Skip to content
This repository has been archived by the owner on Aug 11, 2021. It is now read-only.

Commit

Permalink
feat(integrity): add integrity field to publish (#157)
Browse files Browse the repository at this point in the history
  • Loading branch information
@zkat
zkat authored Apr 27, 2017
1 parent 53c15d9 commit 690d62c
Show file tree
Hide file tree
Showing 3 changed files with 27 additions and 5 deletions.
10 changes: 8 additions & 2 deletions lib/publish.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,11 +2,11 @@ module.exports = publish

var url = require('url')
var semver = require('semver')
var crypto = require('crypto')
var Stream = require('stream').Stream
var assert = require('assert')
var fixer = require('normalize-package-data').fixer
var concat = require('concat-stream')
var ssri = require('ssri')

function escaped (name) {
return name.replace('/', '%2f')
Expand Down Expand Up @@ -84,10 +84,16 @@ function putFirst (registry, data, tarbuffer, access, auth, cb) {

var tbName = data.name + '-' + data.version + '.tgz'
var tbURI = data.name + '/-/' + tbName
var integrity = ssri.fromData(tarbuffer, {
algorithms: ['sha1', 'sha512']
})

data._id = data.name + '@' + data.version
data.dist = data.dist || {}
data.dist.shasum = crypto.createHash('sha1').update(tarbuffer).digest('hex')
// Don't bother having sha1 in the actual integrity field
data.dist.integrity = integrity['sha512'][0].toString()
// Legacy shasum support
data.dist.shasum = integrity['sha1'][0].hexDigest()
data.dist.tarball = url.resolve(registry, tbURI)
.replace(/^https:\/\//, 'http://')

Expand Down
3 changes: 2 additions & 1 deletion package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,8 @@
"request": "^2.74.0",
"retry": "^0.10.0",
"semver": "2 >=2.2.1 || 3.x || 4 || 5",
"slide": "^1.1.3"
"slide": "^1.1.3",
"ssri": "^4.1.2"
},
"devDependencies": {
"negotiator": "^0.6.1",
Expand Down
19 changes: 17 additions & 2 deletions test/publish.js
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,9 @@
var test = require('tap').test
'use strict'

var crypto = require('crypto')
var test = require('tap').test
var fs = require('fs')
var ssri = require('ssri')

var server = require('./lib/server.js')
var common = require('./lib/common.js')
Expand Down Expand Up @@ -187,7 +190,19 @@ test('publish', function (t) {
t.same(att.data, pd.toString('base64'))

var hash = crypto.createHash('sha1').update(pd).digest('hex')
t.equal(o.versions[METADATA.version].dist.shasum, hash)
var integrity = ssri.fromData(pd, {
algorithms: ['sha512']
})
t.equal(
o.versions[METADATA.version].dist.shasum,
hash,
'shasum is the same as generated originally by crypto module'
)
t.equal(
o.versions[METADATA.version].dist.integrity,
integrity.toString(),
'integrity field is a valid SRI string'
)

res.statusCode = 201
res.json({ created: true })
Expand Down

0 comments on commit 690d62c

Please sign in to comment.