Unable to add local tarballs with sha1 integrity

[yorickvP]

For some offline thing, I want to add a set of tarballs to the npm cache. However, some of the tarballs only have a sha1 integrity in the package-lock.json, so will fail to fetch.

pacote.tarball("[email protected]", {
  cache: "./cache-test",
  offline: true,
  resolved: 'file:ajv-keywords-3.2.0.tgz',
  integrity: "sha1-6GuBnGAs+IIa1jdBNpjx3sAhhHo="
}).then(console.log)

• ajv-keywords-3.2.0.tgz

The current approach will be to rewrite the package-lock into sha512.

[zkat]

Ahh, yeah, so, this is a two-part thing:

1. The resolved: 'file:... format is not meant to warm up a cache. Quite the opposite: it's supposed to bypass caches.
2. The correct incantation would then be pacote.tarball('file:ajv-keywords-3.2.0.tgz', {...}).
3. That still doesn't do what you want because we don't pass an algorithms option to cacache, when slurping the file into the local cache.

So if this is still a thing you're interested in, I would totally take a PR that passes in either opts.algorithms or calculates which algorithms to pass in automatically based on opts.integrity, if present. Or, a combination of both.

[yorickvP]

The thing using resolved was only an example. npm cache add does something similar, and it is made to warm up a cache.

My real issue is that that npm command doesn't do what's expected, but it turned out to be way faster to use pacote directly. We're currently rewriting the npm lockfile to sha512 and it seems to be working, but ugly.