-
Notifications
You must be signed in to change notification settings - Fork 172
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Hash validation failed for yarn when COREPACK_NPM_REGISTRY
is set on one side
#435
Comments
Ah yes, that's an unfortunate side-effect, I'm not sure what would be the solution here 🤔 I suppose Yarn registry could use the archice format as the npm registry, but that would invalidate all the hashes for existing Corepack users. |
In the case of Yarn the tarball just contains the same source file as the website. We could add an fetch variant that pulls this one file from the archive rather than the whole archive 🤔 That should even be simplified since the checksum is computed right after the extraction, or writing the file on the disk: corepack/sources/corepackUtils.ts Line 195 in a05aec6
|
Agreed but that change is kinda late as many user may already wrote hash of Therefore I prefer @arcanis 's idea by adding an option (maybe on npmRegistry) to extract only the |
Currently, yarn berry could be downloaded as two form, tar or js, depending on whether
COREPACK_NPM_REGISTRY
is set. However, the hash validation step simply calculates the shasum of download stream, and obviously the hashes mismatch.For example, shasums for yarn 4.1.1 are:
Reproduce steps:
corepack use [email protected]
withoutCOREPACK_NPM_REGISTRY
being set. Hash will be written topackage.json
COREPACK_NPM_REGISTRY
is set.corepack yarn
, following error will be thrown:The text was updated successfully, but these errors were encountered: