Comments (15)
Just a side note. When switching to another caching algorithm the current cache will be stale. Should we do something about that or just leave it be? Does this mean a new major version?
from prebuild-install.
@pfitzseb What's the command I need to issue in order to reproduce this?
from prebuild-install.
In theory you should be able to reproduce with npm install node-pty-prebuilt
or something like that.
However, I haven't been able to reproduce this in any way -- it seems like a very spurious issue.
from prebuild-install.
I tried using node v9.11.1
(no prebuilts for node 10 have been made) and get this output
npm i --verbose
:
prebuild-install info begin Prebuild-install version 2.5.3
prebuild-install info looking for local prebuild @ prebuilds/node-pty-prebuilt-v0.7.3-node-v59-linux-x64.tar.gz
prebuild-install info looking for cached prebuild @ /home/lms/.npm/_prebuilds/https-github.com-daviwil-node-pty-prebuilt-releases-download-v0.7.3-node-pty-prebuilt-v0.7.3-node-v59-linux-x64.tar.gz
prebuild-install info found cached prebuild
prebuild-install info unpacking @ /home/lms/.npm/_prebuilds/https-github.com-daviwil-node-pty-prebuilt-releases-download-v0.7.3-node-pty-prebuilt-v0.7.3-node-v59-linux-x64.tar.gz
prebuild-install info unpack resolved to /home/lms/tmp/node-pty-test/node_modules/node-pty-prebuilt/build/Release/pty.node
prebuild-install info unpack required /home/lms/tmp/node-pty-test/node_modules/node-pty-prebuilt/build/Release/pty.node successfully
prebuild-install info install Successfully installed prebuilt binary!
So it seems to be working fine (on linux at least).
@pfitzseb Have you tried reproducing on windows?
from prebuild-install.
Just some background; prebuild-install
caches all prebuilts in ~/.npm/_prebuilds
and takes the URL and converts it to a proper file name, so
https://github.com/daviwil/node-pty-prebuilt/releases/download/v0.7.3/node-pty-prebuilt-v0.7.3-node-v59-linux-x64.tar.gz
becomes
https-github.com-daviwil-node-pty-prebuilt-releases-download-v0.7.3-node-pty-prebuilt-v0.7.3-node-v59-linux-x64.tar.gz
In theory we could try to be a little smarter here, if we really need to shorten the file name. Currently we're just replacing invalid characters with '-'
.
from prebuild-install.
I tried to reproduce this as well, but was not able to. I think more interesting is the OS/Filesystem. At least it is no prebuild-install
issue, but as @ralphtheninja said maybe we could be a bit smarter in naming IF long paths are the reason.
from prebuild-install.
So apparently there's a 143 byte filename limit on encrypted Ubuntu filesystems, as @nwschurink found out.
Would you accept a PR for making the filename a (MD5?) hash of the URL or something similar that ensures a fixed size filename (much) shorter than 140 chars?
from prebuild-install.
Would you accept a PR for making the filename a (MD5?) hash of the URL or something similar that ensures a fixed size filename (much) shorter than 140 chars?
Def. If you want to hack something up for discussion.
from prebuild-install.
-1 on hashing as it would make the files hard to identify for humans. How about something like:
/home/user/.npm/_prebuilds/daviwil-node-pty-v0.7.3-node-v59-linux-x64.tar.gz
(76 chars)
Not sure how'd it work with custom binaries though.
from prebuild-install.
@vweevers Agree on the downside of hashing. The file name in itself should be good enough imo.
from prebuild-install.
-1 on hashing as well for the same reasons. What about reducing the file name and append the reduced information to the path instead? So we utilize the PATH_MAX which seems to be always higher or at least equal than NAME_MAX.
from prebuild-install.
What about reducing the file name and append the reduced information to the path instead?
That could work, if we really need that reduced information.
from prebuild-install.
If you switch to a mirror, should the filename (or path) change?
from prebuild-install.
Current:
~/.npm/_prebuilds/https-github.com-daviwil-node-pty-prebuilt-releases-download-v0.7.3-node-pty-prebuilt-v0.7.3-node-v59-linux-x64.tar.gz
-
Option 1 (what @mathiask88 suggests, if I understand correctly):
~/.npm/_prebuilds/https-github.com/daviwil/node-pty-prebuilt/releases/download/v0.7.3/node-pty-prebuilt-v0.7.3-node-v59-linux-x64.tar.gz
-
Option 2 (prefixed partial checksum):
~/.npm/_prebuilds/71a2427262-node-pty-prebuilt-v0.7.3-node-v59-linux-x64.tar.gz
where71a2427262
are the first 10 chars of the download URL checksum. -
Option 3 (checksum only):
~/.npm/_prebuilds/71a242726206b5e537d3a82de5e16791.tar.gz
Option 3 is probably out of the question for the reasons listed above. I kinda like Option 2 since it doesn't create so many directories (at the cost of some info though).
from prebuild-install.
Fix released in 4.0.0
from prebuild-install.
Related Issues (20)
- Resolve vulnerabilities in dependencies (npmlog>gauge>ansi-regex) HOT 4
- Remove `rc` dependency HOT 2
- Version bump of `npmlog` HOT 1
- Resolve CVE-2022-0355 by upgrading to simple-get 4.0.1+ HOT 1
- Update simple-get to 4.0.1 HOT 1
- Resolve vulnerability in dependencies (simple-get < 4.0.1) HOT 1
- Please update simple-get dependency to resolve security issue. HOT 1
- npm_config_* variables are not available in npm v7+ which breaks prebuild platform overrides HOT 3
- prebuild-install can't install node-canvas prebuild HOT 1
- CVE-2021-44906: Minimist <=1.2.5 is vulnerable to Prototype Pollution HOT 2
- Can't install package in private network HOT 4
- How to disable enforced compilation? HOT 1
- Mirroring with custom host much harder compared with node-pre-gyp
- [CVE-2022-0355] Exposure of Sensitive Information to an Unauthorized Actor in NPM simple-get prior to 4.0.1 HOT 5
- Expired certificate HOT 2
- prebuild-install not found HOT 2
- prebuild-install WARN install No prebuilt binaries found HOT 1
- Critical CVE reported in latest ([email protected]) HOT 2
- prebuild-install will mutate the contents of an hard-linked `.node` file
- why doesn't it honor NPM_CONFIG_CACHE? HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from prebuild-install.