Skip to content

Commit 6f229f7

Browse files
committed
fix: sanitize and normalize package bin field
1 parent 4e40288 commit 6f229f7

File tree

5 files changed

+12
-36
lines changed

5 files changed

+12
-36
lines changed

lib/fetchers/directory.js

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -9,6 +9,7 @@ const readJson = require('../util/read-json')
99
const path = require('path')
1010
const pipe = BB.promisify(require('mississippi').pipe)
1111
const through = require('mississippi').through
12+
const normalizePackageBin = require('npm-normalize-package-bin')
1213

1314
const readFileAsync = BB.promisify(require('fs').readFile)
1415

@@ -63,7 +64,7 @@ Fetcher.impl(fetchDirectory, {
6364
} else {
6465
return pkg
6566
}
66-
})
67+
}).then(pkg => normalizePackageBin(pkg))
6768
},
6869

6970
// As of npm@5, the npm installer doesn't pack + install directories: it just

lib/finalize-manifest.js

Lines changed: 3 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -14,6 +14,7 @@ const pipe = BB.promisify(require('mississippi').pipe)
1414
const ssri = require('ssri')
1515
const tar = require('tar')
1616
const readJson = require('./util/read-json')
17+
const normalizePackageBin = require('npm-normalize-package-bin')
1718

1819
// `finalizeManifest` takes as input the various kinds of manifests that
1920
// manifest handlers ('lib/fetchers/*.js#manifest()') return, and makes sure
@@ -105,17 +106,8 @@ function Manifest (pkg, fromTarball, fullMetadata) {
105106
this._shrinkwrap = pkg._shrinkwrap || fromTarball._shrinkwrap || null
106107
this.bin = pkg.bin || fromTarball.bin || null
107108

108-
if (this.bin && Array.isArray(this.bin)) {
109-
// Code yanked from read-package-json.
110-
const m = (pkg.directories && pkg.directories.bin) || '.'
111-
this.bin = this.bin.reduce((acc, mf) => {
112-
if (mf && mf.charAt(0) !== '.') {
113-
const f = path.basename(mf)
114-
acc[f] = path.join(m, mf)
115-
}
116-
return acc
117-
}, {})
118-
}
109+
// turn arrays and strings into a legit object, strip out bad stuff
110+
normalizePackageBin(this)
119111

120112
this._id = null
121113

package-lock.json

Lines changed: 5 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

package.json

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -58,6 +58,7 @@
5858
"mississippi": "^3.0.0",
5959
"mkdirp": "^0.5.1",
6060
"normalize-package-data": "^2.4.0",
61+
"npm-normalize-package-bin": "^1.0.0",
6162
"npm-package-arg": "^6.1.0",
6263
"npm-packlist": "^1.1.12",
6364
"npm-pick-manifest": "^3.0.0",

test/finalize-manifest.js

Lines changed: 1 addition & 24 deletions
Original file line numberDiff line numberDiff line change
@@ -62,7 +62,7 @@ test('returns a manifest with the right fields', t => {
6262
peerDependencies: {},
6363
peerDependenciesMeta: {},
6464
bin: {
65-
testing: './foo.js'
65+
testing: 'foo.js'
6666
},
6767
_shasum: 'deadbeef1',
6868
_resolved: 'resolved.to.this',
@@ -96,7 +96,6 @@ test('defaults all field to expected types + values', t => {
9696
bundleDependencies: false, // because npm does boolean checks on this
9797
peerDependencies: {},
9898
peerDependenciesMeta: {},
99-
bin: null,
10099
_resolved: base._resolved,
101100
_integrity: base._integrity,
102101
_shasum: base._shasum,
@@ -212,28 +211,6 @@ test('fills in `bin` if `directories.bin` string', t => {
212211
})
213212
})
214213

215-
test('fills in `bin` if original was an array', t => {
216-
const tarballPath = 'testing/tarball-1.2.3.tgz'
217-
const base = {
218-
name: 'testing',
219-
version: '1.2.3',
220-
bin: ['my/bin1', 'bin2.js'],
221-
directories: {
222-
bin: 'foo'
223-
},
224-
_integrity: 'sha1-deadbeefc0ffeebad1dea',
225-
_shasum: '75e69d6de79f7347df79e6da77575e',
226-
_resolved: OPTS.registry + tarballPath,
227-
_hasShrinkwrap: false
228-
}
229-
return finalizeManifest(base, npa(base.name), OPTS).then(manifest => {
230-
t.deepEqual(manifest.bin, {
231-
'bin1': path.join('foo', 'my', 'bin1'),
232-
'bin2.js': path.join('foo', 'bin2.js')
233-
}, 'bins successfully calculated')
234-
})
235-
})
236-
237214
test('uses package.json as base if passed null', t => {
238215
const tarballPath = 'testing/tarball-1.2.3.tgz'
239216
const base = {

0 commit comments

Comments
 (0)