From 7d9e35679d989c607f77fd0413277295835f1215 Mon Sep 17 00:00:00 2001 From: SukkaW Date: Sat, 13 Apr 2024 23:30:08 +0800 Subject: [PATCH 1/3] refactor: reduce installation size by replace `pacote` --- package.json | 4 +- pnpm-lock.yaml | 308 +++++------------------------------------ src/io/resolves.ts | 4 +- src/utils/packument.ts | 22 +++ 4 files changed, 58 insertions(+), 280 deletions(-) create mode 100644 src/utils/packument.ts diff --git a/package.json b/package.json index 319dc80..868149f 100644 --- a/package.json +++ b/package.json @@ -40,10 +40,11 @@ "deepmerge": "^4.3.1", "detect-indent": "^7.0.1", "execa": "^8.0.1", - "pacote": "^17.0.6", + "npm-registry-fetch": "^16.2.1", "picocolors": "^1.0.0", "prompts": "^2.4.2", "semver": "^7.6.0", + "ufo": "^1.5.3", "unconfig": "^0.3.11", "yargs": "^17.7.2" }, @@ -53,6 +54,7 @@ "@types/cli-progress": "^3.11.5", "@types/debug": "^4.1.12", "@types/node": "^20.11.16", + "@types/npm-registry-fetch": "^8.0.7", "@types/pacote": "^11.1.8", "@types/prompts": "^2.4.9", "@types/semver": "^7.5.6", diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index cc4237e..44948e0 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -26,9 +26,9 @@ importers: execa: specifier: ^8.0.1 version: 8.0.1 - pacote: - specifier: ^17.0.6 - version: 17.0.6 + npm-registry-fetch: + specifier: ^16.2.1 + version: 16.2.1 picocolors: specifier: ^1.0.0 version: 1.0.0 @@ -38,6 +38,9 @@ importers: semver: specifier: ^7.6.0 version: 7.6.0 + ufo: + specifier: ^1.5.3 + version: 1.5.3 unconfig: specifier: ^0.3.11 version: 0.3.11 @@ -60,6 +63,9 @@ importers: '@types/node': specifier: ^20.11.16 version: 20.11.16 + '@types/npm-registry-fetch': + specifier: ^8.0.7 + version: 8.0.7 '@types/pacote': specifier: ^11.1.8 version: 11.1.8 @@ -1008,31 +1014,6 @@ packages: semver: 7.6.0 dev: false - /@npmcli/git@5.0.3: - resolution: {integrity: sha512-UZp9NwK+AynTrKvHn5k3KviW/hA5eENmFsu3iAPe7sWRt0lFUdsY/wXIYjpDFe7cdSNwOIzbObfwgt6eL5/2zw==} - engines: {node: ^16.14.0 || >=18.0.0} - dependencies: - '@npmcli/promise-spawn': 7.0.0 - lru-cache: 10.1.0 - npm-pick-manifest: 9.0.0 - proc-log: 3.0.0 - promise-inflight: 1.0.1 - promise-retry: 2.0.1 - semver: 7.6.0 - which: 4.0.0 - transitivePeerDependencies: - - bluebird - dev: false - - /@npmcli/installed-package-contents@2.0.2: - resolution: {integrity: sha512-xACzLPhnfD51GKvTOOuNX2/V4G4mz9/1I2MfDoye9kBM3RYe5g2YbscsaGoTlaWqkxeiapBWyseULVKpSVHtKQ==} - engines: {node: ^14.17.0 || ^16.13.0 || >=18.0.0} - hasBin: true - dependencies: - npm-bundled: 3.0.0 - npm-normalize-package-bin: 3.0.1 - dev: false - /@npmcli/map-workspaces@3.0.4: resolution: {integrity: sha512-Z0TbvXkRbacjFFLpVpV0e2mheCh+WzQpcqL+4xp49uNJOxOnIAPZyXtUxZ5Qn3QBTGKA11Exjd9a5411rBrhDg==} engines: {node: ^14.17.0 || ^16.13.0 || >=18.0.0} @@ -1048,29 +1029,9 @@ packages: engines: {node: ^14.17.0 || ^16.13.0 || >=18.0.0} dev: false - /@npmcli/node-gyp@3.0.0: - resolution: {integrity: sha512-gp8pRXC2oOxu0DUE1/M3bYtb1b3/DbJ5aM113+XJBgfXdussRAsX0YOrOhdd8WvnAR6auDBvJomGAkLKA5ydxA==} - engines: {node: ^14.17.0 || ^16.13.0 || >=18.0.0} - dev: false - - /@npmcli/promise-spawn@7.0.0: - resolution: {integrity: sha512-wBqcGsMELZna0jDblGd7UXgOby45TQaMWmbFwWX+SEotk4HV6zG2t6rT9siyLhPk4P6YYqgfL1UO8nMWDBVJXQ==} + /@npmcli/redact@1.1.0: + resolution: {integrity: sha512-PfnWuOkQgu7gCbnSsAisaX7hKOdZ4wSAhAzH3/ph5dSGau52kCRrMMGbiSQLwyTZpgldkZ49b0brkOr1AzGBHQ==} engines: {node: ^16.14.0 || >=18.0.0} - dependencies: - which: 4.0.0 - dev: false - - /@npmcli/run-script@7.0.2: - resolution: {integrity: sha512-Omu0rpA8WXvcGeY6DDzyRoY1i5DkCBkzyJ+m2u7PD6quzb0TvSqdIPOkTn8ZBOj7LbbcbMfZ3c5skwSu6m8y2w==} - engines: {node: ^16.14.0 || >=18.0.0} - dependencies: - '@npmcli/node-gyp': 3.0.0 - '@npmcli/promise-spawn': 7.0.0 - node-gyp: 10.0.1 - read-package-json-fast: 3.0.2 - which: 4.0.0 - transitivePeerDependencies: - - supports-color dev: false /@pkgjs/parseargs@0.11.0: @@ -1266,54 +1227,6 @@ packages: dev: true optional: true - /@sigstore/bundle@2.1.1: - resolution: {integrity: sha512-v3/iS+1nufZdKQ5iAlQKcCsoh0jffQyABvYIxKsZQFWc4ubuGjwZklFHpDgV6O6T7vvV78SW5NHI91HFKEcxKg==} - engines: {node: ^16.14.0 || >=18.0.0} - dependencies: - '@sigstore/protobuf-specs': 0.2.1 - dev: false - - /@sigstore/core@0.2.0: - resolution: {integrity: sha512-THobAPPZR9pDH2CAvDLpkrYedt7BlZnsyxDe+Isq4ZmGfPy5juOFZq487vCU2EgKD7aHSiTfE/i7sN7aEdzQnA==} - engines: {node: ^16.14.0 || >=18.0.0} - dev: false - - /@sigstore/protobuf-specs@0.2.1: - resolution: {integrity: sha512-XTWVxnWJu+c1oCshMLwnKvz8ZQJJDVOlciMfgpJBQbThVjKTCG8dwyhgLngBD2KN0ap9F/gOV8rFDEx8uh7R2A==} - engines: {node: ^14.17.0 || ^16.13.0 || >=18.0.0} - dev: false - - /@sigstore/sign@2.2.1: - resolution: {integrity: sha512-U5sKQEj+faE1MsnLou1f4DQQHeFZay+V9s9768lw48J4pKykPj34rWyI1lsMOGJ3Mae47Ye6q3HAJvgXO21rkQ==} - engines: {node: ^16.14.0 || >=18.0.0} - dependencies: - '@sigstore/bundle': 2.1.1 - '@sigstore/core': 0.2.0 - '@sigstore/protobuf-specs': 0.2.1 - make-fetch-happen: 13.0.0 - transitivePeerDependencies: - - supports-color - dev: false - - /@sigstore/tuf@2.3.0: - resolution: {integrity: sha512-S98jo9cpJwO1mtQ+2zY7bOdcYyfVYCUaofCG6wWRzk3pxKHVAkSfshkfecto2+LKsx7Ovtqbgb2LS8zTRhxJ9Q==} - engines: {node: ^16.14.0 || >=18.0.0} - dependencies: - '@sigstore/protobuf-specs': 0.2.1 - tuf-js: 2.2.0 - transitivePeerDependencies: - - supports-color - dev: false - - /@sigstore/verify@0.1.0: - resolution: {integrity: sha512-2UzMNYAa/uaz11NhvgRnIQf4gpLTJ59bhb8ESXaoSS5sxedfS+eLak8bsdMc+qpNQfITUTFoSKFx5h8umlRRiA==} - engines: {node: ^16.14.0 || >=18.0.0} - dependencies: - '@sigstore/bundle': 2.1.1 - '@sigstore/core': 0.2.0 - '@sigstore/protobuf-specs': 0.2.1 - dev: false - /@sinclair/typebox@0.27.8: resolution: {integrity: sha512-+Fj43pSMwJs4KRrH/938Uf+uAELIgVBmQzg/q1YG10djyfA3TnrU8N8XzqCh/okZdszqBQTZf96idMfE5lnwTA==} dev: true @@ -1389,19 +1302,6 @@ packages: engines: {node: '>=10.13.0'} dev: true - /@tufjs/canonical-json@2.0.0: - resolution: {integrity: sha512-yVtV8zsdo8qFHe+/3kw81dSLyF7D576A5cCFCi4X7B39tWT7SekaEFUnvnWJHz+9qO7qJTah1JbrDjWKqFtdWA==} - engines: {node: ^16.14.0 || >=18.0.0} - dev: false - - /@tufjs/models@2.0.0: - resolution: {integrity: sha512-c8nj8BaOExmZKO2DXhDfegyhSGcG9E/mPN3U13L+/PsoWm1uaGiHHjxqSHQiasDBQwDA3aHuw9+9spYAP1qvvg==} - engines: {node: ^16.14.0 || >=18.0.0} - dependencies: - '@tufjs/canonical-json': 2.0.0 - minimatch: 9.0.3 - dev: false - /@types/cli-progress@3.11.5: resolution: {integrity: sha512-D4PbNRbviKyppS5ivBGyFO29POlySLmA2HyUFE4p5QGazAMM3CwkKWcvTl8gvElSuxRh6FPKL8XmidX873ou4g==} dependencies: @@ -2447,11 +2347,6 @@ packages: engines: {node: '>=0.12'} dev: true - /env-paths@2.2.1: - resolution: {integrity: sha512-+h1lkLKhZMTYjog1VEpJNG7NZJWcuc2DDk/qsqSTRRCOXiLjeQ1d1/udrUGhqMxUgAlwKNZ0cf2uqan5GLuS2A==} - engines: {node: '>=6'} - dev: false - /err-code@2.0.3: resolution: {integrity: sha512-2bmlRpNKBxT/CRmPOlyISQpNj+qSeYvcym/uT0Jx2bMOlKLtSy1ZmLuVxSEKKyor/N5yhvp/ZiG1oE3DEYMSFA==} dev: false @@ -3014,10 +2909,6 @@ packages: signal-exit: 4.1.0 strip-final-newline: 3.0.0 - /exponential-backoff@3.1.1: - resolution: {integrity: sha512-dX7e/LHVJ6W3DE1MHWi9S1EYzDESENfLrYohG2G++ovZrYOkm4Knwa0mc1cn84xJOR4KEU0WSchhLbd0UklbHw==} - dev: false - /fast-deep-equal@3.1.3: resolution: {integrity: sha512-f3qQ9oQy9j2AhBe/H9VC91wLmKBCCU/gDOnKNAYG5hswO7BLKj09Hc5HYNz9cGI++xlpDCIgDaitVs03ATR84Q==} dev: true @@ -3151,6 +3042,7 @@ packages: /function-bind@1.1.2: resolution: {integrity: sha512-7XHNxH7qX9xG5mIwxkhumTox/MIRNcOgDrxWsMt2pAr23WHp6MrRlN7FBSFpCpr+oVO0F744iUgR82nJMfG2SA==} + dev: true /gensync@1.0.0-beta.2: resolution: {integrity: sha512-3hN7NaskYvMDLQY55gnW3NQ+mesEAepTqlg+VEbj7zzqEMBVNhzcGYYeqFo/TlYz6eQiFcp1HcsCZO+nGgS8zg==} @@ -3280,6 +3172,7 @@ packages: /graceful-fs@4.2.11: resolution: {integrity: sha512-RbJ5/jmFcNNCcDV5o9eTnBLJ/HszWV0P73bc+Ff4nS/rJj+YaS6IGyiOL0VoBYX+l1Wrl3k63h/KrH+nhJ0XvQ==} + dev: true /graphemer@1.4.0: resolution: {integrity: sha512-EtKwoO6kxCL9WO5xipiHTZlSzBm7WLT627TqC/uVRd0HKmq8NXyebnNYxDoBi7wt8eTWrUrKXCOVaFq9x1kgag==} @@ -3301,6 +3194,7 @@ packages: engines: {node: '>= 0.4'} dependencies: function-bind: 1.1.2 + dev: true /hookable@5.5.3: resolution: {integrity: sha512-Yc+BQe8SvoXH1643Qez1zqLRmbA5rCL+sSmk6TVos0LWVfNIB7PGncdlId77WzLGSIB5KaWgTaNTs2lNVEI6VQ==} @@ -3354,13 +3248,6 @@ packages: dev: false optional: true - /ignore-walk@6.0.3: - resolution: {integrity: sha512-C7FfFoTA+bI10qfeydT8aZbvr91vAEU+2W5BZUlzPec47oNb07SsOfwYrtxuvOYdUApPP/Qlh4DtAO51Ekk2QA==} - engines: {node: ^14.17.0 || ^16.13.0 || >=18.0.0} - dependencies: - minimatch: 9.0.3 - dev: false - /ignore@5.3.0: resolution: {integrity: sha512-g7dmpshy+gD7mh88OC9NwSGTKoc3kyLAZQRU1mt53Aw/vnvfXnbC+F/7F7QoYVKbV+KNvJx8wArewKy1vXMtlg==} engines: {node: '>= 4'} @@ -3435,6 +3322,7 @@ packages: resolution: {integrity: sha512-hHrIjvZsftOsvKSn2TRYl63zvxsgE0K+0mYMoH6gD4omR5IWB2KynivBQczo3+wF1cCkjzvptnI9Q0sPU66ilw==} dependencies: hasown: 2.0.0 + dev: true /is-decimal@1.0.4: resolution: {integrity: sha512-RGdriMmQQvZ2aqaQq3awNA6dCGtKpiDFcOzrTWrDAT2MiWrKQVPmxLGHl7Y2nNu6led0kEyoX0enY0qXYsv9zw==} @@ -3491,11 +3379,6 @@ packages: /isexe@2.0.0: resolution: {integrity: sha512-RHxMLp9lnKHGHRng9QFhRCMbYAcVpn69smSGcq3f36xjgVVWThj4qqLbTLlq7Ssj8B+fIQ1EuCEGI2lKsyQeIw==} - /isexe@3.1.1: - resolution: {integrity: sha512-LpB/54B+/2J5hqQ7imZHfdU31OlgQqx7ZicVlkm9kzg9/w8GKLEcFfJl/t7DCEDueOyBAD6zCCwTO6Fzs0NoEQ==} - engines: {node: '>=16'} - dev: false - /jackspeak@2.3.6: resolution: {integrity: sha512-N3yCS/NegsOBokc8GAdM8UcmfsKiSS8cipheD/nivzr700H+nsMOxJjQnvwOcRYVuFkdH0wGUvW2WbXGmrZGbQ==} engines: {node: '>=14'} @@ -3903,7 +3786,7 @@ packages: acorn: 8.11.2 pathe: 1.1.1 pkg-types: 1.0.3 - ufo: 1.3.2 + ufo: 1.5.3 /mri@1.2.0: resolution: {integrity: sha512-tzzskb3bG8LvYGFF/mDTpq3jpI6Q9wc3LEmBaghu+DdCssd1FakN7Bc0hVNmEyGq1bq3RgfkCb3cmQLpNPOroA==} @@ -3940,25 +3823,6 @@ packages: resolution: {integrity: sha512-bW9T/uJDPAJB2YNYEpWzE54U5O3MQidXsOyTfnbKYtTtFexRvGzb1waphBN4ZwP6EcIvYYEOwW0b72BpAqydTw==} dev: true - /node-gyp@10.0.1: - resolution: {integrity: sha512-gg3/bHehQfZivQVfqIyy8wTdSymF9yTyP4CJifK73imyNMU8AIGQE2pUa7dNWfmMeG9cDVF2eehiRMv0LC1iAg==} - engines: {node: ^16.14.0 || >=18.0.0} - hasBin: true - dependencies: - env-paths: 2.2.1 - exponential-backoff: 3.1.1 - glob: 10.3.10 - graceful-fs: 4.2.11 - make-fetch-happen: 13.0.0 - nopt: 7.2.0 - proc-log: 3.0.0 - semver: 7.6.0 - tar: 6.2.0 - which: 4.0.0 - transitivePeerDependencies: - - supports-color - dev: false - /node-releases@2.0.13: resolution: {integrity: sha512-uYr7J37ae/ORWdZeQ1xxMJe3NtdmqMC/JZK+geofDrkLUApKRHPd18/TxtBOJ4A0/+uUIliorNrfYV6s1b02eQ==} dev: true @@ -3984,16 +3848,6 @@ packages: validate-npm-package-license: 3.0.4 dev: true - /normalize-package-data@6.0.0: - resolution: {integrity: sha512-UL7ELRVxYBHBgYEtZCXjxuD5vPxnmvMGq0jp/dGPKKrN7tfsBh2IY7TlJ15WWwdjRWD3RJbnsygUurTK3xkPkg==} - engines: {node: ^16.14.0 || >=18.0.0} - dependencies: - hosted-git-info: 7.0.1 - is-core-module: 2.13.1 - semver: 7.6.0 - validate-npm-package-license: 3.0.4 - dev: false - /normalize-path@3.0.0: resolution: {integrity: sha512-6eZs5Ls3WtCisHWp9S2GUy8dqkpGi4BVSz3GaqiE6ezub0512ESztXUwUB6C6IKbQkY2Pnb/mD4WYojCRwcwLA==} engines: {node: '>=0.10.0'} @@ -4004,20 +3858,6 @@ packages: engines: {node: '>=0.10.0'} dev: true - /npm-bundled@3.0.0: - resolution: {integrity: sha512-Vq0eyEQy+elFpzsKjMss9kxqb9tG3YHg4dsyWuUENuzvSUWe1TCnW/vV9FkhvBk/brEDoDiVd+M1Btosa6ImdQ==} - engines: {node: ^14.17.0 || ^16.13.0 || >=18.0.0} - dependencies: - npm-normalize-package-bin: 3.0.1 - dev: false - - /npm-install-checks@6.3.0: - resolution: {integrity: sha512-W29RiK/xtpCGqn6f3ixfRYGk+zRyr+Ew9F2E20BfXxT5/euLdA/Nm7fO7OeTGuAmTs30cpgInyJ0cYe708YTZw==} - engines: {node: ^14.17.0 || ^16.13.0 || >=18.0.0} - dependencies: - semver: 7.6.0 - dev: false - /npm-normalize-package-bin@3.0.1: resolution: {integrity: sha512-dMxCf+zZ+3zeQZXKxmyuCKlIDPGuv8EF940xbkC4kQVDTtqoh6rJFO+JTKSA6/Rwi0getWmtuy4Itup0AMcaDQ==} engines: {node: ^14.17.0 || ^16.13.0 || >=18.0.0} @@ -4033,34 +3873,18 @@ packages: validate-npm-package-name: 5.0.0 dev: false - /npm-packlist@8.0.0: - resolution: {integrity: sha512-ErAGFB5kJUciPy1mmx/C2YFbvxoJ0QJ9uwkCZOeR6CqLLISPZBOiFModAbSXnjjlwW5lOhuhXva+fURsSGJqyw==} - engines: {node: ^14.17.0 || ^16.13.0 || >=18.0.0} - dependencies: - ignore-walk: 6.0.3 - dev: false - - /npm-pick-manifest@9.0.0: - resolution: {integrity: sha512-VfvRSs/b6n9ol4Qb+bDwNGUXutpy76x6MARw/XssevE0TnctIKcmklJZM5Z7nqs5z5aW+0S63pgCNbpkUNNXBg==} - engines: {node: ^16.14.0 || >=18.0.0} - dependencies: - npm-install-checks: 6.3.0 - npm-normalize-package-bin: 3.0.1 - npm-package-arg: 11.0.1 - semver: 7.6.0 - dev: false - - /npm-registry-fetch@16.1.0: - resolution: {integrity: sha512-PQCELXKt8Azvxnt5Y85GseQDJJlglTFM9L9U9gkv2y4e9s0k3GVDdOx3YoB6gm2Do0hlkzC39iCGXby+Wve1Bw==} + /npm-registry-fetch@16.2.1: + resolution: {integrity: sha512-8l+7jxhim55S85fjiDGJ1rZXBWGtRLi1OSb4Z3BPLObPuIaeKRlPRiYMSHU4/81ck3t71Z+UwDDl47gcpmfQQA==} engines: {node: ^16.14.0 || >=18.0.0} dependencies: + '@npmcli/redact': 1.1.0 make-fetch-happen: 13.0.0 minipass: 7.0.4 minipass-fetch: 3.0.4 minipass-json-stream: 1.0.1 minizlib: 2.1.2 npm-package-arg: 11.0.1 - proc-log: 3.0.0 + proc-log: 4.0.0 transitivePeerDependencies: - supports-color dev: false @@ -4085,7 +3909,7 @@ packages: citty: 0.1.5 execa: 8.0.1 pathe: 1.1.2 - ufo: 1.3.2 + ufo: 1.5.3 dev: true /ohash@1.1.3: @@ -4163,34 +3987,6 @@ packages: engines: {node: '>=6'} dev: true - /pacote@17.0.6: - resolution: {integrity: sha512-cJKrW21VRE8vVTRskJo78c/RCvwJCn1f4qgfxL4w77SOWrTCRcmfkYHlHtS0gqpgjv3zhXflRtgsrUCX5xwNnQ==} - engines: {node: ^16.14.0 || >=18.0.0} - hasBin: true - dependencies: - '@npmcli/git': 5.0.3 - '@npmcli/installed-package-contents': 2.0.2 - '@npmcli/promise-spawn': 7.0.0 - '@npmcli/run-script': 7.0.2 - cacache: 18.0.0 - fs-minipass: 3.0.3 - minipass: 7.0.4 - npm-package-arg: 11.0.1 - npm-packlist: 8.0.0 - npm-pick-manifest: 9.0.0 - npm-registry-fetch: 16.1.0 - proc-log: 3.0.0 - promise-retry: 2.0.1 - read-package-json: 7.0.0 - read-package-json-fast: 3.0.2 - sigstore: 2.2.0 - ssri: 10.0.5 - tar: 6.2.0 - transitivePeerDependencies: - - bluebird - - supports-color - dev: false - /parent-module@1.0.1: resolution: {integrity: sha512-GQ2EWRpQV8/o+Aw8YqtfZZPfNRWZYkbidE9k5rpl/hC3vtHHBfGm2Ifi6qWV+coDGkrUKZAxE3Lot5kcsRlh+g==} engines: {node: '>=6'} @@ -4639,13 +4435,9 @@ packages: engines: {node: ^14.17.0 || ^16.13.0 || >=18.0.0} dev: false - /promise-inflight@1.0.1: - resolution: {integrity: sha512-6zWPyEOFaQBJYcGMHBKTKJ3u6TBsnMFOIZSa6ce1e/ZrrsOlnHRHbabMjLiBYKp+n44X9eUI6VUPaukCXHuG4g==} - peerDependencies: - bluebird: '*' - peerDependenciesMeta: - bluebird: - optional: true + /proc-log@4.0.0: + resolution: {integrity: sha512-v1lzmYxGDs2+OZnmYtYZK3DG8zogt+CbQ+o/iqqtTfpyCmGWulCTEQu5GIbivf7OjgIkH2Nr8SH8UxAGugZNbg==} + engines: {node: ^14.17.0 || ^16.13.0 || >=18.0.0} dev: false /promise-retry@2.0.1: @@ -4692,16 +4484,6 @@ packages: npm-normalize-package-bin: 3.0.1 dev: false - /read-package-json@7.0.0: - resolution: {integrity: sha512-uL4Z10OKV4p6vbdvIXB+OzhInYtIozl/VxUBPgNkBuUi2DeRonnuspmaVAMcrkmfjKGNmRndyQAbE7/AmzGwFg==} - engines: {node: ^16.14.0 || >=18.0.0} - dependencies: - glob: 10.3.10 - json-parse-even-better-errors: 3.0.0 - normalize-package-data: 6.0.0 - npm-normalize-package-bin: 3.0.1 - dev: false - /read-pkg-up@7.0.1: resolution: {integrity: sha512-zK0TB7Xd6JpCLmlLmufqykGE+/TlOePD6qKClNW7hHDKFh/J7/7gCWGR7joEQEW1bKq3a3yUZSObOoWLFQ4ohg==} engines: {node: '>=8'} @@ -4880,20 +4662,6 @@ packages: resolution: {integrity: sha512-bzyZ1e88w9O1iNJbKnOlvYTrWPDl46O1bG0D3XInv+9tkPrxrN8jUUTiFlDkkmKWgn1M6CfIA13SuGqOa9Korw==} engines: {node: '>=14'} - /sigstore@2.2.0: - resolution: {integrity: sha512-fcU9clHwEss2/M/11FFM8Jwc4PjBgbhXoNskoK5guoK0qGQBSeUbQZRJ+B2fDFIvhyf0gqCaPrel9mszbhAxug==} - engines: {node: ^16.14.0 || >=18.0.0} - dependencies: - '@sigstore/bundle': 2.1.1 - '@sigstore/core': 0.2.0 - '@sigstore/protobuf-specs': 0.2.1 - '@sigstore/sign': 2.2.1 - '@sigstore/tuf': 2.3.0 - '@sigstore/verify': 0.1.0 - transitivePeerDependencies: - - supports-color - dev: false - /sisteransi@1.0.5: resolution: {integrity: sha512-bLGGlR1QxBcynn2d5YmDX4MGjlZvy2MRBDRNHLJ8VI6l6+9FUiyTFNJ0IveOSP0bcXgVDPRcfGqA0pjaqUpfVg==} @@ -4941,15 +4709,18 @@ packages: dependencies: spdx-expression-parse: 3.0.1 spdx-license-ids: 3.0.16 + dev: true /spdx-exceptions@2.3.0: resolution: {integrity: sha512-/tTrYOC7PPI1nUAgx34hUpqXuyJG+DTHJTnIULG4rDygi4xu/tfgmq1e1cIRwRzwZgo4NLySi+ricLkZkw4i5A==} + dev: true /spdx-expression-parse@3.0.1: resolution: {integrity: sha512-cbqHunsQWnJNE6KhVSMsMeH5H/L9EpymbzqTQ3uLwNCLZ1Q481oWaofqH7nO6V07xlXwY6PhQdQ2IedWx/ZK4Q==} dependencies: spdx-exceptions: 2.3.0 spdx-license-ids: 3.0.16 + dev: true /spdx-expression-parse@4.0.0: resolution: {integrity: sha512-Clya5JIij/7C6bRR22+tnGXbc4VKlibKSVj2iHvVeX5iMW7s1SIQlqu699JkODJJIhh/pUu8L0/VLh8xflD+LQ==} @@ -4960,6 +4731,7 @@ packages: /spdx-license-ids@3.0.16: resolution: {integrity: sha512-eWN+LnM3GR6gPu35WxNgbGl8rmY1AEmoMDvL/QD6zYmPWgywxWqJWNdLGT+ke8dKNWrcYgYjPpG5gbTfghP8rw==} + dev: true /ssri@10.0.5: resolution: {integrity: sha512-bSf16tAFkGeRlUNDjXu8FzaMQt6g2HZJrun7mtMbIPOddxt3GLMSz5VWUWcqTJUPfLEaDIepGxv+bYQW49596A==} @@ -5155,17 +4927,6 @@ packages: fsevents: 2.3.3 dev: true - /tuf-js@2.2.0: - resolution: {integrity: sha512-ZSDngmP1z6zw+FIkIBjvOp/II/mIub/O7Pp12j1WNsiCpg5R5wAc//i555bBQsE44O94btLt0xM/Zr2LQjwdCg==} - engines: {node: ^16.14.0 || >=18.0.0} - dependencies: - '@tufjs/models': 2.0.0 - debug: 4.3.4 - make-fetch-happen: 13.0.0 - transitivePeerDependencies: - - supports-color - dev: false - /type-check@0.4.0: resolution: {integrity: sha512-XleUoc9uwGXqjWwXaUTZAmzMcFZ5858QA2vvx1Ur5xIcixXIP+8LnFDgRplU30us6teqdlskFfu+ae4K79Ooew==} engines: {node: '>= 0.8.0'} @@ -5199,8 +4960,8 @@ packages: hasBin: true dev: true - /ufo@1.3.2: - resolution: {integrity: sha512-o+ORpgGwaYQXgqGDwd+hkS4PuZ3QnmqMMxRuajK/a38L6fTpcE5GPIfrf+L/KemFzfUpeUQc1rRS1iDBozvnFA==} + /ufo@1.5.3: + resolution: {integrity: sha512-Y7HYmWaFwPUmkoQCUIAYpKqkOf+SbVj/2fJJZ4RJMCfZp0rTGwRbzQD+HghfnhKOjL9E01okqz+ncJskGYfBNw==} /unbuild@2.0.0(typescript@5.3.3): resolution: {integrity: sha512-JWCUYx3Oxdzvw2J9kTAp+DKE8df/BnH/JTSj6JyA4SH40ECdFu7FoJJcrm8G92B7TjofQ6GZGjJs50TRxoH6Wg==} @@ -5331,6 +5092,7 @@ packages: dependencies: spdx-correct: 3.2.0 spdx-expression-parse: 3.0.1 + dev: true /validate-npm-package-name@5.0.0: resolution: {integrity: sha512-YuKoXDAhBYxY7SfOKxHBDoSyENFeW5VvIIQp2TGQuit8gpK6MnWaQelBKxso72DoxTZfZdcP3W90LqpSkgPzLQ==} @@ -5482,14 +5244,6 @@ packages: dependencies: isexe: 2.0.0 - /which@4.0.0: - resolution: {integrity: sha512-GlaYyEb07DPxYCKhKzplCWBJtvxZcZMrL+4UkrTSJHHPyZU4mYYTv3qaOe77H7EODLSSopAUFAc6W8U4yqvscg==} - engines: {node: ^16.13.0 || >=18.0.0} - hasBin: true - dependencies: - isexe: 3.1.1 - dev: false - /why-is-node-running@2.2.2: resolution: {integrity: sha512-6tSwToZxTOcotxHeA+qGCq1mVzKR3CwcJGmVcY+QE8SHy6TnpFnh8PAvPNHYr7EcuVeG0QSMxtYCuO1ta/G/oA==} engines: {node: '>=8'} diff --git a/src/io/resolves.ts b/src/io/resolves.ts index bdef4ff..050d4c3 100644 --- a/src/io/resolves.ts +++ b/src/io/resolves.ts @@ -1,7 +1,6 @@ import { existsSync, promises as fs, lstatSync } from 'node:fs' import { resolve } from 'node:path' import os from 'node:os' -import pacote from 'pacote' import semver from 'semver' import _debug from 'debug' import { getNpmConfig } from '../utils/npm' @@ -10,6 +9,7 @@ import { diffSorter } from '../filters/diff-sorter' import { getMaxSatisfying, getPrefixedVersion } from '../utils/versions' import { getPackageMode } from '../utils/config' import { parsePnpmPackagePath, parseYarnPackagePath } from '../utils/package' +import { fetchPackumentWithFullMetaData } from '../utils/packument' const debug = { cache: _debug('taze:cache'), @@ -69,7 +69,7 @@ export async function getPackageData(name: string): Promise { try { debug.resolve(`resolving ${name}`) const npmConfig = await getNpmConfig() - const data = await pacote.packument(name, { ...npmConfig, fullMetadata: true }) + const data = await fetchPackumentWithFullMetaData(name, npmConfig) if (data) { const result = { diff --git a/src/utils/packument.ts b/src/utils/packument.ts new file mode 100644 index 0000000..31e1e69 --- /dev/null +++ b/src/utils/packument.ts @@ -0,0 +1,22 @@ +import process from 'node:process' +import npmRegistryFetch from 'npm-registry-fetch' +import { joinURL } from 'ufo' + +import type { Packument, Options as PacoteOptions } from 'pacote' + +export async function fetchPackumentWithFullMetaData(name: string, opts: PacoteOptions): Promise { + const registry = npmRegistryFetch.pickRegistry(name, opts) + const url = joinURL(registry, name) + const fetchOptions = { + ...opts, + headers: { + 'user-agent': opts.userAgent || `taze@npm node/${process.version}`, + // use `application/json` to fetch full metadata + 'accept': 'application/json', + ...opts.headers, + }, + spec: name, + } + + return npmRegistryFetch.json(url, fetchOptions) as unknown as Promise +} From ac935ad1eca83834d20927abf94bb9427ee20bfa Mon Sep 17 00:00:00 2001 From: SukkaW Date: Sun, 14 Apr 2024 00:18:47 +0800 Subject: [PATCH 2/3] fix: use `npa` to parse package name before fetch --- package.json | 2 ++ pnpm-lock.yaml | 14 ++++++++++---- src/utils/packument.ts | 10 +++++++++- 3 files changed, 21 insertions(+), 5 deletions(-) diff --git a/package.json b/package.json index 868149f..6a07a40 100644 --- a/package.json +++ b/package.json @@ -40,6 +40,7 @@ "deepmerge": "^4.3.1", "detect-indent": "^7.0.1", "execa": "^8.0.1", + "npm-package-arg": "^11.0.2", "npm-registry-fetch": "^16.2.1", "picocolors": "^1.0.0", "prompts": "^2.4.2", @@ -54,6 +55,7 @@ "@types/cli-progress": "^3.11.5", "@types/debug": "^4.1.12", "@types/node": "^20.11.16", + "@types/npm-package-arg": "^6.1.4", "@types/npm-registry-fetch": "^8.0.7", "@types/pacote": "^11.1.8", "@types/prompts": "^2.4.9", diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 44948e0..74ca2e0 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -26,6 +26,9 @@ importers: execa: specifier: ^8.0.1 version: 8.0.1 + npm-package-arg: + specifier: ^11.0.2 + version: 11.0.2 npm-registry-fetch: specifier: ^16.2.1 version: 16.2.1 @@ -63,6 +66,9 @@ importers: '@types/node': specifier: ^20.11.16 version: 20.11.16 + '@types/npm-package-arg': + specifier: ^6.1.4 + version: 6.1.4 '@types/npm-registry-fetch': specifier: ^8.0.7 version: 8.0.7 @@ -3863,12 +3869,12 @@ packages: engines: {node: ^14.17.0 || ^16.13.0 || >=18.0.0} dev: false - /npm-package-arg@11.0.1: - resolution: {integrity: sha512-M7s1BD4NxdAvBKUPqqRW957Xwcl/4Zvo8Aj+ANrzvIPzGJZElrH7Z//rSaec2ORcND6FHHLnZeY8qgTpXDMFQQ==} + /npm-package-arg@11.0.2: + resolution: {integrity: sha512-IGN0IAwmhDJwy13Wc8k+4PEbTPhpJnMtfR53ZbOyjkvmEcLS4nCwp6mvMWjS5sUjeiW3mpx6cHmuhKEu9XmcQw==} engines: {node: ^16.14.0 || >=18.0.0} dependencies: hosted-git-info: 7.0.1 - proc-log: 3.0.0 + proc-log: 4.0.0 semver: 7.6.0 validate-npm-package-name: 5.0.0 dev: false @@ -3883,7 +3889,7 @@ packages: minipass-fetch: 3.0.4 minipass-json-stream: 1.0.1 minizlib: 2.1.2 - npm-package-arg: 11.0.1 + npm-package-arg: 11.0.2 proc-log: 4.0.0 transitivePeerDependencies: - supports-color diff --git a/src/utils/packument.ts b/src/utils/packument.ts index 31e1e69..659499e 100644 --- a/src/utils/packument.ts +++ b/src/utils/packument.ts @@ -1,15 +1,23 @@ import process from 'node:process' import npmRegistryFetch from 'npm-registry-fetch' import { joinURL } from 'ufo' +import npa from 'npm-package-arg' import type { Packument, Options as PacoteOptions } from 'pacote' -export async function fetchPackumentWithFullMetaData(name: string, opts: PacoteOptions): Promise { +export async function fetchPackumentWithFullMetaData(spec: string, opts: PacoteOptions): Promise { + const { name } = npa(spec) + + if (!name) + throw new Error(`Invalid package name: ${name}`) + const registry = npmRegistryFetch.pickRegistry(name, opts) + const url = joinURL(registry, name) const fetchOptions = { ...opts, headers: { + // ensure that we always send *something*, other wise npm registry will reject the request 'user-agent': opts.userAgent || `taze@npm node/${process.version}`, // use `application/json` to fetch full metadata 'accept': 'application/json', From 37cee9cec940b2fed49ea6e67d7d5ba84e5c61bc Mon Sep 17 00:00:00 2001 From: SukkaW Date: Sun, 14 Apr 2024 00:26:40 +0800 Subject: [PATCH 3/3] chore: fix build --- package.json | 1 - pnpm-lock.yaml | 12 ------------ src/types.ts | 25 ++++++++++++++++++++++++- src/utils/packument.ts | 6 +++--- 4 files changed, 27 insertions(+), 17 deletions(-) diff --git a/package.json b/package.json index 6a07a40..85ea46d 100644 --- a/package.json +++ b/package.json @@ -57,7 +57,6 @@ "@types/node": "^20.11.16", "@types/npm-package-arg": "^6.1.4", "@types/npm-registry-fetch": "^8.0.7", - "@types/pacote": "^11.1.8", "@types/prompts": "^2.4.9", "@types/semver": "^7.5.6", "@types/yargs": "^17.0.32", diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 74ca2e0..2f078c8 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -72,9 +72,6 @@ importers: '@types/npm-registry-fetch': specifier: ^8.0.7 version: 8.0.7 - '@types/pacote': - specifier: ^11.1.8 - version: 11.1.8 '@types/prompts': specifier: ^2.4.9 version: 2.4.9 @@ -1375,15 +1372,6 @@ packages: '@types/node': 20.11.16 dev: true - /@types/pacote@11.1.8: - resolution: {integrity: sha512-/XLR0VoTh2JEO0jJg1q/e6Rh9bxjBq9vorJuQmtT7rRrXSiWz7e7NsvXVYJQ0i8JxMlBMPPYDTnrRe7MZRFA8Q==} - dependencies: - '@types/node': 20.11.16 - '@types/npm-registry-fetch': 8.0.7 - '@types/npmlog': 7.0.0 - '@types/ssri': 7.1.5 - dev: true - /@types/prompts@2.4.9: resolution: {integrity: sha512-qTxFi6Buiu8+50/+3DGIWLHM6QuWsEKugJnnP6iv2Mc4ncxE4A/OJkjuVOA+5X0X1S/nq5VJRa8Lu+nwcvbrKA==} dependencies: diff --git a/src/types.ts b/src/types.ts index 4c1d757..adab46f 100644 --- a/src/types.ts +++ b/src/types.ts @@ -1,4 +1,3 @@ -import type { Packument } from 'pacote' import type { SortOption } from './utils/sort' export type RangeMode = 'default' | 'major' | 'minor' | 'patch' | 'latest' | 'newest' @@ -26,6 +25,30 @@ export interface RawDep { export type DiffType = 'major' | 'minor' | 'patch' | 'error' | null +// @types/pacote uses "import = require()" syntax which is not supported by unbuild +// So instead of using @types/pacote, we declare the type definition with only fields we need +export interface Packument { + name: string + /** + * An object where each key is a version, and each value is the manifest for + * that version. + */ + versions: Record> + /** + * An object mapping dist-tags to version numbers. This is how `foo@latest` + * gets turned into `foo@1.2.3`. + */ + 'dist-tags': { latest: string } & Record + /** + * In the full packument, an object mapping version numbers to publication + * times, for the `opts.before` functionality. + */ + time: Record & { + created: string + modified: string + } +} + export interface PackageData { tags: Record versions: string[] diff --git a/src/utils/packument.ts b/src/utils/packument.ts index 659499e..129497a 100644 --- a/src/utils/packument.ts +++ b/src/utils/packument.ts @@ -1,11 +1,11 @@ import process from 'node:process' -import npmRegistryFetch from 'npm-registry-fetch' +import npmRegistryFetch, { type Options } from 'npm-registry-fetch' import { joinURL } from 'ufo' import npa from 'npm-package-arg' -import type { Packument, Options as PacoteOptions } from 'pacote' +import type { Packument } from '../types' -export async function fetchPackumentWithFullMetaData(spec: string, opts: PacoteOptions): Promise { +export async function fetchPackumentWithFullMetaData(spec: string, opts: Options): Promise { const { name } = npa(spec) if (!name)