deps: update pacote@19.0.0

npm · Oct 2, 2024 · e7ab206 · e7ab206
1 parent b28dbb1
commit e7ab206
Show file tree

Hide file tree

Showing 192 changed files with 5,914 additions and 2,888 deletions.
diff --git a/mock-registry/package.json b/mock-registry/package.json
@@ -52,7 +52,7 @@
     "json-stringify-safe": "^5.0.1",
     "nock": "^13.3.3",
     "npm-package-arg": "^12.0.0",
-    "pacote": "^18.0.6",
+    "pacote": "^19.0.0",
     "tap": "^16.3.8"
   }
 }
diff --git a/node_modules/.gitignore b/node_modules/.gitignore
@@ -41,9 +41,22 @@
 /@npmcli/metavuln-calculator/node_modules/*
 !/@npmcli/metavuln-calculator/node_modules/@npmcli/
 /@npmcli/metavuln-calculator/node_modules/@npmcli/*
+!/@npmcli/metavuln-calculator/node_modules/@npmcli/agent
 !/@npmcli/metavuln-calculator/node_modules/@npmcli/fs
+!/@npmcli/metavuln-calculator/node_modules/@npmcli/package-json
+!/@npmcli/metavuln-calculator/node_modules/@npmcli/promise-spawn
+!/@npmcli/metavuln-calculator/node_modules/@npmcli/redact
+!/@npmcli/metavuln-calculator/node_modules/@npmcli/run-script
 !/@npmcli/metavuln-calculator/node_modules/cacache
+!/@npmcli/metavuln-calculator/node_modules/hosted-git-info
 !/@npmcli/metavuln-calculator/node_modules/json-parse-even-better-errors
+!/@npmcli/metavuln-calculator/node_modules/make-fetch-happen
+!/@npmcli/metavuln-calculator/node_modules/normalize-package-data
+!/@npmcli/metavuln-calculator/node_modules/npm-install-checks
+!/@npmcli/metavuln-calculator/node_modules/npm-package-arg
+!/@npmcli/metavuln-calculator/node_modules/npm-pick-manifest
+!/@npmcli/metavuln-calculator/node_modules/npm-registry-fetch
+!/@npmcli/metavuln-calculator/node_modules/pacote
 !/@npmcli/metavuln-calculator/node_modules/unique-filename
 !/@npmcli/metavuln-calculator/node_modules/unique-slug
 !/@npmcli/name-from-folder
@@ -260,23 +273,16 @@
 /pacote/node_modules/*
 !/pacote/node_modules/@npmcli/
 /pacote/node_modules/@npmcli/*
-!/pacote/node_modules/@npmcli/agent
-!/pacote/node_modules/@npmcli/fs
-!/pacote/node_modules/@npmcli/package-json
-!/pacote/node_modules/@npmcli/promise-spawn
-!/pacote/node_modules/@npmcli/redact
-!/pacote/node_modules/@npmcli/run-script
-!/pacote/node_modules/cacache
-!/pacote/node_modules/hosted-git-info
-!/pacote/node_modules/json-parse-even-better-errors
-!/pacote/node_modules/make-fetch-happen
-!/pacote/node_modules/normalize-package-data
-!/pacote/node_modules/npm-install-checks
-!/pacote/node_modules/npm-package-arg
-!/pacote/node_modules/npm-pick-manifest
-!/pacote/node_modules/npm-registry-fetch
-!/pacote/node_modules/unique-filename
-!/pacote/node_modules/unique-slug
+!/pacote/node_modules/@npmcli/git
+!/pacote/node_modules/@npmcli/installed-package-contents
+!/pacote/node_modules/ignore-walk
+!/pacote/node_modules/isexe
+!/pacote/node_modules/npm-bundled
+!/pacote/node_modules/npm-normalize-package-bin
+!/pacote/node_modules/npm-packlist
+!/pacote/node_modules/proc-log
+!/pacote/node_modules/ssri
+!/pacote/node_modules/which
 !/parse-conflict-json
 !/parse-conflict-json/node_modules/
 /parse-conflict-json/node_modules/*

diff --git a/.../node_modules/@npmcli/agent/lib/agents.js → .../node_modules/@npmcli/agent/lib/agents.js b/.../node_modules/@npmcli/agent/lib/agents.js → .../node_modules/@npmcli/agent/lib/agents.js
diff --git a/...ote/node_modules/@npmcli/agent/lib/dns.js → ...tor/node_modules/@npmcli/agent/lib/dns.js b/...ote/node_modules/@npmcli/agent/lib/dns.js → ...tor/node_modules/@npmcli/agent/lib/dns.js
diff --git a/.../node_modules/@npmcli/agent/lib/errors.js → .../node_modules/@npmcli/agent/lib/errors.js b/.../node_modules/@npmcli/agent/lib/errors.js → .../node_modules/@npmcli/agent/lib/errors.js
diff --git a/...e/node_modules/@npmcli/agent/lib/index.js → ...r/node_modules/@npmcli/agent/lib/index.js b/...e/node_modules/@npmcli/agent/lib/index.js → ...r/node_modules/@npmcli/agent/lib/index.js
diff --git a/...node_modules/@npmcli/agent/lib/options.js → ...node_modules/@npmcli/agent/lib/options.js b/...node_modules/@npmcli/agent/lib/options.js → ...node_modules/@npmcli/agent/lib/options.js
diff --git a/...e/node_modules/@npmcli/agent/lib/proxy.js → ...r/node_modules/@npmcli/agent/lib/proxy.js b/...e/node_modules/@npmcli/agent/lib/proxy.js → ...r/node_modules/@npmcli/agent/lib/proxy.js
diff --git a/...e/node_modules/@npmcli/agent/package.json → ...r/node_modules/@npmcli/agent/package.json b/...e/node_modules/@npmcli/agent/package.json → ...r/node_modules/@npmcli/agent/package.json
diff --git a/...node_modules/@npmcli/package-json/LICENSE → ...node_modules/@npmcli/package-json/LICENSE b/...node_modules/@npmcli/package-json/LICENSE → ...node_modules/@npmcli/package-json/LICENSE
diff --git a/...modules/@npmcli/package-json/lib/index.js → ...modules/@npmcli/package-json/lib/index.js b/...modules/@npmcli/package-json/lib/index.js → ...modules/@npmcli/package-json/lib/index.js
diff --git a/...les/@npmcli/package-json/lib/normalize.js → ...les/@npmcli/package-json/lib/normalize.js b/...les/@npmcli/package-json/lib/normalize.js → ...les/@npmcli/package-json/lib/normalize.js
diff --git a/.../@npmcli/package-json/lib/read-package.js → .../@npmcli/package-json/lib/read-package.js b/.../@npmcli/package-json/lib/read-package.js → .../@npmcli/package-json/lib/read-package.js
diff --git a/...i/package-json/lib/update-dependencies.js → ...i/package-json/lib/update-dependencies.js b/...i/package-json/lib/update-dependencies.js → ...i/package-json/lib/update-dependencies.js
diff --git a/...npmcli/package-json/lib/update-scripts.js → ...npmcli/package-json/lib/update-scripts.js b/...npmcli/package-json/lib/update-scripts.js → ...npmcli/package-json/lib/update-scripts.js
diff --git a/...cli/package-json/lib/update-workspaces.js → ...cli/package-json/lib/update-workspaces.js b/...cli/package-json/lib/update-workspaces.js → ...cli/package-json/lib/update-workspaces.js
diff --git a/...modules/@npmcli/package-json/package.json → ...modules/@npmcli/package-json/package.json b/...modules/@npmcli/package-json/package.json → ...modules/@npmcli/package-json/package.json
diff --git a/...ode_modules/@npmcli/promise-spawn/LICENSE → ...ode_modules/@npmcli/promise-spawn/LICENSE b/...ode_modules/@npmcli/promise-spawn/LICENSE → ...ode_modules/@npmcli/promise-spawn/LICENSE
diff --git a/...dules/@npmcli/promise-spawn/lib/escape.js → ...dules/@npmcli/promise-spawn/lib/escape.js b/...dules/@npmcli/promise-spawn/lib/escape.js → ...dules/@npmcli/promise-spawn/lib/escape.js
diff --git a/...odules/@npmcli/promise-spawn/lib/index.js → ...odules/@npmcli/promise-spawn/lib/index.js b/...odules/@npmcli/promise-spawn/lib/index.js → ...odules/@npmcli/promise-spawn/lib/index.js
diff --git a/...odules/@npmcli/promise-spawn/package.json → ...odules/@npmcli/promise-spawn/package.json b/...odules/@npmcli/promise-spawn/package.json → ...odules/@npmcli/promise-spawn/package.json
diff --git a/...acote/node_modules/@npmcli/redact/LICENSE → ...lator/node_modules/@npmcli/redact/LICENSE b/...acote/node_modules/@npmcli/redact/LICENSE → ...lator/node_modules/@npmcli/redact/LICENSE
diff --git a/...de_modules/@npmcli/redact/lib/deep-map.js → ...de_modules/@npmcli/redact/lib/deep-map.js b/...de_modules/@npmcli/redact/lib/deep-map.js → ...de_modules/@npmcli/redact/lib/deep-map.js
diff --git a/.../node_modules/@npmcli/redact/lib/index.js → .../node_modules/@npmcli/redact/lib/index.js b/.../node_modules/@npmcli/redact/lib/index.js → .../node_modules/@npmcli/redact/lib/index.js
diff --git a/...de_modules/@npmcli/redact/lib/matchers.js → ...de_modules/@npmcli/redact/lib/matchers.js b/...de_modules/@npmcli/redact/lib/matchers.js → ...de_modules/@npmcli/redact/lib/matchers.js
diff --git a/...node_modules/@npmcli/redact/lib/server.js → ...node_modules/@npmcli/redact/lib/server.js b/...node_modules/@npmcli/redact/lib/server.js → ...node_modules/@npmcli/redact/lib/server.js
diff --git a/.../node_modules/@npmcli/redact/lib/utils.js → .../node_modules/@npmcli/redact/lib/utils.js b/.../node_modules/@npmcli/redact/lib/utils.js → .../node_modules/@npmcli/redact/lib/utils.js
diff --git a/.../node_modules/@npmcli/redact/package.json → .../node_modules/@npmcli/redact/package.json b/.../node_modules/@npmcli/redact/package.json → .../node_modules/@npmcli/redact/package.json
diff --git a/...e/node_modules/@npmcli/run-script/LICENSE → ...r/node_modules/@npmcli/run-script/LICENSE b/...e/node_modules/@npmcli/run-script/LICENSE → ...r/node_modules/@npmcli/run-script/LICENSE
diff --git a/...pmcli/run-script/lib/is-server-package.js → ...pmcli/run-script/lib/is-server-package.js b/...pmcli/run-script/lib/is-server-package.js → ...pmcli/run-script/lib/is-server-package.js
diff --git a/...@npmcli/run-script/lib/make-spawn-args.js → ...@npmcli/run-script/lib/make-spawn-args.js b/...@npmcli/run-script/lib/make-spawn-args.js → ...@npmcli/run-script/lib/make-spawn-args.js
diff --git a/...mcli/run-script/lib/node-gyp-bin/node-gyp → ...mcli/run-script/lib/node-gyp-bin/node-gyp b/...mcli/run-script/lib/node-gyp-bin/node-gyp → ...mcli/run-script/lib/node-gyp-bin/node-gyp
diff --git a/.../run-script/lib/node-gyp-bin/node-gyp.cmd → .../run-script/lib/node-gyp-bin/node-gyp.cmd b/.../run-script/lib/node-gyp-bin/node-gyp.cmd → .../run-script/lib/node-gyp-bin/node-gyp.cmd
diff --git a/...es/@npmcli/run-script/lib/package-envs.js → ...es/@npmcli/run-script/lib/package-envs.js b/...es/@npmcli/run-script/lib/package-envs.js → ...es/@npmcli/run-script/lib/package-envs.js
diff --git a/.../@npmcli/run-script/lib/run-script-pkg.js → .../@npmcli/run-script/lib/run-script-pkg.js b/.../@npmcli/run-script/lib/run-script-pkg.js → .../@npmcli/run-script/lib/run-script-pkg.js
diff --git a/...ules/@npmcli/run-script/lib/run-script.js → ...ules/@npmcli/run-script/lib/run-script.js b/...ules/@npmcli/run-script/lib/run-script.js → ...ules/@npmcli/run-script/lib/run-script.js
diff --git a/...odules/@npmcli/run-script/lib/set-path.js → ...odules/@npmcli/run-script/lib/set-path.js b/...odules/@npmcli/run-script/lib/set-path.js → ...odules/@npmcli/run-script/lib/set-path.js
diff --git a/.../@npmcli/run-script/lib/signal-manager.js → .../@npmcli/run-script/lib/signal-manager.js b/.../@npmcli/run-script/lib/signal-manager.js → .../@npmcli/run-script/lib/signal-manager.js
diff --git a/...npmcli/run-script/lib/validate-options.js → ...npmcli/run-script/lib/validate-options.js b/...npmcli/run-script/lib/validate-options.js → ...npmcli/run-script/lib/validate-options.js
diff --git a/...e_modules/@npmcli/run-script/package.json → ...e_modules/@npmcli/run-script/package.json b/...e_modules/@npmcli/run-script/package.json → ...e_modules/@npmcli/run-script/package.json
diff --git a/...cote/node_modules/hosted-git-info/LICENSE → ...ator/node_modules/hosted-git-info/LICENSE b/...cote/node_modules/hosted-git-info/LICENSE → ...ator/node_modules/hosted-git-info/LICENSE
diff --git a/...e_modules/hosted-git-info/lib/from-url.js → ...e_modules/hosted-git-info/lib/from-url.js b/...e_modules/hosted-git-info/lib/from-url.js → ...e_modules/hosted-git-info/lib/from-url.js
diff --git a/...node_modules/hosted-git-info/lib/hosts.js → ...node_modules/hosted-git-info/lib/hosts.js b/...node_modules/hosted-git-info/lib/hosts.js → ...node_modules/hosted-git-info/lib/hosts.js
diff --git a/...node_modules/hosted-git-info/lib/index.js → ...node_modules/hosted-git-info/lib/index.js b/...node_modules/hosted-git-info/lib/index.js → ...node_modules/hosted-git-info/lib/index.js
diff --git a/..._modules/hosted-git-info/lib/parse-url.js → ..._modules/hosted-git-info/lib/parse-url.js b/..._modules/hosted-git-info/lib/parse-url.js → ..._modules/hosted-git-info/lib/parse-url.js
diff --git a/...node_modules/hosted-git-info/package.json → ...node_modules/hosted-git-info/package.json b/...node_modules/hosted-git-info/package.json → ...node_modules/hosted-git-info/package.json
diff --git a/...te/node_modules/make-fetch-happen/LICENSE → ...or/node_modules/make-fetch-happen/LICENSE b/...te/node_modules/make-fetch-happen/LICENSE → ...or/node_modules/make-fetch-happen/LICENSE
diff --git a/...ules/make-fetch-happen/lib/cache/entry.js → ...ules/make-fetch-happen/lib/cache/entry.js b/...ules/make-fetch-happen/lib/cache/entry.js → ...ules/make-fetch-happen/lib/cache/entry.js
diff --git a/...les/make-fetch-happen/lib/cache/errors.js → ...les/make-fetch-happen/lib/cache/errors.js b/...les/make-fetch-happen/lib/cache/errors.js → ...les/make-fetch-happen/lib/cache/errors.js
diff --git a/...ules/make-fetch-happen/lib/cache/index.js → ...ules/make-fetch-happen/lib/cache/index.js b/...ules/make-fetch-happen/lib/cache/index.js → ...ules/make-fetch-happen/lib/cache/index.js
diff --git a/...odules/make-fetch-happen/lib/cache/key.js → ...odules/make-fetch-happen/lib/cache/key.js b/...odules/make-fetch-happen/lib/cache/key.js → ...odules/make-fetch-happen/lib/cache/key.js
diff --git a/...les/make-fetch-happen/lib/cache/policy.js → ...les/make-fetch-happen/lib/cache/policy.js b/...les/make-fetch-happen/lib/cache/policy.js → ...les/make-fetch-happen/lib/cache/policy.js
diff --git a/...de_modules/make-fetch-happen/lib/fetch.js → ...de_modules/make-fetch-happen/lib/fetch.js b/...de_modules/make-fetch-happen/lib/fetch.js → ...de_modules/make-fetch-happen/lib/fetch.js
diff --git a/...de_modules/make-fetch-happen/lib/index.js → ...de_modules/make-fetch-happen/lib/index.js b/...de_modules/make-fetch-happen/lib/index.js → ...de_modules/make-fetch-happen/lib/index.js
diff --git a/..._modules/make-fetch-happen/lib/options.js → ..._modules/make-fetch-happen/lib/options.js b/..._modules/make-fetch-happen/lib/options.js → ..._modules/make-fetch-happen/lib/options.js
diff --git a/...modules/make-fetch-happen/lib/pipeline.js → ...modules/make-fetch-happen/lib/pipeline.js b/...modules/make-fetch-happen/lib/pipeline.js → ...modules/make-fetch-happen/lib/pipeline.js
diff --git a/...e_modules/make-fetch-happen/lib/remote.js → ...e_modules/make-fetch-happen/lib/remote.js b/...e_modules/make-fetch-happen/lib/remote.js → ...e_modules/make-fetch-happen/lib/remote.js
diff --git a/...de_modules/make-fetch-happen/package.json → ...de_modules/make-fetch-happen/package.json b/...de_modules/make-fetch-happen/package.json → ...de_modules/make-fetch-happen/package.json
diff --git a/...de_modules/normalize-package-data/LICENSE → ...de_modules/normalize-package-data/LICENSE b/...de_modules/normalize-package-data/LICENSE → ...de_modules/normalize-package-data/LICENSE
diff --git a/...e-package-data/lib/extract_description.js → ...e-package-data/lib/extract_description.js b/...e-package-data/lib/extract_description.js → ...e-package-data/lib/extract_description.js
diff --git a/...dules/normalize-package-data/lib/fixer.js → ...dules/normalize-package-data/lib/fixer.js b/...dules/normalize-package-data/lib/fixer.js → ...dules/normalize-package-data/lib/fixer.js
diff --git a/...ormalize-package-data/lib/make_warning.js → ...ormalize-package-data/lib/make_warning.js b/...ormalize-package-data/lib/make_warning.js → ...ormalize-package-data/lib/make_warning.js
diff --git a/...s/normalize-package-data/lib/normalize.js → ...s/normalize-package-data/lib/normalize.js b/...s/normalize-package-data/lib/normalize.js → ...s/normalize-package-data/lib/normalize.js
diff --git a/...normalize-package-data/lib/safe_format.js → ...normalize-package-data/lib/safe_format.js b/...normalize-package-data/lib/safe_format.js → ...normalize-package-data/lib/safe_format.js
diff --git a/...les/normalize-package-data/lib/typos.json → ...les/normalize-package-data/lib/typos.json b/...les/normalize-package-data/lib/typos.json → ...les/normalize-package-data/lib/typos.json
diff --git a/...ze-package-data/lib/warning_messages.json → ...ze-package-data/lib/warning_messages.json b/...ze-package-data/lib/warning_messages.json → ...ze-package-data/lib/warning_messages.json
diff --git a/...dules/normalize-package-data/package.json → ...dules/normalize-package-data/package.json b/...dules/normalize-package-data/package.json → ...dules/normalize-package-data/package.json
diff --git a/...e/node_modules/npm-install-checks/LICENSE → ...r/node_modules/npm-install-checks/LICENSE b/...e/node_modules/npm-install-checks/LICENSE → ...r/node_modules/npm-install-checks/LICENSE
diff --git a/...e_modules/npm-install-checks/lib/index.js → ...e_modules/npm-install-checks/lib/index.js b/...e_modules/npm-install-checks/lib/index.js → ...e_modules/npm-install-checks/lib/index.js
diff --git a/...e_modules/npm-install-checks/package.json → ...e_modules/npm-install-checks/package.json b/...e_modules/npm-install-checks/package.json → ...e_modules/npm-install-checks/package.json
diff --git a/...cote/node_modules/npm-package-arg/LICENSE → ...ator/node_modules/npm-package-arg/LICENSE b/...cote/node_modules/npm-package-arg/LICENSE → ...ator/node_modules/npm-package-arg/LICENSE
diff --git a/...e/node_modules/npm-package-arg/lib/npa.js → ...r/node_modules/npm-package-arg/lib/npa.js b/...e/node_modules/npm-package-arg/lib/npa.js → ...r/node_modules/npm-package-arg/lib/npa.js
diff --git a/...node_modules/npm-package-arg/package.json → ...node_modules/npm-package-arg/package.json b/...node_modules/npm-package-arg/package.json → ...node_modules/npm-package-arg/package.json
diff --git a/...es/pacote/node_modules/cacache/LICENSE.md → ...node_modules/npm-pick-manifest/LICENSE.md b/...es/pacote/node_modules/cacache/LICENSE.md → ...node_modules/npm-pick-manifest/LICENSE.md
diff --git a/...de_modules/npm-pick-manifest/lib/index.js → ...de_modules/npm-pick-manifest/lib/index.js b/...de_modules/npm-pick-manifest/lib/index.js → ...de_modules/npm-pick-manifest/lib/index.js
diff --git a/...de_modules/npm-pick-manifest/package.json → ...de_modules/npm-pick-manifest/package.json b/...de_modules/npm-pick-manifest/package.json → ...de_modules/npm-pick-manifest/package.json
diff --git a/...pacote/node_modules/@npmcli/fs/LICENSE.md → ...ode_modules/npm-registry-fetch/LICENSE.md b/...pacote/node_modules/@npmcli/fs/LICENSE.md → ...ode_modules/npm-registry-fetch/LICENSE.md
diff --git a/...de_modules/npm-registry-fetch/lib/auth.js → ...de_modules/npm-registry-fetch/lib/auth.js b/...de_modules/npm-registry-fetch/lib/auth.js → ...de_modules/npm-registry-fetch/lib/auth.js
diff --git a/.../npm-registry-fetch/lib/check-response.js → .../npm-registry-fetch/lib/check-response.js b/.../npm-registry-fetch/lib/check-response.js → .../npm-registry-fetch/lib/check-response.js
diff --git a/...es/npm-registry-fetch/lib/default-opts.js → ...es/npm-registry-fetch/lib/default-opts.js b/...es/npm-registry-fetch/lib/default-opts.js → ...es/npm-registry-fetch/lib/default-opts.js
diff --git a/..._modules/npm-registry-fetch/lib/errors.js → ..._modules/npm-registry-fetch/lib/errors.js b/..._modules/npm-registry-fetch/lib/errors.js → ..._modules/npm-registry-fetch/lib/errors.js
diff --git a/...e_modules/npm-registry-fetch/lib/index.js → ...e_modules/npm-registry-fetch/lib/index.js b/...e_modules/npm-registry-fetch/lib/index.js → ...e_modules/npm-registry-fetch/lib/index.js
diff --git a/...les/npm-registry-fetch/lib/json-stream.js → ...les/npm-registry-fetch/lib/json-stream.js b/...les/npm-registry-fetch/lib/json-stream.js → ...les/npm-registry-fetch/lib/json-stream.js
diff --git a/...e_modules/npm-registry-fetch/package.json → ...e_modules/npm-registry-fetch/package.json b/...e_modules/npm-registry-fetch/package.json → ...e_modules/npm-registry-fetch/package.json
diff --git a/node_modules/@npmcli/metavuln-calculator/node_modules/pacote/LICENSE b/node_modules/@npmcli/metavuln-calculator/node_modules/pacote/LICENSE
@@ -0,0 +1,15 @@
+The ISC License
+
+Copyright (c) Isaac Z. Schlueter, Kat Marchán, npm, Inc., and Contributors
+
+Permission to use, copy, modify, and/or distribute this software for any
+purpose with or without fee is hereby granted, provided that the above
+copyright notice and this permission notice appear in all copies.
+
+THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR
+IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
diff --git a/node_modules/@npmcli/metavuln-calculator/node_modules/pacote/bin/index.js b/node_modules/@npmcli/metavuln-calculator/node_modules/pacote/bin/index.js
@@ -0,0 +1,158 @@
+#!/usr/bin/env node
+
+const run = conf => {
+  const pacote = require('../')
+  switch (conf._[0]) {
+    case 'resolve':
+    case 'manifest':
+    case 'packument':
+      if (conf._[0] === 'resolve' && conf.long) {
+        return pacote.manifest(conf._[1], conf).then(mani => ({
+          resolved: mani._resolved,
+          integrity: mani._integrity,
+          from: mani._from,
+        }))
+      }
+      return pacote[conf._[0]](conf._[1], conf)
+
+    case 'tarball':
+      if (!conf._[2] || conf._[2] === '-') {
+        return pacote.tarball.stream(conf._[1], stream => {
+          stream.pipe(
+            conf.testStdout ||
+            /* istanbul ignore next */
+            process.stdout
+          )
+          // make sure it resolves something falsey
+          return stream.promise().then(() => {
+            return false
+          })
+        }, conf)
+      } else {
+        return pacote.tarball.file(conf._[1], conf._[2], conf)
+      }
+
+    case 'extract':
+      return pacote.extract(conf._[1], conf._[2], conf)
+
+    default: /* istanbul ignore next */ {
+      throw new Error(`bad command: ${conf._[0]}`)
+    }
+  }
+}
+
+const version = require('../package.json').version
+const usage = () =>
+`Pacote - The JavaScript Package Handler, v${version}
+
+Usage:
+
+  pacote resolve <spec>
+    Resolve a specifier and output the fully resolved target
+    Returns integrity and from if '--long' flag is set.
+
+  pacote manifest <spec>
+    Fetch a manifest and print to stdout
+
+  pacote packument <spec>
+    Fetch a full packument and print to stdout
+
+  pacote tarball <spec> [<filename>]
+    Fetch a package tarball and save to <filename>
+    If <filename> is missing or '-', the tarball will be streamed to stdout.
+
+  pacote extract <spec> <folder>
+    Extract a package to the destination folder.
+
+Configuration values all match the names of configs passed to npm, or
+options passed to Pacote.  Additional flags for this executable:
+
+  --long     Print an object from 'resolve', including integrity and spec.
+  --json     Print result objects as JSON rather than node's default.
+             (This is the default if stdout is not a TTY.)
+  --help -h  Print this helpful text.
+
+For example '--cache=/path/to/folder' will use that folder as the cache.
+`
+
+const shouldJSON = (conf, result) =>
+  conf.json ||
+  !process.stdout.isTTY &&
+  conf.json === undefined &&
+  result &&
+  typeof result === 'object'
+
+const pretty = (conf, result) =>
+  shouldJSON(conf, result) ? JSON.stringify(result, 0, 2) : result
+
+let addedLogListener = false
+const main = args => {
+  const conf = parse(args)
+  if (conf.help || conf.h) {
+    return console.log(usage())
+  }
+
+  if (!addedLogListener) {
+    process.on('log', console.error)
+    addedLogListener = true
+  }
+
+  try {
+    return run(conf)
+      .then(result => result && console.log(pretty(conf, result)))
+      .catch(er => {
+        console.error(er)
+        process.exit(1)
+      })
+  } catch (er) {
+    console.error(er.message)
+    console.error(usage())
+  }
+}
+
+const parseArg = arg => {
+  const split = arg.slice(2).split('=')
+  const k = split.shift()
+  const v = split.join('=')
+  const no = /^no-/.test(k) && !v
+  const key = (no ? k.slice(3) : k)
+    .replace(/^tag$/, 'defaultTag')
+    .replace(/-([a-z])/g, (_, c) => c.toUpperCase())
+  const value = v ? v.replace(/^~/, process.env.HOME) : !no
+  return { key, value }
+}
+
+const parse = args => {
+  const conf = {
+    _: [],
+    cache: process.env.HOME + '/.npm/_cacache',
+  }
+  let dashdash = false
+  args.forEach(arg => {
+    if (dashdash) {
+      conf._.push(arg)
+    } else if (arg === '--') {
+      dashdash = true
+    } else if (arg === '-h') {
+      conf.help = true
+    } else if (/^--/.test(arg)) {
+      const { key, value } = parseArg(arg)
+      conf[key] = value
+    } else {
+      conf._.push(arg)
+    }
+  })
+  return conf
+}
+
+if (module === require.main) {
+  main(process.argv.slice(2))
+} else {
+  module.exports = {
+    main,
+    run,
+    usage,
+    parseArg,
+    parse,
+  }
+}
diff --git a/node_modules/@npmcli/metavuln-calculator/node_modules/pacote/lib/dir.js b/node_modules/@npmcli/metavuln-calculator/node_modules/pacote/lib/dir.js
@@ -0,0 +1,100 @@
+const { resolve } = require('node:path')
+const packlist = require('npm-packlist')
+const runScript = require('@npmcli/run-script')
+const tar = require('tar')
+const { Minipass } = require('minipass')
+const Fetcher = require('./fetcher.js')
+const FileFetcher = require('./file.js')
+const _ = require('./util/protected.js')
+const tarCreateOptions = require('./util/tar-create-options.js')
+
+class DirFetcher extends Fetcher {
+  constructor (spec, opts) {
+    super(spec, opts)
+    // just the fully resolved filename
+    this.resolved = this.spec.fetchSpec
+
+    this.tree = opts.tree || null
+    this.Arborist = opts.Arborist || null
+  }
+
+  // exposes tarCreateOptions as public API
+  static tarCreateOptions (manifest) {
+    return tarCreateOptions(manifest)
+  }
+
+  get types () {
+    return ['directory']
+  }
+
+  #prepareDir () {
+    return this.manifest().then(mani => {
+      if (!mani.scripts || !mani.scripts.prepare) {
+        return
+      }
+
+      // we *only* run prepare.
+      // pre/post-pack is run by the npm CLI for publish and pack,
+      // but this function is *also* run when installing git deps
+      const stdio = this.opts.foregroundScripts ? 'inherit' : 'pipe'
+
+      return runScript({
+        pkg: mani,
+        event: 'prepare',
+        path: this.resolved,
+        stdio,
+        env: {
+          npm_package_resolved: this.resolved,
+          npm_package_integrity: this.integrity,
+          npm_package_json: resolve(this.resolved, 'package.json'),
+        },
+      })
+    })
+  }
+
+  [_.tarballFromResolved] () {
+    if (!this.tree && !this.Arborist) {
+      throw new Error('DirFetcher requires either a tree or an Arborist constructor to pack')
+    }
+
+    const stream = new Minipass()
+    stream.resolved = this.resolved
+    stream.integrity = this.integrity
+
+    const { prefix, workspaces } = this.opts
+
+    // run the prepare script, get the list of files, and tar it up
+    // pipe to the stream, and proxy errors the chain.
+    this.#prepareDir()
+      .then(async () => {
+        if (!this.tree) {
+          const arb = new this.Arborist({ path: this.resolved })
+          this.tree = await arb.loadActual()
+        }
+        return packlist(this.tree, { path: this.resolved, prefix, workspaces })
+      })
+      .then(files => tar.c(tarCreateOptions(this.package), files)
+        .on('error', er => stream.emit('error', er)).pipe(stream))
+      .catch(er => stream.emit('error', er))
+    return stream
+  }
+
+  manifest () {
+    if (this.package) {
+      return Promise.resolve(this.package)
+    }
+
+    return this[_.readPackageJson](this.resolved)
+      .then(mani => this.package = {
+        ...mani,
+        _integrity: this.integrity && String(this.integrity),
+        _resolved: this.resolved,
+        _from: this.from,
+      })
+  }
+
+  packument () {
+    return FileFetcher.prototype.packument.apply(this)
+  }
+}
+module.exports = DirFetcher