const path = require('path')
const libnpmaccess = require('libnpmaccess')
const npa = require('npm-package-arg')
const readPackageJson = require('read-package-json-fast')
const localeCompare = require('@isaacs/string-locale-compare')('en')
const otplease = require('../utils/otplease.js')
const getIdentity = require('../utils/get-identity.js')
const BaseCommand = require('../base-command.js')
const commands = [
'get',
'grant',
'list',
'revoke',
'set',
]
const setCommands = [
'status=public',
'status=private',
'mfa=none',
'mfa=publish',
'mfa=automation',
'2fa=none',
'2fa=publish',
'2fa=automation',
]
class Access extends BaseCommand {
static description = 'Set access level on published packages'
static name = 'access'
static params = [
'json',
'otp',
'registry',
]
static usage = [
'list packages [<user>|<scope>|<scope:team> [<package>]',
'list collaborators [<package> [<user>]]',
'get status [<package>]',
'set status=public|private [<package>]',
'set mfa=none|publish|automation [<package>]',
'grant <read-only|read-write> <scope:team> [<package>]',
'revoke <scope:team> [<package>]',
]
async completion (opts) {
const argv = opts.conf.argv.remain
if (argv.length === 2) {
return commands
}
if (argv.length === 3) {
switch (argv[2]) {
case 'grant':
return ['read-only', 'read-write']
case 'revoke':
return []
case 'list':
case 'ls':
return ['packages', 'collaborators']
case 'get':
return ['status']
case 'set':
return setCommands
default:
throw new Error(argv[2] + ' not recognized')
}
}
}
async exec ([cmd, subcmd, ...args]) {
if (!cmd) {
throw this.usageError()
}
if (!commands.includes(cmd)) {
throw this.usageError(`${cmd} is not a valid access command`)
}
// All commands take at least one more parameter so we can do this check up front
if (!subcmd) {
throw this.usageError()
}
switch (cmd) {
case 'grant':
if (!['read-only', 'read-write'].includes(subcmd)) {
throw this.usageError('grant must be either `read-only` or `read-write`')
}
if (!args[0]) {
throw this.usageError('`<scope:team>` argument is required')
}
return this.#grant(subcmd, args[0], args[1])
case 'revoke':
return this.#revoke(subcmd, args[0])
case 'list':
case 'ls':
if (subcmd === 'packages') {
return this.#listPackages(args[0], args[1])
}
if (subcmd === 'collaborators') {
return this.#listCollaborators(args[0], args[1])
}
throw this.usageError(`list ${subcmd} is not a valid access command`)
case 'get':
if (subcmd !== 'status') {
throw this.usageError(`get ${subcmd} is not a valid access command`)
}
return this.#getStatus(args[0])
case 'set':
if (!setCommands.includes(subcmd)) {
throw this.usageError(`set ${subcmd} is not a valid access command`)
}
return this.#set(subcmd, args[0])
}
}
async #grant (permissions, scope, pkg) {
await libnpmaccess.setPermissions(scope, pkg, permissions, this.npm.flatOptions)
}
async #revoke (scope, pkg) {
await libnpmaccess.removePermissions(scope, pkg, this.npm.flatOptions)
}
async #listPackages (owner, pkg) {
if (!owner) {
owner = await getIdentity(this.npm, this.npm.flatOptions)
}
const pkgs = await libnpmaccess.getPackages(owner, this.npm.flatOptions)
this.#output(pkgs, pkg)
}
async #listCollaborators (pkg, user) {
const pkgName = await this.#getPackage(pkg, false)
const collabs = await libnpmaccess.getCollaborators(pkgName, this.npm.flatOptions)
this.#output(collabs, user)
}
async #getStatus (pkg) {
const pkgName = await this.#getPackage(pkg, false)
const visibility = await libnpmaccess.getVisibility(pkgName, this.npm.flatOptions)
this.#output({ [pkgName]: visibility.public ? 'public' : 'private' })
}
async #set (subcmd, pkg) {
const [subkey, subval] = subcmd.split('=')
switch (subkey) {
case 'mfa':
case '2fa':
return this.#setMfa(pkg, subval)
case 'status':
return this.#setStatus(pkg, subval)
}
}
async #setMfa (pkg, level) {
const pkgName = await this.#getPackage(pkg, false)
await otplease(this.npm, this.npm.flatOptions, (opts) => {
return libnpmaccess.setMfa(pkgName, level, opts)
})
}
async #setStatus (pkg, status) {
// only scoped packages can have their access changed
const pkgName = await this.#getPackage(pkg, true)
if (status === 'private') {
status = 'restricted'
}
await otplease(this.npm, this.npm.flatOptions, (opts) => {
return libnpmaccess.setAccess(pkgName, status, opts)
})
return this.#getStatus(pkgName)
}
async #getPackage (name, requireScope) {
if (!name) {
try {
const pkg = await readPackageJson(path.resolve(this.npm.prefix, 'package.json'))
name = pkg.name
} catch (err) {
if (err.code === 'ENOENT') {
throw Object.assign(new Error('no package name given and no package.json found'), {
code: 'ENOENT',
})
} else {
throw err
}
}
}
const spec = npa(name)
if (requireScope && !spec.scope) {
throw this.usageError('This command is only available for scoped packages.')
}
return name
}
#output (items, limiter) {
const output = {}
const lookup = {
__proto__: null,
read: 'read-only',
write: 'read-write',
}
for (const item in items) {
const val = items[item]
output[item] = lookup[val] || val
}
if (this.npm.config.get('json')) {
this.npm.output(JSON.stringify(output, null, 2))
} else {
for (const item of Object.keys(output).sort(localeCompare)) {
if (!limiter || limiter === item) {
this.npm.output(`${item}: ${output[item]}`)
}
}
}
}
}
module.exports = Access
| Name | Type | Size | Permission | Actions |
|---|---|---|---|---|
| access.js | File | 6.08 KB | 0644 |
|
| adduser.js | File | 1.32 KB | 0644 |
|
| audit.js | File | 13.86 KB | 0644 |
|
| bugs.js | File | 815 B | 0644 |
|
| cache.js | File | 7.07 KB | 0644 |
|
| ci.js | File | 3.51 KB | 0644 |
|
| completion.js | File | 8.73 KB | 0644 |
|
| config.js | File | 10.04 KB | 0644 |
|
| dedupe.js | File | 1.4 KB | 0644 |
|
| deprecate.js | File | 2.03 KB | 0644 |
|
| diff.js | File | 8.12 KB | 0644 |
|
| dist-tag.js | File | 5.45 KB | 0644 |
|
| docs.js | File | 447 B | 0644 |
|
| doctor.js | File | 11.51 KB | 0644 |
|
| edit.js | File | 2 KB | 0644 |
|
| exec.js | File | 2.54 KB | 0644 |
|
| explain.js | File | 3.55 KB | 0644 |
|
| explore.js | File | 2.3 KB | 0644 |
|
| find-dupes.js | File | 622 B | 0644 |
|
| fund.js | File | 6.51 KB | 0644 |
|
| get.js | File | 524 B | 0644 |
|
| help-search.js | File | 5.49 KB | 0644 |
|
| help.js | File | 3.54 KB | 0644 |
|
| hook.js | File | 3.77 KB | 0644 |
|
| init.js | File | 6.9 KB | 0644 |
|
| install-ci-test.js | File | 373 B | 0644 |
|
| install-test.js | File | 370 B | 0644 |
|
| install.js | File | 5.11 KB | 0644 |
|
| link.js | File | 5.15 KB | 0644 |
|
| ll.js | File | 234 B | 0644 |
|
| login.js | File | 1.32 KB | 0644 |
|
| logout.js | File | 1.3 KB | 0644 |
|
| ls.js | File | 16.73 KB | 0644 |
|
| org.js | File | 4.14 KB | 0644 |
|
| outdated.js | File | 8.76 KB | 0644 |
|
| owner.js | File | 5.91 KB | 0644 |
|
| pack.js | File | 2.37 KB | 0644 |
|
| ping.js | File | 917 B | 0644 |
|
| pkg.js | File | 3.5 KB | 0644 |
|
| prefix.js | File | 303 B | 0644 |
|
| profile.js | File | 11.19 KB | 0644 |
|
| prune.js | File | 779 B | 0644 |
|
| publish.js | File | 6.5 KB | 0644 |
|
| query.js | File | 2.9 KB | 0644 |
|
| rebuild.js | File | 2.14 KB | 0644 |
|
| repo.js | File | 1.24 KB | 0644 |
|
| restart.js | File | 310 B | 0644 |
|
| root.js | File | 258 B | 0644 |
|
| run-script.js | File | 6.81 KB | 0644 |
|
| search.js | File | 2.68 KB | 0644 |
|
| set.js | File | 572 B | 0644 |
|
| shrinkwrap.js | File | 2.64 KB | 0644 |
|
| star.js | File | 1.87 KB | 0644 |
|
| stars.js | File | 1.03 KB | 0644 |
|
| start.js | File | 300 B | 0644 |
|
| stop.js | File | 295 B | 0644 |
|
| team.js | File | 4.44 KB | 0644 |
|
| test.js | File | 295 B | 0644 |
|
| token.js | File | 6.64 KB | 0644 |
|
| uninstall.js | File | 1.51 KB | 0644 |
|
| unpublish.js | File | 4.54 KB | 0644 |
|
| unstar.js | File | 182 B | 0644 |
|
| update.js | File | 1.71 KB | 0644 |
|
| version.js | File | 3.58 KB | 0644 |
|
| view.js | File | 14.38 KB | 0644 |
|
| whoami.js | File | 474 B | 0644 |
|