mirror of
https://github.com/pnpm/pnpm.git
synced 2026-02-15 17:42:31 -05:00
fix: don't install package from store that doesn't satisfy min release age (#9980)
close #9978
This commit is contained in:
6
.changeset/eleven-teams-juggle.md
Normal file
6
.changeset/eleven-teams-juggle.md
Normal file
@@ -0,0 +1,6 @@
|
||||
---
|
||||
"@pnpm/npm-resolver": patch
|
||||
"pnpm": patch
|
||||
---
|
||||
|
||||
Don't ignore the `minimumReleaseAge` check, when the package is requested by exact version and the packument is loaded from cache [#9978](https://github.com/pnpm/pnpm/issues/9978).
|
||||
@@ -191,9 +191,18 @@ export async function pickPackage (
|
||||
// use the cached meta only if it has the required package version
|
||||
// otherwise it is probably out of date
|
||||
if ((metaCachedInStore?.versions?.[spec.fetchSpec]) != null) {
|
||||
return {
|
||||
meta: metaCachedInStore,
|
||||
pickedPackage: metaCachedInStore.versions[spec.fetchSpec],
|
||||
try {
|
||||
const pickedPackage = _pickPackageFromMeta(spec, opts.preferredVersionSelectors, metaCachedInStore, opts.publishedBy)
|
||||
if (pickedPackage) {
|
||||
return {
|
||||
meta: metaCachedInStore,
|
||||
pickedPackage,
|
||||
}
|
||||
}
|
||||
} catch (err) {
|
||||
if (ctx.strictPublishedByCheck) {
|
||||
throw err
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -80,3 +80,40 @@ test('request metadata when the one in cache does not have a version satisfying
|
||||
expect(resolveResult!.resolvedVia).toBe('npm-registry')
|
||||
expect(resolveResult!.id).toBe('bad-dates@1.0.0')
|
||||
})
|
||||
|
||||
test('do not pick version that does not satisfy the date requirement even if it is loaded from cache and requested by exact version', async () => {
|
||||
const cacheDir = tempy.directory()
|
||||
const fooMeta = {
|
||||
'dist-tags': {},
|
||||
versions: {
|
||||
'1.0.0': {
|
||||
dist: {
|
||||
integrity: 'sha512-9Qa5b+9n69IEuxk4FiNcavXqkixb9lD03BLtdTeu2bbORnLZQrw+pR/exiSg7SoODeu08yxS47mdZa9ddodNwQ==',
|
||||
shasum: '857db584a1ba5d1cb2980527fc3b6c435d37b0fd',
|
||||
tarball: 'https://registry.npmjs.org/is-positive/-/foo-1.0.0.tgz',
|
||||
},
|
||||
},
|
||||
},
|
||||
time: {
|
||||
'1.0.0': '2016-08-17T19:26:00.508Z',
|
||||
},
|
||||
cachedAt: '2016-08-17T19:26:00.508Z',
|
||||
}
|
||||
fs.mkdirSync(path.join(cacheDir, `${FULL_FILTERED_META_DIR}/registry.npmjs.org`), { recursive: true })
|
||||
fs.writeFileSync(path.join(cacheDir, `${FULL_FILTERED_META_DIR}/registry.npmjs.org/foo.json`), JSON.stringify(fooMeta), 'utf8')
|
||||
|
||||
nock(registries.default)
|
||||
.get('/foo')
|
||||
.reply(200, fooMeta)
|
||||
|
||||
const { resolveFromNpm } = createResolveFromNpm({
|
||||
cacheDir,
|
||||
filterMetadata: true,
|
||||
fullMetadata: true,
|
||||
registries,
|
||||
strictPublishedByCheck: true,
|
||||
})
|
||||
await expect(resolveFromNpm({ alias: 'foo', bareSpecifier: '1.0.0' }, {
|
||||
publishedBy: new Date('2015-08-17T19:26:00.508Z'),
|
||||
})).rejects.toThrow('No matching version found')
|
||||
})
|
||||
|
||||
Reference in New Issue
Block a user