diff options
author | David Glasser <glasser@davidglasser.net> | 2014-04-24 09:43:19 +0400 |
---|---|---|
committer | isaacs <i@izs.me> | 2014-05-01 21:28:18 +0400 |
commit | a71615abcd2cc2b2c532a81a9ef2247ea8c34084 (patch) | |
tree | f8c170f1648b07af5fe7c45743656a8d4ce6379d /scripts | |
parent | e90ef9e409b8de5601b52563b1bd52e68fcf5eba (diff) |
Check SHA before using files from cache
Fixes #3265.
Because 'npm install' *always* writes every package to the cache (even
if it isn't installed from the registry) before installing it, it's easy
to end up in a situation where "npm install foo" installs something
other than the appropriate version from the registry. eg:
npm cache clean
# Install a fork of version 0.0.1:
npm install https://github.com/glasser/npm-cache-corruption/tarball/93c447e
rm -rf node_modules
# Before this commit, this would install the same fork as above
npm install npm-cache-corruption
Diffstat (limited to 'scripts')
0 files changed, 0 insertions, 0 deletions