$57 GRAYBYTE WORDPRESS FILE MANAGER $82

SERVER : vnpttt-amd7f72-h1.vietnix.vn #1 SMP Fri May 24 12:42:50 UTC 2024
SERVER IP : 103.200.23.149 | ADMIN IP 216.73.216.22
OPTIONS : CRL = ON | WGT = ON | SDO = OFF | PKEX = OFF
DEACTIVATED : NONE

/opt/cpanel/ea-nodejs22/lib/node_modules/npm/node_modules/@npmcli/arborist/lib/

Current File : /opt/cpanel/ea-nodejs22/lib/node_modules/npm/node_modules/@npmcli/arborist/lib//dep-valid.js

// Do not rely on package._fields, so that we don't throw
// false failures if a tree is generated by other clients.
// Only relies on child.resolved, which MAY come from
// client-specific package.json meta _fields, but most of
// the time will be pulled out of a lockfile

const semver = require('semver')
const npa = require('npm-package-arg')
const { relative } = require('node:path')
const fromPath = require('./from-path.js')

const depValid = (child, requested, requestor) => {
  // NB: we don't do much to verify 'tag' type requests.
  // Just verify that we got a remote resolution.  Presumably, it
  // came from a registry and was tagged at some point.

  if (typeof requested === 'string') {
    try {
      // tarball/dir must have resolved to the same tgz on disk, but for
      // file: deps that depend on other files/dirs, we must resolve the
      // location based on the *requestor* file/dir, not where it ends up.
      // '' is equivalent to '*'
      requested = npa.resolve(child.name, requested || '*', fromPath(requestor, requestor.edgesOut.get(child.name)))
    } catch (er) {
      // Not invalid because the child doesn't match, but because
      // the spec itself is not supported.  Nothing would match,
      // so the edge is definitely not valid and never can be.
      er.dependency = child.name
      er.requested = requested
      requestor.errors.push(er)
      return false
    }
  }

  // if the lockfile is super old, or hand-modified,
  // then it's possible to hit this state.
  if (!requested) {
    const er = new Error('Invalid dependency specifier')
    er.dependency = child.name
    er.requested = requested
    requestor.errors.push(er)
    return false
  }

  switch (requested.type) {
    case 'range':
      if (requested.fetchSpec === '*') {
        return true
      }
      // fallthrough
    case 'version':
      // if it's a version or a range other than '*', semver it
      return semver.satisfies(child.version, requested.fetchSpec, true)

    case 'directory':
      return linkValid(child, requested, requestor)

    case 'file':
      return tarballValid(child, requested, requestor)

    case 'alias':
      // check that the alias target is valid
      return depValid(child, requested.subSpec, requestor)

    case 'tag':
      // if it's a tag, we just verify that it has a tarball resolution
      // presumably, it came from the registry and was tagged at some point
      return child.resolved && npa(child.resolved).type === 'remote'

    case 'remote':
      // verify that we got it from the desired location
      return child.resolved === requested.fetchSpec

    case 'git': {
      // if it's a git type, verify that they're the same repo
      //
      // if it specifies a definite commit, then it must have the
      // same commit to be considered the same repo
      //
      // if it has a #semver:<range> specifier, verify that the
      // version in the package is in the semver range
      const resRepo = npa(child.resolved || '')
      const resHost = resRepo.hosted
      const reqHost = requested.hosted
      const reqCommit = /^[a-fA-F0-9]{40}$/.test(requested.gitCommittish || '')
      const nc = { noCommittish: !reqCommit }
      if (!resHost) {
        if (resRepo.fetchSpec !== requested.fetchSpec) {
          return false
        }
      } else {
        if (reqHost?.ssh(nc) !== resHost.ssh(nc)) {
          return false
        }
      }
      if (!requested.gitRange) {
        return true
      }
      return semver.satisfies(child.package.version, requested.gitRange, {
        loose: true,
      })
    }

    default: // unpossible, just being cautious
      break
  }

  const er = new Error('Unsupported dependency type')
  er.dependency = child.name
  er.requested = requested
  requestor.errors.push(er)
  return false
}

const linkValid = (child, requested, requestor) => {
  const isLink = !!child.isLink
  // if we're installing links and the node is a link, then it's invalid because we want
  // a real node to be there.  Except for workspaces. They are always links.
  if (requestor.installLinks && !child.isWorkspace) {
    return !isLink
  }

  // directory must be a link to the specified folder
  return isLink && relative(child.realpath, requested.fetchSpec) === ''
}

const tarballValid = (child, requested) => {
  if (child.isLink) {
    return false
  }

  if (child.resolved) {
    return child.resolved.replace(/\\/g, '/') === `file:${requested.fetchSpec.replace(/\\/g, '/')}`
  }

  // if we have a legacy mutated package.json file.  we can't be 100%
  // sure that it resolved to the same file, but if it was the same
  // request, that's a pretty good indicator of sameness.
  if (child.package._requested) {
    return child.package._requested.saveSpec === requested.saveSpec
  }

  // ok, we're probably dealing with some legacy cruft here, not much
  // we can do at this point unfortunately.
  return false
}

module.exports = (child, requested, accept, requestor) =>
  depValid(child, requested, requestor) ||
  (typeof accept === 'string' ? depValid(child, accept, requestor) : false)

[ Back ]

NAME	SIZE	LAST TOUCH	USER	CAN-I?
..	--	1 Jan 1970 8.00 AM	root / root	0
arborist	--	16 Mar 2026 5.04 PM	root / root	0755

add-rm-pkg-deps.js	4.891 KB	17 Jan 2026 1.16 AM	root / root	0644
audit-report.js	11.945 KB	17 Jan 2026 1.16 AM	root / root	0644
calc-dep-flags.js	3.424 KB	17 Jan 2026 1.16 AM	root / root	0644
can-place-dep.js	13.938 KB	17 Jan 2026 1.16 AM	root / root	0644
case-insensitive-map.js	1.21 KB	17 Jan 2026 1.16 AM	root / root	0644
consistent-resolve.js	1.266 KB	17 Jan 2026 1.16 AM	root / root	0644
debug.js	1.252 KB	17 Jan 2026 1.16 AM	root / root	0644
deepest-nesting-target.js	0.675 KB	17 Jan 2026 1.16 AM	root / root	0644
dep-valid.js	5.005 KB	17 Jan 2026 1.16 AM	root / root	0644
diff.js	9.573 KB	17 Jan 2026 1.16 AM	root / root	0644
edge.js	6.625 KB	17 Jan 2026 1.16 AM	root / root	0644
from-path.js	1.069 KB	17 Jan 2026 1.16 AM	root / root	0644
gather-dep-set.js	1.256 KB	17 Jan 2026 1.16 AM	root / root	0644
index.js	0.267 KB	17 Jan 2026 1.16 AM	root / root	0644
inventory.js	3.246 KB	17 Jan 2026 1.16 AM	root / root	0644
link.js	3.041 KB	17 Jan 2026 1.16 AM	root / root	0644
node.js	42.95 KB	17 Jan 2026 1.16 AM	root / root	0644
optional-set.js	1.321 KB	17 Jan 2026 1.16 AM	root / root	0644
override-resolves.js	0.22 KB	17 Jan 2026 1.16 AM	root / root	0644
override-set.js	3.115 KB	17 Jan 2026 1.16 AM	root / root	0644
packument-cache.js	2.496 KB	17 Jan 2026 1.16 AM	root / root	0644
peer-entry-sets.js	2.57 KB	17 Jan 2026 1.16 AM	root / root	0644
place-dep.js	19.752 KB	17 Jan 2026 1.16 AM	root / root	0644
printable.js	5.1 KB	17 Jan 2026 1.16 AM	root / root	0644
query-selector-all.js	28.841 KB	17 Jan 2026 1.16 AM	root / root	0644
realpath.js	2.593 KB	17 Jan 2026 1.16 AM	root / root	0644
relpath.js	0.133 KB	17 Jan 2026 1.16 AM	root / root	0644
reset-dep-flags.js	0.623 KB	17 Jan 2026 1.16 AM	root / root	0644
retire-path.js	0.489 KB	17 Jan 2026 1.16 AM	root / root	0644
shrinkwrap.js	36.827 KB	17 Jan 2026 1.16 AM	root / root	0644
signal-handling.js	2.192 KB	17 Jan 2026 1.16 AM	root / root	0644
signals.js	1.349 KB	17 Jan 2026 1.16 AM	root / root	0644
spec-from-lock.js	0.854 KB	17 Jan 2026 1.16 AM	root / root	0644
tracker.js	2.921 KB	17 Jan 2026 1.16 AM	root / root	0644
tree-check.js	4.045 KB	17 Jan 2026 1.16 AM	root / root	0644
version-from-tgz.js	1.453 KB	17 Jan 2026 1.16 AM	root / root	0644
vuln.js	5.818 KB	17 Jan 2026 1.16 AM	root / root	0644
yarn-lock.js	10.56 KB	17 Jan 2026 1.16 AM	root / root	0644

GRAYBYTE WORDPRESS FILE MANAGER @ 2026 CONTACT ME