mirror/pnpm - pnpm - Gitea: Git with a cup of tea

mirror/pnpm

Fork 0

mirror of https://github.com/pnpm/pnpm.git synced 2026-05-14 03:26:13 -04:00

Commit Graph

Author	SHA1	Message	Date
Zoltan Kochan	187049055f	chore: upgrade @typescript/native-preview to 7.0.0-dev.20260421.2 (#11332 ) * chore: upgrade @typescript/native-preview to 7.0.0-dev.20260421.2 - Add explicit `types: ["node"]` to the shared tsconfig because tsgo 20260421 no longer auto-acquires `@types/` from `node_modules`. - Refactor test files to explicitly import jest globals (`describe`, `it`, `test`, `expect`, `beforeEach`, etc.) from `@jest/globals` instead of relying on `@types/jest` ambient declarations. Under the new tsgo build, `import { jest } from '@jest/globals'` shadows the ambient `jest` namespace, breaking `@types/jest`'s `declare var describe: jest.Describe;` globals. - Add `@jest/globals` to each package's devDependencies where tests now import from it, and add `@types/node` to packages that need it but were relying on hoisted resolution. - Replace `fail()` calls with `throw new Error(...)` since `fail` is no longer globally available. chore: fix remaining tsgo type-strictness errors - Strip `as <PnpmType>` casts on objects passed to toMatchObject / toStrictEqual / toEqual; @jest/globals rejects the typed objects (which include AsymmetricMatchers) vs. the repo-specific type. - Type `jest.fn<...>()` explicitly where the mock's signature matters for toHaveBeenCalledWith. - Replace `beforeEach(() => X)` with `beforeEach(() => { X })` so the return value is void, as the stricter jest typing requires. - Use `expect.objectContaining({...})` in one place where the full expected object triggered stricter type resolution. - Cast `prompt.mock.calls` arg through `as unknown as Record<...>[]` for patch.test.ts's nested-array matchers. - Fix off-by-one `<reference path>` in pnpm/test/getConfig.test.ts that only surfaced now. - Move `@jest/globals` from devDependencies to dependencies in the two `__utils__` packages that import it from `src/`. - Clean up unused imports from the @jest/globals migration. * chore: address Copilot review on #11332 - Move misplaced `@jest/globals` imports to the top import block in checkEngine, run.ts, and workspace/root-finder tests where the script dropped them below executable code. - Replace `try { await x(); throw new Error('should have thrown') } catch` in bins/linker, lockfile/fs, and resolving/local-resolver tests with `await expect(x()).rejects.toMatchObject({...})`. The old pattern swallowed an unrelated `throw` if the under-test call silently succeeded, which would fail on the catch-block assertion with a misleading message.	2026-04-21 22:50:40 +02:00
Zoltan Kochan	45a6cb6b2a	refactor(auth): unify auth/SSL into structured configByUri (#11201 ) Replaces the dual `authConfig` (raw .npmrc) + `authInfos` (parsed auth) + `sslConfigs` (parsed SSL) pattern with a single structured `configByUri: Record<string, RegistryConfig>` field on Config. ### New types (`@pnpm/types`) - `RegistryConfig` — per-registry config: `{ creds?: Creds, tls?: TlsConfig }` - `Creds` — auth credentials: `{ authToken?, basicAuth?, tokenHelper? }` - `TlsConfig` — TLS config: `{ cert?, key?, ca? }` ### Key changes - Rewrite `createGetAuthHeaderByURI` to accept `Record<string, RegistryConfig>` instead of raw .npmrc key-value pairs - Eliminate duplicate auth parsing between `getAuthHeadersFromConfig` and `getNetworkConfigs` - Remove `authConfig` from the install pipeline (`StrictInstallOptions`, `HeadlessOptions`), replaced by `configByUri` - Remove `sslConfigs` from Config — SSL fields now live in `configByUri[uri].tls` - Remove `authConfig['registry']` mutation in `extendInstallOptions` (default registry now passed directly to `createGetAuthHeaderByURI`) - `authConfig` remains on Config only for raw .npmrc access (config commands, error reporting, config inheritance) ### Security - tokenHelper in project .npmrc now throws instead of being silently stripped - tokenHelper execution uses `shell: false` to prevent shell metacharacter injection - Basic auth uses `Buffer.from().toString('base64')` instead of `btoa()` for Unicode safety - Dispatcher only creates custom agents when entries actually have TLS fields	2026-04-05 20:15:10 +02:00

Author

SHA1

Message

Date

Zoltan Kochan

187049055f

chore: upgrade @typescript/native-preview to 7.0.0-dev.20260421.2 (#11332 )

* chore: upgrade @typescript/native-preview to 7.0.0-dev.20260421.2

- Add explicit `types: ["node"]` to the shared tsconfig because tsgo
  20260421 no longer auto-acquires `@types/*` from `node_modules`.
- Refactor test files to explicitly import jest globals (`describe`,
  `it`, `test`, `expect`, `beforeEach`, etc.) from `@jest/globals`
  instead of relying on `@types/jest` ambient declarations. Under the
  new tsgo build, `import { jest } from '@jest/globals'` shadows the
  ambient `jest` namespace, breaking `@types/jest`'s `declare var
  describe: jest.Describe;` globals.
- Add `@jest/globals` to each package's devDependencies where tests
  now import from it, and add `@types/node` to packages that need it
  but were relying on hoisted resolution.
- Replace `fail()` calls with `throw new Error(...)` since `fail` is
  no longer globally available.

* chore: fix remaining tsgo type-strictness errors

- Strip `as <PnpmType>` casts on objects passed to toMatchObject /
  toStrictEqual / toEqual; @jest/globals rejects the typed objects
  (which include AsymmetricMatchers) vs. the repo-specific type.
- Type `jest.fn<...>()` explicitly where the mock's signature matters
  for toHaveBeenCalledWith.
- Replace `beforeEach(() => X)` with `beforeEach(() => { X })` so the
  return value is void, as the stricter jest typing requires.
- Use `expect.objectContaining({...})` in one place where the full
  expected object triggered stricter type resolution.
- Cast `prompt.mock.calls` arg through `as unknown as Record<...>[]`
  for patch.test.ts's nested-array matchers.
- Fix off-by-one `<reference path>` in pnpm/test/getConfig.test.ts
  that only surfaced now.
- Move `@jest/globals` from devDependencies to dependencies in the
  two `__utils__` packages that import it from `src/`.
- Clean up unused imports from the @jest/globals migration.

* chore: address Copilot review on #11332

- Move misplaced `@jest/globals` imports to the top import block in
  checkEngine, run.ts, and workspace/root-finder tests where the
  script dropped them below executable code.
- Replace `try { await x(); throw new Error('should have thrown') } catch`
  in bins/linker, lockfile/fs, and resolving/local-resolver tests with
  `await expect(x()).rejects.toMatchObject({...})`. The old pattern
  swallowed an unrelated `throw` if the under-test call silently
  succeeded, which would fail on the catch-block assertion with a
  misleading message.

2026-04-21 22:50:40 +02:00

Zoltan Kochan

45a6cb6b2a

refactor(auth): unify auth/SSL into structured configByUri (#11201 )

Replaces the dual `authConfig` (raw .npmrc) + `authInfos` (parsed auth) + `sslConfigs` (parsed SSL) pattern with a single structured `configByUri: Record<string, RegistryConfig>` field on Config.

### New types (`@pnpm/types`)
- **`RegistryConfig`** — per-registry config: `{ creds?: Creds, tls?: TlsConfig }`
- **`Creds`** — auth credentials: `{ authToken?, basicAuth?, tokenHelper? }`
- **`TlsConfig`** — TLS config: `{ cert?, key?, ca? }`

### Key changes
- Rewrite `createGetAuthHeaderByURI` to accept `Record<string, RegistryConfig>` instead of raw .npmrc key-value pairs
- Eliminate duplicate auth parsing between `getAuthHeadersFromConfig` and `getNetworkConfigs`
- Remove `authConfig` from the install pipeline (`StrictInstallOptions`, `HeadlessOptions`), replaced by `configByUri`
- Remove `sslConfigs` from Config — SSL fields now live in `configByUri[uri].tls`
- Remove `authConfig['registry']` mutation in `extendInstallOptions` (default registry now passed directly to `createGetAuthHeaderByURI`)
- `authConfig` remains on Config only for raw .npmrc access (config commands, error reporting, config inheritance)

### Security
- tokenHelper in project .npmrc now throws instead of being silently stripped
- tokenHelper execution uses `shell: false` to prevent shell metacharacter injection
- Basic auth uses `Buffer.from().toString('base64')` instead of `btoa()` for Unicode safety
- Dispatcher only creates custom agents when entries actually have TLS fields

2026-04-05 20:15:10 +02:00

2 Commits