diff options
author | Kat Marchán <kzm@sykosomatic.org> | 2017-05-26 06:18:23 +0300 |
---|---|---|
committer | Kat Marchán <kzm@sykosomatic.org> | 2017-05-26 06:21:58 +0300 |
commit | 794c10e689634cbb85133f8de2b25411f374436b (patch) | |
tree | 536b0592a8ca73cef625341531c642502362977d /lib | |
parent | 674004c4c5ef50ed303add582351b32e2293b78e (diff) |
pkglock: remove packageIntegrity field of doom
Diffstat (limited to 'lib')
-rw-r--r-- | lib/install/read-shrinkwrap.js | 9 | ||||
-rw-r--r-- | lib/shrinkwrap.js | 3 | ||||
-rw-r--r-- | lib/utils/package-integrity.js | 21 |
3 files changed, 0 insertions, 33 deletions
diff --git a/lib/install/read-shrinkwrap.js b/lib/install/read-shrinkwrap.js index 56d8ce11e..de398fb40 100644 --- a/lib/install/read-shrinkwrap.js +++ b/lib/install/read-shrinkwrap.js @@ -9,7 +9,6 @@ const log = require('npmlog') const parseJSON = require('../utils/parse-json.js') const path = require('path') const PKGLOCK_VERSION = require('../npm.js').lockfileVersion -const pkgSri = require('../utils/package-integrity.js') const readFileAsync = BB.promisify(fs.readFile) @@ -34,14 +33,6 @@ function readShrinkwrap (child, next) { throw ex } } - if ( - pkgJson && - parsed && - parsed.packageIntegrity && - !pkgSri.check(JSON.parse(pkgJson), parsed.packageIntegrity) - ) { - log.info('read-shrinkwrap', `${name} will be updated because package.json does not match what it was generated against.`) - } if (parsed && parsed.lockfileVersion !== PKGLOCK_VERSION) { log.warn('read-shrinkwrap', `This version of npm is compatible with lockfileVersion@${PKGLOCK_VERSION}, but ${name} was generated for lockfileVersion@${parsed.lockfileVersion || 0}. I'll try to do my best with it!`) } diff --git a/lib/shrinkwrap.js b/lib/shrinkwrap.js index b12e63c91..428c12bba 100644 --- a/lib/shrinkwrap.js +++ b/lib/shrinkwrap.js @@ -17,7 +17,6 @@ const moduleName = require('./utils/module-name.js') const move = require('move-concurrently') const npm = require('./npm.js') const path = require('path') -const pkgSri = require('./utils/package-integrity.js') const readPackageTree = BB.promisify(require('read-package-tree')) const ssri = require('ssri') const validate = require('aproba') @@ -184,7 +183,6 @@ function updateLockfileMetadata (pkginfo, pkgJson) { let metainfoWritten = false const metainfo = new Set([ 'lockfileVersion', - 'packageIntegrity', 'preserveSymlinks' ]) Object.keys(pkginfo).forEach((k) => { @@ -203,7 +201,6 @@ function updateLockfileMetadata (pkginfo, pkgJson) { } function writeMetainfo (pkginfo) { pkginfo.lockfileVersion = PKGLOCK_VERSION - pkginfo.packageIntegrity = pkgJson && pkgSri.hash(pkgJson) if (process.env.NODE_PRESERVE_SYMLINKS) { pkginfo.preserveSymlinks = process.env.NODE_PRESERVE_SYMLINKS } diff --git a/lib/utils/package-integrity.js b/lib/utils/package-integrity.js deleted file mode 100644 index f9560d660..000000000 --- a/lib/utils/package-integrity.js +++ /dev/null @@ -1,21 +0,0 @@ -'use strict' - -// Utilities for generating and verifying the packageIntegrity field for -// package-lock -// -// Spec: https://github.com/npm/npm/pull/16441 - -const ssri = require('ssri') -const SSRI_OPTS = { - algorithms: ['sha512'] -} - -module.exports.check = check -function check (pkg, integrity) { - return ssri.checkData(JSON.stringify(pkg), integrity, SSRI_OPTS) -} - -module.exports.hash = hash -function hash (pkg) { - return ssri.fromData(JSON.stringify(pkg), SSRI_OPTS).toString() -} |