fix!: save the whole tarball URL, when it doesn't use the standard format (#6265)

2026-04-28 02:53:15 -04:00 · 2023-03-24 01:36:13 +02:00
parent 2a2032810f
commit 1d105e7fcd
4 changed files with 8 additions and 26 deletions
--- a/.changeset/beige-eggs-study.md
+++ b/.changeset/beige-eggs-study.md
@@ -0,0 +1,6 @@
+---
+"@pnpm/resolve-dependencies": major
+"pnpm": major
+---
+
+Save the whole tarball URL in the lockfile, if it doesn't use the standard format [#6265](https://github.com/pnpm/pnpm/pull/6265).
--- a/pkg-manager/core/test/lockfile.ts
+++ b/pkg-manager/core/test/lockfile.ts
@@ -768,7 +768,7 @@ test('save tarball URL when it is non-standard', async () => {

  const lockfile = await project.readLockfile()

-  expect((lockfile.packages['/esprima-fb@3001.1.0-dev-harmony-fb'].resolution as TarballResolution).tarball).toBe('esprima-fb/-/esprima-fb-3001.0001.0000-dev-harmony-fb.tgz')
+  expect((lockfile.packages['/esprima-fb@3001.1.0-dev-harmony-fb'].resolution as TarballResolution).tarball).toBe(`http://localhost:${REGISTRY_MOCK_PORT}/esprima-fb/-/esprima-fb-3001.0001.0000-dev-harmony-fb.tgz`)
 })

 test('packages installed via tarball URL from the default registry are normalized', async () => {
--- a/pkg-manager/resolve-dependencies/src/updateLockfile.ts
+++ b/pkg-manager/resolve-dependencies/src/updateLockfile.ts
@@ -252,7 +252,7 @@ function toLockfileResolution (
  if (removeProtocol(expectedTarball) !== removeProtocol(actualTarball)) {
    return {
      integrity: resolution['integrity'],
-      tarball: relativeTarball(resolution['tarball'], registry),
+      tarball: resolution['tarball'],
    }
  }
  return {
@@ -263,20 +263,3 @@ function toLockfileResolution (
 function removeProtocol (url: string) {
  return url.split('://')[1]
 }
-
-export function relativeTarball (tarball: string, registry: string) {
-  // It is important to save the tarball URL as "relative-path" (without the leading '/').
-  // Sometimes registries are located in a subdirectory of a website.
-  // For instance, https://mycompany.jfrog.io/mycompany/api/npm/npm-local/
-  // So the tarball location should be relative to the directory,
-  // it is not an absolute-path reference.
-  // So we add @mycompany/mypackage/-/@mycompany/mypackage-2.0.0.tgz
-  // not /@mycompany/mypackage/-/@mycompany/mypackage-2.0.0.tgz
-  // Related issue: https://github.com/pnpm/pnpm/issues/1827
-  if (tarball.slice(0, registry.length) !== registry) {
-    return tarball
-  }
-  const relative = tarball.slice(registry.length)
-  if (relative[0] === '/') return relative.substring(1)
-  return relative
-}
--- a/pkg-manager/resolve-dependencies/test/relativeTarball.test.ts
+++ b/pkg-manager/resolve-dependencies/test/relativeTarball.test.ts
@@ -1,7 +0,0 @@
-/// <reference path="../../../__typings__/index.d.ts" />
-import { relativeTarball } from '../lib/updateLockfile'
-
-test('relativeTarball()', () => {
-  expect(relativeTarball('https://registry.com/foo/bar.tgz', 'https://registry.com/foo')).toBe('bar.tgz')
-  expect(relativeTarball('https://registry.com/foo/bar.tgz', 'https://registry.com/foo/')).toBe('bar.tgz')
-})