Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/npm/cli.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--lib/install/read-shrinkwrap.js9
-rw-r--r--lib/shrinkwrap.js3
-rw-r--r--lib/utils/package-integrity.js21
-rw-r--r--test/tap/shrinkwrap-extra-metadata.js2
-rw-r--r--test/tap/shrinkwrap-package-integrity.js50
5 files changed, 0 insertions, 85 deletions
diff --git a/lib/install/read-shrinkwrap.js b/lib/install/read-shrinkwrap.js
index 56d8ce11e..de398fb40 100644
--- a/lib/install/read-shrinkwrap.js
+++ b/lib/install/read-shrinkwrap.js
@@ -9,7 +9,6 @@ const log = require('npmlog')
const parseJSON = require('../utils/parse-json.js')
const path = require('path')
const PKGLOCK_VERSION = require('../npm.js').lockfileVersion
-const pkgSri = require('../utils/package-integrity.js')
const readFileAsync = BB.promisify(fs.readFile)
@@ -34,14 +33,6 @@ function readShrinkwrap (child, next) {
throw ex
}
}
- if (
- pkgJson &&
- parsed &&
- parsed.packageIntegrity &&
- !pkgSri.check(JSON.parse(pkgJson), parsed.packageIntegrity)
- ) {
- log.info('read-shrinkwrap', `${name} will be updated because package.json does not match what it was generated against.`)
- }
if (parsed && parsed.lockfileVersion !== PKGLOCK_VERSION) {
log.warn('read-shrinkwrap', `This version of npm is compatible with lockfileVersion@${PKGLOCK_VERSION}, but ${name} was generated for lockfileVersion@${parsed.lockfileVersion || 0}. I'll try to do my best with it!`)
}
diff --git a/lib/shrinkwrap.js b/lib/shrinkwrap.js
index b12e63c91..428c12bba 100644
--- a/lib/shrinkwrap.js
+++ b/lib/shrinkwrap.js
@@ -17,7 +17,6 @@ const moduleName = require('./utils/module-name.js')
const move = require('move-concurrently')
const npm = require('./npm.js')
const path = require('path')
-const pkgSri = require('./utils/package-integrity.js')
const readPackageTree = BB.promisify(require('read-package-tree'))
const ssri = require('ssri')
const validate = require('aproba')
@@ -184,7 +183,6 @@ function updateLockfileMetadata (pkginfo, pkgJson) {
let metainfoWritten = false
const metainfo = new Set([
'lockfileVersion',
- 'packageIntegrity',
'preserveSymlinks'
])
Object.keys(pkginfo).forEach((k) => {
@@ -203,7 +201,6 @@ function updateLockfileMetadata (pkginfo, pkgJson) {
}
function writeMetainfo (pkginfo) {
pkginfo.lockfileVersion = PKGLOCK_VERSION
- pkginfo.packageIntegrity = pkgJson && pkgSri.hash(pkgJson)
if (process.env.NODE_PRESERVE_SYMLINKS) {
pkginfo.preserveSymlinks = process.env.NODE_PRESERVE_SYMLINKS
}
diff --git a/lib/utils/package-integrity.js b/lib/utils/package-integrity.js
deleted file mode 100644
index f9560d660..000000000
--- a/lib/utils/package-integrity.js
+++ /dev/null
@@ -1,21 +0,0 @@
-'use strict'
-
-// Utilities for generating and verifying the packageIntegrity field for
-// package-lock
-//
-// Spec: https://github.com/npm/npm/pull/16441
-
-const ssri = require('ssri')
-const SSRI_OPTS = {
- algorithms: ['sha512']
-}
-
-module.exports.check = check
-function check (pkg, integrity) {
- return ssri.checkData(JSON.stringify(pkg), integrity, SSRI_OPTS)
-}
-
-module.exports.hash = hash
-function hash (pkg) {
- return ssri.fromData(JSON.stringify(pkg), SSRI_OPTS).toString()
-}
diff --git a/test/tap/shrinkwrap-extra-metadata.js b/test/tap/shrinkwrap-extra-metadata.js
index 003476add..dd7f85ee8 100644
--- a/test/tap/shrinkwrap-extra-metadata.js
+++ b/test/tap/shrinkwrap-extra-metadata.js
@@ -7,7 +7,6 @@ const mr = require('npm-registry-mock')
const npm = require('../../lib/npm.js')
const osenv = require('osenv')
const path = require('path')
-const pkgSri = require('../../lib/utils/package-integrity.js')
const rimraf = require('rimraf')
const test = require('tap').test
@@ -51,7 +50,6 @@ test('adds additional metadata fields from the pkglock spec', function (t) {
'name': 'shrinkwrap-extra-metadata',
'version': '0.0.0',
'lockfileVersion': npm.lockfileVersion,
- 'packageIntegrity': pkgSri.hash(json),
'preserveSymlinks': 'foo'
},
JSON.parse(desired),
diff --git a/test/tap/shrinkwrap-package-integrity.js b/test/tap/shrinkwrap-package-integrity.js
deleted file mode 100644
index 6333757d7..000000000
--- a/test/tap/shrinkwrap-package-integrity.js
+++ /dev/null
@@ -1,50 +0,0 @@
-'use strict'
-
-const pkgsri = require('../../lib/utils/package-integrity.js')
-const ssri = require('ssri')
-const test = require('tap').test
-
-test('generates integrity according to spec', (t) => {
- const pkgJson = {
- 'name': 'foo',
- 'version': '1.0.0',
- 'dependencies': {
- 'x': '1.0.0'
- },
- 'devDependencies': {
- 'y': '1.0.0'
- },
- 'optionalDependencies': {
- 'z': '1.0.0'
- }
- }
- const integrity = pkgsri.hash(pkgJson)
- t.ok(integrity && integrity.toString(), 'hash returned')
- t.equal(
- ssri.parse(integrity).toString(),
- integrity,
- 'hash is a valid ssri string'
- )
- t.ok(pkgsri.check(pkgJson, integrity), 'same-data integrity check succeeds')
- t.done()
-})
-
-test('updates if anything changes in package.json', (t) => {
- const pkgJson = {
- 'name': 'foo',
- 'version': '1.0.0',
- 'dependencies': {
- 'x': '1.0.0'
- },
- 'devDependencies': {
- 'y': '1.0.0'
- },
- 'optionalDependencies': {
- 'z': '1.0.0'
- }
- }
- const sri = pkgsri.hash(pkgJson)
- pkgJson.version = '1.2.3'
- t.equal(pkgsri.check(pkgJson, sri), false, 'no match after pkgJson change')
- t.done()
-})
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-25 06:44:21 +0300