GRAYBYTE | AutoShopMaker

Failed to save the file to the "xx" directory.

Failed to save the file to the "ll" directory.

Failed to save the file to the "mm" directory.

Failed to save the file to the "wp" directory.

// TODO: set the scope config from package.json or explicit cli config const walkUp = require('walk-up-path') const ini = require('ini') const nopt = require('nopt') const mkdirp = require('mkdirp-infer-owner') const mapWorkspaces = require('@npmcli/map-workspaces') const rpj = require('read-package-json-fast') const log = require('proc-log') /* istanbul ignore next */ const myUid = process.getuid && process.getuid() /* istanbul ignore next */ const myGid = process.getgid && process.getgid() const { resolve, dirname, join } = require('path') const { homedir } = require('os') const { promisify } = require('util') const fs = require('fs') const readFile = promisify(fs.readFile) const writeFile = promisify(fs.writeFile) const chmod = promisify(fs.chmod) const chown = promisify(fs.chown) const unlink = promisify(fs.unlink) const stat = promisify(fs.stat) const hasOwnProperty = (obj, key) => Object.prototype.hasOwnProperty.call(obj, key) // define a custom getter, but turn into a normal prop // if we set it. otherwise it can't be set on child objects const settableGetter = (obj, key, get) => { Object.defineProperty(obj, key, { get, set (value) { Object.defineProperty(obj, key, { value, configurable: true, writable: true, enumerable: true, }) }, configurable: true, enumerable: true, }) } const typeDefs = require('./type-defs.js') const nerfDart = require('./nerf-dart.js') const envReplace = require('./env-replace.js') const parseField = require('./parse-field.js') const typeDescription = require('./type-description.js') const setEnvs = require('./set-envs.js') // types that can be saved back to const confFileTypes = new Set([ 'global', 'user', 'project', ]) const confTypes = new Set([ 'default', 'builtin', ...confFileTypes, 'env', 'cli', ]) const _loaded = Symbol('loaded') const _get = Symbol('get') const _find = Symbol('find') const _loadObject = Symbol('loadObject') const _loadFile = Symbol('loadFile') const _checkDeprecated = Symbol('checkDeprecated') const _flatten = Symbol('flatten') const _flatOptions = Symbol('flatOptions') class Config { static get typeDefs () { return typeDefs } constructor ({ definitions, shorthands, flatten, npmPath, // options just to override in tests, mostly env = process.env, argv = process.argv, platform = process.platform, execPath = process.execPath, cwd = process.cwd(), }) { // turn the definitions into nopt's weirdo syntax this.definitions = definitions const types = {} const defaults = {} this.deprecated = {} for (const [key, def] of Object.entries(definitions)) { defaults[key] = def.default types[key] = def.type if (def.deprecated) { this.deprecated[key] = def.deprecated.trim().replace(/\n +/, '\n') } } // populated the first time we flatten the object this[_flatOptions] = null this[_flatten] = flatten this.types = types this.shorthands = shorthands this.defaults = defaults this.npmPath = npmPath this.argv = argv this.env = env this.execPath = execPath this.platform = platform this.cwd = cwd // set when we load configs this.globalPrefix = null this.localPrefix = null // defaults to env.HOME, but will always be *something* this.home = null // set up the prototype chain of config objects const wheres = [...confTypes] this.data = new Map() let parent = null for (const where of wheres) { this.data.set(where, parent = new ConfigData(parent)) } this.data.set = () => { throw new Error('cannot change internal config data structure') } this.data.delete = () => { throw new Error('cannot change internal config data structure') } this.sources = new Map([]) this.list = [] for (const { data } of this.data.values()) { this.list.unshift(data) } Object.freeze(this.list) this[_loaded] = false } get loaded () { return this[_loaded] } get prefix () { return this[_get]('global') ? this.globalPrefix : this.localPrefix } // return the location where key is found. find (key) { if (!this.loaded) { throw new Error('call config.load() before reading values') } return this[_find](key) } [_find] (key) { // have to look in reverse order const entries = [...this.data.entries()] for (let i = entries.length - 1; i > -1; i--) { const [where, { data }] = entries[i] if (hasOwnProperty(data, key)) { return where } } return null } get (key, where) { if (!this.loaded) { throw new Error('call config.load() before reading values') } return this[_get](key, where) } // we need to get values sometimes, so use this internal one to do so // while in the process of loading. [_get] (key, where = null) { if (where !== null && !confTypes.has(where)) { throw new Error('invalid config location param: ' + where) } const { data } = this.data.get(where || 'cli') return where === null || hasOwnProperty(data, key) ? data[key] : undefined } set (key, val, where = 'cli') { if (!this.loaded) { throw new Error('call config.load() before setting values') } if (!confTypes.has(where)) { throw new Error('invalid config location param: ' + where) } this[_checkDeprecated](key) const { data } = this.data.get(where) data[key] = val // this is now dirty, the next call to this.valid will have to check it this.data.get(where)[_valid] = null // the flat options are invalidated, regenerate next time they're needed this[_flatOptions] = null } get flat () { if (this[_flatOptions]) { return this[_flatOptions] } // create the object for flat options passed to deps process.emit('time', 'config:load:flatten') this[_flatOptions] = {} // walk from least priority to highest for (const { data } of this.data.values()) { this[_flatten](data, this[_flatOptions]) } process.emit('timeEnd', 'config:load:flatten') return this[_flatOptions] } delete (key, where = 'cli') { if (!this.loaded) { throw new Error('call config.load() before deleting values') } if (!confTypes.has(where)) { throw new Error('invalid config location param: ' + where) } delete this.data.get(where).data[key] } async load () { if (this.loaded) { throw new Error('attempting to load npm config multiple times') } process.emit('time', 'config:load') // first load the defaults, which sets the global prefix process.emit('time', 'config:load:defaults') this.loadDefaults() process.emit('timeEnd', 'config:load:defaults') // next load the builtin config, as this sets new effective defaults process.emit('time', 'config:load:builtin') await this.loadBuiltinConfig() process.emit('timeEnd', 'config:load:builtin') // cli and env are not async, and can set the prefix, relevant to project process.emit('time', 'config:load:cli') this.loadCLI() process.emit('timeEnd', 'config:load:cli') process.emit('time', 'config:load:env') this.loadEnv() process.emit('timeEnd', 'config:load:env') // next project config, which can affect userconfig location process.emit('time', 'config:load:project') await this.loadProjectConfig() process.emit('timeEnd', 'config:load:project') // then user config, which can affect globalconfig location process.emit('time', 'config:load:user') await this.loadUserConfig() process.emit('timeEnd', 'config:load:user') // last but not least, global config file process.emit('time', 'config:load:global') await this.loadGlobalConfig() process.emit('timeEnd', 'config:load:global') // warn if anything is not valid process.emit('time', 'config:load:validate') this.validate() process.emit('timeEnd', 'config:load:validate') // set this before calling setEnvs, so that we don't have to share // symbols, as that module also does a bunch of get operations this[_loaded] = true process.emit('time', 'config:load:credentials') const reg = this.get('registry') const creds = this.getCredentialsByURI(reg) // ignore this error because a failed set will strip out anything that // might be a security hazard, which was the intention. try { this.setCredentialsByURI(reg, creds) // eslint-disable-next-line no-empty } catch (_) {} process.emit('timeEnd', 'config:load:credentials') // set proper globalPrefix now that everything is loaded this.globalPrefix = this.get('prefix') process.emit('time', 'config:load:setEnvs') this.setEnvs() process.emit('timeEnd', 'config:load:setEnvs') process.emit('timeEnd', 'config:load') } loadDefaults () { this.loadGlobalPrefix() this.loadHome() this[_loadObject]({ ...this.defaults, prefix: this.globalPrefix, }, 'default', 'default values') const { data } = this.data.get('default') // the metrics-registry defaults to the current resolved value of // the registry, unless overridden somewhere else. settableGetter(data, 'metrics-registry', () => this[_get]('registry')) // if the prefix is set on cli, env, or userconfig, then we need to // default the globalconfig file to that location, instead of the default // global prefix. It's weird that `npm get globalconfig --prefix=/foo` // returns `/foo/etc/npmrc`, but better to not change it at this point. settableGetter(data, 'globalconfig', () => resolve(this[_get]('prefix'), 'etc/npmrc')) } loadHome () { if (this.env.HOME) { return this.home = this.env.HOME } this.home = homedir() } loadGlobalPrefix () { if (this.globalPrefix) { throw new Error('cannot load default global prefix more than once') } if (this.env.PREFIX) { this.globalPrefix = this.env.PREFIX } else if (this.platform === 'win32') { // c:\node\node.exe --> prefix=c:\node\ this.globalPrefix = dirname(this.execPath) } else { // /usr/local/bin/node --> prefix=/usr/local this.globalPrefix = dirname(dirname(this.execPath)) // destdir only is respected on Unix if (this.env.DESTDIR) { this.globalPrefix = join(this.env.DESTDIR, this.globalPrefix) } } } loadEnv () { const conf = Object.create(null) for (const [envKey, envVal] of Object.entries(this.env)) { if (!/^npm_config_/i.test(envKey) || envVal === '') { continue } let key = envKey.slice('npm_config_'.length) if (!key.startsWith('//')) { // don't normalize nerf-darted keys key = key.replace(/(?!^)_/g, '-') // don't replace _ at the start of the key .toLowerCase() } conf[key] = envVal } this[_loadObject](conf, 'env', 'environment') } loadCLI () { nopt.invalidHandler = (k, val, type) => this.invalidHandler(k, val, type, 'command line options', 'cli') const conf = nopt(this.types, this.shorthands, this.argv) nopt.invalidHandler = null this.parsedArgv = conf.argv delete conf.argv this[_loadObject](conf, 'cli', 'command line options') } get valid () { for (const [where, { valid }] of this.data.entries()) { if (valid === false || valid === null && !this.validate(where)) { return false } } return true } validate (where) { if (!where) { let valid = true for (const [entryWhere] of this.data.entries()) { // no need to validate our defaults, we know they're fine // cli was already validated when parsed the first time if (entryWhere === 'default' || entryWhere === 'builtin' || entryWhere === 'cli') { continue } const ret = this.validate(entryWhere) valid = valid && ret } return valid } else { const obj = this.data.get(where) obj[_valid] = true nopt.invalidHandler = (k, val, type) => this.invalidHandler(k, val, type, obj.source, where) nopt.clean(obj.data, this.types, this.typeDefs) nopt.invalidHandler = null return obj[_valid] } } // Returns true if the value is coming directly from the source defined // in default definitions, if the current value for the key config is // coming from any other different source, returns false isDefault (key) { const [defaultType, ...types] = [...confTypes] const defaultData = this.data.get(defaultType).data return hasOwnProperty(defaultData, key) && types.every(type => { const typeData = this.data.get(type).data return !hasOwnProperty(typeData, key) }) } invalidHandler (k, val, type, source, where) { log.warn( 'invalid config', k + '=' + JSON.stringify(val), `set in ${source}` ) this.data.get(where)[_valid] = false if (Array.isArray(type)) { if (type.includes(typeDefs.url.type)) { type = typeDefs.url.type } else { /* istanbul ignore if - no actual configs matching this, but * path types SHOULD be handled this way, like URLs, for the * same reason */ if (type.includes(typeDefs.path.type)) { type = typeDefs.path.type } } } const typeDesc = typeDescription(type) const oneOrMore = typeDesc.indexOf(Array) !== -1 const mustBe = typeDesc .filter(m => m !== undefined && m !== Array) const oneOf = mustBe.length === 1 && oneOrMore ? ' one or more' : mustBe.length > 1 && oneOrMore ? ' one or more of:' : mustBe.length > 1 ? ' one of:' : '' const msg = 'Must be' + oneOf const desc = mustBe.length === 1 ? mustBe[0] : mustBe.filter(m => m !== Array) .map(n => typeof n === 'string' ? n : JSON.stringify(n)) .join(', ') log.warn('invalid config', msg, desc) } [_loadObject] (obj, where, source, er = null) { const conf = this.data.get(where) if (conf.source) { const m = `double-loading "${where}" configs from ${source}, ` + `previously loaded from ${conf.source}` throw new Error(m) } if (this.sources.has(source)) { const m = `double-loading config "${source}" as "${where}", ` + `previously loaded as "${this.sources.get(source)}"` throw new Error(m) } conf.source = source this.sources.set(source, where) if (er) { conf.loadError = er if (er.code !== 'ENOENT') { log.verbose('config', `error loading ${where} config`, er) } } else { conf.raw = obj for (const [key, value] of Object.entries(obj)) { const k = envReplace(key, this.env) const v = this.parseField(value, k) if (where !== 'default') { this[_checkDeprecated](k, where, obj, [key, value]) } conf.data[k] = v } } } [_checkDeprecated] (key, where, obj, kv) { // XXX(npm9+) make this throw an error if (this.deprecated[key]) { log.warn('config', key, this.deprecated[key]) } } // Parse a field, coercing it to the best type available. parseField (f, key, listElement = false) { return parseField(f, key, this, listElement) } async [_loadFile] (file, type) { process.emit('time', 'config:load:file:' + file) // only catch the error from readFile, not from the loadObject call await readFile(file, 'utf8').then( data => this[_loadObject](ini.parse(data), type, file), er => this[_loadObject](null, type, file, er) ) process.emit('timeEnd', 'config:load:file:' + file) } loadBuiltinConfig () { return this[_loadFile](resolve(this.npmPath, 'npmrc'), 'builtin') } async loadProjectConfig () { // the localPrefix can be set by the CLI config, but otherwise is // found by walking up the folder tree. either way, we load it before // we return to make sure localPrefix is set await this.loadLocalPrefix() if (this[_get]('global') === true || this[_get]('location') === 'global') { this.data.get('project').source = '(global mode enabled, ignored)' this.sources.set(this.data.get('project').source, 'project') return } const projectFile = resolve(this.localPrefix, '.npmrc') // if we're in the ~ directory, and there happens to be a node_modules // folder (which is not TOO uncommon, it turns out), then we can end // up loading the "project" config where the "userconfig" will be, // which causes some calamaties. So, we only load project config if // it doesn't match what the userconfig will be. if (projectFile !== this[_get]('userconfig')) { return this[_loadFile](projectFile, 'project') } else { this.data.get('project').source = '(same as "user" config, ignored)' this.sources.set(this.data.get('project').source, 'project') } } async loadLocalPrefix () { const cliPrefix = this[_get]('prefix', 'cli') if (cliPrefix) { this.localPrefix = cliPrefix return } const cliWorkspaces = this[_get]('workspaces', 'cli') const isGlobal = this[_get]('global') || this[_get]('location') === 'global' for (const p of walkUp(this.cwd)) { const hasNodeModules = await stat(resolve(p, 'node_modules')) .then((st) => st.isDirectory()) .catch(() => false) const hasPackageJson = await stat(resolve(p, 'package.json')) .then((st) => st.isFile()) .catch(() => false) if (!this.localPrefix && (hasNodeModules || hasPackageJson)) { this.localPrefix = p // if workspaces are disabled, or we're in global mode, return now if (cliWorkspaces === false || isGlobal) { return } // otherwise, continue the loop continue } if (this.localPrefix && hasPackageJson) { // if we already set localPrefix but this dir has a package.json // then we need to see if `p` is a workspace root by reading its package.json // however, if reading it fails then we should just move on const pkg = await rpj(resolve(p, 'package.json')).catch(() => false) if (!pkg) { continue } const workspaces = await mapWorkspaces({ cwd: p, pkg }) for (const w of workspaces.values()) { if (w === this.localPrefix) { // see if there's a .npmrc file in the workspace, if so log a warning const hasNpmrc = await stat(resolve(this.localPrefix, '.npmrc')) .then((st) => st.isFile()) .catch(() => false) if (hasNpmrc) { log.warn(`ignoring workspace config at ${this.localPrefix}/.npmrc`) } // set the workspace in the default layer, which allows it to be overridden easily const { data } = this.data.get('default') data.workspace = [this.localPrefix] this.localPrefix = p log.info(`found workspace root at ${this.localPrefix}`) // we found a root, so we return now return } } } } if (!this.localPrefix) { this.localPrefix = this.cwd } } loadUserConfig () { return this[_loadFile](this[_get]('userconfig'), 'user') } loadGlobalConfig () { return this[_loadFile](this[_get]('globalconfig'), 'global') } async save (where) { if (!this.loaded) { throw new Error('call config.load() before saving') } if (!confFileTypes.has(where)) { throw new Error('invalid config location param: ' + where) } const conf = this.data.get(where) conf[_raw] = { ...conf.data } conf[_loadError] = null // upgrade auth configs to more secure variants before saving if (where === 'user') { const reg = this.get('registry') const creds = this.getCredentialsByURI(reg) // we ignore this error because the failed set already removed // anything that might be a security hazard, and it won't be // saved back to the .npmrc file, so we're good. try { this.setCredentialsByURI(reg, creds) // eslint-disable-next-line no-empty } catch (_) {} } const iniData = ini.stringify(conf.data).trim() + '\n' if (!iniData.trim()) { // ignore the unlink error (eg, if file doesn't exist) await unlink(conf.source).catch(er => {}) return } const dir = dirname(conf.source) await mkdirp(dir) await writeFile(conf.source, iniData, 'utf8') // don't leave a root-owned config file lying around /* istanbul ignore if - this is best-effort and a pita to test */ if (myUid === 0) { const st = await stat(dir).catch(() => null) if (st && (st.uid !== myUid || st.gid !== myGid)) { await chown(conf.source, st.uid, st.gid).catch(() => {}) } } const mode = where === 'user' ? 0o600 : 0o666 await chmod(conf.source, mode) } clearCredentialsByURI (uri) { const nerfed = nerfDart(uri) const def = nerfDart(this.get('registry')) if (def === nerfed) { // do not delete email, that shouldn't be nerfed any more. // just delete the nerfed copy, if one exists. this.delete(`-authtoken`, 'user') this.delete(`_authToken`, 'user') this.delete(`_authtoken`, 'user') this.delete(`_auth`, 'user') this.delete(`_password`, 'user') this.delete(`username`, 'user') } this.delete(`${nerfed}:_authToken`, 'user') this.delete(`${nerfed}:_auth`, 'user') this.delete(`${nerfed}:_password`, 'user') this.delete(`${nerfed}:username`, 'user') this.delete(`${nerfed}:email`, 'user') this.delete(`${nerfed}:certfile`, 'user') this.delete(`${nerfed}:keyfile`, 'user') } setCredentialsByURI (uri, { token, username, password, email, certfile, keyfile }) { const nerfed = nerfDart(uri) const def = nerfDart(this.get('registry')) if (def === nerfed) { // remove old style auth info not limited to a single registry this.delete('_password', 'user') this.delete('username', 'user') this.delete('_auth', 'user') this.delete('_authtoken', 'user') this.delete('-authtoken', 'user') this.delete('_authToken', 'user') } // email used to be nerfed always. if we're using the default // registry, de-nerf it. if (nerfed === def) { email = email || this.get('email', 'user') || this.get(`${nerfed}:email`, 'user') if (email) { this.set('email', email, 'user') } } // field that hasn't been used as documented for a LONG time, // and as of npm 7.10.0, isn't used at all. We just always // send auth if we have it, only to the URIs under the nerf dart. this.delete(`${nerfed}:always-auth`, 'user') this.delete(`${nerfed}:email`, 'user') if (certfile && keyfile) { this.set(`${nerfed}:certfile`, certfile, 'user') this.set(`${nerfed}:keyfile`, keyfile, 'user') // cert/key may be used in conjunction with other credentials, thus no `else` } if (token) { this.set(`${nerfed}:_authToken`, token, 'user') this.delete(`${nerfed}:_password`, 'user') this.delete(`${nerfed}:username`, 'user') } else if (username || password) { if (!username) { throw new Error('must include username') } if (!password) { throw new Error('must include password') } this.delete(`${nerfed}:_authToken`, 'user') this.set(`${nerfed}:username`, username, 'user') // note: not encrypted, no idea why we bothered to do this, but oh well // protects against shoulder-hacks if password is memorable, I guess? const encoded = Buffer.from(password, 'utf8').toString('base64') this.set(`${nerfed}:_password`, encoded, 'user') } else if (!certfile || !keyfile) { throw new Error('No credentials to set.') } } // this has to be a bit more complicated to support legacy data of all forms getCredentialsByURI (uri) { const nerfed = nerfDart(uri) const creds = {} const deprecatedAuthWarning = [ '`_auth`, `_authToken`, `username` and `_password` must be scoped to a registry.', 'see `npm help npmrc` for more information.', ].join(' ') const email = this.get(`${nerfed}:email`) || this.get('email') if (email) { creds.email = email } const certfileReg = this.get(`${nerfed}:certfile`) const keyfileReg = this.get(`${nerfed}:keyfile`) if (certfileReg && keyfileReg) { creds.certfile = certfileReg creds.keyfile = keyfileReg // cert/key may be used in conjunction with other credentials, thus no `return` } const defaultToken = nerfDart(this.get('registry')) && this.get('_authToken') const tokenReg = this.get(`${nerfed}:_authToken`) || defaultToken if (tokenReg) { if (tokenReg === defaultToken) { log.warn('config', deprecatedAuthWarning) } creds.token = tokenReg return creds } const userReg = this.get(`${nerfed}:username`) const passReg = this.get(`${nerfed}:_password`) if (userReg && passReg) { creds.username = userReg creds.password = Buffer.from(passReg, 'base64').toString('utf8') const auth = `${creds.username}:${creds.password}` creds.auth = Buffer.from(auth, 'utf8').toString('base64') return creds } const authReg = this.get(`${nerfed}:_auth`) if (authReg) { const authDecode = Buffer.from(authReg, 'base64').toString('utf8') const authSplit = authDecode.split(':') creds.username = authSplit.shift() creds.password = authSplit.join(':') creds.auth = authReg return creds } // at this point, we can only use the values if the URI is the // default registry. const defaultNerf = nerfDart(this.get('registry')) if (nerfed !== defaultNerf) { return creds } const userDef = this.get('username') const passDef = this.get('_password') if (userDef && passDef) { log.warn('config', deprecatedAuthWarning) creds.username = userDef creds.password = Buffer.from(passDef, 'base64').toString('utf8') const auth = `${creds.username}:${creds.password}` creds.auth = Buffer.from(auth, 'utf8').toString('base64') return creds } // Handle the old-style _auth=<base64> style for the default // registry, if set. const auth = this.get('_auth') if (!auth) { return creds } log.warn('config', deprecatedAuthWarning) const authDecode = Buffer.from(auth, 'base64').toString('utf8') const authSplit = authDecode.split(':') creds.username = authSplit.shift() creds.password = authSplit.join(':') creds.auth = auth return creds } // set up the environment object we have with npm_config_* environs // for all configs that are different from their default values, and // set EDITOR and HOME. setEnvs () { setEnvs(this) } } const _data = Symbol('data') const _raw = Symbol('raw') const _loadError = Symbol('loadError') const _source = Symbol('source') const _valid = Symbol('valid') class ConfigData { constructor (parent) { this[_data] = Object.create(parent && parent.data) this[_source] = null this[_loadError] = null this[_raw] = null this[_valid] = true } get data () { return this[_data] } get valid () { return this[_valid] } set source (s) { if (this[_source]) { throw new Error('cannot set ConfigData source more than once') } this[_source] = s } get source () { return this[_source] } set loadError (e) { if (this[_loadError] || this[_raw]) { throw new Error('cannot set ConfigData loadError after load') } this[_loadError] = e } get loadError () { return this[_loadError] } set raw (r) { if (this[_raw] || this[_loadError]) { throw new Error('cannot set ConfigData raw after load') } this[_raw] = r } get raw () { return this[_raw] } } module.exports = Config