MCPcopy Index your code
hub / github.com/nodejs/node / nameKeyFor

Function nameKeyFor

deps/npm/lib/utils/allow-scripts-writer.js:72–96  ·  view source on GitHub ↗
(node)

Source from the content-addressed store, hash-verified

70// entry. Same trust rules as versionedKeyFor — returns `null` rather than
71// falling back to tarball-controlled fields.
72const nameKeyFor = (node) => {
73 if (!node) {
74 return null
75 }
76 const resolved = primaryResolvedSource(node)
77 if (resolved.startsWith('git')) {
78 try {
79 const parsed = npa(resolved)
80 if (parsed.hosted) {
81 return parsed.hosted.shortcut({ noCommittish: true })
82 }
83 } catch {
84 /* istanbul ignore next: npa already parsed this string in keyTargetsNode */
85 return null
86 }
87 return null
88 }
89 if (resolved.startsWith('file:') || resolved.startsWith('/')) {
90 return resolved
91 }
92 // Registry deps: only the URL-derived (or edges-derived, in the
93 // omit-lockfile case) trusted name is acceptable.
94 const trusted = getTrustedRegistryIdentity(node)
95 return trusted ? trusted.name : null
96}
97
98const isSingleVersionPin = (key) => {
99 try {

Callers 4

groupByPackageMethod · 0.85
applyApprovalForPackageFunction · 0.85
applyDenyForPackageFunction · 0.85

Calls 1

primaryResolvedSourceFunction · 0.85

Tested by

no test coverage detected

Used in the wild real call sites across dependent graphs

searching dependent graphs…