From fa7de9b27f4fadf0c2b975ebf89f598cd0e43d3d Mon Sep 17 00:00:00 2001 From: claudiahdz Date: Tue, 3 Sep 2019 17:51:04 -0500 Subject: deps: update npm to 6.11.3 PR-URL: https://github.com/nodejs/node/pull/29430 Reviewed-By: Rich Trott Reviewed-By: David Carlier Reviewed-By: Jiawen Geng Reviewed-By: Colin Ihrig Reviewed-By: Ruben Bridgewater Reviewed-By: Trivikram Kamat --- deps/npm/lib/ci.js | 34 +++++++++++++++++++++++---- deps/npm/lib/config.js | 2 +- deps/npm/lib/config/core.js | 36 ++++++++++++++--------------- deps/npm/lib/config/figgy-config.js | 2 +- deps/npm/lib/config/load-uid.js | 15 ------------ deps/npm/lib/config/set-user.js | 2 +- deps/npm/lib/dist-tag.js | 3 ++- deps/npm/lib/explore.js | 6 +++-- deps/npm/lib/install.js | 2 +- deps/npm/lib/install/action/extract.js | 2 +- deps/npm/lib/install/action/finalize.js | 2 +- deps/npm/lib/install/action/move.js | 2 +- deps/npm/lib/install/action/remove.js | 2 +- deps/npm/lib/install/deps.js | 8 ++++++- deps/npm/lib/install/inflate-shrinkwrap.js | 2 +- deps/npm/lib/outdated.js | 4 ++-- deps/npm/lib/search/all-package-metadata.js | 2 +- deps/npm/lib/shrinkwrap.js | 27 ++++++++++++++++------ deps/npm/lib/utils/cache-file.js | 1 + deps/npm/lib/utils/correct-mkdir.js | 1 + deps/npm/lib/utils/error-message.js | 26 +++++++++++++++++++++ deps/npm/lib/utils/escape-arg.js | 4 ++-- deps/npm/lib/utils/escape-exec-path.js | 4 ++-- 23 files changed, 125 insertions(+), 64 deletions(-) delete mode 100644 deps/npm/lib/config/load-uid.js (limited to 'deps/npm/lib') diff --git a/deps/npm/lib/ci.js b/deps/npm/lib/ci.js index 1fbb28b570..309ad2f784 100644 --- a/deps/npm/lib/ci.js +++ b/deps/npm/lib/ci.js @@ -1,8 +1,9 @@ 'use strict' +const npm = require('./npm.js') const Installer = require('libcipm') -const npmConfig = require('./config/figgy-config.js') -const npmlog = require('npmlog') +const log = require('npmlog') +const path = require('path') ci.usage = 'npm ci' @@ -10,8 +11,33 @@ ci.completion = (cb) => cb(null, []) module.exports = ci function ci (args, cb) { - return new Installer(npmConfig({ log: npmlog })).run().then(details => { - npmlog.disableProgress() + const opts = { + // Add some non-npm-config opts by hand. + cache: path.join(npm.config.get('cache'), '_cacache'), + // NOTE: npm has some magic logic around color distinct from the config + // value, so we have to override it here + color: !!npm.color, + hashAlgorithm: 'sha1', + includeDeprecated: false, + log, + 'npm-session': npm.session, + 'project-scope': npm.projectScope, + refer: npm.referer, + dmode: npm.modes.exec, + fmode: npm.modes.file, + umask: npm.modes.umask, + npmVersion: npm.version, + tmp: npm.tmp + } + + for (const key in npm.config.list[0]) { + if (key !== 'log') { + opts[key] = npm.config.list[0][key] + } + } + + return new Installer(opts).run().then(details => { + log.disableProgress() console.log(`added ${details.pkgCount} packages in ${ details.runTime / 1000 }s`) diff --git a/deps/npm/lib/config.js b/deps/npm/lib/config.js index 0d4161d3b5..5f9819879b 100644 --- a/deps/npm/lib/config.js +++ b/deps/npm/lib/config.js @@ -11,7 +11,7 @@ var ini = require('ini') var editor = require('editor') var os = require('os') var path = require('path') -var mkdirp = require('mkdirp') +var mkdirp = require('gentle-fs').mkdir var umask = require('./utils/umask') var usage = require('./utils/usage') var output = require('./utils/output') diff --git a/deps/npm/lib/config/core.js b/deps/npm/lib/config/core.js index b9851f98d0..36420b3450 100644 --- a/deps/npm/lib/config/core.js +++ b/deps/npm/lib/config/core.js @@ -8,7 +8,7 @@ var path = require('path') var nopt = require('nopt') var ini = require('ini') var Umask = configDefs.Umask -var mkdirp = require('mkdirp') +var mkdirp = require('gentle-fs').mkdir var umask = require('../utils/umask') var isWindows = require('../utils/is-windows.js') @@ -31,10 +31,8 @@ enumerable: true }) exports.validate = validate -var myUid = process.env.SUDO_UID !== undefined - ? process.env.SUDO_UID : (process.getuid && process.getuid()) -var myGid = process.env.SUDO_GID !== undefined - ? process.env.SUDO_GID : (process.getgid && process.getgid()) +var myUid = process.getuid && process.getuid() +var myGid = process.getgid && process.getgid() var loading = false var loadCbs = [] @@ -218,7 +216,6 @@ function Conf (base) { Conf.prototype.loadPrefix = require('./load-prefix.js') Conf.prototype.loadCAFile = require('./load-cafile.js') -Conf.prototype.loadUid = require('./load-uid.js') Conf.prototype.setUser = require('./set-user.js') Conf.prototype.getCredentialsByURI = require('./get-credentials-by-uri.js') Conf.prototype.setCredentialsByURI = require('./set-credentials-by-uri.js') @@ -227,11 +224,8 @@ Conf.prototype.clearCredentialsByURI = require('./clear-credentials-by-uri.js') Conf.prototype.loadExtras = function (cb) { this.setUser(function (er) { if (er) return cb(er) - this.loadUid(function (er) { - if (er) return cb(er) - // Without prefix, nothing will ever work - mkdirp(this.prefix, cb) - }.bind(this)) + // Without prefix, nothing will ever work + mkdirp(this.prefix, cb) }.bind(this)) } @@ -287,15 +281,21 @@ Conf.prototype.save = function (where, cb) { done(null) }) } else { - mkdirp(path.dirname(target.path), function (er) { + // we don't have to use inferOwner here, because gentle-fs will + // mkdir with the correctly inferred ownership. Just preserve it. + const dir = path.dirname(target.path) + mkdirp(dir, function (er) { if (er) return then(er) - fs.writeFile(target.path, data, 'utf8', function (er) { + fs.stat(dir, (er, st) => { if (er) return then(er) - if (where === 'user' && myUid && myGid) { - fs.chown(target.path, +myUid, +myGid, then) - } else { - then() - } + fs.writeFile(target.path, data, 'utf8', function (er) { + if (er) return then(er) + if (myUid === 0 && (myUid !== st.uid || myGid !== st.gid)) { + fs.chown(target.path, st.uid, st.gid, then) + } else { + then() + } + }) }) }) } diff --git a/deps/npm/lib/config/figgy-config.js b/deps/npm/lib/config/figgy-config.js index 9e9ca0ba56..d704d1502c 100644 --- a/deps/npm/lib/config/figgy-config.js +++ b/deps/npm/lib/config/figgy-config.js @@ -9,7 +9,7 @@ const npm = require('../npm.js') const pack = require('../pack.js') const path = require('path') -const npmSession = crypto.randomBytes(8).toString('hex') +const npmSession = npm.session = crypto.randomBytes(8).toString('hex') log.verbose('npm-session', npmSession) const SCOPE_REGISTRY_REGEX = /@.*:registry$/gi diff --git a/deps/npm/lib/config/load-uid.js b/deps/npm/lib/config/load-uid.js deleted file mode 100644 index 859eac7494..0000000000 --- a/deps/npm/lib/config/load-uid.js +++ /dev/null @@ -1,15 +0,0 @@ -module.exports = loadUid - -var getUid = require('uid-number') - -// Call in the context of a npmconf object - -function loadUid (cb) { - // if we're not in unsafe-perm mode, then figure out who - // to run stuff as. Do this first, to support `npm update npm -g` - if (!this.get('unsafe-perm')) { - getUid(this.get('user'), this.get('group'), cb) - } else { - process.nextTick(cb) - } -} diff --git a/deps/npm/lib/config/set-user.js b/deps/npm/lib/config/set-user.js index 14cc21d2eb..570a1f54e2 100644 --- a/deps/npm/lib/config/set-user.js +++ b/deps/npm/lib/config/set-user.js @@ -3,7 +3,7 @@ module.exports = setUser var assert = require('assert') var path = require('path') var fs = require('fs') -var mkdirp = require('mkdirp') +var mkdirp = require('gentle-fs').mkdir function setUser (cb) { var defaultConf = this.root diff --git a/deps/npm/lib/dist-tag.js b/deps/npm/lib/dist-tag.js index 176e61221e..64bb97b61a 100644 --- a/deps/npm/lib/dist-tag.js +++ b/deps/npm/lib/dist-tag.js @@ -119,7 +119,8 @@ function remove (spec, tag, opts) { delete tags[tag] const url = `/-/package/${spec.escapedName}/dist-tags/${encodeURIComponent(tag)}` const reqOpts = opts.concat({ - method: 'DELETE' + method: 'DELETE', + spec }) return otplease(reqOpts, reqOpts => regFetch(url, reqOpts)).then(() => { output(`-${tag}: ${spec.name}@${version}`) diff --git a/deps/npm/lib/explore.js b/deps/npm/lib/explore.js index 826a527fa7..0c9930f8e4 100644 --- a/deps/npm/lib/explore.js +++ b/deps/npm/lib/explore.js @@ -9,10 +9,11 @@ var npm = require('./npm.js') var spawn = require('./utils/spawn') var path = require('path') var fs = require('graceful-fs') -var isWindowsShell = require('./utils/is-windows-shell.js') +var isWindows = require('./utils/is-windows.js') var escapeExecPath = require('./utils/escape-exec-path.js') var escapeArg = require('./utils/escape-arg.js') var output = require('./utils/output.js') +var log = require('npmlog') function explore (args, cb) { if (args.length < 1 || !args[0]) return cb(explore.usage) @@ -23,7 +24,7 @@ function explore (args, cb) { var shellArgs = [] if (args) { - if (isWindowsShell) { + if (isWindows) { var execCmd = escapeExecPath(args.shift()) var execArgs = [execCmd].concat(args.map(escapeArg)) opts.windowsVerbatimArguments = true @@ -49,6 +50,7 @@ function explore (args, cb) { ) } + log.silly('explore', {sh, shellArgs, opts}) var shell = spawn(sh, shellArgs, opts) shell.on('close', function (er) { // only fail if non-interactive. diff --git a/deps/npm/lib/install.js b/deps/npm/lib/install.js index d2f705e1d1..8cc6d16bdd 100644 --- a/deps/npm/lib/install.js +++ b/deps/npm/lib/install.js @@ -104,7 +104,7 @@ var readPackageJson = require('read-package-json') var chain = require('slide').chain var asyncMap = require('slide').asyncMap var archy = require('archy') -var mkdirp = require('mkdirp') +var mkdirp = require('gentle-fs').mkdir var rimraf = require('rimraf') var iferr = require('iferr') var validate = require('aproba') diff --git a/deps/npm/lib/install/action/extract.js b/deps/npm/lib/install/action/extract.js index 32a4f4e004..585580edd2 100644 --- a/deps/npm/lib/install/action/extract.js +++ b/deps/npm/lib/install/action/extract.js @@ -5,7 +5,7 @@ const BB = require('bluebird') const figgyPudding = require('figgy-pudding') const stat = BB.promisify(require('graceful-fs').stat) const gentlyRm = BB.promisify(require('../../utils/gently-rm.js')) -const mkdirp = BB.promisify(require('mkdirp')) +const mkdirp = BB.promisify(require('gentle-fs').mkdir) const moduleName = require('../../utils/module-name.js') const moduleStagingPath = require('../module-staging-path.js') const move = require('../../utils/move.js') diff --git a/deps/npm/lib/install/action/finalize.js b/deps/npm/lib/install/action/finalize.js index e46f1b9d83..1e53c189d2 100644 --- a/deps/npm/lib/install/action/finalize.js +++ b/deps/npm/lib/install/action/finalize.js @@ -3,7 +3,7 @@ const path = require('path') const fs = require('graceful-fs') const Bluebird = require('bluebird') const rimraf = Bluebird.promisify(require('rimraf')) -const mkdirp = Bluebird.promisify(require('mkdirp')) +const mkdirp = Bluebird.promisify(require('gentle-fs').mkdir) const lstat = Bluebird.promisify(fs.lstat) const readdir = Bluebird.promisify(fs.readdir) const symlink = Bluebird.promisify(fs.symlink) diff --git a/deps/npm/lib/install/action/move.js b/deps/npm/lib/install/action/move.js index 00d58a1592..8a956f59d6 100644 --- a/deps/npm/lib/install/action/move.js +++ b/deps/npm/lib/install/action/move.js @@ -4,7 +4,7 @@ var path = require('path') var chain = require('slide').chain var iferr = require('iferr') var rimraf = require('rimraf') -var mkdirp = require('mkdirp') +var mkdirp = require('gentle-fs').mkdir var rmStuff = require('../../unbuild.js').rmStuff var lifecycle = require('../../utils/lifecycle.js') var move = require('../../utils/move.js') diff --git a/deps/npm/lib/install/action/remove.js b/deps/npm/lib/install/action/remove.js index a852d10c5f..f7182d596b 100644 --- a/deps/npm/lib/install/action/remove.js +++ b/deps/npm/lib/install/action/remove.js @@ -3,7 +3,7 @@ var path = require('path') var fs = require('graceful-fs') var rimraf = require('rimraf') var asyncMap = require('slide').asyncMap -var mkdirp = require('mkdirp') +var mkdirp = require('gentle-fs').mkdir var npm = require('../../npm.js') var andIgnoreErrors = require('../and-ignore-errors.js') var move = require('../../utils/move.js') diff --git a/deps/npm/lib/install/deps.js b/deps/npm/lib/install/deps.js index 3fe370140a..bfc94ae504 100644 --- a/deps/npm/lib/install/deps.js +++ b/deps/npm/lib/install/deps.js @@ -711,6 +711,12 @@ function resolveWithNewModule (pkg, tree, log, next) { }) } +var isOptionalPeerDep = exports.isOptionalPeerDep = function (tree, pkgname) { + if (!tree.package.peerDependenciesMeta) return + if (!tree.package.peerDependenciesMeta[pkgname]) return + return !!tree.package.peerDependenciesMeta[pkgname].optional +} + var validatePeerDeps = exports.validatePeerDeps = function (tree, onInvalid) { if (!tree.package.peerDependencies) return Object.keys(tree.package.peerDependencies).forEach(function (pkgname) { @@ -719,7 +725,7 @@ var validatePeerDeps = exports.validatePeerDeps = function (tree, onInvalid) { var spec = npa.resolve(pkgname, version) } catch (e) {} var match = spec && findRequirement(tree.parent || tree, pkgname, spec) - if (!match) onInvalid(tree, pkgname, version) + if (!match && !isOptionalPeerDep(tree, pkgname)) onInvalid(tree, pkgname, version) }) } diff --git a/deps/npm/lib/install/inflate-shrinkwrap.js b/deps/npm/lib/install/inflate-shrinkwrap.js index 5da9418bbd..b0b71ef6b1 100644 --- a/deps/npm/lib/install/inflate-shrinkwrap.js +++ b/deps/npm/lib/install/inflate-shrinkwrap.js @@ -167,7 +167,7 @@ function makeFakeChild (name, topPath, tree, sw, requested) { } const child = createChild({ package: pkg, - loaded: false, + loaded: true, parent: tree, children: [], fromShrinkwrap: requested, diff --git a/deps/npm/lib/outdated.js b/deps/npm/lib/outdated.js index bb4c346f9a..5b84ae3558 100644 --- a/deps/npm/lib/outdated.js +++ b/deps/npm/lib/outdated.js @@ -91,7 +91,7 @@ function outdated (args, silent, cb) { var dir = path.resolve(npm.dir, '..') // default depth for `outdated` is 0 (cf. `ls`) - if (opts.depth) opts = opts.concat({depth: 0}) + if (opts.depth === Infinity) opts = opts.concat({depth: 0}) readPackageTree(dir, andComputeMetadata(function (er, tree) { if (!tree) return cb(er) @@ -421,7 +421,7 @@ function shouldUpdate (args, tree, dep, has, req, depth, pkgpath, opts, cb, type var l = pickManifest(d, 'latest') var m = pickManifest(d, req) } catch (er) { - if (er.code === 'ETARGET') { + if (er.code === 'ETARGET' || er.code === 'E403') { return skip(er) } else { return skip() diff --git a/deps/npm/lib/search/all-package-metadata.js b/deps/npm/lib/search/all-package-metadata.js index a006dadadd..388b4f61f0 100644 --- a/deps/npm/lib/search/all-package-metadata.js +++ b/deps/npm/lib/search/all-package-metadata.js @@ -9,7 +9,7 @@ const figgyPudding = require('figgy-pudding') const fs = require('graceful-fs') const JSONStream = require('JSONStream') const log = require('npmlog') -const mkdir = BB.promisify(require('mkdirp')) +const mkdir = BB.promisify(require('gentle-fs').mkdir) const ms = require('mississippi') const npmFetch = require('libnpm/fetch') const path = require('path') diff --git a/deps/npm/lib/shrinkwrap.js b/deps/npm/lib/shrinkwrap.js index 35e063d447..0a3f53546c 100644 --- a/deps/npm/lib/shrinkwrap.js +++ b/deps/npm/lib/shrinkwrap.js @@ -25,6 +25,13 @@ const writeFileAtomic = require('write-file-atomic') const unixFormatPath = require('./utils/unix-format-path.js') const isRegistry = require('./utils/is-registry.js') +const { chown } = require('fs') +const inferOwner = require('infer-owner') +const selfOwner = { + uid: process.getuid && process.getuid(), + gid: process.getgid && process.getgid() +} + const PKGLOCK = 'package-lock.json' const SHRINKWRAP = 'npm-shrinkwrap.json' const PKGLOCK_VERSION = npm.lockfileVersion @@ -217,13 +224,19 @@ function save (dir, pkginfo, opts, cb) { log.verbose('shrinkwrap', `skipping write for ${path.basename(info.path)} because there were no changes.`) cb(null, pkginfo) } else { - writeFileAtomic(info.path, swdata, (err) => { - if (err) return cb(err) - if (opts.silent) return cb(null, pkginfo) - if (!shrinkwrap && !lockfile) { - log.notice('', `created a lockfile as ${path.basename(info.path)}. You should commit this file.`) - } - cb(null, pkginfo) + inferOwner(info.path).then(owner => { + writeFileAtomic(info.path, swdata, (err) => { + if (err) return cb(err) + if (opts.silent) return cb(null, pkginfo) + if (!shrinkwrap && !lockfile) { + log.notice('', `created a lockfile as ${path.basename(info.path)}. You should commit this file.`) + } + if (selfOwner.uid === 0 && (selfOwner.uid !== owner.uid || selfOwner.gid !== owner.gid)) { + chown(info.path, owner.uid, owner.gid, er => cb(er, pkginfo)) + } else { + cb(null, pkginfo) + } + }) }) } } diff --git a/deps/npm/lib/utils/cache-file.js b/deps/npm/lib/utils/cache-file.js index 77df7d4e09..7b3136b2e2 100644 --- a/deps/npm/lib/utils/cache-file.js +++ b/deps/npm/lib/utils/cache-file.js @@ -1,3 +1,4 @@ +// XXX use infer-owner or gentle-fs.mkdir here const npm = require('../npm.js') const path = require('path') const chownr = require('chownr') diff --git a/deps/npm/lib/utils/correct-mkdir.js b/deps/npm/lib/utils/correct-mkdir.js index 2558de66f5..57368e946e 100644 --- a/deps/npm/lib/utils/correct-mkdir.js +++ b/deps/npm/lib/utils/correct-mkdir.js @@ -1,3 +1,4 @@ +// XXX this can probably be replaced with gentle-fs.mkdir everywhere it's used const chownr = require('chownr') const inflight = require('inflight') const log = require('npmlog') diff --git a/deps/npm/lib/utils/error-message.js b/deps/npm/lib/utils/error-message.js index ea8b05938c..5ddfb37682 100644 --- a/deps/npm/lib/utils/error-message.js +++ b/deps/npm/lib/utils/error-message.js @@ -72,6 +72,20 @@ function errorMessage (er) { } break + case 'EUIDLOOKUP': + short.push(['lifecycle', er.message]) + detail.push([ + '', + [ + '', + 'Failed to look up the user/group for running scripts.', + '', + 'Try again with a different --user or --group settings, or', + 'run with --unsafe-perm to execute scripts as root.' + ].join('\n') + ]) + break + case 'ELIFECYCLE': short.push(['', er.message]) detail.push([ @@ -313,6 +327,18 @@ function errorMessage (er) { detail.push(['notarget', msg.join('\n')]) break + case 'E403': + short.push(['403', er.message]) + msg = [ + 'In most cases, you or one of your dependencies are requesting', + 'a package version that is forbidden by your security policy.' + ] + if (er.parent) { + msg.push("\nIt was specified as a dependency of '" + er.parent + "'\n") + } + detail.push(['403', msg.join('\n')]) + break + case 'ENOTSUP': if (er.required) { short.push(['notsup', er.message]) diff --git a/deps/npm/lib/utils/escape-arg.js b/deps/npm/lib/utils/escape-arg.js index d12ee5edf5..114abaadaa 100644 --- a/deps/npm/lib/utils/escape-arg.js +++ b/deps/npm/lib/utils/escape-arg.js @@ -1,6 +1,6 @@ 'use strict' var path = require('path') -var isWindowsShell = require('./is-windows-shell.js') +var isWindows = require('./is-windows.js') /* Escape the name of an executable suitable for passing to the system shell. @@ -15,7 +15,7 @@ any single quotes in the filename. module.exports = escapify function escapify (str) { - if (isWindowsShell) { + if (isWindows) { return '"' + path.normalize(str) + '"' } else { if (/[^-_.~/\w]/.test(str)) { diff --git a/deps/npm/lib/utils/escape-exec-path.js b/deps/npm/lib/utils/escape-exec-path.js index bf94886efa..42b6493486 100644 --- a/deps/npm/lib/utils/escape-exec-path.js +++ b/deps/npm/lib/utils/escape-exec-path.js @@ -1,6 +1,6 @@ 'use strict' var path = require('path') -var isWindowsShell = require('./is-windows-shell.js') +var isWindows = require('./is-windows.js') /* Escape the name of an executable suitable for passing to the system shell. @@ -20,7 +20,7 @@ function windowsQuotes (str) { } function escapify (str) { - if (isWindowsShell) { + if (isWindows) { return path.normalize(str).split(/\\/).map(windowsQuotes).join('\\') } else if (/[^-_.~/\w]/.test(str)) { return "'" + str.replace(/'/g, "'\"'\"'") + "'" -- cgit v1.2.1