From 553dd4388a896e748f983938a5fa7315119ebc7d Mon Sep 17 00:00:00 2001 From: Antoine du Hamel Date: Fri, 19 Jul 2024 16:31:42 +0200 Subject: [PATCH 1/6] fix: fallback to `shasum` when `integrity` is not defined Some npm registries do not define an `integrity` field, in which case we can try using the `shasum` field instead. --- sources/npmRegistryUtils.ts | 8 ++++++-- tests/_registryServer.mjs | 3 +-- tests/main.test.ts | 26 ++++++++++++++++++++++++++ 3 files changed, 33 insertions(+), 4 deletions(-) diff --git a/sources/npmRegistryUtils.ts b/sources/npmRegistryUtils.ts index c1df215bb..ac90eeee0 100644 --- a/sources/npmRegistryUtils.ts +++ b/sources/npmRegistryUtils.ts @@ -62,7 +62,7 @@ export function verifySignature({signatures, integrity, packageName, version}: { export async function fetchLatestStableVersion(packageName: string) { const metadata = await fetchAsJson(packageName, `latest`); - const {version, dist: {integrity, signatures}} = metadata; + const {version, dist: {integrity, signatures, shasum}} = metadata; if (!shouldSkipIntegrityCheck()) { verifySignature({ @@ -71,7 +71,11 @@ export async function fetchLatestStableVersion(packageName: string) { }); } - return `${version}+sha512.${Buffer.from(integrity.slice(7), `base64`).toString(`hex`)}`; + return `${version}+${ + integrity ? + `sha512.${Buffer.from(integrity.slice(7), `base64`).toString(`hex`)}`: + `sha1.${shasum}` + }`; } export async function fetchAvailableTags(packageName: string) { diff --git a/tests/_registryServer.mjs b/tests/_registryServer.mjs index d616fa2fc..baef8d134 100644 --- a/tests/_registryServer.mjs +++ b/tests/_registryServer.mjs @@ -88,6 +88,7 @@ function generateSignature(packageName, version) { if (privateKey == null) return undefined; const sign = createSign(`SHA256`).end(`${packageName}@${version}:${integrity}`); return {signatures: [{ + integrity, keyid, sig: sign.sign(privateKey, `base64`), }]}; @@ -100,10 +101,8 @@ function generateVersionMetadata(packageName, version) { [packageName]: `./bin/${packageName}.js`, }, dist: { - integrity, shasum, size: mockPackageTarGz.length, - noattachment: false, tarball: `https://registry.npmjs.org/${packageName}/-/${packageName}-${version}.tgz`, ...generateSignature(packageName, version), }, diff --git a/tests/main.test.ts b/tests/main.test.ts index e1fa7ce05..b7807db3d 100644 --- a/tests/main.test.ts +++ b/tests/main.test.ts @@ -887,6 +887,32 @@ it(`should download yarn berry from custom registry`, async () => { }); }); +it(`should download latest pnpm from custom registry`, async () => { + await xfs.mktempPromise(async cwd => { + process.env.AUTH_TYPE = `COREPACK_NPM_TOKEN`; // See `_registryServer.mjs` + process.env.COREPACK_DEFAULT_TO_LATEST = `1`; + process.env.COREPACK_INTEGRITY_KEYS = `0`; + + await xfs.writeJsonPromise(ppath.join(cwd, `package.json` as Filename), { + }); + + await expect(runCli(cwd, [`pnpm`, `--version`], true)).resolves.toMatchObject({ + exitCode: 0, + stdout: `pnpm: Hello from custom registry\n`, + stderr: + `! The local project doesn't define a 'packageManager' field. Corepack will now add one referencing pnpm@1.9998.9999+sha1.d862ca5bedaa7d2328b8bde6ce2bac5141681f48.\n` + + `! For more details about this field, consult the documentation at https://nodejs.org/api/packages.html#packagemanager\n`, + }); + + // Should keep working with cache + await expect(runCli(cwd, [`pnpm`, `--version`])).resolves.toMatchObject({ + exitCode: 0, + stdout: `pnpm: Hello from custom registry\n`, + stderr: ``, + }); + }); +}); + for (const authType of [`COREPACK_NPM_REGISTRY`, `COREPACK_NPM_TOKEN`, `COREPACK_NPM_PASSWORD`, `PROXY`]) { describe(`custom registry with auth ${authType}`, () => { beforeEach(() => { From d6106e2e55f7595581f5ee1b7102a810de2a17e1 Mon Sep 17 00:00:00 2001 From: Antoine du Hamel Date: Fri, 19 Jul 2024 16:38:31 +0200 Subject: [PATCH 2/6] fixup! fix: fallback to `shasum` when `integrity` is not defined --- tests/main.test.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/main.test.ts b/tests/main.test.ts index b7807db3d..d75d8e78e 100644 --- a/tests/main.test.ts +++ b/tests/main.test.ts @@ -901,7 +901,7 @@ it(`should download latest pnpm from custom registry`, async () => { stdout: `pnpm: Hello from custom registry\n`, stderr: `! The local project doesn't define a 'packageManager' field. Corepack will now add one referencing pnpm@1.9998.9999+sha1.d862ca5bedaa7d2328b8bde6ce2bac5141681f48.\n` + - `! For more details about this field, consult the documentation at https://nodejs.org/api/packages.html#packagemanager\n`, + `! For more details about this field, consult the documentation at https://nodejs.org/api/packages.html#packagemanager\n\n`, }); // Should keep working with cache From 0de49b0e97a3ea2802212fb070fa67b6c3d62d6d Mon Sep 17 00:00:00 2001 From: Antoine du Hamel Date: Fri, 19 Jul 2024 16:39:19 +0200 Subject: [PATCH 3/6] fixup! fix: fallback to `shasum` when `integrity` is not defined --- sources/npmRegistryUtils.ts | 6 +++--- tests/main.test.ts | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/sources/npmRegistryUtils.ts b/sources/npmRegistryUtils.ts index ac90eeee0..963241755 100644 --- a/sources/npmRegistryUtils.ts +++ b/sources/npmRegistryUtils.ts @@ -73,9 +73,9 @@ export async function fetchLatestStableVersion(packageName: string) { return `${version}+${ integrity ? - `sha512.${Buffer.from(integrity.slice(7), `base64`).toString(`hex`)}`: - `sha1.${shasum}` - }`; + `sha512.${Buffer.from(integrity.slice(7), `base64`).toString(`hex`)}` : + `sha1.${shasum}` + }`; } export async function fetchAvailableTags(packageName: string) { diff --git a/tests/main.test.ts b/tests/main.test.ts index d75d8e78e..940deea04 100644 --- a/tests/main.test.ts +++ b/tests/main.test.ts @@ -899,7 +899,7 @@ it(`should download latest pnpm from custom registry`, async () => { await expect(runCli(cwd, [`pnpm`, `--version`], true)).resolves.toMatchObject({ exitCode: 0, stdout: `pnpm: Hello from custom registry\n`, - stderr: + stderr: `! The local project doesn't define a 'packageManager' field. Corepack will now add one referencing pnpm@1.9998.9999+sha1.d862ca5bedaa7d2328b8bde6ce2bac5141681f48.\n` + `! For more details about this field, consult the documentation at https://nodejs.org/api/packages.html#packagemanager\n\n`, }); From c7062ffff7cca71c3d7730ad2d9851f724bf7698 Mon Sep 17 00:00:00 2001 From: Antoine du Hamel Date: Fri, 19 Jul 2024 16:46:15 +0200 Subject: [PATCH 4/6] fixup! fix: fallback to `shasum` when `integrity` is not defined --- tests/main.test.ts | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/tests/main.test.ts b/tests/main.test.ts index 940deea04..c9becc722 100644 --- a/tests/main.test.ts +++ b/tests/main.test.ts @@ -899,9 +899,7 @@ it(`should download latest pnpm from custom registry`, async () => { await expect(runCli(cwd, [`pnpm`, `--version`], true)).resolves.toMatchObject({ exitCode: 0, stdout: `pnpm: Hello from custom registry\n`, - stderr: - `! The local project doesn't define a 'packageManager' field. Corepack will now add one referencing pnpm@1.9998.9999+sha1.d862ca5bedaa7d2328b8bde6ce2bac5141681f48.\n` + - `! For more details about this field, consult the documentation at https://nodejs.org/api/packages.html#packagemanager\n\n`, + stderr: /^! The local project doesn't define a 'packageManager' field\. Corepack will now add one referencing pnpm@1\.9998\.9999/, }); // Should keep working with cache From 9c725d7d48fd80e08fb9ecab6512e769d241c1bd Mon Sep 17 00:00:00 2001 From: Antoine du Hamel Date: Fri, 19 Jul 2024 17:08:02 +0200 Subject: [PATCH 5/6] fixup! fix: fallback to `shasum` when `integrity` is not defined --- tests/_registryServer.mjs | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/tests/_registryServer.mjs b/tests/_registryServer.mjs index baef8d134..701cc1ac3 100644 --- a/tests/_registryServer.mjs +++ b/tests/_registryServer.mjs @@ -87,8 +87,7 @@ const registry = { function generateSignature(packageName, version) { if (privateKey == null) return undefined; const sign = createSign(`SHA256`).end(`${packageName}@${version}:${integrity}`); - return {signatures: [{ - integrity, + return {integrity, signatures: [{ keyid, sig: sign.sign(privateKey, `base64`), }]}; From d7e42382719fb3fdde7f3be14c648d3ed179ab3f Mon Sep 17 00:00:00 2001 From: Antoine du Hamel Date: Fri, 19 Jul 2024 17:11:06 +0200 Subject: [PATCH 6/6] fixup! fix: fallback to `shasum` when `integrity` is not defined --- tests/main.test.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/main.test.ts b/tests/main.test.ts index c9becc722..ac4ae802a 100644 --- a/tests/main.test.ts +++ b/tests/main.test.ts @@ -899,7 +899,7 @@ it(`should download latest pnpm from custom registry`, async () => { await expect(runCli(cwd, [`pnpm`, `--version`], true)).resolves.toMatchObject({ exitCode: 0, stdout: `pnpm: Hello from custom registry\n`, - stderr: /^! The local project doesn't define a 'packageManager' field\. Corepack will now add one referencing pnpm@1\.9998\.9999/, + stderr: /^! The local project doesn't define a 'packageManager' field\. Corepack will now add one referencing pnpm@1\.9998\.9999@sha1\./, }); // Should keep working with cache