@pnpm/installing.client 1100.0.15 → 1100.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/lib/index.d.ts CHANGED
@@ -3,10 +3,11 @@ import { type TarballFetchers } from '@pnpm/fetching.tarball-fetcher';
3
3
  import type { RetryTimeoutOptions } from '@pnpm/fetching.types';
4
4
  import type { CustomFetcher, CustomResolver } from '@pnpm/hooks.types';
5
5
  import { type DispatcherOptions } from '@pnpm/network.fetch';
6
- import { type ResolveFunction, type ResolverFactoryOptions } from '@pnpm/resolving.default-resolver';
6
+ import { type ResolutionVerifierFactoryOptions, type ResolveFunction, type ResolveLatestDispatcher, type ResolverFactoryOptions } from '@pnpm/resolving.default-resolver';
7
+ import type { LatestInfo, LatestQuery, ResolutionVerifier } from '@pnpm/resolving.resolver-base';
7
8
  import type { StoreIndex } from '@pnpm/store.index';
8
9
  import type { RegistryConfig } from '@pnpm/types';
9
- export type { ResolveFunction };
10
+ export type { LatestInfo, LatestQuery, ResolutionVerifier, ResolveFunction, ResolveLatestDispatcher };
10
11
  export type ClientOptions = {
11
12
  configByUri: Record<string, RegistryConfig>;
12
13
  customResolvers?: CustomResolver[];
@@ -23,17 +24,39 @@ export type ClientOptions = {
23
24
  includeOnlyPackageFiles?: boolean;
24
25
  preserveAbsolutePaths?: boolean;
25
26
  fetchMinSpeedKiBps?: number;
26
- } & ResolverFactoryOptions & DispatcherOptions;
27
+ } & ResolverFactoryOptions & DispatcherOptions & Pick<ResolutionVerifierFactoryOptions, 'minimumReleaseAge' | 'minimumReleaseAgeStrict' | 'minimumReleaseAgeExclude' | 'ignoreMissingTimeField' | 'trustPolicy' | 'trustPolicyExclude' | 'trustPolicyIgnoreAfter'>;
27
28
  export interface Client {
28
29
  fetchers: Fetchers;
29
30
  resolve: ResolveFunction;
30
31
  clearResolutionCache: () => void;
32
+ /**
33
+ * List of resolver-side verifiers — one entry per active policy
34
+ * (today: at most one, `npm.minimumReleaseAge`). Empty when no policy
35
+ * is active. The install layer fans out across the list to re-validate
36
+ * each lockfile entry; each verifier handles its own protocol
37
+ * short-circuit inside `verify`.
38
+ */
39
+ resolutionVerifiers: ResolutionVerifier[];
31
40
  }
32
41
  export declare function createClient(opts: ClientOptions): Client;
33
42
  export declare function createResolver(opts: Omit<ClientOptions, 'storeIndex'>): {
34
43
  resolve: ResolveFunction;
44
+ resolveLatest: ResolveLatestDispatcher;
35
45
  clearCache: () => void;
36
46
  };
47
+ /**
48
+ * Wraps a `ResolveFunction` so any inline policy violation surfaced by
49
+ * the resolver is rethrown as a `PnpmError` instead of being returned on
50
+ * the result. Use this from one-shot callers (dlx, self-update) that
51
+ * have nowhere to defer a violation to — the install command leaves
52
+ * resolution unwrapped because it aggregates violations across the
53
+ * whole tree before deciding what to do.
54
+ *
55
+ * The error mapping is centralized here so future violation codes
56
+ * (today: `MINIMUM_RELEASE_AGE_VIOLATION`) get a consistent error code
57
+ * across every strict-mode caller without each call site re-translating.
58
+ */
59
+ export declare function makeResolutionStrict(resolve: ResolveFunction): ResolveFunction;
37
60
  type Fetchers = {
38
61
  git: GitFetcher;
39
62
  directory: DirectoryFetcher;
package/lib/index.js CHANGED
@@ -1,11 +1,13 @@
1
1
  import { NODE_EXTRAS_IGNORE_PATTERN } from '@pnpm/engine.runtime.node-resolver';
2
+ import { PnpmError } from '@pnpm/error';
2
3
  import { createBinaryFetcher } from '@pnpm/fetching.binary-fetcher';
3
4
  import { createDirectoryFetcher } from '@pnpm/fetching.directory-fetcher';
4
5
  import { createGitFetcher } from '@pnpm/fetching.git-fetcher';
5
6
  import { createTarballFetcher } from '@pnpm/fetching.tarball-fetcher';
6
7
  import { createGetAuthHeaderByURI } from '@pnpm/network.auth-header';
7
8
  import { createFetchFromRegistry } from '@pnpm/network.fetch';
8
- import { createResolver as _createResolver, } from '@pnpm/resolving.default-resolver';
9
+ import { createResolutionVerifiers, createResolver as _createResolver, } from '@pnpm/resolving.default-resolver';
10
+ import { MINIMUM_RELEASE_AGE_VIOLATION_CODE } from '@pnpm/resolving.npm-resolver';
9
11
  export function createClient(opts) {
10
12
  const fetchFromRegistry = createFetchFromRegistry(opts);
11
13
  const getAuthHeader = createGetAuthHeaderByURI(opts.configByUri, opts.registries?.default);
@@ -14,6 +16,7 @@ export function createClient(opts) {
14
16
  fetchers: createFetchers(fetchFromRegistry, getAuthHeader, opts),
15
17
  resolve,
16
18
  clearResolutionCache,
19
+ resolutionVerifiers: createResolutionVerifiers(fetchFromRegistry, opts),
17
20
  };
18
21
  }
19
22
  export function createResolver(opts) {
@@ -21,6 +24,38 @@ export function createResolver(opts) {
21
24
  const getAuthHeader = createGetAuthHeaderByURI(opts.configByUri, opts.registries?.default);
22
25
  return _createResolver(fetchFromRegistry, getAuthHeader, { ...opts, customResolvers: opts.customResolvers });
23
26
  }
27
+ /**
28
+ * Wraps a `ResolveFunction` so any inline policy violation surfaced by
29
+ * the resolver is rethrown as a `PnpmError` instead of being returned on
30
+ * the result. Use this from one-shot callers (dlx, self-update) that
31
+ * have nowhere to defer a violation to — the install command leaves
32
+ * resolution unwrapped because it aggregates violations across the
33
+ * whole tree before deciding what to do.
34
+ *
35
+ * The error mapping is centralized here so future violation codes
36
+ * (today: `MINIMUM_RELEASE_AGE_VIOLATION`) get a consistent error code
37
+ * across every strict-mode caller without each call site re-translating.
38
+ */
39
+ export function makeResolutionStrict(resolve) {
40
+ return (async (wantedDependency, opts) => {
41
+ const result = await resolve(wantedDependency, opts);
42
+ if (result?.policyViolation) {
43
+ throw policyViolationToError(result.policyViolation);
44
+ }
45
+ return result;
46
+ });
47
+ }
48
+ function policyViolationToError(violation) {
49
+ const message = `${violation.name}@${violation.version} ${violation.reason}`;
50
+ // Map the per-violation `code` to the user-facing PnpmError code that
51
+ // pre-refactor callers (and `default-reporter`) already recognize.
52
+ // Future violation codes get their mapping added here so call sites
53
+ // don't have to re-translate.
54
+ const errorCode = violation.code === MINIMUM_RELEASE_AGE_VIOLATION_CODE
55
+ ? 'NO_MATURE_MATCHING_VERSION'
56
+ : violation.code;
57
+ return new PnpmError(errorCode, message);
58
+ }
24
59
  function createFetchers(fetchFromRegistry, getAuthHeader, opts) {
25
60
  const tarballFetchers = createTarballFetcher(fetchFromRegistry, getAuthHeader, opts);
26
61
  return {
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@pnpm/installing.client",
3
- "version": "1100.0.15",
3
+ "version": "1100.2.0",
4
4
  "description": "Creates the package resolve and fetch functions",
5
5
  "keywords": [
6
6
  "pnpm",
@@ -27,25 +27,27 @@
27
27
  ],
28
28
  "dependencies": {
29
29
  "ramda": "npm:@pnpm/ramda@0.28.1",
30
- "@pnpm/fetching.directory-fetcher": "1100.0.9",
31
- "@pnpm/fetching.binary-fetcher": "1101.0.5",
32
- "@pnpm/engine.runtime.node-resolver": "1101.0.8",
33
- "@pnpm/fetching.git-fetcher": "1101.0.6",
34
- "@pnpm/hooks.types": "1100.0.6",
35
- "@pnpm/types": "1101.1.0",
36
- "@pnpm/resolving.default-resolver": "1100.1.2",
37
- "@pnpm/store.index": "1100.1.0",
30
+ "@pnpm/engine.runtime.node-resolver": "1101.1.0",
31
+ "@pnpm/error": "1100.0.0",
32
+ "@pnpm/fetching.binary-fetcher": "1101.0.7",
33
+ "@pnpm/fetching.git-fetcher": "1101.0.8",
34
+ "@pnpm/fetching.directory-fetcher": "1100.0.11",
35
+ "@pnpm/network.auth-header": "1100.0.3",
36
+ "@pnpm/fetching.tarball-fetcher": "1101.0.9",
38
37
  "@pnpm/fetching.types": "1100.0.1",
39
- "@pnpm/network.auth-header": "1100.0.2",
40
- "@pnpm/fetching.tarball-fetcher": "1101.0.7",
41
- "@pnpm/network.fetch": "1100.0.4",
42
- "@pnpm/resolving.resolver-base": "1100.1.3"
38
+ "@pnpm/hooks.types": "1100.0.8",
39
+ "@pnpm/network.fetch": "1100.0.6",
40
+ "@pnpm/resolving.default-resolver": "1100.3.0",
41
+ "@pnpm/resolving.npm-resolver": "1101.3.0",
42
+ "@pnpm/resolving.resolver-base": "1100.3.0",
43
+ "@pnpm/types": "1101.1.1",
44
+ "@pnpm/store.index": "1100.1.0"
43
45
  },
44
46
  "devDependencies": {
45
47
  "@jest/globals": "30.3.0",
46
48
  "@types/ramda": "0.31.1",
47
- "@pnpm/fetching.fetcher-base": "1100.1.3",
48
- "@pnpm/installing.client": "1100.0.15"
49
+ "@pnpm/fetching.fetcher-base": "1100.1.5",
50
+ "@pnpm/installing.client": "1100.2.0"
49
51
  },
50
52
  "engines": {
51
53
  "node": ">=22.13"