Mr.X

const libnpmaccess = require('libnpmaccess')
const npa = require('npm-package-arg')
const { output } = require('proc-log')
const pkgJson = require('@npmcli/package-json')
const localeCompare = require('@isaacs/string-locale-compare')('en')
const { otplease } = require('../utils/auth.js')
const getIdentity = require('../utils/get-identity.js')
const BaseCommand = require('../base-cmd.js')

const commands = [
  'get',
  'grant',
  'list',
  'revoke',
  'set',
]

const setCommands = [
  'status=public',
  'status=private',
  'mfa=none',
  'mfa=publish',
  'mfa=automation',
  '2fa=none',
  '2fa=publish',
  '2fa=automation',
]

class Access extends BaseCommand {
  static description = 'Set access level on published packages'
  static name = 'access'
  static params = [
    'json',
    'otp',
    'registry',
  ]

  static usage = [
    'list packages [<user>|<scope>|<scope:team>] [<package>]',
    'list collaborators [<package> [<user>]]',
    'get status [<package>]',
    'set status=public|private [<package>]',
    'set mfa=none|publish|automation [<package>]',
    'grant <read-only|read-write> <scope:team> [<package>]',
    'revoke <scope:team> [<package>]',
  ]

  static async completion (opts) {
    const argv = opts.conf.argv.remain
    if (argv.length === 2) {
      return commands
    }

    if (argv.length === 3) {
      switch (argv[2]) {
        case 'grant':
          return ['read-only', 'read-write']
        case 'revoke':
          return []
        case 'list':
        case 'ls':
          return ['packages', 'collaborators']
        case 'get':
          return ['status']
        case 'set':
          return setCommands
        default:
          throw new Error(argv[2] + ' not recognized')
      }
    }
  }

  async exec ([cmd, subcmd, ...args]) {
    if (!cmd) {
      throw this.usageError()
    }
    if (!commands.includes(cmd)) {
      throw this.usageError(`${cmd} is not a valid access command`)
    }
    // All commands take at least one more parameter so we can do this check up front
    if (!subcmd) {
      throw this.usageError()
    }

    switch (cmd) {
      case 'grant':
        if (!['read-only', 'read-write'].includes(subcmd)) {
          throw this.usageError('grant must be either `read-only` or `read-write`')
        }
        if (!args[0]) {
          throw this.usageError('`<scope:team>` argument is required')
        }
        return this.#grant(subcmd, args[0], args[1])
      case 'revoke':
        return this.#revoke(subcmd, args[0])
      case 'list':
      case 'ls':
        if (subcmd === 'packages') {
          return this.#listPackages(args[0], args[1])
        }
        if (subcmd === 'collaborators') {
          return this.#listCollaborators(args[0], args[1])
        }
        throw this.usageError(`list ${subcmd} is not a valid access command`)
      case 'get':
        if (subcmd !== 'status') {
          throw this.usageError(`get ${subcmd} is not a valid access command`)
        }
        return this.#getStatus(args[0])
      case 'set':
        if (!setCommands.includes(subcmd)) {
          throw this.usageError(`set ${subcmd} is not a valid access command`)
        }
        return this.#set(subcmd, args[0])
    }
  }

  async #grant (permissions, scope, pkg) {
    await libnpmaccess.setPermissions(scope, pkg, permissions, this.npm.flatOptions)
  }

  async #revoke (scope, pkg) {
    await libnpmaccess.removePermissions(scope, pkg, this.npm.flatOptions)
  }

  async #listPackages (owner, pkg) {
    if (!owner) {
      owner = await getIdentity(this.npm, this.npm.flatOptions)
    }
    const pkgs = await libnpmaccess.getPackages(owner, this.npm.flatOptions)
    this.#output(pkgs, pkg)
  }

  async #listCollaborators (pkg, user) {
    const pkgName = await this.#getPackage(pkg, false)
    const collabs = await libnpmaccess.getCollaborators(pkgName, this.npm.flatOptions)
    this.#output(collabs, user)
  }

  async #getStatus (pkg) {
    const pkgName = await this.#getPackage(pkg, false)
    const visibility = await libnpmaccess.getVisibility(pkgName, this.npm.flatOptions)
    this.#output({ [pkgName]: visibility.public ? 'public' : 'private' })
  }

  async #set (subcmd, pkg) {
    const [subkey, subval] = subcmd.split('=')
    switch (subkey) {
      case 'mfa':
      case '2fa':
        return this.#setMfa(pkg, subval)
      case 'status':
        return this.#setStatus(pkg, subval)
    }
  }

  async #setMfa (pkg, level) {
    const pkgName = await this.#getPackage(pkg, false)
    await otplease(this.npm, this.npm.flatOptions, (opts) => {
      return libnpmaccess.setMfa(pkgName, level, opts)
    })
  }

  async #setStatus (pkg, status) {
    // only scoped packages can have their access changed
    const pkgName = await this.#getPackage(pkg, true)
    if (status === 'private') {
      status = 'restricted'
    }
    await otplease(this.npm, this.npm.flatOptions, (opts) => {
      return libnpmaccess.setAccess(pkgName, status, opts)
    })
    return this.#getStatus(pkgName)
  }

  async #getPackage (name, requireScope) {
    if (!name) {
      try {
        const { content } = await pkgJson.normalize(this.npm.prefix)
        name = content.name
      } catch (err) {
        if (err.code === 'ENOENT') {
          throw Object.assign(new Error('no package name given and no package.json found'), {
            code: 'ENOENT',
          })
        } else {
          throw err
        }
      }
    }

    const spec = npa(name)
    if (requireScope && !spec.scope) {
      throw this.usageError('This command is only available for scoped packages.')
    }
    return name
  }

  #output (items, limiter) {
    const outputs = {}
    const lookup = {
      __proto__: null,
      read: 'read-only',
      write: 'read-write',
    }
    for (const item in items) {
      const val = items[item]
      outputs[item] = lookup[val] || val
    }
    if (this.npm.config.get('json')) {
      output.buffer(outputs)
    } else {
      for (const item of Object.keys(outputs).sort(localeCompare)) {
        if (!limiter || limiter === item) {
          output.standard(`${item}: ${outputs[item]}`)
        }
      }
    }
  }
}

module.exports = Access

Name	Type	Size	Permission
access.js	File	6.04 KB	0644
adduser.js	File	1.29 KB	0644
audit.js	File	3.15 KB	0644
bugs.js	File	847 B	0644
cache.js	File	7.12 KB	0644
ci.js	File	4.22 KB	0644
completion.js	File	8.9 KB	0644
config.js	File	11.18 KB	0644
dedupe.js	File	1.41 KB	0644
deprecate.js	File	2.13 KB	0644
diff.js	File	8 KB	0644
dist-tag.js	File	5.52 KB	0644
docs.js	File	449 B	0644
doctor.js	File	10.1 KB	0644
edit.js	File	1.76 KB	0644
exec.js	File	3.42 KB	0644
explain.js	File	3.58 KB	0644
explore.js	File	2.16 KB	0644
find-dupes.js	File	634 B	0644
fund.js	File	6.46 KB	0644
get.js	File	577 B	0644
help-search.js	File	5.52 KB	0644
help.js	File	3.66 KB	0644
hook.js	File	3.37 KB	0644
init.js	File	6.85 KB	0644
install-ci-test.js	File	373 B	0644
install-test.js	File	370 B	0644
install.js	File	5.15 KB	0644
link.js	File	5.25 KB	0644
ll.js	File	234 B	0644
login.js	File	1.29 KB	0644
logout.js	File	1.42 KB	0644
ls.js	File	16.81 KB	0644
org.js	File	4.02 KB	0644
outdated.js	File	7.7 KB	0644
owner.js	File	5.85 KB	0644
pack.js	File	2.6 KB	0644
ping.js	File	873 B	0644
pkg.js	File	3.56 KB	0644
prefix.js	File	335 B	0644
profile.js	File	10.57 KB	0644
prune.js	File	799 B	0644
publish.js	File	7.38 KB	0644
query.js	File	3.51 KB	0644
rebuild.js	File	2.19 KB	0644
repo.js	File	1.25 KB	0644
restart.js	File	310 B	0644
root.js	File	295 B	0644
run-script.js	File	6.08 KB	0644
sbom.js	File	4.51 KB	0644
search.js	File	1.83 KB	0644
set.js	File	671 B	0644
shrinkwrap.js	File	2.65 KB	0644
star.js	File	1.87 KB	0644
stars.js	File	1.03 KB	0644
start.js	File	300 B	0644
stop.js	File	295 B	0644
team.js	File	4.36 KB	0644
test.js	File	295 B	0644
token.js	File	6.02 KB	0644
uninstall.js	File	1.52 KB	0644
unpublish.js	File	5.27 KB	0644
unstar.js	File	183 B	0644
update.js	File	1.72 KB	0644
version.js	File	3.54 KB	0644
view.js	File	12.8 KB	0644
whoami.js	File	527 B	0644

Upload:

Command:

Filemanager

Server Info

System Info

User Info