186526
/
unpkg
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Remove "blacklist" feature

This commit is contained in:
MICHAEL JACKSON 2017-06-06 15:28:08 -07:00
parent 2ac8dc554e
commit 24662763b1
3 changed files with 2 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
client/About.md
View File

@ -41,10 +41,6 @@ The goal of unpkg is to provide a hassle-free CDN for npm package authors. It's
unpkg is not affiliated with or supported by npm, Inc. in any way. Please do not contact npm for help with unpkg.
### Abuse
unpkg blacklists some packages to prevent abuse. If you find a malicious package on npm, please take a moment to add it to [our blacklist](https://github.com/unpkg/unpkg.com/blob/master/server/package-blacklist.json)!
### Feedback
If you think this is useful, I'd love to hear from you. Please reach out to [@mjackson](https://twitter.com/mjackson) with any questions/concerns.

3
server/index.js
View File

@ -105,8 +105,7 @@ const defaultServerConfig = {
// for express-unpkg
registryURL: process.env.REGISTRY_URL || 'https://registry.npmjs.org',
redirectTTL: process.env.REDIRECT_TTL || 500,
autoIndex: !process.env.DISABLE_INDEX,
blacklist: require('./package-blacklist').blacklist
autoIndex: !process.env.DISABLE_INDEX
}
const startServer = (serverConfig = {}) => {

7
server/middleware/index.js
View File

@ -75,6 +75,7 @@ const resolveFile = (path, useIndex, callback) => {
* - registryURL The URL of the npm registry (defaults to https://registry.npmjs.org)
* - redirectTTL The TTL (in seconds) for redirects (defaults to 0)
* - autoIndex Automatically generate index HTML pages for directories (defaults to true)
* - maximumDepth The maximum recursion depth when generating metadata
*
* Supported URL schemes are:
*
@ -94,7 +95,6 @@ const createRequestHandler = (options = {}) => {
const redirectTTL = options.redirectTTL || 0
const autoIndex = options.autoIndex !== false
const maximumDepth = options.maximumDepth || Number.MAX_VALUE
const blacklist = options.blacklist || []
const handleRequest = (req, res) => {
let url
@ -110,11 +110,6 @@ const createRequestHandler = (options = {}) => {
const { pathname, search, query, packageName, version, filename } = url
const displayName = `${packageName}@${version}`
const isBlacklisted = blacklist.indexOf(packageName) !== -1
if (isBlacklisted)
return sendText(res, 403, `Package ${packageName} is blacklisted`)
// Step 1: Fetch the package from the registry and store a local copy.
// Redirect if the URL does not specify an exact version number.
const fetchPackage = (next) => {