summaryrefslogtreecommitdiffstats
path: root/modules
diff options
context:
space:
mode:
authorTimberBro <mr.demix@yandex.ru>2023-08-20 17:06:42 +0200
committerGitHub <noreply@github.com>2023-08-20 17:06:42 +0200
commit84d05516dc430a7fbaf0572e976771e6785e208a (patch)
tree125bab33029390571683f4287c5a5072f89a1f01 /modules
parentUse "input" event instead of "keyup" event for migration form (#26602) (diff)
downloadforgejo-84d05516dc430a7fbaf0572e976771e6785e208a.tar.xz
forgejo-84d05516dc430a7fbaf0572e976771e6785e208a.zip
Fix NPM packages name validation (#26595)
- Added new tests to cover corner cases - Replace existing regex with new one Closes #26551 --- As @silverwind suggested, I started from [validate-npm-package-name](https://github.com/npm/validate-npm-package-name), but found this solution too complicated. Then I tried to fix existing regex myself, but thought, that exclude all restricted symbols is harder, than set only allowed symbols. Then I search a bit more and found [package-name-regex](https://github.com/dword-design/package-name-regex) and regex from it works for all new test cases. Let me know, if more information or help with this PR is needed.
Diffstat (limited to 'modules')
-rw-r--r--modules/packages/npm/creator.go2
-rw-r--r--modules/packages/npm/creator_test.go18
2 files changed, 19 insertions, 1 deletions
diff --git a/modules/packages/npm/creator.go b/modules/packages/npm/creator.go
index 5e7e0e2983..9e636757af 100644
--- a/modules/packages/npm/creator.go
+++ b/modules/packages/npm/creator.go
@@ -34,7 +34,7 @@ var (
ErrInvalidIntegrity = util.NewInvalidArgumentErrorf("failed to validate integrity")
)
-var nameMatch = regexp.MustCompile(`\A((@[^\s\/~'!\(\)\*]+?)[\/])?([^_.][^\s\/~'!\(\)\*]+)\z`)
+var nameMatch = regexp.MustCompile(`^(@[a-z0-9-][a-z0-9-._]*/)?[a-z0-9-][a-z0-9-._]*$`)
// Package represents a npm package
type Package struct {
diff --git a/modules/packages/npm/creator_test.go b/modules/packages/npm/creator_test.go
index 168f950038..806377a52b 100644
--- a/modules/packages/npm/creator_test.go
+++ b/modules/packages/npm/creator_test.go
@@ -67,6 +67,17 @@ func TestParsePackage(t *testing.T) {
test(t, " test")
test(t, "test ")
test(t, "te st")
+ test(t, "Test")
+ test(t, "_test")
+ test(t, ".test")
+ test(t, "^test")
+ test(t, "te^st")
+ test(t, "te|st")
+ test(t, "te)(st")
+ test(t, "te'st")
+ test(t, "te!st")
+ test(t, "te*st")
+ test(t, "te~st")
test(t, "invalid/scope")
test(t, "@invalid/_name")
test(t, "@invalid/.name")
@@ -93,6 +104,13 @@ func TestParsePackage(t *testing.T) {
test(t, "test")
test(t, "@scope/name")
+ test(t, "@scope/q")
+ test(t, "q")
+ test(t, "@scope/package-name")
+ test(t, "@scope/package.name")
+ test(t, "@scope/package_name")
+ test(t, "123name")
+ test(t, "----")
test(t, packageFullName)
})