mirror of
https://github.com/pnpm/pnpm.git
synced 2026-04-10 10:08:15 -04:00
45a6cb6b2a
Replaces the dual `authConfig` (raw .npmrc) + `authInfos` (parsed auth) + `sslConfigs` (parsed SSL) pattern with a single structured `configByUri: Record<string, RegistryConfig>` field on Config.
### New types (`@pnpm/types`)
- **`RegistryConfig`** — per-registry config: `{ creds?: Creds, tls?: TlsConfig }`
- **`Creds`** — auth credentials: `{ authToken?, basicAuth?, tokenHelper? }`
- **`TlsConfig`** — TLS config: `{ cert?, key?, ca? }`
### Key changes
- Rewrite `createGetAuthHeaderByURI` to accept `Record<string, RegistryConfig>` instead of raw .npmrc key-value pairs
- Eliminate duplicate auth parsing between `getAuthHeadersFromConfig` and `getNetworkConfigs`
- Remove `authConfig` from the install pipeline (`StrictInstallOptions`, `HeadlessOptions`), replaced by `configByUri`
- Remove `sslConfigs` from Config — SSL fields now live in `configByUri[uri].tls`
- Remove `authConfig['registry']` mutation in `extendInstallOptions` (default registry now passed directly to `createGetAuthHeaderByURI`)
- `authConfig` remains on Config only for raw .npmrc access (config commands, error reporting, config inheritance)
### Security
- tokenHelper in project .npmrc now throws instead of being silently stripped
- tokenHelper execution uses `shell: false` to prevent shell metacharacter injection
- Basic auth uses `Buffer.from().toString('base64')` instead of `btoa()` for Unicode safety
- Dispatcher only creates custom agents when entries actually have TLS fields
158 lines
4.8 KiB
TypeScript
158 lines
4.8 KiB
TypeScript
/// <reference path="../../../__typings__/index.d.ts" />
|
|
import path from 'node:path'
|
|
|
|
import { assertProject } from '@pnpm/assert-project'
|
|
import { PnpmError } from '@pnpm/error'
|
|
import { importCommand } from '@pnpm/installing.commands'
|
|
import { prepare } from '@pnpm/prepare'
|
|
import { addDistTag, REGISTRY_MOCK_PORT } from '@pnpm/registry-mock'
|
|
import { fixtures } from '@pnpm/test-fixtures'
|
|
import { temporaryDirectory } from 'tempy'
|
|
|
|
const f = fixtures(import.meta.dirname)
|
|
|
|
const REGISTRY = `http://localhost:${REGISTRY_MOCK_PORT}`
|
|
const TMP = temporaryDirectory()
|
|
|
|
const DEFAULT_OPTS = {
|
|
ca: undefined,
|
|
cacheDir: path.join(TMP, 'cache'),
|
|
cert: undefined,
|
|
fetchRetries: 2,
|
|
fetchRetryFactor: 90,
|
|
fetchRetryMaxtimeout: 90,
|
|
fetchRetryMintimeout: 10,
|
|
httpsProxy: undefined,
|
|
key: undefined,
|
|
localAddress: undefined,
|
|
lock: false,
|
|
lockStaleDuration: 90,
|
|
minimumReleaseAge: 0,
|
|
networkConcurrency: 16,
|
|
offline: false,
|
|
preferWorkspacePackages: true,
|
|
proxy: undefined,
|
|
pnpmHomeDir: '',
|
|
configByUri: {},
|
|
registries: { default: REGISTRY },
|
|
registry: REGISTRY,
|
|
rootProjectManifestDir: '',
|
|
storeDir: path.join(TMP, 'store'),
|
|
strictSsl: false,
|
|
userAgent: 'pnpm',
|
|
userConfig: {},
|
|
useRunningStoreServer: false,
|
|
useStoreServer: false,
|
|
virtualStoreDirMaxLength: process.platform === 'win32' ? 60 : 120,
|
|
}
|
|
|
|
test('import from package-lock.json', async () => {
|
|
await addDistTag({ package: '@pnpm.e2e/dep-of-pkg-with-1-dep', version: '100.1.0', distTag: 'latest' })
|
|
f.prepare('has-package-lock-json')
|
|
|
|
await importCommand.handler({
|
|
...DEFAULT_OPTS,
|
|
dir: process.cwd(),
|
|
}, [])
|
|
|
|
const project = assertProject(process.cwd())
|
|
const lockfile = project.readLockfile()
|
|
expect(lockfile.packages).toHaveProperty(['@pnpm.e2e/dep-of-pkg-with-1-dep@100.0.0'])
|
|
expect(lockfile.packages).not.toHaveProperty(['@pnpm.e2e/dep-of-pkg-with-1-dep@100.1.0'])
|
|
|
|
// node_modules is not created
|
|
project.hasNot('@pnpm.e2e/dep-of-pkg-with-1-dep')
|
|
project.hasNot('@pnpm.e2e/pkg-with-1-dep')
|
|
})
|
|
|
|
test('import from yarn.lock', async () => {
|
|
await addDistTag({ package: '@pnpm.e2e/dep-of-pkg-with-1-dep', version: '100.1.0', distTag: 'latest' })
|
|
|
|
f.prepare('has-yarn-lock')
|
|
|
|
await importCommand.handler({
|
|
...DEFAULT_OPTS,
|
|
dir: process.cwd(),
|
|
}, [])
|
|
|
|
const project = assertProject(process.cwd())
|
|
const lockfile = project.readLockfile()
|
|
expect(lockfile.packages).toHaveProperty(['@pnpm.e2e/dep-of-pkg-with-1-dep@100.0.0'])
|
|
expect(lockfile.packages).not.toHaveProperty(['@pnpm.e2e/dep-of-pkg-with-1-dep@100.1.0'])
|
|
|
|
// node_modules is not created
|
|
project.hasNot('@pnpm.e2e/dep-of-pkg-with-1-dep')
|
|
project.hasNot('@pnpm.e2e/pkg-with-1-dep')
|
|
})
|
|
|
|
test('import from yarn2 lock file', async () => {
|
|
f.prepare('has-yarn2-lock')
|
|
|
|
await importCommand.handler({
|
|
...DEFAULT_OPTS,
|
|
dir: process.cwd(),
|
|
}, [])
|
|
|
|
const project = assertProject(process.cwd())
|
|
const lockfile = project.readLockfile()
|
|
|
|
expect(lockfile.packages).toHaveProperty(['is-positive@1.0.0'])
|
|
expect(lockfile.packages).toHaveProperty(['is-negative@1.0.0'])
|
|
|
|
// node_modules is not created
|
|
project.hasNot('balanced-match')
|
|
project.hasNot('brace-expansion')
|
|
})
|
|
|
|
test('import from npm-shrinkwrap.json', async () => {
|
|
await addDistTag({ package: '@pnpm.e2e/dep-of-pkg-with-1-dep', version: '100.1.0', distTag: 'latest' })
|
|
|
|
f.prepare('has-npm-shrinkwrap-json')
|
|
|
|
await importCommand.handler({
|
|
...DEFAULT_OPTS,
|
|
dir: process.cwd(),
|
|
}, [])
|
|
|
|
const project = assertProject(process.cwd())
|
|
const lockfile = project.readLockfile()
|
|
expect(lockfile.packages).toHaveProperty(['@pnpm.e2e/dep-of-pkg-with-1-dep@100.0.0'])
|
|
expect(lockfile.packages).not.toHaveProperty(['@pnpm.e2e/dep-of-pkg-with-1-dep@100.1.0'])
|
|
|
|
// node_modules is not created
|
|
project.hasNot('@pnpm.e2e/dep-of-pkg-with-1-dep')
|
|
project.hasNot('@pnpm.e2e/pkg-with-1-dep')
|
|
})
|
|
|
|
test('import fails when no lockfiles are found', async () => {
|
|
prepare(undefined)
|
|
|
|
await expect(
|
|
importCommand.handler({
|
|
...DEFAULT_OPTS,
|
|
dir: process.cwd(),
|
|
}, [])
|
|
).rejects.toThrow(
|
|
new PnpmError('LOCKFILE_NOT_FOUND', 'No lockfile found')
|
|
)
|
|
})
|
|
|
|
test('import from package-lock.json v3', async () => {
|
|
await addDistTag({ package: '@pnpm.e2e/dep-of-pkg-with-1-dep', version: '100.1.0', distTag: 'latest' })
|
|
f.prepare('has-package-lock-v3-json')
|
|
|
|
await importCommand.handler({
|
|
...DEFAULT_OPTS,
|
|
dir: process.cwd(),
|
|
}, [])
|
|
|
|
const project = assertProject(process.cwd())
|
|
const lockfile = project.readLockfile()
|
|
expect(lockfile.packages).toHaveProperty(['@pnpm.e2e/dep-of-pkg-with-1-dep@100.0.0'])
|
|
expect(lockfile.packages).not.toHaveProperty(['@pnpm.e2e/dep-of-pkg-with-1-dep@100.1.0'])
|
|
|
|
// node_modules is not created
|
|
project.hasNot('@pnpm.e2e/dep-of-pkg-with-1-dep')
|
|
project.hasNot('@pnpm.e2e/pkg-with-1-dep')
|
|
})
|