cacache
Advanced tools
Changelog
13.0.0 (2019-09-25)
⚠ BREAKING CHANGES
- This subtly changes the streaming interface of everything in cacache that streams, which is, well, everything in cacache. Most users will probably not notice, but any code that depended on stream behavior always being deferred until next tick will need to adjust.
The mississippi methods 'to', 'from', 'through', and so on, have been replaced with their Minipass counterparts, and streaming interaction with the file system is done via fs-minipass.
The following modules are of interest here:
-
minipass The core stream library.
-
fs-minipass Note that the 'WriteStream' class from fs-minipass is not a Minipass stream, but rather a plain old EventEmitter that duck types as a Writable.
-
minipass-collect Gather up all the data from a stream. Cacache only uses Collect.PassThrough, which is a basic Minipass passthrough stream which emits a 'collect' event with the completed data just before the 'end' event.
-
minipass-pipeline Connect one or more streams into a pipe chain. Errors anywhere in the pipeline are proxied down the chain and then up to the Pipeline object itself. Writes go into the head, reads go to the tail. Used in place of pump() and pumpify().
-
minipass-flush A Minipass passthrough stream that defers its 'end' event until after a flush() method has completed (either calling the supplied callback, or returning a promise.) Use in place of flush-write-stream (aka mississippi.to).
Streams from through2, concat-stream, and the behavior provided by end-of-stream are all implemented in Minipass itself.
Features of interest to cacache, which make Minipass a particularly good fit:
- All of the 'endish' events are normalized, so we can just listen on 'end' and know that finish, prefinish, and close will be handled as well.
- Minipass doesn't waste time containing zalgo.
- Minipass has built-in support for promises that indicate the end or error: stream.promise(), stream.collect(), and stream.concat().
- With reliable and consistent timing guarantees, much less error-checking logic is required. We can be more confident that an error is being thrown or emitted in the correct place, rather than in a callback which is deferred, resulting in a hung promise or uncaughtException.
The biggest downside of Minipass is that it lacks some of the internal characteristics of node-core streams, which many community modules use to identify streams. They have no _writableState or _readableState objects, or _read or _write methods. As a result, the is-stream module (at least, at the time of this commit) doesn't recognize Minipass streams as readable or writable streams.
All in all, the changes required of downstream users should be minimal, but are unlikely to be zero. Hence the semver major change.
Features
- replace all streams with Minipass streams (f4c0962)
- deps: Add minipass and minipass-pipeline (a6545a9)
- promise: converted .resolve to native promise, converted .map and .reduce to native (220c56d)
- promise: individually promisifing functions as needed (74b939e)
- promise: moved .reject from bluebird to native promise (1d56da1)
- promise: removed .fromNode, removed .join (9c457a0)
- promise: removed .map, replaced with p-map. removed .try (cc3ee05)
- promise: removed .tap (0260f12)
- promise: removed .using/.disposer (5d832f3)
- promise: removed bluebird (c21298c)
- promise: removed bluebird specific .catch calls (28aeeac)
- promise: replaced .reduce and .mapSeries (478f5cb)
Changelog
12.0.1 (2019-07-19)
- deps Abstracted out
lib/util/infer-owner.jsto @npmcli/infer-owner so that it could be more easily used in other parts of the npm CLI.
Changelog
12.0.0 (2019-07-15)
Features
BREAKING CHANGES
- the uid gid options are no longer respected or necessary. As of this change, cacache will always match the cache contents to the ownership of the cache directory (or its parent directory), regardless of what the caller passes in.
Reasoning:
The number one reason to use a uid or gid option was to keep root-owned files from causing problems in the cache. In npm's case, this meant that CLI's ./lib/command.js had to work out the appropriate uid and gid, then pass it to the libnpmcommand module, which had to in turn pass the uid and gid to npm-registry-fetch, which then passed it to make-fetch-happen, which passed it to cacache. (For package fetching, pacote would be in that mix as well.)
Added to that, cacache.rm() will actually write a file into the
cache index, but has no way to accept an option so that its call to
entry-index.js will write the index with the appropriate uid/gid.
Little ownership bugs were all over the place, and tricky to trace
through. (Why should make-fetch-happen even care about accepting or
passing uids and gids? It's an http library.)
This change allows us to keep the cache from having mixed ownership in any situation.
Of course, this does mean that if you have a root-owned but
user-writable folder (for example, /tmp), then the cache will try to
chown everything to root.
The solution is for the user to create a folder, make it user-owned, and use that, rather than relying on cacache to create the root cache folder.
If we decide to restore the uid/gid opts, and use ownership inference only when uid/gid are unset, then take care to also make rm take an option object, and pass it through to entry-index.js.