0
Fork 0
mirror of https://github.com/verdaccio/verdaccio.git synced 2024-12-16 21:56:25 -05:00

Merge remote-tracking branch 'origin/master' into 4.x

# Conflicts:
#	CHANGELOG.md
#	Dockerfile
#	package.json
#	src/lib/local-storage.js
#	src/lib/utils.js
#	test/unit/api/utils.spec.js
This commit is contained in:
Juan Picado @jotadeveloper 2018-12-06 23:04:42 +01:00
commit eb2947213d
No known key found for this signature in database
GPG key ID: 18AC54485952D158
15 changed files with 160 additions and 30 deletions

View file

@ -45,6 +45,35 @@ All notable changes to this project will be documented in this file. See [standa
* verdaccio update notification on CLI ([#988](https://github.com/verdaccio/verdaccio/issues/988)) ([#998](https://github.com/verdaccio/verdaccio/issues/998)) ([bc04703](https://github.com/verdaccio/verdaccio/commit/bc04703))
<a name="3.10.0"></a>
# [3.10.0](https://github.com/verdaccio/verdaccio/compare/v3.9.0...v3.10.0) (2018-12-06)
### Bug Fixes
* update docker node to 10.14.1 ([#1148](https://github.com/verdaccio/verdaccio/issues/1148)) ([68165ca](https://github.com/verdaccio/verdaccio/commit/68165ca))
### Features
* allows package.json as package name ([#1149](https://github.com/verdaccio/verdaccio/issues/1149)) ([6554973](https://github.com/verdaccio/verdaccio/commit/6554973))
<a name="3.9.0"></a>
# [3.9.0](https://github.com/verdaccio/verdaccio/compare/v3.8.6...v3.9.0) (2018-12-04)
### Bug Fixes
* update node within Dockerfile ([#1139](https://github.com/verdaccio/verdaccio/issues/1139)) ([24e9121](https://github.com/verdaccio/verdaccio/commit/24e9121))
### Features
* display package peer deps ([#1144](https://github.com/verdaccio/verdaccio/issues/1144)) ([9b52b1d](https://github.com/verdaccio/verdaccio/commit/9b52b1d))
<a name="3.8.6"></a>
## [3.8.6](https://github.com/verdaccio/verdaccio/compare/v3.8.5...v3.8.6) (2018-11-15)
@ -86,6 +115,7 @@ All notable changes to this project will be documented in this file. See [standa
* don't exit if using https and pfx is enabled ([#1061](https://github.com/verdaccio/verdaccio/issues/1061)) ([#1062](https://github.com/verdaccio/verdaccio/issues/1062)) ([315a3b2](https://github.com/verdaccio/verdaccio/commit/315a3b2))
<a name="3.8.2"></a>
## [3.8.2](https://github.com/verdaccio/verdaccio/compare/v3.8.1...v3.8.2) (2018-09-27)

View file

@ -1,4 +1,4 @@
FROM node:10.7-alpine as builder
FROM node:10.14.1-alpine as builder
ENV NODE_ENV=production \
VERDACCIO_BUILD_REGISTRY=https://registry.npmjs.org/

5
docs/where-are-docs.md Normal file
View file

@ -0,0 +1,5 @@
## Where are the docs now?
The documentation was relocated to the following website:
https://github.com/verdaccio/website

View file

@ -403,7 +403,7 @@ class LocalStorage implements IStorage {
_transform.apply(uploadStream, appliedData);
};
if (name === STORAGE.PACKAGE_FILE_NAME || name === '__proto__') {
if (name === '__proto__') {
process.nextTick(() => {
uploadStream.emit('error', ErrorCode.getForbidden());
});

View file

@ -69,7 +69,6 @@ export function validateName(name: string): boolean {
normalizedName.charAt(0) === '-' || // "-" is reserved by couchdb
normalizedName === 'node_modules' ||
normalizedName === '__proto__' ||
normalizedName === 'package.json' ||
normalizedName === 'favicon.ico'
);
}

View file

@ -4,6 +4,7 @@ import get from 'lodash/get';
import LastSync from './modules/LastSync';
import Maintainers from './modules/Maintainers';
import Dependencies from './modules/Dependencies';
import PeerDependencies from './modules/PeerDependencies';
import Infos from './modules/Infos';
import {
@ -65,6 +66,7 @@ export default class PackageSidebar extends React.Component {
// Dependencies component
const dependencies = get(packageMeta, 'latest.dependencies', {});
const peerDependencies = get(packageMeta, 'latest.peerDependencies', {});
// Maintainers component
return (
@ -83,6 +85,7 @@ export default class PackageSidebar extends React.Component {
{/* TODO: Refacor later, when we decide to show only maintainers/authors */}
<Maintainers packageMeta={packageMeta} />
<Dependencies dependencies={dependencies} />
<PeerDependencies dependencies={peerDependencies} />
{/* Package management module? Help us implement it! */}
</aside>
);

View file

@ -29,10 +29,10 @@ const renderDependenciesList = (dependencies, dependenciesList) => {
);
};
const Dependencies = ({dependencies = {}}) => {
const Dependencies = ({dependencies = {}, title = 'Dependencies'}) => {
const dependenciesList = Object.keys(dependencies);
return (
<Module title="Dependencies" className={classes.dependenciesModule}>
<Module title={title} className={classes.dependenciesModule}>
{dependenciesList.length > 0 ? (
renderDependenciesList(dependencies, dependenciesList)
) : (
@ -43,7 +43,8 @@ const Dependencies = ({dependencies = {}}) => {
};
Dependencies.propTypes = {
dependencies: PropTypes.object
dependencies: PropTypes.object,
title: PropTypes.string
};
export default Dependencies;

View file

@ -0,0 +1,18 @@
import React from 'react';
import PropTypes from 'prop-types';
import Dependencies from '../Dependencies';
export const TITLE = 'Peer Dependencies'
const PeerDependencies = ({dependencies = {}, title = TITLE}) => {
return (
<Dependencies title={title} dependencies={dependencies} />
);
};
PeerDependencies.propTypes = {
dependencies: PropTypes.object,
title: PropTypes.string
};
export default PeerDependencies;

View file

@ -9,7 +9,7 @@ export default function(server) {
});
test('should fails on fetch bad pkg #1', () => {
return server.getPackage('package.json')
return server.getPackage('__proto__')
.status(HTTP_STATUS.FORBIDDEN)
.body_error(/invalid package/);
});
@ -31,8 +31,8 @@ export default function(server) {
});
});
test('should fails and do not return package.json as an attachment', () => {
return server.request({uri: '/testpkg-sec/-/package.json'})
test('should fails and do not return __proto__ as an attachment', () => {
return server.request({uri: '/testpkg-sec/-/__proto__'})
.status(HTTP_STATUS.FORBIDDEN)
.body_error(/invalid filename/);
});
@ -49,7 +49,7 @@ export default function(server) {
});
test('should fails on fetch silly things - writing #1', () => {
return server.putTarball('testpkg-sec', 'package.json', '{}')
return server.putTarball('testpkg-sec', '__proto__', '{}')
.status(HTTP_STATUS.FORBIDDEN)
.body_error(/invalid filename/);
});

View file

@ -384,7 +384,7 @@ describe('LocalStorage', () => {
});
test('should fails on abort on add a new tarball', (done) => {
const stream = storage.addTarball('package.json', `${pkgName}-fails-add-tarball-1.0.4.tgz`);
const stream = storage.addTarball('__proto__', `${pkgName}-fails-add-tarball-1.0.4.tgz`);
stream.abort();
stream.on('error', function(err) {
expect(err).not.toBeNull();

View file

@ -210,10 +210,6 @@ describe('Utilities', () => {
expect(validateName('JSONStream')).toBeTruthy();
});
test('should fails using package.json', () => {
expect(validateName('package.json')).toBeFalsy();
});
test('should fails with path seps', () => {
expect(validateName('some/thing')).toBeFalsy();
expect(validateName('some\\thing')).toBeFalsy();

View file

@ -3,3 +3,5 @@
exports[`<PackageSidebar /> : <Dependencies /> should load dependencies 1`] = `"<div class=\\"module dependenciesModule\\"><h2 class=\\"moduleTitle\\">Dependencies</h2><div><ul><li class=\\"dependency-item\\" title=\\"Depend on version: 0.0.3\\"><a href=\\"http://localhost/#/detail/@verdaccio/file-locking\\">@verdaccio/file-locking</a><span>, </span></li><li class=\\"dependency-item\\" title=\\"Depend on version: 0.0.2\\"><a href=\\"http://localhost/#/detail/@verdaccio/streams\\">@verdaccio/streams</a><span>, </span></li><li class=\\"dependency-item\\" title=\\"Depend on version: ^1.1.1\\"><a href=\\"http://localhost/#/detail/JSONStream\\">JSONStream</a><span>, </span></li><li class=\\"dependency-item\\" title=\\"Depend on version: ^1.1.2\\"><a href=\\"http://localhost/#/detail/apache-md5\\">apache-md5</a><span>, </span></li><li class=\\"dependency-item\\" title=\\"Depend on version: ^2.0.1\\"><a href=\\"http://localhost/#/detail/async\\">async</a><span>, </span></li><li class=\\"dependency-item\\" title=\\"Depend on version: ^1.15.0\\"><a href=\\"http://localhost/#/detail/body-parser\\">body-parser</a><span>, </span></li><li class=\\"dependency-item\\" title=\\"Depend on version: ^1.8.0\\"><a href=\\"http://localhost/#/detail/bunyan\\">bunyan</a><span>, </span></li><li class=\\"dependency-item\\" title=\\"Depend on version: ^2.0.1\\"><a href=\\"http://localhost/#/detail/chalk\\">chalk</a><span>, </span></li><li class=\\"dependency-item\\" title=\\"Depend on version: ^2.11.0\\"><a href=\\"http://localhost/#/detail/commander\\">commander</a><span>, </span></li><li class=\\"dependency-item\\" title=\\"Depend on version: 1.6.2\\"><a href=\\"http://localhost/#/detail/compression\\">compression</a><span>, </span></li><li class=\\"dependency-item\\" title=\\"Depend on version: ^0.7.0\\"><a href=\\"http://localhost/#/detail/cookies\\">cookies</a><span>, </span></li><li class=\\"dependency-item\\" title=\\"Depend on version: ^2.8.3\\"><a href=\\"http://localhost/#/detail/cors\\">cors</a><span>, </span></li><li class=\\"dependency-item\\" title=\\"Depend on version: 4.15.3\\"><a href=\\"http://localhost/#/detail/express\\">express</a><span>, </span></li><li class=\\"dependency-item\\" title=\\"Depend on version: ^4.3.2\\"><a href=\\"http://localhost/#/detail/global\\">global</a><span>, </span></li><li class=\\"dependency-item\\" title=\\"Depend on version: 4.0.5\\"><a href=\\"http://localhost/#/detail/handlebars\\">handlebars</a><span>, </span></li><li class=\\"dependency-item\\" title=\\"Depend on version: ^1.4.0\\"><a href=\\"http://localhost/#/detail/http-errors\\">http-errors</a><span>, </span></li><li class=\\"dependency-item\\" title=\\"Depend on version: 1.0.1\\"><a href=\\"http://localhost/#/detail/js-string-escape\\">js-string-escape</a><span>, </span></li><li class=\\"dependency-item\\" title=\\"Depend on version: ^3.6.0\\"><a href=\\"http://localhost/#/detail/js-yaml\\">js-yaml</a><span>, </span></li><li class=\\"dependency-item\\" title=\\"Depend on version: ^7.4.1\\"><a href=\\"http://localhost/#/detail/jsonwebtoken\\">jsonwebtoken</a><span>, </span></li><li class=\\"dependency-item\\" title=\\"Depend on version: ^1.0.1\\"><a href=\\"http://localhost/#/detail/lockfile\\">lockfile</a><span>, </span></li><li class=\\"dependency-item\\" title=\\"Depend on version: 4.17.4\\"><a href=\\"http://localhost/#/detail/lodash\\">lodash</a><span>, </span></li><li class=\\"dependency-item\\" title=\\"Depend on version: ^0.7.0\\"><a href=\\"http://localhost/#/detail/lunr\\">lunr</a><span>, </span></li><li class=\\"dependency-item\\" title=\\"Depend on version: 0.3.6\\"><a href=\\"http://localhost/#/detail/marked\\">marked</a><span>, </span></li><li class=\\"dependency-item\\" title=\\"Depend on version: ^1.3.6\\"><a href=\\"http://localhost/#/detail/mime\\">mime</a><span>, </span></li><li class=\\"dependency-item\\" title=\\"Depend on version: ^3.0.2\\"><a href=\\"http://localhost/#/detail/minimatch\\">minimatch</a><span>, </span></li><li class=\\"dependency-item\\" title=\\"Depend on version: ^0.5.1\\"><a href=\\"http://localhost/#/detail/mkdirp\\">mkdirp</a><span>, </span></li><li class=\\"dependency-item\\" title=\\"Depend on version: ^0.4.0\\"><a href=\\"http://localhost/#/detail/pkginfo\\">pkginfo</a><span>, </span></li><li class=\\"dependency-item\\" title=\\"Depend on version: ^2.72.0\\"><a href=\\"http://localhost/#/detail/request\\">request</a><span>, </span></li><li class=\\"dependency-item\\" title=\\"Depend on version: ^5.1.0\\"><a href=\\"http://localhost/#/detail/semver\\">semver</a><span>, </span></li><li class=\\"dependency-item\\" title=\\"Depend on version: ^1.0.0\\"><a href=\\"http://localhost/#/detail/unix-crypt-td-js\\">unix-crypt-td-js</a></li></ul></div></div>"`;
exports[`<PackageSidebar /> : <Dependencies /> should load the package without dependencies 1`] = `"<div class=\\"module dependenciesModule\\"><h2 class=\\"moduleTitle\\">Dependencies</h2><div><p class=\\"emptyPlaceholder\\">Zero Dependencies!</p></div></div>"`;
exports[`<PackageSidebar /> : <Dependencies /> should permit overriding title 1`] = `"<div class=\\"module dependenciesModule\\"><h2 class=\\"moduleTitle\\">Package dependencies</h2><div><p class=\\"emptyPlaceholder\\">Zero Dependencies!</p></div></div>"`;

View file

@ -0,0 +1,5 @@
// Jest Snapshot v1, https://goo.gl/fbAQLP
exports[`<PackageSidebar /> : <PeerDependencies /> should load dependencies 1`] = `"<div class=\\"module dependenciesModule\\"><h2 class=\\"moduleTitle\\">Peer Dependencies</h2><div><ul><li class=\\"dependency-item\\" title=\\"Depend on version: 0.0.3\\"><a href=\\"http://localhost/#/detail/@verdaccio/file-locking\\">@verdaccio/file-locking</a><span>,&nbsp;</span></li><li class=\\"dependency-item\\" title=\\"Depend on version: 0.0.2\\"><a href=\\"http://localhost/#/detail/@verdaccio/streams\\">@verdaccio/streams</a><span>,&nbsp;</span></li><li class=\\"dependency-item\\" title=\\"Depend on version: ^1.1.1\\"><a href=\\"http://localhost/#/detail/JSONStream\\">JSONStream</a><span>,&nbsp;</span></li><li class=\\"dependency-item\\" title=\\"Depend on version: ^1.1.2\\"><a href=\\"http://localhost/#/detail/apache-md5\\">apache-md5</a><span>,&nbsp;</span></li><li class=\\"dependency-item\\" title=\\"Depend on version: ^2.0.1\\"><a href=\\"http://localhost/#/detail/async\\">async</a><span>,&nbsp;</span></li><li class=\\"dependency-item\\" title=\\"Depend on version: ^1.15.0\\"><a href=\\"http://localhost/#/detail/body-parser\\">body-parser</a><span>,&nbsp;</span></li><li class=\\"dependency-item\\" title=\\"Depend on version: ^1.8.0\\"><a href=\\"http://localhost/#/detail/bunyan\\">bunyan</a><span>,&nbsp;</span></li><li class=\\"dependency-item\\" title=\\"Depend on version: ^2.0.1\\"><a href=\\"http://localhost/#/detail/chalk\\">chalk</a><span>,&nbsp;</span></li><li class=\\"dependency-item\\" title=\\"Depend on version: ^2.11.0\\"><a href=\\"http://localhost/#/detail/commander\\">commander</a><span>,&nbsp;</span></li><li class=\\"dependency-item\\" title=\\"Depend on version: 1.6.2\\"><a href=\\"http://localhost/#/detail/compression\\">compression</a><span>,&nbsp;</span></li><li class=\\"dependency-item\\" title=\\"Depend on version: ^0.7.0\\"><a href=\\"http://localhost/#/detail/cookies\\">cookies</a><span>,&nbsp;</span></li><li class=\\"dependency-item\\" title=\\"Depend on version: ^2.8.3\\"><a href=\\"http://localhost/#/detail/cors\\">cors</a><span>,&nbsp;</span></li><li class=\\"dependency-item\\" title=\\"Depend on version: 4.15.3\\"><a href=\\"http://localhost/#/detail/express\\">express</a><span>,&nbsp;</span></li><li class=\\"dependency-item\\" title=\\"Depend on version: ^4.3.2\\"><a href=\\"http://localhost/#/detail/global\\">global</a><span>,&nbsp;</span></li><li class=\\"dependency-item\\" title=\\"Depend on version: 4.0.5\\"><a href=\\"http://localhost/#/detail/handlebars\\">handlebars</a><span>,&nbsp;</span></li><li class=\\"dependency-item\\" title=\\"Depend on version: ^1.4.0\\"><a href=\\"http://localhost/#/detail/http-errors\\">http-errors</a><span>,&nbsp;</span></li><li class=\\"dependency-item\\" title=\\"Depend on version: 1.0.1\\"><a href=\\"http://localhost/#/detail/js-string-escape\\">js-string-escape</a><span>,&nbsp;</span></li><li class=\\"dependency-item\\" title=\\"Depend on version: ^3.6.0\\"><a href=\\"http://localhost/#/detail/js-yaml\\">js-yaml</a><span>,&nbsp;</span></li><li class=\\"dependency-item\\" title=\\"Depend on version: ^7.4.1\\"><a href=\\"http://localhost/#/detail/jsonwebtoken\\">jsonwebtoken</a><span>,&nbsp;</span></li><li class=\\"dependency-item\\" title=\\"Depend on version: ^1.0.1\\"><a href=\\"http://localhost/#/detail/lockfile\\">lockfile</a><span>,&nbsp;</span></li><li class=\\"dependency-item\\" title=\\"Depend on version: 4.17.4\\"><a href=\\"http://localhost/#/detail/lodash\\">lodash</a><span>,&nbsp;</span></li><li class=\\"dependency-item\\" title=\\"Depend on version: ^0.7.0\\"><a href=\\"http://localhost/#/detail/lunr\\">lunr</a><span>,&nbsp;</span></li><li class=\\"dependency-item\\" title=\\"Depend on version: 0.3.6\\"><a href=\\"http://localhost/#/detail/marked\\">marked</a><span>,&nbsp;</span></li><li class=\\"dependency-item\\" title=\\"Depend on version: ^1.3.6\\"><a href=\\"http://localhost/#/detail/mime\\">mime</a><span>,&nbsp;</span></li><li class=\\"dependency-item\\" title=\\"Depend on version: ^3.0.2\\"><a href=\\"http://localhost/#/detail/minimatch\\">minimatch</a><span>,&nbsp;</span></li><li class=\\"dependency-item\\" title=\\"Depend on version: ^0.5.1\\"><a href=\\"http://localhost/#/detail/mkdirp\\">mkdirp</a><span>,&nbsp;</span></li><li class=\\"dependency-item\\" title=\\"Depend on version: ^0.4.0\\"><a href=\\"http://localhost/#/detail/pkginfo\\">pkginfo</a><span>,&nbsp;</span></li><li class=\\"dependency-item\\" title=\\"Depend on version: ^2.72.0\\"><a href=\\"http://localhost/#/detail/request\\">request</a><span>,&nbsp;</span></li><li class=\\"dependency-item\\" title=\\"Depend on version: ^5.1.0\\"><a href=\\"http://localhost/#/detail/semver\\">semver</a><span>,&nbsp;</span></li><li class=\\"dependency-item\\" title=\\"Depend on version: ^1.0.0\\"><a href=\\"http://localhost/#/detail/unix-crypt-td-js\\">unix-crypt-td-js</a></li></ul></div></div>"`;
exports[`<PackageSidebar /> : <PeerDependencies /> should load the package without dependencies 1`] = `"<div class=\\"module dependenciesModule\\"><h2 class=\\"moduleTitle\\">Peer Dependencies</h2><div><p class=\\"emptyPlaceholder\\">Zero Dependencies!</p></div></div>"`;

View file

@ -3,7 +3,7 @@
*/
import React from 'react';
import { shallow } from 'enzyme';
import { mount, shallow } from 'enzyme';
import Dependencies, {
NO_DEPENDENCIES,
DEP_ITEM_CLASS
@ -57,4 +57,11 @@ describe('<PackageSidebar /> : <Dependencies />', () => {
expect(wrapper.find(ModuleContentPlaceholder).props().text).toBe(NO_DEPENDENCIES);
expect(wrapper.html()).toMatchSnapshot();
});
test('should permit overriding title', () => {
const wrapper = mount(<Dependencies title='Package dependencies' />);
expect(wrapper.find('h2').text()).toEqual('Package dependencies');
expect(wrapper.html()).toMatchSnapshot();
});
});

View file

@ -0,0 +1,64 @@
/**
* Dependencies component
*/
import React from 'react';
import { mount } from 'enzyme';
import {
NO_DEPENDENCIES,
DEP_ITEM_CLASS
} from '../../../../../src/webui/components/PackageSidebar/modules/Dependencies/index';
import PeerDependencies, {
TITLE
} from '../../../../../src/webui/components/PackageSidebar/modules/PeerDependencies/index';
import ModuleContentPlaceholder from '../../../../../src/webui/components/PackageSidebar/ModuleContentPlaceholder';
describe('<PackageSidebar /> : <PeerDependencies />', () => {
test('should load dependencies', () => {
const peerDependencies = {
'@verdaccio/file-locking': '0.0.3',
'@verdaccio/streams': '0.0.2',
JSONStream: '^1.1.1',
'apache-md5': '^1.1.2',
async: '^2.0.1',
'body-parser': '^1.15.0',
bunyan: '^1.8.0',
chalk: '^2.0.1',
commander: '^2.11.0',
compression: '1.6.2',
cookies: '^0.7.0',
cors: '^2.8.3',
express: '4.15.3',
global: '^4.3.2',
handlebars: '4.0.5',
'http-errors': '^1.4.0',
'js-string-escape': '1.0.1',
'js-yaml': '^3.6.0',
jsonwebtoken: '^7.4.1',
lockfile: '^1.0.1',
lodash: '4.17.4',
lunr: '^0.7.0',
marked: '0.3.6',
mime: '^1.3.6',
minimatch: '^3.0.2',
mkdirp: '^0.5.1',
pkginfo: '^0.4.0',
request: '^2.72.0',
semver: '^5.1.0',
'unix-crypt-td-js': '^1.0.0'
};
const wrapper = mount(<PeerDependencies dependencies={peerDependencies} />);
expect(wrapper.find('h2').text()).toEqual(TITLE);
expect(wrapper.find(`.${DEP_ITEM_CLASS}`)).toHaveLength(Object.keys(peerDependencies).length);
expect(wrapper.html()).toMatchSnapshot();
});
test('should load the package without dependencies', () => {
const wrapper = mount(<PeerDependencies />);
expect(wrapper.find(ModuleContentPlaceholder).props().text).toBe(NO_DEPENDENCIES);
expect(wrapper.html()).toMatchSnapshot();
});
});