From cdaf3cc9c9f7b1ae5fb6abfc702bb758bba06f46 Mon Sep 17 00:00:00 2001 From: reggi Date: Thu, 19 Dec 2024 11:52:08 -0500 Subject: [PATCH 1/5] fix: consider equality in publish dist tag check --- lib/commands/publish.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/commands/publish.js b/lib/commands/publish.js index c59588fefb241..4b25c420720f9 100644 --- a/lib/commands/publish.js +++ b/lib/commands/publish.js @@ -162,7 +162,7 @@ class Publish extends BaseCommand { if (latestSemverIsGreater && isDefaultTag) { /* eslint-disable-next-line max-len */ - throw new Error(`Cannot implicitly apply the "latest" tag because published version ${latestVersion} is higher than the new version ${manifest.version}. You must specify a tag using --tag.`) + throw new Error(`Cannot implicitly apply the "latest" tag because published version ${latestVersion} is higher than or equal to the new version ${manifest.version}. You must specify a tag using --tag.`) } const access = opts.access === null ? 'default' : opts.access From eb656555680a62c39a27e21aa8026e4465e260ff Mon Sep 17 00:00:00 2001 From: reggi Date: Thu, 19 Dec 2024 12:14:31 -0500 Subject: [PATCH 2/5] chore: squash me --- lib/commands/publish.js | 2 +- test/lib/commands/publish.js | 12 +++++++++++- 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/lib/commands/publish.js b/lib/commands/publish.js index 4b25c420720f9..451f1c8f559de 100644 --- a/lib/commands/publish.js +++ b/lib/commands/publish.js @@ -162,7 +162,7 @@ class Publish extends BaseCommand { if (latestSemverIsGreater && isDefaultTag) { /* eslint-disable-next-line max-len */ - throw new Error(`Cannot implicitly apply the "latest" tag because published version ${latestVersion} is higher than or equal to the new version ${manifest.version}. You must specify a tag using --tag.`) + throw new Error(`Cannot implicitly apply the "latest" tag because published version ${latestVersion} is higher than or equal to the new version ${manifest.version}. You must specify a tag using --tag.`) } const access = opts.access === null ? 'default' : opts.access diff --git a/test/lib/commands/publish.js b/test/lib/commands/publish.js index 10dc9b33deda4..f02ba1db7ec76 100644 --- a/test/lib/commands/publish.js +++ b/test/lib/commands/publish.js @@ -886,7 +886,17 @@ t.test('latest dist tag', (t) => { await t.rejects(async () => { await npm.exec('publish', []) /* eslint-disable-next-line max-len */ - }, new Error('Cannot implicitly apply the "latest" tag because published version 100.0.0 is higher than the new version 99.0.0. You must specify a tag using --tag.')) + }, new Error('Cannot implicitly apply the "latest" tag because published version 100.0.0 is higher than or equal to the new version 99.0.0. You must specify a tag using --tag.')) + }) + + t.test('PREVENTS publish when latest version is SAME than publishing version', async t => { + const version = '100.0.0' + const { npm, registry } = await loadNpmWithRegistry(t, init(version)) + registry.publish(pkg, { noPut: true, packuments }) + await t.rejects(async () => { + await npm.exec('publish', []) + /* eslint-disable-next-line max-len */ + }, new Error('Cannot implicitly apply the "latest" tag because published version 100.0.0 is higher than or equal to the new version 100.0.0. You must specify a tag using --tag.')) }) t.test('ALLOWS publish when latest is HIGHER than publishing version and flag', async t => { From 572b52adbda0813d6a2af26c26d529efa09d2664 Mon Sep 17 00:00:00 2001 From: reggi Date: Thu, 19 Dec 2024 15:33:16 -0500 Subject: [PATCH 3/5] chore: squash --- lib/commands/publish.js | 20 ++++++++++++++------ test/lib/commands/publish.js | 7 +++---- 2 files changed, 17 insertions(+), 10 deletions(-) diff --git a/lib/commands/publish.js b/lib/commands/publish.js index 451f1c8f559de..0ce5541648584 100644 --- a/lib/commands/publish.js +++ b/lib/commands/publish.js @@ -157,12 +157,18 @@ class Publish extends BaseCommand { } } - const latestVersion = await this.#latestPublishedVersion(resolved, registry) + const newVersion = manifest.version + const { latest: latestVersion, versions } = await this.#registryVersions(resolved, registry) const latestSemverIsGreater = !!latestVersion && semver.gte(latestVersion, manifest.version) + console.log({ versions, latestVersion, newVersion}) + if (versions.includes(newVersion)) { + throw new Error(`You cannot publish over the previously published versions: ${newVersion}.`) + } + if (latestSemverIsGreater && isDefaultTag) { /* eslint-disable-next-line max-len */ - throw new Error(`Cannot implicitly apply the "latest" tag because published version ${latestVersion} is higher than or equal to the new version ${manifest.version}. You must specify a tag using --tag.`) + throw new Error(`Cannot implicitly apply the "latest" tag because published version ${latestVersion} is higher than the new version ${newVersion}. You must specify a tag using --tag.`) } const access = opts.access === null ? 'default' : opts.access @@ -204,7 +210,7 @@ class Publish extends BaseCommand { } } - async #latestPublishedVersion (spec, registry) { + async #registryVersions (spec, registry) { try { const packument = await pacote.packument(spec, { ...this.npm.flatOptions, @@ -212,7 +218,7 @@ class Publish extends BaseCommand { registry, }) if (typeof packument?.versions === 'undefined') { - return null + return { versions: [], latest: null } } const ordered = Object.keys(packument?.versions) .flatMap(v => { @@ -220,9 +226,11 @@ class Publish extends BaseCommand { return s.prerelease.length > 0 ? [] : s }) .sort((a, b) => b.compare(a)) - return ordered.length >= 1 ? ordered[0].version : null + const latest = ordered.length >= 1 ? ordered[0].version : null + const versions = ordered.map(v => v.version) + return { versions, latest } } catch (e) { - return null + return { versions: [], latest: null } } } diff --git a/test/lib/commands/publish.js b/test/lib/commands/publish.js index f02ba1db7ec76..97a396f9cd47e 100644 --- a/test/lib/commands/publish.js +++ b/test/lib/commands/publish.js @@ -886,17 +886,16 @@ t.test('latest dist tag', (t) => { await t.rejects(async () => { await npm.exec('publish', []) /* eslint-disable-next-line max-len */ - }, new Error('Cannot implicitly apply the "latest" tag because published version 100.0.0 is higher than or equal to the new version 99.0.0. You must specify a tag using --tag.')) + }, new Error('Cannot implicitly apply the "latest" tag because published version 100.0.0 is higher than the new version 99.0.0. You must specify a tag using --tag.')) }) - t.test('PREVENTS publish when latest version is SAME than publishing version', async t => { + t.test('PREVENTS publish when latest version is SAME AS publishing version', async t => { const version = '100.0.0' const { npm, registry } = await loadNpmWithRegistry(t, init(version)) registry.publish(pkg, { noPut: true, packuments }) await t.rejects(async () => { await npm.exec('publish', []) - /* eslint-disable-next-line max-len */ - }, new Error('Cannot implicitly apply the "latest" tag because published version 100.0.0 is higher than or equal to the new version 100.0.0. You must specify a tag using --tag.')) + }, new Error('You cannot publish over the previously published versions: 100.0.0.')) }) t.test('ALLOWS publish when latest is HIGHER than publishing version and flag', async t => { From 9c99f23766f8c4121eecf07d2ada044a90bc46ca Mon Sep 17 00:00:00 2001 From: reggi Date: Thu, 19 Dec 2024 15:35:58 -0500 Subject: [PATCH 4/5] chore: squash --- lib/commands/publish.js | 1 - 1 file changed, 1 deletion(-) diff --git a/lib/commands/publish.js b/lib/commands/publish.js index 0ce5541648584..f6006f24aed55 100644 --- a/lib/commands/publish.js +++ b/lib/commands/publish.js @@ -161,7 +161,6 @@ class Publish extends BaseCommand { const { latest: latestVersion, versions } = await this.#registryVersions(resolved, registry) const latestSemverIsGreater = !!latestVersion && semver.gte(latestVersion, manifest.version) - console.log({ versions, latestVersion, newVersion}) if (versions.includes(newVersion)) { throw new Error(`You cannot publish over the previously published versions: ${newVersion}.`) } From 14e88994c3ef2a957b79feae57632651c5b8ceb3 Mon Sep 17 00:00:00 2001 From: reggi Date: Fri, 20 Dec 2024 10:34:25 -0500 Subject: [PATCH 5/5] chore: squash adds test for older existing version --- test/lib/commands/publish.js | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/test/lib/commands/publish.js b/test/lib/commands/publish.js index 97a396f9cd47e..03588c47c73b1 100644 --- a/test/lib/commands/publish.js +++ b/test/lib/commands/publish.js @@ -898,6 +898,15 @@ t.test('latest dist tag', (t) => { }, new Error('You cannot publish over the previously published versions: 100.0.0.')) }) + t.test('PREVENTS publish when publishing version EXISTS ALREADY in the registry', async t => { + const version = '50.0.0' + const { npm, registry } = await loadNpmWithRegistry(t, init(version)) + registry.publish(pkg, { noPut: true, packuments }) + await t.rejects(async () => { + await npm.exec('publish', []) + }, new Error('You cannot publish over the previously published versions: 50.0.0.')) + }) + t.test('ALLOWS publish when latest is HIGHER than publishing version and flag', async t => { const version = '99.0.0' const { npm, registry } = await loadNpmWithRegistry(t, {