Changelog
All notable changes to this project will be documented in this file. See standard-version for commit guidelines.
15.0.5 (2020-07-11)
15.0.4 (2020-06-03)
Bug Fixes
15.0.3 (2020-04-28)
Bug Fixes
- actually remove move-concurrently dep (29e6eec)
15.0.2 (2020-04-28)
Bug Fixes
- tacks should be a dev dependency (93ec158)
15.0.1 (2020-04-27)
- deps: Use move-file instead of move-file-concurrently. (92b125)
15.0.0 (2020-02-18)
⚠ BREAKING CHANGES
- drop figgy-pudding and use canonical option names.
Features
- remove figgy-pudding (57d11bc)
14.0.0 (2020-01-28)
⚠ BREAKING CHANGES
deps: bumps engines to >= 10
deps: tar v6 and mkdirp v1 (5a66e7a)
13.0.1 (2019-09-30)
Bug Fixes
- fix-owner: chownr.sync quits on non-root uid (08801be)
13.0.0 (2019-09-25)
⚠ BREAKING CHANGES
- This subtly changes the streaming interface of everything in cacache that streams, which is, well, everything in cacache. Most users will probably not notice, but any code that depended on stream behavior always being deferred until next tick will need to adjust.
The mississippi methods 'to', 'from', 'through', and so on, have been replaced with their Minipass counterparts, and streaming interaction with the file system is done via fs-minipass.
The following modules are of interest here:
minipass The core stream library.
fs-minipass Note that the 'WriteStream' class from fs-minipass is not a Minipass stream, but rather a plain old EventEmitter that duck types as a Writable.
minipass-collect Gather up all the data from a stream. Cacache only uses Collect.PassThrough, which is a basic Minipass passthrough stream which emits a 'collect' event with the completed data just before the 'end' event.
minipass-pipeline Connect one or more streams into a pipe chain. Errors anywhere in the pipeline are proxied down the chain and then up to the Pipeline object itself. Writes go into the head, reads go to the tail. Used in place of pump() and pumpify().
minipass-flush A Minipass passthrough stream that defers its 'end' event until after a flush() method has completed (either calling the supplied callback, or returning a promise.) Use in place of flush-write-stream (aka mississippi.to).
Streams from through2, concat-stream, and the behavior provided by end-of-stream are all implemented in Minipass itself.
Features of interest to cacache, which make Minipass a particularly good fit:
- All of the 'endish' events are normalized, so we can just listen on 'end' and know that finish, prefinish, and close will be handled as well.
- Minipass doesn't waste time containing zalgo.
- Minipass has built-in support for promises that indicate the end or error: stream.promise(), stream.collect(), and stream.concat().
- With reliable and consistent timing guarantees, much less error-checking logic is required. We can be more confident that an error is being thrown or emitted in the correct place, rather than in a callback which is deferred, resulting in a hung promise or uncaughtException.
The biggest downside of Minipass is that it lacks some of the internal characteristics of node-core streams, which many community modules use to identify streams. They have no _writableState or _readableState objects, or _read or _write methods. As a result, the is-stream module (at least, at the time of this commit) doesn't recognize Minipass streams as readable or writable streams.
All in all, the changes required of downstream users should be minimal, but are unlikely to be zero. Hence the semver major change.
Features
- replace all streams with Minipass streams (f4c0962)
- deps: Add minipass and minipass-pipeline (a6545a9)
- promise: converted .resolve to native promise, converted .map and .reduce to native (220c56d)
- promise: individually promisifing functions as needed (74b939e)
- promise: moved .reject from bluebird to native promise (1d56da1)
- promise: removed .fromNode, removed .join (9c457a0)
- promise: removed .map, replaced with p-map. removed .try (cc3ee05)
- promise: removed .tap (0260f12)
- promise: removed .using/.disposer (5d832f3)
- promise: removed bluebird (c21298c)
- promise: removed bluebird specific .catch calls (28aeeac)
- promise: replaced .reduce and .mapSeries (478f5cb)
12.0.3 (2019-08-19)
Bug Fixes
- do not chown if not running as root (2d80af9)
12.0.2 (2019-07-19)
12.0.1 (2019-07-19)
-
deps Abstracted out
lib/util/infer-owner.js
to @npmcli/infer-owner so that it could be more easily used in other parts of the npm CLI.
12.0.0 (2019-07-15)
Features
BREAKING CHANGES
- the uid gid options are no longer respected or necessary. As of this change, cacache will always match the cache contents to the ownership of the cache directory (or its parent directory), regardless of what the caller passes in.
Reasoning:
The number one reason to use a uid or gid option was to keep root-owned files from causing problems in the cache. In npm's case, this meant that CLI's ./lib/command.js had to work out the appropriate uid and gid, then pass it to the libnpmcommand module, which had to in turn pass the uid and gid to npm-registry-fetch, which then passed it to make-fetch-happen, which passed it to cacache. (For package fetching, pacote would be in that mix as well.)
Added to that, cacache.rm()
will actually write a file into the
cache index, but has no way to accept an option so that its call to
entry-index.js will write the index with the appropriate uid/gid.
Little ownership bugs were all over the place, and tricky to trace
through. (Why should make-fetch-happen even care about accepting or
passing uids and gids? It's an http library.)
This change allows us to keep the cache from having mixed ownership in any situation.
Of course, this does mean that if you have a root-owned but
user-writable folder (for example, /tmp
), then the cache will try to
chown everything to root.
The solution is for the user to create a folder, make it user-owned, and use that, rather than relying on cacache to create the root cache folder.
If we decide to restore the uid/gid opts, and use ownership inference only when uid/gid are unset, then take care to also make rm take an option object, and pass it through to entry-index.js.
11.3.3 (2019-06-17)
Bug Fixes
- audit: npm audit fix (200a6d5)
- config: Add ssri config 'error' option (#146) (47de8f5)
- deps: npm audit fix (481a7dc)
- standard: standard --fix (7799149)
- write: avoid another cb never called situation (5156561)
11.3.2 (2018-12-21)
Bug Fixes
- get: make sure to handle errors in the .then (b10bcd0)
11.3.1 (2018-11-05)
Bug Fixes
- get: export hasContent.sync properly (d76c920)
11.3.0 (2018-11-05)
Features
- get: add sync API for reading (db1e094)
11.2.0 (2018-08-08)
Features
- read: add sync support to other internal read.js fns (fe638b6)
11.1.0 (2018-08-01)
Features
- read: add sync support for low-level content read (b43af83)
11.0.3 (2018-08-01)
Bug Fixes
- config: add ssri config options (#136) (10d5d9a)
- perf: refactor content.read to avoid lstats (c5ac10e)
- test: oops when removing safe-buffer (1950490)
11.0.2 (2018-05-07)
Bug Fixes
11.0.1 (2018-04-10)
11.0.0 (2018-04-09)
Features
meta
- drop support for node@4 (529f347)
BREAKING CHANGES
- node@4 is no longer supported
10.0.4 (2018-02-16)
10.0.3 (2018-02-16)
Bug Fixes
- content: rethrow aggregate errors as ENOENT (fa918f5)
10.0.2 (2018-01-07)
Bug Fixes
- ls: deleted entries could cause a premature stream EOF (347dc36)
10.0.1 (2017-11-15)
Bug Fixes
-
move-file: actually use the fallback to
move-concurrently
(#110) (073fbe1)
10.0.0 (2017-10-23)
Features
- license: relicense to ISC (#111) (fdbb4e5)
Performance Improvements
- more copyFile benchmarks (63787bb)
BREAKING CHANGES
- license: the license has been changed from CC0-1.0 to ISC.
9.3.0 (2017-10-07)
Features
- copy: added cacache.get.copy api for fast copies (#107) (067b5f6)
9.2.9 (2017-06-17)
9.2.8 (2017-06-05)
Bug Fixes
- ssri: bump ssri for bugfix (c3232ea)
9.2.7 (2017-06-05)
Bug Fixes
- content: make verified content completely read-only (#96) (4131196)
9.2.6 (2017-05-31)
Bug Fixes
- node: update ssri to prevent old node 4 crash (5209ffe)
9.2.5 (2017-05-25)
Bug Fixes
- deps: fix lockfile issues and bump ssri (84e1d7e)
9.2.4 (2017-05-24)
Bug Fixes
- deps: bumping deps (bbccb12)
9.2.3 (2017-05-24)
Bug Fixes
- rm: stop crashing if content is missing on rm (ac90bc0)
9.2.2 (2017-05-14)
Bug Fixes
- i18n: lets pretend this didn't happen (519b4ee)
9.2.1 (2017-05-14)
Bug Fixes
- docs: fixing translation messup (bb9e4f9)
9.2.0 (2017-05-14)
Features
- i18n: add Spanish translation for API (531f9a4)
9.1.0 (2017-05-14)
Features
- i18n: Add Spanish translation and i18n setup (#91) (323b90c)
9.0.0 (2017-04-28)
Bug Fixes
- memoization: actually use the LRU (0e55dc9)
Features
- memoization: memoizers can be injected through opts.memoize (#90) (e5614c7)
BREAKING CHANGES
- memoization: If you were passing an object to opts.memoize, it will now be used as an injected memoization object. If you were only passing booleans and other non-objects through that option, no changes are needed.
8.0.0 (2017-04-22)
Features
BREAKING CHANGES
-
read: hasContent now returns an object with
{sri, size}
instead ofsri
. Useresult.sri
anywhere that needed the old return value.
7.1.0 (2017-04-20)
Features
- size: handle content size info (#49) (91230af)
7.0.5 (2017-04-18)
Bug Fixes
- integrity: new ssri with fixed integrity stream (6d13e8e)
- write: wrap stuff in promises to improve errors (3624fc5)
7.0.4 (2017-04-15)
Bug Fixes
- fix-owner: throw away ENOENTs on chownr (d49bbcd)
7.0.3 (2017-04-05)
Bug Fixes
- read: fixing error message for integrity verification failures (9d4f0a5)
7.0.2 (2017-04-03)
Bug Fixes
- integrity: use EINTEGRITY error code and update ssri (8dc2e62)
7.0.1 (2017-04-03)
Bug Fixes
- docs: fix header name conflict in readme (afcd456)
7.0.0 (2017-04-03)
Bug Fixes
- test: fix content.write tests when running in docker (d2e9b6a)
Features
- integrity: subresource integrity support (#78) (b1e731f)
BREAKING CHANGES
integrity: The entire API has been overhauled to use SRI hashes instead of digest/hashAlgorithm pairs. SRI hashes follow the Subresource Integrity standard and support strings and objects compatible with
ssri
.This change bumps the index version, which will invalidate all previous index entries. Content entries will remain intact, and existing caches will automatically reuse any content from before this breaking change.
cacache.get.info()
,cacache.ls()
, andcacache.ls.stream()
will now return objects that looks like this:
{
key: String,
integrity: '<algorithm>-<base64hash>',
path: ContentPath,
time: Date<ms>,
metadata: Any
}
opts.digest
andopts.hashAlgorithm
are obsolete for any API calls that used them.Anywhere
opts.digest
was accepted,opts.integrity
is now an option. Any valid SRI hash is accepted here -- multiple hash entries will be resolved according to the standard: first, the "strongest" hash algorithm will be picked, and then each of the entries for that algorithm will be matched against the content. Content will be validated if any of the entries match (so, a single integrity string can be used for multiple "versions" of the same document/data).put.byDigest()
,put.stream.byDigest
,get.byDigest()
andget.stream.byDigest()
now expect an SRI instead of adigest
+opts.hashAlgorithm
pairing.get.hasContent()
now expects an integrity hash instead of a digest. If content exists, it will return the specific single integrity hash that was found in the cache.verify()
has learned to handle integrity-based caches, and forgotten how to handle old-style cache indices due to the format change.cacache.rm.content()
now expects an integrity hash instead of a hex digest.
6.3.0 (2017-04-01)
Bug Fixes
- fixOwner: ignore EEXIST race condition from mkdirp (4670e9b)
- index: ignore index removal races when inserting (b9d2fa2)
- memo: use lru-cache for better mem management (#75) (d8ac5aa)
Features
- dependencies: Switch to move-concurrently (#77) (dc6482d)
6.2.0 (2017-03-15)
Bug Fixes
- index: additional bucket entry verification with checksum (#72) (f8e0f25)
- verify: return fixOwner.chownr promise (6818521)
Features
- tmp: safe tmp dir creation/management util (#73) (c42da71)
6.1.2 (2017-03-13)
Bug Fixes
- index: set default hashAlgorithm (d6eb2f0)
6.1.1 (2017-03-13)
Bug Fixes
- coverage: bumping coverage for verify (#71) (0b7faf6)
- deps: glob should have been a regular dep :< (0640bc4)
6.1.0 (2017-03-12)
Bug Fixes
- coverage: more coverage for content reads (#70) (ef4f70a)
- tests: use safe-buffer because omfg (#69) (6ab8132)
Features
- rm: limited rm.all and fixed bugs (#66) (d5d25ba), closes #66
- verify: tested, working cache verifier/gc (#68) (45ad77a)
6.0.2 (2017-03-11)
Bug Fixes
- index: segment cache items with another subbucket (#64) (c3644e5)
6.0.1 (2017-03-05)
Bug Fixes
- docs: Missed spots in README (8ffb7fa)
6.0.0 (2017-03-05)
Bug Fixes
- api: keep memo cache mostly-internal (2f72d0a)
- content: use the rest of the string, not the whole string (fa8f3c3)
-
deps: removed
format-number@2.0.2
(1187791) - deps: removed inflight@1.0.6 (0d1819c)
- deps: rimraf@2.6.1 (9efab6b)
- deps: standard@9.0.0 (4202cba)
- deps: tap@10.3.0 (aa03088)
- deps: weallcontribute@1.0.8 (ad4f4dc)
- docs: add security note to hashKey (03f81ba)
- hashes: change default hashAlgorithm to sha512 (ea00ba6)
- hashes: missed a spot for hashAlgorithm defaults (45997d8)
- index: add length header before JSON for verification (fb8cb4d)
- index: change index filenames to sha1s of keys (bbc5fca)
- index: who cares about race conditions anyway (b1d3888)
- perf: bulk-read get+read for massive speed (d26cdf9)
- perf: use bulk file reads for index reads (79a8891)
- put-stream: remove tmp file on stream insert error (65f6632)
- put-stream: robustified and predictibilized (daf9e08)
- put-stream: use new promise API for moves (1d36013)
- readme: updated to reflect new default hashAlgo (c60a2fa)
- verify: tiny typo fix (db22d05)
Features
- api: converted external api (7bf032f)
- cacache: exported clearMemoized() utility (8d2c5b6)
- cache: add versioning to content and index (31bc549)
- content: collate content files into subdirs (c094d9f)
-
deps:
@npmcorp/move@1.0.0
(bdd00bf) -
deps:
bluebird@3.4.7
(3a17aff) -
deps:
promise-inflight@1.0.1
(a004fe6) - get: added memoization support for get (c77d794)
- get: export hasContent (2956ec3)
- index: add hashAlgorithm and format insert ret val (b639746)
- index: collate index files into subdirs (e8402a5)
- index: promisify entry index (cda3335)
- memo: added memoization lib (da07b92)
- memo: export memoization api (954b1b3)
- move-file: add move fallback for weird errors (5cf4616)
- perf: bulk content write api (51b536e)
- put: added memoization support to put (b613a70)
- read: switched to promises (a869362)
- rm: added memoization support to rm (4205cf0)
- rm: switched to promises (a000d24)
- util: promise-inflight ownership fix requests (9517cd7)
- util: use promises for api (ae204bb)
- verify: converted to Promises (f0b3974)
BREAKING CHANGES
- cache: index/content directories are now versioned. Previous caches are no longer compatible and cannot be migrated.
- util: fix-owner now uses Promises instead of callbacks
- index: Previously-generated index entries are no longer compatible and the index must be regenerated.
- index: The index format has changed and previous caches are no longer compatible. Existing caches will need to be regenerated.
- hashes: Default hashAlgorithm changed from sha1 to sha512. If you
rely on the prior setting, pass
opts.hashAlgorithm
in explicitly. - content: Previously-generated content directories are no longer compatible and must be regenerated.
- verify: API is now promise-based
- read: Switches to a Promise-based API and removes callback stuff
- rm: Switches to a Promise-based API and removes callback stuff
- index: this changes the API to work off promises instead of callbacks
- api: this means we are going all in on promises now