Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: npm/cacache
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: v6.3.0
Choose a base ref
...
head repository: npm/cacache
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: v7.0.0
Choose a head ref
  • 6 commits
  • 30 files changed
  • 1 contributor

Commits on Apr 3, 2017

  1. feat(integrity): subresource integrity support (#78) 

    BREAKING CHANGE: The entire API has been overhauled to use SRI hashes instead of digest/hashAlgorithm pairs. SRI hashes follow the Subresource Integrity standard and support strings and objects compatible with [`ssri`](https://npm.im/ssri).

* This change bumps the index version, which will invalidate all previous index entries. Content entries will remain intact, and existing caches will automatically reuse any content from before this breaking change.

* `cacache.get.info()`, `cacache.ls(), and `cacache.ls.stream()` will now return objects that looks like this:

```
{
  key: String,
  integrity: '<algorithm>-<base64hash>',
  path: ContentPath,
  time: Date<ms>,
  metadata: Any
}
```

* `opts.digest` and `opts.hashAlgorithm` are obsolete for any API calls that used them.

* Anywhere `opts.digest` was accepted, `opts.integrity` is now an option. Any valid SRI hash is accepted here -- multiple hash entries will be resolved according to the standard: first, the "strongest" hash algorithm will be picked, and then each of the entries for that algorithm will be matched against the content. Content will be validated if *any* of the entries match (so, a single integrity string can be used for multiple "versions" of the same document/data).

* `put.byDigest()`, `put.stream.byDigest`, `get.byDigest()` and `get.stream.byDigest() now expect an SRI instead of a `digest` + `opts.hashAlgorithm` pairing.

* `get.hasContent()` now expects an integrity hash instead of a digest. If content exists, it will return the specific single integrity hash that was found in the cache.

* `verify()` has learned to handle integrity-based caches, and forgotten how to handle old-style cache indices due to the format change.

* `cacache.rm.content()` now expects an integrity hash instead of a hex digest.
    @zkat
    zkat authored Apr 3, 2017
    Configuration menu
    Copy the full SHA
    b1e731f View commit details
    Browse the repository at this point in the history

  2. docs: mention CoC in readme

    @zkat
    zkat committed Apr 3, 2017
    Configuration menu
    Copy the full SHA
    716c3f9 View commit details
    Browse the repository at this point in the history

  3. docs: nudging readme a bit more

    @zkat
    zkat committed Apr 3, 2017
    Configuration menu
    Copy the full SHA
    1948528 View commit details
    Browse the repository at this point in the history

  4. fix(test): fix content.write tests when running in docker

    @zkat
    zkat committed Apr 3, 2017
    Configuration menu
    Copy the full SHA
    d2e9b6a View commit details
    Browse the repository at this point in the history

  5. meta: minor tweaks to package.json pre-release

    @zkat
    zkat committed Apr 3, 2017
    Configuration menu
    Copy the full SHA
    f73b3a3 View commit details
    Browse the repository at this point in the history

  6. chore(release): 7.0.0

    @zkat
    zkat committed Apr 3, 2017
    Configuration menu
    Copy the full SHA
    99769f6 View commit details
    Browse the repository at this point in the history
Loading