diff options
Diffstat (limited to 'deps/npm/lib/install/read-shrinkwrap.js')
-rw-r--r-- | deps/npm/lib/install/read-shrinkwrap.js | 70 |
1 files changed, 52 insertions, 18 deletions
diff --git a/deps/npm/lib/install/read-shrinkwrap.js b/deps/npm/lib/install/read-shrinkwrap.js index 3453e3192f..913c303482 100644 --- a/deps/npm/lib/install/read-shrinkwrap.js +++ b/deps/npm/lib/install/read-shrinkwrap.js @@ -1,25 +1,59 @@ 'use strict' -var path = require('path') -var fs = require('graceful-fs') -var iferr = require('iferr') -var inflateShrinkwrap = require('./inflate-shrinkwrap.js') -var parseJSON = require('../utils/parse-json.js') -var readShrinkwrap = module.exports = function (child, next) { +const BB = require('bluebird') + +const fs = require('graceful-fs') +const iferr = require('iferr') +const inflateShrinkwrap = require('./inflate-shrinkwrap.js') +const log = require('npmlog') +const parseJSON = require('../utils/parse-json.js') +const path = require('path') +const PKGLOCK_VERSION = require('../npm.js').lockfileVersion +const pkgSri = require('../utils/package-integrity.js') + +const readFileAsync = BB.promisify(fs.readFile) + +module.exports = readShrinkwrap +function readShrinkwrap (child, next) { if (child.package._shrinkwrap) return process.nextTick(next) - fs.readFile(path.join(child.path, 'npm-shrinkwrap.json'), function (er, data) { - if (er) { - child.package._shrinkwrap = null - return next() + BB.join( + maybeReadFile('npm-shrinkwrap.json', child), + // Don't read non-root lockfiles + child.isTop && maybeReadFile('package-lock.json', child), + child.isTop && maybeReadFile('package.json', child), + (shrinkwrap, lockfile, pkgJson) => { + if (shrinkwrap && lockfile) { + log.warn('read-shrinkwrap', 'Ignoring package-lock.json because there is already an npm-shrinkwrap.json. Please use only one of the two.') + } + const name = shrinkwrap ? 'npm-shrinkwrap.json' : 'package-lock.json' + let parsed = null + if (shrinkwrap || lockfile) { + try { + parsed = parseJSON(shrinkwrap || lockfile) + } catch (ex) { + throw ex + } + } + if ( + pkgJson && + parsed && + parsed.packageIntegrity && + !pkgSri.check(JSON.parse(pkgJson), parsed.packageIntegrity) + ) { + log.info('read-shrinkwrap', `${name} will be updated because package.json does not match what it was generated against.`) + } + if (parsed && parsed.lockfileVersion !== PKGLOCK_VERSION) { + log.warn('read-shrinkwrap', `This version of npm is compatible with lockfileVersion@${PKGLOCK_VERSION}, but ${name} was generated for lockfileVersion@${parsed.lockfileVersion || 0}. I'll try to do my best with it!`) + } + child.package._shrinkwrap = parsed } - try { - child.package._shrinkwrap = parseJSON(data) - } catch (ex) { - child.package._shrinkwrap = null - return next(ex) - } - return next() - }) + ).then(() => next(), next) +} + +function maybeReadFile (name, child) { + return readFileAsync( + path.join(child.path, name) + ).catch({code: 'ENOENT'}, () => null) } module.exports.andInflate = function (child, next) { |