diff options
author | Kat Marchán <kzm@sykosomatic.org> | 2017-05-17 03:11:49 +0300 |
---|---|---|
committer | Rebecca Turner <me@re-becca.org> | 2017-05-26 04:55:23 +0300 |
commit | 317ae92913781539d9feeb84a9ac487d355cb60c (patch) | |
tree | 07199afd6e8366213d4d56cfd1b518b723cee5ab /lib | |
parent | 932888fc6977412a4be0117b6681334f6a3cd44b (diff) |
shrinkwrap: update packageIntegrity for spec compliance
Diffstat (limited to 'lib')
-rw-r--r-- | lib/install/read-shrinkwrap.js | 4 | ||||
-rw-r--r-- | lib/shrinkwrap.js | 7 | ||||
-rw-r--r-- | lib/utils/package-integrity.js | 21 |
3 files changed, 26 insertions, 6 deletions
diff --git a/lib/install/read-shrinkwrap.js b/lib/install/read-shrinkwrap.js index 5a6e4a85a..913c30348 100644 --- a/lib/install/read-shrinkwrap.js +++ b/lib/install/read-shrinkwrap.js @@ -9,7 +9,7 @@ const log = require('npmlog') const parseJSON = require('../utils/parse-json.js') const path = require('path') const PKGLOCK_VERSION = require('../npm.js').lockfileVersion -const ssri = require('ssri') +const pkgSri = require('../utils/package-integrity.js') const readFileAsync = BB.promisify(fs.readFile) @@ -38,7 +38,7 @@ function readShrinkwrap (child, next) { pkgJson && parsed && parsed.packageIntegrity && - !ssri.checkData(pkgJson, parsed.packageIntegrity) + !pkgSri.check(JSON.parse(pkgJson), parsed.packageIntegrity) ) { log.info('read-shrinkwrap', `${name} will be updated because package.json does not match what it was generated against.`) } diff --git a/lib/shrinkwrap.js b/lib/shrinkwrap.js index 77deb1958..82023c6ab 100644 --- a/lib/shrinkwrap.js +++ b/lib/shrinkwrap.js @@ -19,6 +19,7 @@ const move = require('move-concurrently') const npm = require('./npm.js') const packageId = require('./utils/package-id.js') const path = require('path') +const pkgSri = require('./utils/package-integrity.js') const readPackageTree = BB.promisify(require('read-package-tree')) const ssri = require('ssri') const validate = require('aproba') @@ -230,9 +231,7 @@ function updateLockfileMetadata (pkginfo, pkgJson) { function writeMetainfo (pkginfo) { pkginfo.createdWith = `npm@${npm.version}` pkginfo.lockfileVersion = PKGLOCK_VERSION - pkginfo.packageIntegrity = pkgJson && ssri.fromData(pkgJson, { - algorithms: ['sha512'] - }).toString() + pkginfo.packageIntegrity = pkgJson && pkgSri.hash(pkgJson) metainfoWritten = true } return newPkg @@ -245,7 +244,7 @@ function checkPackageFile (dir, name) { ).then((data) => { return { path: file, - data, + data: JSON.parse(data), indent: detectIndent(data).indent || 2 } }).catch({code: 'ENOENT'}, () => {}) diff --git a/lib/utils/package-integrity.js b/lib/utils/package-integrity.js new file mode 100644 index 000000000..f9560d660 --- /dev/null +++ b/lib/utils/package-integrity.js @@ -0,0 +1,21 @@ +'use strict' + +// Utilities for generating and verifying the packageIntegrity field for +// package-lock +// +// Spec: https://github.com/npm/npm/pull/16441 + +const ssri = require('ssri') +const SSRI_OPTS = { + algorithms: ['sha512'] +} + +module.exports.check = check +function check (pkg, integrity) { + return ssri.checkData(JSON.stringify(pkg), integrity, SSRI_OPTS) +} + +module.exports.hash = hash +function hash (pkg) { + return ssri.fromData(JSON.stringify(pkg), SSRI_OPTS).toString() +} |