Revert "Remove "blacklist" feature"

This reverts commit 24662763b1.

server/index.js

@@ -103,7 +103,8 @@ const defaultServerConfig = {
 
   // for the middleware
   registryURL: process.env.REGISTRY_URL || 'https://registry.npmjs.org',
-  autoIndex: !process.env.DISABLE_INDEX
+  autoIndex: !process.env.DISABLE_INDEX,
+  blacklist: require('./package-blacklist').blacklist
 }
 
 const startServer = (serverConfig = {}) => {

server/middleware/index.js

@@ -73,7 +73,6 @@ const resolveFile = (path, useIndex, callback) => {
  *
  * - registryURL    The URL of the npm registry (defaults to https://registry.npmjs.org)
  * - autoIndex      Automatically generate index HTML pages for directories (defaults to true)
- * - maximumDepth   The maximum recursion depth when generating metadata
  *
  * Supported URL schemes are:
  *
@@ -92,6 +91,7 @@ const createRequestHandler = (options = {}) => {
   const registryURL = options.registryURL || 'https://registry.npmjs.org'
   const autoIndex = options.autoIndex !== false
   const maximumDepth = options.maximumDepth || Number.MAX_VALUE
+  const blacklist = options.blacklist || []
 
   const handleRequest = (req, res) => {
     let url
@@ -107,6 +107,11 @@ const createRequestHandler = (options = {}) => {
     const { pathname, search, query, packageName, version, filename } = url
     const displayName = `${packageName}@${version}`
 
+    const isBlacklisted = blacklist.indexOf(packageName) !== -1
+
+    if (isBlacklisted)
+      return sendText(res, 403, `Package ${packageName} is blacklisted`)
+
     // Step 1: Fetch the package from the registry and store a local copy.
     // Redirect if the URL does not specify an exact version number.
     const fetchPackage = (next) => {