mirror/pnpm
1
0
Fork 0
mirror of https://github.com/pnpm/pnpm.git synced 2026-04-10 18:18:56 -04:00
Code Issues Packages Projects Releases Wiki Activity
Files
bfd38cdc15e89b36eab4fa106a94de066c4638ef
pnpm/installing/commands/test/addJsr.ts
Zoltan Kochan 45a6cb6b2a refactor(auth): unify auth/SSL into structured configByUri (#11201) 
Replaces the dual `authConfig` (raw .npmrc) + `authInfos` (parsed auth) + `sslConfigs` (parsed SSL) pattern with a single structured `configByUri: Record<string, RegistryConfig>` field on Config.

### New types (`@pnpm/types`)
- **`RegistryConfig`** — per-registry config: `{ creds?: Creds, tls?: TlsConfig }`
- **`Creds`** — auth credentials: `{ authToken?, basicAuth?, tokenHelper? }`
- **`TlsConfig`** — TLS config: `{ cert?, key?, ca? }`

### Key changes
- Rewrite `createGetAuthHeaderByURI` to accept `Record<string, RegistryConfig>` instead of raw .npmrc key-value pairs
- Eliminate duplicate auth parsing between `getAuthHeadersFromConfig` and `getNetworkConfigs`
- Remove `authConfig` from the install pipeline (`StrictInstallOptions`, `HeadlessOptions`), replaced by `configByUri`
- Remove `sslConfigs` from Config — SSL fields now live in `configByUri[uri].tls`
- Remove `authConfig['registry']` mutation in `extendInstallOptions` (default registry now passed directly to `createGetAuthHeaderByURI`)
- `authConfig` remains on Config only for raw .npmrc access (config commands, error reporting, config inheritance)

### Security
- tokenHelper in project .npmrc now throws instead of being silently stripped
- tokenHelper execution uses `shell: false` to prevent shell metacharacter injection
- Basic auth uses `Buffer.from().toString('base64')` instead of `btoa()` for Unicode safety
- Dispatcher only creates custom agents when entries actually have TLS fields
2026-04-05 20:15:10 +02:00

236 lines
5.5 KiB
TypeScript
Raw Blame History

import path from 'node:path'
import { add } from '@pnpm/installing.commands'
import type { LockfileFile } from '@pnpm/lockfile.types'
import { prepare } from '@pnpm/prepare'
import type { ProjectManifest } from '@pnpm/types'
import { loadJsonFileSync } from 'load-json-file'
import { DEFAULT_OPTS } from './utils/index.js'
// This must be a function because some of its values depend on CWD
const createOptions = (jsr: string = 'https://npm.jsr.io/') => ({
...DEFAULT_OPTS,
configByUri: {},
registries: {
...DEFAULT_OPTS.registries,
'@jsr': jsr,
},
dir: process.cwd(),
cacheDir: path.resolve('cache'),
storeDir: path.resolve('store'),
})
test('pnpm add jsr:@<scope>/<name>', async () => {
const project = prepare({
name: 'test-add-jsr',
version: '0.0.0',
private: true,
})
await add.handler(createOptions(), ['jsr:@pnpm-e2e/foo'])
expect(loadJsonFileSync('package.json')).toMatchObject({
dependencies: {
'@pnpm-e2e/foo': 'jsr:^0.1.0',
},
} as ProjectManifest)
expect(project.readLockfile()).toMatchObject({
importers: {
'.': {
dependencies: {
'@pnpm-e2e/foo': {
specifier: 'jsr:^0.1.0',
version: '@jsr/pnpm-e2e__foo@0.1.0',
},
},
},
},
packages: {
'@jsr/pnpm-e2e__foo@0.1.0': {
resolution: {
integrity: expect.any(String),
},
},
},
snapshots: {
'@jsr/pnpm-e2e__foo@0.1.0': expect.any(Object),
},
} as Partial<LockfileFile>)
})
test('pnpm add jsr:@<scope>/<name> --save-peer writes a valid peer range', async () => {
prepare()
await add.handler({
...createOptions(),
savePeer: true,
}, ['jsr:@pnpm-e2e/foo'])
expect(loadJsonFileSync('package.json')).toMatchObject({
devDependencies: {
'@pnpm-e2e/foo': 'jsr:^0.1.0',
},
peerDependencies: {
'@pnpm-e2e/foo': '^0.1.0',
},
} as ProjectManifest)
})
test('pnpm add jsr:@<scope>/<name>@latest', async () => {
const project = prepare({
name: 'test-add-jsr',
version: '0.0.0',
private: true,
})
await add.handler(createOptions(), ['jsr:@pnpm-e2e/foo@latest'])
expect(loadJsonFileSync('package.json')).toMatchObject({
dependencies: {
'@pnpm-e2e/foo': 'jsr:^0.1.0',
},
} as ProjectManifest)
expect(project.readLockfile()).toMatchObject({
importers: {
'.': {
dependencies: {
'@pnpm-e2e/foo': {
specifier: 'jsr:^0.1.0',
version: '@jsr/pnpm-e2e__foo@0.1.0',
},
},
},
},
packages: {
'@jsr/pnpm-e2e__foo@0.1.0': {
resolution: {
integrity: expect.any(String),
},
},
},
snapshots: {
'@jsr/pnpm-e2e__foo@0.1.0': expect.any(Object),
},
} as Partial<LockfileFile>)
})
test('pnpm add jsr:@<scope>/<name>@<version_selector>', async () => {
const project = prepare({
name: 'test-add-jsr',
version: '0.0.0',
private: true,
})
await add.handler(createOptions(), ['jsr:@pnpm-e2e/foo@0.1'])
expect(loadJsonFileSync('package.json')).toMatchObject({
dependencies: {
'@pnpm-e2e/foo': 'jsr:~0.1.0',
},
} as ProjectManifest)
expect(project.readLockfile()).toMatchObject({
importers: {
'.': {
dependencies: {
'@pnpm-e2e/foo': {
specifier: 'jsr:~0.1.0',
version: '@jsr/pnpm-e2e__foo@0.1.0',
},
},
},
},
packages: {
'@jsr/pnpm-e2e__foo@0.1.0': {
resolution: {
integrity: expect.any(String),
},
},
},
snapshots: {
'@jsr/pnpm-e2e__foo@0.1.0': expect.any(Object),
},
} as Partial<LockfileFile>)
})
test('pnpm add <alias>@jsr:@<scope>/<name>', async () => {
const project = prepare({
name: 'test-add-jsr',
version: '0.0.0',
private: true,
})
await add.handler(createOptions(), ['foo-from-jsr@jsr:@pnpm-e2e/foo'])
expect(loadJsonFileSync('package.json')).toMatchObject({
dependencies: {
'foo-from-jsr': 'jsr:@pnpm-e2e/foo@^0.1.0',
},
} as ProjectManifest)
expect(project.readLockfile()).toMatchObject({
importers: {
'.': {
dependencies: {
'foo-from-jsr': {
specifier: 'jsr:@pnpm-e2e/foo@^0.1.0',
version: '@jsr/pnpm-e2e__foo@0.1.0',
},
},
},
},
packages: {
'@jsr/pnpm-e2e__foo@0.1.0': {
resolution: {
integrity: expect.any(String),
},
},
},
snapshots: {
'@jsr/pnpm-e2e__foo@0.1.0': expect.any(Object),
},
} as Partial<LockfileFile>)
})
test('pnpm add <alias>@jsr:@<scope>/<name>@<version_selector>', async () => {
const project = prepare({
name: 'test-add-jsr',
version: '0.0.0',
private: true,
})
await add.handler(createOptions(), ['foo-from-jsr@jsr:@pnpm-e2e/foo@0.1'])
expect(loadJsonFileSync('package.json')).toMatchObject({
dependencies: {
'foo-from-jsr': 'jsr:@pnpm-e2e/foo@~0.1.0',
},
} as ProjectManifest)
expect(project.readLockfile()).toMatchObject({
importers: {
'.': {
dependencies: {
'foo-from-jsr': {
specifier: 'jsr:@pnpm-e2e/foo@~0.1.0',
version: '@jsr/pnpm-e2e__foo@0.1.0',
},
},
},
},
packages: {
'@jsr/pnpm-e2e__foo@0.1.0': {
resolution: {
integrity: expect.any(String),
},
},
},
snapshots: {
'@jsr/pnpm-e2e__foo@0.1.0': expect.any(Object),
},
} as Partial<LockfileFile>)
})
Reference in New Issue View Git Blame Copy Permalink