Sm/strict-mode #475
Sm/strict-mode #475
Conversation
| @@ -284,24 +267,36 @@ export class InstallationVerification implements Verifier { | |||
| public async streamTagGz(): Promise<NpmMeta> { | |||
| const logger = await this.getLogger(); | |||
| const npmMeta = await this.retrieveNpmMeta(); | |||
| if (!npmMeta.tarballUrl) { | |||
There was a problem hiding this comment.
seems safe to update the npm meta type to account for tarball to always be present in the response.
https://github.com/verdaccio/verdaccio/blob/d52dbadae84edb1c34905bf09c3e8f8bf708eed0/packages/core/types/src/manifest.ts#L74
There was a problem hiding this comment.
you're right, but 😢 we've got a public constructor on an exported class, which would become invalid if the tarballUrl is required.
public constructor(private module: string, private version: string = 'latest', private cliRoot?: string) {
this.npmMeta = {
moduleName: module,
};
}
This is kinda like what I showed in demos with classes--all the props are optional and the consumers has to know which methods need be called before which props/methods become valid.
|
QA notes: 🟢 successfully verify signature, defaults to npm registry if -r/--registry isn't specified. 🟢 JSON output matches current 🟢 allowlist file is respected by signature verification hook. |
What does this PR do?
strict mode
a little less classy
fewer ts
assertionssketchy injectable fsImplt => sinon
reduce eslint comments
What issues does this PR fix or reference?
@W-12220467@
@W-13183108@