pacote
Advanced tools
Comparing version 17.0.4 to 17.0.5
@@ -17,2 +17,6 @@ const Fetcher = require('./fetcher.js') | ||
// Some really old packages have no time field in their packument so we need a | ||
// cutoff date. | ||
const MISSING_TIME_CUTOFF = '2015-01-01T00:00:00.000Z' | ||
const fetch = require('npm-registry-fetch') | ||
@@ -119,2 +123,9 @@ | ||
// When verifying signatures, we need to fetch the full/uncompressed | ||
// packument to get publish time as this is not included in the | ||
// corgi/compressed packument. | ||
if (this.opts.verifySignatures) { | ||
this.fullMetadata = true | ||
} | ||
const packument = await this.packument() | ||
@@ -129,2 +140,8 @@ let mani = await pickManifest(packument, this.spec.fetchSpec, { | ||
// add _time from packument if fetched with fullMetadata | ||
const time = packument.time?.[mani.version] | ||
if (time) { | ||
mani._time = time | ||
} | ||
// add _resolved and _integrity from dist object | ||
@@ -177,4 +194,6 @@ const { dist } = mani | ||
} | ||
const validPublicKey = | ||
!publicKey.expires || (Date.parse(publicKey.expires) > Date.now()) | ||
const publishedTime = Date.parse(mani._time || MISSING_TIME_CUTOFF) | ||
const validPublicKey = !publicKey.expires || | ||
publishedTime < Date.parse(publicKey.expires) | ||
if (!validPublicKey) { | ||
@@ -261,4 +280,9 @@ throw Object.assign(new Error( | ||
const validPublicKey = | ||
!publicKey.expires || (Date.parse(publicKey.expires) > Date.now()) | ||
const integratedTime = new Date( | ||
Number( | ||
bundle.verificationMaterial.tlogEntries[0].integratedTime | ||
) * 1000 | ||
) | ||
const validPublicKey = !publicKey.expires || | ||
(integratedTime < Date.parse(publicKey.expires)) | ||
if (!validPublicKey) { | ||
@@ -265,0 +289,0 @@ throw Object.assign(new Error( |
{ | ||
"name": "pacote", | ||
"version": "17.0.4", | ||
"version": "17.0.5", | ||
"description": "JavaScript package downloader", | ||
@@ -28,5 +28,5 @@ "author": "GitHub Inc.", | ||
"devDependencies": { | ||
"@npmcli/arborist": "^6.0.0 || ^6.0.0-pre.0", | ||
"@npmcli/arborist": "^7.1.0", | ||
"@npmcli/eslint-config": "^4.0.0", | ||
"@npmcli/template-oss": "4.18.0", | ||
"@npmcli/template-oss": "4.19.0", | ||
"hosted-git-info": "^7.0.0", | ||
@@ -76,9 +76,3 @@ "mutate-fs": "^2.1.1", | ||
"//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.", | ||
"ciVersions": [ | ||
"16.14.0", | ||
"16.x", | ||
"18.0.0", | ||
"18.x" | ||
], | ||
"version": "4.18.0", | ||
"version": "4.19.0", | ||
"windowsCI": false, | ||
@@ -85,0 +79,0 @@ "publish": "true" |
74781
1585