Skip to content
This repository has been archived by the owner on Aug 11, 2021. It is now read-only.

feat(integrity): add integrity field to publish #157

Merged
merged 1 commit into from
Apr 27, 2017
Merged

feat(integrity): add integrity field to publish #157

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 8 additions & 2 deletions lib/publish.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,11 +2,11 @@ module.exports = publish

var url = require('url')
var semver = require('semver')
var crypto = require('crypto')
var Stream = require('stream').Stream
var assert = require('assert')
var fixer = require('normalize-package-data').fixer
var concat = require('concat-stream')
var ssri = require('ssri')

function escaped (name) {
return name.replace('/', '%2f')
Expand Down Expand Up @@ -84,10 +84,16 @@ function putFirst (registry, data, tarbuffer, access, auth, cb) {

var tbName = data.name + '-' + data.version + '.tgz'
var tbURI = data.name + '/-/' + tbName
var integrity = ssri.fromData(tarbuffer, {
algorithms: ['sha1', 'sha512']
})

data._id = data.name + '@' + data.version
data.dist = data.dist || {}
data.dist.shasum = crypto.createHash('sha1').update(tarbuffer).digest('hex')
// Don't bother having sha1 in the actual integrity field
data.dist.integrity = integrity['sha512'][0].toString()
// Legacy shasum support
data.dist.shasum = integrity['sha1'][0].hexDigest()
data.dist.tarball = url.resolve(registry, tbURI)
.replace(/^https:\/\//, 'http://')

Expand Down
3 changes: 2 additions & 1 deletion package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,8 @@
"request": "^2.74.0",
"retry": "^0.10.0",
"semver": "2 >=2.2.1 || 3.x || 4 || 5",
"slide": "^1.1.3"
"slide": "^1.1.3",
"ssri": "^4.1.2"
},
"devDependencies": {
"negotiator": "^0.6.1",
Expand Down
19 changes: 17 additions & 2 deletions test/publish.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,9 @@
var test = require('tap').test
'use strict'

var crypto = require('crypto')
var test = require('tap').test
var fs = require('fs')
var ssri = require('ssri')

var server = require('./lib/server.js')
var common = require('./lib/common.js')
Expand Down Expand Up @@ -187,7 +190,19 @@ test('publish', function (t) {
t.same(att.data, pd.toString('base64'))

var hash = crypto.createHash('sha1').update(pd).digest('hex')
t.equal(o.versions[METADATA.version].dist.shasum, hash)
var integrity = ssri.fromData(pd, {
algorithms: ['sha512']
})
t.equal(
o.versions[METADATA.version].dist.shasum,
hash,
'shasum is the same as generated originally by crypto module'
)
t.equal(
o.versions[METADATA.version].dist.integrity,
integrity.toString(),
'integrity field is a valid SRI string'
)

res.statusCode = 201
res.json({ created: true })
Expand Down