Software: Apache. PHP/7.3.33 

uname -a: Linux acloudg.aryanict.com 4.18.0-513.9.1.lve.el8.x86_64 #1 SMP Mon Dec 4 15:01:22 UTC
2023 x86_64 

uid=1095(katebhospital) gid=1098(katebhospital) groups=1098(katebhospital) 

Safe-mode: OFF (not secure)

/opt/alt/alt-nodejs19/root/usr/lib/node_modules/npm/node_modules.bundled/libnpmaccess/lib/   drwxr-xr-x
Free 293.28 GB of 429.69 GB (68.25%)
                            Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    

Viewing file:     index.js (3.11 KB)      -rw-r--r--

'use strict'

const npa = require('npm-package-arg')
const npmFetch = require('npm-registry-fetch')

const npar = (spec) => {
  spec = npa(spec)
  if (!spec.registry) {
    throw new Error('must use package name only')
  }
  return spec
}

const parseTeam = (scopeTeam) => {
  let slice = 0
  if (scopeTeam.startsWith('@')) {
    slice = 1
  }
  const [scope, team] = scopeTeam.slice(slice).split(':').map(encodeURIComponent)
  return { scope, team }
}

const getPackages = async (scopeTeam, opts) => {
  const { scope, team } = parseTeam(scopeTeam)

  let uri
  if (team) {
    uri = `/-/team/${scope}/${team}/package`
  } else {
    uri = `/-/org/${scope}/package`
  }
  try {
    return await npmFetch.json(uri, opts)
  } catch (err) {
    if (err.code === 'E404') {
      uri = `/-/user/${scope}/package`
      return npmFetch.json(uri, opts)
    }
    throw err
  }
}

const getCollaborators = async (pkg, opts) => {
  const spec = npar(pkg)
  const uri = `/-/package/${spec.escapedName}/collaborators`
  return npmFetch.json(uri, opts)
}

const getVisibility = async (pkg, opts) => {
  const spec = npar(pkg)
  const uri = `/-/package/${spec.escapedName}/visibility`
  return npmFetch.json(uri, opts)
}

const setAccess = async (pkg, access, opts) => {
  const spec = npar(pkg)
  const uri = `/-/package/${spec.escapedName}/access`
  await npmFetch(uri, {
    ...opts,
    method: 'POST',
    body: { access },
    spec,
    ignoreBody: true,
  })
  return true
}

const setMfa = async (pkg, level, opts) => {
  const spec = npar(pkg)
  const body = {}
  switch (level) {
    case 'none':
      body.publish_requires_tfa = false
      break
    case 'publish':
      // tfa is required, automation tokens can not override tfa
      body.publish_requires_tfa = true
      body.automation_token_overrides_tfa = false
      break
    case 'automation':
      // tfa is required, automation tokens can override tfa
      body.publish_requires_tfa = true
      body.automation_token_overrides_tfa = true
      break
    default:
      throw new Error(`Invalid mfa setting ${level}`)
  }
  const uri = `/-/package/${spec.escapedName}/access`
  await npmFetch(uri, {
    ...opts,
    method: 'POST',
    body,
    spec,
    ignoreBody: true,
  })
  return true
}

const setPermissions = async (scopeTeam, pkg, permissions, opts) => {
  const spec = npar(pkg)
  const { scope, team } = parseTeam(scopeTeam)
  if (!scope || !team) {
    throw new Error('team must be in format `scope:team`')
  }
  const uri = `/-/team/${scope}/${team}/package`
  await npmFetch(uri, {
    ...opts,
    method: 'PUT',
    body: { package: spec.name, permissions },
    scope,
    spec,
    ignoreBody: true,
  })
  return true
}

const removePermissions = async (scopeTeam, pkg, opts) => {
  const spec = npar(pkg)
  const { scope, team } = parseTeam(scopeTeam)
  const uri = `/-/team/${scope}/${team}/package`
  await npmFetch(uri, {
    ...opts,
    method: 'DELETE',
    body: { package: spec.name },
    scope,
    spec,
    ignoreBody: true,
  })
  return true
}

module.exports = {
  getCollaborators,
  getPackages,
  getVisibility,
  removePermissions,
  setAccess,
  setMfa,
  setPermissions,
}