diff --git a/dist/index.js b/dist/index.js index be9804a..c8d6ca2 100644 --- a/dist/index.js +++ b/dist/index.js @@ -153166,6 +153166,119 @@ function version(uuid) { var _default = version; exports["default"] = _default; +/***/ }), + +/***/ 84006: +/***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { + +"use strict"; + +const { builtinModules: builtins } = __nccwpck_require__(98188) + +var scopedPackagePattern = new RegExp('^(?:@([^/]+?)[/])?([^/]+?)$') +var blacklist = [ + 'node_modules', + 'favicon.ico', +] + +function validate (name) { + var warnings = [] + var errors = [] + + if (name === null) { + errors.push('name cannot be null') + return done(warnings, errors) + } + + if (name === undefined) { + errors.push('name cannot be undefined') + return done(warnings, errors) + } + + if (typeof name !== 'string') { + errors.push('name must be a string') + return done(warnings, errors) + } + + if (!name.length) { + errors.push('name length must be greater than zero') + } + + if (name.match(/^\./)) { + errors.push('name cannot start with a period') + } + + if (name.match(/^_/)) { + errors.push('name cannot start with an underscore') + } + + if (name.trim() !== name) { + errors.push('name cannot contain leading or trailing spaces') + } + + // No funny business + blacklist.forEach(function (blacklistedName) { + if (name.toLowerCase() === blacklistedName) { + errors.push(blacklistedName + ' is a blacklisted name') + } + }) + + // Generate warnings for stuff that used to be allowed + + // core module names like http, events, util, etc + if (builtins.includes(name.toLowerCase())) { + warnings.push(name + ' is a core module name') + } + + if (name.length > 214) { + warnings.push('name can no longer contain more than 214 characters') + } + + // mIxeD CaSe nAMEs + if (name.toLowerCase() !== name) { + warnings.push('name can no longer contain capital letters') + } + + if (/[~'!()*]/.test(name.split('/').slice(-1)[0])) { + warnings.push('name can no longer contain special characters ("~\'!()*")') + } + + if (encodeURIComponent(name) !== name) { + // Maybe it's a scoped package name, like @user/package + var nameMatch = name.match(scopedPackagePattern) + if (nameMatch) { + var user = nameMatch[1] + var pkg = nameMatch[2] + if (encodeURIComponent(user) === user && encodeURIComponent(pkg) === pkg) { + return done(warnings, errors) + } + } + + errors.push('name can only contain URL-friendly characters') + } + + return done(warnings, errors) +} + +var done = function (warnings, errors) { + var result = { + validForNewPackages: errors.length === 0 && warnings.length === 0, + validForOldPackages: errors.length === 0, + warnings: warnings, + errors: errors, + } + if (!result.warnings.length) { + delete result.warnings + } + if (!result.errors.length) { + delete result.errors + } + return result +} + +module.exports = validate + + /***/ }), /***/ 54886: @@ -160498,6 +160611,14 @@ module.exports = require("https"); /***/ }), +/***/ 98188: +/***/ ((module) => { + +"use strict"; +module.exports = require("module"); + +/***/ }), + /***/ 41808: /***/ ((module) => { @@ -180240,6 +180361,9 @@ const extract_ = (opt) => new Unpack(opt); //# sourceMappingURL=index.js.map +// EXTERNAL MODULE: ./node_modules/validate-npm-package-name/lib/index.js +var lib = __nccwpck_require__(84006); +var lib_default = /*#__PURE__*/__nccwpck_require__.n(lib); ;// CONCATENATED MODULE: ./index.ts var __awaiter = (undefined && undefined.__awaiter) || function (thisArg, _arguments, P, generator) { function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); } @@ -180262,6 +180386,7 @@ var __awaiter = (undefined && undefined.__awaiter) || function (thisArg, _argume + let esyPrefix = core.getInput("esy-prefix"); const cacheKey = core.getInput("cache-key"); const sourceCacheKey = core.getInput("source-cache-key"); @@ -180288,10 +180413,20 @@ function run(name, command, args) { } let cachedEsyNPMInfo; function getLatestEsyNPMInfo(alternativeEsyNPMPackage) { - const esyPackage = (alternativeEsyNPMPackage !== "" && - !!alternativeEsyNPMPackage && - alternativeEsyNPMPackage) || - "esy"; + let esyPackage; + if (!alternativeEsyNPMPackage || alternativeEsyNPMPackage === "") { + // No alternative was provided. So, fallback to default + esyPackage = "esy"; + } + else { + const { validForOldPackages, validForNewPackages, errors = [], } = lib_default()(alternativeEsyNPMPackage); + if (!validForNewPackages || !validForOldPackages) { + throw new Error(`Invalid alternative NPM package name provided: ${alternativeEsyNPMPackage} +Errors: +${errors.join("\n")}`); + } + esyPackage = alternativeEsyNPMPackage; + } try { if (!cachedEsyNPMInfo) { cachedEsyNPMInfo = JSON.parse(external_child_process_.execSync(`npm info ${esyPackage} --json`).toString().trim()); diff --git a/index.ts b/index.ts index 4820956..9ee0031 100644 --- a/index.ts +++ b/index.ts @@ -11,6 +11,7 @@ import * as crypto from "crypto"; import * as util from "util"; import * as cp from "child_process"; import * as tar from "tar"; +import validateNPMPackageName from "validate-npm-package-name"; let esyPrefix = core.getInput("esy-prefix"); const cacheKey = core.getInput("cache-key"); @@ -42,11 +43,23 @@ let cachedEsyNPMInfo: NpmInfo | undefined; function getLatestEsyNPMInfo( alternativeEsyNPMPackage: string | undefined ): NpmInfo { - const esyPackage = - (alternativeEsyNPMPackage !== "" && - !!alternativeEsyNPMPackage && - alternativeEsyNPMPackage) || - "esy"; + let esyPackage; + if (!alternativeEsyNPMPackage || alternativeEsyNPMPackage === "") { + // No alternative was provided. So, fallback to default + esyPackage = "esy"; + } else { + const { + validForOldPackages, + validForNewPackages, + errors = [], + } = validateNPMPackageName(alternativeEsyNPMPackage); + if (!validForNewPackages || !validForOldPackages) { + throw new Error(`Invalid alternative NPM package name provided: ${alternativeEsyNPMPackage} +Errors: +${errors.join("\n")}`); + } + esyPackage = alternativeEsyNPMPackage; + } try { if (!cachedEsyNPMInfo) { cachedEsyNPMInfo = JSON.parse( diff --git a/package.json b/package.json index 90619d9..5e8001c 100644 --- a/package.json +++ b/package.json @@ -19,10 +19,12 @@ "@actions/github": "^6.0.0", "@actions/tool-cache": "^2.0.1", "tar": "^7.1.0", - "typescript": "5.x" + "typescript": "5.x", + "validate-npm-package-name": "^5.0.1" }, "devDependencies": { "@types/tar": "^6.1.13", + "@types/validate-npm-package-name": "^4.0.2", "@vercel/ncc": "^0.33.0", "prettier": "2.5.1" } diff --git a/yarn.lock b/yarn.lock index eb0d4d3..47236aa 100644 --- a/yarn.lock +++ b/yarn.lock @@ -542,6 +542,11 @@ dependencies: "@types/node" "*" +"@types/validate-npm-package-name@^4.0.2": + version "4.0.2" + resolved "https://registry.yarnpkg.com/@types/validate-npm-package-name/-/validate-npm-package-name-4.0.2.tgz#df0f7dac25df7761f7476605ddac54cb1abda26e" + integrity sha512-lrpDziQipxCEeK5kWxvljWYhUvOiB2A9izZd9B2AFarYAkqZshb4lPbRs7zKEic6eGtH8V/2qJW+dPp9OtF6bw== + "@vercel/ncc@^0.33.0": version "0.33.4" resolved "https://registry.yarnpkg.com/@vercel/ncc/-/ncc-0.33.4.tgz#e44a87511f583b7ba88e4b9ae90eeb7ba252b872" @@ -1377,6 +1382,11 @@ uuid@^8.3.0, uuid@^8.3.2: resolved "https://registry.yarnpkg.com/uuid/-/uuid-8.3.2.tgz#80d5b5ced271bb9af6c445f21a1a04c606cefbe2" integrity sha512-+NYs2QeMWy+GWFOEm9xnn6HCDp0l7QBD7ml8zLUmJ+93Q5NF0NocErnwkTkXVFNiX3/fpC6afS8Dhb/gz7R7eg== +validate-npm-package-name@^5.0.1: + version "5.0.1" + resolved "https://registry.yarnpkg.com/validate-npm-package-name/-/validate-npm-package-name-5.0.1.tgz#a316573e9b49f3ccd90dbb6eb52b3f06c6d604e8" + integrity sha512-OljLrQ9SQdOUqTaQxqL5dEfZWrXExyyWsozYlAWFawPVNuD83igl7uJD2RTkNMbniIYgt8l81eCJGIdQF7avLQ== + webidl-conversions@^3.0.0: version "3.0.1" resolved "https://registry.yarnpkg.com/webidl-conversions/-/webidl-conversions-3.0.1.tgz#24534275e2a7bc6be7bc86611cc16ae0a5654871"