432 lines
13 KiB
JavaScript
432 lines
13 KiB
JavaScript
'use strict'
|
|
module.exports = npa
|
|
module.exports.resolve = resolve
|
|
module.exports.toPurl = toPurl
|
|
module.exports.Result = Result
|
|
|
|
const url = require('url')
|
|
const HostedGit = require('hosted-git-info')
|
|
const semver = require('semver')
|
|
const path = global.FAKE_WINDOWS ? require('path').win32 : require('path')
|
|
const validatePackageName = require('validate-npm-package-name')
|
|
const { homedir } = require('os')
|
|
const log = require('proc-log')
|
|
|
|
const isWindows = process.platform === 'win32' || global.FAKE_WINDOWS
|
|
const hasSlashes = isWindows ? /\\|[/]/ : /[/]/
|
|
const isURL = /^(?:git[+])?[a-z]+:/i
|
|
const isGit = /^[^@]+@[^:.]+\.[^:]+:.+$/i
|
|
const isFilename = /[.](?:tgz|tar.gz|tar)$/i
|
|
|
|
function npa (arg, where) {
|
|
let name
|
|
let spec
|
|
if (typeof arg === 'object') {
|
|
if (arg instanceof Result && (!where || where === arg.where)) {
|
|
return arg
|
|
} else if (arg.name && arg.rawSpec) {
|
|
return npa.resolve(arg.name, arg.rawSpec, where || arg.where)
|
|
} else {
|
|
return npa(arg.raw, where || arg.where)
|
|
}
|
|
}
|
|
const nameEndsAt = arg[0] === '@' ? arg.slice(1).indexOf('@') + 1 : arg.indexOf('@')
|
|
const namePart = nameEndsAt > 0 ? arg.slice(0, nameEndsAt) : arg
|
|
if (isURL.test(arg)) {
|
|
spec = arg
|
|
} else if (isGit.test(arg)) {
|
|
spec = `git+ssh://${arg}`
|
|
} else if (namePart[0] !== '@' && (hasSlashes.test(namePart) || isFilename.test(namePart))) {
|
|
spec = arg
|
|
} else if (nameEndsAt > 0) {
|
|
name = namePart
|
|
spec = arg.slice(nameEndsAt + 1) || '*'
|
|
} else {
|
|
const valid = validatePackageName(arg)
|
|
if (valid.validForOldPackages) {
|
|
name = arg
|
|
spec = '*'
|
|
} else {
|
|
spec = arg
|
|
}
|
|
}
|
|
return resolve(name, spec, where, arg)
|
|
}
|
|
|
|
const isFilespec = isWindows ? /^(?:[.]|~[/]|[/\\]|[a-zA-Z]:)/ : /^(?:[.]|~[/]|[/]|[a-zA-Z]:)/
|
|
|
|
function resolve (name, spec, where, arg) {
|
|
const res = new Result({
|
|
raw: arg,
|
|
name: name,
|
|
rawSpec: spec,
|
|
fromArgument: arg != null,
|
|
})
|
|
|
|
if (name) {
|
|
res.setName(name)
|
|
}
|
|
|
|
if (spec && (isFilespec.test(spec) || /^file:/i.test(spec))) {
|
|
return fromFile(res, where)
|
|
} else if (spec && /^npm:/i.test(spec)) {
|
|
return fromAlias(res, where)
|
|
}
|
|
|
|
const hosted = HostedGit.fromUrl(spec, {
|
|
noGitPlus: true,
|
|
noCommittish: true,
|
|
})
|
|
if (hosted) {
|
|
return fromHostedGit(res, hosted)
|
|
} else if (spec && isURL.test(spec)) {
|
|
return fromURL(res)
|
|
} else if (spec && (hasSlashes.test(spec) || isFilename.test(spec))) {
|
|
return fromFile(res, where)
|
|
} else {
|
|
return fromRegistry(res)
|
|
}
|
|
}
|
|
|
|
const defaultRegistry = 'https://registry.npmjs.org'
|
|
|
|
function toPurl (arg, reg = defaultRegistry) {
|
|
const res = npa(arg)
|
|
|
|
if (res.type !== 'version') {
|
|
throw invalidPurlType(res.type, res.raw)
|
|
}
|
|
|
|
// URI-encode leading @ of scoped packages
|
|
let purl = 'pkg:npm/' + res.name.replace(/^@/, '%40') + '@' + res.rawSpec
|
|
if (reg !== defaultRegistry) {
|
|
purl += '?repository_url=' + reg
|
|
}
|
|
|
|
return purl
|
|
}
|
|
|
|
function invalidPackageName (name, valid, raw) {
|
|
// eslint-disable-next-line max-len
|
|
const err = new Error(`Invalid package name "${name}" of package "${raw}": ${valid.errors.join('; ')}.`)
|
|
err.code = 'EINVALIDPACKAGENAME'
|
|
return err
|
|
}
|
|
|
|
function invalidTagName (name, raw) {
|
|
// eslint-disable-next-line max-len
|
|
const err = new Error(`Invalid tag name "${name}" of package "${raw}": Tags may not have any characters that encodeURIComponent encodes.`)
|
|
err.code = 'EINVALIDTAGNAME'
|
|
return err
|
|
}
|
|
|
|
function invalidPurlType (type, raw) {
|
|
// eslint-disable-next-line max-len
|
|
const err = new Error(`Invalid type "${type}" of package "${raw}": Purl can only be generated for "version" types.`)
|
|
err.code = 'EINVALIDPURLTYPE'
|
|
return err
|
|
}
|
|
|
|
function Result (opts) {
|
|
this.type = opts.type
|
|
this.registry = opts.registry
|
|
this.where = opts.where
|
|
if (opts.raw == null) {
|
|
this.raw = opts.name ? opts.name + '@' + opts.rawSpec : opts.rawSpec
|
|
} else {
|
|
this.raw = opts.raw
|
|
}
|
|
|
|
this.name = undefined
|
|
this.escapedName = undefined
|
|
this.scope = undefined
|
|
this.rawSpec = opts.rawSpec || ''
|
|
this.saveSpec = opts.saveSpec
|
|
this.fetchSpec = opts.fetchSpec
|
|
if (opts.name) {
|
|
this.setName(opts.name)
|
|
}
|
|
this.gitRange = opts.gitRange
|
|
this.gitCommittish = opts.gitCommittish
|
|
this.gitSubdir = opts.gitSubdir
|
|
this.hosted = opts.hosted
|
|
}
|
|
|
|
Result.prototype.setName = function (name) {
|
|
const valid = validatePackageName(name)
|
|
if (!valid.validForOldPackages) {
|
|
throw invalidPackageName(name, valid, this.raw)
|
|
}
|
|
|
|
this.name = name
|
|
this.scope = name[0] === '@' ? name.slice(0, name.indexOf('/')) : undefined
|
|
// scoped packages in couch must have slash url-encoded, e.g. @foo%2Fbar
|
|
this.escapedName = name.replace('/', '%2f')
|
|
return this
|
|
}
|
|
|
|
Result.prototype.toString = function () {
|
|
const full = []
|
|
if (this.name != null && this.name !== '') {
|
|
full.push(this.name)
|
|
}
|
|
const spec = this.saveSpec || this.fetchSpec || this.rawSpec
|
|
if (spec != null && spec !== '') {
|
|
full.push(spec)
|
|
}
|
|
return full.length ? full.join('@') : this.raw
|
|
}
|
|
|
|
Result.prototype.toJSON = function () {
|
|
const result = Object.assign({}, this)
|
|
delete result.hosted
|
|
return result
|
|
}
|
|
|
|
function setGitCommittish (res, committish) {
|
|
if (!committish) {
|
|
res.gitCommittish = null
|
|
return res
|
|
}
|
|
|
|
// for each :: separated item:
|
|
for (const part of committish.split('::')) {
|
|
// if the item has no : the n it is a commit-ish
|
|
if (!part.includes(':')) {
|
|
if (res.gitRange) {
|
|
throw new Error('cannot override existing semver range with a committish')
|
|
}
|
|
if (res.gitCommittish) {
|
|
throw new Error('cannot override existing committish with a second committish')
|
|
}
|
|
res.gitCommittish = part
|
|
continue
|
|
}
|
|
// split on name:value
|
|
const [name, value] = part.split(':')
|
|
// if name is semver do semver lookup of ref or tag
|
|
if (name === 'semver') {
|
|
if (res.gitCommittish) {
|
|
throw new Error('cannot override existing committish with a semver range')
|
|
}
|
|
if (res.gitRange) {
|
|
throw new Error('cannot override existing semver range with a second semver range')
|
|
}
|
|
res.gitRange = decodeURIComponent(value)
|
|
continue
|
|
}
|
|
if (name === 'path') {
|
|
if (res.gitSubdir) {
|
|
throw new Error('cannot override existing path with a second path')
|
|
}
|
|
res.gitSubdir = `/${value}`
|
|
continue
|
|
}
|
|
log.warn('npm-package-arg', `ignoring unknown key "${name}"`)
|
|
}
|
|
|
|
return res
|
|
}
|
|
|
|
function fromFile (res, where) {
|
|
if (!where) {
|
|
where = process.cwd()
|
|
}
|
|
res.type = isFilename.test(res.rawSpec) ? 'file' : 'directory'
|
|
res.where = where
|
|
|
|
// always put the '/' on where when resolving urls, or else
|
|
// file:foo from /path/to/bar goes to /path/to/foo, when we want
|
|
// it to be /path/to/bar/foo
|
|
|
|
let specUrl
|
|
let resolvedUrl
|
|
const prefix = (!/^file:/.test(res.rawSpec) ? 'file:' : '')
|
|
const rawWithPrefix = prefix + res.rawSpec
|
|
let rawNoPrefix = rawWithPrefix.replace(/^file:/, '')
|
|
try {
|
|
resolvedUrl = new url.URL(rawWithPrefix, `file://${path.resolve(where)}/`)
|
|
specUrl = new url.URL(rawWithPrefix)
|
|
} catch (originalError) {
|
|
const er = new Error('Invalid file: URL, must comply with RFC 8909')
|
|
throw Object.assign(er, {
|
|
raw: res.rawSpec,
|
|
spec: res,
|
|
where,
|
|
originalError,
|
|
})
|
|
}
|
|
|
|
// environment switch for testing
|
|
if (process.env.NPM_PACKAGE_ARG_8909_STRICT !== '1') {
|
|
// XXX backwards compatibility lack of compliance with 8909
|
|
// Remove when we want a breaking change to come into RFC compliance.
|
|
if (resolvedUrl.host && resolvedUrl.host !== 'localhost') {
|
|
const rawSpec = res.rawSpec.replace(/^file:\/\//, 'file:///')
|
|
resolvedUrl = new url.URL(rawSpec, `file://${path.resolve(where)}/`)
|
|
specUrl = new url.URL(rawSpec)
|
|
rawNoPrefix = rawSpec.replace(/^file:/, '')
|
|
}
|
|
// turn file:/../foo into file:../foo
|
|
// for 1, 2 or 3 leading slashes since we attempted
|
|
// in the previous step to make it a file protocol url with a leading slash
|
|
if (/^\/{1,3}\.\.?(\/|$)/.test(rawNoPrefix)) {
|
|
const rawSpec = res.rawSpec.replace(/^file:\/{1,3}/, 'file:')
|
|
resolvedUrl = new url.URL(rawSpec, `file://${path.resolve(where)}/`)
|
|
specUrl = new url.URL(rawSpec)
|
|
rawNoPrefix = rawSpec.replace(/^file:/, '')
|
|
}
|
|
// XXX end 8909 violation backwards compatibility section
|
|
}
|
|
|
|
// file:foo - relative url to ./foo
|
|
// file:/foo - absolute path /foo
|
|
// file:///foo - absolute path to /foo, no authority host
|
|
// file://localhost/foo - absolute path to /foo, on localhost
|
|
// file://foo - absolute path to / on foo host (error!)
|
|
if (resolvedUrl.host && resolvedUrl.host !== 'localhost') {
|
|
const msg = `Invalid file: URL, must be absolute if // present`
|
|
throw Object.assign(new Error(msg), {
|
|
raw: res.rawSpec,
|
|
parsed: resolvedUrl,
|
|
})
|
|
}
|
|
|
|
// turn /C:/blah into just C:/blah on windows
|
|
let specPath = decodeURIComponent(specUrl.pathname)
|
|
let resolvedPath = decodeURIComponent(resolvedUrl.pathname)
|
|
if (isWindows) {
|
|
specPath = specPath.replace(/^\/+([a-z]:\/)/i, '$1')
|
|
resolvedPath = resolvedPath.replace(/^\/+([a-z]:\/)/i, '$1')
|
|
}
|
|
|
|
// replace ~ with homedir, but keep the ~ in the saveSpec
|
|
// otherwise, make it relative to where param
|
|
if (/^\/~(\/|$)/.test(specPath)) {
|
|
res.saveSpec = `file:${specPath.substr(1)}`
|
|
resolvedPath = path.resolve(homedir(), specPath.substr(3))
|
|
} else if (!path.isAbsolute(rawNoPrefix)) {
|
|
res.saveSpec = `file:${path.relative(where, resolvedPath)}`
|
|
} else {
|
|
res.saveSpec = `file:${path.resolve(resolvedPath)}`
|
|
}
|
|
|
|
res.fetchSpec = path.resolve(where, resolvedPath)
|
|
return res
|
|
}
|
|
|
|
function fromHostedGit (res, hosted) {
|
|
res.type = 'git'
|
|
res.hosted = hosted
|
|
res.saveSpec = hosted.toString({ noGitPlus: false, noCommittish: false })
|
|
res.fetchSpec = hosted.getDefaultRepresentation() === 'shortcut' ? null : hosted.toString()
|
|
return setGitCommittish(res, hosted.committish)
|
|
}
|
|
|
|
function unsupportedURLType (protocol, spec) {
|
|
const err = new Error(`Unsupported URL Type "${protocol}": ${spec}`)
|
|
err.code = 'EUNSUPPORTEDPROTOCOL'
|
|
return err
|
|
}
|
|
|
|
function matchGitScp (spec) {
|
|
// git ssh specifiers are overloaded to also use scp-style git
|
|
// specifiers, so we have to parse those out and treat them special.
|
|
// They are NOT true URIs, so we can't hand them to `url.parse`.
|
|
//
|
|
// This regex looks for things that look like:
|
|
// git+ssh://git@my.custom.git.com:username/project.git#deadbeef
|
|
//
|
|
// ...and various combinations. The username in the beginning is *required*.
|
|
const matched = spec.match(/^git\+ssh:\/\/([^:#]+:[^#]+(?:\.git)?)(?:#(.*))?$/i)
|
|
return matched && !matched[1].match(/:[0-9]+\/?.*$/i) && {
|
|
fetchSpec: matched[1],
|
|
gitCommittish: matched[2] == null ? null : matched[2],
|
|
}
|
|
}
|
|
|
|
function fromURL (res) {
|
|
// eslint-disable-next-line node/no-deprecated-api
|
|
const urlparse = url.parse(res.rawSpec)
|
|
res.saveSpec = res.rawSpec
|
|
// check the protocol, and then see if it's git or not
|
|
switch (urlparse.protocol) {
|
|
case 'git:':
|
|
case 'git+http:':
|
|
case 'git+https:':
|
|
case 'git+rsync:':
|
|
case 'git+ftp:':
|
|
case 'git+file:':
|
|
case 'git+ssh:': {
|
|
res.type = 'git'
|
|
const match = urlparse.protocol === 'git+ssh:' ? matchGitScp(res.rawSpec)
|
|
: null
|
|
if (match) {
|
|
setGitCommittish(res, match.gitCommittish)
|
|
res.fetchSpec = match.fetchSpec
|
|
} else {
|
|
setGitCommittish(res, urlparse.hash != null ? urlparse.hash.slice(1) : '')
|
|
urlparse.protocol = urlparse.protocol.replace(/^git[+]/, '')
|
|
if (urlparse.protocol === 'file:' && /^git\+file:\/\/[a-z]:/i.test(res.rawSpec)) {
|
|
// keep the drive letter : on windows file paths
|
|
urlparse.host += ':'
|
|
urlparse.hostname += ':'
|
|
}
|
|
delete urlparse.hash
|
|
res.fetchSpec = url.format(urlparse)
|
|
}
|
|
break
|
|
}
|
|
case 'http:':
|
|
case 'https:':
|
|
res.type = 'remote'
|
|
res.fetchSpec = res.saveSpec
|
|
break
|
|
|
|
default:
|
|
throw unsupportedURLType(urlparse.protocol, res.rawSpec)
|
|
}
|
|
|
|
return res
|
|
}
|
|
|
|
function fromAlias (res, where) {
|
|
const subSpec = npa(res.rawSpec.substr(4), where)
|
|
if (subSpec.type === 'alias') {
|
|
throw new Error('nested aliases not supported')
|
|
}
|
|
|
|
if (!subSpec.registry) {
|
|
throw new Error('aliases only work for registry deps')
|
|
}
|
|
|
|
res.subSpec = subSpec
|
|
res.registry = true
|
|
res.type = 'alias'
|
|
res.saveSpec = null
|
|
res.fetchSpec = null
|
|
return res
|
|
}
|
|
|
|
function fromRegistry (res) {
|
|
res.registry = true
|
|
const spec = res.rawSpec.trim()
|
|
// no save spec for registry components as we save based on the fetched
|
|
// version, not on the argument so this can't compute that.
|
|
res.saveSpec = null
|
|
res.fetchSpec = spec
|
|
const version = semver.valid(spec, true)
|
|
const range = semver.validRange(spec, true)
|
|
if (version) {
|
|
res.type = 'version'
|
|
} else if (range) {
|
|
res.type = 'range'
|
|
} else {
|
|
if (encodeURIComponent(spec) !== spec) {
|
|
throw invalidTagName(spec, res.raw)
|
|
}
|
|
res.type = 'tag'
|
|
}
|
|
return res
|
|
}
|