diff options
Diffstat (limited to 'node_modules/npm-normalize-package-bin')
| -rw-r--r-- | node_modules/npm-normalize-package-bin/.github/settings.yml | 2 | ||||
| -rw-r--r-- | node_modules/npm-normalize-package-bin/.npmignore | 24 | ||||
| -rw-r--r-- | node_modules/npm-normalize-package-bin/LICENSE | 15 | ||||
| -rw-r--r-- | node_modules/npm-normalize-package-bin/README.md | 14 | ||||
| -rw-r--r-- | node_modules/npm-normalize-package-bin/index.js | 60 | ||||
| -rw-r--r-- | node_modules/npm-normalize-package-bin/package.json | 58 | ||||
| -rw-r--r-- | node_modules/npm-normalize-package-bin/test/array.js | 37 | ||||
| -rw-r--r-- | node_modules/npm-normalize-package-bin/test/nobin.js | 35 | ||||
| -rw-r--r-- | node_modules/npm-normalize-package-bin/test/object.js | 141 | ||||
| -rw-r--r-- | node_modules/npm-normalize-package-bin/test/string.js | 37 |
10 files changed, 423 insertions, 0 deletions
diff --git a/node_modules/npm-normalize-package-bin/.github/settings.yml b/node_modules/npm-normalize-package-bin/.github/settings.yml new file mode 100644 index 0000000..4aaa0dd --- /dev/null +++ b/node_modules/npm-normalize-package-bin/.github/settings.yml @@ -0,0 +1,2 @@ +--- +_extends: 'open-source-project-boilerplate' diff --git a/node_modules/npm-normalize-package-bin/.npmignore b/node_modules/npm-normalize-package-bin/.npmignore new file mode 100644 index 0000000..3870bd5 --- /dev/null +++ b/node_modules/npm-normalize-package-bin/.npmignore @@ -0,0 +1,24 @@ +# ignore most things, include some others +/* +/.* + +!bin/ +!lib/ +!docs/ +!package.json +!package-lock.json +!README.md +!CONTRIBUTING.md +!LICENSE +!CHANGELOG.md +!example/ +!scripts/ +!tap-snapshots/ +!test/ +!.github/ +!.travis.yml +!.gitignore +!.gitattributes +!coverage-map.js +!map.js +!index.js diff --git a/node_modules/npm-normalize-package-bin/LICENSE b/node_modules/npm-normalize-package-bin/LICENSE new file mode 100644 index 0000000..19cec97 --- /dev/null +++ b/node_modules/npm-normalize-package-bin/LICENSE @@ -0,0 +1,15 @@ +The ISC License + +Copyright (c) npm, Inc. + +Permission to use, copy, modify, and/or distribute this software for any +purpose with or without fee is hereby granted, provided that the above +copyright notice and this permission notice appear in all copies. + +THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR +IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. diff --git a/node_modules/npm-normalize-package-bin/README.md b/node_modules/npm-normalize-package-bin/README.md new file mode 100644 index 0000000..65ba316 --- /dev/null +++ b/node_modules/npm-normalize-package-bin/README.md @@ -0,0 +1,14 @@ +# npm-normalize-package-bin + +Turn any flavor of allowable package.json bin into a normalized object. + +## API + +```js +const normalize = require('npm-normalize-package-bin') +const pkg = {name: 'foo', bin: 'bar'} +console.log(normalize(pkg)) // {name:'foo', bin:{foo: 'bar'}} +``` + +Also strips out weird dots and slashes to prevent accidental and/or +malicious bad behavior when the package is installed. diff --git a/node_modules/npm-normalize-package-bin/index.js b/node_modules/npm-normalize-package-bin/index.js new file mode 100644 index 0000000..5a738ff --- /dev/null +++ b/node_modules/npm-normalize-package-bin/index.js @@ -0,0 +1,60 @@ +// pass in a manifest with a 'bin' field here, and it'll turn it +// into a properly santized bin object +const {join, basename} = require('path') + +const normalize = pkg => + !pkg.bin ? removeBin(pkg) + : typeof pkg.bin === 'string' ? normalizeString(pkg) + : Array.isArray(pkg.bin) ? normalizeArray(pkg) + : typeof pkg.bin === 'object' ? normalizeObject(pkg) + : removeBin(pkg) + +const normalizeString = pkg => { + if (!pkg.name) + return removeBin(pkg) + pkg.bin = { [pkg.name]: pkg.bin } + return normalizeObject(pkg) +} + +const normalizeArray = pkg => { + pkg.bin = pkg.bin.reduce((acc, k) => { + acc[basename(k)] = k + return acc + }, {}) + return normalizeObject(pkg) +} + +const removeBin = pkg => { + delete pkg.bin + return pkg +} + +const normalizeObject = pkg => { + const orig = pkg.bin + const clean = {} + let hasBins = false + Object.keys(orig).forEach(binKey => { + const base = join('/', basename(binKey.replace(/\\|:/g, '/'))).substr(1) + + if (typeof orig[binKey] !== 'string' || !base) + return + + const binTarget = join('/', orig[binKey]) + .replace(/\\/g, '/').substr(1) + + if (!binTarget) + return + + clean[base] = binTarget + hasBins = true + }) + + if (hasBins) + pkg.bin = clean + else + delete pkg.bin + + return pkg +} + +module.exports = normalize diff --git a/node_modules/npm-normalize-package-bin/package.json b/node_modules/npm-normalize-package-bin/package.json new file mode 100644 index 0000000..3cb96cc --- /dev/null +++ b/node_modules/npm-normalize-package-bin/package.json @@ -0,0 +1,58 @@ +{ + "_from": "npm-normalize-package-bin@^1.0.1", + "_id": "[email protected]", + "_inBundle": false, + "_integrity": "sha512-EPfafl6JL5/rU+ot6P3gRSCpPDW5VmIzX959Ob1+ySFUuuYHWHekXpwdUZcKP5C+DS4GEtdJluwBjnsNDl+fSA==", + "_location": "/npm-normalize-package-bin", + "_phantomChildren": {}, + "_requested": { + "type": "range", + "registry": true, + "raw": "npm-normalize-package-bin@^1.0.1", + "name": "npm-normalize-package-bin", + "escapedName": "npm-normalize-package-bin", + "rawSpec": "^1.0.1", + "saveSpec": null, + "fetchSpec": "^1.0.1" + }, + "_requiredBy": [ + "/npm-bundled", + "/npm-packlist" + ], + "_resolved": "https://registry.npmjs.org/npm-normalize-package-bin/-/npm-normalize-package-bin-1.0.1.tgz", + "_shasum": "6e79a41f23fd235c0623218228da7d9c23b8f6e2", + "_spec": "npm-normalize-package-bin@^1.0.1", + "_where": "E:\\Documents\\GitHub\\s5nical\\node_modules\\npm-packlist", + "author": { + "name": "Isaac Z. Schlueter", + "email": "[email protected]", + "url": "https://izs.me" + }, + "bugs": { + "url": "https://github.com/npm/npm-normalize-package-bin/issues" + }, + "bundleDependencies": false, + "deprecated": false, + "description": "Turn any flavor of allowable package.json bin into a normalized object", + "devDependencies": { + "tap": "^14.10.2" + }, + "homepage": "https://github.com/npm/npm-normalize-package-bin#readme", + "license": "ISC", + "name": "npm-normalize-package-bin", + "repository": { + "type": "git", + "url": "git+https://github.com/npm/npm-normalize-package-bin.git" + }, + "scripts": { + "postpublish": "git push origin --follow-tags", + "postversion": "npm publish", + "preversion": "npm test", + "snap": "tap", + "test": "tap" + }, + "tap": { + "check-coverage": true + }, + "version": "1.0.1" +} diff --git a/node_modules/npm-normalize-package-bin/test/array.js b/node_modules/npm-normalize-package-bin/test/array.js new file mode 100644 index 0000000..63dafa8 --- /dev/null +++ b/node_modules/npm-normalize-package-bin/test/array.js @@ -0,0 +1,37 @@ +const normalize = require('../') +const t = require('tap') + +t.test('benign array', async t => { + const pkg = { name: 'hello', version: 'world', bin: ['./x/y', 'y/z', './a'] } + const expect = { name: 'hello', version: 'world', bin: { + y: 'x/y', + z: 'y/z', + a: 'a', + } } + t.strictSame(normalize(pkg), expect) + t.strictSame(normalize(normalize(pkg)), expect, 'double sanitize ok') +}) + +t.test('conflicting array', async t => { + const pkg = { name: 'hello', version: 'world', bin: ['./x/y', 'z/y', './a'] } + const expect = { name: 'hello', version: 'world', bin: { + y: 'z/y', + a: 'a', + } } + t.strictSame(normalize(pkg), expect) + t.strictSame(normalize(normalize(pkg)), expect, 'double sanitize ok') +}) + +t.test('slashy array', async t => { + const pkg = { name: 'hello', version: 'world', bin: [ '/etc/passwd' ] } + const expect = { name: 'hello', version: 'world', bin: { passwd: 'etc/passwd' } } + t.strictSame(normalize(pkg), expect) + t.strictSame(normalize(normalize(pkg)), expect, 'double sanitize ok') +}) + +t.test('dotty array', async t => { + const pkg = { name: 'hello', version: 'world', bin: ['../../../../etc/passwd'] } + const expect = { name: 'hello', version: 'world', bin: { passwd: 'etc/passwd' } } + t.strictSame(normalize(pkg), expect) + t.strictSame(normalize(normalize(pkg)), expect, 'double sanitize ok') +}) diff --git a/node_modules/npm-normalize-package-bin/test/nobin.js b/node_modules/npm-normalize-package-bin/test/nobin.js new file mode 100644 index 0000000..536d7eb --- /dev/null +++ b/node_modules/npm-normalize-package-bin/test/nobin.js @@ -0,0 +1,35 @@ +const normalize = require('../') +const t = require('tap') + +// all of these just delete the bins, so expect the same value +const expect = { name: 'hello', version: 'world' } + +t.test('no bin in object', async t => { + const pkg = { name: 'hello', version: 'world' } + t.strictSame(normalize(pkg), expect) + t.strictSame(normalize(normalize(pkg)), expect, 'double sanitize ok') +}) + +t.test('empty string bin in object', async t => { + const pkg = { name: 'hello', version: 'world', bin: '' } + t.strictSame(normalize(pkg), expect) + t.strictSame(normalize(normalize(pkg)), expect, 'double sanitize ok') +}) + +t.test('false bin in object', async t => { + const pkg = { name: 'hello', version: 'world', bin: false } + t.strictSame(normalize(pkg), expect) + t.strictSame(normalize(normalize(pkg)), expect, 'double sanitize ok') +}) + +t.test('null bin in object', async t => { + const pkg = { name: 'hello', version: 'world', bin: null } + t.strictSame(normalize(pkg), expect) + t.strictSame(normalize(normalize(pkg)), expect, 'double sanitize ok') +}) + +t.test('number bin', async t => { + const pkg = { name: 'hello', version: 'world', bin: 42069 } + t.strictSame(normalize(pkg), expect) + t.strictSame(normalize(normalize(pkg)), expect, 'double sanitize ok') +}) diff --git a/node_modules/npm-normalize-package-bin/test/object.js b/node_modules/npm-normalize-package-bin/test/object.js new file mode 100644 index 0000000..00d2368 --- /dev/null +++ b/node_modules/npm-normalize-package-bin/test/object.js @@ -0,0 +1,141 @@ +const normalize = require('../') +const t = require('tap') + +t.test('benign object', async t => { + // just clean up the ./ in the targets and remove anything weird + const pkg = { name: 'hello', version: 'world', bin: { + y: './x/y', + z: './y/z', + a: './a', + } } + const expect = { name: 'hello', version: 'world', bin: { + y: 'x/y', + z: 'y/z', + a: 'a', + } } + t.strictSame(normalize(pkg), expect) + t.strictSame(normalize(normalize(pkg)), expect, 'double sanitize ok') +}) + +t.test('empty and non-string targets', async t => { + // just clean up the ./ in the targets and remove anything weird + const pkg = { name: 'hello', version: 'world', bin: { + z: './././', + y: '', + './x': 'x.js', + re: /asdf/, + foo: { bar: 'baz' }, + false: false, + null: null, + array: [1,2,3], + func: function () {}, + } } + const expect = { name: 'hello', version: 'world', bin: { + x: 'x.js', + } } + t.strictSame(normalize(pkg), expect) + t.strictSame(normalize(normalize(pkg)), expect, 'double sanitize ok') +}) + +t.test('slashy object', async t => { + const pkg = { name: 'hello', version: 'world', bin: { + '/path/foo': '/etc/passwd', + 'bar': '/etc/passwd', + '/etc/glorb/baz': '/etc/passwd', + '/etc/passwd:/bin/usr/exec': '/etc/passwd', + } } + const expect = { + name: 'hello', + version: 'world', + bin: { + foo: 'etc/passwd', + bar: 'etc/passwd', + baz: 'etc/passwd', + exec: 'etc/passwd', + } + } + t.strictSame(normalize(pkg), expect) + t.strictSame(normalize(normalize(pkg)), expect, 'double sanitize ok') +}) + +t.test('dotty object', async t => { + const pkg = { + name: 'hello', + version: 'world', + bin: { + 'nodots': '../../../../etc/passwd', + '../../../../../../dots': '../../../../etc/passwd', + '.././../\\./..//C:\\./': 'this is removed', + '.././../\\./..//C:\\/': 'super safe programming language', + '.././../\\./..//C:\\x\\y\\z/': 'xyz', + } } + const expect = { name: 'hello', version: 'world', bin: { + nodots: 'etc/passwd', + dots: 'etc/passwd', + C: 'super safe programming language', + z: 'xyz', + } } + t.strictSame(normalize(pkg), expect) + t.strictSame(normalize(normalize(pkg)), expect, 'double sanitize ok') +}) + +t.test('weird object', async t => { + const pkg = { name: 'hello', version: 'world', bin: /asdf/ } + const expect = { name: 'hello', version: 'world' } + t.strictSame(normalize(pkg), expect) + t.strictSame(normalize(normalize(pkg)), expect, 'double sanitize ok') +}) + +t.test('oddball keys', async t => { + const pkg = { + bin: { + '~': 'target', + '£': 'target', + 'ζ': 'target', + 'ぎ': 'target', + '操': 'target', + '🎱': 'target', + '💎': 'target', + '💸': 'target', + '🦉': 'target', + 'сheck-dom': 'target', + 'Ωpm': 'target', + 'ζλ': 'target', + 'мга': 'target', + 'пше': 'target', + 'тзч': 'target', + 'тзь': 'target', + 'нфкт': 'target', + 'ссср': 'target', + '君の名は': 'target', + '君の名は': 'target', + } + } + + const expect = { + bin: { + '~': 'target', + '£': 'target', + 'ζ': 'target', + 'ぎ': 'target', + '操': 'target', + '🎱': 'target', + '💎': 'target', + '💸': 'target', + '🦉': 'target', + 'сheck-dom': 'target', + 'Ωpm': 'target', + 'ζλ': 'target', + 'мга': 'target', + 'пше': 'target', + 'тзч': 'target', + 'тзь': 'target', + 'нфкт': 'target', + 'ссср': 'target', + '君の名は': 'target', + }, + } + + t.strictSame(normalize(pkg), expect) + t.strictSame(normalize(normalize(pkg)), expect, 'double sanitize ok') +}) diff --git a/node_modules/npm-normalize-package-bin/test/string.js b/node_modules/npm-normalize-package-bin/test/string.js new file mode 100644 index 0000000..b6de8f8 --- /dev/null +++ b/node_modules/npm-normalize-package-bin/test/string.js @@ -0,0 +1,37 @@ +const normalize = require('../') +const t = require('tap') + +t.test('benign string', async t => { + const pkg = { name: 'hello', version: 'world', bin: 'hello.js' } + const expect = { name: 'hello', version: 'world', bin: { hello: 'hello.js' } } + t.strictSame(normalize(pkg), expect) + t.strictSame(normalize(normalize(pkg)), expect, 'double sanitize ok') +}) + +t.test('slashy string', async t => { + const pkg = { name: 'hello', version: 'world', bin: '/etc/passwd' } + const expect = { name: 'hello', version: 'world', bin: { hello: 'etc/passwd' } } + t.strictSame(normalize(pkg), expect) + t.strictSame(normalize(normalize(pkg)), expect, 'double sanitize ok') +}) + +t.test('dotty string', async t => { + const pkg = { name: 'hello', version: 'world', bin: '../../../../etc/passwd' } + const expect = { name: 'hello', version: 'world', bin: { hello: 'etc/passwd' } } + t.strictSame(normalize(pkg), expect) + t.strictSame(normalize(normalize(pkg)), expect, 'double sanitize ok') +}) + +t.test('double path', async t => { + const pkg = { name: 'hello', version: 'world', bin: '/etc/passwd:/bin/usr/exec' } + const expect = { name: 'hello', version: 'world', bin: { hello: 'etc/passwd:/bin/usr/exec' } } + t.strictSame(normalize(pkg), expect) + t.strictSame(normalize(normalize(pkg)), expect, 'double sanitize ok') +}) + +t.test('string with no name', async t => { + const pkg = { bin: 'foobar.js' } + const expect = {} + t.strictSame(normalize(pkg), expect) + t.strictSame(normalize(normalize(pkg)), expect, 'double sanitize ok') +}) |