Package: npm / 5.8.0+ds6-4+deb10u2

Metadata

Package Version Patches format
npm 5.8.0+ds6-4+deb10u2 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
2001_unicode_in_md.patch | (download)

doc/cli/npm-ls.md | 4 2 + 2 - 0 !
doc/files/package.json.md | 4 2 + 2 - 0 !
2 files changed, 4 insertions(+), 4 deletions(-)

 
 keep md files ascii
 It is simpler to generate documentation if only ascii is needed,
 otherwise `ronn` requires to install some UTF8 locale.
2003_fix_doc.patch | (download)

doc/files/npm-folders.md | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 
 ruby-ronn does not handle h4
2004_remove_shebang.patch | (download)

lib/utils/completion.sh | 1 0 + 1 - 0 !
1 file changed, 1 deletion(-)

 
 remove shebang from completion script
2005_index_build_dont_run_npm.patch | (download)

scripts/doc-build.sh | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 
 do not run cli.js as it depends on many packages.
 Get the version from package.json instead.
2010_privacy_breach_travis.patch | (download)

README.md | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 
 remove remote image from readme.md to avoid privacy breach
 The README.md is converted to html and is part of the installed docs.
2011_node gyp path.patch | (download)

bin/node-gyp-bin/node-gyp | 2 1 + 1 - 0 !
node_modules/npm-lifecycle/index.js | 2 1 + 1 - 0 !
node_modules/npm-lifecycle/node-gyp-bin/node-gyp | 2 1 + 1 - 0 !
3 files changed, 3 insertions(+), 3 deletions(-)

 
 use the debian packaged version of node-gyp instead
 of the convenience copy that was removed on repack.
2012_marked_path.patch | (download)

Makefile | 10 6 + 4 - 0 !
scripts/doc-build.sh | 4 2 + 2 - 0 !
2 files changed, 8 insertions(+), 6 deletions(-)

 
 use debian packaged marked and marked-man to build documentation
2013_make_clean_force.patch | (download)

Makefile | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 
 npm nows chokes on cache clean unless --force is added
2014_remove_readable_stream.patch | (download)

node_modules/npm-profile/package.json | 1 0 + 1 - 0 !
node_modules/npm-registry-client/package.json | 1 0 + 1 - 0 !
node_modules/pacote/package.json | 1 0 + 1 - 0 !
package.json | 2 0 + 2 - 0 !
4 files changed, 5 deletions(-)

 
---
2015_use_system_libnpx_1.patch | (download)

Makefile | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 
---
new lru cache.patch | (download)

lib/fetch-package-metadata.js | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

 
 call new on lru-cache, it's a class
CVE 2019 16775 bin links.diff | (download)

node_modules/bin-links/index.js | 17 16 + 1 - 0 !
1 file changed, 16 insertions(+), 1 deletion(-)

 
 sanitize and validate bin and man link targets
 Part of CVE-2019-16776 fix
CVE 2019 16775 npm packlist.diff | (download)

node_modules/npm-packlist/index.js | 4 3 + 1 - 0 !
1 file changed, 3 insertions(+), 1 deletion(-)

 
 sanitize and normalize package bin field
 Part of CVE-2019-16776 fix
CVE 2019 16775 pacote.diff | (download)

node_modules/pacote/lib/fetchers/directory.js | 3 2 + 1 - 0 !
node_modules/pacote/lib/finalize-manifest.js | 14 3 + 11 - 0 !
2 files changed, 5 insertions(+), 12 deletions(-)

 
 sanitize and normalize package bin field
 Part of CVE-2019-16776 fix
CVE 2019 16775 add npm normalize package bin.diff | (download)

node_modules/npm-normalize-package-bin/LICENSE | 15 15 + 0 - 0 !
node_modules/npm-normalize-package-bin/README.md | 14 14 + 0 - 0 !
node_modules/npm-normalize-package-bin/index.js | 60 60 + 0 - 0 !
node_modules/npm-normalize-package-bin/package.json | 58 58 + 0 - 0 !
4 files changed, 147 insertions(+)

 
 add npm-normalize-package-bin package
 Needed to CVE-2019-16775 fix
CVE 2020 15095.diff | (download)

bin/npm-cli.js | 4 3 + 1 - 0 !
lib/fetch-package-metadata.js | 9 6 + 3 - 0 !
lib/utils/error-handler.js | 5 4 + 1 - 0 !
lib/utils/error-message.js | 5 5 + 0 - 0 !
lib/utils/replace-info.js | 22 22 + 0 - 0 !
5 files changed, 40 insertions(+), 5 deletions(-)

 
 chore: remove auth info from logs