fix: store integrity check when the lockfile is updated (#4580)

close #4566 close #4565
pnpm · Apr 16, 2022 · 7cdca5e · 7cdca5e
1 parent 88289a4
commit 7cdca5e
Show file tree

Hide file tree

Showing 4 changed files with 57 additions and 3 deletions.
diff --git a/.changeset/modern-maps-unite.md b/.changeset/modern-maps-unite.md
@@ -0,0 +1,6 @@
+---
+"@pnpm/package-requester": patch
+"pnpm": patch
+---
+
+Don't check the integrity of the store with the package version from the lockfile, when the package was updated [#4580](https://github.com/pnpm/pnpm/pull/4580).
diff --git a/packages/package-requester/src/packageRequester.ts b/packages/package-requester/src/packageRequester.ts
@@ -244,7 +244,7 @@ async function resolveAndFetch (
     }
   }
 
-  const pkg = pick(['name', 'version'], manifest ?? {})
+  const pkg: PkgNameVersion = pick(['name', 'version'], manifest ?? {})
   const fetchResult = ctx.fetchPackageToStore({
     fetchRawManifest: true,
     force: forceFetch,
@@ -254,7 +254,9 @@ async function resolveAndFetch (
       id,
       resolution,
     },
-    expectedPkg: options.expectedPkg?.name != null ? options.expectedPkg : pkg,
+    expectedPkg: options.expectedPkg?.name != null
+      ? (updated ? { name: options.expectedPkg.name, version: pkg.version } : options.expectedPkg)
+      : pkg,
   })
 
   return {

diff --git a/packages/package-requester/test/index.ts b/packages/package-requester/test/index.ts
@@ -973,6 +973,52 @@ test('throw exception if the package data in the store differs from the expected
   }
 })
 
+test("don't throw an error if the package was updated, so the expectedPkg has a different version than the version in the store", async () => {
+  const storeDir = tempy.directory()
+  const cafs = createCafsStore(storeDir)
+  {
+    const requestPackage = createPackageRequester({
+      resolve,
+      fetchers,
+      cafs,
+      networkConcurrency: 1,
+      storeDir,
+      verifyStoreIntegrity: true,
+    })
+
+    const projectDir = tempy.directory()
+    const pkgResponse = await requestPackage({ alias: 'is-positive', pref: '3.1.0' }, {
+      downloadPriority: 0,
+      lockfileDir: projectDir,
+      preferredVersions: {},
+      projectDir,
+      registry,
+    })
+    await pkgResponse.finishing!()
+  }
+  const requestPackage = createPackageRequester({
+    resolve,
+    fetchers,
+    cafs,
+    networkConcurrency: 1,
+    storeDir,
+    verifyStoreIntegrity: true,
+  })
+  const projectDir = tempy.directory()
+  const pkgResponse = await requestPackage({ alias: 'is-positive', pref: '3.1.0' }, {
+    downloadPriority: 0,
+    lockfileDir: tempy.directory(),
+    preferredVersions: {},
+    projectDir,
+    registry,
+    expectedPkg: {
+      name: 'is-positive',
+      version: '3.0.0',
+    },
+  })
+  await expect(pkgResponse.files!()).resolves.toStrictEqual(expect.anything())
+})
+
 test('the version in the bundled manifest should be normalized', async () => {
   const storeDir = tempy.directory()
   const cafs = createCafsStore(storeDir)

diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml