From 3f63c748acceb109aa53eff9dc56bb98675c00e4 Mon Sep 17 00:00:00 2001 From: David Glasser Date: Sat, 23 Aug 2014 19:51:46 -0700 Subject: [PATCH] Prevent accidental top-level package creation --- tools/commands-packages.js | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/tools/commands-packages.js b/tools/commands-packages.js index c292243580..bc138fb1dc 100644 --- a/tools/commands-packages.js +++ b/tools/commands-packages.js @@ -176,7 +176,10 @@ main.registerCommand({ // locally (and other local packages you may have) instead of downloading // the source bundle. It does verify that the source is the same, though. // Good for bootstrapping things in the core release. - 'existing-version': { type: Boolean } + 'existing-version': { type: Boolean }, + // This is the equivalent of "sudo": make sure that administrators don't + // accidentally put their personal packages in the top level namespace. + 'top-level': { type: Boolean } }, requiresPackage: true }, function (options) { @@ -246,6 +249,14 @@ main.registerCommand({ "package, do not use the --create flag! \n"); return 2; } + + if (!options['top-level'] && !packageName.match(/:/)) { + process.stderr.write( +"To confirm that you wish to create a top-level package with no account\n" + +"prefix, please run this command again with the --top-level option.\n" + +"(Only administrators can create top-level packages without an account prefix)\n"); + return 2; + } }; // We have initialized everything, so perform the publish oepration.