@vantaloom/runtime-darwin-arm64 0.3.1 → 0.3.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/cli/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@vantaloom/cli",
3
- "version": "0.3.1",
3
+ "version": "0.3.2",
4
4
  "private": false,
5
5
  "type": "module",
6
6
  "description": "Vantaloom local runtime manager.",
package/cli/src/cli.mjs CHANGED
@@ -24,10 +24,35 @@ const fallbackNpmRegistries = [
24
24
  "https://registry.npmmirror.com",
25
25
  ]
26
26
 
27
+ // Inherit strict-ssl=false from npm/npx config, or respect NODE_TLS_REJECT_UNAUTHORIZED.
28
+ // When npm runs us via npx with strict-ssl disabled, it sets npm_config_strict_ssl="false".
29
+ // Also check user .npmrc for strict-ssl=false (common in China behind proxies).
30
+ function shouldDisableTLS() {
31
+ if (process.env.NODE_TLS_REJECT_UNAUTHORIZED === "0") return true
32
+ if (process.env.npm_config_strict_ssl === "false") return true
33
+ if (process.env.npm_config_strict_ssl === "") return true
34
+ try {
35
+ const npmrcPath = path.join(os.homedir(), ".npmrc")
36
+ if (existsSync(npmrcPath)) {
37
+ const content = readFileSync(npmrcPath, "utf8")
38
+ if (/^\s*strict-ssl\s*=\s*false/m.test(content)) return true
39
+ }
40
+ } catch {}
41
+ return false
42
+ }
43
+ if (shouldDisableTLS()) {
44
+ process.env.NODE_TLS_REJECT_UNAUTHORIZED = "0"
45
+ }
46
+
27
47
  export async function main(argv) {
28
48
  const command = argv[0] ?? "help"
29
49
  const options = parseOptions(argv.slice(1))
30
50
 
51
+ // --no-strict-ssl flag disables TLS certificate verification for fetch calls
52
+ if (options.noStrictSsl) {
53
+ process.env.NODE_TLS_REJECT_UNAUTHORIZED = "0"
54
+ }
55
+
31
56
  switch (command) {
32
57
  case "install":
33
58
  if (options.package) {
@@ -402,28 +427,46 @@ async function resolveNpmPackageWithFallback({ registries, name, version }) {
402
427
  const result = await resolveNpmPackage({ registry, name, version })
403
428
  return { ...result, registry }
404
429
  } catch (error) {
405
- const isNetworkError = error?.cause?.code === "ECONNREFUSED"
406
- || error?.cause?.code === "ENOTFOUND"
407
- || error?.cause?.code === "ETIMEDOUT"
408
- || error?.cause?.code === "ECONNRESET"
409
- || error?.cause?.code === "UND_ERR_CONNECT_TIMEOUT"
430
+ const causeCode = error?.cause?.code || ""
431
+ const isNetworkError = causeCode === "ECONNREFUSED"
432
+ || causeCode === "ENOTFOUND"
433
+ || causeCode === "ETIMEDOUT"
434
+ || causeCode === "ECONNRESET"
435
+ || causeCode === "UND_ERR_CONNECT_TIMEOUT"
410
436
  || (error instanceof TypeError && error.message === "fetch failed")
411
- errors.push({ registry, error, isNetworkError })
412
-
413
- if (isNetworkError && registries.length > 1) {
414
- console.error(`vantaloom: ${registry} unreachable, trying next registry...`)
437
+ const isSslError = causeCode === "UNABLE_TO_GET_ISSUER_CERT_LOCALLY"
438
+ || causeCode === "CERT_HAS_EXPIRED"
439
+ || causeCode === "DEPTH_ZERO_SELF_SIGNED_CERT"
440
+ || causeCode === "SELF_SIGNED_CERT_IN_CHAIN"
441
+ || causeCode === "ERR_TLS_CERT_ALTNAME_INVALID"
442
+ const isRetryable = isNetworkError || isSslError
443
+ errors.push({ registry, error, isRetryable, isSslError })
444
+
445
+ if (isRetryable && registries.length > 1) {
446
+ const hint = isSslError ? " (SSL certificate error)" : ""
447
+ console.error(`vantaloom: ${registry} unreachable${hint}, trying next registry...`)
415
448
  continue
416
449
  }
450
+ if (isSslError) {
451
+ throw new Error(
452
+ `SSL certificate error connecting to ${registry}: ${causeCode}\n` +
453
+ ` Fix: run with --no-strict-ssl, or set npm config: npm config set strict-ssl false`
454
+ )
455
+ }
417
456
  // Non-network error (404, parse error, etc.) — don't try fallbacks
418
457
  throw error
419
458
  }
420
459
  }
421
460
 
422
- // All registries failed with network errors
461
+ // All registries failed
462
+ const hasSslError = errors.some((e) => e.isSslError)
423
463
  const tried = errors.map((e) => e.registry).join(", ")
464
+ const sslHint = hasSslError
465
+ ? `\n SSL fix: run with --no-strict-ssl, or set npm config: npm config set strict-ssl false`
466
+ : ""
424
467
  throw new Error(
425
468
  `all registries unreachable (tried: ${tried}). ` +
426
- `Check your network or specify --npm-registry <url>`
469
+ `Check your network or specify --npm-registry <url>${sslHint}`
427
470
  )
428
471
  }
429
472
 
@@ -440,9 +483,10 @@ async function resolveNpmPackage({ registry, name, version }) {
440
483
  })
441
484
  } catch (error) {
442
485
  if (error instanceof TypeError && error.message === "fetch failed") {
443
- const cause = error.cause ? ` (${error.cause.code || error.cause.message || error.cause})` : ""
486
+ const causeCode = error.cause?.code || ""
487
+ const causeMsg = causeCode || error.cause?.message || String(error.cause || "")
444
488
  throw Object.assign(
445
- new Error(`cannot reach registry ${registry}${cause}`),
489
+ new Error(`cannot reach registry ${registry} (${causeMsg})`),
446
490
  { cause: error.cause }
447
491
  )
448
492
  }
@@ -870,6 +914,9 @@ function parseOptions(args) {
870
914
  case "local":
871
915
  options.local = true
872
916
  break
917
+ case "no-strict-ssl":
918
+ options.noStrictSsl = true
919
+ break
873
920
  default:
874
921
  throw new Error(`unknown option --${key}`)
875
922
  }
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@vantaloom/runtime-darwin-arm64",
3
- "version": "0.3.1",
3
+ "version": "0.3.2",
4
4
  "private": false,
5
5
  "description": "Vantaloom local runtime for darwin-arm64.",
6
6
  "type": "module",