npm · wraithgar · May 8, 2024 · May 8, 2024 · May 8, 2024
@@ -417,7 +417,6 @@ graph LR;
   libnpmversion-->require-inject;
   libnpmversion-->semver;
   libnpmversion-->tap;
-  lru-cache-->yallist;
   make-fetch-happen-->cacache;
   make-fetch-happen-->http-cache-semantics;
   make-fetch-happen-->is-lambda;
@@ -729,7 +728,6 @@ graph LR;
   read-->mute-stream;
   read-package-json-fast-->json-parse-even-better-errors;
   read-package-json-fast-->npm-normalize-package-bin;
-  semver-->lru-cache;
   shebang-command-->shebang-regex;
   sigstore-->sigstore-bundle["@sigstore/bundle"];
   sigstore-->sigstore-core["@sigstore/core"];

@@ -51,7 +51,7 @@
     "json-stringify-safe": "^5.0.1",
     "nock": "^13.3.3",
     "npm-package-arg": "^11.0.2",
-    "pacote": "^18.0.5",
+    "pacote": "^18.0.6",
     "tap": "^16.3.8"
   }
 }
@@ -178,9 +178,6 @@
 !/retry
 !/safer-buffer
 !/semver
-!/semver/node_modules/
-/semver/node_modules/*
-!/semver/node_modules/lru-cache
 !/shebang-command
 !/shebang-regex
 !/signal-exit

@@ -1,12 +1,12 @@
-const Fetcher = require('./fetcher.js')
-const FileFetcher = require('./file.js')
-const { Minipass } = require('minipass')
-const tarCreateOptions = require('./util/tar-create-options.js')
+const { resolve } = require('node:path')
 const packlist = require('npm-packlist')
-const tar = require('tar')
-const { resolve } = require('path')
 const runScript = require('@npmcli/run-script')
+const tar = require('tar')
+const { Minipass } = require('minipass')
+const Fetcher = require('./fetcher.js')
+const FileFetcher = require('./file.js')
 const _ = require('./util/protected.js')
+const tarCreateOptions = require('./util/tar-create-options.js')
 
 class DirFetcher extends Fetcher {
   constructor (spec, opts) {
@@ -27,7 +27,7 @@ class DirFetcher extends Fetcher {
     return ['directory']
   }
 
-  [_.prepareDir] () {
+  #prepareDir () {
     return this.manifest().then(mani => {
       if (!mani.scripts || !mani.scripts.prepare) {
         return
@@ -65,7 +65,7 @@ class DirFetcher extends Fetcher {
 
     // run the prepare script, get the list of files, and tar it up
     // pipe to the stream, and proxy errors the chain.
-    this[_.prepareDir]()
+    this.#prepareDir()
       .then(async () => {
         if (!this.tree) {
           const arb = new this.Arborist({ path: this.resolved })

@@ -3,22 +3,22 @@
 // It handles the unpacking and retry logic that is shared among
 // all of the other Fetcher types.
 
+const { basename, dirname } = require('node:path')
+const { rm, mkdir } = require('node:fs/promises')
+const PackageJson = require('@npmcli/package-json')
+const cacache = require('cacache')
+const fsm = require('fs-minipass')
+const getContents = require('@npmcli/installed-package-contents')
 const npa = require('npm-package-arg')
+const retry = require('promise-retry')
 const ssri = require('ssri')
-const { basename, dirname } = require('path')
 const tar = require('tar')
+const { Minipass } = require('minipass')
 const { log } = require('proc-log')
-const retry = require('promise-retry')
-const fs = require('fs/promises')
-const fsm = require('fs-minipass')
-const cacache = require('cacache')
+const _ = require('./util/protected.js')
+const cacheDir = require('./util/cache-dir.js')
 const isPackageBin = require('./util/is-package-bin.js')
 const removeTrailingSlashes = require('./util/trailing-slashes.js')
-const getContents = require('@npmcli/installed-package-contents')
-const PackageJson = require('@npmcli/package-json')
-const { Minipass } = require('minipass')
-const cacheDir = require('./util/cache-dir.js')
-const _ = require('./util/protected.js')
 
 // Pacote is only concerned with the package.json contents
 const packageJsonPrepare = (p) => PackageJson.prepare(p).then(pkg => pkg.content)
@@ -337,12 +337,12 @@ class FetcherBase {
 
   #empty (path) {
     return getContents({ path, depth: 1 }).then(contents => Promise.all(
-      contents.map(entry => fs.rm(entry, { recursive: true, force: true }))))
+      contents.map(entry => rm(entry, { recursive: true, force: true }))))
   }
 
   async #mkdir (dest) {
     await this.#empty(dest)
-    return await fs.mkdir(dest, { recursive: true })
+    return await mkdir(dest, { recursive: true })
   }
 
   // extraction is always the same.  the only difference is where
@@ -369,7 +369,7 @@ class FetcherBase {
   // don't use this.#mkdir because we don't want to rimraf anything
   async tarballFile (dest) {
     const dir = dirname(dest)
-    await fs.mkdir(dir, { recursive: true })
+    await mkdir(dir, { recursive: true })
     return this.#toFile(dest)
   }
 

@@ -1,7 +1,7 @@
-const fsm = require('fs-minipass')
+const { resolve } = require('node:path')
+const { stat, chmod } = require('node:fs/promises')
 const cacache = require('cacache')
-const { resolve } = require('path')
-const { stat, chmod } = require('fs/promises')
+const fsm = require('fs-minipass')
 const Fetcher = require('./fetcher.js')
 const _ = require('./util/protected.js')
 

@@ -1,16 +1,16 @@
-const Fetcher = require('./fetcher.js')
-const FileFetcher = require('./file.js')
-const RemoteFetcher = require('./remote.js')
-const DirFetcher = require('./dir.js')
+const cacache = require('cacache')
 const git = require('@npmcli/git')
-const pickManifest = require('npm-pick-manifest')
 const npa = require('npm-package-arg')
+const pickManifest = require('npm-pick-manifest')
 const { Minipass } = require('minipass')
-const cacache = require('cacache')
 const { log } = require('proc-log')
-const npm = require('./util/npm.js')
-const addGitSha = require('./util/add-git-sha.js')
+const DirFetcher = require('./dir.js')
+const Fetcher = require('./fetcher.js')
+const FileFetcher = require('./file.js')
+const RemoteFetcher = require('./remote.js')
 const _ = require('./util/protected.js')
+const addGitSha = require('./util/add-git-sha.js')
+const npm = require('./util/npm.js')
 
 const hashre = /^[a-f0-9]{40}$/
 

@@ -1,14 +1,14 @@
-const Fetcher = require('./fetcher.js')
-const RemoteFetcher = require('./remote.js')
-const pacoteVersion = require('../package.json').version
-const removeTrailingSlashes = require('./util/trailing-slashes.js')
+const crypto = require('node:crypto')
 const PackageJson = require('@npmcli/package-json')
 const pickManifest = require('npm-pick-manifest')
 const ssri = require('ssri')
-const crypto = require('crypto')
 const npa = require('npm-package-arg')
 const sigstore = require('sigstore')
 const fetch = require('npm-registry-fetch')
+const Fetcher = require('./fetcher.js')
+const RemoteFetcher = require('./remote.js')
+const pacoteVersion = require('../package.json').version
+const removeTrailingSlashes = require('./util/trailing-slashes.js')
 const _ = require('./util/protected.js')
 
 // Corgis are cute. 🐕🐶
@@ -20,6 +20,7 @@ const fullDoc = 'application/json'
 const MISSING_TIME_CUTOFF = '2015-01-01T00:00:00.000Z'
 
 class RegistryFetcher extends Fetcher {
+  #cacheKey
   constructor (spec, opts) {
     super(spec, opts)
 
@@ -32,8 +33,8 @@ class RegistryFetcher extends Fetcher {
     this.packumentCache = this.opts.packumentCache || null
 
     this.registry = fetch.pickRegistry(spec, opts)
-    this.packumentUrl = removeTrailingSlashes(this.registry) + '/' +
-      this.spec.escapedName
+    this.packumentUrl = `${removeTrailingSlashes(this.registry)}/${this.spec.escapedName}`
+    this.#cacheKey = `${this.fullMetadata ? 'full' : 'corgi'}:${this.packumentUrl}`
 
     const parsed = new URL(this.registry)
     const regKey = `//${parsed.host}${parsed.pathname}`
@@ -78,8 +79,8 @@ class RegistryFetcher extends Fetcher {
     // note this might be either an in-flight promise for a request,
     // or the actual packument, but we never want to make more than
     // one request at a time for the same thing regardless.
-    if (this.packumentCache?.has(this.packumentUrl)) {
-      return this.packumentCache.get(this.packumentUrl)
+    if (this.packumentCache?.has(this.#cacheKey)) {
+      return this.packumentCache.get(this.#cacheKey)
     }
 
     // npm-registry-fetch the packument
@@ -99,10 +100,10 @@ class RegistryFetcher extends Fetcher {
       if (contentLength) {
         packument._contentLength = Number(contentLength)
       }
-      this.packumentCache?.set(this.packumentUrl, packument)
+      this.packumentCache?.set(this.#cacheKey, packument)
       return packument
     } catch (err) {
-      this.packumentCache?.delete(this.packumentUrl)
+      this.packumentCache?.delete(this.#cacheKey)
       if (err.code !== 'E404' || this.fullMetadata) {
         throw err
       }

@@ -1,9 +1,9 @@
-const Fetcher = require('./fetcher.js')
-const FileFetcher = require('./file.js')
-const pacoteVersion = require('../package.json').version
 const fetch = require('npm-registry-fetch')
 const { Minipass } = require('minipass')
+const Fetcher = require('./fetcher.js')
+const FileFetcher = require('./file.js')
 const _ = require('./util/protected.js')
+const pacoteVersion = require('../package.json').version
 
 class RemoteFetcher extends Fetcher {
   constructor (spec, opts) {

@@ -1,10 +1,10 @@
-const os = require('os')
-const { resolve } = require('path')
+const { resolve } = require('node:path')
+const { tmpdir, homedir } = require('node:os')
 
 module.exports = (fakePlatform = false) => {
-  const temp = os.tmpdir()
+  const temp = tmpdir()
   const uidOrPid = process.getuid ? process.getuid() : process.pid
-  const home = os.homedir() || resolve(temp, 'npm-' + uidOrPid)
+  const home = homedir() || resolve(temp, 'npm-' + uidOrPid)
   const platform = fakePlatform || process.platform
   const cacheExtra = platform === 'win32' ? 'npm-cache' : '.npm'
   const cacheRoot = (platform === 'win32' && process.env.LOCALAPPDATA) || home

@@ -1,11 +1,5 @@
-const readPackageJson = Symbol.for('package.Fetcher._readPackageJson')
-const prepareDir = Symbol('_prepareDir')
-const tarballFromResolved = Symbol.for('pacote.Fetcher._tarballFromResolved')
-const cacheFetches = Symbol.for('pacote.Fetcher._cacheFetches')
-
 module.exports = {
-  readPackageJson,
-  prepareDir,
-  tarballFromResolved,
-  cacheFetches,
+  cacheFetches: Symbol.for('pacote.Fetcher._cacheFetches'),
+  readPackageJson: Symbol.for('package.Fetcher._readPackageJson'),
+  tarballFromResolved: Symbol.for('pacote.Fetcher._tarballFromResolved'),
 }
@@ -1,6 +1,6 @@
 {
   "name": "pacote",
-  "version": "18.0.5",
+  "version": "18.0.6",
   "description": "JavaScript package downloader",
   "author": "GitHub Inc.",
   "bin": {

@@ -119,7 +119,11 @@ const main = () => {
       return fail()
     }
   }
-  return success(versions)
+  versions
+    .sort((a, b) => semver[reverse ? 'rcompare' : 'compare'](a, b, options))
+    .map(v => semver.clean(v, options))
+    .map(v => inc ? semver.inc(v, inc, options, identifier, identifierBase) : v)
+    .forEach(v => console.log(v))
 }
 
 const failInc = () => {
@@ -129,19 +133,6 @@ const failInc = () => {
 
 const fail = () => process.exit(1)
 
-const success = () => {
-  const compare = reverse ? 'rcompare' : 'compare'
-  versions.sort((a, b) => {
-    return semver[compare](a, b, options)
-  }).map((v) => {
-    return semver.clean(v, options)
-  }).map((v) => {
-    return inc ? semver.inc(v, inc, options, identifier, identifierBase) : v
-  }).forEach((v, i, _) => {
-    console.log(v)
-  })
-}
-
 const help = () => console.log(
 `SemVer ${version}
 

@@ -198,8 +198,8 @@ class Range {
 
 module.exports = Range
 
-const LRU = require('lru-cache')
-const cache = new LRU({ max: 1000 })
+const LRU = require('../internal/lrucache')
+const cache = new LRU()
 
 const parseOptions = require('../internal/parse-options')
 const Comparator = require('./comparator')
@@ -470,9 +470,10 @@ const replaceGTE0 = (comp, options) => {
 // 1.2 - 3.4.5 => >=1.2.0 <=3.4.5
 // 1.2.3 - 3.4 => >=1.2.0 <3.5.0-0 Any 3.4.x will do
 // 1.2 - 3.4 => >=1.2.0 <3.5.0-0
+// TODO build?
 const hyphenReplace = incPr => ($0,
   from, fM, fm, fp, fpr, fb,
-  to, tM, tm, tp, tpr, tb) => {
+  to, tM, tm, tp, tpr) => {
   if (isX(fM)) {
     from = ''
   } else if (isX(fm)) {

@@ -158,7 +158,7 @@ class SemVer {
     do {
       const a = this.build[i]
       const b = other.build[i]
-      debug('prerelease compare', i, a, b)
+      debug('build compare', i, a, b)
       if (a === undefined && b === undefined) {
         return 0
       } else if (b === undefined) {

@@ -0,0 +1,45 @@
+class LRUCache {
+  constructor () {
+    this.max = 1000
+    this.map = new Map()
+  }
+
+  get (key) {
+    const value = this.map.get(key)
+    if (value === undefined) {
+      return undefined
+    } else {
+      // Remove the key from the map and add it to the end
+      this.map.delete(key)
+      this.map.set(key, value)
+      return value
+    }
+  }
+
+  delete (key) {
+    if (this.map.has(key)) {
+      this.map.delete(key)
+      return true
+    } else {
+      return false
+    }
+  }
+
+  set (key, value) {
+    const deleted = this.delete(key)
+
+    if (!deleted && value !== undefined) {
+      // If cache is full, delete the least recently used item
+      if (this.map.size >= this.max) {
+        const firstKey = this.map.keys().next().value
+        this.delete(firstKey)
+      }
+
+      this.map.set(key, value)
+    }
+
+    return this
+  }
+}
+
+module.exports = LRUCache