Skip to content

bugfix: Prevent arborist from changing protocols as part of resolve step#5256

Closed
Aeolun wants to merge 1 commit into
npm:latestfrom
Aeolun:bugfix/use-specified-resolution-protocol
Closed

bugfix: Prevent arborist from changing protocols as part of resolve step#5256
Aeolun wants to merge 1 commit into
npm:latestfrom
Aeolun:bugfix/use-specified-resolution-protocol

Conversation

@Aeolun

@Aeolun Aeolun commented Aug 4, 2022

Copy link
Copy Markdown

This prevents arborist from changing URL's that are specified as git+https from being transformed into git+ssh regardless of whether or not authentication has been specified in the package.json.

We shouldn't try to guess what the user intended. If they specify either https or ssh then that's what will be used.

Details

This uses a fix roughly based on a suggestion by @denenr in #4305. I've also taken the liberty of cleaning up the humongous nested ternary statement.

Fixes #4305
Fixes #2610

@Aeolun Aeolun requested a review from a team as a code owner August 4, 2022 03:32
@Aeolun Aeolun force-pushed the bugfix/use-specified-resolution-protocol branch from 7bd8fc5 to d7b405a Compare August 4, 2022 04:03
@Aeolun Aeolun closed this Aug 4, 2022
@Aeolun

Aeolun commented Aug 4, 2022

Copy link
Copy Markdown
Author

This doesn't actually work. I will resubmit when I know what the issue is.

oldium added a commit to oldium/npm-cli that referenced this pull request Oct 27, 2025
@oldium
bugfix: Preserve https protocol when working with git
9623053 
This prevents changing URLs from https and git+https into git+ssh, but
keep the fall-back to git+ssh when the protocol is not specified.

Supercedes npm#5256
Fixes npm#4305
Fixes npm#2610

Signed-off-by: Oldřich Jedlička <oldium.pro@gmail.com>
oldium added a commit to oldium/npm-cli that referenced this pull request Oct 27, 2025
@oldium
bugfix: Preserve https protocol when working with git
43d89f2 
This prevents changing URLs from https and git+https into git+ssh, but
keep the fall-back to git+ssh when the protocol is not specified.

Supersedes npm#5256
Fixes npm#4305
Fixes npm#2610

Signed-off-by: Oldřich Jedlička <oldium.pro@gmail.com>
oldium added a commit to oldium/npm-cli that referenced this pull request Oct 27, 2025
@oldium
bugfix: Preserve https protocol when working with git
dfe31c7 
This prevents changing URLs from https and git+https into git+ssh, but
keeps the fall-back to git+ssh when the protocol is not specified.

Supersedes npm#5256
Fixes npm#4305
Fixes npm#2610

Signed-off-by: Oldřich Jedlička <oldium.pro@gmail.com>
@oldium oldium mentioned this pull request Oct 27, 2025
Merged
oldium added a commit to oldium/npm-cli that referenced this pull request Oct 27, 2025
@oldium
bugfix: Preserve https protocol when working with git
675a3c8 
This prevents changing URLs from https and git+https into git+ssh, but
keeps the fall-back to git+ssh when the protocol is not specified.

Supersedes npm#5256
Fixes npm#4305
Fixes npm#2610

Signed-off-by: Oldřich Jedlička <oldium.pro@gmail.com>
oldium added a commit to oldium/npm-cli that referenced this pull request Oct 27, 2025
@oldium
bugfix: Preserve https protocol when working with git
a2ceccd 
This prevents changing URLs from https and git+https into git+ssh, but
keeps the fall-back to git+ssh when the protocol is not specified.

Supersedes npm#5256
Fixes npm#4305
Fixes npm#2610

Signed-off-by: Oldřich Jedlička <oldium.pro@gmail.com>
oldium added a commit to oldium/npm-cli that referenced this pull request Nov 12, 2025
@oldium
bugfix: Preserve https protocol when working with git
a142a53 
This prevents changing URLs from https and git+https into git+ssh, but
keeps the fall-back to git+ssh when the protocol is not specified.

Supersedes npm#5256
Fixes npm#4305
Fixes npm#2610

Signed-off-by: Oldřich Jedlička <oldium.pro@gmail.com>
oldium added a commit to oldium/npm-cli that referenced this pull request Nov 15, 2025
@oldium
bugfix: Preserve https protocol when working with git
be79162 
This prevents changing URLs from https and git+https into git+ssh, but
keeps the fall-back to git+ssh when the protocol is not specified.

Supersedes npm#5256
Fixes npm#4305
Fixes npm#2610

Signed-off-by: Oldřich Jedlička <oldium.pro@gmail.com>
oldium added a commit to oldium/npm-cli that referenced this pull request Nov 22, 2025
@oldium
bugfix: Preserve https protocol when working with git
bac0aca 
This prevents changing URLs from https and git+https into git+ssh, but
keeps the fall-back to git+ssh when the protocol is not specified.

Supersedes npm#5256
Fixes npm#4305
Fixes npm#2610

Signed-off-by: Oldřich Jedlička <oldium.pro@gmail.com>
oldium added a commit to oldium/npm-cli that referenced this pull request Dec 10, 2025
@oldium
bugfix: Preserve https protocol when working with git
3e95c27 
This prevents changing URLs from https and git+https into git+ssh, but
keeps the fall-back to git+ssh when the protocol is not specified.

Supersedes npm#5256
Fixes npm#4305
Fixes npm#2610

Signed-off-by: Oldřich Jedlička <oldium.pro@gmail.com>
oldium added a commit to oldium/npm-cli that referenced this pull request Jan 18, 2026
@oldium
bugfix: Preserve https protocol when working with git
0379fba 
This prevents changing URLs from https and git+https into git+ssh, but
keeps the fall-back to git+ssh when the protocol is not specified.

Supersedes npm#5256
Fixes npm#4305
Fixes npm#2610

Signed-off-by: Oldřich Jedlička <oldium.pro@gmail.com>
oldium added a commit to oldium/npm-cli that referenced this pull request Jan 22, 2026
@oldium
bugfix: Preserve https protocol when working with git
2ac24ee 
This prevents changing URLs from https and git+https into git+ssh, but
keeps the fall-back to git+ssh when the protocol is not specified.

Supersedes npm#5256
Fixes npm#4305
Fixes npm#2610

Signed-off-by: Oldřich Jedlička <oldium.pro@gmail.com>
oldium added a commit to oldium/npm-cli that referenced this pull request May 1, 2026
@oldium
bugfix: Preserve https protocol when working with git
b11dde0 
This prevents changing URLs from https and git+https into git+ssh, but
keeps the fall-back to git+ssh when the protocol is not specified.

Supersedes npm#5256
Fixes npm#4305
Fixes npm#2610

Signed-off-by: Oldřich Jedlička <oldium.pro@gmail.com>
oldium added a commit to oldium/npm-cli that referenced this pull request Jun 19, 2026
@oldium
bugfix: Preserve https protocol when working with git
c3b5c95 
This prevents changing URLs from https and git+https into git+ssh, but
keeps the fall-back to git+ssh when the protocol is not specified.

Supersedes npm#5256
Fixes npm#4305
Fixes npm#2610

Signed-off-by: Oldřich Jedlička <oldium.pro@gmail.com>
owlstronaut pushed a commit that referenced this pull request Jun 19, 2026
@oldium
fix!: Preserve https protocol when working with git (#8703)
e96a7de 
This prevents changing URLs from `https` and `git+https` into `git+ssh`,
but keeps the fall-back to `git+ssh` when the protocol is not specified.

The change in [pacote](npm/pacote#434) is
necessary in order to have this fully working.

## References
Supersedes #5256
Blocked by npm/pacote#434
Fixes #4305
Fixes #2610

Signed-off-by: Oldřich Jedlička <oldium.pro@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[BUG] git+https protocol not respected when generating package-lock.json [BUG] NPM v7 uses SSH instead of an explicit HTTPS for GitHub repos

1 participant

@Aeolun