0
Fork 0
mirror of https://github.com/verdaccio/verdaccio.git synced 2024-12-16 21:56:25 -05:00

fix: allows pkg names that start with dash

Description

In sinopia 9f662a69e1 (diff-50e3aa130a4f97a42ee2cf111c7b1d9d) a validation name for packages that start with dashs was added due this pattern is reserved by couchdb, but npmjs allows that now. I guess this is not a restriction anymore.

fix: https://github.com/verdaccio/verdaccio/issues/1400
This commit is contained in:
Juan Picado @jotadeveloper 2019-07-27 18:28:41 +02:00
parent 54e62fbb53
commit e319435d73
No known key found for this signature in database
GPG key ID: 15AA875EF3768142
2 changed files with 14 additions and 3 deletions

View file

@ -50,18 +50,27 @@ export function convertPayloadToBase64(payload: string): Buffer {
* @param {*} name the package name * @param {*} name the package name
* @return {Boolean} whether is valid or not * @return {Boolean} whether is valid or not
*/ */
export function validateName(name: string): boolean { export function validateName(name: string, isScoped: boolean = false): boolean {
if (_.isString(name) === false) { if (_.isString(name) === false) {
return false; return false;
} }
const normalizedName: string = name.toLowerCase(); const normalizedName: string = name.toLowerCase();
// all URL-safe characters and "@" for issue #75 /**
* Some context about the first regex
* - npm used to have a different tarball naming system.
* eg: http://registry.npmjs.com/thirty-two
* https://registry.npmjs.org/thirty-two/-/thirty-two@0.0.1.tgz
* The file name thirty-two@0.0.1.tgz, the version and the pkg name was separated by an at (@)
* while nowadays the naming system is based in dashes
* https://registry.npmjs.org/verdaccio/-/verdaccio-1.4.0.tgz
*
* more info here: https://github.com/rlidwka/sinopia/issues/75
*/
return !( return !(
!normalizedName.match(/^[-a-zA-Z0-9_.!~*'()@]+$/) || !normalizedName.match(/^[-a-zA-Z0-9_.!~*'()@]+$/) ||
normalizedName.charAt(0) === '.' || // ".bin", etc. normalizedName.charAt(0) === '.' || // ".bin", etc.
normalizedName.charAt(0) === '-' || // "-" is reserved by couchdb
normalizedName === 'node_modules' || normalizedName === 'node_modules' ||
normalizedName === '__proto__' || normalizedName === '__proto__' ||
normalizedName === 'favicon.ico' normalizedName === 'favicon.ico'

View file

@ -246,6 +246,8 @@ describe('Utilities', () => {
expect(validateName('verdaccio')).toBeTruthy(); expect(validateName('verdaccio')).toBeTruthy();
expect(validateName('some.weird.package-zzz')).toBeTruthy(); expect(validateName('some.weird.package-zzz')).toBeTruthy();
expect(validateName('old-package@0.1.2.tgz')).toBeTruthy(); expect(validateName('old-package@0.1.2.tgz')).toBeTruthy();
// fix https://github.com/verdaccio/verdaccio/issues/1400
expect(validateName('-build-infra')).toBeTruthy();
}); });
test('should be valid using uppercase', () => { test('should be valid using uppercase', () => {