From feabc4f2f416f446a915db4e3a271aaeda5e6d6b Mon Sep 17 00:00:00 2001 From: Juan Heyns Date: Wed, 7 Sep 2022 18:03:40 -0400 Subject: [PATCH 1/2] Add a condition to fix third-party registries returning E400 --- lib/commands/audit.js | 2 +- test/lib/commands/audit.js | 8 ++++++++ 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/lib/commands/audit.js b/lib/commands/audit.js index 6ec870f03a8a5..feccefda0c904 100644 --- a/lib/commands/audit.js +++ b/lib/commands/audit.js @@ -156,7 +156,7 @@ class VerifySignatures { ...key, pemkey: `-----BEGIN PUBLIC KEY-----\n${key.key}\n-----END PUBLIC KEY-----`, }))).catch(err => { - if (err.code === 'E404') { + if (err.code === 'E404' || err.code === 'E400') { return null } else { throw err diff --git a/test/lib/commands/audit.js b/test/lib/commands/audit.js index b6c6c77a2b40a..0aeafa5f0adc1 100644 --- a/test/lib/commands/audit.js +++ b/test/lib/commands/audit.js @@ -1198,6 +1198,14 @@ t.test('audit signatures', async t => { npm.exec('audit', ['signatures']), /found no dependencies to audit that where installed from a supported registry/ ) + + // Some registries return 400 instead, even though 404 would be more appropriate + registry.nock.get('/-/npm/v1/keys').reply(400) + + await t.rejects( + npm.exec('audit', ['signatures']), + /found no dependencies to audit that where installed from a supported registry/ + ) }) t.test('third-party registry with keys and signatures', async t => { From 20b6ee212be47605b3d375f7fb6e634bbabc234a Mon Sep 17 00:00:00 2001 From: Juan Heyns Date: Fri, 9 Sep 2022 14:55:34 -0400 Subject: [PATCH 2/2] changed to a separate test. --- test/lib/commands/audit.js | 25 +++++++++++++++++++++++-- 1 file changed, 23 insertions(+), 2 deletions(-) diff --git a/test/lib/commands/audit.js b/test/lib/commands/audit.js index 0aeafa5f0adc1..bfa68955c5c7b 100644 --- a/test/lib/commands/audit.js +++ b/test/lib/commands/audit.js @@ -1171,7 +1171,7 @@ t.test('audit signatures', async t => { t.matchSnapshot(joinedOutput()) }) - t.test('third-party registry without keys does not verify', async t => { + t.test('third-party registry without keys (E404) does not verify', async t => { const registryUrl = 'https://verdaccio-clone2.org' const { npm } = await loadMockNpm(t, { prefixDir: installWithThirdPartyRegistry, @@ -1198,8 +1198,29 @@ t.test('audit signatures', async t => { npm.exec('audit', ['signatures']), /found no dependencies to audit that where installed from a supported registry/ ) + }) - // Some registries return 400 instead, even though 404 would be more appropriate + t.test('third-party registry without keys (E400) does not verify', async t => { + const registryUrl = 'https://verdaccio-clone2.org' + const { npm } = await loadMockNpm(t, { + prefixDir: installWithThirdPartyRegistry, + config: { + '@npmcli:registry': registryUrl, + }, + }) + const registry = new MockRegistry({ tap: t, registry: registryUrl }) + const manifest = registry.manifest({ + name: '@npmcli/arborist', + packuments: [{ + version: '1.0.14', + dist: { + tarball: 'https://registry.npmjs.org/@npmcli/arborist/-/@npmcli/arborist-1.0.14.tgz', + integrity: 'sha512-caa8hv5rW9VpQKk6tyNRvSaVDySVjo9GkI7Wj/wcsFyxPm3tYrE' + + 'sFyTjSnJH8HCIfEGVQNjqqKXaXLFVp7UBag==', + }, + }], + }) + await registry.package({ manifest }) registry.nock.get('/-/npm/v1/keys').reply(400) await t.rejects(