Merge pull request #36 from cnpm/strict-ssl

feat: support read strict-ssl from npm config
cnpm · Mar 3, 2016 · 724b398 · 724b398
2 parents 7d20708 + 4a8e3d4
commit 724b398
Show file tree

Hide file tree

Showing 5 changed files with 29 additions and 21 deletions.
diff --git a/README.md b/README.md
@@ -96,9 +96,17 @@ co(function*() {
 
 ## Support Features
 
+- [x] all types of npm package
+  - [x] a) a folder containing a program described by a package.json file (`npm install file:eslint-rule`)
+  - [x] b) a gzipped tarball containing (a) (`npm install ./rule.tgz`)
+  - [x] c) a url that resolves to (b) (`npm install https://github.com/indexzero/forever/tarball/v0.5.6`)
+  - [x] d) a <name>@<version> that is published on the registry with (c)
+  - [x] e) a <name>@<tag> (see npm-dist-tag) that points to (d)
+  - [x] f) a <name> that has a "latest" tag satisfying (e)
+  - [x] g) a <git remote url> that resolves to (a) (`npm install git://github.com/timaschew/cogent#fix-redirects`)
+- [x] All platform support
 - [x] global install (`-g, --global`)
-- [x] postinstall script
-  - [x] support Windows
+- [x] `preinstall`, `install`, `postinstall` scripts
 - [x] node-gyp
   - [x] node-pre-gyp
 - [x] bin ([email protected], [email protected])
@@ -108,16 +116,6 @@ co(function*() {
 - [x] peerDependencies ([email protected], [email protected], [email protected])
 - [x] deprecate message
 - [x] `--production` mode
-- [x] cleanup when install failed
-- all types of npm package
-  - [x] a) a folder containing a program described by a package.json file (`npm install file:eslint-rule`)
-  - [x] b) a gzipped tarball containing (a) (`npm install ./rule.tgz`)
-  - [x] c) a url that resolves to (b) (`npm install https://github.com/indexzero/forever/tarball/v0.5.6`)
-  - [x] d) a <name>@<version> that is published on the registry with (c)
-  - [x] e) a <name>@<tag> (see npm-dist-tag) that points to (d)
-  - [x] f) a <name> that has a "latest" tag satisfying (e)
-  - [x] g) a <git remote url> that resolves to (a) (`npm install git://github.com/timaschew/cogent#fix-redirects`)
-- [x] `preinstall`, `install`, `postinstall` scripts
 - [x] `save`, `save-dev`, `save-optional`
 
 ## Different with NPM
@@ -141,10 +139,8 @@ Two rules:
 
 e.g.:
 
-- app: `{ "dependencies": { "a": "1.0.0" } }` (root)
-- [email protected]: `{ "dependencies": { "c": "2.0.0", "b": "1.0.0" } }`
-- [email protected]: `{ "dependencies": { "c": "1.0.0" } }`
-- [email protected] & [email protected]: `{ "dependencies": { } }`
+- app: `{ "dependencies": { "debug": "2.2.0", "ms": "0.5.1" } }` (root)
+- [email protected]: `{ "dependencies": { "ms": "0.7.1" } }`
 
 ```bash
 app/

diff --git a/bin/install.js b/bin/install.js
@@ -142,6 +142,7 @@ co(function*() {
     config.targetDir = path.join(npmPrefix, 'lib');
     config.binDir = path.join(npmPrefix, 'bin');
   }
+  config.strictSSL = getStrictSSL();
   yield npminstall(config);
 
   if (!argv.global && pkgs.length > 0) {
@@ -183,6 +184,16 @@ function getVersionSavePrefix() {
   }
 }
 
+function getStrictSSL() {
+  try {
+    const strictSSL = execSync('npm config get strict-ssl').toString().trim();
+    return strictSSL !== 'false';
+  } catch (err) {
+    console.error(`exec npm config get strict-ssl ERROR: ${err.message}`);
+    return true;
+  }
+}
+
 function* updateDependencies(root, pkgs, propName) {
   const savePrefix = getVersionSavePrefix();
   const pkgFile = path.join(root, 'package.json');

diff --git a/lib/download/npm.js b/lib/download/npm.js
@@ -33,7 +33,7 @@ module.exports = function* (pkg, options) {
     timeout: options.timeout,
     followRedirect: true,
     gzip: true,
-  });
+  }, options);
   const realPkg = result.data;
   options.totalJSONSize += result.res.size;
   options.totalJSONCount += 1;
@@ -111,7 +111,7 @@ function* getTarballStream(pkg, options) {
       timeout: options.timeout,
       followRedirect: true,
       streaming: true,
-    });
+    }, options);
 
     if (result.status !== 200) {
       destroy(result.res);
@@ -142,7 +142,7 @@ function* getTarballStream(pkg, options) {
       timeout: options.timeout,
       followRedirect: true,
       writeStream: fs.createWriteStream(tmpFile),
-    });
+    }, options);
 
     if (result.status !== 200) {
       throw new Error(`Download ${pkg.dist.tarball} status: ${result.status} error, should be 200`);

diff --git a/lib/download/remote.js b/lib/download/remote.js
@@ -42,7 +42,7 @@ function* getTarballStream(url, options) {
     timeout: options.timeout,
     followRedirect: true,
     streaming: true,
-  });
+  }, options);
 
   if (result.status !== 200) {
     destroy(result.res);

diff --git a/lib/get.js b/lib/get.js
@@ -31,11 +31,12 @@ const httpsKeepaliveAgent = new HttpsAgent({
 
 const USER_AGENT = 'npminstall/' + require('../package.json').version + ' ' + urllib.USER_AGENT;
 
-function* get(url, options) {
+function* get(url, options, globalOptions) {
   options.httpsAgent = httpsKeepaliveAgent;
   options.agent = httpKeepaliveAgent;
   options.headers = options.headers || {};
   options.headers['User-Agent'] = USER_AGENT;
+  options.rejectUnauthorized = globalOptions.strictSSL;
   const result = yield _get(url, options, 5);
   debug('GET %s, headers: %j from %j', result.status, result.headers, url);
   if (result.status < 100 || result.status >= 300) {