feat: load directories.bin as a bin object

Fix: npm/arborist#296
Fix: npm/cli#3446

PR-URL: #4
Credit: @isaacs
Close: #4
Reviewed-by: @nlf

Author: isaacs

index.js

@@ -1,15 +1,56 @@
 const {promisify} = require('util')
 const fs = require('fs')
 const readFile = promisify(fs.readFile)
+const lstat = promisify(fs.lstat)
+const readdir = promisify(fs.readdir)
 const parse = require('json-parse-even-better-errors')
+
+const { resolve, dirname, join, relative } = require('path')
+
 const rpj = path => readFile(path, 'utf8')
-  .then(data => normalize(stripUnderscores(parse(data))))
+  .then(data => readBinDir(path, normalize(stripUnderscores(parse(data)))))
   .catch(er => {
     er.path = path
     throw er
   })
+
 const normalizePackageBin = require('npm-normalize-package-bin')
 
+// load the directories.bin folder as a 'bin' object
+const readBinDir = async (path, data) => {
+  if (data.bin)
+    return data
+
+  const m = data.directories && data.directories.bin
+  if (!m || typeof m !== 'string')
+    return data
+
+  // cut off any monkey business, like setting directories.bin
+  // to ../../../etc/passwd or /etc/passwd or something like that.
+  const root = dirname(path)
+  const dir = join('.', join('/', m))
+  data.bin = await walkBinDir(root, dir, {})
+  return data
+}
+
+const walkBinDir = async (root, dir, obj) => {
+  const entries = await readdir(resolve(root, dir)).catch(() => [])
+  for (const entry of entries) {
+    if (entry.charAt(0) === '.')
+      continue
+    const f = resolve(root, dir, entry)
+    // ignore stat errors, weird file types, symlinks, etc.
+    const st = await lstat(f).catch(() => null)
+    if (!st)
+      continue
+    else if (st.isFile())
+      obj[entry] = relative(root, f)
+    else if (st.isDirectory())
+      await walkBinDir(root, join(dir, entry), obj)
+  }
+  return obj
+}
+
 // do not preserve _fields set in files, they are sus
 const stripUnderscores = data => {
   for (const key of Object.keys(data).filter(k => /^_/.test(k)))

test/basic.js

@@ -1,4 +1,5 @@
 const t = require('tap')
+
 const rpj = require('../')
 
 t.test('errors for bad/missing data', async t => {
@@ -273,3 +274,68 @@ t.test('strip _fields', async t => {
     // no _lodash
   })
 })
+
+t.test('load directories.bin', async t => {
+  const { basename } = require('path')
+  const fs = require('fs')
+  const rpj = t.mock('../', {
+    fs: {
+      ...fs,
+      lstat: (p, cb) => {
+        if (basename(p) === 'staterror')
+          cb(new Error('stat error'))
+        else
+          return fs.lstat(p, cb)
+      },
+      readdir: (p, cb) => {
+        if (basename(p) === 'readdirerror') {
+          cb(new Error('readdir error'))
+        } else
+          return fs.readdir(p, cb)
+      },
+    },
+  })
+  const path = t.testdir({
+    'package.json': JSON.stringify({
+      name: 'foo',
+      version: '1.2.3',
+      directories: {
+        bin: 'bin',
+      },
+    }),
+    bin: {
+      foo: 'foo',
+      bar: 'bar',
+      '.ignorethis': 'should be ignored',
+      linky: t.fixture('symlink', './foo'),
+      subdir: {
+        a: 'a',
+        b: 'b',
+        sub: {
+          suba: 'dub',
+        },
+      },
+      staterror: 'do not stat me please',
+      readdirerror: {
+        do: 'not',
+        read: 'this',
+        dir: 'please',
+      },
+    },
+  })
+  t.strictSame(await rpj(`${path}/package.json`), {
+    name: 'foo',
+    version: '1.2.3',
+    _id: '[email protected]',
+    directories: {
+      bin: 'bin',
+    },
+    bin: {
+      foo: 'bin/foo',
+      bar: 'bin/bar',
+      a: 'bin/subdir/a',
+      b: 'bin/subdir/b',
+      suba: 'bin/subdir/sub/suba',
+    },
+  })
+})