diff --git a/mock-registry/package.json b/mock-registry/package.json index d774fd4e6ed8a..d32880e282b58 100644 --- a/mock-registry/package.json +++ b/mock-registry/package.json @@ -50,7 +50,7 @@ "@npmcli/template-oss": "4.19.0", "json-stringify-safe": "^5.0.1", "nock": "^13.3.3", - "npm-package-arg": "^11.0.0", + "npm-package-arg": "^11.0.1", "pacote": "^17.0.4", "tap": "^16.3.8" } diff --git a/node_modules/npm-package-arg/lib/npa.js b/node_modules/npm-package-arg/lib/npa.js index f5ede2326e7b4..23bf68d2e04a3 100644 --- a/node_modules/npm-package-arg/lib/npa.js +++ b/node_modules/npm-package-arg/lib/npa.js @@ -4,7 +4,7 @@ module.exports.resolve = resolve module.exports.toPurl = toPurl module.exports.Result = Result -const url = require('url') +const { URL } = require('url') const HostedGit = require('hosted-git-info') const semver = require('semver') const path = global.FAKE_WINDOWS ? require('path').win32 : require('path') @@ -183,10 +183,11 @@ Result.prototype.toJSON = function () { return result } -function setGitCommittish (res, committish) { +// sets res.gitCommittish, res.gitRange, and res.gitSubdir +function setGitAttrs (res, committish) { if (!committish) { res.gitCommittish = null - return res + return } // for each :: separated item: @@ -224,8 +225,6 @@ function setGitCommittish (res, committish) { } log.warn('npm-package-arg', `ignoring unknown key "${name}"`) } - - return res } function fromFile (res, where) { @@ -245,10 +244,10 @@ function fromFile (res, where) { const rawWithPrefix = prefix + res.rawSpec let rawNoPrefix = rawWithPrefix.replace(/^file:/, '') try { - resolvedUrl = new url.URL(rawWithPrefix, `file://${path.resolve(where)}/`) - specUrl = new url.URL(rawWithPrefix) + resolvedUrl = new URL(rawWithPrefix, `file://${path.resolve(where)}/`) + specUrl = new URL(rawWithPrefix) } catch (originalError) { - const er = new Error('Invalid file: URL, must comply with RFC 8909') + const er = new Error('Invalid file: URL, must comply with RFC 8089') throw Object.assign(er, { raw: res.rawSpec, spec: res, @@ -257,11 +256,11 @@ function fromFile (res, where) { }) } - // XXX backwards compatibility lack of compliance with RFC 8909 + // XXX backwards compatibility lack of compliance with RFC 8089 if (resolvedUrl.host && resolvedUrl.host !== 'localhost') { const rawSpec = res.rawSpec.replace(/^file:\/\//, 'file:///') - resolvedUrl = new url.URL(rawSpec, `file://${path.resolve(where)}/`) - specUrl = new url.URL(rawSpec) + resolvedUrl = new URL(rawSpec, `file://${path.resolve(where)}/`) + specUrl = new URL(rawSpec) rawNoPrefix = rawSpec.replace(/^file:/, '') } // turn file:/../foo into file:../foo @@ -269,11 +268,11 @@ function fromFile (res, where) { // in the previous step to make it a file protocol url with a leading slash if (/^\/{1,3}\.\.?(\/|$)/.test(rawNoPrefix)) { const rawSpec = res.rawSpec.replace(/^file:\/{1,3}/, 'file:') - resolvedUrl = new url.URL(rawSpec, `file://${path.resolve(where)}/`) - specUrl = new url.URL(rawSpec) + resolvedUrl = new URL(rawSpec, `file://${path.resolve(where)}/`) + specUrl = new URL(rawSpec) rawNoPrefix = rawSpec.replace(/^file:/, '') } - // XXX end RFC 8909 violation backwards compatibility section + // XXX end RFC 8089 violation backwards compatibility section // turn /C:/blah into just C:/blah on windows let specPath = decodeURIComponent(specUrl.pathname) @@ -303,7 +302,8 @@ function fromHostedGit (res, hosted) { res.hosted = hosted res.saveSpec = hosted.toString({ noGitPlus: false, noCommittish: false }) res.fetchSpec = hosted.getDefaultRepresentation() === 'shortcut' ? null : hosted.toString() - return setGitCommittish(res, hosted.committish) + setGitAttrs(res, hosted.committish) + return res } function unsupportedURLType (protocol, spec) { @@ -312,54 +312,51 @@ function unsupportedURLType (protocol, spec) { return err } -function matchGitScp (spec) { - // git ssh specifiers are overloaded to also use scp-style git - // specifiers, so we have to parse those out and treat them special. - // They are NOT true URIs, so we can't hand them to `url.parse`. - // - // This regex looks for things that look like: - // git+ssh://git@my.custom.git.com:username/project.git#deadbeef - // - // ...and various combinations. The username in the beginning is *required*. - const matched = spec.match(/^git\+ssh:\/\/([^:#]+:[^#]+(?:\.git)?)(?:#(.*))?$/i) - return matched && !matched[1].match(/:[0-9]+\/?.*$/i) && { - fetchSpec: matched[1], - gitCommittish: matched[2] == null ? null : matched[2], - } -} - function fromURL (res) { - // eslint-disable-next-line node/no-deprecated-api - const urlparse = url.parse(res.rawSpec) - res.saveSpec = res.rawSpec + let rawSpec = res.rawSpec + res.saveSpec = rawSpec + if (rawSpec.startsWith('git+ssh:')) { + // git ssh specifiers are overloaded to also use scp-style git + // specifiers, so we have to parse those out and treat them special. + // They are NOT true URIs, so we can't hand them to URL. + + // This regex looks for things that look like: + // git+ssh://git@my.custom.git.com:username/project.git#deadbeef + // ...and various combinations. The username in the beginning is *required*. + const matched = rawSpec.match(/^git\+ssh:\/\/([^:#]+:[^#]+(?:\.git)?)(?:#(.*))?$/i) + if (matched && !matched[1].match(/:[0-9]+\/?.*$/i)) { + res.type = 'git' + setGitAttrs(res, matched[2]) + res.fetchSpec = matched[1] + return res + } + } else if (rawSpec.startsWith('git+file://')) { + // URL can't handle windows paths + rawSpec = rawSpec.replace(/\\/g, '/') + } + const parsedUrl = new URL(rawSpec) // check the protocol, and then see if it's git or not - switch (urlparse.protocol) { + switch (parsedUrl.protocol) { case 'git:': case 'git+http:': case 'git+https:': case 'git+rsync:': case 'git+ftp:': case 'git+file:': - case 'git+ssh:': { + case 'git+ssh:': res.type = 'git' - const match = urlparse.protocol === 'git+ssh:' ? matchGitScp(res.rawSpec) - : null - if (match) { - setGitCommittish(res, match.gitCommittish) - res.fetchSpec = match.fetchSpec + setGitAttrs(res, parsedUrl.hash.slice(1)) + if (parsedUrl.protocol === 'git+file:' && /^git\+file:\/\/[a-z]:/i.test(rawSpec)) { + // URL can't handle drive letters on windows file paths, the host can't contain a : + res.fetchSpec = `git+file://${parsedUrl.host.toLowerCase()}:${parsedUrl.pathname}` } else { - setGitCommittish(res, urlparse.hash != null ? urlparse.hash.slice(1) : '') - urlparse.protocol = urlparse.protocol.replace(/^git[+]/, '') - if (urlparse.protocol === 'file:' && /^git\+file:\/\/[a-z]:/i.test(res.rawSpec)) { - // keep the drive letter : on windows file paths - urlparse.host += ':' - urlparse.hostname += ':' - } - delete urlparse.hash - res.fetchSpec = url.format(urlparse) + parsedUrl.hash = '' + res.fetchSpec = parsedUrl.toString() + } + if (res.fetchSpec.startsWith('git+')) { + res.fetchSpec = res.fetchSpec.slice(4) } break - } case 'http:': case 'https:': res.type = 'remote' @@ -367,7 +364,7 @@ function fromURL (res) { break default: - throw unsupportedURLType(urlparse.protocol, res.rawSpec) + throw unsupportedURLType(parsedUrl.protocol, rawSpec) } return res diff --git a/node_modules/npm-package-arg/package.json b/node_modules/npm-package-arg/package.json index 9ba1d135f3ebf..f7965d5a007c9 100644 --- a/node_modules/npm-package-arg/package.json +++ b/node_modules/npm-package-arg/package.json @@ -1,6 +1,6 @@ { "name": "npm-package-arg", - "version": "11.0.0", + "version": "11.0.1", "description": "Parse the things that can be arguments to `npm install`", "main": "./lib/npa.js", "directories": { @@ -61,6 +61,7 @@ "16.x", "18.0.0", "18.x" - ] + ], + "npmSpec": "next-9" } } diff --git a/package-lock.json b/package-lock.json index dfbc60ff070fb..83306d5680968 100644 --- a/package-lock.json +++ b/package-lock.json @@ -136,7 +136,7 @@ "normalize-package-data": "^6.0.0", "npm-audit-report": "^5.0.0", "npm-install-checks": "^6.2.0", - "npm-package-arg": "^11.0.0", + "npm-package-arg": "^11.0.1", "npm-pick-manifest": "^9.0.0", "npm-profile": "^9.0.0", "npm-registry-fetch": "^16.0.0", @@ -238,7 +238,7 @@ "@npmcli/template-oss": "4.19.0", "json-stringify-safe": "^5.0.1", "nock": "^13.3.3", - "npm-package-arg": "^11.0.0", + "npm-package-arg": "^11.0.1", "pacote": "^17.0.4", "tap": "^16.3.8" }, @@ -10872,9 +10872,9 @@ } }, "node_modules/npm-package-arg": { - "version": "11.0.0", - "resolved": "https://registry.npmjs.org/npm-package-arg/-/npm-package-arg-11.0.0.tgz", - "integrity": "sha512-D8sItaQ8n6VlBUFed3DLz2sCpkabRAjaiLkTamDppvh8lmmAPirzNfBuhJd/2rlmoxZ2S9mOHmIEvzV2z2jOeA==", + "version": "11.0.1", + "resolved": "https://registry.npmjs.org/npm-package-arg/-/npm-package-arg-11.0.1.tgz", + "integrity": "sha512-M7s1BD4NxdAvBKUPqqRW957Xwcl/4Zvo8Aj+ANrzvIPzGJZElrH7Z//rSaec2ORcND6FHHLnZeY8qgTpXDMFQQ==", "inBundle": true, "dependencies": { "hosted-git-info": "^7.0.0", @@ -17020,7 +17020,7 @@ "minimatch": "^9.0.0", "nopt": "^7.0.0", "npm-install-checks": "^6.2.0", - "npm-package-arg": "^11.0.0", + "npm-package-arg": "^11.0.1", "npm-pick-manifest": "^9.0.0", "npm-registry-fetch": "^16.0.0", "npmlog": "^7.0.1", @@ -17080,7 +17080,7 @@ "version": "8.0.0", "license": "ISC", "dependencies": { - "npm-package-arg": "^11.0.0", + "npm-package-arg": "^11.0.1", "npm-registry-fetch": "^16.0.0" }, "devDependencies": { @@ -17104,7 +17104,7 @@ "binary-extensions": "^2.2.0", "diff": "^5.1.0", "minimatch": "^9.0.0", - "npm-package-arg": "^11.0.0", + "npm-package-arg": "^11.0.1", "pacote": "^17.0.4", "tar": "^6.1.13" }, @@ -17124,7 +17124,7 @@ "@npmcli/arborist": "^7.1.0", "@npmcli/run-script": "^7.0.1", "ci-info": "^3.7.1", - "npm-package-arg": "^11.0.0", + "npm-package-arg": "^11.0.1", "npmlog": "^7.0.1", "pacote": "^17.0.4", "proc-log": "^3.0.0", @@ -17203,7 +17203,7 @@ "dependencies": { "@npmcli/arborist": "^7.1.0", "@npmcli/run-script": "^7.0.1", - "npm-package-arg": "^11.0.0", + "npm-package-arg": "^11.0.1", "pacote": "^17.0.4" }, "devDependencies": { @@ -17223,7 +17223,7 @@ "dependencies": { "ci-info": "^3.6.1", "normalize-package-data": "^6.0.0", - "npm-package-arg": "^11.0.0", + "npm-package-arg": "^11.0.1", "npm-registry-fetch": "^16.0.0", "proc-log": "^3.0.0", "semver": "^7.3.7", diff --git a/package.json b/package.json index f03328a803f8a..35de6c0874272 100644 --- a/package.json +++ b/package.json @@ -98,7 +98,7 @@ "normalize-package-data": "^6.0.0", "npm-audit-report": "^5.0.0", "npm-install-checks": "^6.2.0", - "npm-package-arg": "^11.0.0", + "npm-package-arg": "^11.0.1", "npm-pick-manifest": "^9.0.0", "npm-profile": "^9.0.0", "npm-registry-fetch": "^16.0.0", diff --git a/workspaces/arborist/package.json b/workspaces/arborist/package.json index 040ae7c9dce25..18cd0174b7abd 100644 --- a/workspaces/arborist/package.json +++ b/workspaces/arborist/package.json @@ -22,7 +22,7 @@ "minimatch": "^9.0.0", "nopt": "^7.0.0", "npm-install-checks": "^6.2.0", - "npm-package-arg": "^11.0.0", + "npm-package-arg": "^11.0.1", "npm-pick-manifest": "^9.0.0", "npm-registry-fetch": "^16.0.0", "npmlog": "^7.0.1", diff --git a/workspaces/libnpmaccess/package.json b/workspaces/libnpmaccess/package.json index 4c71748dafcb8..47014c819757e 100644 --- a/workspaces/libnpmaccess/package.json +++ b/workspaces/libnpmaccess/package.json @@ -29,7 +29,7 @@ "bugs": "https://github.com/npm/libnpmaccess/issues", "homepage": "https://npmjs.com/package/libnpmaccess", "dependencies": { - "npm-package-arg": "^11.0.0", + "npm-package-arg": "^11.0.1", "npm-registry-fetch": "^16.0.0" }, "engines": { diff --git a/workspaces/libnpmdiff/package.json b/workspaces/libnpmdiff/package.json index f735986ab5cfa..321e003eb0020 100644 --- a/workspaces/libnpmdiff/package.json +++ b/workspaces/libnpmdiff/package.json @@ -52,7 +52,7 @@ "binary-extensions": "^2.2.0", "diff": "^5.1.0", "minimatch": "^9.0.0", - "npm-package-arg": "^11.0.0", + "npm-package-arg": "^11.0.1", "pacote": "^17.0.4", "tar": "^6.1.13" }, diff --git a/workspaces/libnpmexec/package.json b/workspaces/libnpmexec/package.json index d8d7b5c035ec8..fc8a8430fadfb 100644 --- a/workspaces/libnpmexec/package.json +++ b/workspaces/libnpmexec/package.json @@ -62,7 +62,7 @@ "@npmcli/arborist": "^7.1.0", "@npmcli/run-script": "^7.0.1", "ci-info": "^3.7.1", - "npm-package-arg": "^11.0.0", + "npm-package-arg": "^11.0.1", "npmlog": "^7.0.1", "pacote": "^17.0.4", "proc-log": "^3.0.0", diff --git a/workspaces/libnpmpack/package.json b/workspaces/libnpmpack/package.json index a3074218a9098..6893720a53b3d 100644 --- a/workspaces/libnpmpack/package.json +++ b/workspaces/libnpmpack/package.json @@ -38,7 +38,7 @@ "dependencies": { "@npmcli/arborist": "^7.1.0", "@npmcli/run-script": "^7.0.1", - "npm-package-arg": "^11.0.0", + "npm-package-arg": "^11.0.1", "pacote": "^17.0.4" }, "engines": { diff --git a/workspaces/libnpmpublish/package.json b/workspaces/libnpmpublish/package.json index 8f0e5a947b817..23b6da8b79459 100644 --- a/workspaces/libnpmpublish/package.json +++ b/workspaces/libnpmpublish/package.json @@ -40,7 +40,7 @@ "dependencies": { "ci-info": "^3.6.1", "normalize-package-data": "^6.0.0", - "npm-package-arg": "^11.0.0", + "npm-package-arg": "^11.0.1", "npm-registry-fetch": "^16.0.0", "proc-log": "^3.0.0", "semver": "^7.3.7",