opus

node_modules/npm-normalize-package-bin/.github/settings.yml

@@ -0,0 +1,2 @@
+---
+_extends: 'open-source-project-boilerplate'

node_modules/npm-normalize-package-bin/.npmignore

@@ -0,0 +1,24 @@
+# ignore most things, include some others
+/*
+/.*
+
+!bin/
+!lib/
+!docs/
+!package.json
+!package-lock.json
+!README.md
+!CONTRIBUTING.md
+!LICENSE
+!CHANGELOG.md
+!example/
+!scripts/
+!tap-snapshots/
+!test/
+!.github/
+!.travis.yml
+!.gitignore
+!.gitattributes
+!coverage-map.js
+!map.js
+!index.js

node_modules/npm-normalize-package-bin/LICENSE

@@ -0,0 +1,15 @@
+The ISC License
+
+Copyright (c) npm, Inc.
+
+Permission to use, copy, modify, and/or distribute this software for any
+purpose with or without fee is hereby granted, provided that the above
+copyright notice and this permission notice appear in all copies.
+
+THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR
+IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

node_modules/npm-normalize-package-bin/README.md

@@ -0,0 +1,14 @@
+# npm-normalize-package-bin
+
+Turn any flavor of allowable package.json bin into a normalized object.
+
+## API
+
+```js
+const normalize = require('npm-normalize-package-bin')
+const pkg = {name: 'foo', bin: 'bar'}
+console.log(normalize(pkg)) // {name:'foo', bin:{foo: 'bar'}}
+```
+
+Also strips out weird dots and slashes to prevent accidental and/or
+malicious bad behavior when the package is installed.

node_modules/npm-normalize-package-bin/index.js

@@ -0,0 +1,60 @@
+// pass in a manifest with a 'bin' field here, and it'll turn it
+// into a properly santized bin object
+const {join, basename} = require('path')
+
+const normalize = pkg =>
+  !pkg.bin ? removeBin(pkg)
+  : typeof pkg.bin === 'string' ? normalizeString(pkg)
+  : Array.isArray(pkg.bin) ? normalizeArray(pkg)
+  : typeof pkg.bin === 'object' ? normalizeObject(pkg)
+  : removeBin(pkg)
+
+const normalizeString = pkg => {
+  if (!pkg.name)
+    return removeBin(pkg)
+  pkg.bin = { [pkg.name]: pkg.bin }
+  return normalizeObject(pkg)
+}
+
+const normalizeArray = pkg => {
+  pkg.bin = pkg.bin.reduce((acc, k) => {
+    acc[basename(k)] = k
+    return acc
+  }, {})
+  return normalizeObject(pkg)
+}
+
+const removeBin = pkg => {
+  delete pkg.bin
+  return pkg
+}
+
+const normalizeObject = pkg => {
+  const orig = pkg.bin
+  const clean = {}
+  let hasBins = false
+  Object.keys(orig).forEach(binKey => {
+    const base = join('/', basename(binKey.replace(/\\|:/g, '/'))).substr(1)
+
+    if (typeof orig[binKey] !== 'string' || !base)
+      return
+
+    const binTarget = join('/', orig[binKey])
+      .replace(/\\/g, '/').substr(1)
+
+    if (!binTarget)
+      return
+
+    clean[base] = binTarget
+    hasBins = true
+  })
+
+  if (hasBins)
+    pkg.bin = clean
+  else
+    delete pkg.bin
+
+  return pkg
+}
+
+module.exports = normalize

node_modules/npm-normalize-package-bin/package.json

@@ -0,0 +1,58 @@
+{
+  "_from": "npm-normalize-package-bin@^1.0.1",
+  "_id": "npm-normalize-package-bin@1.0.1",
+  "_inBundle": false,
+  "_integrity": "sha512-EPfafl6JL5/rU+ot6P3gRSCpPDW5VmIzX959Ob1+ySFUuuYHWHekXpwdUZcKP5C+DS4GEtdJluwBjnsNDl+fSA==",
+  "_location": "/npm-normalize-package-bin",
+  "_phantomChildren": {},
+  "_requested": {
+    "type": "range",
+    "registry": true,
+    "raw": "npm-normalize-package-bin@^1.0.1",
+    "name": "npm-normalize-package-bin",
+    "escapedName": "npm-normalize-package-bin",
+    "rawSpec": "^1.0.1",
+    "saveSpec": null,
+    "fetchSpec": "^1.0.1"
+  },
+  "_requiredBy": [
+    "/npm-bundled",
+    "/npm-packlist"
+  ],
+  "_resolved": "https://registry.npmjs.org/npm-normalize-package-bin/-/npm-normalize-package-bin-1.0.1.tgz",
+  "_shasum": "6e79a41f23fd235c0623218228da7d9c23b8f6e2",
+  "_spec": "npm-normalize-package-bin@^1.0.1",
+  "_where": "C:\\Users\\matia\\Documents\\GitHub\\Musix-V3\\node_modules\\npm-packlist",
+  "author": {
+    "name": "Isaac Z. Schlueter",
+    "email": "i@izs.me",
+    "url": "https://izs.me"
+  },
+  "bugs": {
+    "url": "https://github.com/npm/npm-normalize-package-bin/issues"
+  },
+  "bundleDependencies": false,
+  "deprecated": false,
+  "description": "Turn any flavor of allowable package.json bin into a normalized object",
+  "devDependencies": {
+    "tap": "^14.10.2"
+  },
+  "homepage": "https://github.com/npm/npm-normalize-package-bin#readme",
+  "license": "ISC",
+  "name": "npm-normalize-package-bin",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/npm/npm-normalize-package-bin.git"
+  },
+  "scripts": {
+    "postpublish": "git push origin --follow-tags",
+    "postversion": "npm publish",
+    "preversion": "npm test",
+    "snap": "tap",
+    "test": "tap"
+  },
+  "tap": {
+    "check-coverage": true
+  },
+  "version": "1.0.1"
+}

node_modules/npm-normalize-package-bin/test/array.js

@@ -0,0 +1,37 @@
+const normalize = require('../')
+const t = require('tap')
+
+t.test('benign array', async t => {
+  const pkg = { name: 'hello', version: 'world', bin: ['./x/y', 'y/z', './a'] }
+  const expect = { name: 'hello', version: 'world', bin: {
+    y: 'x/y',
+    z: 'y/z',
+    a: 'a',
+  } }
+  t.strictSame(normalize(pkg), expect)
+  t.strictSame(normalize(normalize(pkg)), expect, 'double sanitize ok')
+})
+
+t.test('conflicting array', async t => {
+  const pkg = { name: 'hello', version: 'world', bin: ['./x/y', 'z/y', './a'] }
+  const expect = { name: 'hello', version: 'world', bin: {
+    y: 'z/y',
+    a: 'a',
+  } }
+  t.strictSame(normalize(pkg), expect)
+  t.strictSame(normalize(normalize(pkg)), expect, 'double sanitize ok')
+})
+
+t.test('slashy array', async t => {
+  const pkg = { name: 'hello', version: 'world', bin: [ '/etc/passwd' ] }
+  const expect = { name: 'hello', version: 'world', bin: { passwd: 'etc/passwd' } }
+  t.strictSame(normalize(pkg), expect)
+  t.strictSame(normalize(normalize(pkg)), expect, 'double sanitize ok')
+})
+
+t.test('dotty array', async t => {
+  const pkg = { name: 'hello', version: 'world', bin: ['../../../../etc/passwd'] }
+  const expect = { name: 'hello', version: 'world', bin: { passwd: 'etc/passwd' } }
+  t.strictSame(normalize(pkg), expect)
+  t.strictSame(normalize(normalize(pkg)), expect, 'double sanitize ok')
+})

node_modules/npm-normalize-package-bin/test/nobin.js

@@ -0,0 +1,35 @@
+const normalize = require('../')
+const t = require('tap')
+
+// all of these just delete the bins, so expect the same value
+const expect = { name: 'hello', version: 'world' }
+
+t.test('no bin in object', async t => {
+  const pkg = { name: 'hello', version: 'world' }
+  t.strictSame(normalize(pkg), expect)
+  t.strictSame(normalize(normalize(pkg)), expect, 'double sanitize ok')
+})
+
+t.test('empty string bin in object', async t => {
+  const pkg = { name: 'hello', version: 'world', bin: '' }
+  t.strictSame(normalize(pkg), expect)
+  t.strictSame(normalize(normalize(pkg)), expect, 'double sanitize ok')
+})
+
+t.test('false bin in object', async t => {
+  const pkg = { name: 'hello', version: 'world', bin: false }
+  t.strictSame(normalize(pkg), expect)
+  t.strictSame(normalize(normalize(pkg)), expect, 'double sanitize ok')
+})
+
+t.test('null bin in object', async t => {
+  const pkg = { name: 'hello', version: 'world', bin: null }
+  t.strictSame(normalize(pkg), expect)
+  t.strictSame(normalize(normalize(pkg)), expect, 'double sanitize ok')
+})
+
+t.test('number bin', async t => {
+  const pkg = { name: 'hello', version: 'world', bin: 42069 }
+  t.strictSame(normalize(pkg), expect)
+  t.strictSame(normalize(normalize(pkg)), expect, 'double sanitize ok')
+})

node_modules/npm-normalize-package-bin/test/object.js

@@ -0,0 +1,141 @@
+const normalize = require('../')
+const t = require('tap')
+
+t.test('benign object', async t => {
+  // just clean up the ./ in the targets and remove anything weird
+  const pkg = { name: 'hello', version: 'world', bin: {
+    y: './x/y',
+    z: './y/z',
+    a: './a',
+  } }
+  const expect = { name: 'hello', version: 'world', bin: {
+    y: 'x/y',
+    z: 'y/z',
+    a: 'a',
+  } }
+  t.strictSame(normalize(pkg), expect)
+  t.strictSame(normalize(normalize(pkg)), expect, 'double sanitize ok')
+})
+
+t.test('empty and non-string targets', async t => {
+  // just clean up the ./ in the targets and remove anything weird
+  const pkg = { name: 'hello', version: 'world', bin: {
+    z: './././',
+    y: '',
+    './x': 'x.js',
+    re: /asdf/,
+    foo: { bar: 'baz' },
+    false: false,
+    null: null,
+    array: [1,2,3],
+    func: function () {},
+  } }
+  const expect = { name: 'hello', version: 'world', bin: {
+    x: 'x.js',
+  } }
+  t.strictSame(normalize(pkg), expect)
+  t.strictSame(normalize(normalize(pkg)), expect, 'double sanitize ok')
+})
+
+t.test('slashy object', async t => {
+  const pkg = { name: 'hello', version: 'world', bin: {
+    '/path/foo': '/etc/passwd',
+    'bar': '/etc/passwd',
+    '/etc/glorb/baz': '/etc/passwd',
+    '/etc/passwd:/bin/usr/exec': '/etc/passwd',
+  } }
+  const expect = {
+    name: 'hello',
+    version: 'world',
+    bin: {
+      foo: 'etc/passwd',
+      bar: 'etc/passwd',
+      baz: 'etc/passwd',
+      exec: 'etc/passwd',
+    }
+  }
+  t.strictSame(normalize(pkg), expect)
+  t.strictSame(normalize(normalize(pkg)), expect, 'double sanitize ok')
+})
+
+t.test('dotty object', async t => {
+  const pkg = {
+    name: 'hello',
+    version: 'world',
+    bin: {
+      'nodots': '../../../../etc/passwd',
+      '../../../../../../dots': '../../../../etc/passwd',
+      '.././../\\./..//C:\\./': 'this is removed',
+      '.././../\\./..//C:\\/': 'super safe programming language',
+      '.././../\\./..//C:\\x\\y\\z/': 'xyz',
+    } }
+  const expect = { name: 'hello', version: 'world', bin: {
+    nodots: 'etc/passwd',
+    dots: 'etc/passwd',
+    C: 'super safe programming language',
+    z: 'xyz',
+  } }
+  t.strictSame(normalize(pkg), expect)
+  t.strictSame(normalize(normalize(pkg)), expect, 'double sanitize ok')
+})
+
+t.test('weird object', async t => {
+  const pkg = { name: 'hello', version: 'world', bin: /asdf/ }
+  const expect = { name: 'hello', version: 'world' }
+  t.strictSame(normalize(pkg), expect)
+  t.strictSame(normalize(normalize(pkg)), expect, 'double sanitize ok')
+})
+
+t.test('oddball keys', async t => {
+  const pkg = {
+    bin: {
+      '~': 'target',
+      '£': 'target',
+      'ζ': 'target',
+      'ぎ': 'target',
+      '操': 'target',
+      '🎱': 'target',
+      '💎': 'target',
+      '💸': 'target',
+      '🦉': 'target',
+      'сheck-dom': 'target',
+      'Ωpm': 'target',
+      'ζλ': 'target',
+      'мга': 'target',
+      'пше': 'target',
+      'тзч': 'target',
+      'тзь': 'target',
+      'нфкт': 'target',
+      'ссср': 'target',
+      '君の名は': 'target',
+      '君の名は': 'target',
+    }
+  }
+
+  const expect = {
+    bin: {
+      '~': 'target',
+      '£': 'target',
+      'ζ': 'target',
+      'ぎ': 'target',
+      '操': 'target',
+      '🎱': 'target',
+      '💎': 'target',
+      '💸': 'target',
+      '🦉': 'target',
+      'сheck-dom': 'target',
+      'Ωpm': 'target',
+      'ζλ': 'target',
+      'мга': 'target',
+      'пше': 'target',
+      'тзч': 'target',
+      'тзь': 'target',
+      'нфкт': 'target',
+      'ссср': 'target',
+      '君の名は': 'target',
+    },
+  }
+
+  t.strictSame(normalize(pkg), expect)
+  t.strictSame(normalize(normalize(pkg)), expect, 'double sanitize ok')
+})

node_modules/npm-normalize-package-bin/test/string.js

@@ -0,0 +1,37 @@
+const normalize = require('../')
+const t = require('tap')
+
+t.test('benign string', async t => {
+  const pkg = { name: 'hello', version: 'world', bin: 'hello.js' }
+  const expect = { name: 'hello', version: 'world', bin: { hello: 'hello.js' } }
+  t.strictSame(normalize(pkg), expect)
+  t.strictSame(normalize(normalize(pkg)), expect, 'double sanitize ok')
+})
+
+t.test('slashy string', async t => {
+  const pkg = { name: 'hello', version: 'world', bin: '/etc/passwd' }
+  const expect = { name: 'hello', version: 'world', bin: { hello: 'etc/passwd' } }
+  t.strictSame(normalize(pkg), expect)
+  t.strictSame(normalize(normalize(pkg)), expect, 'double sanitize ok')
+})
+
+t.test('dotty string', async t => {
+  const pkg = { name: 'hello', version: 'world', bin: '../../../../etc/passwd' }
+  const expect = { name: 'hello', version: 'world', bin: { hello: 'etc/passwd' } }
+  t.strictSame(normalize(pkg), expect)
+  t.strictSame(normalize(normalize(pkg)), expect, 'double sanitize ok')
+})
+
+t.test('double path', async t => {
+  const pkg = { name: 'hello', version: 'world', bin: '/etc/passwd:/bin/usr/exec' }
+  const expect = { name: 'hello', version: 'world', bin: { hello: 'etc/passwd:/bin/usr/exec' } }
+  t.strictSame(normalize(pkg), expect)
+  t.strictSame(normalize(normalize(pkg)), expect, 'double sanitize ok')
+})
+
+t.test('string with no name', async t => {
+  const pkg = { bin: 'foobar.js' }
+  const expect = {}
+  t.strictSame(normalize(pkg), expect)
+  t.strictSame(normalize(normalize(pkg)), expect, 'double sanitize ok')
+})