Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix NPM packages name validation (#26595) #26606

Closed
wants to merge 1 commit into from
Closed

Fix NPM packages name validation (#26595) #26606

wants to merge 1 commit into from

Conversation

GiteaBot
Copy link
Collaborator

Backport #26595 by @TimberBro

As @silverwind suggested, I started from validate-npm-package-name, but found this solution too complicated.
Then I tried to fix existing regex myself, but thought, that exclude all restricted symbols is harder, than set only allowed symbols.
Then I search a bit more and found package-name-regex and regex from it works for all new test cases.

Let me know, if more information or help with this PR is needed.

@TimberBro @GiteaBot
Fix NPM packages name validation (go-gitea#26595)
1c0037e 
- Added new tests to cover corner cases
- Replace existing regex with new one
Closes go-gitea#26551 

---
As @silverwind suggested, I started from
[validate-npm-package-name](https://github.com/npm/validate-npm-package-name),
but found this solution too complicated.
Then I tried to fix existing regex myself, but thought, that exclude all
restricted symbols is harder, than set only allowed symbols.
Then I search a bit more and found
[package-name-regex](https://github.com/dword-design/package-name-regex)
and regex from it works for all new test cases.

Let me know, if more information or help with this PR is needed.
@GiteaBot GiteaBot added this to the 1.20.3 milestone Aug 20, 2023
@GiteaBot GiteaBot added the lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. label Aug 20, 2023
@pull-request-size pull-request-size bot added the size/S Denotes a PR that changes 10-29 lines, ignoring generated files. label Aug 20, 2023
@GiteaBot GiteaBot requested review from delvh and silverwind August 20, 2023 15:06
@silverwind silverwind enabled auto-merge (squash) August 20, 2023 15:28
@GiteaBot GiteaBot added lgtm/need 1 This PR needs approval from one additional maintainer to be merged. and removed lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. labels Aug 20, 2023
@GiteaBot GiteaBot added lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. and removed lgtm/need 1 This PR needs approval from one additional maintainer to be merged. labels Aug 20, 2023
@delvh
Copy link
Member

delvh commented Aug 20, 2023

Hmm…
Should we even backport it?
I mean, it is a bug but at the same time it is a breaking change…

@TimberBro
Copy link
Contributor

Why does it a breaking change?
I understand, that from regex perspective we restricted capital letters etc, but from general usage perspective it looks fine —
users still can upload packages, as if they uploaded them to npmjs.org.

@delvh
Copy link
Member

delvh commented Aug 20, 2023
edited
Loading

Yes, but packages that could previously be uploaded can no longer be uploaded.
In that sense, it is breaking.
For example, @[/[[ was previously an accepted name.
It isn't anymore.

@silverwind
Copy link
Member

silverwind commented Aug 20, 2023
edited
Loading

Might want to keep this for 1.21 when it's restricting the packages.

@silverwind silverwind closed this Aug 20, 2023
auto-merge was automatically disabled August 20, 2023 18:37

Pull request was closed

@GiteaBot GiteaBot removed this from the 1.20.3 milestone Aug 20, 2023
@go-gitea go-gitea locked as resolved and limited conversation to collaborators Nov 19, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@silverwind silverwind silverwind approved these changes

@delvh delvh delvh approved these changes

Assignees
No one assigned
Labels
lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. size/S Denotes a PR that changes 10-29 lines, ignoring generated files. topic/packages type/bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@GiteaBot @delvh @TimberBro @silverwind