diff --git a/mock-registry/package.json b/mock-registry/package.json index d07851b37ae38..eb7544d8cfeaf 100644 --- a/mock-registry/package.json +++ b/mock-registry/package.json @@ -56,7 +56,7 @@ "json-stringify-safe": "^5.0.1", "nock": "^13.3.3", "npm-package-arg": "^11.0.0", - "pacote": "^17.0.2", + "pacote": "^17.0.3", "tap": "^16.3.8" } } diff --git a/node_modules/.gitignore b/node_modules/.gitignore index 5e29e58b28c44..ff9fee3432225 100644 --- a/node_modules/.gitignore +++ b/node_modules/.gitignore @@ -202,7 +202,6 @@ !/npm-install-checks !/npm-normalize-package-bin !/npm-package-arg -!/npm-packlist !/npm-pick-manifest !/npm-profile !/npm-registry-fetch @@ -211,6 +210,9 @@ !/once !/p-map !/pacote +!/pacote/node_modules/ +/pacote/node_modules/* +!/pacote/node_modules/npm-packlist !/parse-conflict-json !/path-is-absolute !/path-key diff --git a/node_modules/npm-packlist/LICENSE b/node_modules/pacote/node_modules/npm-packlist/LICENSE similarity index 100% rename from node_modules/npm-packlist/LICENSE rename to node_modules/pacote/node_modules/npm-packlist/LICENSE diff --git a/node_modules/npm-packlist/lib/index.js b/node_modules/pacote/node_modules/npm-packlist/lib/index.js similarity index 94% rename from node_modules/npm-packlist/lib/index.js rename to node_modules/pacote/node_modules/npm-packlist/lib/index.js index 887018bd7d424..7577cba0b865d 100644 --- a/node_modules/npm-packlist/lib/index.js +++ b/node_modules/pacote/node_modules/npm-packlist/lib/index.js @@ -38,13 +38,22 @@ const defaults = [ ] const strictDefaults = [ - // these are forcibly included at all levels + // these are forcibly excluded + '/.git', +] + +const allLevels = [ + // these are included by default but can be excluded by package.json files array '!/readme{,.*[^~$]}', '!/copying{,.*[^~$]}', '!/license{,.*[^~$]}', '!/licence{,.*[^~$]}', - // these are forcibly excluded - '/.git', +] + +const rootOnly = [ + /^!.*readme/i, + /^!.*copying/i, + /^!.*licen[sc]e/i, ] const normalizePath = (path) => path.split('\\').join('/') @@ -132,6 +141,7 @@ class PackWalker extends IgnoreWalker { // known required files for this directory this.injectRules(strictRules, [ ...strictDefaults, + ...allLevels, ...this.requiredFiles.map((file) => `!${file}`), ]) } @@ -284,6 +294,7 @@ class PackWalker extends IgnoreWalker { const ignores = [] const strict = [ ...strictDefaults, + ...allLevels, '!/package.json', '/.git', '/node_modules', @@ -304,6 +315,9 @@ class PackWalker extends IgnoreWalker { file = file.slice(0, -2) } const inverse = `!${file}` + + this.excludeNonRoot(file) + try { // if an entry in the files array is a specific file, then we need to include it as a // strict requirement for this package. if it's a directory or a pattern, it's a default @@ -352,6 +366,20 @@ class PackWalker extends IgnoreWalker { this.injectRules(strictRules, strict, callback) } + // excludes non root files by checking if elements from the files array in + // package.json contain an ! and readme/license/licence/copying, and then + // removing readme/license/licence/copying accordingly from strict defaults + excludeNonRoot (file) { + // Find the pattern + const matchingPattern = rootOnly.find(regex => regex.test(file)) + + if (matchingPattern) { + // Find which index matches the pattern and remove it from allLevels + const indexToRemove = allLevels.findIndex(element => matchingPattern.test(element)) + allLevels.splice(indexToRemove, 1) + } + } + // custom method: after we've finished gathering the files for the root package, we call this // before emitting the 'done' event in order to gather all of the files for bundled deps async gatherBundles () { diff --git a/node_modules/npm-packlist/package.json b/node_modules/pacote/node_modules/npm-packlist/package.json similarity index 92% rename from node_modules/npm-packlist/package.json rename to node_modules/pacote/node_modules/npm-packlist/package.json index 6023ad34df3b4..460ca7e30ad23 100644 --- a/node_modules/npm-packlist/package.json +++ b/node_modules/pacote/node_modules/npm-packlist/package.json @@ -1,6 +1,6 @@ { "name": "npm-packlist", - "version": "7.0.4", + "version": "8.0.0", "description": "Get a list of the files to add from a folder into an npm package", "directories": { "test": "test" @@ -18,7 +18,7 @@ "devDependencies": { "@npmcli/arborist": "^6.0.0 || ^6.0.0-pre.0", "@npmcli/eslint-config": "^4.0.0", - "@npmcli/template-oss": "4.10.0", + "@npmcli/template-oss": "4.18.0", "mutate-fs": "^2.1.1", "tap": "^16.0.1" }, @@ -55,6 +55,7 @@ }, "templateOSS": { "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.", - "version": "4.10.0" + "version": "4.18.0", + "publish": true } } diff --git a/node_modules/pacote/package.json b/node_modules/pacote/package.json index dffd3aecf9d13..44236542285c8 100644 --- a/node_modules/pacote/package.json +++ b/node_modules/pacote/package.json @@ -1,6 +1,6 @@ { "name": "pacote", - "version": "17.0.2", + "version": "17.0.3", "description": "JavaScript package downloader", "author": "GitHub Inc.", "bin": { @@ -52,7 +52,7 @@ "fs-minipass": "^3.0.0", "minipass": "^7.0.2", "npm-package-arg": "^11.0.0", - "npm-packlist": "^7.0.0", + "npm-packlist": "^8.0.0", "npm-pick-manifest": "^9.0.0", "npm-registry-fetch": "^16.0.0", "proc-log": "^3.0.0", diff --git a/package-lock.json b/package-lock.json index 3793db08f0bc8..234480e8bbfb4 100644 --- a/package-lock.json +++ b/package-lock.json @@ -139,7 +139,7 @@ "npm-user-validate": "^2.0.0", "npmlog": "^7.0.1", "p-map": "^4.0.0", - "pacote": "^17.0.2", + "pacote": "^17.0.3", "parse-conflict-json": "^3.0.1", "proc-log": "^3.0.0", "qrcode-terminal": "^0.12.0", @@ -230,7 +230,7 @@ "json-stringify-safe": "^5.0.1", "nock": "^13.3.3", "npm-package-arg": "^11.0.0", - "pacote": "^17.0.2", + "pacote": "^17.0.3", "tap": "^16.3.8" }, "engines": { @@ -9791,7 +9791,7 @@ "version": "7.0.4", "resolved": "https://registry.npmjs.org/npm-packlist/-/npm-packlist-7.0.4.tgz", "integrity": "sha512-d6RGEuRrNS5/N84iglPivjaJPxhDbZmlbTwTDX2IbcRHG5bZCdtysYMhwiPvcF4GisXHGn7xsxv+GQ7T/02M5Q==", - "inBundle": true, + "dev": true, "dependencies": { "ignore-walk": "^6.0.0" }, @@ -10379,9 +10379,9 @@ } }, "node_modules/pacote": { - "version": "17.0.2", - "resolved": "https://registry.npmjs.org/pacote/-/pacote-17.0.2.tgz", - "integrity": "sha512-Us2QUwVHu4wwUhGZVOHlFIG9LhQ0Aq8zsv1ZvJ37rQwfxSIe/PaPfskz905hHycEXRfmlGKJ5xoEtrF+y66T6w==", + "version": "17.0.3", + "resolved": "https://registry.npmjs.org/pacote/-/pacote-17.0.3.tgz", + "integrity": "sha512-nT66y5NK2u/d7qV9lP6ye+powAufDl6OHT+aOZ4Cmtq89GSqgB05Ar6aQ7DM+0+bIE5NCdYUcqFlkK4m/0LVHA==", "inBundle": true, "dependencies": { "@npmcli/git": "^5.0.0", @@ -10392,7 +10392,7 @@ "fs-minipass": "^3.0.0", "minipass": "^7.0.2", "npm-package-arg": "^11.0.0", - "npm-packlist": "^7.0.0", + "npm-packlist": "^8.0.0", "npm-pick-manifest": "^9.0.0", "npm-registry-fetch": "^16.0.0", "proc-log": "^3.0.0", @@ -10410,6 +10410,18 @@ "node": "^16.14.0 || >=18.0.0" } }, + "node_modules/pacote/node_modules/npm-packlist": { + "version": "8.0.0", + "resolved": "https://registry.npmjs.org/npm-packlist/-/npm-packlist-8.0.0.tgz", + "integrity": "sha512-ErAGFB5kJUciPy1mmx/C2YFbvxoJ0QJ9uwkCZOeR6CqLLISPZBOiFModAbSXnjjlwW5lOhuhXva+fURsSGJqyw==", + "inBundle": true, + "dependencies": { + "ignore-walk": "^6.0.0" + }, + "engines": { + "node": "^14.17.0 || ^16.13.0 || >=18.0.0" + } + }, "node_modules/parent-module": { "version": "1.0.1", "resolved": "https://registry.npmjs.org/parent-module/-/parent-module-1.0.1.tgz", @@ -15852,7 +15864,7 @@ "npm-pick-manifest": "^9.0.0", "npm-registry-fetch": "^16.0.0", "npmlog": "^7.0.1", - "pacote": "^17.0.2", + "pacote": "^17.0.3", "parse-conflict-json": "^3.0.0", "proc-log": "^3.0.0", "promise-all-reject-late": "^1.0.0", @@ -15933,7 +15945,7 @@ "diff": "^5.1.0", "minimatch": "^9.0.0", "npm-package-arg": "^11.0.0", - "pacote": "^17.0.2", + "pacote": "^17.0.3", "tar": "^6.1.13" }, "devDependencies": { @@ -15954,7 +15966,7 @@ "ci-info": "^3.7.1", "npm-package-arg": "^11.0.0", "npmlog": "^7.0.1", - "pacote": "^17.0.2", + "pacote": "^17.0.3", "proc-log": "^3.0.0", "read": "^2.0.0", "read-package-json-fast": "^3.0.2", @@ -16032,7 +16044,7 @@ "@npmcli/arborist": "^6.3.0", "@npmcli/run-script": "^6.0.0", "npm-package-arg": "^11.0.0", - "pacote": "^17.0.2" + "pacote": "^17.0.3" }, "devDependencies": { "@npmcli/eslint-config": "^4.0.0", diff --git a/package.json b/package.json index f57afaa03a103..7cfe5efb2b3ee 100644 --- a/package.json +++ b/package.json @@ -104,7 +104,7 @@ "npm-user-validate": "^2.0.0", "npmlog": "^7.0.1", "p-map": "^4.0.0", - "pacote": "^17.0.2", + "pacote": "^17.0.3", "parse-conflict-json": "^3.0.1", "proc-log": "^3.0.0", "qrcode-terminal": "^0.12.0", diff --git a/workspaces/arborist/package.json b/workspaces/arborist/package.json index 38626817b501e..a7c1c9b878272 100644 --- a/workspaces/arborist/package.json +++ b/workspaces/arborist/package.json @@ -26,7 +26,7 @@ "npm-pick-manifest": "^9.0.0", "npm-registry-fetch": "^16.0.0", "npmlog": "^7.0.1", - "pacote": "^17.0.2", + "pacote": "^17.0.3", "parse-conflict-json": "^3.0.0", "proc-log": "^3.0.0", "promise-all-reject-late": "^1.0.0", diff --git a/workspaces/libnpmdiff/package.json b/workspaces/libnpmdiff/package.json index b9a6408ee3d6e..d2fe63d07219f 100644 --- a/workspaces/libnpmdiff/package.json +++ b/workspaces/libnpmdiff/package.json @@ -53,7 +53,7 @@ "diff": "^5.1.0", "minimatch": "^9.0.0", "npm-package-arg": "^11.0.0", - "pacote": "^17.0.2", + "pacote": "^17.0.3", "tar": "^6.1.13" }, "templateOSS": { diff --git a/workspaces/libnpmexec/package.json b/workspaces/libnpmexec/package.json index 79f04a170170d..8e97e9f096100 100644 --- a/workspaces/libnpmexec/package.json +++ b/workspaces/libnpmexec/package.json @@ -64,7 +64,7 @@ "ci-info": "^3.7.1", "npm-package-arg": "^11.0.0", "npmlog": "^7.0.1", - "pacote": "^17.0.2", + "pacote": "^17.0.3", "proc-log": "^3.0.0", "read": "^2.0.0", "read-package-json-fast": "^3.0.2", diff --git a/workspaces/libnpmpack/package.json b/workspaces/libnpmpack/package.json index a5d1e14c4468e..4e1b055b75a41 100644 --- a/workspaces/libnpmpack/package.json +++ b/workspaces/libnpmpack/package.json @@ -39,7 +39,7 @@ "@npmcli/arborist": "^6.3.0", "@npmcli/run-script": "^6.0.0", "npm-package-arg": "^11.0.0", - "pacote": "^17.0.2" + "pacote": "^17.0.3" }, "engines": { "node": "^16.14.0 || >=18.0.0"