@pnpm/installing.deps-installer 1102.1.0 → 1102.1.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/install/verifyLockfileResolutions.js +34 -11
- package/package.json +59 -59
|
@@ -205,6 +205,10 @@ function buildVerificationError(violations) {
|
|
|
205
205
|
const details = omitted > 0
|
|
206
206
|
? `${breakdown}\n …and ${omitted} more`
|
|
207
207
|
: breakdown;
|
|
208
|
+
// Registry fetch failures (auth/network/5xx) don't reach this batch — the
|
|
209
|
+
// verifier throws the registry's own error and the gate aborts with it. So
|
|
210
|
+
// every violation here is a genuine policy rejection, and the hint points at
|
|
211
|
+
// the lockfile rather than at connectivity.
|
|
208
212
|
return new PnpmError(errorCode, `${violations.length} lockfile entries failed verification:\n${details}`, {
|
|
209
213
|
hint: 'The lockfile contains entries that the active policies reject. ' +
|
|
210
214
|
'This can mean the lockfile is stale, or that someone committed a ' +
|
|
@@ -346,22 +350,41 @@ function pushInvalidAliases(deps, invalid) {
|
|
|
346
350
|
}
|
|
347
351
|
async function iterateLockfileViolations(candidates, verifiers, concurrency) {
|
|
348
352
|
const violations = [];
|
|
353
|
+
// A verifier may throw rather than return a violation when it can't reach the
|
|
354
|
+
// registry to verify an entry (auth/network/5xx) — that's not a per-entry
|
|
355
|
+
// policy pick, it's an incomplete verification, so the registry's own error
|
|
356
|
+
// should abort the install. Capture the first such error and rethrow it after
|
|
357
|
+
// the fan-out settles: rethrowing straight into Promise.all would leave the
|
|
358
|
+
// sibling tasks (all failing against the same dead registry) as unhandled
|
|
359
|
+
// rejections once Promise.all rejects on the first.
|
|
360
|
+
let fetchError;
|
|
349
361
|
const limit = pLimit(concurrency ?? DEFAULT_CONCURRENCY);
|
|
350
362
|
await Promise.all(Array.from(candidates.values(), ({ name, version, nonSemverVersion, resolution }) => limit(async () => {
|
|
351
|
-
|
|
352
|
-
|
|
353
|
-
|
|
354
|
-
|
|
355
|
-
|
|
356
|
-
|
|
357
|
-
|
|
358
|
-
|
|
359
|
-
|
|
360
|
-
|
|
361
|
-
|
|
363
|
+
try {
|
|
364
|
+
// Fan out across every active verifier; each handles its own
|
|
365
|
+
// protocol short-circuit (e.g. the npm verifier returns ok:true for
|
|
366
|
+
// git resolutions). We stop at the first failure per entry so a
|
|
367
|
+
// multi-verifier setup doesn't produce duplicate violations for the
|
|
368
|
+
// same (name, version).
|
|
369
|
+
for (const verifier of verifiers) {
|
|
370
|
+
// eslint-disable-next-line no-await-in-loop
|
|
371
|
+
const result = await verifier.verify(resolution, { name, version, nonSemverVersion });
|
|
372
|
+
if (!result.ok) {
|
|
373
|
+
violations.push({ name, version, resolution, code: result.code, reason: result.reason });
|
|
374
|
+
break;
|
|
375
|
+
}
|
|
362
376
|
}
|
|
363
377
|
}
|
|
378
|
+
catch (err) {
|
|
379
|
+
fetchError ??= err;
|
|
380
|
+
}
|
|
364
381
|
})));
|
|
382
|
+
// A registry that couldn't be reached takes precedence over collected
|
|
383
|
+
// violations: the run never finished verifying, so the batch is incomplete
|
|
384
|
+
// and the actionable failure is the transport error. Once it's resolved the
|
|
385
|
+
// re-run surfaces any remaining violations.
|
|
386
|
+
if (fetchError != null)
|
|
387
|
+
throw fetchError;
|
|
365
388
|
return violations;
|
|
366
389
|
}
|
|
367
390
|
//# sourceMappingURL=verifyLockfileResolutions.js.map
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@pnpm/installing.deps-installer",
|
|
3
|
-
"version": "1102.1.
|
|
3
|
+
"version": "1102.1.1",
|
|
4
4
|
"description": "Fast, disk space efficient installation engine",
|
|
5
5
|
"keywords": [
|
|
6
6
|
"pnpm",
|
|
@@ -30,9 +30,9 @@
|
|
|
30
30
|
"funding": "https://opencollective.com/pnpm",
|
|
31
31
|
"repository": {
|
|
32
32
|
"type": "git",
|
|
33
|
-
"url": "https://github.com/pnpm/pnpm/tree/main/installing/deps-installer"
|
|
33
|
+
"url": "https://github.com/pnpm/pnpm/tree/main/pnpm11/installing/deps-installer"
|
|
34
34
|
},
|
|
35
|
-
"homepage": "https://github.com/pnpm/pnpm/tree/main/installing/deps-installer#readme",
|
|
35
|
+
"homepage": "https://github.com/pnpm/pnpm/tree/main/pnpm11/installing/deps-installer#readme",
|
|
36
36
|
"bugs": {
|
|
37
37
|
"url": "https://github.com/pnpm/pnpm/issues"
|
|
38
38
|
},
|
|
@@ -65,62 +65,62 @@
|
|
|
65
65
|
"ramda": "npm:@pnpm/ramda@0.28.1",
|
|
66
66
|
"run-groups": "^5.0.0",
|
|
67
67
|
"semver": "^7.8.4",
|
|
68
|
-
"@pnpm/bins.
|
|
69
|
-
"@pnpm/building.
|
|
70
|
-
"@pnpm/
|
|
71
|
-
"@pnpm/
|
|
72
|
-
"@pnpm/
|
|
73
|
-
"@pnpm/
|
|
68
|
+
"@pnpm/bins.remover": "1100.0.11",
|
|
69
|
+
"@pnpm/building.during-install": "1102.0.2",
|
|
70
|
+
"@pnpm/bins.linker": "1100.0.16",
|
|
71
|
+
"@pnpm/catalogs.config": "1100.0.2",
|
|
72
|
+
"@pnpm/building.policy": "1100.0.11",
|
|
73
|
+
"@pnpm/building.after-install": "1102.0.2",
|
|
74
|
+
"@pnpm/catalogs.types": "1100.0.0",
|
|
74
75
|
"@pnpm/catalogs.resolver": "1100.0.0",
|
|
75
|
-
"@pnpm/
|
|
76
|
+
"@pnpm/catalogs.protocol-parser": "1100.0.0",
|
|
77
|
+
"@pnpm/config.parse-overrides": "1100.0.2",
|
|
76
78
|
"@pnpm/config.normalize-registries": "1100.0.8",
|
|
77
|
-
"@pnpm/config.
|
|
79
|
+
"@pnpm/config.matcher": "1100.0.1",
|
|
78
80
|
"@pnpm/core-loggers": "1100.2.1",
|
|
79
81
|
"@pnpm/constants": "1100.0.0",
|
|
80
|
-
"@pnpm/
|
|
81
|
-
"@pnpm/deps.graph-hasher": "1100.2.
|
|
82
|
-
"@pnpm/catalogs.types": "1100.0.0",
|
|
83
|
-
"@pnpm/crypto.object-hasher": "1100.0.0",
|
|
82
|
+
"@pnpm/crypto.hash": "1100.0.1",
|
|
83
|
+
"@pnpm/deps.graph-hasher": "1100.2.6",
|
|
84
84
|
"@pnpm/deps.graph-sequencer": "1100.0.0",
|
|
85
|
-
"@pnpm/
|
|
86
|
-
"@pnpm/error": "1100.0.
|
|
87
|
-
"@pnpm/exec.lifecycle": "1100.1.0",
|
|
85
|
+
"@pnpm/crypto.object-hasher": "1100.0.0",
|
|
86
|
+
"@pnpm/error": "1100.0.1",
|
|
88
87
|
"@pnpm/fs.read-modules-dir": "1100.0.1",
|
|
88
|
+
"@pnpm/deps.path": "1100.0.8",
|
|
89
|
+
"@pnpm/exec.lifecycle": "1100.1.1",
|
|
89
90
|
"@pnpm/fs.symlink-dependency": "1100.0.10",
|
|
90
|
-
"@pnpm/hooks.types": "1100.0
|
|
91
|
-
"@pnpm/installing.context": "1100.0.
|
|
92
|
-
"@pnpm/installing.deps-resolver": "1100.2.
|
|
93
|
-
"@pnpm/
|
|
94
|
-
"@pnpm/
|
|
95
|
-
"@pnpm/installing.linking.hoist": "1100.0.15",
|
|
96
|
-
"@pnpm/installing.linking.modules-cleaner": "1100.1.8",
|
|
97
|
-
"@pnpm/installing.package-requester": "1102.0.0",
|
|
91
|
+
"@pnpm/hooks.types": "1100.1.0",
|
|
92
|
+
"@pnpm/installing.context": "1100.0.20",
|
|
93
|
+
"@pnpm/installing.deps-resolver": "1100.2.5",
|
|
94
|
+
"@pnpm/installing.deps-restorer": "1102.1.1",
|
|
95
|
+
"@pnpm/hooks.read-package-hook": "1100.0.9",
|
|
98
96
|
"@pnpm/installing.linking.direct-dep-linker": "1100.0.10",
|
|
97
|
+
"@pnpm/installing.linking.hoist": "1100.0.16",
|
|
99
98
|
"@pnpm/installing.modules-yaml": "1100.0.9",
|
|
100
|
-
"@pnpm/
|
|
101
|
-
"@pnpm/
|
|
102
|
-
"@pnpm/lockfile.fs": "1100.1.
|
|
103
|
-
"@pnpm/lockfile.
|
|
104
|
-
"@pnpm/lockfile.
|
|
105
|
-
"@pnpm/lockfile.
|
|
106
|
-
"@pnpm/lockfile.settings-checker": "1100.0.
|
|
107
|
-
"@pnpm/lockfile.
|
|
108
|
-
"@pnpm/
|
|
109
|
-
"@pnpm/patching.config": "1100.0.
|
|
110
|
-
"@pnpm/
|
|
111
|
-
"@pnpm/
|
|
112
|
-
"@pnpm/
|
|
113
|
-
"@pnpm/
|
|
99
|
+
"@pnpm/installing.linking.modules-cleaner": "1100.1.9",
|
|
100
|
+
"@pnpm/installing.package-requester": "1102.1.0",
|
|
101
|
+
"@pnpm/lockfile.fs": "1100.1.7",
|
|
102
|
+
"@pnpm/lockfile.preferred-versions": "1100.0.17",
|
|
103
|
+
"@pnpm/lockfile.filtering": "1100.1.8",
|
|
104
|
+
"@pnpm/lockfile.pruner": "1100.0.12",
|
|
105
|
+
"@pnpm/lockfile.settings-checker": "1100.0.20",
|
|
106
|
+
"@pnpm/lockfile.verification": "1100.0.20",
|
|
107
|
+
"@pnpm/lockfile.to-pnp": "1100.1.1",
|
|
108
|
+
"@pnpm/patching.config": "1100.0.9",
|
|
109
|
+
"@pnpm/lockfile.utils": "1100.1.0",
|
|
110
|
+
"@pnpm/lockfile.walker": "1100.0.12",
|
|
111
|
+
"@pnpm/network.auth-header": "1101.1.3",
|
|
112
|
+
"@pnpm/pkg-manifest.utils": "1100.2.6",
|
|
114
113
|
"@pnpm/resolving.parse-wanted-dependency": "1100.0.1",
|
|
115
|
-
"@pnpm/
|
|
116
|
-
"@pnpm/
|
|
117
|
-
"@pnpm/
|
|
118
|
-
"@pnpm/
|
|
119
|
-
"@pnpm/store.
|
|
114
|
+
"@pnpm/pnpr.client": "1.2.3",
|
|
115
|
+
"@pnpm/store.index": "1100.2.1",
|
|
116
|
+
"@pnpm/resolving.resolver-base": "1100.5.0",
|
|
117
|
+
"@pnpm/workspace.project-manifest-reader": "1100.0.14",
|
|
118
|
+
"@pnpm/store.controller-types": "1100.1.6",
|
|
119
|
+
"@pnpm/types": "1101.3.2"
|
|
120
120
|
},
|
|
121
121
|
"peerDependencies": {
|
|
122
122
|
"@pnpm/logger": "^1100.0.0",
|
|
123
|
-
"@pnpm/worker": "^1100.2.
|
|
123
|
+
"@pnpm/worker": "^1100.2.2"
|
|
124
124
|
},
|
|
125
125
|
"devDependencies": {
|
|
126
126
|
"@jest/globals": "30.4.1",
|
|
@@ -141,22 +141,22 @@
|
|
|
141
141
|
"symlink-dir": "^10.0.1",
|
|
142
142
|
"write-json-file": "^7.0.0",
|
|
143
143
|
"write-yaml-file": "^6.0.0",
|
|
144
|
-
"@pnpm/assert-project": "1100.0.
|
|
145
|
-
"@pnpm/
|
|
146
|
-
"@pnpm/
|
|
147
|
-
"@pnpm/lockfile.types": "1100.0.
|
|
144
|
+
"@pnpm/assert-project": "1100.0.17",
|
|
145
|
+
"@pnpm/assert-store": "1100.0.17",
|
|
146
|
+
"@pnpm/installing.deps-installer": "1102.1.1",
|
|
147
|
+
"@pnpm/lockfile.types": "1100.0.12",
|
|
148
148
|
"@pnpm/logger": "1100.0.0",
|
|
149
|
-
"@pnpm/prepare": "1100.0.
|
|
150
|
-
"@pnpm/
|
|
151
|
-
"@pnpm/
|
|
152
|
-
"@pnpm/
|
|
153
|
-
"@pnpm/
|
|
149
|
+
"@pnpm/prepare": "1100.0.17",
|
|
150
|
+
"@pnpm/resolving.registry.types": "1100.1.3",
|
|
151
|
+
"@pnpm/store.cafs": "1100.1.11",
|
|
152
|
+
"@pnpm/pkg-manifest.reader": "1100.0.9",
|
|
153
|
+
"@pnpm/store.path": "1100.0.2",
|
|
154
154
|
"@pnpm/test-fixtures": "1100.0.0",
|
|
155
|
+
"@pnpm/test-ipc-server": "1100.0.0",
|
|
156
|
+
"@pnpm/testing.mock-agent": "1101.0.4",
|
|
157
|
+
"@pnpm/testing.temp-store": "1100.1.11",
|
|
155
158
|
"@pnpm/network.git-utils": "1100.0.2",
|
|
156
|
-
"@pnpm/testing.mock
|
|
157
|
-
"@pnpm/resolving.registry.types": "1100.1.3",
|
|
158
|
-
"@pnpm/testing.temp-store": "1100.1.10",
|
|
159
|
-
"@pnpm/testing.registry-mock": "1100.0.6"
|
|
159
|
+
"@pnpm/testing.registry-mock": "1100.0.7"
|
|
160
160
|
},
|
|
161
161
|
"engines": {
|
|
162
162
|
"node": ">=22.13"
|