@nodesecure/mama/dist/utils/integrity-hash.js

Manifest Manager

// Import Third-party Dependencies
import hash from "object-hash";
export function packageJSONIntegrityHash(document, options = {}) {
    const { isFromRemoteRegistry = false } = options;
    const { 
    /**
     * Name and version are mandatory properties for workspaces
     */
    name = "", version = "", dependencies = {}, license = "NONE", scripts = {} } = document;
    if (isFromRemoteRegistry) {
        // See https://github.com/npm/cli/issues/5234
        if ("install" in dependencies && dependencies.install === "node-gyp rebuild") {
            delete dependencies.install;
        }
    }
    const object = {
        name,
        version,
        dependencies: document?.optionalDependencies ? { ...dependencies, ...document.optionalDependencies } : dependencies,
        license,
        /**
         * Note: NPM registry automatically add `./node_modules/.bin/` to scripts
         * This artifact do not concern raw scripts in the tarball package.json.
         */
        scripts: removeNodeModulesBin(scripts)
    };
    return {
        object,
        integrity: hash(object)
    };
}
function removeNodeModulesBin(scripts) {
    return Object.fromEntries(Object.entries(scripts).map(([key, value]) => [
        key,
        value.replaceAll("./node_modules/.bin/", "")
    ]));
}
//# sourceMappingURL=integrity-hash.js.map