Mathis/sharp
1
0
Fork 0
mirror of https://github.com/lovell/sharp.git synced 2025-12-18 23:05:04 +01:00
Code Issues Packages Projects Releases Wiki Activity

Install: verify prebuilt binaries with Subresource Integrity check

Browse Source
This commit is contained in:
Lovell Fuller
2021-12-12 18:49:17 +00:00
parent 3da258f6fb
commit 3b492ea423
6 changed files with 85 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
lib/libvips.js
View File

@@ -8,10 +8,11 @@ const semverCoerce = require('semver/functions/coerce');
const semverGreaterThanOrEqualTo = require('semver/functions/gte');
const platform = require('./platform');
const { config } = require('../package.json');
const env = process.env;
const minimumLibvipsVersionLabelled = env.npm_package_config_libvips || /* istanbul ignore next */
require('../package.json').config.libvips;
config.libvips;
const minimumLibvipsVersion = semverCoerce(minimumLibvipsVersionLabelled).version;
const spawnSyncOptions = {
@@ -19,6 +20,8 @@ const spawnSyncOptions = {
shell: true
};
const vendorPath = path.join(__dirname, '..', 'vendor', minimumLibvipsVersion, platform());
const mkdirSync = function (dirPath) {
try {
fs.mkdirSync(dirPath, { recursive: true });
@@ -39,6 +42,10 @@ const cachePath = function () {
return libvipsCachePath;
};
const integrity = function (platformAndArch) {
return env[`npm_package_config_integrity_${platformAndArch.replace('-', '_')}`] || config.integrity[platformAndArch];
};
const log = function (item) {
if (item instanceof Error) {
console.error(`sharp: Installation error: ${item.message}`);
@@ -67,10 +74,15 @@ const globalLibvipsVersion = function () {
};
const hasVendoredLibvips = function () {
const vendorPath = path.join(__dirname, '..', 'vendor', minimumLibvipsVersion, platform());
return fs.existsSync(vendorPath);
};
/* istanbul ignore next */
const removeVendoredLibvips = function () {
const rm = fs.rmSync ? fs.rmSync : fs.rmdirSync;
rm(vendorPath, { recursive: true, maxRetries: 3, force: true });
};
const pkgConfigPath = function () {
if (process.platform !== 'win32') {
const brewPkgConfigPath = spawnSync('which brew >/dev/null 2>&1 && eval $(brew --env) && echo $PKG_CONFIG_LIBDIR', spawnSyncOptions).stdout || '';
@@ -99,9 +111,11 @@ module.exports = {
minimumLibvipsVersion,
minimumLibvipsVersionLabelled,
cachePath,
integrity,
log,
globalLibvipsVersion,
hasVendoredLibvips,
removeVendoredLibvips,
pkgConfigPath,
useGlobalLibvips,
mkdirSync