com.jimuwd.xian.registry-proxy 1.0.129 → 1.0.131

package/README.MD

@@ -95,7 +95,6 @@ PROJECT_ROOT=$(find_project_root)
 
 # 定义锁文件和端口文件路径（固定在项目根目录）
 LOCK_FILE="$PROJECT_ROOT/.registry-proxy-install.lock"
-PORT_FILE="$PROJECT_ROOT/.registry-proxy-port"
 
 # 检查是否已经在运行（通过锁文件）
 if [ -f "$LOCK_FILE" ]; then
@@ -123,7 +122,8 @@ cleanup() {
 
   # 清理临时文件
   rm -f "$LOCK_FILE" 2>/dev/null
-  rm -f "$PORT_FILE" 2>/dev/null
+  # PORT_FILE端口临时文件是registry-proxy服务器管理的文件这里不负责清理，服务器退出时会自动清理
+  #rm -f "$PORT_FILE" 2>/dev/null
 
   # 停止代理服务器
   if [ -n "${PROXY_PID:-}" ]; then
@@ -134,6 +134,7 @@ cleanup() {
   fi
 
   # 切换到项目根目录
+  # shellcheck disable=SC2164
   cd "$PROJECT_ROOT"
 
   # 清理 npmRegistryServer 配置
@@ -148,16 +149,21 @@ cleanup() {
 trap 'cleanup 1' SIGINT SIGTERM EXIT  # 异常退出时调用 cleanup，退出码为 1
 
 # 切换到项目根目录
+# shellcheck disable=SC2164
 cd "$PROJECT_ROOT"
 
-# 使用 yarn dlx 直接运行 registry-proxy，放入后台运行
+# 使用 yarn dlx 直接运行 registry-proxy，可通过环境变量指定registry-proxy版本号，默认是latest，registry-proxy将会被放入后台运行，并在安装结束后自动退出。
 REGISTRY_PROXY_VERSION="${REGISTRY_PROXY_VERSION:-latest}"
 echo "Starting registry-proxy@$REGISTRY_PROXY_VERSION in the background (logs will be displayed below)..."
-yarn dlx com.jimuwd.xian.registry-proxy@"$REGISTRY_PROXY_VERSION" .registry-proxy.yml .yarnrc.yml ~/.yarnrc.yml &
+# 下载registry-proxy临时可执行程序并运行  因yarn可能会缓存tarball url的缘故（yarn.lock内<package>.resolution值），这里不得已只能写死本地代理端口地址，以便无论是从缓存获取tarball url还是从代理服务提供的元数据获取tarball url地址都能成功下载tarball文件
+# 但是注意 这个端口不能暴露到外部使用，只允许本地使用，避免不必要的安全隐患 事实上registry-proxy server也是只监听着::1本机端口的。
+yarn dlx com.jimuwd.xian.registry-proxy@"$REGISTRY_PROXY_VERSION" .registry-proxy.yml .yarnrc.yml ~/.yarnrc.yml 40061 &
 PROXY_PID=$!
 
 # 等待代理服务器启动并写入端口，最多 30 秒
 echo "Waiting for proxy server to start (up to 30 seconds)..."
+PORT_FILE="$PROJECT_ROOT/.registry-proxy-port"
+# shellcheck disable=SC2034
 for i in {1..300}; do  # 300 次循环，每次 0.1 秒，总共 30 秒
   if [ -f "$PORT_FILE" ]; then
     PROXY_PORT=$(cat "$PORT_FILE")
@@ -186,9 +192,9 @@ if [ -z "${PROXY_PORT:-}" ] || ! nc -z localhost "$PROXY_PORT" 2>/dev/null; then
   cleanup 1
 fi
 
-# 动态设置 npmRegistryServer 为代理地址
-yarn config set npmRegistryServer "http://localhost:$PROXY_PORT/"
-echo "Set npmRegistryServer to http://localhost:$PROXY_PORT/"
+# 动态设置 npmRegistryServer 为代理地址 注意：yarn对“localhost”域名不友好，请直接使用 [::1]
+yarn config set npmRegistryServer "http://[::1]:$PROXY_PORT"
+echo "Set npmRegistryServer to http://[::1]:$PROXY_PORT"
 
 # 使用动态代理端口运行 yarn install，并捕获错误
 if ! yarn install; then
@@ -421,10 +427,10 @@ This project provides a proxy server (`registry-proxy`) that allows Yarn to fetc
 
 - **Node.js**: Version 14 or higher.
 - **Yarn**: Version 1.x or 2.x.
-- **netcat (`nc`)**: Required for port availability checks in the install script. Install via:
+- **netcat (`nc`)**: Required for port availability checks in the installation script. Install via:
    - On macOS: `brew install netcat`
    - On Ubuntu: `sudo apt-get install netcat`
-- **Bash**: The install script requires a Bash-compatible shell.
+- **Bash**: The installation script requires a Bash-compatible shell.
 
 ## Setup
 
@@ -436,7 +442,7 @@ The proxy server is published to your private registry. Install it as a dependen
 yarn add com.jimuwd.xian.registry-proxy --registry https://repo.jimuwd.com/jimuwd/~npm/
 ```
 
-Alternatively, the install script uses `npx` to run the proxy server, so you don't need to install it explicitly.
+Alternatively, the installation script uses `npx` to run the proxy server, so you don't need to install it explicitly.
 
 ### 2. Configure Registries
 
@@ -495,7 +501,6 @@ PROJECT_ROOT=$(find_project_root)
 
 # 定义锁文件和端口文件路径（固定在项目根目录）
 LOCK_FILE="$PROJECT_ROOT/.registry-proxy-install.lock"
-PORT_FILE="$PROJECT_ROOT/.registry-proxy-port"
 
 # 检查是否已经在运行（通过锁文件）
 if [ -f "$LOCK_FILE" ]; then
@@ -523,7 +528,8 @@ cleanup() {
 
   # 清理临时文件
   rm -f "$LOCK_FILE" 2>/dev/null
-  rm -f "$PORT_FILE" 2>/dev/null
+  # PORT_FILE端口临时文件是registry-proxy服务器管理的文件这里不负责清理，服务器退出时会自动清理
+  #rm -f "$PORT_FILE" 2>/dev/null
 
   # 停止代理服务器
   if [ -n "${PROXY_PID:-}" ]; then
@@ -534,6 +540,7 @@ cleanup() {
   fi
 
   # 切换到项目根目录
+  # shellcheck disable=SC2164
   cd "$PROJECT_ROOT"
 
   # 清理 npmRegistryServer 配置
@@ -548,16 +555,21 @@ cleanup() {
 trap 'cleanup 1' SIGINT SIGTERM EXIT  # 异常退出时调用 cleanup，退出码为 1
 
 # 切换到项目根目录
+# shellcheck disable=SC2164
 cd "$PROJECT_ROOT"
 
-# 使用 yarn dlx 直接运行 registry-proxy，放入后台运行
+# 使用 yarn dlx 直接运行 registry-proxy，可通过环境变量指定registry-proxy版本号，默认是latest，registry-proxy将会被放入后台运行，并在安装结束后自动退出。
 REGISTRY_PROXY_VERSION="${REGISTRY_PROXY_VERSION:-latest}"
 echo "Starting registry-proxy@$REGISTRY_PROXY_VERSION in the background (logs will be displayed below)..."
-yarn dlx com.jimuwd.xian.registry-proxy@"$REGISTRY_PROXY_VERSION" .registry-proxy.yml .yarnrc.yml ~/.yarnrc.yml &
+# 下载registry-proxy临时可执行程序并运行  因yarn可能会缓存tarball url的缘故（yarn.lock内<package>.resolution值），这里不得已只能写死本地代理端口地址，以便无论是从缓存获取tarball url还是从代理服务提供的元数据获取tarball url地址都能成功下载tarball文件
+# 但是注意 这个端口不能暴露到外部使用，只允许本地使用，避免不必要的安全隐患 事实上registry-proxy server也是只监听着::1本机端口的。
+yarn dlx com.jimuwd.xian.registry-proxy@"$REGISTRY_PROXY_VERSION" .registry-proxy.yml .yarnrc.yml ~/.yarnrc.yml 40061 &
 PROXY_PID=$!
 
 # 等待代理服务器启动并写入端口，最多 30 秒
 echo "Waiting for proxy server to start (up to 30 seconds)..."
+PORT_FILE="$PROJECT_ROOT/.registry-proxy-port"
+# shellcheck disable=SC2034
 for i in {1..300}; do  # 300 次循环，每次 0.1 秒，总共 30 秒
   if [ -f "$PORT_FILE" ]; then
     PROXY_PORT=$(cat "$PORT_FILE")
@@ -586,9 +598,9 @@ if [ -z "${PROXY_PORT:-}" ] || ! nc -z localhost "$PROXY_PORT" 2>/dev/null; then
   cleanup 1
 fi
 
-# 动态设置 npmRegistryServer 为代理地址
-yarn config set npmRegistryServer "http://localhost:$PROXY_PORT/"
-echo "Set npmRegistryServer to http://localhost:$PROXY_PORT/"
+# 动态设置 npmRegistryServer 为代理地址 注意：yarn对“localhost”域名不友好，请直接使用 [::1]
+yarn config set npmRegistryServer "http://[::1]:$PROXY_PORT"
+echo "Set npmRegistryServer to http://[::1]:$PROXY_PORT"
 
 # 使用动态代理端口运行 yarn install，并捕获错误
 if ! yarn install; then

package/dist/client/yarn-install.d.ts

@@ -0,0 +1,2 @@
+#!/usr/bin/env -S node --no-warnings --loader ts-node/esm
+export {};

package/dist/client/yarn-install.js

@@ -0,0 +1,209 @@
+#!/usr/bin/env -S node --no-warnings --loader ts-node/esm
+// The above shebang allows direct execution with ts-node (install ts-node and typescript first)
+import fs from 'node:fs/promises';
+import path from 'node:path';
+import { execa } from 'execa';
+import net from 'node:net';
+import { fileURLToPath } from 'node:url';
+// Constants
+const REGISTRY_PROXY_VERSION = process.env.REGISTRY_PROXY_VERSION || 'latest';
+const LOCK_FILE_NAME = '.registry-proxy-install.lock';
+const PORT_FILE_NAME = '.registry-proxy-port';
+const MAX_WAIT_TIME_MS = 30000; // 30 seconds
+const CHECK_INTERVAL_MS = 100; // 0.1 seconds
+// Global state
+let proxyProcess = null;
+let cleanupHandlers = [];
+let signalHandlers = [];
+// Helper functions
+const __dirname = path.dirname(fileURLToPath(import.meta.url));
+async function findProjectRoot(startDir = process.cwd()) {
+    let dir = startDir;
+    while (dir !== '/') {
+        try {
+            await fs.access(path.join(dir, 'package.json'));
+            return dir;
+        }
+        catch {
+            dir = path.dirname(dir);
+        }
+    }
+    throw new Error('Could not find project root (package.json not found)');
+}
+async function isPortAvailable(port) {
+    return new Promise(resolve => {
+        const server = net.createServer();
+        server.unref();
+        server.on('error', () => resolve(false));
+        server.listen({ port }, () => {
+            server.close(() => resolve(true));
+        });
+    });
+}
+async function waitForFile(filePath, timeoutMs) {
+    const startTime = Date.now();
+    while (Date.now() - startTime < timeoutMs) {
+        try {
+            await fs.access(filePath);
+            return true;
+        }
+        catch {
+            await new Promise(r => setTimeout(r, CHECK_INTERVAL_MS));
+        }
+    }
+    return false;
+}
+async function readPortFile(filePath) {
+    const content = await fs.readFile(filePath, 'utf-8');
+    const port = parseInt(content.trim(), 10);
+    if (isNaN(port) || port < 1 || port > 65535) {
+        throw new Error(`Invalid port number in ${filePath}`);
+    }
+    return port;
+}
+async function checkPortListening(port) {
+    return new Promise(resolve => {
+        const socket = new net.Socket();
+        socket.on('error', () => resolve(false));
+        socket.on('connect', () => {
+            socket.destroy();
+            resolve(true);
+        });
+        socket.connect({ port, host: '::1' });
+    });
+}
+// Cleanup management
+async function cleanup(exitCode = 1) {
+    // Run all cleanup handlers in reverse order
+    for (const handler of [...cleanupHandlers].reverse()) {
+        try {
+            await handler(exitCode);
+        }
+        catch (err) {
+            console.error('Cleanup handler error:', err);
+        }
+    }
+    process.exit(exitCode);
+}
+function registerCleanup(handler) {
+    cleanupHandlers.push(handler);
+}
+function registerSignalHandler(handler) {
+    signalHandlers.push(handler);
+}
+// Main implementation
+async function main() {
+    try {
+        // Find project root
+        const PROJECT_ROOT = await findProjectRoot();
+        const LOCK_FILE = path.join(PROJECT_ROOT, LOCK_FILE_NAME);
+        const PORT_FILE = path.join(PROJECT_ROOT, PORT_FILE_NAME);
+        // Check for existing lock file
+        try {
+            await fs.access(LOCK_FILE);
+            console.log(`Custom install script is already running (lock file ${LOCK_FILE} exists).`);
+            console.log(`If this is unexpected, please remove ${LOCK_FILE} and try again.`);
+            return cleanup(0);
+        }
+        catch {
+        }
+        // Create lock file
+        await fs.writeFile(LOCK_FILE, process.pid.toString());
+        registerCleanup(async () => {
+            try {
+                await fs.unlink(LOCK_FILE);
+            }
+            catch {
+            }
+        });
+        // Change to project root
+        process.chdir(PROJECT_ROOT);
+        // Start registry proxy
+        console.log(`Starting registry-proxy@${REGISTRY_PROXY_VERSION} in the background...`);
+        proxyProcess = execa('yarn', [
+            'dlx',
+            `com.jimuwd.xian.registry-proxy@${REGISTRY_PROXY_VERSION}`,
+            '.registry-proxy.yml',
+            '.yarnrc.yml',
+            path.join(process.env.HOME || '', '.yarnrc.yml'),
+            '40061'
+        ], {
+            detached: true,
+            stdio: 'inherit'
+        });
+        registerCleanup(async (exitCode) => {
+            if (proxyProcess && !proxyProcess.killed) {
+                console.log('Stopping proxy server...');
+                try {
+                    proxyProcess.kill('SIGTERM');
+                    await proxyProcess;
+                }
+                catch {
+                    // Ignore errors
+                }
+                console.log('Proxy server stopped.');
+            }
+        });
+        // Wait for proxy to start
+        console.log('Waiting for proxy server to start (up to 30 seconds)...');
+        const fileExists = await waitForFile(PORT_FILE, MAX_WAIT_TIME_MS);
+        if (!fileExists) {
+            throw new Error(`Proxy server failed to create port file after ${MAX_WAIT_TIME_MS / 1000} seconds`);
+        }
+        const PROXY_PORT = await readPortFile(PORT_FILE);
+        const portAvailable = await isPortAvailable(PROXY_PORT);
+        if (!portAvailable) {
+            throw new Error(`Port ${PROXY_PORT} is already in use by another process`);
+        }
+        const isListening = await checkPortListening(PROXY_PORT);
+        if (!isListening) {
+            throw new Error(`Proxy server not listening on port ${PROXY_PORT}`);
+        }
+        console.log(`Proxy server is ready on port ${PROXY_PORT}!`);
+        // Configure yarn
+        await execa('yarn', ['config', 'set', 'npmRegistryServer', `http://[::1]:${PROXY_PORT}`]);
+        console.log(`Set npmRegistryServer to http://[::1]:${PROXY_PORT}`);
+        registerCleanup(async () => {
+            try {
+                await execa('yarn', ['config', 'unset', 'npmRegistryServer']);
+                console.log('Cleared npmRegistryServer configuration');
+            }
+            catch {
+            }
+        });
+        // Run yarn install
+        console.log('Running yarn install...');
+        try {
+            await execa('yarn', ['install'], { stdio: 'inherit' });
+        }
+        catch (err) {
+            throw new Error('yarn install failed');
+        }
+        // Success
+        await cleanup(0);
+    }
+    catch (err) {
+        console.error('Error:', err instanceof Error ? err.message : String(err));
+        await cleanup(1);
+    }
+}
+// Signal handling
+['SIGINT', 'SIGTERM', 'SIGHUP'].forEach(signal => {
+    process.on(signal, async () => {
+        console.log(`Received ${signal}, cleaning up...`);
+        for (const handler of signalHandlers) {
+            try {
+                await handler();
+            }
+            catch (err) {
+                console.error('Signal handler error:', err);
+            }
+        }
+        await cleanup(1);
+    });
+});
+// Start the program
+main().catch(err => {
+    console.error('Unhandled error:', err);
+    cleanup(1);
+});

package/dist/server/gracefullShutdown.d.ts

@@ -0,0 +1,10 @@
+/**
+ * 优雅退出
+ * 本函数是对process.exit的封装，同时执行资源释放动作，程序必须统一调用本方法退出，决不允许直接调用{@link process.exit}来退出。
+ */
+export declare function gracefulShutdown(): Promise<void>;
+/**
+ * 注册进程shutdown hook程序
+ * @note 本shutdown hook程序不支持KILL -9强制杀进程命令
+ */
+export declare function registerProcessShutdownHook(): void;

package/dist/server/gracefullShutdown.js

@@ -0,0 +1,36 @@
+import { deletePortFile } from "../port.js";
+import logger from "../utils/logger.js";
+/**
+ * 优雅退出
+ * 本函数是对process.exit的封装，同时执行资源释放动作，程序必须统一调用本方法退出，决不允许直接调用{@link process.exit}来退出。
+ */
+export async function gracefulShutdown() {
+    try {
+        logger.info('Shutdown...');
+        await deletePortFile();
+        logger.info('Shutdown completed.');
+        process.exit(0);
+    }
+    catch (err) {
+        logger.error('Failed to clean:', err);
+        process.exit(1);
+    }
+}
+/**
+ * 注册进程shutdown hook程序
+ * @note 本shutdown hook程序不支持KILL -9强制杀进程命令
+ */
+export function registerProcessShutdownHook() {
+    process.on('SIGINT', async () => {
+        logger.info('收到 SIGINT（Ctrl+C）');
+        await gracefulShutdown();
+    });
+    process.on('SIGTERM', async () => {
+        logger.info('收到 SIGTERM');
+        await gracefulShutdown();
+    });
+    process.on('uncaughtException', async (err) => {
+        logger.info('uncaughtException:', err);
+        await gracefulShutdown();
+    });
+}

package/dist/server/index.d.ts

@@ -0,0 +1,4 @@
+#!/usr/bin/env node
+import { Server as HttpServer } from 'node:http';
+import { Server as HttpsServer } from 'node:https';
+export declare function startProxyServer(proxyConfigPath?: string, localYarnConfigPath?: string, globalYarnConfigPath?: string, port?: number): Promise<HttpServer | HttpsServer>;

package/dist/server/index.js

@@ -0,0 +1,432 @@
+#!/usr/bin/env node
+import http, { createServer } from 'node:http';
+import https, { createServer as createHttpsServer } from 'node:https';
+import { promises as fsPromises, readFileSync } from 'node:fs';
+import { load } from 'js-yaml';
+import fetch from 'node-fetch';
+import { homedir } from 'os';
+import { join, resolve } from 'path';
+import { URL } from 'url';
+import logger from "../utils/logger.js";
+import ConcurrencyLimiter from "../utils/ConcurrencyLimiter.js";
+import { gracefulShutdown, registerProcessShutdownHook } from "./gracefullShutdown.js";
+import { writePortFile } from "../port.js";
+const { readFile } = fsPromises;
+const limiter = new ConcurrencyLimiter(Infinity);
+function removeEndingSlashAndForceStartingSlash(str) {
+    if (!str)
+        return '/';
+    let trimmed = str.trim();
+    if (trimmed === '/')
+        return '/';
+    if (trimmed === '')
+        return '/';
+    if (!trimmed.startsWith('/'))
+        trimmed = '/' + trimmed;
+    return trimmed.replace(/\/+$/, '');
+}
+function normalizeUrl(httpOrHttpsUrl) {
+    if (!httpOrHttpsUrl.startsWith("http"))
+        throw new Error("http(s) url must starts with 'http(s)://'");
+    try {
+        const urlObj = new URL(httpOrHttpsUrl);
+        if (urlObj.protocol === 'http:' && (urlObj.port === '80' || urlObj.port === '')) {
+            urlObj.port = '';
+        }
+        else if (urlObj.protocol === 'https:' && (urlObj.port === '443' || urlObj.port === '')) {
+            urlObj.port = '';
+        }
+        return urlObj.toString().replace(/\/+$/, '');
+    }
+    catch (e) {
+        throw new Error(`Invalid URL: ${httpOrHttpsUrl}`, { cause: e });
+    }
+}
+function resolvePath(path) {
+    return path.startsWith('~/') ? join(homedir(), path.slice(2)) : resolve(path);
+}
+function removeRegistryPrefix(tarballUrl, registries) {
+    const normalizedTarball = normalizeUrl(tarballUrl);
+    const normalizedRegistries = registries
+        .map(r => normalizeUrl(r.normalizedRegistryUrl))
+        .sort((a, b) => b.length - a.length);
+    for (const normalizedRegistry of normalizedRegistries) {
+        if (normalizedTarball.startsWith(normalizedRegistry)) {
+            return normalizedTarball.slice(normalizedRegistry.length) || '/';
+        }
+    }
+    throw new Error(`Can't find tarball url ${tarballUrl} does not match given registries ${normalizedRegistries}`);
+}
+async function readProxyConfig(proxyConfigPath = './.registry-proxy.yml') {
+    let config = undefined;
+    const resolvedPath = resolvePath(proxyConfigPath);
+    try {
+        const content = await readFile(resolvedPath, 'utf8');
+        config = load(content);
+    }
+    catch (e) {
+        logger.error(`Failed to load proxy config from ${resolvedPath}:`, e);
+        await gracefulShutdown();
+    }
+    if (!config?.registries) {
+        logger.error('Missing required "registries" field in config');
+        await gracefulShutdown();
+    }
+    return config;
+}
+async function readYarnConfig(path) {
+    try {
+        const content = await readFile(resolvePath(path), 'utf8');
+        return load(content);
+    }
+    catch (e) {
+        logger.warn(`Failed to load Yarn config from ${path}:`, e);
+        return {};
+    }
+}
+async function loadProxyInfo(proxyConfigPath = './.registry-proxy.yml', localYarnConfigPath = './.yarnrc.yml', globalYarnConfigPath = join(homedir(), '.yarnrc.yml')) {
+    const [proxyConfig, localYarnConfig, globalYarnConfig] = await Promise.all([
+        readProxyConfig(proxyConfigPath),
+        readYarnConfig(localYarnConfigPath),
+        readYarnConfig(globalYarnConfigPath)
+    ]);
+    const registryMap = new Map();
+    for (const [proxiedRegUrl, proxyRegConfig] of Object.entries(proxyConfig.registries)) {
+        const normalizedProxiedRegUrl = normalizeUrl(proxiedRegUrl);
+        let token = proxyRegConfig?.npmAuthToken;
+        if (!token) {
+            const yarnConfigs = [localYarnConfig, globalYarnConfig];
+            for (const yarnConfig of yarnConfigs) {
+                if (yarnConfig.npmRegistries) {
+                    const foundEntry = Object.entries(yarnConfig.npmRegistries)
+                        .find(([registryUrl]) => normalizedProxiedRegUrl === normalizeUrl(registryUrl));
+                    if (foundEntry) {
+                        const [, registryConfig] = foundEntry;
+                        if (registryConfig?.npmAuthToken) {
+                            token = registryConfig.npmAuthToken;
+                            break;
+                        }
+                    }
+                }
+            }
+        }
+        registryMap.set(normalizedProxiedRegUrl, { normalizedRegistryUrl: normalizedProxiedRegUrl, token });
+    }
+    const registries = Array.from(registryMap.values());
+    const https = proxyConfig.https;
+    const basePath = removeEndingSlashAndForceStartingSlash(proxyConfig.basePath);
+    return { registries, https, basePath };
+}
+async function fetchFromRegistry(registry, targetUrl, reqFromDownstreamClient, limiter) {
+    await limiter.acquire();
+    try {
+        logger.info(`Fetching from upstream: ${targetUrl}`);
+        const headersFromDownstreamClient = reqFromDownstreamClient.headers;
+        const authorizationHeaders = registry.token ? { Authorization: `Bearer ${registry.token}` } : {};
+        // 合并 headersFromDownstreamClient 和 authorizationHeaders
+        const mergedHeaders = { ...headersFromDownstreamClient, ...authorizationHeaders, };
+        // (mergedHeaders as any).connection = "keep-alive"; 不允许私自添加 connection: keep-alive header，应当最终下游客户端自己的选择
+        // 替换“Host”头为upstream的host
+        const upstreamHost = new URL(registry.normalizedRegistryUrl).host;
+        if (mergedHeaders.host) {
+            logger.info(`Replace 'Host=${mergedHeaders.host}' header in downstream request to upstream 'Host=${upstreamHost}' header when proxying to upstream ${targetUrl}.`);
+            mergedHeaders.host = upstreamHost;
+        }
+        const response = await fetch(targetUrl, { headers: mergedHeaders });
+        if (response.ok) {
+            logger.debug(`Success response from upstream ${targetUrl}: ${response.status} ${response.statusText}
+            content-type=${response.headers.get('content-type')} content-encoding=${response.headers.get('content-encoding')} content-length=${response.headers.get('content-length')} transfer-encoding=${response.headers.get('transfer-encoding')}`);
+            return response;
+        }
+        else {
+            logger.info(`Failure response from upstream ${targetUrl}: ${response.status} ${response.statusText} 
+            content-type=${response.headers.get('content-type')} content-encoding=${response.headers.get('content-encoding')} content-length=${response.headers.get('content-length')} transfer-encoding=${response.headers.get('transfer-encoding')}
+            body=${await response.text()}`);
+            return null;
+        }
+    }
+    catch (e) {
+        if (e instanceof Error) {
+            logger.error(e.code === 'ECONNREFUSED'
+                ? `Registry ${registry.normalizedRegistryUrl} unreachable [ECONNREFUSED]`
+                : `Error from ${registry.normalizedRegistryUrl}: ${e.message}`);
+        }
+        else {
+            logger.error("Unknown error", e);
+        }
+        return null;
+    }
+    finally {
+        limiter.release();
+    }
+}
+async function writeResponseToDownstreamClient(registryInfo, targetUrl, resToDownstreamClient, upstreamResponse, reqFromDownstreamClient, proxyInfo, proxyPort, registryInfos) {
+    logger.info(`Writing upstream registry server ${registryInfo.normalizedRegistryUrl}'s ${upstreamResponse.status}${upstreamResponse.statusText ? (' "' + upstreamResponse.statusText + '"') : ''} response to downstream client.`);
+    if (!upstreamResponse.ok)
+        throw new Error("Only 2xx upstream response is supported");
+    try {
+        const contentType = upstreamResponse.headers.get("content-type");
+        if (!contentType) {
+            logger.error(`Response from upstream content-type header is absent, ${targetUrl} `);
+            await gracefulShutdown();
+        }
+        else if (contentType.includes('application/json')) { // JSON 处理逻辑
+            const data = await upstreamResponse.json();
+            if (data.versions) { // 处理node依赖包元数据
+                logger.info("Write package meta data application/json response from upstream to downstream", targetUrl);
+                const host = reqFromDownstreamClient.headers.host /*|| `[::1]:${proxyPort}`*/;
+                const baseUrl = `${proxyInfo.https ? 'https' : 'http'}://${host}${proxyInfo.basePath === '/' ? '' : proxyInfo.basePath}`;
+                for (const versionKey in data.versions) {
+                    const packageVersion = data.versions[versionKey];
+                    const tarball = packageVersion?.dist?.tarball;
+                    if (tarball) {
+                        const path = removeRegistryPrefix(tarball, registryInfos);
+                        const proxiedTarballUrl = `${baseUrl}${path}${new URL(tarball).search || ''}`;
+                        packageVersion.dist.tarball = proxiedTarballUrl;
+                    }
+                }
+            }
+            else {
+                logger.info("Write none meta data application/json response from upstream to downstream", targetUrl);
+            }
+            const bodyData = JSON.stringify(data);
+            resToDownstreamClient.removeHeader('Transfer-Encoding');
+            // 默认是 connection: keep-alive 和 keep-alive: timeout=5，这里直接给它咔嚓掉
+            resToDownstreamClient.setHeader('Connection', 'close');
+            resToDownstreamClient.removeHeader('Keep-Alive');
+            resToDownstreamClient.setHeader('content-type', contentType);
+            resToDownstreamClient.setHeader('content-length', Buffer.byteLength(bodyData));
+            logger.info(`Response to downstream client headers`, JSON.stringify(resToDownstreamClient.getHeaders()), targetUrl);
+            resToDownstreamClient.writeHead(upstreamResponse.status).end(bodyData);
+        }
+        else if (contentType.includes('application/octet-stream')) { // 二进制流处理
+            logger.info("Write application/octet-stream response from upstream to downstream", targetUrl);
+            if (!upstreamResponse.body) {
+                logger.error(`Empty response body from upstream ${targetUrl}`);
+                resToDownstreamClient.writeHead(502).end('Empty Upstream Response');
+            }
+            else {
+                // write back to client
+                // 准备通用响应头信息
+                const safeHeaders = new Map();
+                safeHeaders.set("Content-Type", contentType);
+                // 复制所有可能需要的头信息（不包含安全相关的敏感头信息，如access-control-allow-origin、set-cookie、server、strict-transport-security等，这意味着代理服务器向下游客户端屏蔽了这些认证等安全数据）
+                // 也不能包含cf-cache-status、cf-ray（Cloudflare 特有字段）可能干扰客户端解析。
+                const headersToCopy = ['cache-control', 'connection', 'content-encoding', 'content-length', /*'date',*/ 'etag', 'last-modified', 'transfer-encoding', 'vary',];
+                headersToCopy.forEach(header => {
+                    const value = upstreamResponse.headers.get(header);
+                    if (value)
+                        safeHeaders.set(header, value);
+                });
+                // 必须使用 ServerResponse.setHeaders(safeHeaders)来覆盖现有headers而不是ServerResponse.writeHead(status,headers)来合并headers！
+                // 这个坑害我浪费很久事件来调试！
+                resToDownstreamClient.setHeaders(safeHeaders);
+                // 调试代码
+                resToDownstreamClient.removeHeader('content-encoding');
+                resToDownstreamClient.removeHeader('Transfer-Encoding');
+                resToDownstreamClient.removeHeader('content-length');
+                resToDownstreamClient.setHeader('transfer-encoding', 'chunked');
+                // 默认是 connection: keep-alive 和 keep-alive: timeout=5，这里直接给它咔嚓掉
+                resToDownstreamClient.removeHeader('connection');
+                resToDownstreamClient.setHeader('connection', 'close');
+                resToDownstreamClient.removeHeader('Keep-Alive');
+                resToDownstreamClient.removeHeader('content-type');
+                resToDownstreamClient.setHeader('content-type', contentType);
+                logger.info(`Response to downstream client headers`, JSON.stringify(resToDownstreamClient.getHeaders()), targetUrl);
+                // 不再writeHead()而是设置状态码，然后执行pipe操作
+                resToDownstreamClient.statusCode = upstreamResponse.status;
+                resToDownstreamClient.statusMessage = upstreamResponse.statusText;
+                // resToDownstreamClient.writeHead(upstreamResponse.status);
+                // stop pipe when req from client is closed accidentally.
+                const cleanup = () => {
+                    reqFromDownstreamClient.off('close', cleanup);
+                    logger.info(`Req from downstream client is closed, stop pipe from upstream ${targetUrl} to downstream client.`);
+                    // upstreamResponse.body?.unpipe();
+                };
+                reqFromDownstreamClient.on('close', cleanup);
+                reqFromDownstreamClient.on('end', () => logger.info("Req from downstream client ends."));
+                // clean up when server closes connection to downstream client.
+                const cleanup0 = () => {
+                    resToDownstreamClient.off('close', cleanup0);
+                    logger.info(`Close connection to downstream client, upstream url is ${targetUrl}`);
+                    // upstreamResponse.body?.unpipe();
+                };
+                resToDownstreamClient.on('close', cleanup0);
+                // write back body data (chunked probably)
+                // pipe upstream body to downstream client
+                upstreamResponse.body.pipe(resToDownstreamClient, { end: true });
+                upstreamResponse.body
+                    .on('data', (chunk) => logger.debug(`Chunk transferred from ${targetUrl} to downstream client size=${chunk.length}`))
+                    .on('end', () => {
+                    logger.info(`Upstream server ${targetUrl} response.body ended.`);
+                    // resToDownstreamClient.end();
+                })
+                    // connection will be closed automatically when all chunk data is transferred (after stream ends).
+                    .on('close', () => {
+                    logger.info(`Upstream server ${targetUrl} closed connection.`);
+                })
+                    .on('error', (err) => {
+                    const errMsg = `Stream error: ${err.message}`;
+                    logger.error(errMsg);
+                    resToDownstreamClient.destroy(new Error(errMsg, { cause: err, }));
+                    reqFromDownstreamClient.destroy(new Error(errMsg, { cause: err, }));
+                });
+            }
+        }
+        else {
+            logger.warn(`Write unsupported content-type=${contentType} response from upstream to downstream ${targetUrl}`);
+            const bodyData = await upstreamResponse.text();
+            resToDownstreamClient.removeHeader('Transfer-Encoding');
+            // 默认是 connection: keep-alive 和 keep-alive: timeout=5，这里直接给它咔嚓掉
+            resToDownstreamClient.setHeader('Connection', 'close');
+            resToDownstreamClient.removeHeader('Keep-Alive');
+            resToDownstreamClient.setHeader('content-type', contentType);
+            resToDownstreamClient.setHeader('content-length', Buffer.byteLength(bodyData));
+            logger.info(`Response to downstream client headers`, JSON.stringify(resToDownstreamClient.getHeaders()), targetUrl);
+            resToDownstreamClient.writeHead(upstreamResponse.status).end(bodyData);
+        }
+    }
+    catch (err) {
+        logger.error('Failed to write upstreamResponse:', err);
+        if (!resToDownstreamClient.headersSent) {
+            resToDownstreamClient.writeHead(502).end('Internal Server Error');
+        }
+    }
+}
+function getDownstreamClientIp(req) {
+    // 如果经过代理（如 Nginx），取 X-Forwarded-For 的第一个 IP
+    const forwardedFor = req.headers['x-forwarded-for'];
+    if (forwardedFor) {
+        return forwardedFor.toString().split(',')[0].trim();
+    }
+    // 直接连接时，取 socket.remoteAddress
+    return req.socket.remoteAddress;
+}
+export async function startProxyServer(proxyConfigPath, localYarnConfigPath, globalYarnConfigPath, port = 0) {
+    const proxyInfo = await loadProxyInfo(proxyConfigPath, localYarnConfigPath, globalYarnConfigPath);
+    const registryInfos = proxyInfo.registries;
+    const basePathPrefixedWithSlash = removeEndingSlashAndForceStartingSlash(proxyInfo.basePath);
+    logger.info('Active registries:', registryInfos.map(r => r.normalizedRegistryUrl));
+    logger.info('Proxy base path:', basePathPrefixedWithSlash);
+    logger.info('HTTPS:', !!proxyInfo.https);
+    const requestHandler = async (reqFromDownstreamClient, resToDownstreamClient) => {
+        const downstreamUserAgent = reqFromDownstreamClient.headers["user-agent"]; // "curl/x.x.x"
+        const downstreamIp = getDownstreamClientIp(reqFromDownstreamClient);
+        const downstreamRequestedHttpMethod = reqFromDownstreamClient.method; // "GET", "POST", etc.
+        const downstreamRequestedHost = reqFromDownstreamClient.headers.host; // "example.com:8080"
+        const downstreamRequestedFullPath = reqFromDownstreamClient.url; //  "/some/path?param=1&param=2"
+        logger.info(`Received downstream request from '${downstreamUserAgent}' ${downstreamIp} ${downstreamRequestedHttpMethod} ${downstreamRequestedHost} ${downstreamRequestedFullPath}
+        Proxy server request handler rate limit is ${limiter.maxConcurrency}`);
+        if (!downstreamRequestedFullPath || !downstreamRequestedHost) {
+            logger.warn(`400 Invalid Request, downstream ${downstreamUserAgent} req.url is absent or downstream.headers.host is absent.`);
+            resToDownstreamClient.writeHead(400).end('Invalid Request');
+            return;
+        }
+        const baseUrl = `${proxyInfo.https ? 'https' : 'http'}://${downstreamRequestedHost}`;
+        const fullUrl = new URL(downstreamRequestedFullPath, baseUrl);
+        if (!fullUrl.pathname.startsWith(basePathPrefixedWithSlash)) {
+            resToDownstreamClient.writeHead(404).end('Not Found');
+            return;
+        }
+        const path = basePathPrefixedWithSlash === '/'
+            ? fullUrl.pathname
+            : fullUrl.pathname.slice(basePathPrefixedWithSlash.length);
+        const search = fullUrl.search || '';
+        const targetPath = path + search;
+        logger.info(`Proxying to ${targetPath}`);
+        // 按配置顺序尝试注册表，获取第一个成功响应
+        let successfulResponseFromUpstream = null;
+        let targetRegistry = null;
+        let targetUrl = null;
+        for (const registry_i of registryInfos) {
+            targetRegistry = registry_i;
+            targetUrl = `${targetRegistry.normalizedRegistryUrl}${targetPath}`;
+            if (reqFromDownstreamClient.destroyed) {
+                // 如果下游客户端自己提前断开（或取消）请求，那么这里不再逐个fallback方式请求（fetch）上游数据了，直接退出循环并返回
+                logger.warn(`Downstream ${reqFromDownstreamClient.headers["user-agent"]} request is destroyed, no need to proxy request to upstream ${targetUrl} any more.`);
+                return;
+            }
+            const okResponseOrNull = await fetchFromRegistry(targetRegistry, targetUrl, reqFromDownstreamClient, limiter);
+            if (okResponseOrNull) {
+                successfulResponseFromUpstream = okResponseOrNull;
+                break;
+            }
+        }
+        // 统一回写响应
+        if (successfulResponseFromUpstream) {
+            await writeResponseToDownstreamClient(targetRegistry, targetUrl, resToDownstreamClient, successfulResponseFromUpstream, reqFromDownstreamClient, proxyInfo, port, registryInfos);
+        }
+        else {
+            resToDownstreamClient.writeHead(404).end('All upstream registries failed');
+        }
+    };
+    let server;
+    if (proxyInfo.https) {
+        const { key, cert } = proxyInfo.https;
+        const keyPath = resolvePath(key);
+        const certPath = resolvePath(cert);
+        try {
+            await fsPromises.access(keyPath);
+            await fsPromises.access(certPath);
+        }
+        catch (e) {
+            logger.error(`HTTPS config error: key or cert file not found`, e);
+            await gracefulShutdown();
+        }
+        const httpsOptions = {
+            key: readFileSync(keyPath),
+            cert: readFileSync(certPath),
+        };
+        server = createHttpsServer(httpsOptions, requestHandler);
+        logger.info("Proxy server's maxSockets is", https.globalAgent.maxSockets);
+    }
+    else {
+        server = createServer(requestHandler);
+        logger.info("Proxy server's maxSockets is", http.globalAgent.maxSockets);
+    }
+    // server参数暂时写死
+    const serverMaxConnections = 10000;
+    const serverTimeoutMs = 60000;
+    logger.info(`Proxy server's initial maxConnections is ${server.maxConnections}, adjusting to ${serverMaxConnections}`);
+    server.maxConnections = serverMaxConnections;
+    logger.info(`Proxy server's initial timeout is ${server.timeout}ms, adjusting to ${serverTimeoutMs}ms`);
+    server.timeout = serverTimeoutMs;
+    const promisedServer = new Promise((resolve, reject) => {
+        const errHandler = async (err) => {
+            if (err.code === 'EADDRINUSE') {
+                logger.error(`Port ${port} is in use, please specify a different port or free it.`, err);
+                await gracefulShutdown();
+            }
+            logger.error('Server error:', err);
+            reject(err);
+        };
+        const connectionHandler = (socket) => {
+            logger.info("Server on connection");
+            socket.setTimeout(60000);
+            socket.setKeepAlive(true, 30000);
+        };
+        server.on('error', errHandler /*this handler will call 'reject'*/);
+        server.on('connection', connectionHandler);
+        // 为了代理服务器的安全性，暂时只监听本机ipv6地址【::1】，不能对本机之外暴露本代理服务地址避免造成安全隐患
+        // 注意：截止目前yarn客户端如果通过localhost:<port>来访问本服务，可能会报错ECONNREFUSED错误码，原因是yarn客户端环境解析“localhost”至多个地址，它会尝试轮询每个地址。
+        const ipv6OnlyHost = '::1';
+        const listenOptions = { port, host: ipv6OnlyHost, ipv6Only: true };
+        server.listen(listenOptions, async () => {
+            const addressInfo = server.address();
+            port = addressInfo.port; // 回写上层局部变量
+            await writePortFile(port);
+            logger.info(`Proxy server running on ${proxyInfo.https ? 'https' : 'http'}://[${ipv6OnlyHost}]:${port}${basePathPrefixedWithSlash === '/' ? '' : basePathPrefixedWithSlash}`);
+            resolve(server);
+        });
+    });
+    return promisedServer;
+}
+// 当前模块是否是直接运行的入口文件，而不是被其他模块导入的
+if (import.meta.url === `file://${process.argv[1]}`) {
+    registerProcessShutdownHook();
+    const [, , configPath, localYarnPath, globalYarnPath, port] = process.argv;
+    startProxyServer(configPath, localYarnPath, globalYarnPath, parseInt(port, 10) || 0).catch(async (err) => {
+        logger.error('Failed to start server:', err);
+        await gracefulShutdown();
+    });
+}

package/package.json

@@ -1,11 +1,11 @@
 {
   "name": "com.jimuwd.xian.registry-proxy",
-  "version": "1.0.129",
+  "version": "1.0.131",
   "description": "A lightweight npm registry proxy with fallback support",
   "type": "module",
-  "main": "dist/index.js",
+  "main": "dist/server/index.js",
   "bin": {
-    "registry-proxy": "dist/index.js"
+    "registry-proxy": "dist/server/index.js"
   },
   "files": [
     "dist"
@@ -15,6 +15,7 @@
     "deploy": "yarn build && yarn npm publish"
   },
   "dependencies": {
+    "execa": "9.5.2",
     "js-yaml": "4.1.0",
     "node-fetch": "3.3.2"
   },