(npm, sources)
| 19 | // Read the `allow-scripts` value from one or more named config sources and |
| 20 | // build a policy object. Returns `null` if none of the sources has a value. |
| 21 | const policyFromSources = (npm, sources) => { |
| 22 | for (const where of sources) { |
| 23 | const value = npm.config.get?.('allow-scripts', where) |
| 24 | if (value === undefined) { |
| 25 | continue |
| 26 | } |
| 27 | const names = parseAllowScriptsList(value) |
| 28 | /* istanbul ignore else: parseAllowScriptsList returns non-empty when value is set */ |
| 29 | if (names.length) { |
| 30 | return buildPolicyFromNames(names) |
| 31 | } |
| 32 | } |
| 33 | return null |
| 34 | } |
| 35 | |
| 36 | const validatePolicy = (policy, sourceLabel) => { |
| 37 | // Drop and warn about keys with forbidden semver ranges (^, ~, >=, <, *). |
no test coverage detected
searching dependent graphs…