Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
  • Loading branch information
wraithgar committed Jun 19, 2023
1 parent 0cb539d commit 8710ff8
Show file tree
Hide file tree
Showing 6 changed files with 16 additions and 9 deletions.
3 changes: 2 additions & 1 deletion node_modules/pacote/lib/fetcher.js
Original file line number Diff line number Diff line change
Expand Up @@ -61,7 +61,8 @@ class FetcherBase {
// by adding/modifying the integrity value.
this.opts = { ...opts }

this.cache = opts.cache || cacheDir()
this.cache = opts.cache || cacheDir().cacache
this.tufCache = opts.tufCache || cacheDir().tufcache
this.resolved = opts.resolved || null

// default to caching/verifying with sha512, that's what we usually have
Expand Down
5 changes: 4 additions & 1 deletion node_modules/pacote/lib/registry.js
Original file line number Diff line number Diff line change
Expand Up @@ -295,7 +295,10 @@ class RegistryFetcher extends Fetcher {
//
// Publish attestations are signed with a keyid so we need to
// specify a public key from the keys endpoint: `registry-host.tld/-/npm/v1/keys`
const options = { keySelector: publicKey ? () => publicKey.pemkey : undefined }
const options = {
tufCachePath: this.tufCache,
keySelector: publicKey ? () => publicKey.pemkey : undefined,
}
await sigstore.verify(bundle, null, options)
} catch (e) {
throw Object.assign(new Error(
Expand Down
5 changes: 4 additions & 1 deletion node_modules/pacote/lib/util/cache-dir.js
Original file line number Diff line number Diff line change
Expand Up @@ -8,5 +8,8 @@ module.exports = (fakePlatform = false) => {
const platform = fakePlatform || process.platform
const cacheExtra = platform === 'win32' ? 'npm-cache' : '.npm'
const cacheRoot = (platform === 'win32' && process.env.LOCALAPPDATA) || home
return resolve(cacheRoot, cacheExtra, '_cacache')
return {
cacache: resolve(cacheRoot, cacheExtra, '_cacache'),
tufcache: resolve(cacheRoot, cacheExtra, '_tuf'),
}
}
2 changes: 1 addition & 1 deletion node_modules/pacote/package.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "pacote",
"version": "15.1.3",
"version": "15.2.0",
"description": "JavaScript package downloader",
"author": "GitHub Inc.",
"bin": {
Expand Down
8 changes: 4 additions & 4 deletions package-lock.json
Original file line number Diff line number Diff line change
Expand Up @@ -134,7 +134,7 @@
"npm-user-validate": "^2.0.0",
"npmlog": "^7.0.1",
"p-map": "^4.0.0",
"pacote": "^15.1.3",
"pacote": "^15.2.0",
"parse-conflict-json": "^3.0.1",
"proc-log": "^3.0.0",
"qrcode-terminal": "^0.12.0",
Expand Down Expand Up @@ -10098,9 +10098,9 @@
}
},
"node_modules/pacote": {
"version": "15.1.3",
"resolved": "https://registry.npmjs.org/pacote/-/pacote-15.1.3.tgz",
"integrity": "sha512-aRts8cZqxiJVDitmAh+3z+FxuO3tLNWEmwDRPEpDDiZJaRz06clP4XX112ynMT5uF0QNoMPajBBHnaStUEPJXA==",
"version": "15.2.0",
"resolved": "https://registry.npmjs.org/pacote/-/pacote-15.2.0.tgz",
"integrity": "sha512-rJVZeIwHTUta23sIZgEIM62WYwbmGbThdbnkt81ravBplQv+HjyroqnLRNH2+sLJHcGZmLRmhPwACqhfTcOmnA==",
"inBundle": true,
"dependencies": {
"@npmcli/git": "^4.0.0",
Expand Down
2 changes: 1 addition & 1 deletion package.json
Original file line number Diff line number Diff line change
Expand Up @@ -101,7 +101,7 @@
"npm-user-validate": "^2.0.0",
"npmlog": "^7.0.1",
"p-map": "^4.0.0",
"pacote": "^15.1.3",
"pacote": "^15.2.0",
"parse-conflict-json": "^3.0.1",
"proc-log": "^3.0.0",
"qrcode-terminal": "^0.12.0",
Expand Down

0 comments on commit 8710ff8

Please sign in to comment.