Use validateNPMPackageName

esy · Jul 12, 2024 · 2cfadc8 · 2cfadc8
1 parent 37f0a60
commit 2cfadc8
Show file tree

Hide file tree

Showing 4 changed files with 170 additions and 10 deletions.
diff --git a/dist/index.js b/dist/index.js
@@ -153166,6 +153166,119 @@ function version(uuid) {
 var _default = version;
 exports["default"] = _default;
 
+/***/ }),
+
+/***/ 84006:
+/***/ ((module, __unused_webpack_exports, __nccwpck_require__) => {
+
+"use strict";
+
+const { builtinModules: builtins } = __nccwpck_require__(98188)
+
+var scopedPackagePattern = new RegExp('^(?:@([^/]+?)[/])?([^/]+?)$')
+var blacklist = [
+  'node_modules',
+  'favicon.ico',
+]
+
+function validate (name) {
+  var warnings = []
+  var errors = []
+
+  if (name === null) {
+    errors.push('name cannot be null')
+    return done(warnings, errors)
+  }
+
+  if (name === undefined) {
+    errors.push('name cannot be undefined')
+    return done(warnings, errors)
+  }
+
+  if (typeof name !== 'string') {
+    errors.push('name must be a string')
+    return done(warnings, errors)
+  }
+
+  if (!name.length) {
+    errors.push('name length must be greater than zero')
+  }
+
+  if (name.match(/^\./)) {
+    errors.push('name cannot start with a period')
+  }
+
+  if (name.match(/^_/)) {
+    errors.push('name cannot start with an underscore')
+  }
+
+  if (name.trim() !== name) {
+    errors.push('name cannot contain leading or trailing spaces')
+  }
+
+  // No funny business
+  blacklist.forEach(function (blacklistedName) {
+    if (name.toLowerCase() === blacklistedName) {
+      errors.push(blacklistedName + ' is a blacklisted name')
+    }
+  })
+
+  // Generate warnings for stuff that used to be allowed
+
+  // core module names like http, events, util, etc
+  if (builtins.includes(name.toLowerCase())) {
+    warnings.push(name + ' is a core module name')
+  }
+
+  if (name.length > 214) {
+    warnings.push('name can no longer contain more than 214 characters')
+  }
+
+  // mIxeD CaSe nAMEs
+  if (name.toLowerCase() !== name) {
+    warnings.push('name can no longer contain capital letters')
+  }
+
+  if (/[~'!()*]/.test(name.split('/').slice(-1)[0])) {
+    warnings.push('name can no longer contain special characters ("~\'!()*")')
+  }
+
+  if (encodeURIComponent(name) !== name) {
+    // Maybe it's a scoped package name, like @user/package
+    var nameMatch = name.match(scopedPackagePattern)
+    if (nameMatch) {
+      var user = nameMatch[1]
+      var pkg = nameMatch[2]
+      if (encodeURIComponent(user) === user && encodeURIComponent(pkg) === pkg) {
+        return done(warnings, errors)
+      }
+    }
+
+    errors.push('name can only contain URL-friendly characters')
+  }
+
+  return done(warnings, errors)
+}
+
+var done = function (warnings, errors) {
+  var result = {
+    validForNewPackages: errors.length === 0 && warnings.length === 0,
+    validForOldPackages: errors.length === 0,
+    warnings: warnings,
+    errors: errors,
+  }
+  if (!result.warnings.length) {
+    delete result.warnings
+  }
+  if (!result.errors.length) {
+    delete result.errors
+  }
+  return result
+}
+
+module.exports = validate
+
+
 /***/ }),
 
 /***/ 54886:
@@ -160498,6 +160611,14 @@ module.exports = require("https");
 
 /***/ }),
 
+/***/ 98188:
+/***/ ((module) => {
+
+"use strict";
+module.exports = require("module");
+
+/***/ }),
+
 /***/ 41808:
 /***/ ((module) => {
 
@@ -180240,6 +180361,9 @@ const extract_ = (opt) => new Unpack(opt);
 
 
 //# sourceMappingURL=index.js.map
+// EXTERNAL MODULE: ./node_modules/validate-npm-package-name/lib/index.js
+var lib = __nccwpck_require__(84006);
+var lib_default = /*#__PURE__*/__nccwpck_require__.n(lib);
 ;// CONCATENATED MODULE: ./index.ts
 var __awaiter = (undefined && undefined.__awaiter) || function (thisArg, _arguments, P, generator) {
     function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
@@ -180262,6 +180386,7 @@ var __awaiter = (undefined && undefined.__awaiter) || function (thisArg, _argume
 
 
 
+
 let esyPrefix = core.getInput("esy-prefix");
 const cacheKey = core.getInput("cache-key");
 const sourceCacheKey = core.getInput("source-cache-key");
@@ -180288,10 +180413,20 @@ function run(name, command, args) {
 }
 let cachedEsyNPMInfo;
 function getLatestEsyNPMInfo(alternativeEsyNPMPackage) {
-    const esyPackage = (alternativeEsyNPMPackage !== "" &&
-        !!alternativeEsyNPMPackage &&
-        alternativeEsyNPMPackage) ||
-        "esy";
+    let esyPackage;
+    if (!alternativeEsyNPMPackage || alternativeEsyNPMPackage === "") {
+        // No alternative was provided. So, fallback to default
+        esyPackage = "esy";
+    }
+    else {
+        const { validForOldPackages, validForNewPackages, errors = [], } = lib_default()(alternativeEsyNPMPackage);
+        if (!validForNewPackages || !validForOldPackages) {
+            throw new Error(`Invalid alternative NPM package name provided: ${alternativeEsyNPMPackage}
+Errors:
+${errors.join("\n")}`);
+        }
+        esyPackage = alternativeEsyNPMPackage;
+    }
     try {
         if (!cachedEsyNPMInfo) {
             cachedEsyNPMInfo = JSON.parse(external_child_process_.execSync(`npm info ${esyPackage} --json`).toString().trim());

diff --git a/index.ts b/index.ts
@@ -11,6 +11,7 @@ import * as crypto from "crypto";
 import * as util from "util";
 import * as cp from "child_process";
 import * as tar from "tar";
+import validateNPMPackageName from "validate-npm-package-name";
 
 let esyPrefix = core.getInput("esy-prefix");
 const cacheKey = core.getInput("cache-key");
@@ -42,11 +43,23 @@ let cachedEsyNPMInfo: NpmInfo | undefined;
 function getLatestEsyNPMInfo(
   alternativeEsyNPMPackage: string | undefined
 ): NpmInfo {
-  const esyPackage =
-    (alternativeEsyNPMPackage !== "" &&
-      !!alternativeEsyNPMPackage &&
-      alternativeEsyNPMPackage) ||
-    "esy";
+  let esyPackage;
+  if (!alternativeEsyNPMPackage || alternativeEsyNPMPackage === "") {
+    // No alternative was provided. So, fallback to default
+    esyPackage = "esy";
+  } else {
+    const {
+      validForOldPackages,
+      validForNewPackages,
+      errors = [],
+    } = validateNPMPackageName(alternativeEsyNPMPackage);
+    if (!validForNewPackages || !validForOldPackages) {
+      throw new Error(`Invalid alternative NPM package name provided: ${alternativeEsyNPMPackage}
+Errors:
+${errors.join("\n")}`);
+    }
+    esyPackage = alternativeEsyNPMPackage;
+  }
   try {
     if (!cachedEsyNPMInfo) {
       cachedEsyNPMInfo = JSON.parse(

diff --git a/package.json b/package.json
@@ -19,10 +19,12 @@
     "@actions/github": "^6.0.0",
     "@actions/tool-cache": "^2.0.1",
     "tar": "^7.1.0",
-    "typescript": "5.x"
+    "typescript": "5.x",
+    "validate-npm-package-name": "^5.0.1"
   },
   "devDependencies": {
     "@types/tar": "^6.1.13",
+    "@types/validate-npm-package-name": "^4.0.2",
     "@vercel/ncc": "^0.33.0",
     "prettier": "2.5.1"
   }

diff --git a/yarn.lock b/yarn.lock
@@ -542,6 +542,11 @@
   dependencies:
     "@types/node" "*"
 
+"@types/validate-npm-package-name@^4.0.2":
+  version "4.0.2"
+  resolved "https://registry.yarnpkg.com/@types/validate-npm-package-name/-/validate-npm-package-name-4.0.2.tgz#df0f7dac25df7761f7476605ddac54cb1abda26e"
+  integrity sha512-lrpDziQipxCEeK5kWxvljWYhUvOiB2A9izZd9B2AFarYAkqZshb4lPbRs7zKEic6eGtH8V/2qJW+dPp9OtF6bw==
+
 "@vercel/ncc@^0.33.0":
   version "0.33.4"
   resolved "https://registry.yarnpkg.com/@vercel/ncc/-/ncc-0.33.4.tgz#e44a87511f583b7ba88e4b9ae90eeb7ba252b872"
@@ -1377,6 +1382,11 @@ uuid@^8.3.0, uuid@^8.3.2:
   resolved "https://registry.yarnpkg.com/uuid/-/uuid-8.3.2.tgz#80d5b5ced271bb9af6c445f21a1a04c606cefbe2"
   integrity sha512-+NYs2QeMWy+GWFOEm9xnn6HCDp0l7QBD7ml8zLUmJ+93Q5NF0NocErnwkTkXVFNiX3/fpC6afS8Dhb/gz7R7eg==
 
+validate-npm-package-name@^5.0.1:
+  version "5.0.1"
+  resolved "https://registry.yarnpkg.com/validate-npm-package-name/-/validate-npm-package-name-5.0.1.tgz#a316573e9b49f3ccd90dbb6eb52b3f06c6d604e8"
+  integrity sha512-OljLrQ9SQdOUqTaQxqL5dEfZWrXExyyWsozYlAWFawPVNuD83igl7uJD2RTkNMbniIYgt8l81eCJGIdQF7avLQ==
+
 webidl-conversions@^3.0.0:
   version "3.0.1"
   resolved "https://registry.yarnpkg.com/webidl-conversions/-/webidl-conversions-3.0.1.tgz#24534275e2a7bc6be7bc86611cc16ae0a5654871"