@vltpkg/registry-client 0.0.0-2 → 0.0.0-20

package/README.md

@@ -2,76 +2,73 @@
 
 # @vltpkg/registry-client
 
-This is a very light wrapper around undici, optimized for interfacing with an npm registry.
+This is a very light wrapper around undici, optimized for interfacing
+with an npm registry.
 
-**[Cache Unzipped](#cache-unzipped)**
-·
-**[Integrity Options](#integrity-options)**
-·
-**[Usage](#usage)**
+**[Cache Unzipped](#cache-unzipped)** ·
+**[Integrity Options](#integrity-options)** · **[Usage](#usage)**
 
 ## Overview
 
-Any response with `immutable` in the `cache-control` header, or with a `content-type` of `application/octet-stream` or a path ending in `.tgz`, will be cached forever and never requested again as long as the cache survives.
+Any response with `immutable` in the `cache-control` header, or with a
+`content-type` of `application/octet-stream` or a path ending in
+`.tgz`, will be cached forever and never requested again as long as
+the cache survives.
 
 If the request has a cached response:
 
-- Cached responses with `immutable` in the `cache-control`
-  header will be returned from cache without a network request,
-  no matter what.
-- Cached responses with a `content-type` of
-  `application/octet-stream` will be returned from cache without
-  a network request, no matter what, because tarballs are
-  immutable.
+- Cached responses with `immutable` in the `cache-control` header will
+  be returned from cache without a network request, no matter what.
+- Cached responses with a `content-type` of `application/octet-stream`
+  will be returned from cache without a network request, no matter
+  what, because tarballs are immutable.
 - Cached responses with `max-age=<n>` or `s-max-age=<n>` will be
-  served from cache without a network request if it's less than
-  `<n>` seconds old.
+  served from cache without a network request if it's less than `<n>`
+  seconds old.
 - Otherwise, a network request to the registry will be made
-  - if an `etag` is present in the cached response, it will be
-    used as the `if-none-match` header.
-  - If a `last-modified` header is in the response, that will
-    be used as the `if-modified-since` request header.
-  - If there is no `last-modified` header, then use the `mtime`
-    of the cache file as the `if-modified-since` header.
+  - if an `etag` is present in the cached response, it will be used as
+    the `if-none-match` header.
+  - If a `last-modified` header is in the response, that will be used
+    as the `if-modified-since` request header.
+  - If there is no `last-modified` header, then use the `mtime` of the
+    cache file as the `if-modified-since` header.
 
 This is the extent of the cache control logic. It is not a
-full-featured spec-compliant caching HTTP client, because that is
-not needed for this use case. Every response will be cached, even
-if the registry headers don't technically allow it.
+full-featured spec-compliant caching HTTP client, because that is not
+needed for this use case. Every response will be cached, even if the
+registry headers don't technically allow it.
 
 ## Cache Unzipped
 
-Client always sends `accept-encoding: gzip;q=1.0, *;q=0.5`
-header when making requests, to save time on the wire.
+Client always sends `accept-encoding: gzip;q=1.0, *;q=0.5` header when
+making requests, to save time on the wire.
 
-If response has `content-encoding: gzip`, then we swap out the
-body for the unzipped response body in the cache, as if it was
-not gzipped in the first place. This _must_ be done before
-returning the response, because you can't `JSON.parse()` a
-gzipped response anyway.
+If response has `content-encoding: gzip`, then we swap out the body
+for the unzipped response body in the cache, as if it was not gzipped
+in the first place. This _must_ be done before returning the response,
+because you can't `JSON.parse()` a gzipped response anyway.
 
-If the response is `content-type: application/octet-stream` and
-starts with the gzip header, then we return the raw body as we
-received it, but as a best-effort background job, unzip it and
-update the cache entry to be an unzipped response body. This is
-done in the `@vltpkg/cache-unzip` worker.
+If the response is `content-type: application/octet-stream` and starts
+with the gzip header, then we return the raw body as we received it,
+but as a best-effort background job, unzip it and update the cache
+entry to be an unzipped response body. This is done in the
+`@vltpkg/cache-unzip` worker.
 
 So,
 
-- json responses will always be un-zipped, in the response and in
-  the cache.
-- artifact responses _may_ be gzipped (and thus, have to be
-  unzipped by the unpack operation), but will eventually be
-  cached as unzipped tarballs.
+- json responses will always be un-zipped, in the response and in the
+  cache.
+- artifact responses _may_ be gzipped (and thus, have to be unzipped
+  by the unpack operation), but will eventually be cached as unzipped
+  tarballs.
 
-Thus, the `content-length` response header will _usually_ not
-match the actual byte length of the response body.
+Thus, the `content-length` response header will _usually_ not match
+the actual byte length of the response body.
 
 ## Integrity Options
 
-An `integrity` option may be specified in a
-`fetchOptions.context` object, or in the options provided to
-`cache.set()`. For example:
+An `integrity` option may be specified in a `fetchOptions.context`
+object, or in the options provided to `cache.set()`. For example:
 
 ```js
 const integrity = `sha512-${base64hash}`
@@ -86,16 +83,16 @@ cache.set(key, value, { integrity })
 const value = await cache.fetch(key, { context: { integrity } })
 ```
 
-If the integrity provided is obviously not a valid sha512
-`Integrity` string, then it is ignored.
+If the integrity provided is obviously not a valid sha512 `Integrity`
+string, then it is ignored.
 
-Integrity values are not calculated or verified. The caller must do this
-check, if desired.
+Integrity values are not calculated or verified. The caller must do
+this check, if desired.
 
 Note that the integrity provided to `cache.fetch()` or `cache.set()`
 does _not_ typically match the calculated integrity of the object
-being cached. Typically, the integrity is related to the body of
-the response that a `@vltpkg/registry-client.CacheEntry` object
+being cached. Typically, the integrity is related to the body of the
+response that a `@vltpkg/registry-client.CacheEntry` object
 represents.
 
 ## Usage

package/dist/esm/cache-entry.d.ts

@@ -1,31 +1,76 @@
+import type { ErrorCauseOptions } from '@vltpkg/error-cause';
 import type { Integrity, JSONField } from '@vltpkg/types';
-import type { InspectOptions } from 'util';
+import ccp from 'cache-control-parser';
+import type { InspectOptions } from 'node:util';
 export type JSONObj = Record<string, JSONField>;
 declare const kCustomInspect: unique symbol;
+export type CacheEntryOptions = {
+    /**
+     * The expected integrity value for this response body
+     */
+    integrity?: Integrity;
+    /**
+     * Whether to trust the integrity, or calculate the actual value.
+     *
+     * This indicates that we just accept whatever the integrity is as the actual
+     * integrity for saving back to the cache, because it's coming directly from
+     * the registry that we fetched a packument from, and is an initial gzipped
+     * artifact request.
+     */
+    trustIntegrity?: boolean;
+    /**
+     * If the server does not serve a `stale-while-revalidate` value in the
+     * `cache-control` header, then this multiplier is applied to the `max-age`
+     * or `s-maxage` values.
+     *
+     * By default, this is `60`, so for example a response that is cacheable for
+     * 5 minutes will allow a stale response while revalidating for up to 5
+     * hours.
+     *
+     * If the server *does* provide a `stale-while-revalidate` value, then that
+     * is always used.
+     *
+     * Set to 0 to prevent any `stale-while-revalidate` behavior unless
+     * explicitly allowed by the server's `cache-control` header.
+     */
+    'stale-while-revalidate-factor'?: number;
+};
 export declare class CacheEntry {
     #private;
-    constructor(statusCode: number, headers: Buffer[], integrity?: Integrity);
+    constructor(statusCode: number, headers: Buffer[], { integrity, trustIntegrity, 'stale-while-revalidate-factor': staleWhileRevalidateFactor, }?: CacheEntryOptions);
+    toJSON(): {
+        [k: string]: string | number | boolean | [string, string][] | Date | ccp.CacheControl | undefined;
+    };
     [kCustomInspect](depth: number, options: InspectOptions): string;
-    /**
-     * `true` if the entry represents a cached response that is still
-     * valid to use.
-     */
+    get date(): Date | undefined;
+    get maxAge(): number;
+    get cacheControl(): ccp.CacheControl;
+    get staleWhileRevalidate(): boolean;
+    get contentType(): string;
     get valid(): boolean;
     addBody(b: Buffer): void;
     get statusCode(): number;
     get headers(): Buffer<ArrayBufferLike>[];
     /**
-     * check that the sri integrity string that was provided to the ctor
+     * Check that the sri integrity string that was provided to the ctor
      * matches the body that we actually received. This should only be called
      * AFTER the entire body has been completely downloaded.
      *
+     * This method **will throw** if the integrity values do not match.
+     *
      * Note that this will *usually* not be true if the value is coming out of
      * the cache, because the cache entries are un-gzipped in place. It should
      * _only_ be called for artifacts that come from an actual http response.
+     *
+     * Returns true if anything was actually verified.
      */
-    checkIntegrity(): boolean;
+    checkIntegrity(context?: ErrorCauseOptions): this is CacheEntry & {
+        integrity: Integrity;
+    };
     get integrityActual(): Integrity;
-    get integrity(): `sha512-${string}` | undefined;
+    set integrityActual(i: Integrity);
+    set integrity(i: Integrity | undefined);
+    get integrity(): Integrity | undefined;
     /**
      * Give it a key, and it'll return the buffer of that header value
      */
@@ -62,6 +107,7 @@ export declare class CacheEntry {
      * the cached response.
      */
     static decode(buffer: Buffer): CacheEntry;
+    static isGzipEntry(buffer: Buffer): boolean;
     /**
      * Encode the entry as a single Buffer for writing to the cache
      */

package/dist/esm/cache-entry.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"cache-entry.d.ts","sourceRoot":"","sources":["../../src/cache-entry.ts"],"names":[],"mappings":"AAsBA,OAAO,KAAK,EAAE,SAAS,EAAE,SAAS,EAAE,MAAM,eAAe,CAAA;AAIzD,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,MAAM,CAAA;AAI1C,MAAM,MAAM,OAAO,GAAG,MAAM,CAAC,MAAM,EAAE,SAAS,CAAC,CAAA;AAyB/C,QAAA,MAAM,cAAc,eAA2C,CAAA;AAE/D,qBAAa,UAAU;;gBAUnB,UAAU,EAAE,MAAM,EAClB,OAAO,EAAE,MAAM,EAAE,EACjB,SAAS,CAAC,EAAE,SAAS;IAiBvB,CAAC,cAAc,CAAC,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,cAAc,GAAG,MAAM;IAehE;;;OAGG;IACH,IAAI,KAAK,IAAI,OAAO,CAsBnB;IAED,OAAO,CAAC,CAAC,EAAE,MAAM;IAKjB,IAAI,UAAU,WAEb;IACD,IAAI,OAAO,8BAEV;IAED;;;;;;;;OAQG;IACH,cAAc,IAAI,OAAO;IAIzB,IAAI,eAAe,IAAI,SAAS,CAM/B;IACD,IAAI,SAAS,mCAEZ;IAED;;OAEG;IACH,SAAS,CAAC,CAAC,EAAE,MAAM;IAInB;;OAEG;IACH,SAAS,CAAC,CAAC,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,MAAM;IAI3C;;OAEG;IACH,MAAM,IAAI,MAAM;IAWhB,IAAI,IAAI,IAAI,MAAM,GAAG,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAEvC;IAGD,IAAI,MAAM,IAAI,OAAO,CAYpB;IAGD,IAAI,MAAM,IAAI,OAAO,CAcpB;IAED;;;;OAIG;IACH,KAAK;IAmBL;;;OAGG;IACH,IAAI;IAKJ;;OAEG;IACH,IAAI,IAAI,OAAO;IAOf;;;;OAIG;IACH,MAAM,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,UAAU;IAiCzC;;OAEG;IAGH,MAAM,IAAI,MAAM;CAoCjB"}
+{"version":3,"file":"cache-entry.d.ts","sourceRoot":"","sources":["../../src/cache-entry.ts"],"names":[],"mappings":"AAqBA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,qBAAqB,CAAA;AAE5D,OAAO,KAAK,EAAE,SAAS,EAAE,SAAS,EAAE,MAAM,eAAe,CAAA;AACzD,OAAO,GAAG,MAAM,sBAAsB,CAAA;AAEtC,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,WAAW,CAAA;AAK/C,MAAM,MAAM,OAAO,GAAG,MAAM,CAAC,MAAM,EAAE,SAAS,CAAC,CAAA;AAyB/C,QAAA,MAAM,cAAc,eAA2C,CAAA;AAE/D,MAAM,MAAM,iBAAiB,GAAG;IAC9B;;OAEG;IACH,SAAS,CAAC,EAAE,SAAS,CAAA;IACrB;;;;;;;OAOG;IACH,cAAc,CAAC,EAAE,OAAO,CAAA;IAExB;;;;;;;;;;;;;;OAcG;IACH,+BAA+B,CAAC,EAAE,MAAM,CAAA;CACzC,CAAA;AAED,qBAAa,UAAU;;gBAYnB,UAAU,EAAE,MAAM,EAClB,OAAO,EAAE,MAAM,EAAE,EACjB,EACE,SAAS,EACT,cAAsB,EACtB,+BAA+B,EAC7B,0BAA+B,GAClC,GAAE,iBAAsB;IAmB3B,MAAM;;;IAwCN,CAAC,cAAc,CAAC,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,cAAc,GAAG,MAAM;IAShE,IAAI,IAAI,IAAI,IAAI,GAAG,SAAS,CAK3B;IAGD,IAAI,MAAM,IAAI,MAAM,CAQnB;IAGD,IAAI,YAAY,IAAI,GAAG,CAAC,YAAY,CAKnC;IAGD,IAAI,oBAAoB,IAAI,OAAO,CAWlC;IAGD,IAAI,WAAW,WAKd;IAOD,IAAI,KAAK,IAAI,OAAO,CAmBnB;IAED,OAAO,CAAC,CAAC,EAAE,MAAM;IAKjB,IAAI,UAAU,WAEb;IACD,IAAI,OAAO,8BAEV;IAED;;;;;;;;;;;;OAYG;IACH,cAAc,CACZ,OAAO,GAAE,iBAAsB,GAC9B,IAAI,IAAI,UAAU,GAAG;QAAE,SAAS,EAAE,SAAS,CAAA;KAAE;IAchD,IAAI,eAAe,IAAI,SAAS,CAO/B;IAED,IAAI,eAAe,CAAC,CAAC,EAAE,SAAS,EAG/B;IAED,IAAI,SAAS,CAAC,CAAC,EAAE,SAAS,GAAG,SAAS,EAKrC;IACD,IAAI,SAAS,IANI,SAAS,GAAG,SAAS,CAQrC;IAED;;OAEG;IACH,SAAS,CAAC,CAAC,EAAE,MAAM;IAInB;;OAEG;IACH,SAAS,CAAC,CAAC,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,MAAM;IAI3C;;OAEG;IACH,MAAM,IAAI,MAAM;IAWhB,IAAI,IAAI,IAAI,MAAM,GAAG,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAEvC;IAGD,IAAI,MAAM,IAAI,OAAO,CAYpB;IAGD,IAAI,MAAM,IAAI,OAAO,CAcpB;IAED;;;;OAIG;IACH,KAAK;IAmBL;;;OAGG;IACH,IAAI;IAKJ;;OAEG;IACH,IAAI,IAAI,OAAO;IAQf;;;;OAIG;IACH,MAAM,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,UAAU;IAsDzC,MAAM,CAAC,WAAW,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO;IAO3C;;OAEG;IAGH,MAAM,IAAI,MAAM;CAmCjB"}

package/dist/esm/cache-entry.js

@@ -20,9 +20,9 @@
 // of the file.
 import { error } from '@vltpkg/error-cause';
 import ccp from 'cache-control-parser';
-import { createHash } from 'crypto';
-import { inspect } from 'util';
-import { gunzipSync } from 'zlib';
+import { createHash } from 'node:crypto';
+import { inspect } from 'node:util';
+import { gunzipSync } from 'node:zlib';
 import { getRawHeader, setRawHeader } from "./raw-header.js";
 const readSize = (buf, offset) => {
     const a = buf[offset];
@@ -51,10 +51,15 @@ export class CacheEntry {
     #integrity;
     #integrityActual;
     #json;
-    constructor(statusCode, headers, integrity) {
-        this.#integrity = integrity;
-        this.#statusCode = statusCode;
+    #trustIntegrity;
+    #staleWhileRevalidateFactor;
+    constructor(statusCode, headers, { integrity, trustIntegrity = false, 'stale-while-revalidate-factor': staleWhileRevalidateFactor = 60, } = {}) {
         this.#headers = headers;
+        this.#statusCode = statusCode;
+        this.#trustIntegrity = trustIntegrity;
+        this.#staleWhileRevalidateFactor = staleWhileRevalidateFactor;
+        if (integrity)
+            this.integrity = integrity;
     }
     get #headersAsObject() {
         const ret = [];
@@ -65,42 +70,110 @@ export class CacheEntry {
         }
         return ret;
     }
-    [kCustomInspect](depth, options) {
-        const str = inspect({
-            statusCode: this.statusCode,
+    toJSON() {
+        const { statusCode, valid, staleWhileRevalidate, cacheControl, date, contentType, integrity, maxAge, isGzip, isJSON, } = this;
+        /* c8 ignore start */
+        const age = date ?
+            Math.floor((Date.now() - date.getTime()) / 1000)
+            : undefined;
+        const expires = date ? new Date(date.getTime() + this.maxAge * 1000) : undefined;
+        /* c8 ignore end */
+        return Object.fromEntries(Object.entries({
+            statusCode,
             headers: this.#headersAsObject,
-            text: this.text(),
-        }, {
+            contentType,
+            integrity,
+            date,
+            expires,
+            cacheControl,
+            valid,
+            staleWhileRevalidate,
+            age,
+            maxAge,
+            isGzip,
+            isJSON,
+        }).filter(([_, v]) => v !== undefined));
+    }
+    [kCustomInspect](depth, options) {
+        const str = inspect(this.toJSON(), {
             depth,
             ...options,
         });
         return `@vltpkg/registry-client.CacheEntry ${str}`;
     }
+    #date;
+    get date() {
+        if (this.#date)
+            return this.#date;
+        const dh = this.getHeader('date')?.toString();
+        if (dh)
+            this.#date = new Date(dh);
+        return this.#date;
+    }
+    #maxAge;
+    get maxAge() {
+        if (this.#maxAge !== undefined)
+            return this.#maxAge;
+        // see if the max-age has not yet been crossed
+        // default to 5m if maxage is not set, as some registries
+        // do not set a cache control header at all.
+        const cc = this.cacheControl;
+        this.#maxAge = cc['max-age'] || cc['s-maxage'] || 300;
+        return this.#maxAge;
+    }
+    #cacheControl;
+    get cacheControl() {
+        if (this.#cacheControl)
+            return this.#cacheControl;
+        const cc = this.getHeader('cache-control')?.toString();
+        this.#cacheControl = cc ? ccp.parse(cc) : {};
+        return this.#cacheControl;
+    }
+    #staleWhileRevalidate;
+    get staleWhileRevalidate() {
+        if (this.#staleWhileRevalidate !== undefined)
+            return this.#staleWhileRevalidate;
+        if (this.valid || !this.date)
+            return true;
+        const swv = this.cacheControl['stale-while-revalidate'] ??
+            this.maxAge * this.#staleWhileRevalidateFactor;
+        this.#staleWhileRevalidate =
+            this.date.getTime() + swv * 1000 > Date.now();
+        return this.#staleWhileRevalidate;
+    }
+    #contentType;
+    get contentType() {
+        if (this.#contentType !== undefined)
+            return this.#contentType;
+        this.#contentType =
+            this.getHeader('content-type')?.toString() ?? '';
+        return this.#contentType;
+    }
     /**
      * `true` if the entry represents a cached response that is still
      * valid to use.
      */
+    #valid;
     get valid() {
-        const cc_ = this.getHeader('cache-control')?.toString();
-        const cc = cc_ ? ccp.parse(cc_) : {};
-        const ct = this.getHeader('content-type')?.toString() ?? '';
-        const dh = this.getHeader('date')?.toString();
+        if (this.#valid !== undefined)
+            return this.#valid;
         // immutable = never changes
-        if (cc.immutable)
-            return true;
+        if (this.cacheControl.immutable)
+            return (this.#valid = true);
         // some registries do text/json, some do application/json,
         // some do application/vnd.npm.install-v1+json
         // If it's NOT json, it's an immutable tarball
-        if (ct !== '' && !/\bjson\b/.test(ct))
-            return true;
+        const ct = this.contentType;
+        if (ct && !/\bjson\b/.test(ct))
+            return (this.#valid = true);
         // see if the max-age has not yet been crossed
         // default to 5m if maxage is not set, as some registries
         // do not set a cache control header at all.
-        const ma = cc['max-age'] || cc['s-maxage'] || 300;
-        if (ma && dh) {
-            return Date.parse(dh) + ma * 1000 > Date.now();
-        }
-        return false;
+        if (!this.date)
+            return (this.#valid = false);
+        this.#valid =
+            this.date.getTime() + this.maxAge * 1000 > Date.now();
+        return this.#valid;
     }
     addBody(b) {
         this.#body.push(b);
@@ -113,18 +186,31 @@ export class CacheEntry {
         return this.#headers;
     }
     /**
-     * check that the sri integrity string that was provided to the ctor
+     * Check that the sri integrity string that was provided to the ctor
      * matches the body that we actually received. This should only be called
      * AFTER the entire body has been completely downloaded.
      *
+     * This method **will throw** if the integrity values do not match.
+     *
      * Note that this will *usually* not be true if the value is coming out of
      * the cache, because the cache entries are un-gzipped in place. It should
      * _only_ be called for artifacts that come from an actual http response.
+     *
+     * Returns true if anything was actually verified.
      */
-    checkIntegrity() {
+    checkIntegrity(context = {}) {
         if (!this.#integrity)
             return false;
-        return this.integrityActual === this.#integrity;
+        if (this.integrityActual !== this.#integrity) {
+            throw error('Integrity check failure', {
+                code: 'EINTEGRITY',
+                response: this,
+                wanted: this.#integrity,
+                found: this.integrityActual,
+                ...context,
+            });
+        }
+        return true;
     }
     get integrityActual() {
         if (this.#integrityActual)
@@ -132,8 +218,20 @@ export class CacheEntry {
         const hash = createHash('sha512');
         for (const buf of this.#body)
             hash.update(buf);
-        this.#integrityActual = `sha512-${hash.digest('base64')}`;
-        return this.#integrityActual;
+        const i = `sha512-${hash.digest('base64')}`;
+        this.integrityActual = i;
+        return i;
+    }
+    set integrityActual(i) {
+        this.#integrityActual = i;
+        this.setHeader('integrity', i);
+    }
+    set integrity(i) {
+        if (!this.#integrity && i) {
+            this.#integrity = i;
+            if (this.#trustIntegrity)
+                this.integrityActual = i;
+        }
     }
     get integrity() {
         return this.#integrity;
@@ -243,7 +341,8 @@ export class CacheEntry {
     json() {
         if (this.#json !== undefined)
             return this.#json;
-        const obj = JSON.parse(this.text());
+        const text = this.text();
+        const obj = JSON.parse(text || '{}');
         this.#json = obj;
         return obj;
     }
@@ -254,44 +353,59 @@ export class CacheEntry {
      */
     static decode(buffer) {
         if (buffer.length < 4) {
-            return new CacheEntry(0, []);
+            return emptyCacheEntry;
         }
         const headSize = readSize(buffer, 0);
         if (buffer.length < headSize) {
-            return new CacheEntry(0, []);
+            return emptyCacheEntry;
         }
         const statusCode = Number(buffer.subarray(4, 7).toString());
         const headersBuffer = buffer.subarray(7, headSize);
         // walk through the headers array, building up the rawHeaders Buffer[]
         const headers = [];
         let i = 0;
+        let integrity = undefined;
         while (i < headersBuffer.length - 4) {
             const size = readSize(headersBuffer, i);
-            headers.push(headersBuffer.subarray(i + 4, i + size));
+            const val = headersBuffer.subarray(i + 4, i + size);
+            // if the last one was the key integrity, then this one is the value
+            if (headers.length % 2 === 1 &&
+                String(headers[headers.length - 1]) === 'integrity') {
+                integrity = String(val);
+            }
+            headers.push(val);
             i += size;
         }
-        const c = new CacheEntry(statusCode, headers);
         const body = buffer.subarray(headSize);
+        const c = new CacheEntry(statusCode, setRawHeader(headers, 'content-length', String(body.byteLength)), {
+            integrity,
+            trustIntegrity: true,
+        });
         c.#body = [body];
         c.#bodyLength = body.byteLength;
-        c.setHeader('content-length', String(c.#bodyLength));
         if (c.isJSON) {
             try {
                 c.json();
             }
             catch {
-                return new CacheEntry(0, []);
+                return emptyCacheEntry;
             }
         }
         return c;
     }
+    static isGzipEntry(buffer) {
+        if (buffer.length < 4)
+            return false;
+        const headSize = readSize(buffer, 0);
+        const gzipBytes = buffer.subarray(headSize, headSize + 2);
+        return gzipBytes[0] === 0x1f && gzipBytes[1] === 0x8b;
+    }
     /**
      * Encode the entry as a single Buffer for writing to the cache
      */
     // TODO: should this maybe not concat, and just return Buffer[]?
     // Then we can writev it to the cache file and save the memory copy
     encode() {
-        // store json results as a serialized object.
         if (this.isJSON)
             this.json();
         const sb = Buffer.from(String(this.#statusCode));
@@ -321,4 +435,5 @@ export class CacheEntry {
         return Buffer.concat(chunks, headLength + this.#bodyLength);
     }
 }
+const emptyCacheEntry = new CacheEntry(0, []);
 //# sourceMappingURL=cache-entry.js.map