nodejs
/
corepack
mirror of https://github.com/nodejs/corepack.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
397 Commits 11 Branches 48 Tags 1.2 GiB
Commit Graph

11 Commits

Author SHA1 Message Date
Thomas Scholtes aa1b84939a
Get NPM signing keys from @sigstore/tuf 
Instead of hardcoding NPM signing keys for verification we get them from
sigstore’s TUF repository. This is in line with how npm implements
signature verification.

Fixes #616, fixes #612
 2025-04-04 17:58:23 +02:00
Antoine du Hamel 53b1fe75c4
feat: add more informative error when fetching latest stable fails (#644) 2025-02-28 20:05:59 +01:00
Antoine du Hamel eb63873c6c
fix: fallback to `shasum` when `integrity` is not defined (#542) 
Some npm registries do not define an `integrity` field, in which case
we can try using the `shasum` field instead.
 2024-07-21 16:38:30 +02:00
Leonardo Rocha f15ebc289e
feat: add support for `COREPACK_INTEGRITY_KEYS=0` (#470) 2024-05-10 10:05:26 +02:00
Antoine du Hamel e561dd00bb
feat: verify integrity signature when downloading from npm registry (#432) 
When the user has not provided any hash (so when running `corepack up`/`corepack use …`), and the package manager is downloaded from the npm registry, we can verify the signature.

BREAKING CHANGE: attempting to download a version from the npm registry (or a mirror) that was published using the now deprecated PGP signature without providing a hash will trigger an error. Users can disable the signature verification using a environment variable.
 2024-04-12 22:49:11 +00:00
Antoine du Hamel 082fabf8b1
fix: download fewer metadata from npm registry (#436) 2024-03-26 15:08:33 +01:00
zhyupe 47be27c9db
fix: improve support for `COREPACK_NPM_REGISTRY` with Yarn Berry (#396) 2024-02-27 10:55:04 +01:00
Kristoffer K fe6a3072f6
feat!: use `fetch` (#365) 
Co-authored-by: Antoine du Hamel <duhamelantoine1995@gmail.com>
 2024-02-11 23:52:38 +01:00
Michael Stramel 92f8e71f8c
feat: allow fallback to application/json for custom registries (#314) 2023-10-19 16:36:02 +02:00
Maël Nison fe3e5cd86c
Refactoring of the CLI interface (#291) 
* Refactoring of the CLI interface

* Updates the Nock snapshots

* Regenerates the Nock files on Node 16

* Update README.md

* Adds --cache-only to corepack install -g

* Fixes hash generation
 2023-08-28 22:01:48 +02:00
Mike Scott 662ae9057c
feat: add support for configurable registries and applicable auth options (#186) 
Fixes: https://github.com/nodejs/corepack/issues/66
 2022-10-28 04:50:07 +02:00