Merge pull request #1409 from verdaccio/fix-1400

fix: allows pkg names that starts with dash

src/lib/utils.ts

@@ -57,11 +57,20 @@ export function validateName(name: string): boolean {
 
   const normalizedName: string = name.toLowerCase();
 
-  // all URL-safe characters and "@" for issue #75
+  /**
+   * Some context about the first regex
+   * - npm used to have a different tarball naming system.
+   * eg: http://registry.npmjs.com/thirty-two
+   * https://registry.npmjs.org/thirty-two/-/thirty-two@0.0.1.tgz
+   * The file name thirty-two@0.0.1.tgz, the version and the pkg name was separated by an at (@)
+   * while nowadays the naming system is based in dashes
+   * https://registry.npmjs.org/verdaccio/-/verdaccio-1.4.0.tgz
+   *
+   * more info here: https://github.com/rlidwka/sinopia/issues/75
+   */
   return !(
     !normalizedName.match(/^[-a-zA-Z0-9_.!~*'()@]+$/) ||
     normalizedName.charAt(0) === '.' || // ".bin", etc.
-    normalizedName.charAt(0) === '-' || // "-" is reserved by couchdb
     normalizedName === 'node_modules' ||
     normalizedName === '__proto__' ||
     normalizedName === 'favicon.ico'

test/unit/modules/utils/utils.spec.ts

@@ -246,6 +246,8 @@ describe('Utilities', () => {
           expect(validateName('verdaccio')).toBeTruthy();
           expect(validateName('some.weird.package-zzz')).toBeTruthy();
           expect(validateName('old-package@0.1.2.tgz')).toBeTruthy();
+          // fix https://github.com/verdaccio/verdaccio/issues/1400
+          expect(validateName('-build-infra')).toBeTruthy();
         });
 
         test('should be valid using uppercase', () => {