@vltpkg/package-info 1.0.0-rc.23 → 1.0.0-rc.24

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/dist/index.d.ts +55 -0
  2. package/dist/index.js +665 -0
  3. package/dist/rename.d.ts +2 -0
  4. package/dist/rename.js +31 -0
  5. package/package.json +13 -13
package/dist/index.d.ts ADDED
@@ -0,0 +1,55 @@
1
+ import { PackageJson } from '@vltpkg/package-json';
2
+ import type { PickManifestOptions } from '@vltpkg/pick-manifest';
3
+ import type { RegistryClientOptions, RegistryClientRequestOptions } from '@vltpkg/registry-client';
4
+ import { RegistryClient } from '@vltpkg/registry-client';
5
+ import type { SpecOptions } from '@vltpkg/spec';
6
+ import { Spec } from '@vltpkg/spec';
7
+ import { Pool } from '@vltpkg/tar';
8
+ import type { Integrity, Manifest, Packument } from '@vltpkg/types';
9
+ import { Monorepo } from '@vltpkg/workspaces';
10
+ export declare const delimiter = "~";
11
+ export type Resolution = {
12
+ resolved: string;
13
+ integrity?: Integrity;
14
+ signatures?: Exclude<Manifest['dist'], undefined>['signatures'];
15
+ spec: Spec;
16
+ };
17
+ export type PackageInfoClientOptions = RegistryClientOptions & SpecOptions & {
18
+ /** root of the project. Defaults to process.cwd() */
19
+ projectRoot?: string;
20
+ /** PackageJson object */
21
+ packageJson?: PackageJson;
22
+ monorepo?: Monorepo;
23
+ /** workspace groups to load, irrelevant if Monorepo provided */
24
+ 'workspace-group'?: string[];
25
+ /** workspace paths to load, irrelevant if Monorepo provided */
26
+ workspace?: string[];
27
+ };
28
+ export type PackageInfoClientRequestOptions = PickManifestOptions & RegistryClientRequestOptions & {
29
+ /** dir to resolve `file://` specifiers against. Defaults to projectRoot. */
30
+ from?: string;
31
+ };
32
+ export type PackageInfoClientExtractOptions = PackageInfoClientRequestOptions & {
33
+ integrity?: Integrity;
34
+ resolved?: string;
35
+ };
36
+ export declare class PackageInfoClient {
37
+ #private;
38
+ options: PackageInfoClientOptions;
39
+ packageJson: PackageJson;
40
+ monorepo?: Monorepo;
41
+ get registryClient(): RegistryClient;
42
+ get tarPool(): Pool;
43
+ constructor(options?: PackageInfoClientOptions);
44
+ extract(spec: Spec | string, target: string, options?: PackageInfoClientExtractOptions): Promise<Resolution>;
45
+ /**
46
+ * Conditionally return the path to the manifest cache file. The logic
47
+ * to determine if caching should be skipped aligns with `pickManifest`
48
+ * and is used to avoid caching manifest results that can be variable.
49
+ */
50
+ _manifestCachePath(spec: Spec, options: PackageInfoClientRequestOptions): string | undefined;
51
+ tarball(spec: Spec | string, options?: PackageInfoClientExtractOptions): Promise<Buffer>;
52
+ manifest(spec: Spec | string, options?: PackageInfoClientRequestOptions): Promise<Manifest | import("@vltpkg/types").Override<Manifest, import("@vltpkg/types").NormalizedFields>>;
53
+ packument(spec: Spec | string, options?: PackageInfoClientRequestOptions): Promise<Packument>;
54
+ resolve(spec: Spec | string, options?: PackageInfoClientRequestOptions): Promise<Resolution>;
55
+ }
package/dist/index.js ADDED
@@ -0,0 +1,665 @@
1
+ import { error } from '@vltpkg/error-cause';
2
+ import { clone, resolve as gitResolve, revs } from '@vltpkg/git';
3
+ import { PackageJson } from '@vltpkg/package-json';
4
+ import { pickManifest } from '@vltpkg/pick-manifest';
5
+ import { RegistryClient } from '@vltpkg/registry-client';
6
+ import { Spec } from '@vltpkg/spec';
7
+ import { Pool } from '@vltpkg/tar';
8
+ import { asPackument, isIntegrity } from '@vltpkg/types';
9
+ import ssri from 'ssri';
10
+ import { Monorepo } from '@vltpkg/workspaces';
11
+ import { XDG } from '@vltpkg/xdg';
12
+ import { randomBytes } from 'node:crypto';
13
+ import { mkdir, readFile, rm, stat, symlink, unlink, writeFile, } from 'node:fs/promises';
14
+ import { basename, dirname, resolve as pathResolve, relative, } from 'node:path';
15
+ import { create as tarC } from 'tar';
16
+ import { rename } from "./rename.js";
17
+ const xdg = new XDG('vlt');
18
+ export const delimiter = '~';
19
+ // the maximum duration of a manifest cache file
20
+ const manifestCacheMaxAge = 5 * 60 * 1000;
21
+ export class PackageInfoClient {
22
+ #registryClient;
23
+ #projectRoot;
24
+ #tarPool;
25
+ options;
26
+ #resolutions = new Map();
27
+ packageJson;
28
+ monorepo;
29
+ #trustedIntegrities = new Map();
30
+ #manifestCacheMinAge = Date.now() - manifestCacheMaxAge;
31
+ #cachePath;
32
+ get registryClient() {
33
+ if (!this.#registryClient) {
34
+ this.#registryClient = new RegistryClient(this.options);
35
+ }
36
+ return this.#registryClient;
37
+ }
38
+ get tarPool() {
39
+ if (!this.#tarPool)
40
+ this.#tarPool = new Pool();
41
+ return this.#tarPool;
42
+ }
43
+ constructor(options = {}) {
44
+ this.options = options;
45
+ this.#projectRoot = options.projectRoot || process.cwd();
46
+ this.packageJson = options.packageJson ?? new PackageJson();
47
+ const wsLoad = {
48
+ ...(options.workspace?.length && { paths: options.workspace }),
49
+ ...(options['workspace-group']?.length && {
50
+ groups: options['workspace-group'],
51
+ }),
52
+ };
53
+ this.monorepo =
54
+ options.monorepo ??
55
+ Monorepo.maybeLoad(this.#projectRoot, {
56
+ load: wsLoad,
57
+ packageJson: this.packageJson,
58
+ });
59
+ this.#cachePath = options.cache ?? xdg.cache();
60
+ // optionally create its cache directory if it doesn't exist
61
+ void mkdir(pathResolve(this.#cachePath, 'package-info'), {
62
+ recursive: true,
63
+ }).catch(() => { });
64
+ }
65
+ async extract(spec, target, options = {}) {
66
+ if (typeof spec === 'string')
67
+ spec = Spec.parse(spec, this.options);
68
+ const { from = this.#projectRoot, integrity, resolved } = options;
69
+ const f = spec.final;
70
+ const r = integrity && resolved ?
71
+ { resolved, integrity, spec }
72
+ : await this.resolve(spec, options);
73
+ switch (f.type) {
74
+ case 'git': {
75
+ const { gitRemote, gitCommittish, remoteURL, gitSelectorParsed, } = f;
76
+ if (!remoteURL) {
77
+ /* c8 ignore start - Impossible, would throw on the resolve */
78
+ if (!gitRemote)
79
+ throw this.#resolveError(spec, options, 'no remote on git: specifier');
80
+ /* c8 ignore stop */
81
+ const { path } = gitSelectorParsed ?? {};
82
+ if (path !== undefined) {
83
+ // use obvious name because it's in node_modules
84
+ const tmp = pathResolve(dirname(target), `.TEMP.${basename(target)}-${randomBytes(6).toString('hex')}`);
85
+ await clone(gitRemote, gitCommittish, tmp, { spec });
86
+ const src = pathResolve(tmp, path);
87
+ await rename(src, target);
88
+ // intentionally not awaited
89
+ void rm(tmp, { recursive: true, force: true });
90
+ }
91
+ else {
92
+ await clone(gitRemote, gitCommittish, target, { spec });
93
+ // intentionally not awaited
94
+ void rm(target + '/.git', { recursive: true });
95
+ }
96
+ return r;
97
+ }
98
+ // fallthrough if a remote tarball url present
99
+ }
100
+ case 'registry': {
101
+ const trustIntegrity = this.#trustedIntegrities.get(r.resolved) === r.integrity;
102
+ const response = await this.registryClient.request(r.resolved, {
103
+ integrity: r.integrity,
104
+ trustIntegrity,
105
+ });
106
+ if (response.statusCode !== 200) {
107
+ throw this.#resolveError(spec, options, 'failed to fetch tarball', {
108
+ url: r.resolved,
109
+ response,
110
+ });
111
+ }
112
+ // if it's not trusted already, but valid, start trusting
113
+ if (!trustIntegrity &&
114
+ response.checkIntegrity({ spec, url: resolved })) {
115
+ this.#trustedIntegrities.set(r.resolved, response.integrity);
116
+ }
117
+ try {
118
+ await this.tarPool.unpack(response.buffer(), target);
119
+ }
120
+ catch (er) {
121
+ throw this.#resolveError(spec, options, 'tar unpack failed', { cause: er });
122
+ }
123
+ return r;
124
+ }
125
+ case 'remote': {
126
+ const response = await this.registryClient.request(r.resolved);
127
+ if (response.statusCode !== 200) {
128
+ throw this.#resolveError(spec, options, 'failed to fetch remote tarball', {
129
+ url: r.resolved,
130
+ response,
131
+ });
132
+ }
133
+ const buf = response.buffer();
134
+ // Compute integrity for remote/git-with-tarball deps
135
+ const computed = ssri
136
+ .fromData(buf, { algorithms: ['sha512'] })
137
+ .toString();
138
+ if (r.integrity && r.integrity !== computed) {
139
+ throw error('Integrity check failure', {
140
+ code: 'EINTEGRITY',
141
+ spec,
142
+ url: r.resolved,
143
+ wanted: r.integrity,
144
+ found: computed,
145
+ });
146
+ }
147
+ r.integrity = computed;
148
+ try {
149
+ await this.tarPool.unpack(buf, target);
150
+ }
151
+ catch (er) {
152
+ throw this.#resolveError(spec, options, 'remote tar unpack failed', { cause: er });
153
+ }
154
+ return r;
155
+ }
156
+ case 'file': {
157
+ // if it's a directory, then "extract" means "symlink"
158
+ const { file } = f;
159
+ /* c8 ignore start - asserted in resolve() */
160
+ if (file === undefined)
161
+ throw this.#resolveError(spec, options, 'no file path');
162
+ /* c8 ignore stop */
163
+ const path = pathResolve(from, file);
164
+ const st = await stat(path);
165
+ if (st.isFile()) {
166
+ try {
167
+ await this.tarPool.unpack(await this.tarball(spec, options), target);
168
+ }
169
+ catch (er) {
170
+ throw this.#resolveError(spec, options, 'tar unpack failed', { cause: er });
171
+ }
172
+ }
173
+ else if (st.isDirectory()) {
174
+ const rel = relative(dirname(target), path);
175
+ await symlink(rel, target, 'dir');
176
+ /* c8 ignore start */
177
+ }
178
+ else {
179
+ throw this.#resolveError(spec, options, 'file: specifier does not resolve to directory or tarball');
180
+ }
181
+ /* c8 ignore stop */
182
+ return r;
183
+ }
184
+ case 'workspace': {
185
+ const ws = this.#getWS(spec, options);
186
+ const rel = relative(dirname(target), ws.fullpath);
187
+ await symlink(rel, target, 'dir');
188
+ return r;
189
+ }
190
+ }
191
+ }
192
+ #getWS(spec, options) {
193
+ const { workspace } = spec;
194
+ /* c8 ignore start - asserted in resolve() */
195
+ if (workspace === undefined)
196
+ throw this.#resolveError(spec, options, 'no workspace ID');
197
+ /* c8 ignore stop */
198
+ if (!this.monorepo) {
199
+ throw this.#resolveError(spec, options, 'Not in a monorepo, cannot resolve workspace spec');
200
+ }
201
+ const ws = this.monorepo.get(workspace);
202
+ if (!ws) {
203
+ throw this.#resolveError(spec, options, 'workspace not found', {
204
+ wanted: workspace,
205
+ });
206
+ }
207
+ return ws;
208
+ }
209
+ /**
210
+ * Return the manifest cache key for a spec and the current options.
211
+ */
212
+ #manifestCacheKey(spec, options) {
213
+ let extra = '';
214
+ if (options['node-version']) {
215
+ extra += `${delimiter}node-version:${options['node-version']}`;
216
+ }
217
+ if (options.os) {
218
+ extra += `${delimiter}os:${options.os}`;
219
+ }
220
+ if (options.arch) {
221
+ extra += `${delimiter}arch:${options.arch}`;
222
+ }
223
+ return encodeURIComponent(`${spec.registry}${delimiter}${spec}${extra}`);
224
+ }
225
+ /**
226
+ * Conditionally return the path to the manifest cache file. The logic
227
+ * to determine if caching should be skipped aligns with `pickManifest`
228
+ * and is used to avoid caching manifest results that can be variable.
229
+ */
230
+ _manifestCachePath(spec, options) {
231
+ if (options.before) {
232
+ return;
233
+ }
234
+ // if the final resolved spec is either a dist tag or something that
235
+ // matches any range (such as a semver range of `*` or empty string)
236
+ // then we skip caching
237
+ const f = spec.final;
238
+ if (f.distTag || f.range?.isAny) {
239
+ return;
240
+ }
241
+ const key = this.#manifestCacheKey(f, options);
242
+ return pathResolve(this.#cachePath, 'package-info', key);
243
+ }
244
+ async #registryManifestRequest(spec, options) {
245
+ const { registry, name, registrySpec } = spec.final;
246
+ /* c8 ignore start */
247
+ if (!spec.range?.isSingle || !registrySpec) {
248
+ throw this.#resolveError(spec, options, 'failed to request manifest', { spec });
249
+ }
250
+ /* c8 ignore stop */
251
+ const possibleLeadingChars = ['=', '^', '~', 'v'];
252
+ const hasLeadingRange = possibleLeadingChars.some(char => registrySpec.startsWith(char));
253
+ const version = hasLeadingRange ? registrySpec.slice(1) : registrySpec;
254
+ const pakuURL = new URL(`${name}/${version}`, registry);
255
+ const response = await this.registryClient.request(pakuURL, {
256
+ headers: {
257
+ accept: 'application/json',
258
+ },
259
+ });
260
+ if (response.statusCode !== 200) {
261
+ throw this.#resolveError(spec, options, 'failed to fetch manifest', {
262
+ url: pakuURL,
263
+ response,
264
+ });
265
+ }
266
+ return response.json();
267
+ }
268
+ async tarball(spec, options = {}) {
269
+ if (typeof spec === 'string')
270
+ spec = Spec.parse(spec, this.options);
271
+ const f = spec.final;
272
+ switch (f.type) {
273
+ case 'registry': {
274
+ const { dist } = await this.manifest(spec, options);
275
+ if (!dist)
276
+ throw this.#resolveError(spec, options, 'no dist object found in manifest');
277
+ const { tarball, integrity } = dist;
278
+ if (!tarball) {
279
+ throw this.#resolveError(spec, options, 'no tarball found in manifest.dist');
280
+ }
281
+ const trustIntegrity = this.#trustedIntegrities.get(tarball) === integrity;
282
+ const response = await this.registryClient.request(tarball, {
283
+ ...options,
284
+ integrity,
285
+ trustIntegrity,
286
+ });
287
+ if (response.statusCode !== 200) {
288
+ throw this.#resolveError(spec, options, 'failed to fetch tarball', { response, url: tarball });
289
+ }
290
+ // if we don't already trust it, but it's valid, start trusting it
291
+ if (!trustIntegrity &&
292
+ response.checkIntegrity({ spec, url: tarball })) {
293
+ this.#trustedIntegrities.set(tarball, response.integrity);
294
+ }
295
+ return response.buffer();
296
+ }
297
+ case 'git': {
298
+ const { remoteURL, gitRemote, gitCommittish, gitSelectorParsed, } = f;
299
+ const s = spec;
300
+ if (!remoteURL) {
301
+ if (!gitRemote) {
302
+ throw this.#resolveError(spec, options, 'no remote on git: specifier');
303
+ }
304
+ const { path } = gitSelectorParsed ?? {};
305
+ return await this.#tmpdir(async (dir) => {
306
+ await clone(gitRemote, gitCommittish, dir + '/package', {
307
+ spec: s,
308
+ });
309
+ let cwd = dir;
310
+ if (path !== undefined) {
311
+ const src = pathResolve(dir, 'package', path);
312
+ cwd = dirname(src);
313
+ const pkg = pathResolve(cwd, 'package');
314
+ if (src !== pkg) {
315
+ const rand = randomBytes(6).toString('hex');
316
+ // faster than deleting
317
+ await rename(pkg, pkg + rand).catch(() => { });
318
+ await rename(src, pkg);
319
+ }
320
+ }
321
+ return tarC({ cwd, gzip: true }, ['package']).concat();
322
+ });
323
+ }
324
+ // fallthrough if remoteURL set
325
+ }
326
+ case 'remote': {
327
+ const { remoteURL } = f;
328
+ if (!remoteURL) {
329
+ throw this.#resolveError(spec, options);
330
+ }
331
+ const response = await this.registryClient.request(remoteURL);
332
+ if (response.statusCode !== 200) {
333
+ throw this.#resolveError(spec, options, 'failed to fetch URL', { response, url: remoteURL });
334
+ }
335
+ return response.buffer();
336
+ }
337
+ case 'file': {
338
+ const { file } = f;
339
+ if (file === undefined)
340
+ throw this.#resolveError(spec, options, 'no file path');
341
+ const { from = this.#projectRoot } = options;
342
+ const path = pathResolve(from, file);
343
+ const st = await stat(path);
344
+ if (st.isDirectory()) {
345
+ const p = dirname(path);
346
+ const b = basename(path);
347
+ // TODO: Pack properly, ignore stuff, bundleDeps, etc
348
+ return tarC({ cwd: p, gzip: true }, [b]).concat();
349
+ }
350
+ return readFile(path);
351
+ }
352
+ case 'workspace': {
353
+ // TODO: Pack properly, ignore stuff, bundleDeps, etc
354
+ const ws = this.#getWS(spec, options);
355
+ const p = dirname(ws.fullpath);
356
+ const b = basename(ws.fullpath);
357
+ return tarC({ cwd: p, gzip: true }, [b]).concat();
358
+ }
359
+ }
360
+ }
361
+ async manifest(spec, options = {}) {
362
+ const { from = this.#projectRoot } = options;
363
+ if (typeof spec === 'string')
364
+ spec = Spec.parse(spec, this.options);
365
+ const f = spec.final;
366
+ switch (f.type) {
367
+ case 'registry': {
368
+ // Check if manifest is cached, if so just return it earlier
369
+ const cachePath = this._manifestCachePath(spec, options);
370
+ if (cachePath) {
371
+ try {
372
+ // Cache file exists, read and return it
373
+ const cached = await readFile(cachePath, 'utf8');
374
+ const json = JSON.parse(cached);
375
+ // retrieve timestamp to check if cache is still valid
376
+ const timestamp = json.__VLT_MANIFEST_CACHE_TIMESTAMP;
377
+ delete json.__VLT_MANIFEST_CACHE_TIMESTAMP;
378
+ // removes the cache file if older than its maximum age
379
+ if (timestamp != null &&
380
+ timestamp < this.#manifestCacheMinAge) {
381
+ void unlink(cachePath).catch(() => { });
382
+ throw new Error('manifest cache expired');
383
+ }
384
+ return json;
385
+ }
386
+ catch {
387
+ // Cache miss, fetch from packument
388
+ }
389
+ }
390
+ const mani = spec.range?.isSingle ?
391
+ await this.#registryManifestRequest(spec, options)
392
+ : pickManifest(await this.packument(f, options), spec, options);
393
+ if (!mani)
394
+ throw this.#resolveError(spec, options);
395
+ const { integrity, tarball } = mani.dist ?? /* c8 ignore next */ {};
396
+ if (isIntegrity(integrity) && tarball) {
397
+ const registryOrigin = new URL(String(f.registry)).origin;
398
+ const tgzOrigin = new URL(tarball).origin;
399
+ // if it comes from the same origin, trust the integrity
400
+ if (tgzOrigin === registryOrigin) {
401
+ this.#trustedIntegrities.set(tarball, integrity);
402
+ }
403
+ }
404
+ // Cache the manifest data
405
+ if (cachePath) {
406
+ const json = JSON.stringify({
407
+ ...mani,
408
+ // append a timestamp to the manifest so that we can quickly
409
+ // check if the cache is still valid when loading it
410
+ __VLT_MANIFEST_CACHE_TIMESTAMP: Date.now(),
411
+ });
412
+ void writeFile(cachePath, json, 'utf8').catch((err) => {
413
+ // in case the cache directory doesn't exist
414
+ // just create it and retry
415
+ if (err instanceof Error &&
416
+ 'code' in err &&
417
+ err.code === 'ENOENT') {
418
+ void mkdir(dirname(cachePath), {
419
+ recursive: true,
420
+ }).then(() => {
421
+ void writeFile(cachePath, json, 'utf8');
422
+ });
423
+ }
424
+ });
425
+ }
426
+ return mani;
427
+ }
428
+ case 'git': {
429
+ const { gitRemote, gitCommittish, remoteURL, gitSelectorParsed, } = f;
430
+ if (!remoteURL) {
431
+ const s = spec;
432
+ if (!gitRemote)
433
+ throw this.#resolveError(spec, options, 'no git remote');
434
+ return await this.#tmpdir(async (dir) => {
435
+ await clone(gitRemote, gitCommittish, dir, { spec: s });
436
+ const { path } = gitSelectorParsed ?? {};
437
+ const pkgDir = path !== undefined ? pathResolve(dir, path) : dir;
438
+ return this.packageJson.read(pkgDir);
439
+ });
440
+ }
441
+ // fallthrough to remote
442
+ }
443
+ case 'remote': {
444
+ const { remoteURL } = f;
445
+ if (!remoteURL) {
446
+ throw this.#resolveError(spec, options, 'no remoteURL on remote specifier');
447
+ }
448
+ const s = spec;
449
+ return await this.#tmpdir(async (dir) => {
450
+ const response = await this.registryClient.request(remoteURL);
451
+ if (response.statusCode !== 200) {
452
+ throw this.#resolveError(s, options, 'failed to fetch URL', { response, url: remoteURL });
453
+ }
454
+ const buf = response.buffer();
455
+ // Compute integrity for remote/git-with-tarball deps
456
+ const computed = ssri
457
+ .fromData(buf, { algorithms: ['sha512'] })
458
+ .toString();
459
+ try {
460
+ await this.tarPool.unpack(buf, dir);
461
+ }
462
+ catch (er) {
463
+ throw this.#resolveError(s, options, 'tar unpack failed', { cause: er });
464
+ }
465
+ // return manifest with computed integrity
466
+ const mani = this.packageJson.read(dir);
467
+ mani.dist = { integrity: computed };
468
+ return mani;
469
+ });
470
+ }
471
+ case 'file': {
472
+ const { file } = f;
473
+ if (file === undefined)
474
+ throw this.#resolveError(spec, options, 'no file path');
475
+ const path = pathResolve(from, file);
476
+ const st = await stat(path);
477
+ if (st.isDirectory()) {
478
+ return this.packageJson.read(path);
479
+ }
480
+ const s = spec;
481
+ return await this.#tmpdir(async (dir) => {
482
+ try {
483
+ await this.tarPool.unpack(await readFile(path), dir);
484
+ }
485
+ catch (er) {
486
+ throw this.#resolveError(s, options, 'tar unpack failed', { cause: er });
487
+ }
488
+ return this.packageJson.read(dir);
489
+ });
490
+ }
491
+ case 'workspace': {
492
+ return this.#getWS(spec, options).manifest;
493
+ }
494
+ }
495
+ }
496
+ async packument(spec, options = {}) {
497
+ if (typeof spec === 'string')
498
+ spec = Spec.parse(spec, this.options);
499
+ const f = spec.final;
500
+ switch (f.type) {
501
+ // RevDoc is the equivalent of a packument for a git repo
502
+ case 'git': {
503
+ const { gitRemote } = f;
504
+ if (!gitRemote) {
505
+ throw this.#resolveError(spec, options, 'git remote could not be determined');
506
+ }
507
+ const revDoc = await revs(gitRemote, {
508
+ cwd: this.options.projectRoot,
509
+ });
510
+ if (!revDoc)
511
+ throw this.#resolveError(spec, options);
512
+ return asPackument(revDoc);
513
+ }
514
+ // these are all faked packuments
515
+ case 'file':
516
+ case 'workspace':
517
+ case 'remote': {
518
+ const manifest = await this.manifest(f, options);
519
+ return {
520
+ name: manifest.name ?? '',
521
+ 'dist-tags': {
522
+ latest: manifest.version ?? '',
523
+ },
524
+ versions: {
525
+ [manifest.version ?? '']: manifest,
526
+ },
527
+ };
528
+ }
529
+ case 'registry': {
530
+ const { registry, name } = f;
531
+ const pakuURL = new URL(name, registry);
532
+ const response = await this.registryClient.request(pakuURL, {
533
+ headers: {
534
+ accept: 'application/json',
535
+ },
536
+ });
537
+ if (response.statusCode !== 200) {
538
+ throw this.#resolveError(spec, options, 'failed to fetch packument', {
539
+ url: pakuURL,
540
+ response,
541
+ });
542
+ }
543
+ return response.json();
544
+ }
545
+ }
546
+ }
547
+ async resolve(spec, options = {}) {
548
+ const memoKey = String(spec);
549
+ if (typeof spec === 'string')
550
+ spec = Spec.parse(spec, this.options);
551
+ const memo = this.#resolutions.get(memoKey);
552
+ if (memo)
553
+ return memo;
554
+ const f = spec.final;
555
+ switch (f.type) {
556
+ case 'file': {
557
+ const { file } = f;
558
+ if (!file || !f.file) {
559
+ throw this.#resolveError(spec, options, 'no path on file: specifier');
560
+ }
561
+ const { from = this.#projectRoot } = options;
562
+ const resolved = pathResolve(from, f.file);
563
+ const r = { resolved, spec };
564
+ this.#resolutions.set(memoKey, r);
565
+ return r;
566
+ }
567
+ case 'remote': {
568
+ const { remoteURL } = f;
569
+ if (!remoteURL)
570
+ throw this.#resolveError(spec, options, 'no URL in remote specifier');
571
+ const r = { resolved: remoteURL, spec };
572
+ this.#resolutions.set(memoKey, r);
573
+ return r;
574
+ }
575
+ case 'workspace': {
576
+ const ws = this.#getWS(spec, options);
577
+ return {
578
+ resolved: ws.fullpath,
579
+ spec,
580
+ };
581
+ }
582
+ case 'registry': {
583
+ const mani = await this.manifest(spec, options);
584
+ if (mani.dist) {
585
+ const { integrity, tarball, signatures } = mani.dist;
586
+ if (tarball) {
587
+ const r = {
588
+ resolved: tarball,
589
+ integrity,
590
+ signatures,
591
+ spec,
592
+ };
593
+ this.#resolutions.set(memoKey, r);
594
+ return r;
595
+ }
596
+ }
597
+ throw this.#resolveError(spec, options);
598
+ }
599
+ case 'git': {
600
+ const { gitRemote, remoteURL, gitSelectorParsed } = f;
601
+ if (remoteURL && gitSelectorParsed?.path === undefined) {
602
+ // known git host with a tarball download endpoint
603
+ const r = { resolved: remoteURL, spec };
604
+ this.#resolutions.set(memoKey, r);
605
+ return r;
606
+ }
607
+ if (!gitRemote) {
608
+ throw this.#resolveError(spec, options, 'no remote on git specifier');
609
+ }
610
+ const rev = await gitResolve(gitRemote, f.gitCommittish, {
611
+ spec,
612
+ });
613
+ if (rev) {
614
+ const r = {
615
+ resolved: `${gitRemote}#${rev.sha}`,
616
+ spec,
617
+ };
618
+ if (gitSelectorParsed) {
619
+ r.resolved += Object.entries(gitSelectorParsed)
620
+ .filter(([_, v]) => v)
621
+ .map(([k, v]) => `::${k}:${v}`)
622
+ .join('');
623
+ }
624
+ this.#resolutions.set(memoKey, r);
625
+ return r;
626
+ }
627
+ // have to actually clone somewhere
628
+ const s = spec;
629
+ return this.#tmpdir(async (tmpdir) => {
630
+ const sha = await clone(gitRemote, s.gitCommittish, tmpdir, {
631
+ spec: s,
632
+ });
633
+ const r = {
634
+ resolved: `${gitRemote}#${sha}`,
635
+ spec: s,
636
+ };
637
+ this.#resolutions.set(memoKey, r);
638
+ return r;
639
+ });
640
+ }
641
+ }
642
+ }
643
+ async #tmpdir(fn) {
644
+ const p = `package-info/${randomBytes(6).toString('hex')}`;
645
+ const dir = xdg.runtime(p);
646
+ try {
647
+ return await fn(dir);
648
+ }
649
+ finally {
650
+ // intentionally do not await
651
+ void rm(dir, { recursive: true, force: true });
652
+ }
653
+ }
654
+ // error resolving
655
+ #resolveError(spec, options = {}, message = 'Could not resolve', extra = {}) {
656
+ const { from = this.#projectRoot } = options;
657
+ const er = error(message, {
658
+ code: 'ERESOLVE',
659
+ spec,
660
+ from,
661
+ ...extra,
662
+ }, this.#resolveError);
663
+ return er;
664
+ }
665
+ }
package/dist/rename.d.ts ADDED
@@ -0,0 +1,2 @@
1
+ import { rename as fsRename } from 'node:fs/promises';
2
+ export declare const rename: typeof fsRename;
package/dist/rename.js ADDED
@@ -0,0 +1,31 @@
1
+ /**
2
+ * On posix systems, rename is atomic and will clobber anything in its way
3
+ * However, on Windows, it can fail with the rather unhelpful EPERM error if
4
+ * the target directory is not removed in time or is currently in use.
5
+ *
6
+ * While true atomic semantics is not available on Windows in this case, we can
7
+ * at least implement the posix overwrite semantics by explicitly removing the
8
+ * target when this error occurs.
9
+ *
10
+ * This is only relevant when renaming *directories*, since files will
11
+ * generally not raise problems. When/if we rename directories outside of
12
+ * package-info, this can be moved to its own shared module.
13
+ * @module
14
+ */
15
+ const { platform } = process;
16
+ import { rename as fsRename, rm } from 'node:fs/promises';
17
+ export const rename = platform !== 'win32' ? fsRename : (async function (oldPath, newPath) {
18
+ let retries = 3;
19
+ const retry = async (er) => {
20
+ if (retries > 0 &&
21
+ er.code === 'EPERM') {
22
+ retries--;
23
+ await rm(newPath, { recursive: true, force: true });
24
+ return fsRename(oldPath, newPath).then(() => { }, retry);
25
+ }
26
+ else {
27
+ throw er;
28
+ }
29
+ };
30
+ return fsRename(oldPath, newPath).then(() => { }, retry);
31
+ });
package/package.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "@vltpkg/package-info",
3
3
  "description": "Resolve and fetch package metadata and tarballs",
4
- "version": "1.0.0-rc.23",
4
+ "version": "1.0.0-rc.24",
5
5
  "repository": {
6
6
  "type": "git",
7
7
  "url": "git+https://github.com/vltpkg/vltpkg.git",
@@ -12,16 +12,16 @@
12
12
  "email": "support@vlt.sh"
13
13
  },
14
14
  "dependencies": {
15
- "@vltpkg/error-cause": "1.0.0-rc.23",
16
- "@vltpkg/git": "1.0.0-rc.23",
17
- "@vltpkg/package-json": "1.0.0-rc.23",
18
- "@vltpkg/pick-manifest": "1.0.0-rc.23",
19
- "@vltpkg/registry-client": "1.0.0-rc.23",
20
- "@vltpkg/spec": "1.0.0-rc.23",
21
- "@vltpkg/tar": "1.0.0-rc.23",
22
- "@vltpkg/types": "1.0.0-rc.23",
23
- "@vltpkg/workspaces": "1.0.0-rc.23",
24
- "@vltpkg/xdg": "1.0.0-rc.23",
15
+ "@vltpkg/error-cause": "1.0.0-rc.24",
16
+ "@vltpkg/git": "1.0.0-rc.24",
17
+ "@vltpkg/package-json": "1.0.0-rc.24",
18
+ "@vltpkg/pick-manifest": "1.0.0-rc.24",
19
+ "@vltpkg/registry-client": "1.0.0-rc.24",
20
+ "@vltpkg/spec": "1.0.0-rc.24",
21
+ "@vltpkg/tar": "1.0.0-rc.24",
22
+ "@vltpkg/types": "1.0.0-rc.24",
23
+ "@vltpkg/workspaces": "1.0.0-rc.24",
24
+ "@vltpkg/xdg": "1.0.0-rc.24",
25
25
  "ssri": "^13.0.0",
26
26
  "tar": "^7.5.2"
27
27
  },
@@ -30,8 +30,8 @@
30
30
  "@types/node": "^22.19.2",
31
31
  "@types/pacote": "^11.1.8",
32
32
  "@vltpkg/benchmark": "0.0.0",
33
- "@vltpkg/cache-unzip": "1.0.0-rc.23",
34
- "@vltpkg/vlt-json": "1.0.0-rc.23",
33
+ "@vltpkg/cache-unzip": "1.0.0-rc.24",
34
+ "@vltpkg/vlt-json": "1.0.0-rc.24",
35
35
  "eslint": "^9.39.1",
36
36
  "pacote": "^21.0.4",
37
37
  "prettier": "^3.7.4",