feat: verify-store-integrity (#5112)

* feat: verify-store-integrity * docs: update changesets
2025-12-23 23:29:17 -05:00 · 2022-07-29 03:37:16 +03:00
parent f774dd1e16
commit cac34ad690
6 changed files with 42 additions and 5 deletions
--- a/.changeset/chatty-emus-drop.md
+++ b/.changeset/chatty-emus-drop.md
@@ -0,0 +1,8 @@
+---
+"@pnpm/config": minor
+"@pnpm/package-requester": minor
+"@pnpm/plugin-commands-installation": minor
+"pnpm": minor
+---
+
+`verify-store-integrity=false` makes pnpm skip checking the integrities of files in the global content-addressable store.
--- a/packages/config/src/index.ts
+++ b/packages/config/src/index.ts
@@ -225,6 +225,7 @@ export default async (
    'use-beta-cli': false,
    'use-inline-specifiers-lockfile-format': false,
    userconfig: npmDefaults.userconfig,
+    'verify-store-integrity': true,
    'virtual-store-dir': 'node_modules/.pnpm',
    'workspace-concurrency': 4,
    'workspace-prefix': opts.workspaceDir,
--- a/packages/package-requester/src/packageRequester.ts
+++ b/packages/package-requester/src/packageRequester.ts
@@ -110,14 +110,14 @@ export default function (
  const getFilePathInCafs = _getFilePathInCafs.bind(null, cafsDir)
  const fetch = fetcher.bind(null, opts.fetchers, opts.cafs)
  const fetchPackageToStore = fetchToStore.bind(null, {
-    checkFilesIntegrity: _checkFilesIntegrity.bind(null, cafsDir),
+    // eslint-disable-next-line @typescript-eslint/no-unnecessary-boolean-literal-compare
+    checkFilesIntegrity: opts.verifyStoreIntegrity === false ? async () => true : _checkFilesIntegrity.bind(null, cafsDir),
    fetch,
    fetchingLocker: new Map(),
    getFilePathByModeInCafs: _getFilePathByModeInCafs.bind(null, cafsDir),
    getFilePathInCafs,
    requestsQueue,
    storeDir: opts.storeDir,
-    verifyStoreIntegrity: opts.verifyStoreIntegrity,
  })
  const requestPackage = resolveAndFetch.bind(null, {
    engineStrict: opts.engineStrict,
@@ -128,7 +128,6 @@ export default function (
    requestsQueue,
    resolve: opts.resolve,
    storeDir: opts.storeDir,
-    verifyStoreIntegrity: opts.verifyStoreIntegrity,
  })

  return Object.assign(requestPackage, { fetchPackageToStore, requestPackage })
@@ -144,7 +143,6 @@ async function resolveAndFetch (
    resolve: ResolveFunction
    fetchPackageToStore: FetchPackageToStoreFunction
    storeDir: string
-    verifyStoreIntegrity: boolean
  },
  wantedDependency: WantedDependency & { optional?: boolean },
  options: RequestPackageOptions
@@ -302,7 +300,6 @@ function fetchToStore (
    getFilePathByModeInCafs: (integrity: string, mode: number) => string
    requestsQueue: {add: <T>(fn: () => Promise<T>, opts: {priority: number}) => Promise<T>}
    storeDir: string
-    verifyStoreIntegrity: boolean
  },
  opts: FetchPackageToStoreOptions
 ): {
--- a/packages/plugin-commands-installation/package.json
+++ b/packages/plugin-commands-installation/package.json
@@ -47,6 +47,7 @@
    "@types/sinon": "^10.0.13",
    "@types/yarnpkg__lockfile": "^1.1.5",
    "@types/zkochan__table": "npm:@types/table@6.0.0",
+    "delay": "^5.0.0",
    "path-name": "^1.0.0",
    "proxyquire": "^2.1.3",
    "read-yaml-file": "^2.1.0",
--- a/packages/plugin-commands-installation/test/install.ts
+++ b/packages/plugin-commands-installation/test/install.ts
@@ -1,6 +1,9 @@
+import fs from 'fs'
+import delay from 'delay'
 import path from 'path'
 import { add, install } from '@pnpm/plugin-commands-installation'
 import { prepareEmpty } from '@pnpm/prepare'
+import rimraf from '@zkochan/rimraf'
 import { DEFAULT_OPTS } from './utils'

 test('install fails if no package.json is found', async () => {
@@ -24,3 +27,28 @@ test('install does not fail when a new package is added', async () => {

  expect(pkg?.dependencies).toStrictEqual({ 'is-positive': '1.0.0' })
 })
+
+test('install with no store integrity validation', async () => {
+  prepareEmpty()
+
+  await add.handler({
+    ...DEFAULT_OPTS,
+    dir: process.cwd(),
+  }, ['is-positive@1.0.0'])
+
+  // We should have a short delay before modifying the file in the store.
+  // Otherwise pnpm will not consider it to be modified.
+  await delay(200)
+  const readmePath = path.join(DEFAULT_OPTS.storeDir, 'v3/files/9a/f6af85f55c111108eddf1d7ef7ef224b812e7c7bfabae41c79cf8bc9a910352536963809463e0af2799abacb975f22418a35a1d170055ef3fdc3b2a46ef1c5')
+  fs.writeFileSync(readmePath, 'modified', 'utf8')
+
+  await rimraf('node_modules')
+
+  await install.handler({
+    ...DEFAULT_OPTS,
+    dir: process.cwd(),
+    verifyStoreIntegrity: false,
+  })
+
+  expect(fs.readFileSync('node_modules/is-positive/readme.md', 'utf8')).toBe('modified')
+})
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -2318,6 +2318,7 @@ importers:
      '@zkochan/which': ^2.0.3
      camelcase-keys: ^6.2.2
      chalk: ^4.1.2
+      delay: ^5.0.0
      enquirer: ^2.3.6
      is-ci: ^3.0.1
      is-subdir: ^1.2.0
@@ -2402,6 +2403,7 @@ importers:
      '@types/sinon': 10.0.13
      '@types/yarnpkg__lockfile': 1.1.5
      '@types/zkochan__table': /@types/table/6.0.0
+      delay: 5.0.0
      path-name: 1.0.0
      proxyquire: 2.1.3
      read-yaml-file: 2.1.0