186526
/
unpkg
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Remove "blacklist" feature

This commit is contained in:
MICHAEL JACKSON 2017-06-06 15:28:08 -07:00
parent 2ac8dc554e
commit 24662763b1
3 changed files with 2 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
client/About.md
View File

@ -41,10 +41,6 @@ The goal of unpkg is to provide a hassle-free CDN for npm package authors. It's
unpkg is not affiliated with or supported by npm, Inc. in any way. Please do not contact npm for help with unpkg. unpkg is not affiliated with or supported by npm, Inc. in any way. Please do not contact npm for help with unpkg.
### Abuse
unpkg blacklists some packages to prevent abuse. If you find a malicious package on npm, please take a moment to add it to [our blacklist](https://github.com/unpkg/unpkg.com/blob/master/server/package-blacklist.json)!
### Feedback ### Feedback
If you think this is useful, I'd love to hear from you. Please reach out to [@mjackson](https://twitter.com/mjackson) with any questions/concerns. If you think this is useful, I'd love to hear from you. Please reach out to [@mjackson](https://twitter.com/mjackson) with any questions/concerns.

3
server/index.js
View File

@ -105,8 +105,7 @@ const defaultServerConfig = {
// for express-unpkg // for express-unpkg
registryURL: process.env.REGISTRY_URL || 'https://registry.npmjs.org', registryURL: process.env.REGISTRY_URL || 'https://registry.npmjs.org',
redirectTTL: process.env.REDIRECT_TTL || 500, redirectTTL: process.env.REDIRECT_TTL || 500,
autoIndex: !process.env.DISABLE_INDEX, autoIndex: !process.env.DISABLE_INDEX
blacklist: require('./package-blacklist').blacklist
} }
const startServer = (serverConfig = {}) => { const startServer = (serverConfig = {}) => {

7
server/middleware/index.js
View File

@ -75,6 +75,7 @@ const resolveFile = (path, useIndex, callback) => {
* - registryURL The URL of the npm registry (defaults to https://registry.npmjs.org) * - registryURL The URL of the npm registry (defaults to https://registry.npmjs.org)
* - redirectTTL The TTL (in seconds) for redirects (defaults to 0) * - redirectTTL The TTL (in seconds) for redirects (defaults to 0)
* - autoIndex Automatically generate index HTML pages for directories (defaults to true) * - autoIndex Automatically generate index HTML pages for directories (defaults to true)
* - maximumDepth The maximum recursion depth when generating metadata
* *
* Supported URL schemes are: * Supported URL schemes are:
* *
@ -94,7 +95,6 @@ const createRequestHandler = (options = {}) => {
const redirectTTL = options.redirectTTL || 0 const redirectTTL = options.redirectTTL || 0
const autoIndex = options.autoIndex !== false const autoIndex = options.autoIndex !== false
const maximumDepth = options.maximumDepth || Number.MAX_VALUE const maximumDepth = options.maximumDepth || Number.MAX_VALUE
const blacklist = options.blacklist || []
const handleRequest = (req, res) => { const handleRequest = (req, res) => {
let url let url
@ -110,11 +110,6 @@ const createRequestHandler = (options = {}) => {
const { pathname, search, query, packageName, version, filename } = url const { pathname, search, query, packageName, version, filename } = url
const displayName = `${packageName}@${version}` const displayName = `${packageName}@${version}`
const isBlacklisted = blacklist.indexOf(packageName) !== -1
if (isBlacklisted)
return sendText(res, 403, `Package ${packageName} is blacklisted`)
// Step 1: Fetch the package from the registry and store a local copy. // Step 1: Fetch the package from the registry and store a local copy.
// Redirect if the URL does not specify an exact version number. // Redirect if the URL does not specify an exact version number.
const fetchPackage = (next) => { const fetchPackage = (next) => {