deps: [email protected]

node_modules/.gitignore

@@ -167,6 +167,12 @@
 !/npm-user-validate
 !/p-map
 !/pacote
+!/pacote/node_modules/
+/pacote/node_modules/*
+!/pacote/node_modules/@npmcli/
+/pacote/node_modules/@npmcli/*
+!/pacote/node_modules/@npmcli/redact
+!/pacote/node_modules/npm-registry-fetch
 !/parse-conflict-json
 !/path-key
 !/path-scurry

node_modules/pacote/node_modules/@npmcli/redact/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2024 npm
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

node_modules/pacote/node_modules/@npmcli/redact/lib/deep-map.js

@@ -0,0 +1,59 @@
+const deepMap = (input, handler = v => v, path = ['$'], seen = new Set([input])) => {
+  if (Array.isArray(input)) {
+    const result = []
+    for (let i = 0; i < input.length; i++) {
+      const element = input[i]
+      const elementPath = [...path, i]
+      if (element instanceof Object) {
+        if (!seen.has(element)) { // avoid getting stuck in circular reference
+          seen.add(element)
+          result.push(deepMap(handler(element, elementPath), handler, elementPath, seen))
+        }
+      } else {
+        result.push(handler(element, elementPath))
+      }
+    }
+    return result
+  }
+
+  if (input === null) {
+    return null
+  } else if (typeof input === 'object' || typeof input === 'function') {
+    const result = {}
+
+    if (input instanceof Error) {
+      // `name` property is not included in `Object.getOwnPropertyNames(error)`
+      result.errorType = input.name
+    }
+
+    for (const propertyName of Object.getOwnPropertyNames(input)) {
+    // skip logging internal properties
+      if (propertyName.startsWith('_')) {
+        continue
+      }
+
+      try {
+        const property = input[propertyName]
+        const propertyPath = [...path, propertyName]
+        if (property instanceof Object) {
+          if (!seen.has(property)) { // avoid getting stuck in circular reference
+            seen.add(property)
+            result[propertyName] = deepMap(
+              handler(property, propertyPath), handler, propertyPath, seen
+            )
+          }
+        } else {
+          result[propertyName] = handler(property, propertyPath)
+        }
+      } catch (err) {
+      // a getter may throw an error
+        result[propertyName] = `[error getting value: ${err.message}]`
+      }
+    }
+    return result
+  }
+
+  return handler(input, path)
+}
+
+module.exports = { deepMap }

node_modules/pacote/node_modules/@npmcli/redact/lib/index.js

@@ -0,0 +1,44 @@
+const matchers = require('./matchers')
+const { redactUrlPassword } = require('./utils')
+
+const REPLACE = '***'
+
+const redact = (value) => {
+  if (typeof value !== 'string' || !value) {
+    return value
+  }
+  return redactUrlPassword(value, REPLACE)
+    .replace(matchers.NPM_SECRET.pattern, `npm_${REPLACE}`)
+    .replace(matchers.UUID.pattern, REPLACE)
+}
+
+// split on \s|= similar to how nopt parses options
+const splitAndRedact = (str) => {
+  // stateful regex, don't move out of this scope
+  const splitChars = /[\s=]/g
+
+  let match = null
+  let result = ''
+  let index = 0
+  while (match = splitChars.exec(str)) {
+    result += redact(str.slice(index, match.index)) + match[0]
+    index = splitChars.lastIndex
+  }
+
+  return result + redact(str.slice(index))
+}
+
+// replaces auth info in an array of arguments or in a strings
+const redactLog = (arg) => {
+  if (typeof arg === 'string') {
+    return splitAndRedact(arg)
+  } else if (Array.isArray(arg)) {
+    return arg.map((a) => typeof a === 'string' ? splitAndRedact(a) : a)
+  }
+  return arg
+}
+
+module.exports = {
+  redact,
+  redactLog,
+}

node_modules/pacote/node_modules/@npmcli/redact/lib/matchers.js

@@ -0,0 +1,81 @@
+const TYPE_REGEX = 'regex'
+const TYPE_URL = 'url'
+const TYPE_PATH = 'path'
+
+const NPM_SECRET = {
+  type: TYPE_REGEX,
+  pattern: /\b(npms?_)[a-zA-Z0-9]{36,48}\b/gi,
+  replacement: `[REDACTED_NPM_SECRET]`,
+}
+
+const AUTH_HEADER = {
+  type: TYPE_REGEX,
+  pattern: /\b(Basic\s+|Bearer\s+)[\w+=\-.]+\b/gi,
+  replacement: `[REDACTED_AUTH_HEADER]`,
+}
+
+const JSON_WEB_TOKEN = {
+  type: TYPE_REGEX,
+  pattern: /\b[A-Za-z0-9-_]{10,}(?!\.\d+\.)\.[A-Za-z0-9-_]{3,}\.[A-Za-z0-9-_]{20,}\b/gi,
+  replacement: `[REDACTED_JSON_WEB_TOKEN]`,
+}
+
+const UUID = {
+  type: TYPE_REGEX,
+  pattern: /\b[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}\b/gi,
+  replacement: `[REDACTED_UUID]`,
+}
+
+const URL_MATCHER = {
+  type: TYPE_REGEX,
+  pattern: /(?:https?|ftp):\/\/[^\s/"$.?#].[^\s"]*/gi,
+  replacement: '[REDACTED_URL]',
+}
+
+const DEEP_HEADER_AUTHORIZATION = {
+  type: TYPE_PATH,
+  predicate: ({ path }) => path.endsWith('.headers.authorization'),
+  replacement: '[REDACTED_HEADER_AUTHORIZATION]',
+}
+
+const DEEP_HEADER_SET_COOKIE = {
+  type: TYPE_PATH,
+  predicate: ({ path }) => path.endsWith('.headers.set-cookie'),
+  replacement: '[REDACTED_HEADER_SET_COOKIE]',
+}
+
+const REWRITE_REQUEST = {
+  type: TYPE_PATH,
+  predicate: ({ path }) => path.endsWith('.request'),
+  replacement: (input) => ({
+    method: input?.method,
+    path: input?.path,
+    headers: input?.headers,
+    url: input?.url,
+  }),
+}
+
+const REWRITE_RESPONSE = {
+  type: TYPE_PATH,
+  predicate: ({ path }) => path.endsWith('.response'),
+  replacement: (input) => ({
+    data: input?.data,
+    status: input?.status,
+    headers: input?.headers,
+  }),
+}
+
+module.exports = {
+  TYPE_REGEX,
+  TYPE_URL,
+  TYPE_PATH,
+  NPM_SECRET,
+  AUTH_HEADER,
+  JSON_WEB_TOKEN,
+  UUID,
+  URL_MATCHER,
+  DEEP_HEADER_AUTHORIZATION,
+  DEEP_HEADER_SET_COOKIE,
+  REWRITE_REQUEST,
+  REWRITE_RESPONSE,
+}

node_modules/pacote/node_modules/@npmcli/redact/lib/server.js

@@ -0,0 +1,34 @@
+const {
+  AUTH_HEADER,
+  JSON_WEB_TOKEN,
+  NPM_SECRET,
+  DEEP_HEADER_AUTHORIZATION,
+  DEEP_HEADER_SET_COOKIE,
+  REWRITE_REQUEST,
+  REWRITE_RESPONSE,
+} = require('./matchers')
+
+const {
+  redactUrlMatcher,
+  redactUrlPasswordMatcher,
+  redactMatchers,
+} = require('./utils')
+
+const { deepMap } = require('./deep-map')
+
+const _redact = redactMatchers(
+  NPM_SECRET,
+  AUTH_HEADER,
+  JSON_WEB_TOKEN,
+  DEEP_HEADER_AUTHORIZATION,
+  DEEP_HEADER_SET_COOKIE,
+  REWRITE_REQUEST,
+  REWRITE_RESPONSE,
+  redactUrlMatcher(
+    redactUrlPasswordMatcher()
+  )
+)
+
+const redact = (input) => deepMap(input, (value, path) => _redact(value, { path }))
+
+module.exports = { redact }