Skip to content

Stop storing integrity for git dependencies #525

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
nlf merged 2 commits into from
Mar 3, 2022
Merged

Stop storing integrity for git dependencies #525

nlf merged 2 commits into from
Mar 3, 2022

Conversation

@nlf
Copy link
Contributor

@nlf nlf commented Feb 8, 2022
edited by wraithgar
Loading

@ljharb
Copy link
Contributor

ljharb commented Feb 8, 2022

Would there be value in storing the git sha, since the URL might not contain it?

@ruyadorno ruyadorno changed the title Create 0000-no-integrity-for-git.md Stop storing integrity for git dependencies Feb 8, 2022
@nlf
Copy link
Contributor Author

nlf commented Feb 8, 2022

Would there be value in storing the git sha, since the URL might not contain it?

the sha is already what gets stored in the resolved field today

@darcyclarke darcyclarke added the Agenda will be discussed at the Open RFC call label Feb 9, 2022
@darcyclarke darcyclarke mentioned this pull request Feb 9, 2022
Closed
@wraithgar wraithgar mentioned this pull request Feb 10, 2022
Closed
@darcyclarke darcyclarke mentioned this pull request Feb 16, 2022
Closed
@bnb
Copy link

bnb commented Feb 16, 2022

will restate what I said in the meeting, half in jest but also half seriously: if this feature isn't working in a consistent way that accomplishes what it says it does, entirely removing it is imo potentially a candidate for a patch release.

nlf added a commit to npm/pacote that referenced this pull request Feb 22, 2022
@nlf
fix: ignore integrity values for git dependencies
c659428 
while this will not remove the values that are being ignored, it does
ensure that we don't throw EINTEGRITY errors for git dependencies which
expect a specific integrity value. see npm/rfcs#525
@nlf nlf mentioned this pull request Feb 22, 2022
Merged
@darcyclarke darcyclarke mentioned this pull request Feb 23, 2022
Closed
@darcyclarke darcyclarke removed the Agenda will be discussed at the Open RFC call label Feb 23, 2022
nlf added a commit to npm/pacote that referenced this pull request Feb 23, 2022
@nlf
fix: ignore integrity values for git dependencies (#123)
3417714 
while this will not remove the values that are being ignored, it does
ensure that we don't throw EINTEGRITY errors for git dependencies which
expect a specific integrity value. see npm/rfcs#525
@derTobsch
Copy link

derTobsch commented Feb 24, 2022
edited
Loading

We run into the same problem today and now our ci pipline is stuck, because it does calculate a different hash than any other development machine. If we can help to test this issue, please let us know.

The problem came with the upgrade from npm 8.1.2 -> 8.3.1 - so we downgraded and it looks better now.

@nlf
Copy link
Contributor Author

nlf commented Mar 1, 2022

npm@8.5.2 no longer compares the stored integrity field to the generated data

@nlf nlf mentioned this pull request Mar 1, 2022
Closed
1 task
@nlf nlf merged commit c5214b8 into main Mar 3, 2022
@nlf nlf deleted the nlf/no-integrity-for-git branch March 3, 2022 23:08
@klassiker klassiker mentioned this pull request Dec 12, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@nlf @ljharb @bnb @derTobsch @darcyclarke