atcheck/lsscanner/new_ubuntu/node_modules_win/npm/lib/shrinkwrap.js

297 lines
9.8 KiB
JavaScript
Executable File

'use strict'
const BB = require('bluebird')
const chain = require('slide').chain
const detectIndent = require('detect-indent')
const detectNewline = require('detect-newline')
const readFile = BB.promisify(require('graceful-fs').readFile)
const getRequested = require('./install/get-requested.js')
const id = require('./install/deps.js')
const iferr = require('iferr')
const isOnlyOptional = require('./install/is-only-optional.js')
const isOnlyDev = require('./install/is-only-dev.js')
const lifecycle = require('./utils/lifecycle.js')
const log = require('npmlog')
const moduleName = require('./utils/module-name.js')
const move = require('move-concurrently')
const npm = require('./npm.js')
const path = require('path')
const readPackageTree = BB.promisify(require('read-package-tree'))
const ssri = require('ssri')
const stringifyPackage = require('stringify-package')
const validate = require('aproba')
const writeFileAtomic = require('write-file-atomic')
const unixFormatPath = require('./utils/unix-format-path.js')
const isRegistry = require('./utils/is-registry.js')
const { chown } = require('fs')
const inferOwner = require('infer-owner')
const selfOwner = {
uid: process.getuid && process.getuid(),
gid: process.getgid && process.getgid()
}
const PKGLOCK = 'package-lock.json'
const SHRINKWRAP = 'npm-shrinkwrap.json'
const PKGLOCK_VERSION = npm.lockfileVersion
// emit JSON describing versions of all packages currently installed (for later
// use with shrinkwrap install)
shrinkwrap.usage = 'npm shrinkwrap'
module.exports = exports = shrinkwrap
exports.treeToShrinkwrap = treeToShrinkwrap
function shrinkwrap (args, silent, cb) {
if (typeof cb !== 'function') {
cb = silent
silent = false
}
if (args.length) {
log.warn('shrinkwrap', "doesn't take positional args")
}
move(
path.resolve(npm.prefix, PKGLOCK),
path.resolve(npm.prefix, SHRINKWRAP),
{ Promise: BB }
).then(() => {
log.notice('', `${PKGLOCK} has been renamed to ${SHRINKWRAP}. ${SHRINKWRAP} will be used for future installations.`)
return readFile(path.resolve(npm.prefix, SHRINKWRAP)).then((d) => {
return JSON.parse(d)
})
}, (err) => {
if (err.code !== 'ENOENT') {
throw err
} else {
return readPackageTree(npm.localPrefix).then(
id.computeMetadata
).then((tree) => {
return BB.fromNode((cb) => {
createShrinkwrap(tree, {
silent,
defaultFile: SHRINKWRAP
}, cb)
})
})
}
}).then((data) => cb(null, data), cb)
}
module.exports.createShrinkwrap = createShrinkwrap
function createShrinkwrap (tree, opts, cb) {
opts = opts || {}
lifecycle(tree.package, 'preshrinkwrap', tree.path, function () {
const pkginfo = treeToShrinkwrap(tree)
chain([
[lifecycle, tree.package, 'shrinkwrap', tree.path],
[shrinkwrap_, tree.path, pkginfo, opts],
[lifecycle, tree.package, 'postshrinkwrap', tree.path]
], iferr(cb, function (data) {
cb(null, pkginfo)
}))
})
}
function treeToShrinkwrap (tree) {
validate('O', arguments)
var pkginfo = {}
if (tree.package.name) pkginfo.name = tree.package.name
if (tree.package.version) pkginfo.version = tree.package.version
if (tree.children.length) {
pkginfo.requires = true
shrinkwrapDeps(pkginfo.dependencies = {}, tree, tree)
}
return pkginfo
}
function shrinkwrapDeps (deps, top, tree, seen) {
validate('OOO', [deps, top, tree])
if (!seen) seen = new Set()
if (seen.has(tree)) return
seen.add(tree)
sortModules(tree.children).forEach(function (child) {
var childIsOnlyDev = isOnlyDev(child)
var pkginfo = deps[moduleName(child)] = {}
var requested = getRequested(child) || child.package._requested || {}
var linked = child.isLink || child.isInLink
pkginfo.version = childVersion(top, child, requested)
if (requested.type === 'git' && child.package._from) {
pkginfo.from = child.package._from
}
if (child.fromBundle && !linked) {
pkginfo.bundled = true
} else {
if (isRegistry(requested)) {
pkginfo.resolved = child.package._resolved
}
// no integrity for git deps as integrity hashes are based on the
// tarball and we can't (yet) create consistent tarballs from a stable
// source.
if (requested.type !== 'git') {
pkginfo.integrity = child.package._integrity || undefined
if (!pkginfo.integrity && child.package._shasum) {
pkginfo.integrity = ssri.fromHex(child.package._shasum, 'sha1')
}
}
}
if (childIsOnlyDev) pkginfo.dev = true
if (isOnlyOptional(child)) pkginfo.optional = true
if (child.requires.length) {
pkginfo.requires = {}
sortModules(child.requires).forEach((required) => {
var requested = getRequested(required, child) || required.package._requested || {}
pkginfo.requires[moduleName(required)] = childRequested(top, required, requested)
})
}
// iterate into children on non-links and links contained within the top level package
if (child.children.length) {
pkginfo.dependencies = {}
shrinkwrapDeps(pkginfo.dependencies, top, child, seen)
}
})
}
function sortModules (modules) {
// sort modules with the locale-agnostic Unicode sort
var sortedModuleNames = modules.map(moduleName).sort()
return modules.sort((a, b) => (
sortedModuleNames.indexOf(moduleName(a)) - sortedModuleNames.indexOf(moduleName(b))
))
}
function childVersion (top, child, req) {
if (req.type === 'directory' || req.type === 'file') {
return 'file:' + unixFormatPath(path.relative(top.path, child.package._resolved || req.fetchSpec))
} else if (!isRegistry(req) && !child.fromBundle) {
return child.package._resolved || req.saveSpec || req.rawSpec
} else if (req.type === 'alias') {
return `npm:${child.package.name}@${child.package.version}`
} else {
return child.package.version
}
}
function childRequested (top, child, requested) {
if (requested.type === 'directory' || requested.type === 'file') {
return 'file:' + unixFormatPath(path.relative(top.path, child.package._resolved || requested.fetchSpec))
} else if (requested.type === 'git' && child.package._from) {
return child.package._from
} else if (!isRegistry(requested) && !child.fromBundle) {
return child.package._resolved || requested.saveSpec || requested.rawSpec
} else if (requested.type === 'tag') {
// tags are not ranges we can match against, so we invent a "reasonable"
// one based on what we actually installed.
return npm.config.get('save-prefix') + child.package.version
} else if (requested.saveSpec || requested.rawSpec) {
return requested.saveSpec || requested.rawSpec
} else if (child.package._from || (child.package._requested && child.package._requested.rawSpec)) {
return child.package._from.replace(/^@?[^@]+@/, '') || child.package._requested.rawSpec
} else {
return child.package.version
}
}
function shrinkwrap_ (dir, pkginfo, opts, cb) {
save(dir, pkginfo, opts, cb)
}
function save (dir, pkginfo, opts, cb) {
// copy the keys over in a well defined order
// because javascript objects serialize arbitrarily
BB.join(
checkPackageFile(dir, SHRINKWRAP),
checkPackageFile(dir, PKGLOCK),
checkPackageFile(dir, 'package.json'),
(shrinkwrap, lockfile, pkg) => {
const info = (
shrinkwrap ||
lockfile ||
{
path: path.resolve(dir, opts.defaultFile || PKGLOCK),
data: '{}',
indent: pkg && pkg.indent,
newline: pkg && pkg.newline
}
)
const updated = updateLockfileMetadata(pkginfo, pkg && JSON.parse(pkg.raw))
const swdata = stringifyPackage(updated, info.indent, info.newline)
if (swdata === info.raw) {
// skip writing if file is identical
log.verbose('shrinkwrap', `skipping write for ${path.basename(info.path)} because there were no changes.`)
cb(null, pkginfo)
} else {
inferOwner(info.path).then(owner => {
writeFileAtomic(info.path, swdata, (err) => {
if (err) return cb(err)
if (opts.silent) return cb(null, pkginfo)
if (!shrinkwrap && !lockfile) {
log.notice('', `created a lockfile as ${path.basename(info.path)}. You should commit this file.`)
}
if (selfOwner.uid === 0 && (selfOwner.uid !== owner.uid || selfOwner.gid !== owner.gid)) {
chown(info.path, owner.uid, owner.gid, er => cb(er, pkginfo))
} else {
cb(null, pkginfo)
}
})
})
}
}
).then((file) => {
}, cb)
}
function updateLockfileMetadata (pkginfo, pkgJson) {
// This is a lot of work just to make sure the extra metadata fields are
// between version and dependencies fields, without affecting any other stuff
const newPkg = {}
let metainfoWritten = false
const metainfo = new Set([
'lockfileVersion',
'preserveSymlinks'
])
Object.keys(pkginfo).forEach((k) => {
if (k === 'dependencies') {
writeMetainfo(newPkg)
}
if (!metainfo.has(k)) {
newPkg[k] = pkginfo[k]
}
if (k === 'version') {
writeMetainfo(newPkg)
}
})
if (!metainfoWritten) {
writeMetainfo(newPkg)
}
function writeMetainfo (pkginfo) {
pkginfo.lockfileVersion = PKGLOCK_VERSION
if (process.env.NODE_PRESERVE_SYMLINKS) {
pkginfo.preserveSymlinks = process.env.NODE_PRESERVE_SYMLINKS
}
metainfoWritten = true
}
return newPkg
}
function checkPackageFile (dir, name) {
const file = path.resolve(dir, name)
return readFile(
file, 'utf8'
).then((data) => {
const format = npm.config.get('format-package-lock') !== false
const indent = format ? detectIndent(data).indent : 0
const newline = format ? detectNewline(data) : 0
return {
path: file,
raw: data,
indent,
newline
}
}).catch({code: 'ENOENT'}, () => {})
}