mirror of
https://github.com/verdaccio/verdaccio.git
synced 2024-12-16 21:56:25 -05:00
fix: allows pkg names that start with dash
Description
In sinopia 9f662a69e1 (diff-50e3aa130a4f97a42ee2cf111c7b1d9d)
a validation name for packages that start with dashs was added due this pattern is reserved by couchdb, but npmjs allows that now. I guess this is not a restriction anymore.
fix: https://github.com/verdaccio/verdaccio/issues/1400
This commit is contained in:
parent
54e62fbb53
commit
e319435d73
2 changed files with 14 additions and 3 deletions
|
@ -50,18 +50,27 @@ export function convertPayloadToBase64(payload: string): Buffer {
|
|||
* @param {*} name the package name
|
||||
* @return {Boolean} whether is valid or not
|
||||
*/
|
||||
export function validateName(name: string): boolean {
|
||||
export function validateName(name: string, isScoped: boolean = false): boolean {
|
||||
if (_.isString(name) === false) {
|
||||
return false;
|
||||
}
|
||||
|
||||
const normalizedName: string = name.toLowerCase();
|
||||
|
||||
// all URL-safe characters and "@" for issue #75
|
||||
/**
|
||||
* Some context about the first regex
|
||||
* - npm used to have a different tarball naming system.
|
||||
* eg: http://registry.npmjs.com/thirty-two
|
||||
* https://registry.npmjs.org/thirty-two/-/thirty-two@0.0.1.tgz
|
||||
* The file name thirty-two@0.0.1.tgz, the version and the pkg name was separated by an at (@)
|
||||
* while nowadays the naming system is based in dashes
|
||||
* https://registry.npmjs.org/verdaccio/-/verdaccio-1.4.0.tgz
|
||||
*
|
||||
* more info here: https://github.com/rlidwka/sinopia/issues/75
|
||||
*/
|
||||
return !(
|
||||
!normalizedName.match(/^[-a-zA-Z0-9_.!~*'()@]+$/) ||
|
||||
normalizedName.charAt(0) === '.' || // ".bin", etc.
|
||||
normalizedName.charAt(0) === '-' || // "-" is reserved by couchdb
|
||||
normalizedName === 'node_modules' ||
|
||||
normalizedName === '__proto__' ||
|
||||
normalizedName === 'favicon.ico'
|
||||
|
|
|
@ -246,6 +246,8 @@ describe('Utilities', () => {
|
|||
expect(validateName('verdaccio')).toBeTruthy();
|
||||
expect(validateName('some.weird.package-zzz')).toBeTruthy();
|
||||
expect(validateName('old-package@0.1.2.tgz')).toBeTruthy();
|
||||
// fix https://github.com/verdaccio/verdaccio/issues/1400
|
||||
expect(validateName('-build-infra')).toBeTruthy();
|
||||
});
|
||||
|
||||
test('should be valid using uppercase', () => {
|
||||
|
|
Loading…
Reference in a new issue