feat!: use SHA256 for hashing the pnpmfile content (#8530)

2026-04-10 18:18:56 -04:00 · 2024-09-16 01:19:03 +02:00
parent dcd2917ec7
commit bcffd4d72b
9 changed files with 36 additions and 11 deletions
--- a/.changeset/nine-cups-smash.md
+++ b/.changeset/nine-cups-smash.md
@@ -0,0 +1,6 @@
+---
+"@pnpm/pnpmfile": major
+"pnpm": major
+---
+
+Use SHA256 for storing the pnpmfile checksum in the lockfile [#8530](https://github.com/pnpm/pnpm/pull/8530).
--- a/crypto/hash/src/index.ts
+++ b/crypto/hash/src/index.ts
@@ -1,7 +1,19 @@
 import crypto from 'crypto'
+import fs from 'fs'

 export function createShortHash (input: string): string {
  const hash = crypto.createHash('sha256')
  hash.update(input)
  return hash.digest('hex').substring(0, 32)
 }
+
+export function createHash (input: string): string {
+  const hash = crypto.createHash('sha256')
+  hash.update(input)
+  return `sha256-${hash.digest('base64')}`
+}
+
+export async function createHashFromFile (file: string): Promise<string> {
+  const content = await fs.promises.readFile(file, 'utf8')
+  return createHash(content.split('\r\n').join('\n'))
+}
--- a/hooks/pnpmfile/package.json
+++ b/hooks/pnpmfile/package.json
@@ -35,7 +35,7 @@
  },
  "dependencies": {
    "@pnpm/core-loggers": "workspace:*",
-    "@pnpm/crypto.base32-hash": "workspace:*",
+    "@pnpm/crypto.hash": "workspace:*",
    "@pnpm/error": "workspace:*",
    "@pnpm/hooks.types": "workspace:*",
    "@pnpm/lockfile.types": "workspace:*",
--- a/hooks/pnpmfile/src/requireHooks.ts
+++ b/hooks/pnpmfile/src/requireHooks.ts
@@ -1,6 +1,6 @@
 import type { PreResolutionHookContext, PreResolutionHookLogger } from '@pnpm/hooks.types'
 import { hookLogger } from '@pnpm/core-loggers'
-import { createBase32HashFromFile } from '@pnpm/crypto.base32-hash'
+import { createHashFromFile } from '@pnpm/crypto.hash'
 import pathAbsolute from 'path-absolute'
 import type { CustomFetchers } from '@pnpm/fetcher-base'
 import { type ImportIndexedPackageAsync } from '@pnpm/store-controller-types'
@@ -40,7 +40,7 @@ export function requireHooks (
  let hooks: Hooks | undefined = pnpmFile?.hooks

  if (!globalHooks && !hooks) return { afterAllResolved: [], filterLog: [], readPackage: [] }
-  const calculatePnpmfileChecksum = hooks ? () => createBase32HashFromFile(pnpmfilePath) : undefined
+  const calculatePnpmfileChecksum = hooks ? () => createHashFromFile(pnpmfilePath) : undefined
  globalHooks = globalHooks ?? {}
  hooks = hooks ?? {}
  const cookedHooks: CookedHooks & Required<Pick<CookedHooks, 'filterLog'>> = {
--- a/hooks/pnpmfile/tsconfig.json
+++ b/hooks/pnpmfile/tsconfig.json
@@ -9,6 +9,9 @@
    "../../__typings__/**/*.d.ts"
  ],
  "references": [
+    {
+      "path": "../../crypto/hash"
+    },
    {
      "path": "../../fetching/fetcher-base"
    },
@@ -18,9 +21,6 @@
    {
      "path": "../../packages/core-loggers"
    },
-    {
-      "path": "../../packages/crypto.base32-hash"
-    },
    {
      "path": "../../packages/error"
    },
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -2667,9 +2667,9 @@ importers:
      '@pnpm/core-loggers':
        specifier: workspace:*
        version: link:../../packages/core-loggers
-      '@pnpm/crypto.base32-hash':
+      '@pnpm/crypto.hash':
        specifier: workspace:*
-        version: link:../../packages/crypto.base32-hash
+        version: link:../../crypto/hash
      '@pnpm/error':
        specifier: workspace:*
        version: link:../../packages/error
@@ -5494,6 +5494,9 @@ importers:
      '@pnpm/crypto.base32-hash':
        specifier: workspace:*
        version: link:../packages/crypto.base32-hash
+      '@pnpm/crypto.hash':
+        specifier: workspace:*
+        version: link:../crypto/hash
      '@pnpm/default-reporter':
        specifier: workspace:*
        version: link:../cli/default-reporter
--- a/pnpm/package.json
+++ b/pnpm/package.json
@@ -32,6 +32,7 @@
    "@pnpm/config": "workspace:*",
    "@pnpm/constants": "workspace:*",
    "@pnpm/core-loggers": "workspace:*",
+    "@pnpm/crypto.hash": "workspace:*",
    "@pnpm/crypto.base32-hash": "workspace:*",
    "@pnpm/default-reporter": "workspace:*",
    "@pnpm/dependency-path": "workspace:*",
--- a/pnpm/test/hooks.ts
+++ b/pnpm/test/hooks.ts
@@ -1,6 +1,6 @@
 import fs from 'fs'
 import path from 'path'
-import { createBase32Hash } from '@pnpm/crypto.base32-hash'
+import { createHash } from '@pnpm/crypto.hash'
 import { type PackageManifest } from '@pnpm/types'
 import { prepare, preparePackages } from '@pnpm/prepare'
 import { REGISTRY_MOCK_PORT } from '@pnpm/registry-mock'
@@ -253,7 +253,7 @@ test('adding or changing pnpmfile should change pnpmfileChecksum and module stru
  await execPnpm(['install'])

  const lockfile1 = project.readLockfile()
-  expect(lockfile1.pnpmfileChecksum).toBe(createBase32Hash(pnpmfile1))
+  expect(lockfile1.pnpmfileChecksum).toBe(createHash(pnpmfile1))
  expect(lockfile1.packages).toHaveProperty(['@pnpm.e2e/pkg-with-good-optional@1.0.0'])
  expect(lockfile1.packages).not.toHaveProperty(['is-positive@1.0.0']) // this should be removed due to being optional dependency

@@ -274,7 +274,7 @@ test('adding or changing pnpmfile should change pnpmfileChecksum and module stru
  await execPnpm(['install'])

  const lockfile2 = project.readLockfile()
-  expect(lockfile2.pnpmfileChecksum).toBe(createBase32Hash(pnpmfile2))
+  expect(lockfile2.pnpmfileChecksum).toBe(createHash(pnpmfile2))
  expect(lockfile2.snapshots).toMatchObject({
    '@pnpm.e2e/foo@100.0.0': expect.any(Object),
    '@pnpm.e2e/bar@100.0.0': expect.any(Object),
--- a/pnpm/tsconfig.json
+++ b/pnpm/tsconfig.json
@@ -54,6 +54,9 @@
    {
      "path": "../config/plugin-commands-config"
    },
+    {
+      "path": "../crypto/hash"
+    },
    {
      "path": "../env/path"
    },