Upgrade npm to 1.1.12

author: isaacs <i@izs.me> 2012-03-22 16:38:58 -0700
committer: isaacs <i@izs.me> 2012-03-22 16:38:58 -0700
commit: 67f1778065b4f1d96a59f5290c57061c1808feb8 (patch)
tree: 53812b51a2ea30e79091b91e47518fb3aff64836 /deps/npm/lib
parent: d1255914df46ac367d289614464cc249c3a4bb6c (diff)
download: node-new-67f1778065b4f1d96a59f5290c57061c1808feb8.tar.gz
6 files changed, 65 insertions, 38 deletions
diff --git a/deps/npm/lib/cache.js b/deps/npm/lib/cache.js
index e8aac5d2fa..e0a72ed184 100644
--- a/deps/npm/lib/cache.js
+++ b/deps/npm/lib/cache.js
@@ -95,12 +95,10 @@ function cache (args, cb) {
 // if the pkg and ver are in the cache, then
 // just do a readJson and return.
 // if they're not, then fetch them from the registry.
-var cacheSeen = {}
 function read (name, ver, forceBypass, cb) {
   if (typeof cb !== "function") cb = forceBypass, forceBypass = true
   var jsonFile = path.join(npm.cache, name, ver, "package", "package.json")
   function c (er, data) {
-    if (!er) cacheSeen[data._id] = data
     if (data) deprCheck(data)
     return cb(er, data)
   }
@@ -110,10 +108,6 @@ function read (name, ver, forceBypass, cb) {
     return addNamed(name, ver, c)
   }
 
-  if (name+"@"+ver in cacheSeen) {
-    return cb(null, cacheSeen[name+"@"+ver])
-  }
-
   readJson(jsonFile, function (er, data) {
     if (er) return addNamed(name, ver, c)
     deprCheck(data)
@@ -126,9 +120,13 @@ function ls (args, cb) {
   output = output || require("./utils/output.js")
   args = args.join("/").split("@").join("/")
   if (args.substr(-1) === "/") args = args.substr(0, args.length - 1)
+  var prefix = npm.config.get("cache")
+  if (0 === prefix.indexOf(process.env.HOME)) {
+    prefix = "~" + prefix.substr(process.env.HOME.length)
+  }
   ls_(args, npm.config.get("depth"), function(er, files) {
     output.write(files.map(function (f) {
-      return path.join("~/.npm", f)
+      return path.join(prefix, f)
     }).join("\n").trim(), function (er) {
       return cb(er, files)
     })
@@ -212,7 +210,7 @@ function add (args, cb) {
 
   // see if the spec is a url
   // otherwise, treat as name@version
-  var p = url.parse(spec.replace(/^git\+/, "git")) || {}
+  var p = url.parse(spec) || {}
   log.verbose(p, "parsed url")
 
   // it could be that we got name@http://blah
@@ -230,11 +228,11 @@ function add (args, cb) {
     case "https:":
       return addRemoteTarball(spec, null, name, cb)
     case "git:":
-    case "githttp:":
-    case "githttps:":
-    case "gitrsync:":
-    case "gitftp:":
-    case "gitssh:":
+    case "git+http:":
+    case "git+https:":
+    case "git+rsync:":
+    case "git+ftp:":
+    case "git+ssh:":
       //p.protocol = p.protocol.replace(/^git([^:])/, "$1")
       return addRemoteGit(spec, p, name, cb)
     default:
diff --git a/deps/npm/lib/install.js b/deps/npm/lib/install.js
index ae10965cbe..3288d436bb 100644
--- a/deps/npm/lib/install.js
+++ b/deps/npm/lib/install.js
@@ -506,6 +506,15 @@ function targetResolver (where, context, deps) {
       }
     }
 
+    // if it's identical to its parent, then it's probably someone
+    // doing `npm install foo` inside of the foo project.  Print
+    // a warning, and skip it.
+    if (parent && parent.name === what && !npm.config.get("force")) {
+      log.warn("Refusing to install "+what+" as a dependency of itself"
+              ,"install")
+      return cb(null, [])
+    }
+
     if (wrap) {
       name = what.split(/@/).shift()
       if (wrap[name]) {
@@ -723,8 +732,16 @@ function checkCycle (target, ancestors, cb) {
   // A more correct, but more complex, solution would be to symlink
   // the deeper thing into the new location.
   // Will do that if anyone whines about this irl.
-
-  var p = Object.getPrototypeOf(ancestors)
+  //
+  // Note: `npm install foo` inside of the `foo` package will abort
+  // earlier if `--force` is not set.  However, if it IS set, then
+  // we need to still fail here, but just skip the first level. Of
+  // course, it'll still fail eventually if it's a true cycle, and
+  // leave things in an undefined state, but that's what is to be
+  // expected when `--force` is used.  That is why getPrototypeOf
+  // is used *twice* here: to skip the first level of repetition.
+
+  var p = Object.getPrototypeOf(Object.getPrototypeOf(ancestors))
     , name = target.name
     , version = target.version
   while (p && p !== Object.prototype && p[name] !== version) {
diff --git a/deps/npm/lib/uninstall.js b/deps/npm/lib/uninstall.js
index 1b43607d6d..655e5eb968 100644
--- a/deps/npm/lib/uninstall.js
+++ b/deps/npm/lib/uninstall.js
@@ -40,7 +40,12 @@ function uninstall (args, cb) {
 
 function uninstall_ (args, nm, cb) {
   asyncMap(args, function (arg, cb) {
-    var p = path.resolve(nm, arg)
+    // uninstall .. should not delete /usr/local/lib/node_modules/..
+    var p = path.join(path.resolve(nm), path.join("/", arg))
+    if (path.resolve(p) === nm) {
+      log.warn(arg, "uninstall: invalid argument")
+      return cb(null, [])
+    }
     fs.lstat(p, function (er) {
       if (er) {
         log.warn(arg, "Not installed in "+nm)
diff --git a/deps/npm/lib/utils/excludes.js b/deps/npm/lib/utils/excludes.js
index 75fe41c057..83935ee35d 100644
--- a/deps/npm/lib/utils/excludes.js
+++ b/deps/npm/lib/utils/excludes.js
@@ -92,6 +92,7 @@ function test (file, excludeList) {
   // log.warn(excludeList, "test list")
   var incRe = /^\!(\!\!)*/
     , excluded = false
+    , mmconf = { matchBase: true, dot: true }
   for (var i = 0, l = excludeList.length; i < l; i ++) {
     var excludes = excludeList[i]
       , dir = excludes.dir
@@ -121,12 +122,12 @@ function test (file, excludeList) {
       if (inc && !excluded) continue
 
       // if it matches the pattern, then it should be excluded.
-      excluded = !!minimatch(rf, ex, { matchBase: true })
+      excluded = !!minimatch(rf, ex, mmconf)
       // log.error([rf, ex, excluded], "rf, ex, excluded")
 
       // if you include foo, then it also includes foo/bar.js
       if (inc && excluded && ex.slice(-3) !== "/**") {
-        excluded = minimatch(rf, ex + "/**", { matchBase: true })
+        excluded = minimatch(rf, ex + "/**", mmconf)
         // log.warn([rf, ex + "/**", inc, excluded], "dir without /")
       }
 
@@ -141,6 +142,7 @@ function test (file, excludeList) {
         ll ++
       }
     }
+
     // log.warn([rf, excluded, excludes], "rf, excluded, excludes")
   }
   // true if it *should* be included
diff --git a/deps/npm/lib/utils/read-json.js b/deps/npm/lib/utils/read-json.js
index 20461e4cfa..9d76a16b83 100644
--- a/deps/npm/lib/utils/read-json.js
+++ b/deps/npm/lib/utils/read-json.js
@@ -262,11 +262,12 @@ function typoWarn (json) {
                   }
 
   if (typeof json.bugs === "object") {
+    // just go ahead and correct these.
     Object.keys(bugsTypos).forEach(function (d) {
       if (json.bugs.hasOwnProperty(d)) {
-        log.warn( "package.json: bugs['" + d + "'] should probably be "
-                + "bugs['" + bugsTypos[d] + "']", json._id)
-        }
+        json.bugs[ bugsTypos[d] ] = json.bugs[d]
+        delete json.bugs[d]
+      }
     })
   }
 
diff --git a/deps/npm/lib/utils/tar.js b/deps/npm/lib/utils/tar.js
index 9a97ee2809..906913fe1a 100644
--- a/deps/npm/lib/utils/tar.js
+++ b/deps/npm/lib/utils/tar.js
@@ -98,6 +98,14 @@ function packFiles (targetTarball, parent, files, pkg, cb_) {
                      this.props.mode = this.props.mode | 0200
                      var inc = -1 !== files.indexOf(this.path)
 
+                     // symbolic links are not allowed in packages.
+                     if (this.type.match(/^.*Link$/)) {
+                       log.warn( this.path.substr(parent.length + 1)
+                               + ' -> ' + this.linkpath
+                               , "excluding symbolic link")
+                       return false
+                     }
+
                      // WARNING! Hackety hack!
                      // XXX Fix this in a better way.
                      // Rename .gitignore to .npmignore if there is not a
@@ -111,6 +119,7 @@ function packFiles (targetTarball, parent, files, pkg, cb_) {
                        this.basename = ".npmignore"
                        this.path = path.join(d, ".npmignore")
                      }
+
                      return inc
                    }
                  })
@@ -172,23 +181,6 @@ function unpack_ ( tarball, unpackTarget, dMode, fMode, uid, gid, cb ) {
   })
 }
 
-// on Windows, A/V software can lock the directory, causing this
-// to fail with an EACCES.  Try again on failure, for up to 1 second.
-// XXX Fix this by not unpacking into a temp directory, instead just
-// renaming things on the way out of the tarball.
-function moveIntoPlace (folder, unpackTarget, cb) {
-  var start = Date.now()
-  fs.rename(folder, unpackTarget, function CB (er) {
-    if (er
-        && process.platform === "win32"
-        && er.code === "EACCES"
-        && Date.now() - start < 1000) {
-      return fs.rename(folder, unpackTarget, CB)
-    }
-    cb(er)
-  })
-}
-
 
 function gunzTarPerm (tarball, target, dMode, fMode, uid, gid, cb_) {
   if (!dMode) dMode = npm.modes.exec
@@ -233,6 +225,18 @@ function gunzTarPerm (tarball, target, dMode, fMode, uid, gid, cb_) {
 
   var extractOpts = { type: "Directory", path: target, strip: 1 }
 
+  extractOpts.filter = function () {
+    // symbolic links are not allowed in packages.
+    if (this.type.match(/^.*Link$/)) {
+      log.warn( this.path.substr(target.length + 1)
+              + ' -> ' + this.linkpath
+              , "excluding symbolic link")
+      return false
+    }
+    return true
+  }
+
+
   fst.on("error", log.er(cb, "error reading "+tarball))
   fst.on("data", function OD (c) {
     // detect what it is.
author	isaacs <i@izs.me>	2012-03-22 16:38:58 -0700
committer	isaacs <i@izs.me>	2012-03-22 16:38:58 -0700
commit	67f1778065b4f1d96a59f5290c57061c1808feb8 (patch)
tree	53812b51a2ea30e79091b91e47518fb3aff64836 /deps/npm/lib
parent	d1255914df46ac367d289614464cc249c3a4bb6c (diff)
download	node-new-67f1778065b4f1d96a59f5290c57061c1808feb8.tar.gz