MICHAEL JACKSON
@ -41,6 +41,10 @@ The goal of unpkg is to provide a hassle-free CDN for npm package authors. It's
|
|||||||
|
|
||||||
unpkg is not affiliated with or supported by npm, Inc. in any way. Please do not contact npm for help with unpkg.
|
unpkg is not affiliated with or supported by npm, Inc. in any way. Please do not contact npm for help with unpkg.
|
||||||
|
|
||||||
|
### Abuse
|
||||||
|
|
||||||
|
unpkg blacklists some packages to prevent abuse. If you find a malicious package on npm, please take a moment to add it to [our blacklist](https://github.com/unpkg/unpkg.com/blob/master/server/package-blacklist.json)!
|
||||||
|
|
||||||
### Feedback
|
### Feedback
|
||||||
|
|
||||||
If you think this is useful, I'd love to hear from you. Please reach out to [@mjackson](https://twitter.com/mjackson) with any questions/concerns.
|
If you think this is useful, I'd love to hear from you. Please reach out to [@mjackson](https://twitter.com/mjackson) with any questions/concerns.
|
||||||
|
|||||||
@ -103,7 +103,8 @@ const defaultServerConfig = {
|
|||||||
|
|
||||||
// for the middleware
|
// for the middleware
|
||||||
registryURL: process.env.REGISTRY_URL || 'https://registry.npmjs.org',
|
registryURL: process.env.REGISTRY_URL || 'https://registry.npmjs.org',
|
||||||
autoIndex: !process.env.DISABLE_INDEX
|
autoIndex: !process.env.DISABLE_INDEX,
|
||||||
|
blacklist: require('./package-blacklist').blacklist
|
||||||
}
|
}
|
||||||
|
|
||||||
const startServer = (serverConfig = {}) => {
|
const startServer = (serverConfig = {}) => {
|
||||||
|
|||||||
@ -73,7 +73,6 @@ const resolveFile = (path, useIndex, callback) => {
|
|||||||
*
|
*
|
||||||
* - registryURL The URL of the npm registry (defaults to https://registry.npmjs.org)
|
* - registryURL The URL of the npm registry (defaults to https://registry.npmjs.org)
|
||||||
* - autoIndex Automatically generate index HTML pages for directories (defaults to true)
|
* - autoIndex Automatically generate index HTML pages for directories (defaults to true)
|
||||||
* - maximumDepth The maximum recursion depth when generating metadata
|
|
||||||
*
|
*
|
||||||
* Supported URL schemes are:
|
* Supported URL schemes are:
|
||||||
*
|
*
|
||||||
@ -92,6 +91,7 @@ const createRequestHandler = (options = {}) => {
|
|||||||
const registryURL = options.registryURL || 'https://registry.npmjs.org'
|
const registryURL = options.registryURL || 'https://registry.npmjs.org'
|
||||||
const autoIndex = options.autoIndex !== false
|
const autoIndex = options.autoIndex !== false
|
||||||
const maximumDepth = options.maximumDepth || Number.MAX_VALUE
|
const maximumDepth = options.maximumDepth || Number.MAX_VALUE
|
||||||
|
const blacklist = options.blacklist || []
|
||||||
|
|
||||||
const handleRequest = (req, res) => {
|
const handleRequest = (req, res) => {
|
||||||
let url
|
let url
|
||||||
@ -107,6 +107,11 @@ const createRequestHandler = (options = {}) => {
|
|||||||
const { pathname, search, query, packageName, version, filename } = url
|
const { pathname, search, query, packageName, version, filename } = url
|
||||||
const displayName = `${packageName}@${version}`
|
const displayName = `${packageName}@${version}`
|
||||||
|
|
||||||
|
const isBlacklisted = blacklist.indexOf(packageName) !== -1
|
||||||
|
|
||||||
|
if (isBlacklisted)
|
||||||
|
return sendText(res, 403, `Package ${packageName} is blacklisted`)
|
||||||
|
|
||||||
// Step 1: Fetch the package from the registry and store a local copy.
|
// Step 1: Fetch the package from the registry and store a local copy.
|
||||||
// Redirect if the URL does not specify an exact version number.
|
// Redirect if the URL does not specify an exact version number.
|
||||||
const fetchPackage = (next) => {
|
const fetchPackage = (next) => {
|
||||||
|
|||||||
Reference in New Issue
Block a user