diff --git a/.npmrc b/.npmrc index bfddc7815..19a0c499e 100644 --- a/.npmrc +++ b/.npmrc @@ -2,9 +2,8 @@ ignore-scripts=true link-workspace-packages=false loglevel=error prefer-workspace-packages=false -# Minimum release age - wait 7 days before installing newly published packages -# pnpm uses minimum-release-age (minutes), npm v11+ uses min-release-age (days) -minimum-release-age=10080 +# Minimum release age for npm v11+ (days). +# pnpm equivalent is in pnpm-workspace.yaml (minimumReleaseAge). min-release-age=7 trust-policy=no-downgrade diff --git a/pnpm-workspace.yaml b/pnpm-workspace.yaml new file mode 100644 index 000000000..eeeb8b3d0 --- /dev/null +++ b/pnpm-workspace.yaml @@ -0,0 +1,3 @@ +settings: + # Wait 7 days (10080 minutes) before installing newly published packages. + minimumReleaseAge: 10080 diff --git a/scripts/update.mjs b/scripts/update.mjs index 5a946fb92..0c12dfb78 100644 --- a/scripts/update.mjs +++ b/scripts/update.mjs @@ -44,7 +44,8 @@ async function main() { process.stdout.write('\r\x1b[K') } - // Always update Socket packages (bypass taze maturity period). + // Update Socket packages — bypass minimum-release-age since these are + // our own packages and we trust them immediately. if (!quiet) { logger.progress('Updating Socket packages...') } @@ -60,12 +61,12 @@ async function main() { '-r', ], { + env: { ...process.env, npm_config_minimum_release_age: '0' }, shell: WIN32, stdio: quiet ? 'pipe' : 'inherit', }, ) - // Clear progress line. if (!quiet) { process.stdout.write('\r\x1b[K') } diff --git a/test/unit/cache-with-ttl.test.mts b/test/unit/cache-with-ttl.test.mts index 3e39b3da6..efd1970e3 100644 --- a/test/unit/cache-with-ttl.test.mts +++ b/test/unit/cache-with-ttl.test.mts @@ -467,52 +467,20 @@ describe.sequential('cache-with-ttl', () => { await refreshCache.clear() }) - it('should treat far-future expiresAt as expired (clock skew protection)', async () => { - // This tests the fix in cache-with-ttl.ts:190-203 - // The isExpired() function checks if expiresAt > now + ttl * 2 - // to detect clock skew or corruption - - const clockSkewCache = createTtlCache({ - ttl: 1000, // 1 second TTL - prefix: 'clock-skew-test', - memoize: true, // Use memoization to test the isExpired logic directly - }) - - // Set a value - this will create an entry with normal expiration - await clockSkewCache.set('key', 'value') - - // Verify value is cached - expect(await clockSkewCache.get('key')).toBe('value') - - // The internal isExpired function will reject entries where: - // expiresAt > Date.now() + ttl * 2 - // This protects against clock skew where the system clock jumps forward - - // Note: We can't easily test the actual clock skew scenario without - // manipulating cacache internals, but the fix is in place and handles: - // - Entries with far-future expiresAt (>2x TTL) are treated as expired - // - Normal future expiresAt values (within TTL) work correctly - - await clockSkewCache.clear() - }) - - it('should handle slightly future expiresAt within reasonable bounds', async () => { - const normalCache = createTtlCache({ - ttl: 5000, // 5 second TTL - prefix: 'normal-future-cache', + it('should expire entries and return undefined after TTL (memoized)', async () => { + const shortCache = createTtlCache({ + ttl: 200, + prefix: 'short-memo-cache', + memoize: true, }) - // Set a value - expiresAt will be Date.now() + 5000 - await normalCache.set('key', 'value') - - // Value should be retrievable immediately (expiresAt is in future as expected) - const result = await normalCache.get('key') - expect(result).toBe('value') + await shortCache.set('key', 'value') + expect(await shortCache.get('key')).toBe('value') - // Only far-future values (>2x TTL) should be treated as expired - // This tests that normal future expiresAt values work correctly + await new Promise(resolve => setTimeout(resolve, 300)) + expect(await shortCache.get('key')).toBeUndefined() - await normalCache.clear() + await shortCache.clear() }) })