@salesforce/plugin-trust 2.4.12 → 2.5.0-qa.1

package/lib/hooks/verifyInstallSignature.js

@@ -26,6 +26,13 @@ const hook = async function (options) {
     if (options.plugin && options.plugin.type === 'npm') {
         const logger = await core_1.Logger.child('verifyInstallSignature');
         const plugin = options.plugin;
+        // skip if the plugin version being installed is listed in the CLI's JIT config
+        if (plugin.tag &&
+            plugin.name in options.config.pjson.oclif.jitPlugins &&
+            options.config.pjson.oclif.jitPlugins?.[plugin.name] === plugin.tag) {
+            logger.debug(`Skipping verification for ${options.plugin.name} because it is listed in the CLI's JIT config.`);
+            return;
+        }
         logger.debug('parsing npm name');
         const npmName = NpmName_1.NpmName.parse(plugin.name);
         logger.debug(`npmName components: ${JSON.stringify(npmName, null, 4)}`);

package/lib/hooks/verifyInstallSignature.js.map

@@ -1 +1 @@
-{"version":3,"file":"verifyInstallSignature.js","sourceRoot":"","sources":["../../src/hooks/verifyInstallSignature.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;;AAGH,2CAAmD;AACnD,sCAAiC;AACjC,iFAM4C;AAE5C,+CAA4C;AAE5C;;GAEG;AACH,MAAa,yBAAyB;IAC7B,MAAM,CAAC,KAAK,CAAC,OAAgB,EAAE,aAA4B;QAChE,MAAM,OAAO,GAAG,IAAI,6CAAkB,EAAE,CAAC;QACzC,OAAO,CAAC,QAAQ,GAAG,IAAI,mDAAwB,EAAE,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC,SAAS,CAAC,aAAa,CAAC,CAAC;QACrG,OAAO,OAAO,CAAC;IACjB,CAAC;CACF;AAND,8DAMC;AAEM,MAAM,IAAI,GAA2B,KAAK,WAAW,OAAO;IACjE,IAAI,OAAO,CAAC,MAAM,IAAI,OAAO,CAAC,MAAM,CAAC,IAAI,KAAK,KAAK,EAAE;QACnD,MAAM,MAAM,GAAG,MAAM,aAAM,CAAC,KAAK,CAAC,wBAAwB,CAAC,CAAC;QAC5D,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;QAE9B,MAAM,CAAC,KAAK,CAAC,kBAAkB,CAAC,CAAC;QACjC,MAAM,OAAO,GAAG,iBAAO,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QAC3C,MAAM,CAAC,KAAK,CAAC,uBAAuB,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC;QAExE,OAAO,CAAC,GAAG,GAAG,MAAM,CAAC,GAAG,IAAI,QAAQ,CAAC;QAErC,IAAI,WAAW,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE;YACjC,OAAO,CAAC,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;SACpC;QAED,MAAM,aAAa,GAAkB;YACnC,QAAQ,EAAE,OAAO,CAAC,MAAM,CAAC,QAAQ;YACjC,SAAS,EAAE,OAAO,CAAC,MAAM,CAAC,SAAS;YACnC,OAAO,EAAE,OAAO,CAAC,MAAM,CAAC,OAAO;YAC/B,OAAO,EAAE,OAAO,CAAC,MAAM,CAAC,IAAI;SAC7B,CAAC;QAEF,MAAM,OAAO,GAAG,yBAAyB,CAAC,KAAK,CAAC,OAAO,EAAE,aAAa,CAAC,CAAC;QACxE,MAAM,CAAC,KAAK,CAAC,iDAAiD,CAAC,CAAC;QAEhE,IAAI;YACF,MAAM,CAAC,KAAK,CAAC,oBAAoB,CAAC,CAAC;YACnC,MAAM,IAAA,gEAAqC,EAAC,aAAa,EAAE,EAAE,MAAM,EAAE,MAAM,CAAC,IAAI,EAAE,GAAG,EAAE,MAAM,CAAC,GAAG,EAAE,EAAE,OAAO,CAAC,CAAC;YAC9G,SAAE,CAAC,GAAG,CAAC,mCAAmC,CAAC,CAAC;SAC7C;QAAC,OAAO,KAAK,EAAE;YACd,MAAM,GAAG,GAAG,KAAgB,CAAC;YAC7B,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;YAC1B,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;SACjB;KACF;SAAM;QACL,MAAM,IAAA,mCAAQ,GAAE,CAAC;KAClB;AACH,CAAC,CAAC;AArCW,QAAA,IAAI,QAqCf;AAEF,kBAAe,YAAI,CAAC"}
+{"version":3,"file":"verifyInstallSignature.js","sourceRoot":"","sources":["../../src/hooks/verifyInstallSignature.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;;AAGH,2CAAmD;AACnD,sCAAiC;AACjC,iFAM4C;AAE5C,+CAA4C;AAE5C;;GAEG;AACH,MAAa,yBAAyB;IAC7B,MAAM,CAAC,KAAK,CAAC,OAAgB,EAAE,aAA4B;QAChE,MAAM,OAAO,GAAG,IAAI,6CAAkB,EAAE,CAAC;QACzC,OAAO,CAAC,QAAQ,GAAG,IAAI,mDAAwB,EAAE,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC,SAAS,CAAC,aAAa,CAAC,CAAC;QACrG,OAAO,OAAO,CAAC;IACjB,CAAC;CACF;AAND,8DAMC;AAEM,MAAM,IAAI,GAA2B,KAAK,WAAW,OAAO;IACjE,IAAI,OAAO,CAAC,MAAM,IAAI,OAAO,CAAC,MAAM,CAAC,IAAI,KAAK,KAAK,EAAE;QACnD,MAAM,MAAM,GAAG,MAAM,aAAM,CAAC,KAAK,CAAC,wBAAwB,CAAC,CAAC;QAC5D,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;QAE9B,+EAA+E;QAC/E,IACE,MAAM,CAAC,GAAG;YACV,MAAM,CAAC,IAAI,IAAI,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,UAAU;YACpD,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,UAAU,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,MAAM,CAAC,GAAG,EACnE;YACA,MAAM,CAAC,KAAK,CAAC,6BAA6B,OAAO,CAAC,MAAM,CAAC,IAAI,gDAAgD,CAAC,CAAC;YAC/G,OAAO;SACR;QACD,MAAM,CAAC,KAAK,CAAC,kBAAkB,CAAC,CAAC;QACjC,MAAM,OAAO,GAAG,iBAAO,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QAC3C,MAAM,CAAC,KAAK,CAAC,uBAAuB,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC;QAExE,OAAO,CAAC,GAAG,GAAG,MAAM,CAAC,GAAG,IAAI,QAAQ,CAAC;QAErC,IAAI,WAAW,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE;YACjC,OAAO,CAAC,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;SACpC;QAED,MAAM,aAAa,GAAkB;YACnC,QAAQ,EAAE,OAAO,CAAC,MAAM,CAAC,QAAQ;YACjC,SAAS,EAAE,OAAO,CAAC,MAAM,CAAC,SAAS;YACnC,OAAO,EAAE,OAAO,CAAC,MAAM,CAAC,OAAO;YAC/B,OAAO,EAAE,OAAO,CAAC,MAAM,CAAC,IAAI;SAC7B,CAAC;QAEF,MAAM,OAAO,GAAG,yBAAyB,CAAC,KAAK,CAAC,OAAO,EAAE,aAAa,CAAC,CAAC;QACxE,MAAM,CAAC,KAAK,CAAC,iDAAiD,CAAC,CAAC;QAEhE,IAAI;YACF,MAAM,CAAC,KAAK,CAAC,oBAAoB,CAAC,CAAC;YACnC,MAAM,IAAA,gEAAqC,EAAC,aAAa,EAAE,EAAE,MAAM,EAAE,MAAM,CAAC,IAAI,EAAE,GAAG,EAAE,MAAM,CAAC,GAAG,EAAE,EAAE,OAAO,CAAC,CAAC;YAC9G,SAAE,CAAC,GAAG,CAAC,mCAAmC,CAAC,CAAC;SAC7C;QAAC,OAAO,KAAK,EAAE;YACd,MAAM,GAAG,GAAG,KAAgB,CAAC;YAC7B,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;YAC1B,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;SACjB;KACF;SAAM;QACL,MAAM,IAAA,mCAAQ,GAAE,CAAC;KAClB;AACH,CAAC,CAAC;AA9CW,QAAA,IAAI,QA8Cf;AAEF,kBAAe,YAAI,CAAC"}

package/oclif.manifest.json

@@ -1,5 +1,5 @@
 {
-  "version": "2.4.12",
+  "version": "2.5.0-qa.1",
   "commands": {
     "plugins:trust:verify": {
       "id": "plugins:trust:verify",

package/package.json

@@ -1,7 +1,7 @@
 {
     "name": "@salesforce/plugin-trust",
     "description": "validate a digital signature for a npm package",
-    "version": "2.4.12",
+    "version": "2.5.0-qa.1",
     "author": "Salesforce",
     "main": "lib/index.js",
     "bin": {
@@ -229,7 +229,7 @@
         }
     },
     "sfdx": {
-        "publicKeyUrl": "https://developer.salesforce.com/media/salesforce-cli/security/@salesforce/plugin-trust/2.4.12.crt",
-        "signatureUrl": "https://developer.salesforce.com/media/salesforce-cli/security/@salesforce/plugin-trust/2.4.12.sig"
+        "publicKeyUrl": "https://developer.salesforce.com/media/salesforce-cli/security/@salesforce/plugin-trust/2.5.0-qa.1.crt",
+        "signatureUrl": "https://developer.salesforce.com/media/salesforce-cli/security/@salesforce/plugin-trust/2.5.0-qa.1.sig"
     }
 }