UNPKG

npm

Version:

a package manager for JavaScript

docs.npmjs.com

npm/cli

108 lines (92 loc) 3.42 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
const { resolve } = require('node:path') const { log, output } = require('proc-log') const npa = require('npm-package-arg') const semver = require('semver') const ArboristWorkspaceCmd = require('../arborist-cmd.js') const checkAllowScripts = require('../utils/check-allow-scripts.js') const resolveAllowScripts = require('../utils/resolve-allow-scripts.js') const strictAllowScriptsPreflight = require('../utils/strict-allow-scripts-preflight.js') class Rebuild extends ArboristWorkspaceCmd { static description = 'Rebuild a package' static name = 'rebuild' static params = [ 'global', 'bin-links', 'foreground-scripts', 'ignore-scripts', 'allow-scripts', 'strict-allow-scripts', 'dangerously-allow-all-scripts', ...super.params, ] static usage = ['[<package-spec>] ...]'] static async completion (opts, npm) { const completion = require('../utils/installed-deep.js') return completion(npm, opts) } async exec (args) { const globalTop = resolve(this.npm.globalDir, '..') const where = this.npm.global ? globalTop : this.npm.prefix const Arborist = require('@npmcli/arborist') const { policy: allowScriptsPolicy } = await resolveAllowScripts(this.npm) const arb = new Arborist({ ...this.npm.flatOptions, path: where, allowScripts: allowScriptsPolicy, // TODO when extending ReifyCmd // workspaces: this.workspaceNames, }) if (args.length) { // get the set of nodes matching the name that we want rebuilt const tree = await arb.loadActual() const specs = args.map(arg => { const spec = npa(arg) if (spec.rawSpec === '*') { return spec } if (spec.type !== 'range' && spec.type !== 'version' && spec.type !== 'directory') { throw new Error('`npm rebuild` only supports SemVer version/range specifiers') } return spec }) const nodes = tree.inventory.filter(node => this.isNode(specs, node)) await strictAllowScriptsPreflight({ arb, npm: this.npm }) await arb.rebuild({ nodes }) } else { await arb.loadActual() await strictAllowScriptsPreflight({ arb, npm: this.npm }) await arb.rebuild() } // Phase 1 advisory: list any packages whose install scripts ran (or // would have run) and are not yet covered by allowScripts. Rebuild // doesn't go through reifyFinish, so the walker is invoked here. const unreviewed = await checkAllowScripts({ arb, npm: this.npm }) if (unreviewed.length > 0) { const count = unreviewed.length const noun = count === 1 ? 'package has' : 'packages have' log.warn( 'rebuild', `${count} ${noun} install scripts not yet covered by allowScripts. ` + 'Run `npm approve-scripts --allow-scripts-pending` to review.' ) } output.standard('rebuilt dependencies successfully') } isNode (specs, node) { return specs.some(spec => { if (spec.type === 'directory') { return node.path === spec.fetchSpec } if (spec.name !== node.name) { return false } if (spec.rawSpec === '' || spec.rawSpec === '*') { return true } const { version } = node.package // TODO: add tests for a package with missing version return semver.satisfies(version, spec.fetchSpec) }) } } module.exports = Rebuild