 else this[BUFFERLENGTH] -= this.buffer.head.value.length } return this.buffer.shift() } [FLUSH] () { do {} while (this[FLUSHCHUNK](this[BUFFERSHIFT]())) if (!this.buffer.length && !this[EOF]) this.emit('drain') } [FLUSHCHUNK] (chunk) { return chunk ? (this.emit('data', chunk), this.flowing) : false } pipe (dest, opts) { if (this[DESTROYED]) return const ended = this[EMITTED_END] opts = opts || {} if (dest === process.stdout || dest === process.stderr) opts.end = false else opts.end = opts.end !== false const p = { dest: dest, opts: opts, ondrain: _ => this[RESUME]() } this.pipes.push(p) dest.on('drain', p.ondrain) this[RESUME]() // piping an ended stream ends immediately if (ended && p.opts.end) p.dest.end() return dest } addListener (ev, fn) { return this.on(ev, fn) } on (ev, fn) { try { return super.on(ev, fn) } finally { if (ev === 'data' && !this.pipes.length && !this.flowing) this[RESUME]() else if (isEndish(ev) && this[EMITTED_END]) { super.emit(ev) this.removeAllListeners(ev) } } } get emittedEnd () { return this[EMITTED_END] } [MAYBE_EMIT_END] () { if (!this[EMITTING_END] && !this[EMITTED_END] && !this[DESTROYED] && this.buffer.length === 0 && this[EOF]) { this[EMITTING_END] = true this.emit('end') this.emit('prefinish') this.emit('finish') if (this[CLOSED]) this.emit('close') this[EMITTING_END] = false } } emit (ev, data) { // error and close are only events allowed after calling destroy() if (ev !== 'error' && ev !== 'close' && ev !== DESTROYED && this[DESTROYED]) return else if (ev === 'data') { if (!data) return if (this.pipes.length) this.pipes.forEach(p => p.dest.write(data) === false && this.pause()) } else if (ev === 'end') { // only actual end gets this treatment if (this[EMITTED_END] === true) return this[EMITTED_END] = true this.readable = false if (this[DECODER]) { data = this[DECODER].end() if (data) { this.pipes.forEach(p => p.dest.write(data)) super.emit('data', data) } } this.pipes.forEach(p => { p.dest.removeListener('drain', p.ondrain) if (p.opts.end) p.dest.end() }) } else if (ev === 'close') { this[CLOSED] = true // don't emit close before 'end' and 'finish' if (!this[EMITTED_END] && !this[DESTROYED]) return } // TODO: replace with a spread operator when Node v4 support drops const args = new Array(arguments.length) args[0] = ev args[1] = data if (arguments.length > 2) { for (let i = 2; i < arguments.length; i++) { args[i] = arguments[i] } } try { return super.emit.apply(this, args) } finally { if (!isEndish(ev)) this[MAYBE_EMIT_END]() else this.removeAllListeners(ev) } } // const all = await stream.collect() collect () { const buf = [] buf.dataLength = 0 this.on('data', c => { buf.push(c) buf.dataLength += c.length }) return this.promise().then(() => buf) } // const data = await stream.concat() concat () { return this[OBJECTMODE] ? Promise.reject(new Error('cannot concat in objectMode')) : this.collect().then(buf => this[OBJECTMODE] ? Promise.reject(new Error('cannot concat in objectMode')) : this[ENCODING] ? buf.join('') : B.concat(buf, buf.dataLength)) } // stream.promise().then(() => done, er => emitted error) promise () { return new Promise((resolve, reject) => { this.on(DESTROYED, () => reject(new Error('stream destroyed'))) this.on('end', () => resolve()) this.on('error', er => reject(er)) }) } // for await (let chunk of stream) [ASYNCITERATOR] () { const next = () => { const res = this.read() if (res !== null) return Promise.resolve({ done: false, value: res }) if (this[EOF]) return Promise.resolve({ done: true }) let resolve = null let reject = null const onerr = er => { this.removeListener('data', ondata) this.removeListener('end', onend) reject(er) } const ondata = value => { this.removeListener('error', onerr) this.removeListener('end', onend) this.pause() resolve({ value: value, done: !!this[EOF] }) } const onend = () => { this.removeListener('error', onerr) this.removeListener('data', ondata) resolve({ done: true }) } const ondestroy = () => onerr(new Error('stream destroyed')) return new Promise((res, rej) => { reject = rej resolve = res this.once(DESTROYED, ondestroy) this.once('error', onerr) this.once('end', onend) this.once('data', ondata) }) } return { next } } // for (let chunk of stream) [ITERATOR] () { const next = () => { const value = this.read() const done = value === null return { value, done } } return { next } } destroy (er) { if (this[DESTROYED]) { if (er) this.emit('error', er) else this.emit(DESTROYED) return this } this[DESTROYED] = true // throw away all buffered data, it's never coming out this.buffer = new Yallist() this[BUFFERLENGTH] = 0 if (typeof this.close === 'function' && !this[CLOSED]) this.close() if (er) this.emit('error', er) else // if no error to emit, still reject pending promises this.emit(DESTROYED) return this } static isStream (s) { return !!s && (s instanceof Minipass || s instanceof EE && ( typeof s.pipe === 'function' || // readable (typeof s.write === 'function' && typeof s.end === 'function') // writable )) } } PK!@ꛘRRnode_modules/minipass/README.mdnu[# minipass A _very_ minimal implementation of a [PassThrough stream](https://nodejs.org/api/stream.html#stream_class_stream_passthrough) [It's very fast](https://docs.google.com/spreadsheets/d/1oObKSrVwLX_7Ut4Z6g3fZW-AX1j1-k6w-cDsrkaSbHM/edit#gid=0) for objects, strings, and buffers. Supports pipe()ing (including multi-pipe() and backpressure transmission), buffering data until either a `data` event handler or `pipe()` is added (so you don't lose the first chunk), and most other cases where PassThrough is a good idea. There is a `read()` method, but it's much more efficient to consume data from this stream via `'data'` events or by calling `pipe()` into some other stream. Calling `read()` requires the buffer to be flattened in some cases, which requires copying memory. There is also no `unpipe()` method. Once you start piping, there is no stopping it! If you set `objectMode: true` in the options, then whatever is written will be emitted. Otherwise, it'll do a minimal amount of Buffer copying to ensure proper Streams semantics when `read(n)` is called. `objectMode` can also be set by doing `stream.objectMode = true`, or by writing any non-string/non-buffer data. `objectMode` cannot be set to false once it is set. This is not a `through` or `through2` stream. It doesn't transform the data, it just passes it right through. If you want to transform the data, extend the class, and override the `write()` method. Once you're done transforming the data however you want, call `super.write()` with the transform output. For some examples of streams that extend Minipass in various ways, check out: - [minizlib](http://npm.im/minizlib) - [fs-minipass](http://npm.im/fs-minipass) - [tar](http://npm.im/tar) - [minipass-collect](http://npm.im/minipass-collect) - [minipass-flush](http://npm.im/minipass-flush) - [minipass-pipeline](http://npm.im/minipass-pipeline) - [tap](http://npm.im/tap) - [tap-parser](http://npm.im/tap) - [treport](http://npm.im/tap) ## Differences from Node.js Streams There are several things that make Minipass streams different from (and in some ways superior to) Node.js core streams. Please read these caveats if you are familiar with noode-core streams and intend to use Minipass streams in your programs. ### Timing Minipass streams are designed to support synchronous use-cases. Thus, data is emitted as soon as it is available, always. It is buffered until read, but no longer. Another way to look at it is that Minipass streams are exactly as synchronous as the logic that writes into them. This can be surprising if your code relies on `PassThrough.write()` always providing data on the next tick rather than the current one, or being able to call `resume()` and not have the entire buffer disappear immediately. However, without this synchronicity guarantee, there would be no way for Minipass to achieve the speeds it does, or support the synchronous use cases that it does. Simply put, waiting takes time. This non-deferring approach makes Minipass streams much easier to reason about, especially in the context of Promises and other flow-control mechanisms. ### No High/Low Water Marks Node.js core streams will optimistically fill up a buffer, returning `true` on all writes until the limit is hit, even if the data has nowhere to go. Then, they will not attempt to draw more data in until the buffer size dips below a minimum value. Minipass streams are much simpler. The `write()` method will return `true` if the data has somewhere to go (which is to say, given the timing guarantees, that the data is already there by the time `write()` returns). If the data has nowhere to go, then `write()` returns false, and the data sits in a buffer, to be drained out immediately as soon as anyone consumes it. ### Hazards of Buffering (or: Why Minipass Is So Fast) Since data written to a Minipass stream is immediately written all the way through the pipeline, and `write()` always returns true/false based on whether the data was fully flushed, backpressure is communicated immediately to the upstream caller. This minimizes buffering. Consider this case: ```js const {PassThrough} = require('stream') const p1 = new PassThrough({ highWaterMark: 1024 }) const p2 = new PassThrough({ highWaterMark: 1024 }) const p3 = new PassThrough({ highWaterMark: 1024 }) const p4 = new PassThrough({ highWaterMark: 1024 }) p1.pipe(p2).pipe(p3).pipe(p4) p4.on('data', () => console.log('made it through')) // this returns false and buffers, then writes to p2 on next tick (1) // p2 returns false and buffers, pausing p1, then writes to p3 on next tick (2) // p3 returns false and buffers, pausing p2, then writes to p4 on next tick (3) // p4 returns false and buffers, pausing p3, then emits 'data' and 'drain' // on next tick (4) // p3 sees p4's 'drain' event, and calls resume(), emitting 'resume' and // 'drain' on next tick (5) // p2 sees p3's 'drain', calls resume(), emits 'resume' and 'drain' on next tick (6) // p1 sees p2's 'drain', calls resume(), emits 'resume' and 'drain' on next // tick (7) p1.write(Buffer.alloc(2048)) // returns false ``` Along the way, the data was buffered and deferred at each stage, and multiple event deferrals happened, for an unblocked pipeline where it was perfectly safe to write all the way through! Furthermore, setting a `highWaterMark` of `1024` might lead someone reading the code to think an advisory maximum of 1KiB is being set for the pipeline. However, the actual advisory buffering level is the _sum_ of `highWaterMark` values, since each one has its own bucket. Consider the Minipass case: ```js const m1 = new Minipass() const m2 = new Minipass() const m3 = new Minipass() const m4 = new Minipass() m1.pipe(m2).pipe(m3).pipe(m4) m4.on('data', () => console.log('made it through')) // m1 is flowing, so it writes the data to m2 immediately // m2 is flowing, so it writes the data to m3 immediately // m3 is flowing, so it writes the data to m4 immediately // m4 is flowing, so it fires the 'data' event immediately, returns true // m4's write returned true, so m3 is still flowing, returns true // m3's write returned true, so m2 is still flowing, returns true // m2's write returned true, so m1 is still flowing, returns true // No event deferrals or buffering along the way! m1.write(Buffer.alloc(2048)) // returns true ``` It is extremely unlikely that you _don't_ want to buffer any data written, or _ever_ buffer data that can be flushed all the way through. Neither node-core streams nor Minipass ever fail to buffer written data, but node-core streams do a lot of unnecessary buffering and pausing. As always, the faster implementation is the one that does less stuff and waits less time to do it. ### Immediately emit `end` for empty streams (when not paused) If a stream is not paused, and `end()` is called before writing any data into it, then it will emit `end` immediately. If you have logic that occurs on the `end` event which you don't want to potentially happen immediately (for example, closing file descriptors, moving on to the next entry in an archive parse stream, etc.) then be sure to call `stream.pause()` on creation, and then `stream.resume()` once you are ready to respond to the `end` event. ### Emit `end` When Asked One hazard of immediately emitting `'end'` is that you may not yet have had a chance to add a listener. In order to avoid this hazard, Minipass streams safely re-emit the `'end'` event if a new listener is added after `'end'` has been emitted. Ie, if you do `stream.on('end', someFunction)`, and the stream has already emitted `end`, then it will call the handler right away. (You can think of this somewhat like attaching a new `.then(fn)` to a previously-resolved Promise.) To prevent calling handlers multiple times who would not expect multiple ends to occur, all listeners are removed from the `'end'` event whenever it is emitted. ### Impact of "immediate flow" on Tee-streams A "tee stream" is a stream piping to multiple destinations: ```js const tee = new Minipass() t.pipe(dest1) t.pipe(dest2) t.write('foo') // goes to both destinations ``` Since Minipass streams _immediately_ process any pending data through the pipeline when a new pipe destination is added, this can have surprising effects, especially when a stream comes in from some other function and may or may not have data in its buffer. ```js // WARNING! WILL LOSE DATA! const src = new Minipass() src.write('foo') src.pipe(dest1) // 'foo' chunk flows to dest1 immediately, and is gone src.pipe(dest2) // gets nothing! ``` The solution is to create a dedicated tee-stream junction that pipes to both locations, and then pipe to _that_ instead. ```js // Safe example: tee to both places const src = new Minipass() src.write('foo') const tee = new Minipass() tee.pipe(dest1) tee.pipe(dest2) stream.pipe(tee) // tee gets 'foo', pipes to both locations ``` The same caveat applies to `on('data')` event listeners. The first one added will _immediately_ receive all of the data, leaving nothing for the second: ```js // WARNING! WILL LOSE DATA! const src = new Minipass() src.write('foo') src.on('data', handler1) // receives 'foo' right away src.on('data', handler2) // nothing to see here! ``` Using a dedicated tee-stream can be used in this case as well: ```js // Safe example: tee to both data handlers const src = new Minipass() src.write('foo') const tee = new Minipass() tee.on('data', handler1) tee.on('data', handler2) src.pipe(tee) ``` ## USAGE It's a stream! Use it like a stream and it'll most likely do what you want. ```js const Minipass = require('minipass') const mp = new Minipass(options) // optional: { encoding, objectMode } mp.write('foo') mp.pipe(someOtherStream) mp.end('bar') ``` ### OPTIONS * `encoding` How would you like the data coming _out_ of the stream to be encoded? Accepts any values that can be passed to `Buffer.toString()`. * `objectMode` Emit data exactly as it comes in. This will be flipped on by default if you write() something other than a string or Buffer at any point. Setting `objectMode: true` will prevent setting any encoding value. ### API Implements the user-facing portions of Node.js's `Readable` and `Writable` streams. ### Methods * `write(chunk, [encoding], [callback])` - Put data in. (Note that, in the base Minipass class, the same data will come out.) Returns `false` if the stream will buffer the next write, or true if it's still in "flowing" mode. * `end([chunk, [encoding]], [callback])` - Signal that you have no more data to write. This will queue an `end` event to be fired when all the data has been consumed. * `setEncoding(encoding)` - Set the encoding for data coming of the stream. This can only be done once. * `pause()` - No more data for a while, please. This also prevents `end` from being emitted for empty streams until the stream is resumed. * `resume()` - Resume the stream. If there's data in the buffer, it is all discarded. Any buffered events are immediately emitted. * `pipe(dest)` - Send all output to the stream provided. There is no way to unpipe. When data is emitted, it is immediately written to any and all pipe destinations. * `on(ev, fn)`, `emit(ev, fn)` - Minipass streams are EventEmitters. Some events are given special treatment, however. (See below under "events".) * `promise()` - Returns a Promise that resolves when the stream emits `end`, or rejects if the stream emits `error`. * `collect()` - Return a Promise that resolves on `end` with an array containing each chunk of data that was emitted, or rejects if the stream emits `error`. Note that this consumes the stream data. * `concat()` - Same as `collect()`, but concatenates the data into a single Buffer object. Will reject the returned promise if the stream is in objectMode, or if it goes into objectMode by the end of the data. * `read(n)` - Consume `n` bytes of data out of the buffer. If `n` is not provided, then consume all of it. If `n` bytes are not available, then it returns null. **Note** consuming streams in this way is less efficient, and can lead to unnecessary Buffer copying. * `destroy([er])` - Destroy the stream. If an error is provided, then an `'error'` event is emitted. If the stream has a `close()` method, and has not emitted a `'close'` event yet, then `stream.close()` will be called. Any Promises returned by `.promise()`, `.collect()` or `.concat()` will be rejected. After being destroyed, writing to the stream will emit an error. No more data will be emitted if the stream is destroyed, even if it was previously buffered. ### Properties * `bufferLength` Read-only. Total number of bytes buffered, or in the case of objectMode, the total number of objects. * `encoding` The encoding that has been set. (Setting this is equivalent to calling `setEncoding(enc)` and has the same prohibition against setting multiple times.) * `flowing` Read-only. Boolean indicating whether a chunk written to the stream will be immediately emitted. * `emittedEnd` Read-only. Boolean indicating whether the end-ish events (ie, `end`, `prefinish`, `finish`) have been emitted. Note that listening on any end-ish event will immediateyl re-emit it if it has already been emitted. * `writable` Whether the stream is writable. Default `true`. Set to `false` when `end()` * `readable` Whether the stream is readable. Default `true`. * `buffer` A [yallist](http://npm.im/yallist) linked list of chunks written to the stream that have not yet been emitted. (It's probably a bad idea to mess with this.) * `pipes` A [yallist](http://npm.im/yallist) linked list of streams that this stream is piping into. (It's probably a bad idea to mess with this.) * `destroyed` A getter that indicates whether the stream was destroyed. * `paused` True if the stream has been explicitly paused, otherwise false. * `objectMode` Indicates whether the stream is in `objectMode`. Once set to `true`, it cannot be set to `false`. ### Events * `data` Emitted when there's data to read. Argument is the data to read. This is never emitted while not flowing. If a listener is attached, that will resume the stream. * `end` Emitted when there's no more data to read. This will be emitted immediately for empty streams when `end()` is called. If a listener is attached, and `end` was already emitted, then it will be emitted again. All listeners are removed when `end` is emitted. * `prefinish` An end-ish event that follows the same logic as `end` and is emitted in the same conditions where `end` is emitted. Emitted after `'end'`. * `finish` An end-ish event that follows the same logic as `end` and is emitted in the same conditions where `end` is emitted. Emitted after `'prefinish'`. * `close` An indication that an underlying resource has been released. Minipass does not emit this event, but will defer it until after `end` has been emitted, since it throws off some stream libraries otherwise. * `drain` Emitted when the internal buffer empties, and it is again suitable to `write()` into the stream. * `readable` Emitted when data is buffered and ready to be read by a consumer. * `resume` Emitted when stream changes state from buffering to flowing mode. (Ie, when `resume` is called, `pipe` is called, or a `data` event listener is added.) ### Static Methods * `Minipass.isStream(stream)` Returns `true` if the argument is a stream, and false otherwise. To be considered a stream, the object must be either an instance of Minipass, or an EventEmitter that has either a `pipe()` method, or both `write()` and `end()` methods. (Pretty much any stream in node-land will return `true` for this.) ## EXAMPLES Here are some examples of things you can do with Minipass streams. ### simple "are you done yet" promise ```js mp.promise().then(() => { // stream is finished }, er => { // stream emitted an error }) ``` ### collecting ```js mp.collect().then(all => { // all is an array of all the data emitted // encoding is supported in this case, so // so the result will be a collection of strings if // an encoding is specified, or buffers/objects if not. // // In an async function, you may do // const data = await stream.collect() }) ``` ### collecting into a single blob This is a bit slower because it concatenates the data into one chunk for you, but if you're going to do it yourself anyway, it's convenient this way: ```js mp.concat().then(onebigchunk => { // onebigchunk is a string if the stream // had an encoding set, or a buffer otherwise. }) ``` ### iteration You can iterate over streams synchronously or asynchronously in platforms that support it. Synchronous iteration will end when the currently available data is consumed, even if the `end` event has not been reached. In string and buffer mode, the data is concatenated, so unless multiple writes are occurring in the same tick as the `read()`, sync iteration loops will generally only have a single iteration. To consume chunks in this way exactly as they have been written, with no flattening, create the stream with the `{ objectMode: true }` option. ```js const mp = new Minipass({ objectMode: true }) mp.write('a') mp.write('b') for (let letter of mp) { console.log(letter) // a, b } mp.write('c') mp.write('d') for (let letter of mp) { console.log(letter) // c, d } mp.write('e') mp.end() for (let letter of mp) { console.log(letter) // e } for (let letter of mp) { console.log(letter) // nothing } ``` Asynchronous iteration will continue until the end event is reached, consuming all of the data. ```js const mp = new Minipass({ encoding: 'utf8' }) // some source of some data let i = 5 const inter = setInterval(() => { if (i --> 0) mp.write(Buffer.from('foo\n', 'utf8')) else { mp.end() clearInterval(inter) } }, 100) // consume the data with asynchronous iteration async function consume () { for await (let chunk of mp) { console.log(chunk) } return 'ok' } consume().then(res => console.log(res)) // logs `foo\n` 5 times, and then `ok` ``` ### subclass that `console.log()`s everything written into it ```js class Logger extends Minipass { write (chunk, encoding, callback) { console.log('WRITE', chunk, encoding) return super.write(chunk, encoding, callback) } end (chunk, encoding, callback) { console.log('END', chunk, encoding) return super.end(chunk, encoding, callback) } } someSource.pipe(new Logger()).pipe(someDest) ``` ### same thing, but using an inline anonymous class ```js // js classes are fun someSource .pipe(new (class extends Minipass { emit (ev, ...data) { // let's also log events, because debugging some weird thing console.log('EMIT', ev) return super.emit(ev, ...data) } write (chunk, encoding, callback) { console.log('WRITE', chunk, encoding) return super.write(chunk, encoding, callback) } end (chunk, encoding, callback) { console.log('END', chunk, encoding) return super.end(chunk, encoding, callback) } })) .pipe(someDest) ``` ### subclass that defers 'end' for some reason ```js class SlowEnd extends Minipass { emit (ev, ...args) { if (ev === 'end') { console.log('going to end, hold on a sec') setTimeout(() => { console.log('ok, ready to end now') super.emit('end', ...args) }, 100) } else { return super.emit(ev, ...args) } } } ``` ### transform that creates newline-delimited JSON ```js class NDJSONEncode extends Minipass { write (obj, cb) { try { // JSON.stringify can throw, emit an error on that return super.write(JSON.stringify(obj) + '\n', 'utf8', cb) } catch (er) { this.emit('error', er) } } end (obj, cb) { if (typeof obj === 'function') { cb = obj obj = undefined } if (obj !== undefined) { this.write(obj) } return super.end(cb) } } ``` ### transform that parses newline-delimited JSON ```js class NDJSONDecode extends Minipass { constructor (options) { // always be in object mode, as far as Minipass is concerned super({ objectMode: true }) this._jsonBuffer = '' } write (chunk, encoding, cb) { if (typeof chunk === 'string' && typeof encoding === 'string' && encoding !== 'utf8') { chunk = Buffer.from(chunk, encoding).toString() } else if (Buffer.isBuffer(chunk)) chunk = chunk.toString() } if (typeof encoding === 'function') { cb = encoding } const jsonData = (this._jsonBuffer + chunk).split('\n') this._jsonBuffer = jsonData.pop() for (let i = 0; i < jsonData.length; i++) { let parsed try { super.write(parsed) } catch (er) { this.emit('error', er) continue } } if (cb) cb() } } ``` PK!!node_modules/minipass/LICENSEnu[The ISC License Copyright (c) npm, Inc. and Contributors Permission to use, copy, modify, and/or distribute this software for any purpose with or without fee is hereby granted, provided that the above copyright notice and this permission notice appear in all copies. THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. PK!gdU"node_modules/minipass/package.jsonnu[{ "_from": "minipass@^2.3.5", "_id": "minipass@2.9.0", "_inBundle": false, "_integrity": "sha512-wxfUjg9WebH+CUDX/CdbRlh5SmfZiy/hpkxaRI16Y9W56Pa75sWgd/rvFilSgrauD9NyFymP/+JFV3KwzIsJeg==", "_location": "/pacote/minipass", "_phantomChildren": {}, "_requested": { "type": "range", "registry": true, "raw": "minipass@^2.3.5", "name": "minipass", "escapedName": "minipass", "rawSpec": "^2.3.5", "saveSpec": null, "fetchSpec": "^2.3.5" }, "_requiredBy": [ "/pacote" ], "_resolved": "https://registry.npmjs.org/minipass/-/minipass-2.9.0.tgz", "_shasum": "e713762e7d3e32fed803115cf93e04bca9fcc9a6", "_spec": "minipass@^2.3.5", "_where": "/Users/ruyadorno/Documents/workspace/cli/node_modules/pacote", "author": { "name": "Isaac Z. Schlueter", "email": "i@izs.me", "url": "http://blog.izs.me/" }, "bugs": { "url": "https://github.com/isaacs/minipass/issues" }, "bundleDependencies": false, "dependencies": { "safe-buffer": "^5.1.2", "yallist": "^3.0.0" }, "deprecated": false, "description": "minimal implementation of a PassThrough stream", "devDependencies": { "end-of-stream": "^1.4.0", "tap": "^14.6.5", "through2": "^2.0.3" }, "files": [ "index.js" ], "homepage": "https://github.com/isaacs/minipass#readme", "keywords": [ "passthrough", "stream" ], "license": "ISC", "main": "index.js", "name": "minipass", "repository": { "type": "git", "url": "git+https://github.com/isaacs/minipass.git" }, "scripts": { "postpublish": "git push origin --follow-tags", "postversion": "npm publish", "preversion": "npm test", "test": "tap" }, "tap": { "check-coverage": true }, "version": "2.9.0" } PK!_f f package.jsonnu[{ "_from": "pacote@9.5.12", "_id": "pacote@9.5.12", "_inBundle": false, "_integrity": "sha512-BUIj/4kKbwWg4RtnBncXPJd15piFSVNpTzY0rysSr3VnMowTYgkGKcaHrbReepAkjTr8lH2CVWRi58Spg2CicQ==", "_location": "/pacote", "_phantomChildren": { "safe-buffer": "5.1.2", "yallist": "3.0.3" }, "_requested": { "type": "version", "registry": true, "raw": "pacote@9.5.12", "name": "pacote", "escapedName": "pacote", "rawSpec": "9.5.12", "saveSpec": null, "fetchSpec": "9.5.12" }, "_requiredBy": [ "#USER", "/", "/libcipm", "/libnpm" ], "_resolved": "https://registry.npmjs.org/pacote/-/pacote-9.5.12.tgz", "_shasum": "1e11dd7a8d736bcc36b375a9804d41bb0377bf66", "_spec": "pacote@9.5.12", "_where": "/Users/ruyadorno/Documents/workspace/cli", "author": { "name": "Kat Marchán", "email": "kzm@sykosomatic.org" }, "bugs": { "url": "https://github.com/npm/pacote/issues" }, "bundleDependencies": false, "contributors": [ { "name": "Charlotte Spencer", "email": "charlottelaspencer@gmail.com" }, { "name": "Rebecca Turner", "email": "me@re-becca.org" } ], "dependencies": { "bluebird": "^3.5.3", "cacache": "^12.0.2", "chownr": "^1.1.2", "figgy-pudding": "^3.5.1", "get-stream": "^4.1.0", "glob": "^7.1.3", "infer-owner": "^1.0.4", "lru-cache": "^5.1.1", "make-fetch-happen": "^5.0.0", "minimatch": "^3.0.4", "minipass": "^2.3.5", "mississippi": "^3.0.0", "mkdirp": "^0.5.1", "normalize-package-data": "^2.4.0", "npm-normalize-package-bin": "^1.0.0", "npm-package-arg": "^6.1.0", "npm-packlist": "^1.1.12", "npm-pick-manifest": "^3.0.0", "npm-registry-fetch": "^4.0.0", "osenv": "^0.1.5", "promise-inflight": "^1.0.1", "promise-retry": "^1.1.1", "protoduck": "^5.0.1", "rimraf": "^2.6.2", "safe-buffer": "^5.1.2", "semver": "^5.6.0", "ssri": "^6.0.1", "tar": "^4.4.10", "unique-filename": "^1.1.1", "which": "^1.3.1" }, "deprecated": false, "description": "JavaScript package downloader", "devDependencies": { "nock": "^10.0.3", "npmlog": "^4.1.2", "nyc": "^14.1.1", "require-inject": "^1.4.3", "standard": "^12.0.1", "standard-version": "^4.4.0", "tacks": "^1.2.7", "tap": "^12.7.0", "tar-stream": "^1.6.2", "weallbehave": "^1.2.0", "weallcontribute": "^1.0.7" }, "files": [ "*.js", "lib" ], "homepage": "https://github.com/npm/pacote#readme", "keywords": [ "packages", "npm", "git" ], "license": "MIT", "main": "index.js", "name": "pacote", "publishConfig": { "tag": "v9-legacy" }, "repository": { "type": "git", "url": "git+https://github.com/npm/pacote.git" }, "scripts": { "postrelease": "npm publish && git push --follow-tags", "prerelease": "npm t", "pretest": "standard", "release": "standard-version -s", "test": "nyc --all -- tap -J test/*.js", "test-docker": "docker run -it --rm --name pacotest -v \"$PWD\":/tmp -w /tmp node:latest npm test", "update-coc": "weallbehave -o . && git add CODE_OF_CONDUCT.md && git commit -m 'docs(coc): updated CODE_OF_CONDUCT.md'", "update-contrib": "weallcontribute -o . && git add CONTRIBUTING.md && git commit -m 'docs(contributing): updated CONTRIBUTING.md'" }, "version": "9.5.12" } PK!Қ366 packument.jsnu[PK!R= rprefetch.jsnu[PK!o8 g tarball.jsnu[PK!0index.jsnu[PK!'{gi&i& README.mdnu[PK!kNOOg;LICENSEnu[PK!/@D ?CHANGELOG.mdnu[PK!{{ manifest.jsnu[PK!^ sextract.jsnu[PK! ahlib/with-tarball-stream.jsnu[PK!= h lib/extract-stream.jsnu[PK!Y;#lib/util/opt-check.jsnu[PK!ӭ!lib/util/finished.jsnu[PK!,Z "lib/util/git.jsnu[PK!lClib/util/cache-key.jsnu[PK!0iDlib/util/pack-dir.jsnu[PK!= LTTHlib/util/proclog.jsnu[PK!:RJlib/util/read-json.jsnu[PK!55Llib/fetchers/version.jsnu[PK!xYY)Mlib/fetchers/git.jsnu[PK!3t "clib/fetchers/registry/packument.jsnu[PK!c1 1 mlib/fetchers/registry/tarball.jsnu[PK!Uº1zlib/fetchers/registry/index.jsnu[PK!qX80 0 !9}lib/fetchers/registry/manifest.jsnu[PK!55lib/fetchers/tag.jsnu[PK!dT 2lib/fetchers/directory.jsnu[PK!|'00{lib/fetchers/hosted.jsnu[PK!$+7 lib/fetchers/file.jsnu[PK!55Оlib/fetchers/range.jsnu[PK!9XXJlib/fetchers/remote.jsnu[PK!!|\**lib/fetchers/alias.jsnu[PK!=9ozz Wlib/fetch.jsnu[PK!| W!W! lib/finalize-manifest.jsnu[PK!'o66node_modules/minipass/index.jsnu[PK!@ꛘRRnode_modules/minipass/README.mdnu[PK!!Xnode_modules/minipass/LICENSEnu[PK!gdU"\node_modules/minipass/package.jsonnu[PK!_f f Xcpackage.jsonnu[PK&& p