fix: Replace simple-binary-install with custom implementation for pnpm compatibility#170
Merged
fix: Replace simple-binary-install with custom implementation for pnpm compatibility#170
Conversation
rtimush
requested review from
Copilot and
rtimush
and removed request for
rtimush
There was a problem hiding this comment.
Pull Request Overview
This PR replaces the simple-binary-install library with a custom implementation to fix pnpm compatibility issues. The pnpm-specific problem stemmed from its symlink-based directory structure causing incorrect extraction paths in the original library.
Key Changes:
- Custom binary download/extraction logic using
node-fetchandtarlibraries - Updated binary execution to spawn from the
bin/directory - Comprehensive CI testing for both npm and pnpm across all supported platforms
Reviewed Changes
Copilot reviewed 6 out of 6 changed files in this pull request and generated 5 comments.
Show a summary per file
| File | Description |
|---|---|
| .github/workflows/ci.yml | Adds test-npm-package job to verify npm and pnpm installation across all platforms |
| .github/npm/scripts.js | Updates to handle async downloadBinary function with promise-based error handling |
| .github/npm/run.js | Replaces simple-binary-install with direct binary spawning from bin/ directory |
| .github/npm/package.json | Swaps simple-binary-install dependency for node-fetch and tar |
| .github/npm/getBinary.js | Complete rewrite implementing custom download and extraction logic |
| .github/npm/.gitignore | Adds bin/ directory to ignore list |
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
ocombe
force-pushed
the
fix/pnpm-compatibility
branch
from
521de48 to
aadff87
Compare
Replaces simple-binary-install with a custom implementation using node-fetch and tar to ensure compatibility with pnpm's symlink-based directory structure. This resolves issues with incorrect extraction paths and Z_DATA_ERROR errors. Includes improvements such as Windows binary support, retry logic, security filters, and better error handling. Adds CI tests to verify npm and pnpm installations on all platforms and ensures releases only proceed if the tests pass. The implementation downloads binaries directly, extracts tarballs, and correctly handles both npm and pnpm directory structures.
ocombe
force-pushed
the
fix/pnpm-compatibility
branch
from
4b2eec5 to
6036b53
Compare
| - name: Install pnpm | ||
| uses: pnpm/action-setup@v4 | ||
| with: | ||
| version: 8 |
Contributor
There was a problem hiding this comment.
latest is 10, why 8?
| - name: Setup Node.js | ||
| uses: actions/setup-node@v4 | ||
| with: | ||
| node-version: '20' |
Contributor
There was a problem hiding this comment.
node 20 is maintenance, use 22
| run: | | ||
| cd artifacts | ||
| # Start HTTP server in background | ||
| python3 -m http.server 8000 & |
Contributor
There was a problem hiding this comment.
Any reason not to continue with Node here?
| import { Binary } from 'simple-binary-install'; | ||
| import * as os from 'os'; | ||
| import * as fs from 'fs'; | ||
| import fetch from 'node-fetch'; |
Contributor
There was a problem hiding this comment.
please use Node's built in.
| import * as os from 'os'; | ||
| import * as fs from 'fs'; | ||
| import fetch from 'node-fetch'; | ||
| import { mkdirSync, chmodSync, existsSync, readFileSync } from 'fs'; |
Contributor
There was a problem hiding this comment.
Prefix all node native modules with node:
| } | ||
|
|
||
| if (type === 'Darwin' && arch === 'arm64') { | ||
| if (type === 'darwin' && arch === 'arm64') { |
Contributor
There was a problem hiding this comment.
I'd consider wrapping in utility functions; these things are repetitive across the code.
| @@ -1,4 +1,26 @@ | |||
| #!/usr/bin/env node | |||
| import { getBinary } from './getBinary.js'; | |||
| import { spawn } from 'child_process'; | |||
| if (process.argv.includes('install')) { | ||
| getBinary().install(); | ||
| // Check for --url argument for testing (only localhost allowed for security) | ||
| const urlArg = process.argv.find(arg => arg.startsWith('--url=')); |
| try { | ||
| const parsedUrl = new URL(providedUrl); | ||
| // Only allow localhost URLs for testing | ||
| if (parsedUrl.hostname === 'localhost' || parsedUrl.hostname === '127.0.0.1') { |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
simple-binary-installwith custom implementation usingnode-fetchandtarProblem
The
cx-protofetchnpm package was incompatible with pnpm due to issues with thesimple-binary-installlibrary. pnpmuses a symlink-based directory structure that causes the library to calculate incorrect extraction paths, resulting in
Z_DATA_ERROR: incorrect header checkerrors during binary extraction.Solution
Implemented a custom binary download and extraction solution that:
node-fetchtarlibraryChanges
Package Code
simple-binary-installwithnode-fetchandtardependenciesdownloadBinaryfunctionbin/directorybin/directory to ignore listCI/CD
test-npm-packagejob to CI workflowTesting Performed
--versionand--helpBreaking Changes
None - the API remains unchanged. Consumers use the package the same way.