fix: skip latest/SHASUMS256.txt check for full semver installs and warn on stale mirror#1337
Open
abaschen wants to merge 1 commit intocoreybutler:masterfrom
Open
fix: skip latest/SHASUMS256.txt check for full semver installs and warn on stale mirror#1337abaschen wants to merge 1 commit intocoreybutler:masterfrom
abaschen wants to merge 1 commit intocoreybutler:masterfrom
Conversation
…rn on stale mirror When using nvm install behind a mirror, the latest/SHASUMS256.txt file may be stale (cached behind the real Node.js distribution), causing valid installs to be incorrectly blocked with a misleading 'not yet released' error. Changes: - Add semver.IsFullSemver() to detect full major.minor.patch version strings - Skip checkVersionExceedsLatest() for full semver installs; validate against index.json directly via node.IsVersionAvailable() - Add isUsingMirror() helper to centralize mirror detection logic - When checkVersionExceedsLatest() would block and a mirror is configured, cross-validate against index.json: if the version exists, warn about the stale mirror and allow installation instead of blocking - When getLatest() resolves a version from a stale mirror, warn that the mirror's latest/ differs from index.json Includes property-based tests (testing/quick) and table-driven tests covering: - Bug condition exploration (stale mirror blocking, full semver bypass) - Preservation properties (official dist unchanged, non-existent version rejection, already-installed detection) Fixes coreybutler#1336
|
This PR is stale because it has been open 45 days with no activity. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixes #1336
Problem
When using
nvm installbehind a mirror (nvm node_mirror <url>), thelatest/SHASUMS256.txtfile may be stale (cached behind the real Node.js distribution), causing two issues:nvm install 22.16.0unnecessarily fetcheslatest/SHASUMS256.txtand blocks with "not yet released" when the mirror is stale, even though the version exists inindex.json.nvm install latestsilently installs the stale version with no warning.Changes
src/semver/semver.go: AddIsFullSemver()to detect fullmajor.minor.patchversion stringssrc/nvm.go:isUsingMirror()helper to centralize mirror detectioncheckVersionExceedsLatest()for full semver installs — validate againstindex.jsondirectlycheckVersionExceedsLatest()would block and a mirror is configured, cross-validate againstindex.json: if the version exists, warn about the stale mirror and allow installationgetLatest()resolves from a stale mirror, warn that the mirror's latest differs fromindex.jsonCorrectness Properties Validated
checkVersionExceedsLatest()getLatest()warns when mirror is staleTests
Added
src/nvm_test/standalone test module (the main package has Windows-only deps) with property-based tests (testing/quick) and table-driven tests covering all properties above.