diff options
| author | David Sherret <dsherret@users.noreply.github.com> | 2024-02-15 14:49:35 -0500 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-02-15 14:49:35 -0500 |
| commit | 4f80d83774ce5402a2b10503529fe422c998b841 (patch) | |
| tree | d99c2e0bdc13e36727c62800130ebcab3b85dae7 /tests/testdata | |
| parent | 052b7d8bbdb43eedcdaae1a3094a5f2c70bba279 (diff) | |
feat(unstable): single checksum per JSR package in the lockfile (#22421)
This changes the lockfile to not store JSR specifiers in the "remote"
section. Instead a single JSR integrity is stored per package in the
lockfile, which is a hash of the version's `x.x.x_meta.json` file, which
contains hashes for every file in the package. The hashes in this file
are then compared against when loading.
Additionally, when using `{ "vendor": true }` in a deno.json, the files
can be modified without causing lockfile errors—the checksum is only
checked when copying into the vendor folder and not afterwards
(eventually we should add this behaviour for non-jsr specifiers as
well). As part of this change, the `vendor` folder creation is not
always automatic in the LSP and running an explicit cache command is
necessary. The code required to track checksums in the LSP would have
been too complex for this PR, so that all goes through deno_graph now.
The vendoring is still automatic when running from the CLI.
Diffstat (limited to 'tests/testdata')
4 files changed, 20 insertions, 1 deletions
diff --git a/tests/testdata/jsr/registry/@denotest/bad-manifest-checksum/1.0.0/mod.ts b/tests/testdata/jsr/registry/@denotest/bad-manifest-checksum/1.0.0/mod.ts new file mode 100644 index 000000000..8d9b8a22a --- /dev/null +++ b/tests/testdata/jsr/registry/@denotest/bad-manifest-checksum/1.0.0/mod.ts @@ -0,0 +1,3 @@ +export function add(a: number, b: number): number { + return a + b; +} diff --git a/tests/testdata/jsr/registry/@denotest/bad-manifest-checksum/1.0.0_meta.json b/tests/testdata/jsr/registry/@denotest/bad-manifest-checksum/1.0.0_meta.json new file mode 100644 index 000000000..8ef8ab3c3 --- /dev/null +++ b/tests/testdata/jsr/registry/@denotest/bad-manifest-checksum/1.0.0_meta.json @@ -0,0 +1,11 @@ +{ + "exports": { + ".": "./mod.ts" + }, + "manifest": { + "/mod.ts": { + "size": 0, + "checksum": "sha256-bad-checksum" + } + } +} diff --git a/tests/testdata/jsr/registry/@denotest/bad-manifest-checksum/meta.json b/tests/testdata/jsr/registry/@denotest/bad-manifest-checksum/meta.json new file mode 100644 index 000000000..02601e4d0 --- /dev/null +++ b/tests/testdata/jsr/registry/@denotest/bad-manifest-checksum/meta.json @@ -0,0 +1,5 @@ +{ + "versions": { + "1.0.0": {} + } +} diff --git a/tests/testdata/npm/lock_file/main.out b/tests/testdata/npm/lock_file/main.out index 65e881be6..dead1a623 100644 --- a/tests/testdata/npm/lock_file/main.out +++ b/tests/testdata/npm/lock_file/main.out @@ -1,5 +1,5 @@ Download [WILDCARD] -error: Integrity check failed for npm package: "@babel/parser@7.19.0". Unable to verify that the package +error: Integrity check failed for package: "npm:@babel/parser@7.19.0". Unable to verify that the package is the same as when the lockfile was generated. Actual: sha512-74bEXKX2h+8rrfQUfsBfuZZHzsEs6Eql4pqy/T4Nn6Y9wNPggQOqD6z6pn5Bl8ZfysKouFZT/UXEH94ummEeQw== |