Comments (3)
I'd be hesitant to have the scope of shrinkpack
creep too far I think @5id. I think there could be a case though for someone taking these ideas and making a general purpose shrinkwrap verification tool, which isn't coupled to shrinkpack
.
from shrinkpack.
@JamieMason just fyi, I investigated how hard it would be to do this. Fortunately, all remote packages already have a shasum that gets returned in the package json so all we need to do is calculate the sha of the file.
NPM does appear to do a shasum check against the tar when it installs a package - when using shrinkwrap it doesn't seem to do the same check. At least, I replaced one tar with another one and it still said it installed.
The commit in question is over here: https://github.com/5id/shrinkverify/commit/38a0ebce3f3ce2c507bddc3c3bf0d59052655d54
If it's a bit out of scope for this package, I may look at furthering this myself as currently we can't be 100% confidence that the files we have are the same as the files that we would get if we downloaded remotely.
The way I'm planning to use this is something like:
- Pull repo onto CD with node_shrinkpack
- Re-run shrinkpack (or new tool) to verify packages are properly set/correct
- Copy the node_shrinkpack across to a docker image, publish that to a private repo
from shrinkpack.
I'm away now until the weekend but I'll have a think whether to add this. I need to understand it better which your last comment will help with when I get back.
from shrinkpack.
Related Issues (20)
- npm install fails after clone with some dependencies HOT 4
- shrinkpack 'is not recognized....' on Windows 10 HOT 3
- --compress flag issues on Windows HOT 6
- Update node & npm versions used in CI HOT 1
- Add support for npm5 HOT 86
- Handle local (file:) dependencies HOT 3
- after upgrate to ionic 3.. npm install failed, I cant create new app HOT 5
- Can't run shrinkpack after upgrading from npm v4.6.1 to v5.0.3 HOT 2
- NPM5 – npm ERR! aggregate error HOT 6
- UnhandledPromiseRejectionWarning: Unhandled promise rejection HOT 7
- Add Monorepo support
- Reference useful npm documentation in readme
- Add guides/recipes HOT 7
- Task: Ensure paths are always / in package lock
- npm 6 support (removed the `npm cache ls`) HOT 1
- Error: ! failed to read contents of npm cache HOT 1
- Integrities are concatenated HOT 5
- failed to read contents of npm cache
- A package+version tarball can be insufficient if platform libraries are needed HOT 2
- { "scripts": { "precompress": "{{ executes BEFORE the `compress` script }}", "compress": "{{ run command to compress files }}", "postcompress": "{{ executes AFTER `compress` script }}" } }
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from shrinkpack.