MCPcopy Index your code
hub / github.com/nodejs/node / applyDenyForPackage

Function applyDenyForPackage

deps/npm/lib/utils/allow-scripts-writer.js:291–319  ·  view source on GitHub ↗
(existing, nodes)

Source from the content-addressed store, hash-verified

289
290// Apply a deny for a single package. Always name-only; ignores `--allow-scripts-pin`.
291const applyDenyForPackage = (existing, nodes) => {
292 const allowScripts = { ...existing }
293 const changes = []
294
295 if (!Array.isArray(nodes) || nodes.length === 0) {
296 return { allowScripts, changes }
297 }
298
299 const sample = nodes[0]
300 const name = nameKeyFor(sample)
301 if (!name) {
302 return { allowScripts, changes }
303 }
304
305 // Drop any pinned allow entries for this package: the name-only deny
306 // overrides them anyway, and leaving them in place is confusing.
307 for (const key of Object.keys(allowScripts)) {
308 if (keyTargetsNode(key, sample) && key !== name) {
309 delete allowScripts[key]
310 changes.push({ key, change: 'removed-pinned-allow' })
311 }
312 }
313
314 if (allowScripts[name] !== false) {
315 allowScripts[name] = false
316 changes.push({ key: name, change: 'added' })
317 }
318 return { allowScripts, changes }
319}
320
321module.exports = {
322 applyApprovalForPackage,

Callers 2

writePolicyChangesMethod · 0.85

Calls 4

nameKeyForFunction · 0.85
keyTargetsNodeFunction · 0.85
keysMethod · 0.65
pushMethod · 0.45

Tested by

no test coverage detected