0
Fork 0
mirror of https://github.com/verdaccio/verdaccio.git synced 2024-12-16 21:56:25 -05:00

feat: allows package.json as package name (#1149)

This commit is contained in:
Juan Picado @jotadeveloper 2018-12-06 08:34:42 +01:00 committed by GitHub
parent 9d3b7ba32c
commit 6554973e2b
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 7 additions and 12 deletions

View file

@ -409,7 +409,7 @@ class LocalStorage implements IStorage {
_transform.apply(uploadStream, arguments);
};
if (name === pkgFileName || name === '__proto__') {
if (name === '__proto__') {
process.nextTick(() => {
uploadStream.emit('error', ErrorCode.getForbidden());
});

View file

@ -75,7 +75,6 @@ function validateName(name: string): boolean {
name.charAt(0) === '-' || // "-" is reserved by couchdb
name === 'node_modules' ||
name === '__proto__' ||
name === 'package.json' ||
name === 'favicon.ico'
);
}

View file

@ -9,7 +9,7 @@ export default function(server) {
});
test('should fails on fetch bad pkg #1', () => {
return server.getPackage('package.json')
return server.getPackage('__proto__')
.status(HTTP_STATUS.FORBIDDEN)
.body_error(/invalid package/);
});
@ -31,8 +31,8 @@ export default function(server) {
});
});
test('should fails and do not return package.json as an attachment', () => {
return server.request({uri: '/testpkg-sec/-/package.json'})
test('should fails and do not return __proto__ as an attachment', () => {
return server.request({uri: '/testpkg-sec/-/__proto__'})
.status(HTTP_STATUS.FORBIDDEN)
.body_error(/invalid filename/);
});
@ -49,7 +49,7 @@ export default function(server) {
});
test('should fails on fetch silly things - writing #1', () => {
return server.putTarball('testpkg-sec', 'package.json', '{}')
return server.putTarball('testpkg-sec', '__proto__', '{}')
.status(HTTP_STATUS.FORBIDDEN)
.body_error(/invalid filename/);
});

View file

@ -344,7 +344,7 @@ describe('LocalStorage', () => {
stream.on('error', (err) => {
expect(err).not.toBeNull();
expect(err.statusCode).toEqual(HTTP_STATUS.CONFLICT);
expect(err.message).toMatch(/this package is already present/);
expect(err.message).toMatch(/this package is already present/);
});
stream.on('success', function(){
expect(spy).toHaveBeenCalled();
@ -385,7 +385,7 @@ describe('LocalStorage', () => {
});
test('should fails on abort on add a new tarball', (done) => {
const stream = storage.addTarball('package.json', `${pkgName}-fails-add-tarball-1.0.4.tgz`);
const stream = storage.addTarball('__proto__', `${pkgName}-fails-add-tarball-1.0.4.tgz`);
stream.abort();
stream.on('error', function(err) {
expect(err).not.toBeNull();

View file

@ -59,10 +59,6 @@ describe('Utilities', () => {
assert(validate('JSONStream'));
});
test('no package.json', () => {
assert(!validate('package.json'));
});
test('no path seps', () => {
assert(!validate('some/thing'));
assert(!validate('some\\thing'));