@vantaloom/runtime-darwin-arm64 0.3.1 → 0.3.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/cli/package.json +1 -1
- package/cli/src/cli.mjs +60 -13
- package/package.json +1 -1
package/cli/package.json
CHANGED
package/cli/src/cli.mjs
CHANGED
|
@@ -24,10 +24,35 @@ const fallbackNpmRegistries = [
|
|
|
24
24
|
"https://registry.npmmirror.com",
|
|
25
25
|
]
|
|
26
26
|
|
|
27
|
+
// Inherit strict-ssl=false from npm/npx config, or respect NODE_TLS_REJECT_UNAUTHORIZED.
|
|
28
|
+
// When npm runs us via npx with strict-ssl disabled, it sets npm_config_strict_ssl="false".
|
|
29
|
+
// Also check user .npmrc for strict-ssl=false (common in China behind proxies).
|
|
30
|
+
function shouldDisableTLS() {
|
|
31
|
+
if (process.env.NODE_TLS_REJECT_UNAUTHORIZED === "0") return true
|
|
32
|
+
if (process.env.npm_config_strict_ssl === "false") return true
|
|
33
|
+
if (process.env.npm_config_strict_ssl === "") return true
|
|
34
|
+
try {
|
|
35
|
+
const npmrcPath = path.join(os.homedir(), ".npmrc")
|
|
36
|
+
if (existsSync(npmrcPath)) {
|
|
37
|
+
const content = readFileSync(npmrcPath, "utf8")
|
|
38
|
+
if (/^\s*strict-ssl\s*=\s*false/m.test(content)) return true
|
|
39
|
+
}
|
|
40
|
+
} catch {}
|
|
41
|
+
return false
|
|
42
|
+
}
|
|
43
|
+
if (shouldDisableTLS()) {
|
|
44
|
+
process.env.NODE_TLS_REJECT_UNAUTHORIZED = "0"
|
|
45
|
+
}
|
|
46
|
+
|
|
27
47
|
export async function main(argv) {
|
|
28
48
|
const command = argv[0] ?? "help"
|
|
29
49
|
const options = parseOptions(argv.slice(1))
|
|
30
50
|
|
|
51
|
+
// --no-strict-ssl flag disables TLS certificate verification for fetch calls
|
|
52
|
+
if (options.noStrictSsl) {
|
|
53
|
+
process.env.NODE_TLS_REJECT_UNAUTHORIZED = "0"
|
|
54
|
+
}
|
|
55
|
+
|
|
31
56
|
switch (command) {
|
|
32
57
|
case "install":
|
|
33
58
|
if (options.package) {
|
|
@@ -402,28 +427,46 @@ async function resolveNpmPackageWithFallback({ registries, name, version }) {
|
|
|
402
427
|
const result = await resolveNpmPackage({ registry, name, version })
|
|
403
428
|
return { ...result, registry }
|
|
404
429
|
} catch (error) {
|
|
405
|
-
const
|
|
406
|
-
|
|
407
|
-
||
|
|
408
|
-
||
|
|
409
|
-
||
|
|
430
|
+
const causeCode = error?.cause?.code || ""
|
|
431
|
+
const isNetworkError = causeCode === "ECONNREFUSED"
|
|
432
|
+
|| causeCode === "ENOTFOUND"
|
|
433
|
+
|| causeCode === "ETIMEDOUT"
|
|
434
|
+
|| causeCode === "ECONNRESET"
|
|
435
|
+
|| causeCode === "UND_ERR_CONNECT_TIMEOUT"
|
|
410
436
|
|| (error instanceof TypeError && error.message === "fetch failed")
|
|
411
|
-
|
|
412
|
-
|
|
413
|
-
|
|
414
|
-
|
|
437
|
+
const isSslError = causeCode === "UNABLE_TO_GET_ISSUER_CERT_LOCALLY"
|
|
438
|
+
|| causeCode === "CERT_HAS_EXPIRED"
|
|
439
|
+
|| causeCode === "DEPTH_ZERO_SELF_SIGNED_CERT"
|
|
440
|
+
|| causeCode === "SELF_SIGNED_CERT_IN_CHAIN"
|
|
441
|
+
|| causeCode === "ERR_TLS_CERT_ALTNAME_INVALID"
|
|
442
|
+
const isRetryable = isNetworkError || isSslError
|
|
443
|
+
errors.push({ registry, error, isRetryable, isSslError })
|
|
444
|
+
|
|
445
|
+
if (isRetryable && registries.length > 1) {
|
|
446
|
+
const hint = isSslError ? " (SSL certificate error)" : ""
|
|
447
|
+
console.error(`vantaloom: ${registry} unreachable${hint}, trying next registry...`)
|
|
415
448
|
continue
|
|
416
449
|
}
|
|
450
|
+
if (isSslError) {
|
|
451
|
+
throw new Error(
|
|
452
|
+
`SSL certificate error connecting to ${registry}: ${causeCode}\n` +
|
|
453
|
+
` Fix: run with --no-strict-ssl, or set npm config: npm config set strict-ssl false`
|
|
454
|
+
)
|
|
455
|
+
}
|
|
417
456
|
// Non-network error (404, parse error, etc.) — don't try fallbacks
|
|
418
457
|
throw error
|
|
419
458
|
}
|
|
420
459
|
}
|
|
421
460
|
|
|
422
|
-
// All registries failed
|
|
461
|
+
// All registries failed
|
|
462
|
+
const hasSslError = errors.some((e) => e.isSslError)
|
|
423
463
|
const tried = errors.map((e) => e.registry).join(", ")
|
|
464
|
+
const sslHint = hasSslError
|
|
465
|
+
? `\n SSL fix: run with --no-strict-ssl, or set npm config: npm config set strict-ssl false`
|
|
466
|
+
: ""
|
|
424
467
|
throw new Error(
|
|
425
468
|
`all registries unreachable (tried: ${tried}). ` +
|
|
426
|
-
`Check your network or specify --npm-registry <url
|
|
469
|
+
`Check your network or specify --npm-registry <url>${sslHint}`
|
|
427
470
|
)
|
|
428
471
|
}
|
|
429
472
|
|
|
@@ -440,9 +483,10 @@ async function resolveNpmPackage({ registry, name, version }) {
|
|
|
440
483
|
})
|
|
441
484
|
} catch (error) {
|
|
442
485
|
if (error instanceof TypeError && error.message === "fetch failed") {
|
|
443
|
-
const
|
|
486
|
+
const causeCode = error.cause?.code || ""
|
|
487
|
+
const causeMsg = causeCode || error.cause?.message || String(error.cause || "")
|
|
444
488
|
throw Object.assign(
|
|
445
|
-
new Error(`cannot reach registry ${registry}${
|
|
489
|
+
new Error(`cannot reach registry ${registry} (${causeMsg})`),
|
|
446
490
|
{ cause: error.cause }
|
|
447
491
|
)
|
|
448
492
|
}
|
|
@@ -870,6 +914,9 @@ function parseOptions(args) {
|
|
|
870
914
|
case "local":
|
|
871
915
|
options.local = true
|
|
872
916
|
break
|
|
917
|
+
case "no-strict-ssl":
|
|
918
|
+
options.noStrictSsl = true
|
|
919
|
+
break
|
|
873
920
|
default:
|
|
874
921
|
throw new Error(`unknown option --${key}`)
|
|
875
922
|
}
|