diff --git a/__tests__/commands/add.js b/__tests__/commands/add.js index 1d01301a39..3cb7e72bf1 100644 --- a/__tests__/commands/add.js +++ b/__tests__/commands/add.js @@ -114,6 +114,16 @@ test.concurrent('install from github', async () => { await runAdd(['substack/node-mkdirp#master'], {}, 'install-github'); }); +test.concurrent('install from github with invalid version should fail', async () => { + let message = ''; + try { + await runAdd(['yarnpkg/example-yarn-package#invalid-package-json-version'], {}, 'install-github'); + } catch (err) { + message = err.message; + } + expect(message).toEqual(expect.stringContaining('invalid package version')); +}); + test.concurrent('install with --dev flag', async () => { await runAdd(['left-pad@1.1.0'], {dev: true}, 'add-with-flag', async config => { const lockfile = explodeLockfile(await fs.readFile(path.join(config.cwd, 'yarn.lock'))); diff --git a/__tests__/fixtures/request-cache/GET/codeload.github.com/yarnpkg/example-yarn-package/tar.gz/2a0711550bd66139ad4cf8e0b0bba33d6afbf93d.bin b/__tests__/fixtures/request-cache/GET/codeload.github.com/yarnpkg/example-yarn-package/tar.gz/2a0711550bd66139ad4cf8e0b0bba33d6afbf93d.bin new file mode 100644 index 0000000000..a44d39fb35 Binary files /dev/null and b/__tests__/fixtures/request-cache/GET/codeload.github.com/yarnpkg/example-yarn-package/tar.gz/2a0711550bd66139ad4cf8e0b0bba33d6afbf93d.bin differ diff --git a/__tests__/fixtures/request-cache/GET/github.com/yarnpkg/example-yarn-package.git/info/refs.bin b/__tests__/fixtures/request-cache/GET/github.com/yarnpkg/example-yarn-package.git/info/refs.bin index 64e7e71490..a157706031 100644 Binary files a/__tests__/fixtures/request-cache/GET/github.com/yarnpkg/example-yarn-package.git/info/refs.bin and b/__tests__/fixtures/request-cache/GET/github.com/yarnpkg/example-yarn-package.git/info/refs.bin differ diff --git a/__tests__/fixtures/request-cache/GET/raw.githubusercontent.com/yarnpkg/example-yarn-package/2a0711550bd66139ad4cf8e0b0bba33d6afbf93d/package.json.bin b/__tests__/fixtures/request-cache/GET/raw.githubusercontent.com/yarnpkg/example-yarn-package/2a0711550bd66139ad4cf8e0b0bba33d6afbf93d/package.json.bin new file mode 100644 index 0000000000..99d6c6ef2a --- /dev/null +++ b/__tests__/fixtures/request-cache/GET/raw.githubusercontent.com/yarnpkg/example-yarn-package/2a0711550bd66139ad4cf8e0b0bba33d6afbf93d/package.json.bin @@ -0,0 +1,49 @@ +HTTP/1.1 200 OK +Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox +Strict-Transport-Security: max-age=31536000 +X-Content-Type-Options: nosniff +X-Frame-Options: deny +X-XSS-Protection: 1; mode=block +ETag: "d5561550f2f68bb15a0801ccab1c6f5362959c40" +Content-Type: text/plain; charset=utf-8 +Cache-Control: max-age=300 +X-Geo-Block-List: +X-GitHub-Request-Id: 49EE:29366:1920CD4:1A583B0:5A779863 +Content-Length: 463 +Accept-Ranges: bytes +Date: Sun, 04 Feb 2018 23:33:57 GMT +Via: 1.1 varnish +Connection: keep-alive +X-Served-By: cache-pao17421-PAO +X-Cache: MISS +X-Cache-Hits: 0 +X-Timer: S1517787238.609785,VS0,VE119 +Vary: Authorization,Accept-Encoding +Access-Control-Allow-Origin: * +X-Fastly-Request-ID: b02c8764f6d89b30ee060159193da00b51b9fbd8 +Expires: Sun, 04 Feb 2018 23:38:57 GMT +Source-Age: 0 + +{ + "name": "example-yarn-package", + "description": "An example package to demonstrate Yarn", + "main": "index.js", + "repository": { + "url": "github.com/yarnpkg/example-yarn-package", + "type": "git" + }, + "scripts": { + "test": "jest" + }, + "author": "Yarn Contributors", + "license": "BSD-2-Clause", + "dependencies": { + "lodash": "^4.16.2" + }, + "devDependencies": { + "jest-cli": "15.1.1" + }, + "jest": { + "testEnvironment": "node" + } +} diff --git a/src/package-request.js b/src/package-request.js index e2ae710dbd..2e7bf4ac96 100644 --- a/src/package-request.js +++ b/src/package-request.js @@ -219,6 +219,10 @@ export default class PackageRequest { // find version info for this package pattern const info: Manifest = await this.findVersionInfo(); + if (!semver.valid(info.version)) { + throw new MessageError(this.reporter.lang('invalidPackageVersion', info.name, info.version)); + } + info.fresh = fresh; cleanDependencies(info, false, this.reporter, () => { // swallow warnings diff --git a/src/reporters/lang/en.js b/src/reporters/lang/en.js index 0fc262aa51..54089c6700 100644 --- a/src/reporters/lang/en.js +++ b/src/reporters/lang/en.js @@ -89,6 +89,7 @@ const messages = { invalidHostedGitFragment: 'Invalid hosted git fragment $0.', invalidFragment: 'Invalid fragment $0.', invalidPackageName: 'Invalid package name.', + invalidPackageVersion: "Can't add $0: invalid package version $1.", couldntFindManifestIn: "Couldn't find manifest in $0.", shrinkwrapWarning: 'npm-shrinkwrap.json found. This will not be updated or respected. See https://yarnpkg.com/en/docs/migrating-from-npm for more information.', diff --git a/src/util/git.js b/src/util/git.js index 0492d1aa33..23b7f8d3f1 100644 --- a/src/util/git.js +++ b/src/util/git.js @@ -473,7 +473,7 @@ export default class Git implements GitRefResolvingInterface { }); if (!resolvedResult) { throw new MessageError( - this.reporter.lang('couldntFindMatch', version, Object.keys(refs).join(','), this.gitUrl.repository), + this.reporter.lang('couldntFindMatch', version, Array.from(refs.keys()).join(','), this.gitUrl.repository), ); }