Skip to content

Commit

Permalink
deps: pacote@18.0.3
Browse files Browse the repository at this point in the history
  • Loading branch information
wraithgar committed Apr 30, 2024
1 parent 65d76db commit a785766
Show file tree
Hide file tree
Showing 18 changed files with 1,249 additions and 8 deletions.
6 changes: 6 additions & 0 deletions node_modules/.gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -167,6 +167,12 @@
!/npm-user-validate
!/p-map
!/pacote
!/pacote/node_modules/
/pacote/node_modules/*
!/pacote/node_modules/@npmcli/
/pacote/node_modules/@npmcli/*
!/pacote/node_modules/@npmcli/redact
!/pacote/node_modules/npm-registry-fetch
!/parse-conflict-json
!/path-key
!/path-scurry
Expand Down
21 changes: 21 additions & 0 deletions node_modules/pacote/node_modules/@npmcli/redact/LICENSE
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
MIT License

Copyright (c) 2024 npm

Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
59 changes: 59 additions & 0 deletions node_modules/pacote/node_modules/@npmcli/redact/lib/deep-map.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,59 @@
const deepMap = (input, handler = v => v, path = ['$'], seen = new Set([input])) => {
if (Array.isArray(input)) {
const result = []
for (let i = 0; i < input.length; i++) {
const element = input[i]
const elementPath = [...path, i]
if (element instanceof Object) {
if (!seen.has(element)) { // avoid getting stuck in circular reference
seen.add(element)
result.push(deepMap(handler(element, elementPath), handler, elementPath, seen))
}
} else {
result.push(handler(element, elementPath))
}
}
return result
}

if (input === null) {
return null
} else if (typeof input === 'object' || typeof input === 'function') {
const result = {}

if (input instanceof Error) {
// `name` property is not included in `Object.getOwnPropertyNames(error)`
result.errorType = input.name
}

for (const propertyName of Object.getOwnPropertyNames(input)) {
// skip logging internal properties
if (propertyName.startsWith('_')) {
continue
}

try {
const property = input[propertyName]
const propertyPath = [...path, propertyName]
if (property instanceof Object) {
if (!seen.has(property)) { // avoid getting stuck in circular reference
seen.add(property)
result[propertyName] = deepMap(
handler(property, propertyPath), handler, propertyPath, seen
)
}
} else {
result[propertyName] = handler(property, propertyPath)
}
} catch (err) {
// a getter may throw an error
result[propertyName] = `[error getting value: ${err.message}]`
}
}
return result
}

return handler(input, path)
}

module.exports = { deepMap }
44 changes: 44 additions & 0 deletions node_modules/pacote/node_modules/@npmcli/redact/lib/index.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,44 @@
const matchers = require('./matchers')
const { redactUrlPassword } = require('./utils')

const REPLACE = '***'

const redact = (value) => {
if (typeof value !== 'string' || !value) {
return value
}
return redactUrlPassword(value, REPLACE)
.replace(matchers.NPM_SECRET.pattern, `npm_${REPLACE}`)
.replace(matchers.UUID.pattern, REPLACE)
}

// split on \s|= similar to how nopt parses options
const splitAndRedact = (str) => {
// stateful regex, don't move out of this scope
const splitChars = /[\s=]/g

let match = null
let result = ''
let index = 0
while (match = splitChars.exec(str)) {
result += redact(str.slice(index, match.index)) + match[0]
index = splitChars.lastIndex
}

return result + redact(str.slice(index))
}

// replaces auth info in an array of arguments or in a strings
const redactLog = (arg) => {
if (typeof arg === 'string') {
return splitAndRedact(arg)
} else if (Array.isArray(arg)) {
return arg.map((a) => typeof a === 'string' ? splitAndRedact(a) : a)
}
return arg
}

module.exports = {
redact,
redactLog,
}
81 changes: 81 additions & 0 deletions node_modules/pacote/node_modules/@npmcli/redact/lib/matchers.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,81 @@
const TYPE_REGEX = 'regex'
const TYPE_URL = 'url'
const TYPE_PATH = 'path'

const NPM_SECRET = {
type: TYPE_REGEX,
pattern: /\b(npms?_)[a-zA-Z0-9]{36,48}\b/gi,
replacement: `[REDACTED_NPM_SECRET]`,
}

const AUTH_HEADER = {
type: TYPE_REGEX,
pattern: /\b(Basic\s+|Bearer\s+)[\w+=\-.]+\b/gi,
replacement: `[REDACTED_AUTH_HEADER]`,
}

const JSON_WEB_TOKEN = {
type: TYPE_REGEX,
pattern: /\b[A-Za-z0-9-_]{10,}(?!\.\d+\.)\.[A-Za-z0-9-_]{3,}\.[A-Za-z0-9-_]{20,}\b/gi,
replacement: `[REDACTED_JSON_WEB_TOKEN]`,
}

const UUID = {
type: TYPE_REGEX,
pattern: /\b[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}\b/gi,
replacement: `[REDACTED_UUID]`,
}

const URL_MATCHER = {
type: TYPE_REGEX,
pattern: /(?:https?|ftp):\/\/[^\s/"$.?#].[^\s"]*/gi,
replacement: '[REDACTED_URL]',
}

const DEEP_HEADER_AUTHORIZATION = {
type: TYPE_PATH,
predicate: ({ path }) => path.endsWith('.headers.authorization'),
replacement: '[REDACTED_HEADER_AUTHORIZATION]',
}

const DEEP_HEADER_SET_COOKIE = {
type: TYPE_PATH,
predicate: ({ path }) => path.endsWith('.headers.set-cookie'),
replacement: '[REDACTED_HEADER_SET_COOKIE]',
}

const REWRITE_REQUEST = {
type: TYPE_PATH,
predicate: ({ path }) => path.endsWith('.request'),
replacement: (input) => ({
method: input?.method,
path: input?.path,
headers: input?.headers,
url: input?.url,
}),
}

const REWRITE_RESPONSE = {
type: TYPE_PATH,
predicate: ({ path }) => path.endsWith('.response'),
replacement: (input) => ({
data: input?.data,
status: input?.status,
headers: input?.headers,
}),
}

module.exports = {
TYPE_REGEX,
TYPE_URL,
TYPE_PATH,
NPM_SECRET,
AUTH_HEADER,
JSON_WEB_TOKEN,
UUID,
URL_MATCHER,
DEEP_HEADER_AUTHORIZATION,
DEEP_HEADER_SET_COOKIE,
REWRITE_REQUEST,
REWRITE_RESPONSE,
}
34 changes: 34 additions & 0 deletions node_modules/pacote/node_modules/@npmcli/redact/lib/server.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
const {
AUTH_HEADER,
JSON_WEB_TOKEN,
NPM_SECRET,
DEEP_HEADER_AUTHORIZATION,
DEEP_HEADER_SET_COOKIE,
REWRITE_REQUEST,
REWRITE_RESPONSE,
} = require('./matchers')

const {
redactUrlMatcher,
redactUrlPasswordMatcher,
redactMatchers,
} = require('./utils')

const { deepMap } = require('./deep-map')

const _redact = redactMatchers(
NPM_SECRET,
AUTH_HEADER,
JSON_WEB_TOKEN,
DEEP_HEADER_AUTHORIZATION,
DEEP_HEADER_SET_COOKIE,
REWRITE_REQUEST,
REWRITE_RESPONSE,
redactUrlMatcher(
redactUrlPasswordMatcher()
)
)

const redact = (input) => deepMap(input, (value, path) => _redact(value, { path }))

module.exports = { redact }
Loading

0 comments on commit a785766

Please sign in to comment.