186526
/
unpkg
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Revert "Remove "blacklist" feature" 

This reverts commit 24662763b1.
This commit is contained in:
MICHAEL JACKSON 2017-07-03 15:20:45 -07:00
parent bb3e73918a
commit 3f044cb7e7
3 changed files with 12 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
client/About.md
View File

@ -41,6 +41,10 @@ The goal of unpkg is to provide a hassle-free CDN for npm package authors. It's
unpkg is not affiliated with or supported by npm, Inc. in any way. Please do not contact npm for help with unpkg.
### Abuse
unpkg blacklists some packages to prevent abuse. If you find a malicious package on npm, please take a moment to add it to [our blacklist](https://github.com/unpkg/unpkg.com/blob/master/server/package-blacklist.json)!
### Feedback
If you think this is useful, I'd love to hear from you. Please reach out to [@mjackson](https://twitter.com/mjackson) with any questions/concerns.

3
server/index.js
View File

@ -103,7 +103,8 @@ const defaultServerConfig = {
// for the middleware
registryURL: process.env.REGISTRY_URL || 'https://registry.npmjs.org',
autoIndex: !process.env.DISABLE_INDEX
autoIndex: !process.env.DISABLE_INDEX,
blacklist: require('./package-blacklist').blacklist
}
const startServer = (serverConfig = {}) => {

7
server/middleware/index.js
View File

@ -73,7 +73,6 @@ const resolveFile = (path, useIndex, callback) => {
*
* - registryURL The URL of the npm registry (defaults to https://registry.npmjs.org)
* - autoIndex Automatically generate index HTML pages for directories (defaults to true)
* - maximumDepth The maximum recursion depth when generating metadata
*
* Supported URL schemes are:
*
@ -92,6 +91,7 @@ const createRequestHandler = (options = {}) => {
const registryURL = options.registryURL || 'https://registry.npmjs.org'
const autoIndex = options.autoIndex !== false
const maximumDepth = options.maximumDepth || Number.MAX_VALUE
const blacklist = options.blacklist || []
const handleRequest = (req, res) => {
let url
@ -107,6 +107,11 @@ const createRequestHandler = (options = {}) => {
const { pathname, search, query, packageName, version, filename } = url
const displayName = `${packageName}@${version}`
const isBlacklisted = blacklist.indexOf(packageName) !== -1
if (isBlacklisted)
return sendText(res, 403, `Package ${packageName} is blacklisted`)
// Step 1: Fetch the package from the registry and store a local copy.
// Redirect if the URL does not specify an exact version number.
const fetchPackage = (next) => {