Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: npm/npm-registry-fetch
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 4b629800a72bc5ed992554f8ca6b52178d91f306
Choose a base ref
...
head repository: npm/npm-registry-fetch
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 62ce833c8c01a1a307bcdf36d472b36b5b79bf81
Choose a head ref
  • 16 commits
  • 10 files changed
  • 6 contributors

Commits on Jul 15, 2019

  1. cacache@12.0.0, infer uid from cache folder 

    BREAKING CHANGE: uid and gid are inferred from cache folder, rather than
being passed in as options.
    @isaacs
    isaacs committed Jul 15, 2019

    Unverified

    This commit is not signed, but one or more authors requires that any commit attributed to them is signed.
    Learn about vigilant mode
    Copy the full SHA
    0c4f060 View commit details

  2. chore(release): 4.0.0

    @isaacs
    isaacs committed Jul 15, 2019

    Verified

    This commit was signed with the committer’s verified signature.
    zimme Simon Fridlund
    GPG key ID: F68EEAFE7927D3FF
    Verified
    Learn about vigilant mode
    Copy the full SHA
    5dbd1d7 View commit details

Commits on Sep 13, 2019

  1. fix(deps): Add explicit dependency on safe-buffer 

    This removes an implicit transitive dependency that itself relies on node_modules being flattened by package managers.

Without this explicit dependency, stricter package managers like pnpm fail to install a usable copy of this library.

Refs npm/libnpmaccess#2
Fixes #3
    @evocateur @ruyadorno
    evocateur authored and ruyadorno committed Sep 13, 2019

    Verified

    This commit was signed with the committer’s verified signature.
    zimme Simon Fridlund
    GPG key ID: F68EEAFE7927D3FF
    Verified
    Learn about vigilant mode
    Copy the full SHA
    8eae5f0 View commit details

  2. chore(release): 4.0.1

    @ruyadorno
    ruyadorno committed Sep 13, 2019

    Verified

    This commit was signed with the committer’s verified signature.
    zimme Simon Fridlund
    GPG key ID: F68EEAFE7927D3FF
    Verified
    Learn about vigilant mode
    Copy the full SHA
    49059f0 View commit details

  3. test(check-response): Added missing tests 

    - Added test coverage for warning header usage cases
- Added missing check for silenced errors when reading Responses
- Added check for correctly logging x-fetch-attempts header value
    @ruyadorno
    ruyadorno committed Sep 13, 2019

    Verified

    This commit was signed with the committer’s verified signature.
    zimme Simon Fridlund
    GPG key ID: F68EEAFE7927D3FF
    Verified
    Learn about vigilant mode
    Copy the full SHA
    ff5f990 View commit details

Commits on Oct 4, 2019

  1. fix: Add null check on body on 401 errors 

    PR-URL: #9
Credit: @plchampigny
Close: #9
Reviewed-by: @isaacs
    @plchampigny @isaacs
    plchampigny authored and isaacs committed Oct 4, 2019

    Verified

    This commit was signed with the committer’s verified signature.
    zimme Simon Fridlund
    GPG key ID: F68EEAFE7927D3FF
    Verified
    Learn about vigilant mode
    Copy the full SHA
    e3a0186 View commit details

  2. chore(release): 4.0.2

    @isaacs
    isaacs committed Oct 4, 2019

    Verified

    This commit was signed with the committer’s verified signature.
    zimme Simon Fridlund
    GPG key ID: F68EEAFE7927D3FF
    Verified
    Learn about vigilant mode
    Copy the full SHA
    b758555 View commit details

Commits on Jan 29, 2020

  1. fix: always bypass cache when ?write=true 

    The npm CLI makes GET requests with ?write=true in some cases where it's
intending to send an immediate PUT or DELETE.  Always bypass the cache
for such requests, mirroring the behavior of the registry caching
mechanisms.

Back-ported for v4.
    @isaacs
    isaacs committed Jan 29, 2020

    Verified

    This commit was signed with the committer’s verified signature.
    zimme Simon Fridlund
    GPG key ID: F68EEAFE7927D3FF
    Verified
    Learn about vigilant mode
    Copy the full SHA
    ba8b4fe View commit details

Commits on Feb 13, 2020

  1. chore(doc): document the effect of ?write=true on caching 

    PR-URL: #19
Credit: @isaacs
Close: #19
Reviewed-by: @isaacs
    @isaacs
    isaacs committed Feb 13, 2020

    Verified

    This commit was signed with the committer’s verified signature.
    zimme Simon Fridlund
    GPG key ID: F68EEAFE7927D3FF
    Verified
    Learn about vigilant mode
    Copy the full SHA
    fe7b129 View commit details

  2. fix: use 30s default for timeout as per README 

    PR-URL: #20
Credit: @h4l
Close: #20
Reviewed-by: @isaacs
    @h4l @isaacs
    h4l authored and isaacs committed Feb 13, 2020

    Verified

    This commit was signed with the committer’s verified signature.
    zimme Simon Fridlund
    GPG key ID: F68EEAFE7927D3FF
    Verified
    Learn about vigilant mode
    Copy the full SHA
    69c2977 View commit details

  3. chore: publish as latest-v4

    @isaacs
    isaacs committed Feb 13, 2020

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
    GPG key ID: 4AEE18F83AFDEB23
    Expired
    Verified
    Learn about vigilant mode
    Copy the full SHA
    d7d8c58 View commit details

  4. chore(release): 4.0.3

    @isaacs
    isaacs committed Feb 13, 2020

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
    GPG key ID: 4AEE18F83AFDEB23
    Expired
    Verified
    Learn about vigilant mode
    Copy the full SHA
    2e0c446 View commit details

Commits on Apr 28, 2020

  1. Put default timeout back to zero 

    Re: #26
Re: npm/cli#1151

The documented default timeout of 30s was not being set in v4, so we
"fixed the glitch" in v4.0.3, causing problems for people trying to
download large packages.

There's no npm v6 way to specify what timeout to use, so not having a
timeout at all seems like a reasonable default for the v4 line, at
least. Let's roll back that change, and document it. (Arguably, fixing
this bug was a breaking change, and we ought to roll it back.)

This effectively reverts 69c2977, with
documentation of the effective behavior before the change.

PR-URL: #27
Credit: @isaacs
Close: #27
Reviewed-by: @isaacs
    @isaacs
    isaacs committed Apr 28, 2020

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
    GPG key ID: 4AEE18F83AFDEB23
    Expired
    Verified
    Learn about vigilant mode
    Copy the full SHA
    fc5d94c View commit details

  2. chore(release): 4.0.4

    @isaacs
    isaacs committed Apr 28, 2020

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
    GPG key ID: 4AEE18F83AFDEB23
    Expired
    Verified
    Learn about vigilant mode
    Copy the full SHA
    71ab0e7 View commit details

Commits on Jun 30, 2020

  1. chore: remove basic auth data from logs

    @claudiahdz
    claudiahdz authored and Claudia Hernández committed Jun 30, 2020

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
    GPG key ID: 4AEE18F83AFDEB23
    Expired
    Verified
    Learn about vigilant mode
    Copy the full SHA
    43a5d84 View commit details

  2. chore(release): 4.0.5

    @claudiahdz
    claudiahdz committed Jun 30, 2020

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
    GPG key ID: 4AEE18F83AFDEB23
    Expired
    Verified
    Learn about vigilant mode
    Copy the full SHA
    62ce833 View commit details
Showing with 316 additions and 65 deletions.
  1. +46 −0 CHANGELOG.md
  2. +30 −3 README.md
  3. +12 −2 check-response.js
  4. +3 −3 config.js
  5. +23 −13 index.js
  6. +48 −40 package-lock.json
  7. +8 −4 package.json
  8. +67 −0 test/check-response.js
  9. +32 −0 test/config.js
  10. +47 −0 test/index.js
46 changes: 46 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
@@ -2,6 +2,52 @@

All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.

<a name="4.0.5"></a>
## [4.0.5](https://github.com/npm/registry-fetch/compare/v4.0.4...v4.0.5) (2020-06-30)



<a name="4.0.4"></a>
## [4.0.4](https://github.com/npm/registry-fetch/compare/v4.0.3...v4.0.4) (2020-04-28)



<a name="4.0.3"></a>
## [4.0.3](https://github.com/npm/registry-fetch/compare/v4.0.2...v4.0.3) (2020-02-13)


### Bug Fixes

* always bypass cache when ?write=true ([ba8b4fe](https://github.com/npm/registry-fetch/commit/ba8b4fe))
* use 30s default for timeout as per README ([69c2977](https://github.com/npm/registry-fetch/commit/69c2977)), closes [#20](https://github.com/npm/registry-fetch/issues/20)



<a name="4.0.2"></a>
## [4.0.2](https://github.com/npm/registry-fetch/compare/v4.0.0...v4.0.2) (2019-10-04)


### Bug Fixes

* Add null check on body on 401 errors ([e3a0186](https://github.com/npm/registry-fetch/commit/e3a0186)), closes [#9](https://github.com/npm/registry-fetch/issues/9)
* **deps:** Add explicit dependency on safe-buffer ([8eae5f0](https://github.com/npm/registry-fetch/commit/8eae5f0)), closes [npm/libnpmaccess#2](https://github.com/npm/libnpmaccess/issues/2) [#3](https://github.com/npm/registry-fetch/issues/3)



<a name="4.0.0"></a>
# [4.0.0](https://github.com/npm/registry-fetch/compare/v3.9.1...v4.0.0) (2019-07-15)


* cacache@12.0.0, infer uid from cache folder ([0c4f060](https://github.com/npm/registry-fetch/commit/0c4f060))


### BREAKING CHANGES

* uid and gid are inferred from cache folder, rather than
being passed in as options.



<a name="3.9.1"></a>
## [3.9.1](https://github.com/npm/registry-fetch/compare/v3.9.0...v3.9.1) (2019-07-02)

33 changes: 30 additions & 3 deletions README.md
View file
Original file line number Diff line number Diff line change
@@ -50,6 +50,25 @@ Happy hacking!

### API

#### Caching and `write=true` query strings

Before performing any PUT or DELETE operation, npm clients first make a
GET request to the registry resource being updated, which includes
the query string `?write=true`.

The semantics of this are, effectively, "I intend to write to this thing,
and need to know the latest current value, so that my write can land
cleanly".

The public npm registry handles these `?write=true` requests by ensuring
that the cache is re-validated before sending a response. In order to
maintain the same behavior on the client, and not get tripped up by an
overeager local cache when we intend to write data to the registry, any
request that comes through `npm-registry-fetch` that contains `write=true`
in the query string will forcibly set the `prefer-online` option to `true`,
and set both `prefer-offline` and `offline` to false, so that any local
cached value will be revalidated.

#### <a name="fetch"></a> `> fetch(url, [opts]) -> Promise<Response>`

Performs a request to a given URL.
@@ -391,6 +410,9 @@ Force offline mode: no network requests will be done during install. To allow
This option is only really useful if you're also using
[`opts.cache`](#opts-cache).

This option is set to `true` when the request includes `write=true` in the
query string.

##### <a name="opts-otp"></a> `opts.otp`

* Type: Number | String
@@ -402,7 +424,7 @@ account.

##### <a name="opts-password"></a> `opts.password`

* Alias: _password
* Alias: `_password`
* Type: String
* Default: null

@@ -432,6 +454,9 @@ will be requested from the server. To force full offline mode, use
This option is generally only useful if you're also using
[`opts.cache`](#opts-cache).

This option is set to `false` when the request includes `write=true` in the
query string.

##### <a name="opts-prefer-online"></a> `opts.prefer-online`

* Type: Boolean
@@ -443,6 +468,8 @@ for updates immediately even for fresh package data.
This option is generally only useful if you're also using
[`opts.cache`](#opts-cache).

This option is set to `true` when the request includes `write=true` in the
query string.

##### <a name="opts-project-scope"></a> `opts.project-scope`

@@ -554,7 +581,7 @@ See also [`opts.ca`](#opts-ca).
##### <a name="opts-timeout"></a> `opts.timeout`

* Type: Milliseconds
* Default: 30000 (30 seconds)
* Default: 0 (no timeout)

Time before a hanging request times out.

@@ -606,4 +633,4 @@ See also [`opts.password`](#opts-password)
* Default: null

** DEPRECATED ** This is a legacy authentication token supported only for
*compatibility. Please use [`opts.token`](#opts-token) instead.
compatibility. Please use [`opts.token`](#opts-token) instead.
14 changes: 12 additions & 2 deletions check-response.js
View file
Original file line number Diff line number Diff line change
@@ -29,9 +29,19 @@ function logRequest (method, res, startTime, opts) {
const attempt = res.headers.get('x-fetch-attempts')
const attemptStr = attempt && attempt > 1 ? ` attempt #${attempt}` : ''
const cacheStr = res.headers.get('x-local-cache') ? ' (from cache)' : ''

let urlStr
try {
const URL = require('url')
const url = new URL(res.url)
urlStr = res.url.replace(url.password, '***')
} catch (er) {
urlStr = res.url
}

opts.log.http(
'fetch',
`${method.toUpperCase()} ${res.status} ${res.url} ${elapsedTime}ms${attemptStr}${cacheStr}`
`${method.toUpperCase()} ${res.status} ${urlStr} ${elapsedTime}ms${attemptStr}${cacheStr}`
)
}

@@ -95,7 +105,7 @@ function checkErrors (method, res, startTime, opts) {
method, res, parsed, opts.spec
)
}
} else if (res.status === 401 && /one-time pass/.test(body.toString('utf8'))) {
} else if (res.status === 401 && body != null && /one-time pass/.test(body.toString('utf8'))) {
// Heuristic for malformed OTP responses that don't include the www-authenticate header.
throw new errors.HttpErrorAuthOTP(
method, res, parsed, opts.spec
6 changes: 3 additions & 3 deletions config.js
View file
Original file line number Diff line number Diff line change
@@ -19,7 +19,6 @@ module.exports = figgyPudding({
'fetch-retry-mintimeout': {},
'force-auth': {},
forceAuth: 'force-auth',
'gid': {},
'gzip': {},
'headers': {},
'https-proxy': {},
@@ -76,8 +75,9 @@ module.exports = figgyPudding({
'scope': {},
'spec': {},
'strict-ssl': {},
'timeout': {},
'uid': {},
'timeout': {
default: 0
},
'user-agent': {
default: `${
pkg.name
36 changes: 23 additions & 13 deletions index.js
View file
Original file line number Diff line number Diff line change
@@ -53,26 +53,38 @@ function regFetch (uri, opts) {
})
}
}
if (opts.query) {
let q = opts.query

let q = opts.query
if (q) {
if (typeof q === 'string') {
q = qs.parse(q)
} else if (typeof q !== 'object') {
throw new TypeError('invalid query option, must be string or object')
}
Object.keys(q).forEach(key => {
if (q[key] === undefined) {
delete q[key]
}
})
if (Object.keys(q).length) {
const parsed = url.parse(uri)
parsed.search = '?' + qs.stringify(
parsed.query
? Object.assign(qs.parse(parsed.query), q)
: q
)
uri = url.format(parsed)
}
const parsed = url.parse(uri)

const query = parsed.query ? Object.assign(qs.parse(parsed.query), q || {})
: Object.keys(q || {}).length ? q
: null

if (query) {
if (String(query.write) === 'true' && opts.method === 'GET') {
opts = opts.concat({
offline: false,
'prefer-offline': false,
'prefer-online': true
})
}
parsed.search = '?' + qs.stringify(query)
uri = url.format(parsed)
}

return opts.Promise.resolve(body).then(body => fetch(uri, {
agent: opts.agent,
algorithms: opts.algorithms,
@@ -99,9 +111,7 @@ function regFetch (uri, opts) {
maxTimeout: opts['fetch-retry-maxtimeout']
},
strictSSL: !!opts['strict-ssl'],
timeout: opts.timeout,
uid: opts.uid,
gid: opts.gid
timeout: opts.timeout
}).then(res => checkResponse(
opts.method || 'GET', res, registry, startTime, opts
)))
Loading