From e319435d738268d9b1f2168c84060833457ad5f7 Mon Sep 17 00:00:00 2001 From: "Juan Picado @jotadeveloper" Date: Sat, 27 Jul 2019 18:28:41 +0200 Subject: [PATCH 1/2] fix: allows pkg names that start with dash Description In sinopia https://github.com/rlidwka/sinopia/commit/9f662a69e19a15dd90f568fc3a3ebf65b33cbd80#diff-50e3aa130a4f97a42ee2cf111c7b1d9d a validation name for packages that start with dashs was added due this pattern is reserved by couchdb, but npmjs allows that now. I guess this is not a restriction anymore. fix: https://github.com/verdaccio/verdaccio/issues/1400 --- src/lib/utils.ts | 15 ++++++++++++--- test/unit/modules/utils/utils.spec.ts | 2 ++ 2 files changed, 14 insertions(+), 3 deletions(-) diff --git a/src/lib/utils.ts b/src/lib/utils.ts index e1d86be77..376ccf010 100644 --- a/src/lib/utils.ts +++ b/src/lib/utils.ts @@ -50,18 +50,27 @@ export function convertPayloadToBase64(payload: string): Buffer { * @param {*} name the package name * @return {Boolean} whether is valid or not */ -export function validateName(name: string): boolean { +export function validateName(name: string, isScoped: boolean = false): boolean { if (_.isString(name) === false) { return false; } const normalizedName: string = name.toLowerCase(); - // all URL-safe characters and "@" for issue #75 + /** + * Some context about the first regex + * - npm used to have a different tarball naming system. + * eg: http://registry.npmjs.com/thirty-two + * https://registry.npmjs.org/thirty-two/-/thirty-two@0.0.1.tgz + * The file name thirty-two@0.0.1.tgz, the version and the pkg name was separated by an at (@) + * while nowadays the naming system is based in dashes + * https://registry.npmjs.org/verdaccio/-/verdaccio-1.4.0.tgz + * + * more info here: https://github.com/rlidwka/sinopia/issues/75 + */ return !( !normalizedName.match(/^[-a-zA-Z0-9_.!~*'()@]+$/) || normalizedName.charAt(0) === '.' || // ".bin", etc. - normalizedName.charAt(0) === '-' || // "-" is reserved by couchdb normalizedName === 'node_modules' || normalizedName === '__proto__' || normalizedName === 'favicon.ico' diff --git a/test/unit/modules/utils/utils.spec.ts b/test/unit/modules/utils/utils.spec.ts index aea6b0007..2e040e1bb 100644 --- a/test/unit/modules/utils/utils.spec.ts +++ b/test/unit/modules/utils/utils.spec.ts @@ -246,6 +246,8 @@ describe('Utilities', () => { expect(validateName('verdaccio')).toBeTruthy(); expect(validateName('some.weird.package-zzz')).toBeTruthy(); expect(validateName('old-package@0.1.2.tgz')).toBeTruthy(); + // fix https://github.com/verdaccio/verdaccio/issues/1400 + expect(validateName('-build-infra')).toBeTruthy(); }); test('should be valid using uppercase', () => { From fcd8a7f7bf3a8dc16413ff2bb8417da1b41ab150 Mon Sep 17 00:00:00 2001 From: "Juan Picado @jotadeveloper" Date: Sun, 28 Jul 2019 11:44:28 +0200 Subject: [PATCH 2/2] chore: remove unused parameter --- src/lib/utils.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lib/utils.ts b/src/lib/utils.ts index 376ccf010..7b3178ad0 100644 --- a/src/lib/utils.ts +++ b/src/lib/utils.ts @@ -50,7 +50,7 @@ export function convertPayloadToBase64(payload: string): Buffer { * @param {*} name the package name * @return {Boolean} whether is valid or not */ -export function validateName(name: string, isScoped: boolean = false): boolean { +export function validateName(name: string): boolean { if (_.isString(name) === false) { return false; }