@salesforce/plugin-trust 2.4.12 → 2.4.14

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/lib/hooks/verifyInstallSignature.js +7 -0
  2. package/lib/hooks/verifyInstallSignature.js.map +1 -1
  3. package/oclif.manifest.json +1 -1
  4. package/package.json +7 -7
package/lib/hooks/verifyInstallSignature.js CHANGED
@@ -26,6 +26,13 @@ const hook = async function (options) {
26
26
  if (options.plugin && options.plugin.type === 'npm') {
27
27
  const logger = await core_1.Logger.child('verifyInstallSignature');
28
28
  const plugin = options.plugin;
29
+ // skip if the plugin version being installed is listed in the CLI's JIT config
30
+ if (plugin.tag &&
31
+ plugin.name in options.config.pjson.oclif.jitPlugins &&
32
+ options.config.pjson.oclif.jitPlugins?.[plugin.name] === plugin.tag) {
33
+ logger.debug(`Skipping verification for ${options.plugin.name} because it is listed in the CLI's JIT config.`);
34
+ return;
35
+ }
29
36
  logger.debug('parsing npm name');
30
37
  const npmName = NpmName_1.NpmName.parse(plugin.name);
31
38
  logger.debug(`npmName components: ${JSON.stringify(npmName, null, 4)}`);
package/lib/hooks/verifyInstallSignature.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"verifyInstallSignature.js","sourceRoot":"","sources":["../../src/hooks/verifyInstallSignature.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;;AAGH,2CAAmD;AACnD,sCAAiC;AACjC,iFAM4C;AAE5C,+CAA4C;AAE5C;;GAEG;AACH,MAAa,yBAAyB;IAC7B,MAAM,CAAC,KAAK,CAAC,OAAgB,EAAE,aAA4B;QAChE,MAAM,OAAO,GAAG,IAAI,6CAAkB,EAAE,CAAC;QACzC,OAAO,CAAC,QAAQ,GAAG,IAAI,mDAAwB,EAAE,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC,SAAS,CAAC,aAAa,CAAC,CAAC;QACrG,OAAO,OAAO,CAAC;IACjB,CAAC;CACF;AAND,8DAMC;AAEM,MAAM,IAAI,GAA2B,KAAK,WAAW,OAAO;IACjE,IAAI,OAAO,CAAC,MAAM,IAAI,OAAO,CAAC,MAAM,CAAC,IAAI,KAAK,KAAK,EAAE;QACnD,MAAM,MAAM,GAAG,MAAM,aAAM,CAAC,KAAK,CAAC,wBAAwB,CAAC,CAAC;QAC5D,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;QAE9B,MAAM,CAAC,KAAK,CAAC,kBAAkB,CAAC,CAAC;QACjC,MAAM,OAAO,GAAG,iBAAO,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QAC3C,MAAM,CAAC,KAAK,CAAC,uBAAuB,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC;QAExE,OAAO,CAAC,GAAG,GAAG,MAAM,CAAC,GAAG,IAAI,QAAQ,CAAC;QAErC,IAAI,WAAW,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE;YACjC,OAAO,CAAC,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;SACpC;QAED,MAAM,aAAa,GAAkB;YACnC,QAAQ,EAAE,OAAO,CAAC,MAAM,CAAC,QAAQ;YACjC,SAAS,EAAE,OAAO,CAAC,MAAM,CAAC,SAAS;YACnC,OAAO,EAAE,OAAO,CAAC,MAAM,CAAC,OAAO;YAC/B,OAAO,EAAE,OAAO,CAAC,MAAM,CAAC,IAAI;SAC7B,CAAC;QAEF,MAAM,OAAO,GAAG,yBAAyB,CAAC,KAAK,CAAC,OAAO,EAAE,aAAa,CAAC,CAAC;QACxE,MAAM,CAAC,KAAK,CAAC,iDAAiD,CAAC,CAAC;QAEhE,IAAI;YACF,MAAM,CAAC,KAAK,CAAC,oBAAoB,CAAC,CAAC;YACnC,MAAM,IAAA,gEAAqC,EAAC,aAAa,EAAE,EAAE,MAAM,EAAE,MAAM,CAAC,IAAI,EAAE,GAAG,EAAE,MAAM,CAAC,GAAG,EAAE,EAAE,OAAO,CAAC,CAAC;YAC9G,SAAE,CAAC,GAAG,CAAC,mCAAmC,CAAC,CAAC;SAC7C;QAAC,OAAO,KAAK,EAAE;YACd,MAAM,GAAG,GAAG,KAAgB,CAAC;YAC7B,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;YAC1B,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;SACjB;KACF;SAAM;QACL,MAAM,IAAA,mCAAQ,GAAE,CAAC;KAClB;AACH,CAAC,CAAC;AArCW,QAAA,IAAI,QAqCf;AAEF,kBAAe,YAAI,CAAC"}
1
+ {"version":3,"file":"verifyInstallSignature.js","sourceRoot":"","sources":["../../src/hooks/verifyInstallSignature.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;;AAGH,2CAAmD;AACnD,sCAAiC;AACjC,iFAM4C;AAE5C,+CAA4C;AAE5C;;GAEG;AACH,MAAa,yBAAyB;IAC7B,MAAM,CAAC,KAAK,CAAC,OAAgB,EAAE,aAA4B;QAChE,MAAM,OAAO,GAAG,IAAI,6CAAkB,EAAE,CAAC;QACzC,OAAO,CAAC,QAAQ,GAAG,IAAI,mDAAwB,EAAE,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC,SAAS,CAAC,aAAa,CAAC,CAAC;QACrG,OAAO,OAAO,CAAC;IACjB,CAAC;CACF;AAND,8DAMC;AAEM,MAAM,IAAI,GAA2B,KAAK,WAAW,OAAO;IACjE,IAAI,OAAO,CAAC,MAAM,IAAI,OAAO,CAAC,MAAM,CAAC,IAAI,KAAK,KAAK,EAAE;QACnD,MAAM,MAAM,GAAG,MAAM,aAAM,CAAC,KAAK,CAAC,wBAAwB,CAAC,CAAC;QAC5D,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;QAE9B,+EAA+E;QAC/E,IACE,MAAM,CAAC,GAAG;YACV,MAAM,CAAC,IAAI,IAAI,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,UAAU;YACpD,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,UAAU,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,MAAM,CAAC,GAAG,EACnE;YACA,MAAM,CAAC,KAAK,CAAC,6BAA6B,OAAO,CAAC,MAAM,CAAC,IAAI,gDAAgD,CAAC,CAAC;YAC/G,OAAO;SACR;QACD,MAAM,CAAC,KAAK,CAAC,kBAAkB,CAAC,CAAC;QACjC,MAAM,OAAO,GAAG,iBAAO,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QAC3C,MAAM,CAAC,KAAK,CAAC,uBAAuB,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC;QAExE,OAAO,CAAC,GAAG,GAAG,MAAM,CAAC,GAAG,IAAI,QAAQ,CAAC;QAErC,IAAI,WAAW,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE;YACjC,OAAO,CAAC,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;SACpC;QAED,MAAM,aAAa,GAAkB;YACnC,QAAQ,EAAE,OAAO,CAAC,MAAM,CAAC,QAAQ;YACjC,SAAS,EAAE,OAAO,CAAC,MAAM,CAAC,SAAS;YACnC,OAAO,EAAE,OAAO,CAAC,MAAM,CAAC,OAAO;YAC/B,OAAO,EAAE,OAAO,CAAC,MAAM,CAAC,IAAI;SAC7B,CAAC;QAEF,MAAM,OAAO,GAAG,yBAAyB,CAAC,KAAK,CAAC,OAAO,EAAE,aAAa,CAAC,CAAC;QACxE,MAAM,CAAC,KAAK,CAAC,iDAAiD,CAAC,CAAC;QAEhE,IAAI;YACF,MAAM,CAAC,KAAK,CAAC,oBAAoB,CAAC,CAAC;YACnC,MAAM,IAAA,gEAAqC,EAAC,aAAa,EAAE,EAAE,MAAM,EAAE,MAAM,CAAC,IAAI,EAAE,GAAG,EAAE,MAAM,CAAC,GAAG,EAAE,EAAE,OAAO,CAAC,CAAC;YAC9G,SAAE,CAAC,GAAG,CAAC,mCAAmC,CAAC,CAAC;SAC7C;QAAC,OAAO,KAAK,EAAE;YACd,MAAM,GAAG,GAAG,KAAgB,CAAC;YAC7B,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;YAC1B,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;SACjB;KACF;SAAM;QACL,MAAM,IAAA,mCAAQ,GAAE,CAAC;KAClB;AACH,CAAC,CAAC;AA9CW,QAAA,IAAI,QA8Cf;AAEF,kBAAe,YAAI,CAAC"}
package/oclif.manifest.json CHANGED
@@ -1,5 +1,5 @@
1
1
  {
2
- "version": "2.4.12",
2
+ "version": "2.4.14",
3
3
  "commands": {
4
4
  "plugins:trust:verify": {
5
5
  "id": "plugins:trust:verify",
package/package.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "@salesforce/plugin-trust",
3
3
  "description": "validate a digital signature for a npm package",
4
- "version": "2.4.12",
4
+ "version": "2.4.14",
5
5
  "author": "Salesforce",
6
6
  "main": "lib/index.js",
7
7
  "bin": {
@@ -24,9 +24,9 @@
24
24
  },
25
25
  "devDependencies": {
26
26
  "@oclif/plugin-command-snapshot": "^3.3.9",
27
- "@salesforce/cli-plugins-testkit": "^3.3.2",
27
+ "@salesforce/cli-plugins-testkit": "^3.3.5",
28
28
  "@salesforce/dev-config": "^3.0.0",
29
- "@salesforce/dev-scripts": "^4.3.0",
29
+ "@salesforce/dev-scripts": "^4.3.1",
30
30
  "@salesforce/plugin-command-reference": "^2.4.1",
31
31
  "@salesforce/prettier-config": "^0.0.2",
32
32
  "@salesforce/ts-sinon": "^1.4.6",
@@ -37,7 +37,7 @@
37
37
  "@typescript-eslint/eslint-plugin": "^5.33.0",
38
38
  "@typescript-eslint/parser": "^5.57.1",
39
39
  "chai": "^4.3.7",
40
- "eslint": "^8.38.0",
40
+ "eslint": "^8.39.0",
41
41
  "eslint-config-prettier": "^8.8.0",
42
42
  "eslint-config-salesforce": "^1.2.0",
43
43
  "eslint-config-salesforce-license": "^0.2.0",
@@ -49,7 +49,7 @@
49
49
  "husky": "^7.0.4",
50
50
  "mocha": "^9.1.3",
51
51
  "nyc": "^15.1.0",
52
- "oclif": "^3.7.3",
52
+ "oclif": "^3.8.2",
53
53
  "prettier": "^2.8.7",
54
54
  "pretty-quick": "^3.1.0",
55
55
  "shx": "0.3.4",
@@ -229,7 +229,7 @@
229
229
  }
230
230
  },
231
231
  "sfdx": {
232
- "publicKeyUrl": "https://developer.salesforce.com/media/salesforce-cli/security/@salesforce/plugin-trust/2.4.12.crt",
233
- "signatureUrl": "https://developer.salesforce.com/media/salesforce-cli/security/@salesforce/plugin-trust/2.4.12.sig"
232
+ "publicKeyUrl": "https://developer.salesforce.com/media/salesforce-cli/security/@salesforce/plugin-trust/2.4.14.crt",
233
+ "signatureUrl": "https://developer.salesforce.com/media/salesforce-cli/security/@salesforce/plugin-trust/2.4.14.sig"
234
234
  }
235
235
  }