development/vscode
development/vscode
1
0
Fork 0
mirror of https://github.com/Microsoft/vscode synced 2024-08-28 05:19:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

npm: avoid invalid lookups

Browse source
This commit is contained in:
Martin Aeschlimann 2020-08-24 16:58:29 +02:00
parent a58fa935d7
commit 88664e267a
1 changed files with 20 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

21
extensions/npm/src/features/packageJSONContribution.ts
View file

@ -249,7 +249,27 @@ export class PackageJSONContribution implements IJSONContribution {
return null;
}
private isValidNPMName(name: string): boolean {
// following rules from https://github.com/npm/validate-npm-package-name
if (!name || name.length > 214 || name.match(/^[_.]/)) {
return false;
}
const match = name.match(/^(?:@([^/]+?)[/])?([^/]+?)$/);
if (match) {
const scope = match[1];
if (scope && encodeURIComponent(scope) !== scope) {
return false;
}
const name = match[2];
return encodeURIComponent(name) === name;
}
return true;
}
private async fetchPackageInfo(pack: string): Promise<ViewPackageInfo | undefined> {
if (!this.isValidNPMName(pack)) {
return undefined; // avoid unnecessary lookups
}
let info: ViewPackageInfo | undefined;
if (this.canRunNPM) {
info = await this.npmView(pack);
@ -260,7 +280,6 @@ export class PackageJSONContribution implements IJSONContribution {
return info;
}
private npmView(pack: string): Promise<ViewPackageInfo | undefined> {
return new Promise((resolve, _reject) => {
const command = 'npm view --json ' + pack + ' description dist-tags.latest homepage version';