diff --git a/node_modules/pacote/CHANGELOG.md b/node_modules/pacote/CHANGELOG.md
index 6896c4739ce53..722a9fa168876 100644
--- a/node_modules/pacote/CHANGELOG.md
+++ b/node_modules/pacote/CHANGELOG.md
@@ -2,6 +2,26 @@
All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
+
+## [9.5.11](https://github.com/npm/pacote/compare/v9.5.10...v9.5.11) (2019-12-09)
+
+
+### Bug Fixes
+
+* sanitize and normalize package bin field ([6f229f7](https://github.com/npm/pacote/commit/6f229f7))
+
+
+
+
+## [9.5.10](https://github.com/npm/pacote/compare/v9.5.9...v9.5.10) (2019-12-04)
+
+
+### Bug Fixes
+
+* Do not drop perms in git when not root ([5f33040](https://github.com/npm/pacote/commit/5f33040)), closes [#23](https://github.com/npm/pacote/issues/23)
+
+
+
## [9.5.9](https://github.com/npm/pacote/compare/v9.5.8...v9.5.9) (2019-10-29)
diff --git a/node_modules/pacote/lib/fetchers/directory.js b/node_modules/pacote/lib/fetchers/directory.js
index 3d4ec24c83f27..fc9c46cd3b7e9 100644
--- a/node_modules/pacote/lib/fetchers/directory.js
+++ b/node_modules/pacote/lib/fetchers/directory.js
@@ -9,6 +9,7 @@ const readJson = require('../util/read-json')
const path = require('path')
const pipe = BB.promisify(require('mississippi').pipe)
const through = require('mississippi').through
+const normalizePackageBin = require('npm-normalize-package-bin')
const readFileAsync = BB.promisify(require('fs').readFile)
@@ -63,7 +64,7 @@ Fetcher.impl(fetchDirectory, {
} else {
return pkg
}
- })
+ }).then(pkg => normalizePackageBin(pkg))
},
// As of npm@5, the npm installer doesn't pack + install directories: it just
diff --git a/node_modules/pacote/lib/fetchers/git.js b/node_modules/pacote/lib/fetchers/git.js
index 7913be8168791..a1579d1f94312 100644
--- a/node_modules/pacote/lib/fetchers/git.js
+++ b/node_modules/pacote/lib/fetchers/git.js
@@ -166,7 +166,7 @@ function withTmp (opts, cb) {
}
}
-// Only certain whitelisted hosted gits support shallow cloning
+// Only certain whitelisted hosted gits support shadow cloning
const SHALLOW_HOSTS = new Set(['github', 'gist', 'gitlab', 'bitbucket'])
function cloneRepo (spec, repo, resolvedRef, rawRef, tmp, opts) {
const ref = resolvedRef ? resolvedRef.ref : rawRef
diff --git a/node_modules/pacote/lib/finalize-manifest.js b/node_modules/pacote/lib/finalize-manifest.js
index d1d0f4e563eed..80b9cda73b6ee 100644
--- a/node_modules/pacote/lib/finalize-manifest.js
+++ b/node_modules/pacote/lib/finalize-manifest.js
@@ -14,6 +14,7 @@ const pipe = BB.promisify(require('mississippi').pipe)
const ssri = require('ssri')
const tar = require('tar')
const readJson = require('./util/read-json')
+const normalizePackageBin = require('npm-normalize-package-bin')
// `finalizeManifest` takes as input the various kinds of manifests that
// manifest handlers ('lib/fetchers/*.js#manifest()') return, and makes sure
@@ -105,17 +106,8 @@ function Manifest (pkg, fromTarball, fullMetadata) {
this._shrinkwrap = pkg._shrinkwrap || fromTarball._shrinkwrap || null
this.bin = pkg.bin || fromTarball.bin || null
- if (this.bin && Array.isArray(this.bin)) {
- // Code yanked from read-package-json.
- const m = (pkg.directories && pkg.directories.bin) || '.'
- this.bin = this.bin.reduce((acc, mf) => {
- if (mf && mf.charAt(0) !== '.') {
- const f = path.basename(mf)
- acc[f] = path.join(m, mf)
- }
- return acc
- }, {})
- }
+ // turn arrays and strings into a legit object, strip out bad stuff
+ normalizePackageBin(this)
this._id = null
diff --git a/node_modules/pacote/lib/util/git.js b/node_modules/pacote/lib/util/git.js
index 7991833abed0e..d2282bae15eda 100644
--- a/node_modules/pacote/lib/util/git.js
+++ b/node_modules/pacote/lib/util/git.js
@@ -234,14 +234,17 @@ function spawnGit (gitArgs, gitOpts, opts) {
})
}
+module.exports._mkOpts = mkOpts
function mkOpts (_gitOpts, opts) {
const gitOpts = {
env: gitEnv()
}
- if (+opts.uid && !isNaN(opts.uid)) {
+ const isRoot = process.getuid && process.getuid() === 0
+ // don't change child process uid/gid if not root
+ if (+opts.uid && !isNaN(opts.uid) && isRoot) {
gitOpts.uid = +opts.uid
}
- if (+opts.gid && !isNaN(opts.gid)) {
+ if (+opts.gid && !isNaN(opts.gid) && isRoot) {
gitOpts.gid = +opts.gid
}
Object.assign(gitOpts, _gitOpts)
diff --git a/node_modules/pacote/package.json b/node_modules/pacote/package.json
index a60ed75270353..1efb87c5838e6 100644
--- a/node_modules/pacote/package.json
+++ b/node_modules/pacote/package.json
@@ -1,8 +1,8 @@
{
- "_from": "pacote@9.5.9",
- "_id": "pacote@9.5.9",
+ "_from": "pacote@9.5.11",
+ "_id": "pacote@9.5.11",
"_inBundle": false,
- "_integrity": "sha512-S1nYW9ly+3btn3VmwRAk2LG3TEh8mkrFdY+psbnHSk8oPODbZ28uG0Z0d3yI0EpqcpLR6BukoVRf3H4IbGCkPQ==",
+ "_integrity": "sha512-DMDPvFKCjCg6zMS4IfzZyvT57O/bX8XGG00eEoy4K/S4Wj+qiN8KbnmKpsTvfS6OL9r5TAicxMKWbj1yV2Yh4g==",
"_location": "/pacote",
"_phantomChildren": {
"safe-buffer": "5.1.2",
@@ -11,12 +11,12 @@
"_requested": {
"type": "version",
"registry": true,
- "raw": "pacote@9.5.9",
+ "raw": "pacote@9.5.11",
"name": "pacote",
"escapedName": "pacote",
- "rawSpec": "9.5.9",
+ "rawSpec": "9.5.11",
"saveSpec": null,
- "fetchSpec": "9.5.9"
+ "fetchSpec": "9.5.11"
},
"_requiredBy": [
"#USER",
@@ -24,10 +24,10 @@
"/libcipm",
"/libnpm"
],
- "_resolved": "https://registry.npmjs.org/pacote/-/pacote-9.5.9.tgz",
- "_shasum": "fa3a08629c9390b2b99769c55b2cc137e1a24df3",
- "_spec": "pacote@9.5.9",
- "_where": "/Users/ruyadorno/Documents/workspace/cli",
+ "_resolved": "https://registry.npmjs.org/pacote/-/pacote-9.5.11.tgz",
+ "_shasum": "524152077cb392c47b1fbe198aa28f778bef7ee1",
+ "_spec": "pacote@9.5.11",
+ "_where": "/Users/isaacs/dev/npm/cli",
"author": {
"name": "Kat Marchán",
"email": "kzm@sykosomatic.org"
@@ -61,6 +61,7 @@
"mississippi": "^3.0.0",
"mkdirp": "^0.5.1",
"normalize-package-data": "^2.4.0",
+ "npm-normalize-package-bin": "^1.0.0",
"npm-package-arg": "^6.1.0",
"npm-packlist": "^1.1.12",
"npm-pick-manifest": "^3.0.0",
@@ -105,6 +106,9 @@
"license": "MIT",
"main": "index.js",
"name": "pacote",
+ "publishConfig": {
+ "tag": "v9-legacy"
+ },
"repository": {
"type": "git",
"url": "git+https://github.com/npm/pacote.git"
@@ -119,5 +123,5 @@
"update-coc": "weallbehave -o . && git add CODE_OF_CONDUCT.md && git commit -m 'docs(coc): updated CODE_OF_CONDUCT.md'",
"update-contrib": "weallcontribute -o . && git add CONTRIBUTING.md && git commit -m 'docs(contributing): updated CONTRIBUTING.md'"
},
- "version": "9.5.9"
+ "version": "9.5.11"
}
diff --git a/package-lock.json b/package-lock.json
index f0a76b9e0056c..97818c335f984 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -4423,9 +4423,9 @@
}
},
"pacote": {
- "version": "9.5.9",
- "resolved": "https://registry.npmjs.org/pacote/-/pacote-9.5.9.tgz",
- "integrity": "sha512-S1nYW9ly+3btn3VmwRAk2LG3TEh8mkrFdY+psbnHSk8oPODbZ28uG0Z0d3yI0EpqcpLR6BukoVRf3H4IbGCkPQ==",
+ "version": "9.5.11",
+ "resolved": "https://registry.npmjs.org/pacote/-/pacote-9.5.11.tgz",
+ "integrity": "sha512-DMDPvFKCjCg6zMS4IfzZyvT57O/bX8XGG00eEoy4K/S4Wj+qiN8KbnmKpsTvfS6OL9r5TAicxMKWbj1yV2Yh4g==",
"requires": {
"bluebird": "^3.5.3",
"cacache": "^12.0.2",
@@ -4441,6 +4441,7 @@
"mississippi": "^3.0.0",
"mkdirp": "^0.5.1",
"normalize-package-data": "^2.4.0",
+ "npm-normalize-package-bin": "^1.0.0",
"npm-package-arg": "^6.1.0",
"npm-packlist": "^1.1.12",
"npm-pick-manifest": "^3.0.0",
diff --git a/package.json b/package.json
index 7638d0e741d4e..36e3ba6c00eff 100644
--- a/package.json
+++ b/package.json
@@ -110,7 +110,7 @@
"once": "~1.4.0",
"opener": "^1.5.1",
"osenv": "^0.1.5",
- "pacote": "^9.5.9",
+ "pacote": "^9.5.11",
"path-is-inside": "~1.0.2",
"promise-inflight": "~1.0.1",
"qrcode-terminal": "^0.12.0",