.-.-.-.-.-

PK�Z�\�髃��package.jsonnu�[���{
  "_id": "npm-registry-fetch@17.0.1",
  "_inBundle": true,
  "_location": "/npm/npm-registry-fetch",
  "_phantomChildren": {},
  "_requiredBy": [
    "/npm",
    "/npm/@npmcli/arborist",
    "/npm/libnpmaccess",
    "/npm/libnpmhook",
    "/npm/libnpmorg",
    "/npm/libnpmpublish",
    "/npm/libnpmsearch",
    "/npm/libnpmteam",
    "/npm/npm-profile",
    "/npm/pacote"
  ],
  "author": {
    "name": "GitHub Inc."
  },
  "bugs": {
    "url": "https://github.com/npm/npm-registry-fetch/issues"
  },
  "dependencies": {
    "@npmcli/redact": "^2.0.0",
    "make-fetch-happen": "^13.0.0",
    "minipass": "^7.0.2",
    "minipass-fetch": "^3.0.0",
    "minipass-json-stream": "^1.0.1",
    "minizlib": "^2.1.2",
    "npm-package-arg": "^11.0.0",
    "proc-log": "^4.0.0"
  },
  "description": "Fetch-based http client for use with npm registry APIs",
  "devDependencies": {
    "@npmcli/eslint-config": "^4.0.0",
    "@npmcli/template-oss": "4.21.4",
    "cacache": "^18.0.0",
    "nock": "^13.2.4",
    "require-inject": "^1.4.4",
    "ssri": "^10.0.0",
    "tap": "^16.0.1"
  },
  "engines": {
    "node": "^16.14.0 || >=18.0.0"
  },
  "files": [
    "bin/",
    "lib/"
  ],
  "homepage": "https://github.com/npm/npm-registry-fetch#readme",
  "keywords": [
    "npm",
    "registry",
    "fetch"
  ],
  "license": "ISC",
  "main": "lib",
  "name": "npm-registry-fetch",
  "repository": {
    "type": "git",
    "url": "git+https://github.com/npm/npm-registry-fetch.git"
  },
  "scripts": {
    "eslint": "eslint",
    "lint": "eslint \"**/*.{js,cjs,ts,mjs,jsx,tsx}\"",
    "lintfix": "npm run lint -- --fix",
    "npmclilint": "npmcli-lint",
    "postlint": "template-oss-check",
    "postsnap": "npm run lintfix --",
    "posttest": "npm run lint",
    "snap": "tap",
    "template-oss-apply": "template-oss-apply --force",
    "test": "tap"
  },
  "tap": {
    "check-coverage": true,
    "test-ignore": "test[\\\\/](util|cache)[\\\\/]",
    "nyc-arg": [
      "--exclude",
      "tap-snapshots/**"
    ]
  },
  "templateOSS": {
    "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.",
    "version": "4.21.4",
    "publish": "true"
  },
  "version": "17.0.1"
}
PK�Z�\.-�˂�lib/default-opts.jsnu�[���const pkg = require('../package.json')
module.exports = {
  maxSockets: 12,
  method: 'GET',
  registry: 'https://registry.npmjs.org/',
  timeout: 5 * 60 * 1000, // 5 minutes
  strictSSL: true,
  noProxy: process.env.NOPROXY,
  userAgent: `${pkg.name
    }@${
      pkg.version
    }/node@${
      process.version
    }+${
      process.arch
    } (${
      process.platform
    })`,
}
PK�Z�\���u��lib/check-response.jsnu�[���'use strict'

const errors = require('./errors.js')
const { Response } = require('minipass-fetch')
const defaultOpts = require('./default-opts.js')
const { log } = require('proc-log')
const { redact: cleanUrl } = require('@npmcli/redact')

/* eslint-disable-next-line max-len */
const moreInfoUrl = 'https://github.com/npm/cli/wiki/No-auth-for-URI,-but-auth-present-for-scoped-registry'
const checkResponse =
  async ({ method, uri, res, startTime, auth, opts }) => {
    opts = { ...defaultOpts, ...opts }
    if (res.headers.has('npm-notice') && !res.headers.has('x-local-cache')) {
      log.notice('', res.headers.get('npm-notice'))
    }

if (res.status >= 400) {
      logRequest(method, res, startTime)
      if (auth && auth.scopeAuthKey && !auth.token && !auth.auth) {
      // we didn't have auth for THIS request, but we do have auth for
      // requests to the registry indicated by the spec's scope value.
      // Warn the user.
        log.warn('registry', `No auth for URI, but auth present for scoped registry.

URI: ${uri}
Scoped Registry Key: ${auth.scopeAuthKey}

More info here: ${moreInfoUrl}`)
      }
      return checkErrors(method, res, startTime, opts)
    } else {
      res.body.on('end', () => logRequest(method, res, startTime, opts))
      if (opts.ignoreBody) {
        res.body.resume()
        return new Response(null, res)
      }
      return res
    }
  }
module.exports = checkResponse

function logRequest (method, res, startTime) {
  const elapsedTime = Date.now() - startTime
  const attempt = res.headers.get('x-fetch-attempts')
  const attemptStr = attempt && attempt > 1 ? ` attempt #${attempt}` : ''
  const cacheStatus = res.headers.get('x-local-cache-status')
  const cacheStr = cacheStatus ? ` (cache ${cacheStatus})` : ''
  const urlStr = cleanUrl(res.url)

log.http(
    'fetch',
    `${method.toUpperCase()} ${res.status} ${urlStr} ${elapsedTime}ms${attemptStr}${cacheStr}`
  )
}

function checkErrors (method, res, startTime, opts) {
  return res.buffer()
    .catch(() => null)
    .then(body => {
      let parsed = body
      try {
        parsed = JSON.parse(body.toString('utf8'))
      } catch {
        // ignore errors
      }
      if (res.status === 401 && res.headers.get('www-authenticate')) {
        const auth = res.headers.get('www-authenticate')
          .split(/,\s*/)
          .map(s => s.toLowerCase())
        if (auth.indexOf('ipaddress') !== -1) {
          throw new errors.HttpErrorAuthIPAddress(
            method, res, parsed, opts.spec
          )
        } else if (auth.indexOf('otp') !== -1) {
          throw new errors.HttpErrorAuthOTP(
            method, res, parsed, opts.spec
          )
        } else {
          throw new errors.HttpErrorAuthUnknown(
            method, res, parsed, opts.spec
          )
        }
      } else if (
        res.status === 401 &&
        body != null &&
        /one-time pass/.test(body.toString('utf8'))
      ) {
        // Heuristic for malformed OTP responses that don't include the
        // www-authenticate header.
        throw new errors.HttpErrorAuthOTP(
          method, res, parsed, opts.spec
        )
      } else {
        throw new errors.HttpErrorGeneral(
          method, res, parsed, opts.spec
        )
      }
    })
}
PK�Z�\�60��lib/index.jsnu�[���'use strict'

const { HttpErrorAuthOTP } = require('./errors.js')
const checkResponse = require('./check-response.js')
const getAuth = require('./auth.js')
const fetch = require('make-fetch-happen')
const JSONStream = require('minipass-json-stream')
const npa = require('npm-package-arg')
const qs = require('querystring')
const url = require('url')
const zlib = require('minizlib')
const { Minipass } = require('minipass')

const defaultOpts = require('./default-opts.js')

// WhatWG URL throws if it's not fully resolved
const urlIsValid = u => {
  try {
    return !!new url.URL(u)
  } catch (_) {
    return false
  }
}

module.exports = regFetch
function regFetch (uri, /* istanbul ignore next */ opts_ = {}) {
  const opts = {
    ...defaultOpts,
    ...opts_,
  }

// if we did not get a fully qualified URI, then we look at the registry
  // config or relevant scope to resolve it.
  const uriValid = urlIsValid(uri)
  let registry = opts.registry || defaultOpts.registry
  if (!uriValid) {
    registry = opts.registry = (
      (opts.spec && pickRegistry(opts.spec, opts)) ||
      opts.registry ||
      registry
    )
    uri = `${
      registry.trim().replace(/\/?$/g, '')
    }/${
      uri.trim().replace(/^\//, '')
    }`
    // asserts that this is now valid
    new url.URL(uri)
  }

const method = opts.method || 'GET'

// through that takes into account the scope, the prefix of `uri`, etc
  const startTime = Date.now()
  const auth = getAuth(uri, opts)
  const headers = getHeaders(uri, auth, opts)
  let body = opts.body
  const bodyIsStream = Minipass.isStream(body)
  const bodyIsPromise = body &&
    typeof body === 'object' &&
    typeof body.then === 'function'

if (
    body && !bodyIsStream && !bodyIsPromise && typeof body !== 'string' && !Buffer.isBuffer(body)
  ) {
    headers['content-type'] = headers['content-type'] || 'application/json'
    body = JSON.stringify(body)
  } else if (body && !headers['content-type']) {
    headers['content-type'] = 'application/octet-stream'
  }

if (opts.gzip) {
    headers['content-encoding'] = 'gzip'
    if (bodyIsStream) {
      const gz = new zlib.Gzip()
      body.on('error', /* istanbul ignore next: unlikely and hard to test */
        err => gz.emit('error', err))
      body = body.pipe(gz)
    } else if (!bodyIsPromise) {
      body = new zlib.Gzip().end(body).concat()
    }
  }

const parsed = new url.URL(uri)

if (opts.query) {
    const q = typeof opts.query === 'string' ? qs.parse(opts.query)
      : opts.query

Object.keys(q).forEach(key => {
      if (q[key] !== undefined) {
        parsed.searchParams.set(key, q[key])
      }
    })
    uri = url.format(parsed)
  }

if (parsed.searchParams.get('write') === 'true' && method === 'GET') {
    // do not cache, because this GET is fetching a rev that will be
    // used for a subsequent PUT or DELETE, so we need to conditionally
    // update cache.
    opts.offline = false
    opts.preferOffline = false
    opts.preferOnline = true
  }

const doFetch = async fetchBody => {
    const p = fetch(uri, {
      agent: opts.agent,
      algorithms: opts.algorithms,
      body: fetchBody,
      cache: getCacheMode(opts),
      cachePath: opts.cache,
      ca: opts.ca,
      cert: auth.cert || opts.cert,
      headers,
      integrity: opts.integrity,
      key: auth.key || opts.key,
      localAddress: opts.localAddress,
      maxSockets: opts.maxSockets,
      memoize: opts.memoize,
      method: method,
      noProxy: opts.noProxy,
      proxy: opts.httpsProxy || opts.proxy,
      retry: opts.retry ? opts.retry : {
        retries: opts.fetchRetries,
        factor: opts.fetchRetryFactor,
        minTimeout: opts.fetchRetryMintimeout,
        maxTimeout: opts.fetchRetryMaxtimeout,
      },
      strictSSL: opts.strictSSL,
      timeout: opts.timeout || 30 * 1000,
    }).then(res => checkResponse({
      method,
      uri,
      res,
      registry,
      startTime,
      auth,
      opts,
    }))

if (typeof opts.otpPrompt === 'function') {
      return p.catch(async er => {
        if (er instanceof HttpErrorAuthOTP) {
          let otp
          // if otp fails to complete, we fail with that failure
          try {
            otp = await opts.otpPrompt()
          } catch (_) {
            // ignore this error
          }
          // if no otp provided, or otpPrompt errored, throw the original HTTP error
          if (!otp) {
            throw er
          }
          return regFetch(uri, { ...opts, otp })
        }
        throw er
      })
    } else {
      return p
    }
  }

return Promise.resolve(body).then(doFetch)
}

module.exports.getAuth = getAuth

module.exports.json = fetchJSON
function fetchJSON (uri, opts) {
  return regFetch(uri, opts).then(res => res.json())
}

module.exports.json.stream = fetchJSONStream
function fetchJSONStream (uri, jsonPath,
  /* istanbul ignore next */ opts_ = {}) {
  const opts = { ...defaultOpts, ...opts_ }
  const parser = JSONStream.parse(jsonPath, opts.mapJSON)
  regFetch(uri, opts).then(res =>
    res.body.on('error',
      /* istanbul ignore next: unlikely and difficult to test */
      er => parser.emit('error', er)).pipe(parser)
  ).catch(er => parser.emit('error', er))
  return parser
}

module.exports.pickRegistry = pickRegistry
function pickRegistry (spec, opts = {}) {
  spec = npa(spec)
  let registry = spec.scope &&
    opts[spec.scope.replace(/^@?/, '@') + ':registry']

if (!registry && opts.scope) {
    registry = opts[opts.scope.replace(/^@?/, '@') + ':registry']
  }

if (!registry) {
    registry = opts.registry || defaultOpts.registry
  }

return registry
}

function getCacheMode (opts) {
  return opts.offline ? 'only-if-cached'
    : opts.preferOffline ? 'force-cache'
    : opts.preferOnline ? 'no-cache'
    : 'default'
}

function getHeaders (uri, auth, opts) {
  const headers = Object.assign({
    'user-agent': opts.userAgent,
  }, opts.headers || {})

if (opts.authType) {
    headers['npm-auth-type'] = opts.authType
  }

if (opts.scope) {
    headers['npm-scope'] = opts.scope
  }

if (opts.npmSession) {
    headers['npm-session'] = opts.npmSession
  }

if (opts.npmCommand) {
    headers['npm-command'] = opts.npmCommand
  }

// If a tarball is hosted on a different place than the manifest, only send
  // credentials on `alwaysAuth`
  if (auth.token) {
    headers.authorization = `Bearer ${auth.token}`
  } else if (auth.auth) {
    headers.authorization = `Basic ${auth.auth}`
  }

if (opts.otp) {
    headers['npm-otp'] = opts.otp
  }

return headers
}
PK�Z�\Ho}���
lib/errors.jsnu�[���'use strict'

const { URL } = require('node:url')

function packageName (href) {
  try {
    let basePath = new URL(href).pathname.slice(1)
    if (!basePath.match(/^-/)) {
      basePath = basePath.split('/')
      var index = basePath.indexOf('_rewrite')
      if (index === -1) {
        index = basePath.length - 1
      } else {
        index++
      }
      return decodeURIComponent(basePath[index])
    }
  } catch {
    // this is ok
  }
}

class HttpErrorBase extends Error {
  constructor (method, res, body, spec) {
    super()
    this.name = this.constructor.name
    this.headers = typeof res.headers?.raw === 'function' ? res.headers.raw() : res.headers
    this.statusCode = res.status
    this.code = `E${res.status}`
    this.method = method
    this.uri = res.url
    this.body = body
    this.pkgid = spec ? spec.toString() : packageName(res.url)
    Error.captureStackTrace(this, this.constructor)
  }
}

class HttpErrorGeneral extends HttpErrorBase {
  constructor (method, res, body, spec) {
    super(method, res, body, spec)
    this.message = `${res.status} ${res.statusText} - ${
      this.method.toUpperCase()
    } ${
      this.spec || this.uri
    }${
      (body && body.error) ? ' - ' + body.error : ''
    }`
  }
}

class HttpErrorAuthOTP extends HttpErrorBase {
  constructor (method, res, body, spec) {
    super(method, res, body, spec)
    this.message = 'OTP required for authentication'
    this.code = 'EOTP'
  }
}

class HttpErrorAuthIPAddress extends HttpErrorBase {
  constructor (method, res, body, spec) {
    super(method, res, body, spec)
    this.message = 'Login is not allowed from your IP address'
    this.code = 'EAUTHIP'
  }
}

class HttpErrorAuthUnknown extends HttpErrorBase {
  constructor (method, res, body, spec) {
    super(method, res, body, spec)
    this.message = 'Unable to authenticate, need: ' + res.headers.get('www-authenticate')
  }
}

module.exports = {
  HttpErrorBase,
  HttpErrorGeneral,
  HttpErrorAuthOTP,
  HttpErrorAuthIPAddress,
  HttpErrorAuthUnknown,
}
PK�Z�\k����lib/auth.jsnu�[���'use strict'
const fs = require('fs')
const npa = require('npm-package-arg')
const { URL } = require('url')

// Find the longest registry key that is used for some kind of auth
// in the options.  Returns the registry key and the auth config.
const regFromURI = (uri, opts) => {
  const parsed = new URL(uri)
  // try to find a config key indicating we have auth for this registry
  // can be one of :_authToken, :_auth, :_password and :username, or
  // :certfile and :keyfile
  // We walk up the "path" until we're left with just //<host>[:<port>],
  // stopping when we reach '//'.
  let regKey = `//${parsed.host}${parsed.pathname}`
  while (regKey.length > '//'.length) {
    const authKey = hasAuth(regKey, opts)
    // got some auth for this URI
    if (authKey) {
      return { regKey, authKey }
    }

// can be either //host/some/path/:_auth or //host/some/path:_auth
    // walk up by removing EITHER what's after the slash OR the slash itself
    regKey = regKey.replace(/([^/]+|\/)$/, '')
  }
  return { regKey: false, authKey: null }
}

// Not only do we want to know if there is auth, but if we are calling `npm
// logout` we want to know what config value specifically provided it.  This is
// so we can look up where the config came from to delete it (i.e. user vs
// project)
const hasAuth = (regKey, opts) => {
  if (opts[`${regKey}:_authToken`]) {
    return '_authToken'
  }
  if (opts[`${regKey}:_auth`]) {
    return '_auth'
  }
  if (opts[`${regKey}:username`] && opts[`${regKey}:_password`]) {
    // 'password' can be inferred to also be present
    return 'username'
  }
  if (opts[`${regKey}:certfile`] && opts[`${regKey}:keyfile`]) {
    // 'keyfile' can be inferred to also be present
    return 'certfile'
  }
  return false
}

const sameHost = (a, b) => {
  const parsedA = new URL(a)
  const parsedB = new URL(b)
  return parsedA.host === parsedB.host
}

const getRegistry = opts => {
  const { spec } = opts
  const { scope: specScope, subSpec } = spec ? npa(spec) : {}
  const subSpecScope = subSpec && subSpec.scope
  const scope = subSpec ? subSpecScope : specScope
  const scopeReg = scope && opts[`${scope}:registry`]
  return scopeReg || opts.registry
}

const maybeReadFile = file => {
  try {
    return fs.readFileSync(file, 'utf8')
  } catch (er) {
    if (er.code !== 'ENOENT') {
      throw er
    }
    return null
  }
}

const getAuth = (uri, opts = {}) => {
  const { forceAuth } = opts
  if (!uri) {
    throw new Error('URI is required')
  }
  const { regKey, authKey } = regFromURI(uri, forceAuth || opts)

// we are only allowed to use what's in forceAuth if specified
  if (forceAuth && !regKey) {
    return new Auth({
      // if we force auth we don't want to refer back to anything in config
      regKey: false,
      authKey: null,
      scopeAuthKey: null,
      token: forceAuth._authToken || forceAuth.token,
      username: forceAuth.username,
      password: forceAuth._password || forceAuth.password,
      auth: forceAuth._auth || forceAuth.auth,
      certfile: forceAuth.certfile,
      keyfile: forceAuth.keyfile,
    })
  }

// no auth for this URI, but might have it for the registry
  if (!regKey) {
    const registry = getRegistry(opts)
    if (registry && uri !== registry && sameHost(uri, registry)) {
      return getAuth(registry, opts)
    } else if (registry !== opts.registry) {
      // If making a tarball request to a different base URI than the
      // registry where we logged in, but the same auth SHOULD be sent
      // to that artifact host, then we track where it was coming in from,
      // and warn the user if we get a 4xx error on it.
      const { regKey: scopeAuthKey, authKey: _authKey } = regFromURI(registry, opts)
      return new Auth({ scopeAuthKey, regKey: scopeAuthKey, authKey: _authKey })
    }
  }

const {
    [`${regKey}:_authToken`]: token,
    [`${regKey}:username`]: username,
    [`${regKey}:_password`]: password,
    [`${regKey}:_auth`]: auth,
    [`${regKey}:certfile`]: certfile,
    [`${regKey}:keyfile`]: keyfile,
  } = opts

return new Auth({
    scopeAuthKey: null,
    regKey,
    authKey,
    token,
    auth,
    username,
    password,
    certfile,
    keyfile,
  })
}

class Auth {
  constructor ({
    token,
    auth,
    username,
    password,
    scopeAuthKey,
    certfile,
    keyfile,
    regKey,
    authKey,
  }) {
    // same as regKey but only present for scoped auth. Should have been named scopeRegKey
    this.scopeAuthKey = scopeAuthKey
    // `${regKey}:${authKey}` will get you back to the auth config that gave us auth
    this.regKey = regKey
    this.authKey = authKey
    this.token = null
    this.auth = null
    this.isBasicAuth = false
    this.cert = null
    this.key = null
    if (token) {
      this.token = token
    } else if (auth) {
      this.auth = auth
    } else if (username && password) {
      const p = Buffer.from(password, 'base64').toString('utf8')
      this.auth = Buffer.from(`${username}:${p}`, 'utf8').toString('base64')
      this.isBasicAuth = true
    }
    // mTLS may be used in conjunction with another auth method above
    if (certfile && keyfile) {
      const cert = maybeReadFile(certfile, 'utf-8')
      const key = maybeReadFile(keyfile, 'utf-8')
      if (cert && key) {
        this.cert = cert
        this.key = key
      }
    }
  }
}

module.exports = getAuth
PK�Z�\�r��
LICENSE.mdnu�[���

ISC License

Permission to use, copy, modify, and/or distribute this
software for any purpose with or without fee is hereby
granted, provided that the above copyright notice and this
permission notice appear in all copies.

THE SOFTWARE IS PROVIDED "AS IS" AND NPM DISCLAIMS ALL
WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO
EVENT SHALL NPM BE LIABLE FOR ANY SPECIAL, DIRECT,
INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS,
WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER
TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE
USE OR PERFORMANCE OF THIS SOFTWARE.
PK�Z�\�髃��package.jsonnu�[���PK�Z�\.-�˂��lib/default-opts.jsnu�[���PK�Z�\���u���
lib/check-response.jsnu�[���PK�Z�\�60���lib/index.jsnu�[���PK�Z�\Ho}���
�1lib/errors.jsnu�[���PK�Z�\k�����9lib/auth.jsnu�[���PK�Z�\�r��
&OLICENSE.mdnu�[���PK"~R

/home/emeraadmin/www/node_modules/extend/../array-slice/../../src/../4d695/npm-registry-fetch.zip