Skip to content

Commit 2e876d1

Browse files
fix: properly handle missing algorithm type (#48)
Fixing a bug that happen in npm cli when I install a library. in Line 272 the result of parse can be null if integrity is null. Then in line 273 other is null so it breaks as below: ``` TypeError: Cannot read properties of null (reading 'pickAlgorithm') npm verb stack at Integrity.match (/usr/lib/node_modules/npm/node_modules/ssri/lib/index.js:273:24) npm verb stack at CachePolicy.satisfies (/usr/lib/node_modules/npm/node_modules/make-fetch-happen/lib/cache/policy.js:112:49) npm verb stack at Function.find (/usr/lib/node_modules/npm/node_modules/make-fetch-happen/lib/cache/entry.js:178:25) npm verb stack at async cacheFetch (/usr/lib/node_modules/npm/node_modules/make-fetch-happen/lib/cache/index.js:8:17) npm verb stack at async fetch (/usr/lib/node_modules/npm/node_modules/make-fetch-happen/lib/fetch.js:98:7) ```
1 parent dd14735 commit 2e876d1

File tree

2 files changed

+4
-0
lines changed

2 files changed

+4
-0
lines changed

lib/index.js

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -270,6 +270,9 @@ class Integrity {
270270
match (integrity, opts) {
271271
opts = ssriOpts(opts)
272272
const other = parse(integrity, opts)
273+
if (!other) {
274+
return false
275+
}
273276
const algo = other.pickAlgorithm(opts)
274277
return (
275278
this[algo] &&

test/integrity.js

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -108,6 +108,7 @@ test('match()', t => {
108108
}, 'returns the strongest match')
109109
t.notOk(sri.match('sha512-foo'), 'falsy when match fails')
110110
t.notOk(sri.match('sha384-foo'), 'falsy when match fails')
111+
t.notOk(sri.match(null), 'falsy when integrity is null')
111112
t.end()
112113
})
113114

0 commit comments

Comments
 (0)