diff --git a/.pnp.cjs b/.pnp.cjs index 6e8990e63..77886181e 100755 --- a/.pnp.cjs +++ b/.pnp.cjs @@ -104,7 +104,7 @@ function $$SETUP_STATE(hydrateRuntimeState, basePath) { ["eslint-plugin-prettier", "virtual:7f7b3df50ee4b7b1719ad19fad11505dc2788f3227a7e5cc9ca19f71d8cb309c9d33b532ea2b2b60ab65abf6cc12153df4643c5e6e17d01ea0ae0492723bb4b4#npm:5.2.1"],\ ["eslint-plugin-simple-import-sort", "virtual:7f7b3df50ee4b7b1719ad19fad11505dc2788f3227a7e5cc9ca19f71d8cb309c9d33b532ea2b2b60ab65abf6cc12153df4643c5e6e17d01ea0ae0492723bb4b4#npm:12.1.1"],\ ["eslint-plugin-verdaccio", "npm:10.0.0"],\ - ["express", "npm:4.21.1"],\ + ["express", "npm:4.21.2"],\ ["express-rate-limit", "npm:5.5.1"],\ ["fast-safe-stringify", "npm:2.1.1"],\ ["fs-extra", "npm:10.1.0"],\ @@ -8897,6 +8897,44 @@ function $$SETUP_STATE(hydrateRuntimeState, basePath) { ["vary", "npm:1.1.2"]\ ],\ "linkType": "HARD"\ + }],\ + ["npm:4.21.2", {\ + "packageLocation": "./.yarn/cache/express-npm-4.21.2-9b3bd32250-3aef1d3556.zip/node_modules/express/",\ + "packageDependencies": [\ + ["express", "npm:4.21.2"],\ + ["accepts", "npm:1.3.8"],\ + ["array-flatten", "npm:1.1.1"],\ + ["body-parser", "npm:1.20.3"],\ + ["content-disposition", "npm:0.5.4"],\ + ["content-type", "npm:1.0.5"],\ + ["cookie", "npm:0.7.1"],\ + ["cookie-signature", "npm:1.0.6"],\ + ["debug", "virtual:c7b184cd14c02e3ce555ab1875e60cf5033c617e17d82c4c02ea822101d3c817f48bf25a766b4d4335742dc5c9c14c2e88a57ed955a56c4ad0613899f82f5618#npm:2.6.9"],\ + ["depd", "npm:2.0.0"],\ + ["encodeurl", "npm:2.0.0"],\ + ["escape-html", "npm:1.0.3"],\ + ["etag", "npm:1.8.1"],\ + ["finalhandler", "npm:1.3.1"],\ + ["fresh", "npm:0.5.2"],\ + ["http-errors", "npm:2.0.0"],\ + ["merge-descriptors", "npm:1.0.3"],\ + ["methods", "npm:1.1.2"],\ + ["on-finished", "npm:2.4.1"],\ + ["parseurl", "npm:1.3.3"],\ + ["path-to-regexp", "npm:0.1.12"],\ + ["proxy-addr", "npm:2.0.7"],\ + ["qs", "npm:6.13.0"],\ + ["range-parser", "npm:1.2.1"],\ + ["safe-buffer", "npm:5.2.1"],\ + ["send", "npm:0.19.0"],\ + ["serve-static", "npm:1.16.2"],\ + ["setprototypeof", "npm:1.2.0"],\ + ["statuses", "npm:2.0.1"],\ + ["type-is", "npm:1.6.18"],\ + ["utils-merge", "npm:1.0.1"],\ + ["vary", "npm:1.1.2"]\ + ],\ + "linkType": "HARD"\ }]\ ]],\ ["express-rate-limit", [\ @@ -12644,6 +12682,13 @@ function $$SETUP_STATE(hydrateRuntimeState, basePath) { ["path-to-regexp", "npm:0.1.10"]\ ],\ "linkType": "HARD"\ + }],\ + ["npm:0.1.12", {\ + "packageLocation": "./.yarn/cache/path-to-regexp-npm-0.1.12-a9bf1de212-ab237858be.zip/node_modules/path-to-regexp/",\ + "packageDependencies": [\ + ["path-to-regexp", "npm:0.1.12"]\ + ],\ + "linkType": "HARD"\ }]\ ]],\ ["path-type", [\ @@ -15238,7 +15283,7 @@ function $$SETUP_STATE(hydrateRuntimeState, basePath) { ["eslint-plugin-prettier", "virtual:7f7b3df50ee4b7b1719ad19fad11505dc2788f3227a7e5cc9ca19f71d8cb309c9d33b532ea2b2b60ab65abf6cc12153df4643c5e6e17d01ea0ae0492723bb4b4#npm:5.2.1"],\ ["eslint-plugin-simple-import-sort", "virtual:7f7b3df50ee4b7b1719ad19fad11505dc2788f3227a7e5cc9ca19f71d8cb309c9d33b532ea2b2b60ab65abf6cc12153df4643c5e6e17d01ea0ae0492723bb4b4#npm:12.1.1"],\ ["eslint-plugin-verdaccio", "npm:10.0.0"],\ - ["express", "npm:4.21.1"],\ + ["express", "npm:4.21.2"],\ ["express-rate-limit", "npm:5.5.1"],\ ["fast-safe-stringify", "npm:2.1.1"],\ ["fs-extra", "npm:10.1.0"],\ diff --git a/.yarn/cache/express-npm-4.21.2-9b3bd32250-3aef1d3556.zip b/.yarn/cache/express-npm-4.21.2-9b3bd32250-3aef1d3556.zip new file mode 100644 index 000000000..bfca91519 Binary files /dev/null and b/.yarn/cache/express-npm-4.21.2-9b3bd32250-3aef1d3556.zip differ diff --git a/.yarn/cache/path-to-regexp-npm-0.1.12-a9bf1de212-ab237858be.zip b/.yarn/cache/path-to-regexp-npm-0.1.12-a9bf1de212-ab237858be.zip new file mode 100644 index 000000000..2f68fccd5 Binary files /dev/null and b/.yarn/cache/path-to-regexp-npm-0.1.12-a9bf1de212-ab237858be.zip differ diff --git a/package.json b/package.json index e17497b0e..c69a88a12 100644 --- a/package.json +++ b/package.json @@ -40,7 +40,7 @@ "cors": "2.8.5", "debug": "4.3.7", "envinfo": "7.14.0", - "express": "4.21.1", + "express": "4.21.2", "express-rate-limit": "5.5.1", "fast-safe-stringify": "2.1.1", "handlebars": "4.7.8", diff --git a/src/api/web/api/package.ts b/src/api/web/api/package.ts index f3c9d9305..2d77b9e7c 100644 --- a/src/api/web/api/package.ts +++ b/src/api/web/api/package.ts @@ -114,12 +114,12 @@ function addPackageWebApi(pkgRouter: Router, storage: Storage, auth: Auth, confi // Get package readme pkgRouter.get( - '/-/verdaccio/data/package/readme/(@:scope/)?:package/:version?', + '/-/verdaccio/data/package/readme/:scope(@[^/]+)?/:package/:version?', can('access'), function (req: $RequestExtend, res: $ResponseExtend, next: $NextFunctionVer): void { - const packageName = req.params.scope - ? addScope(req.params.scope, req.params.package) - : req.params.package; + const rawScope = req.params.scope; // May include '@' + const scope = rawScope ? rawScope.slice(1) : null; // Remove '@' if present + const packageName = scope ? addScope(scope, req.params.package) : req.params.package; storage.getPackage({ name: packageName, @@ -138,12 +138,12 @@ function addPackageWebApi(pkgRouter: Router, storage: Storage, auth: Auth, confi ); pkgRouter.get( - '/-/verdaccio/data/sidebar/(@:scope/)?:package', + '/-/verdaccio/data/sidebar/:scope(@[^/]+)?/:package', can('access'), function (req: $RequestExtend, res: $ResponseExtend, next: $NextFunctionVer): void { - const packageName: string = req.params.scope - ? addScope(req.params.scope, req.params.package) - : req.params.package; + const rawScope = req.params.scope; // May include '@' + const scope = rawScope ? rawScope.slice(1) : null; // Remove '@' if present + const packageName: string = scope ? addScope(scope, req.params.package) : req.params.package; storage.getPackage({ name: packageName, diff --git a/yarn.lock b/yarn.lock index a856353b1..f36ea3a5f 100644 --- a/yarn.lock +++ b/yarn.lock @@ -6137,6 +6137,45 @@ __metadata: languageName: node linkType: hard +"express@npm:4.21.2": + version: 4.21.2 + resolution: "express@npm:4.21.2" + dependencies: + accepts: ~1.3.8 + array-flatten: 1.1.1 + body-parser: 1.20.3 + content-disposition: 0.5.4 + content-type: ~1.0.4 + cookie: 0.7.1 + cookie-signature: 1.0.6 + debug: 2.6.9 + depd: 2.0.0 + encodeurl: ~2.0.0 + escape-html: ~1.0.3 + etag: ~1.8.1 + finalhandler: 1.3.1 + fresh: 0.5.2 + http-errors: 2.0.0 + merge-descriptors: 1.0.3 + methods: ~1.1.2 + on-finished: 2.4.1 + parseurl: ~1.3.3 + path-to-regexp: 0.1.12 + proxy-addr: ~2.0.7 + qs: 6.13.0 + range-parser: ~1.2.1 + safe-buffer: 5.2.1 + send: 0.19.0 + serve-static: 1.16.2 + setprototypeof: 1.2.0 + statuses: 2.0.1 + type-is: ~1.6.18 + utils-merge: 1.0.1 + vary: ~1.1.2 + checksum: 3aef1d355622732e20b8f3a7c112d4391d44e2131f4f449e1f273a309752a41abfad714e881f177645517cbe29b3ccdc10b35e7e25c13506114244a5b72f549d + languageName: node + linkType: hard + "extend@npm:~3.0.2": version: 3.0.2 resolution: "extend@npm:3.0.2" @@ -9439,6 +9478,13 @@ __metadata: languageName: node linkType: hard +"path-to-regexp@npm:0.1.12": + version: 0.1.12 + resolution: "path-to-regexp@npm:0.1.12" + checksum: ab237858bee7b25ecd885189f175ab5b5161e7b712b360d44f5c4516b8d271da3e4bf7bf0a7b9153ecb04c7d90ce8ff5158614e1208819cf62bac2b08452722e + languageName: node + linkType: hard + "path-type@npm:^3.0.0": version: 3.0.0 resolution: "path-type@npm:3.0.0" @@ -11841,7 +11887,7 @@ __metadata: eslint-plugin-prettier: 5.2.1 eslint-plugin-simple-import-sort: 12.1.1 eslint-plugin-verdaccio: 10.0.0 - express: 4.21.1 + express: 4.21.2 express-rate-limit: 5.5.1 fast-safe-stringify: 2.1.1 fs-extra: 10.1.0