reskill 1.20.2 → 1.20.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/cli/index.js
CHANGED
|
@@ -3958,8 +3958,15 @@ class RegistryResolver {
|
|
|
3958
3958
|
// 4. Download tarball
|
|
3959
3959
|
const { tarball, integrity } = await client.downloadSkill(parsed.fullName, version);
|
|
3960
3960
|
// 5. Verify integrity
|
|
3961
|
-
|
|
3962
|
-
|
|
3961
|
+
//
|
|
3962
|
+
// The server contract (rush-v2 server-api.spec.md §3.2a/3.2b) explicitly
|
|
3963
|
+
// returns an empty `x-integrity` header for local-mode publishes — i.e.
|
|
3964
|
+
// skills uploaded as a multipart tarball via the Web UI store integrity
|
|
3965
|
+
// as ''. Skip verification in that case rather than failing install.
|
|
3966
|
+
if (integrity) {
|
|
3967
|
+
const isValid = RegistryClient.verifyIntegrity(tarball, integrity);
|
|
3968
|
+
if (!isValid) throw new Error(`Integrity verification failed for ${ref}`);
|
|
3969
|
+
} else logger_logger.debug(`Server returned empty integrity for ${ref}; skipping verification (expected for local-mode publishes).`);
|
|
3963
3970
|
return {
|
|
3964
3971
|
parsed,
|
|
3965
3972
|
shortName,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"registry-resolver.d.ts","sourceRoot":"","sources":["../../src/core/registry-resolver.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;
|
|
1
|
+
{"version":3,"file":"registry-resolver.d.ts","sourceRoot":"","sources":["../../src/core/registry-resolver.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAGH,OAAO,EAGL,KAAK,qBAAqB,EAE3B,MAAM,4BAA4B,CAAC;AAQpC,MAAM,WAAW,qBAAqB;IACpC,8BAA8B;IAC9B,MAAM,EAAE,qBAAqB,CAAC;IAC9B,uCAAuC;IACvC,SAAS,EAAE,MAAM,CAAC;IAClB,uBAAuB;IACvB,OAAO,EAAE,MAAM,CAAC;IAChB,mBAAmB;IACnB,WAAW,EAAE,MAAM,CAAC;IACpB,gCAAgC;IAChC,OAAO,EAAE,MAAM,CAAC;IAChB,iCAAiC;IACjC,SAAS,EAAE,MAAM,CAAC;CACnB;AAMD,qBAAa,gBAAgB;IAC3B;;;;;;;;;;;;;OAaG;IACH,MAAM,CAAC,aAAa,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO;IAwC1C;;;;;;;;;;;;OAYG;IACG,OAAO,CACX,GAAG,EAAE,MAAM,EACX,mBAAmB,CAAC,EAAE,MAAM,EAC5B,KAAK,CAAC,EAAE,MAAM,GACb,OAAO,CAAC,qBAAqB,CAAC;IA0CjC;;;;;;OAMG;IACG,OAAO,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;CAWjE"}
|
package/dist/index.js
CHANGED
|
@@ -4343,8 +4343,15 @@ class RegistryResolver {
|
|
|
4343
4343
|
// 4. Download tarball
|
|
4344
4344
|
const { tarball, integrity } = await client.downloadSkill(parsed.fullName, version);
|
|
4345
4345
|
// 5. Verify integrity
|
|
4346
|
-
|
|
4347
|
-
|
|
4346
|
+
//
|
|
4347
|
+
// The server contract (rush-v2 server-api.spec.md §3.2a/3.2b) explicitly
|
|
4348
|
+
// returns an empty `x-integrity` header for local-mode publishes — i.e.
|
|
4349
|
+
// skills uploaded as a multipart tarball via the Web UI store integrity
|
|
4350
|
+
// as ''. Skip verification in that case rather than failing install.
|
|
4351
|
+
if (integrity) {
|
|
4352
|
+
const isValid = RegistryClient.verifyIntegrity(tarball, integrity);
|
|
4353
|
+
if (!isValid) throw new Error(`Integrity verification failed for ${ref}`);
|
|
4354
|
+
} else logger_logger.debug(`Server returned empty integrity for ${ref}; skipping verification (expected for local-mode publishes).`);
|
|
4348
4355
|
return {
|
|
4349
4356
|
parsed,
|
|
4350
4357
|
shortName,
|