github.com/npm/cli.git - Unnamed repository; edit this file 'description' to name the repository.

diff options

author	David Glasser <glasser@davidglasser.net>	2014-04-24 09:43:19 +0400
committer	isaacs <i@izs.me>	2014-05-01 21:28:18 +0400
commit	a71615abcd2cc2b2c532a81a9ef2247ea8c34084 (patch)
tree	f8c170f1648b07af5fe7c45743656a8d4ce6379d /scripts
parent	e90ef9e409b8de5601b52563b1bd52e68fcf5eba (diff)

Check SHA before using files from cache

Fixes #3265. Because 'npm install' *always* writes every package to the cache (even if it isn't installed from the registry) before installing it, it's easy to end up in a situation where "npm install foo" installs something other than the appropriate version from the registry. eg: npm cache clean # Install a fork of version 0.0.1: npm install https://github.com/glasser/npm-cache-corruption/tarball/93c447e rm -rf node_modules # Before this commit, this would install the same fork as above npm install npm-cache-corruption

Diffstat (limited to 'scripts')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: