Giters

zkat / cacache

💩💵 but for your data. If you've got the hash, we've got the cache ™ (moved)

Home Page:https://github.com/npm/cacache

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Missing figgy-pudding field results in Unhandled rejection error

matteson opened this issue · comments

commented

Issue:
TL;DR - when using npm ci with a package-lock that has the wrong integrity hash for a local tarball, npm errors due to a missing option in cacache (error: {}). Adding this option to put.js causes another issue that I've been unable to diagnose.

Details:

I have a library that when packaged as part of a travis build has a different integrity hash. When travis runs npm ci with the offending package-lock.json, I get the following error:

Unhandled rejection Error: invalid config key requested: error
    at pudGet (/Users/andrewmatteson/.npm-global/lib/node_modules/npm/node_modules/figgy-pudding/index.js:31:11)
    at FiggyPudding.get (/Users/andrewmatteson/.npm-global/lib/node_modules/npm/node_modules/figgy-pudding/index.js:13:12)
    at Object.get (/Users/andrewmatteson/.npm-global/lib/node_modules/npm/node_modules/figgy-pudding/index.js:71:16)
    at Object.checkData (/Users/andrewmatteson/.npm-global/lib/node_modules/npm/node_modules/ssri/index.js:232:22)
    at write (/Users/andrewmatteson/.npm-global/lib/node_modules/npm/node_modules/cacache/lib/content/write.js:34:31)
    at putData (/Users/andrewmatteson/.npm-global/lib/node_modules/npm/node_modules/cacache/put.js:29:10)
...

The options supplied in put.js seem to be missing a line:

error: {}

This changes the error to something intelligible:

Unhandled rejection Error: Integrity check failed
...

Which is way more useful in diagnosing the failure.

I'd make a pull request for this; however, npm ci still hangs at some point and I can't diagnose that issue. I hang at: ⸨ ⸩ ⠇ extractTree: sill extractTree source-map@0.6.1 -> ...

Repro:

  • Make a tarball of a package.
  • Make a package-lock in a different project that installs the local tarball.
  • Change and recompile the first package.
  • Clear the npm cache
  • Run npm ci

System Details:

npm --version 
6.4.0

Let me know if I've missed anything.

commented

I've published ssri@6.0.1, which will be included in the next npm release (post-6.4.1). Having ssri use figgy-pudding itself will resolve this issue entirely.

commented

Thanks!