diff options
| author | Juan Heyns <juanheyns@gmail.com> | 2022-09-21 23:46:00 +0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-09-21 23:46:00 +0300 |
| commit | 0d90a011fff411c878ba4b44582f14ef7dbdceb1 (patch) | |
| tree | cc81580601c33c826d02f0dbcf7d6637d08ab314 | |
| parent | 874336699681ac37857167b2438fac19c059511c (diff) | |
fix(audit): add a condition to allow third-party registries returning E400 (#5480)
* Add a condition to fix third-party registries returning E400
* changed to a separate test.
Co-authored-by: Juan Heyns <jheyns@mit.edu>
| -rw-r--r-- | lib/commands/audit.js | 2 | ||||
| -rw-r--r-- | test/lib/commands/audit.js | 31 |
2 files changed, 31 insertions, 2 deletions
diff --git a/lib/commands/audit.js b/lib/commands/audit.js index 6ec870f03..feccefda0 100644 --- a/lib/commands/audit.js +++ b/lib/commands/audit.js @@ -156,7 +156,7 @@ class VerifySignatures { ...key, pemkey: `-----BEGIN PUBLIC KEY-----\n${key.key}\n-----END PUBLIC KEY-----`, }))).catch(err => { - if (err.code === 'E404') { + if (err.code === 'E404' || err.code === 'E400') { return null } else { throw err diff --git a/test/lib/commands/audit.js b/test/lib/commands/audit.js index b6c6c77a2..bfa68955c 100644 --- a/test/lib/commands/audit.js +++ b/test/lib/commands/audit.js @@ -1171,7 +1171,7 @@ t.test('audit signatures', async t => { t.matchSnapshot(joinedOutput()) }) - t.test('third-party registry without keys does not verify', async t => { + t.test('third-party registry without keys (E404) does not verify', async t => { const registryUrl = 'https://verdaccio-clone2.org' const { npm } = await loadMockNpm(t, { prefixDir: installWithThirdPartyRegistry, @@ -1200,6 +1200,35 @@ t.test('audit signatures', async t => { ) }) + t.test('third-party registry without keys (E400) does not verify', async t => { + const registryUrl = 'https://verdaccio-clone2.org' + const { npm } = await loadMockNpm(t, { + prefixDir: installWithThirdPartyRegistry, + config: { + '@npmcli:registry': registryUrl, + }, + }) + const registry = new MockRegistry({ tap: t, registry: registryUrl }) + const manifest = registry.manifest({ + name: '@npmcli/arborist', + packuments: [{ + version: '1.0.14', + dist: { + tarball: 'https://registry.npmjs.org/@npmcli/arborist/-/@npmcli/arborist-1.0.14.tgz', + integrity: 'sha512-caa8hv5rW9VpQKk6tyNRvSaVDySVjo9GkI7Wj/wcsFyxPm3tYrE' + + 'sFyTjSnJH8HCIfEGVQNjqqKXaXLFVp7UBag==', + }, + }], + }) + await registry.package({ manifest }) + registry.nock.get('/-/npm/v1/keys').reply(400) + + await t.rejects( + npm.exec('audit', ['signatures']), + /found no dependencies to audit that where installed from a supported registry/ + ) + }) + t.test('third-party registry with keys and signatures', async t => { const registryUrl = 'https://verdaccio-clone.org' const { npm, joinedOutput } = await loadMockNpm(t, { |