-
Notifications
You must be signed in to change notification settings - Fork 198
/
Copy pathcorepackUtils.ts
447 lines (388 loc) · 15.6 KB
/
corepackUtils.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
import {createHash} from 'crypto';
import {once} from 'events';
import fs from 'fs';
import type {Dir} from 'fs';
import Module from 'module';
import path from 'path';
import Range from 'semver/classes/range';
import SemVer from 'semver/classes/semver';
import semverLt from 'semver/functions/lt';
import semverParse from 'semver/functions/parse';
import {setTimeout as setTimeoutPromise} from 'timers/promises';
import * as engine from './Engine';
import * as debugUtils from './debugUtils';
import * as folderUtils from './folderUtils';
import * as httpUtils from './httpUtils';
import * as nodeUtils from './nodeUtils';
import * as npmRegistryUtils from './npmRegistryUtils';
import {RegistrySpec, Descriptor, Locator, PackageManagerSpec} from './types';
import {BinList, BinSpec, InstallSpec, DownloadSpec} from './types';
export function getRegistryFromPackageManagerSpec(spec: PackageManagerSpec) {
return process.env.COREPACK_NPM_REGISTRY
? spec.npmRegistry ?? spec.registry
: spec.registry;
}
export async function fetchLatestStableVersion(spec: RegistrySpec): Promise<string> {
switch (spec.type) {
case `npm`: {
return await npmRegistryUtils.fetchLatestStableVersion(spec.package);
}
case `url`: {
const data = await httpUtils.fetchAsJson(spec.url);
return data[spec.fields.tags].stable;
}
default: {
throw new Error(`Unsupported specification ${JSON.stringify(spec)}`);
}
}
}
export async function fetchAvailableTags(spec: RegistrySpec): Promise<Record<string, string>> {
switch (spec.type) {
case `npm`: {
return await npmRegistryUtils.fetchAvailableTags(spec.package);
}
case `url`: {
const data = await httpUtils.fetchAsJson(spec.url);
return data[spec.fields.tags];
}
default: {
throw new Error(`Unsupported specification ${JSON.stringify(spec)}`);
}
}
}
export async function fetchAvailableVersions(spec: RegistrySpec): Promise<Array<string>> {
switch (spec.type) {
case `npm`: {
return await npmRegistryUtils.fetchAvailableVersions(spec.package);
}
case `url`: {
const data = await httpUtils.fetchAsJson(spec.url);
const field = data[spec.fields.versions];
return Array.isArray(field) ? field : Object.keys(field);
}
default: {
throw new Error(`Unsupported specification ${JSON.stringify(spec)}`);
}
}
}
export async function findInstalledVersion(installTarget: string, descriptor: Descriptor) {
const installFolder = path.join(installTarget, descriptor.name);
let cacheDirectory: Dir;
try {
cacheDirectory = await fs.promises.opendir(installFolder);
} catch (error) {
if ((error as nodeUtils.NodeError).code === `ENOENT`) {
return null;
} else {
throw error;
}
}
const range = new Range(descriptor.range);
let bestMatch: string | null = null;
let maxSV: SemVer | undefined = undefined;
for await (const {name} of cacheDirectory) {
// Some dot-folders tend to pop inside directories, especially on OSX
if (name.startsWith(`.`))
continue;
// If the dirname correspond to an in-range version and is not lower than
// the previous best match (or if there is not yet a previous best match),
// it's our new best match.
// @ts-expect-error TODO: decipher why this produces an error
if (range.test(name) && maxSV?.compare(name) !== 1) {
bestMatch = name;
maxSV = new SemVer(bestMatch);
}
}
return bestMatch;
}
export function isSupportedPackageManagerDescriptor(descriptor: Descriptor) {
return !URL.canParse(descriptor.range);
}
export function isSupportedPackageManagerLocator(locator: Locator) {
return !URL.canParse(locator.reference);
}
function parseURLReference(locator: Locator) {
const {hash, href} = new URL(locator.reference);
if (hash) {
return {
version: encodeURIComponent(href.slice(0, -hash.length)),
build: hash.slice(1).split(`.`),
};
}
return {version: encodeURIComponent(href), build: []};
}
function isValidBinList(x: unknown): x is BinList {
return Array.isArray(x) && x.length > 0;
}
function isValidBinSpec(x: unknown): x is BinSpec {
return typeof x === `object` && x !== null && !Array.isArray(x) && Object.keys(x).length > 0;
}
async function download(installTarget: string, url: string, algo: string, binPath: string | null = null): Promise<DownloadSpec> {
// Creating a temporary folder inside the install folder means that we
// are sure it'll be in the same drive as the destination, so we can
// just move it there atomically once we are done
const tmpFolder = folderUtils.getTemporaryFolder(installTarget);
debugUtils.log(`Downloading to ${tmpFolder}`);
const stream = await httpUtils.fetchUrlStream(url);
const parsedUrl = new URL(url);
const ext = path.posix.extname(parsedUrl.pathname);
let outputFile: string | null = null;
let sendTo: any;
if (ext === `.tgz`) {
const {extract: tarX} = await import(`tar/extract`);
sendTo = tarX({
strip: 1,
cwd: tmpFolder,
filter: binPath ? path => {
const pos = path.indexOf(`/`);
return pos !== -1 && path.slice(pos + 1) === binPath;
} : undefined,
});
} else if (ext === `.js`) {
outputFile = path.join(tmpFolder, path.posix.basename(parsedUrl.pathname));
sendTo = fs.createWriteStream(outputFile);
}
stream.pipe(sendTo);
let hash = !binPath ? stream.pipe(createHash(algo)) : null;
await once(sendTo, `finish`);
if (binPath) {
const downloadedBin = path.join(tmpFolder, binPath);
outputFile = path.join(tmpFolder, path.basename(downloadedBin));
try {
await renameSafe(downloadedBin, outputFile);
} catch (err) {
if ((err as nodeUtils.NodeError)?.code === `ENOENT`)
throw new Error(`Cannot locate '${binPath}' in downloaded tarball`, {cause: err});
throw err;
}
// Calculate the hash of the bin file
const fileStream = fs.createReadStream(outputFile);
hash = fileStream.pipe(createHash(algo));
await once(fileStream, `close`);
}
return {
tmpFolder,
outputFile,
hash: hash!.digest(`hex`),
};
}
export async function installVersion(installTarget: string, locator: Locator, {spec}: {spec: PackageManagerSpec}): Promise<InstallSpec> {
const locatorIsASupportedPackageManager = isSupportedPackageManagerLocator(locator);
const locatorReference = locatorIsASupportedPackageManager ? semverParse(locator.reference)! : parseURLReference(locator);
const {version, build} = locatorReference;
const installFolder = path.join(installTarget, locator.name, version);
try {
const corepackFile = path.join(installFolder, `.corepack`);
const corepackContent = await fs.promises.readFile(corepackFile, `utf8`);
const corepackData = JSON.parse(corepackContent);
debugUtils.log(`Reusing ${locator.name}@${locator.reference} found in ${installFolder}`);
return {
hash: corepackData.hash as string,
location: installFolder,
bin: corepackData.bin,
};
} catch (err) {
if ((err as nodeUtils.NodeError)?.code !== `ENOENT`) {
throw err;
}
}
let url: string;
let signatures: Array<{keyid: string, sig: string}>;
let integrity: string;
let binPath: string | null = null;
if (locatorIsASupportedPackageManager) {
url = spec.url.replace(`{}`, version);
if (process.env.COREPACK_NPM_REGISTRY) {
const registry = getRegistryFromPackageManagerSpec(spec);
if (registry.type === `npm`) {
({tarball: url, signatures, integrity} = await npmRegistryUtils.fetchTarballURLAndSignature(registry.package, version));
if (registry.bin) {
binPath = registry.bin;
}
}
url = url.replace(
npmRegistryUtils.DEFAULT_NPM_REGISTRY_URL,
() => process.env.COREPACK_NPM_REGISTRY!,
);
}
} else {
url = decodeURIComponent(version);
if (process.env.COREPACK_NPM_REGISTRY && url.startsWith(npmRegistryUtils.DEFAULT_NPM_REGISTRY_URL)) {
url = url.replace(
npmRegistryUtils.DEFAULT_NPM_REGISTRY_URL,
() => process.env.COREPACK_NPM_REGISTRY!,
);
}
}
debugUtils.log(`Installing ${locator.name}@${version} from ${url}`);
const algo = build[0] ?? `sha512`;
const {tmpFolder, outputFile, hash: actualHash} = await download(installTarget, url, algo, binPath);
let bin: BinSpec | BinList;
const isSingleFile = outputFile !== null;
// In config, yarn berry is expected to be downloaded as a single file,
// and therefore `spec.bin` is an array. However, when downloaded from
// custom npm registry as tarball, `bin` should be a map.
// In this case, we ignore the configured `spec.bin`.
if (isSingleFile) {
if (locatorIsASupportedPackageManager && isValidBinList(spec.bin)) {
bin = spec.bin;
} else {
bin = [locator.name];
}
} else {
if (locatorIsASupportedPackageManager && isValidBinSpec(spec.bin)) {
bin = spec.bin;
} else {
const {name: packageName, bin: packageBin} = require(path.join(tmpFolder, `package.json`));
if (typeof packageBin === `string`) {
// When `bin` is a string, the name of the executable is the name of the package.
bin = {[packageName]: packageBin};
} else if (isValidBinSpec(packageBin)) {
bin = packageBin;
} else {
throw new Error(`Unable to locate bin in package.json`);
}
}
}
if (!build[1]) {
const registry = getRegistryFromPackageManagerSpec(spec);
if (registry.type === `npm` && !registry.bin && !shouldSkipIntegrityCheck()) {
if (signatures! == null || integrity! == null)
({signatures, integrity} = (await npmRegistryUtils.fetchTarballURLAndSignature(registry.package, version)));
npmRegistryUtils.verifySignature({signatures, integrity, packageName: registry.package, version});
// @ts-expect-error ignore readonly
build[1] = Buffer.from(integrity.slice(`sha512-`.length), `base64`).toString(`hex`);
}
}
if (build[1] && actualHash !== build[1])
throw new Error(`Mismatch hashes. Expected ${build[1]}, got ${actualHash}`);
const serializedHash = `${algo}.${actualHash}`;
await fs.promises.writeFile(path.join(tmpFolder, `.corepack`), JSON.stringify({
locator,
bin,
hash: serializedHash,
}));
await fs.promises.mkdir(path.dirname(installFolder), {recursive: true});
try {
await renameSafe(tmpFolder, installFolder);
} catch (err) {
if (
(err as nodeUtils.NodeError).code === `ENOTEMPTY` ||
// On Windows the error code is EPERM so we check if it is a directory
((err as nodeUtils.NodeError).code === `EPERM` && (await fs.promises.stat(installFolder)).isDirectory())
) {
debugUtils.log(`Another instance of corepack installed ${locator.name}@${locator.reference}`);
await fs.promises.rm(tmpFolder, {recursive: true, force: true});
} else {
throw err;
}
}
if (locatorIsASupportedPackageManager && process.env.COREPACK_DEFAULT_TO_LATEST !== `0`) {
const lastKnownGood = await engine.getLastKnownGood();
const defaultVersion = engine.getLastKnownGoodFromFileContent(lastKnownGood, locator.name);
if (defaultVersion) {
const currentDefault = semverParse(defaultVersion)!;
const downloadedVersion = locatorReference as SemVer;
if (currentDefault.major === downloadedVersion.major && semverLt(currentDefault, downloadedVersion)) {
await engine.activatePackageManager(lastKnownGood, locator);
}
}
}
debugUtils.log(`Download and install of ${locator.name}@${locator.reference} is finished`);
return {
location: installFolder,
bin,
hash: serializedHash,
};
}
async function renameSafe(oldPath: fs.PathLike, newPath: fs.PathLike) {
if (process.platform === `win32`) {
await renameUnderWindows(oldPath, newPath);
} else {
await fs.promises.rename(oldPath, newPath);
}
}
async function renameUnderWindows(oldPath: fs.PathLike, newPath: fs.PathLike) {
// Windows malicious file analysis blocks files currently under analysis, so we need to wait for file release
const retries = 5;
for (let i = 0; i < retries; i++) {
try {
await fs.promises.rename(oldPath, newPath);
break;
} catch (err) {
if (
(
(err as nodeUtils.NodeError).code === `ENOENT` ||
(err as nodeUtils.NodeError).code === `EPERM`
) &&
i < (retries - 1)
) {
await setTimeoutPromise(100 * 2 ** i);
continue;
} else {
throw err;
}
}
}
}
/**
* Loads the binary, taking control of the current process.
*/
export async function runVersion(locator: Locator, installSpec: InstallSpec & {spec: PackageManagerSpec}, binName: string, args: Array<string>): Promise<void> {
let binPath: string | null = null;
const bin = installSpec.bin ?? installSpec.spec.bin;
if (Array.isArray(bin)) {
if (bin.some(name => name === binName)) {
const parsedUrl = new URL(installSpec.spec.url);
const ext = path.posix.extname(parsedUrl.pathname);
if (ext === `.js`) {
binPath = path.join(installSpec.location, path.posix.basename(parsedUrl.pathname));
}
}
} else {
for (const [name, dest] of Object.entries(bin)) {
if (name === binName) {
binPath = path.join(installSpec.location, dest);
break;
}
}
}
if (!binPath)
throw new Error(`Assertion failed: Unable to locate path for bin '${binName}'`);
// @ts-expect-error - Missing types
if (!Module.enableCompileCache) {
// Node.js segfaults when using npm@>=9.7.0 and v8-compile-cache
// $ docker run -it node:20.3.0-slim corepack npm@9.7.1 --version
// [SIGSEGV]
if (locator.name !== `npm` || semverLt(locator.reference, `9.7.0`)) {
// @ts-expect-error - No types
await import(`v8-compile-cache`);
}
}
// We load the binary into the current process,
// while making it think it was spawned.
// Non-exhaustive list of requirements:
// - Yarn uses process.argv[1] to determine its own path: https://github.com/yarnpkg/berry/blob/0da258120fc266b06f42aed67e4227e81a2a900f/packages/yarnpkg-cli/sources/main.ts#L80
// - pnpm uses `require.main == null` to determine its own version: https://github.com/pnpm/pnpm/blob/e2866dee92991e979b2b0e960ddf5a74f6845d90/packages/cli-meta/src/index.ts#L14
process.env.COREPACK_ROOT = path.dirname(require.resolve(`corepack/package.json`));
process.argv = [
process.execPath,
binPath,
...args,
];
process.execArgv = [];
// Unset the mainModule and let Node.js set it when needed.
process.mainModule = undefined;
// Use nextTick to unwind the stack, and consequently remove Corepack from
// the stack trace of the package manager.
process.nextTick(Module.runMain, binPath);
// @ts-expect-error - No types
if (Module.flushCompileCache) {
// @ts-expect-error - No types
setImmediate(Module.flushCompileCache);
}
}
export function shouldSkipIntegrityCheck() {
return process.env.COREPACK_INTEGRITY_KEYS === ``
|| process.env.COREPACK_INTEGRITY_KEYS === `0`;
}