diff options
author | Jean-Marie LEMETAYER <jean-marie.lemetayer@savoirfairelinux.com> | 2020-01-24 18:08:11 +0100 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2020-01-27 16:48:10 +0000 |
commit | d842e9e738e14fc54c21434755033d6eb6b6f3f2 (patch) | |
tree | 4d65e83f4dc962b38c2d7eb92959de5419a4be24 /meta/classes | |
parent | b9ce68a5d7beca817d0370e89b178dbc9ff6ccbc (diff) | |
download | poky-d842e9e738e14fc54c21434755033d6eb6b6f3f2.tar.gz |
bitbake: fetch2/npm: refactor the npm fetcher
This commit refactors the npm fetcher to improve some points and fix
others:
- The big change is that the fetcher is only fetching the package
source and no more the dependencies. Thus the npm fetcher act as the
other fetchers e.g git, wget. The dependencies will be handled later.
- The fetcher only resolves the url of the package using 'npm view' and
then forwards it to a proxy fetcher.
- This commit also fixes a lot of issues with the package names (exotic
characters, scoped packages) which were badly handled.
- The validation files - lockdown.json and npm-shrinkwrap.json - are no
longer used by the fetcher. Instead, the downloaded tarball is
verified with the 'integrity' and 'shasum' provided in the 'npm view'
of the package [1][2].
1: https://docs.npmjs.com/files/package-lock.json#integrity
2: https://www.w3.org/TR/SRI
(Bitbake rev: 0f451cdc43130d503ada53ed1b4fc5a24943f6ef)
Signed-off-by: Jean-Marie LEMETAYER <jean-marie.lemetayer@savoirfairelinux.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/classes')
0 files changed, 0 insertions, 0 deletions