File tree Expand file tree Collapse file tree
extensions/npm/src/features Expand file tree Collapse file tree Original file line number Diff line number Diff line change @@ -249,7 +249,27 @@ export class PackageJSONContribution implements IJSONContribution {
249249 return null ;
250250 }
251251
252+ private isValidNPMName ( name : string ) : boolean {
253+ // following rules from https://github.com/npm/validate-npm-package-name
254+ if ( ! name || name . length > 214 || name . match ( / ^ [ _ . ] / ) ) {
255+ return false ;
256+ }
257+ const match = name . match ( / ^ (?: @ ( [ ^ / ] + ?) [ / ] ) ? ( [ ^ / ] + ?) $ / ) ;
258+ if ( match ) {
259+ const scope = match [ 1 ] ;
260+ if ( scope && encodeURIComponent ( scope ) !== scope ) {
261+ return false ;
262+ }
263+ const name = match [ 2 ] ;
264+ return encodeURIComponent ( name ) === name ;
265+ }
266+ return true ;
267+ }
268+
252269 private async fetchPackageInfo ( pack : string ) : Promise < ViewPackageInfo | undefined > {
270+ if ( ! this . isValidNPMName ( pack ) ) {
271+ return undefined ; // avoid unnecessary lookups
272+ }
253273 let info : ViewPackageInfo | undefined ;
254274 if ( this . canRunNPM ) {
255275 info = await this . npmView ( pack ) ;
@@ -260,7 +280,6 @@ export class PackageJSONContribution implements IJSONContribution {
260280 return info ;
261281 }
262282
263-
264283 private npmView ( pack : string ) : Promise < ViewPackageInfo | undefined > {
265284 return new Promise ( ( resolve , _reject ) => {
266285 const command = 'npm view --json ' + pack + ' description dist-tags.latest homepage version' ;
You can’t perform that action at this time.
0 commit comments