deps: @sigstore/tuf@2.2.0

node_modules/@sigstore/tuf/dist/client.js

@@ -25,8 +25,8 @@ const tuf_js_1 = require("tuf-js");
 const target_1 = require("./target");
 class TUFClient {
     constructor(options) {
-        initTufCache(options.cachePath, options.rootPath);
-        const remote = initRemoteConfig(options.cachePath, options.mirrorURL);
+        initTufCache(options);
+        const remote = initRemoteConfig(options);
         this.updater = initClient(options.cachePath, remote, options);
     }
     async refresh() {
@@ -42,7 +42,7 @@ exports.TUFClient = TUFClient;
 // created. If the targets directory does not exist, it will be created.
 // If the root.json file does not exist, it will be copied from the
 // rootPath argument.
-function initTufCache(cachePath, tufRootPath) {
+function initTufCache({ cachePath, rootPath: tufRootPath, force, }) {
     const targetsPath = path_1.default.join(cachePath, 'targets');
     const cachedRootPath = path_1.default.join(cachePath, 'root.json');
     if (!fs_1.default.existsSync(cachePath)) {
@@ -51,22 +51,28 @@ function initTufCache(cachePath, tufRootPath) {
     if (!fs_1.default.existsSync(targetsPath)) {
         fs_1.default.mkdirSync(targetsPath);
     }
-    if (!fs_1.default.existsSync(cachedRootPath)) {
+    // If the root.json file does not exist (or we're forcing re-initialization),
+    // copy it from the rootPath argument
+    if (!fs_1.default.existsSync(cachedRootPath) || force) {
         fs_1.default.copyFileSync(tufRootPath, cachedRootPath);
     }
     return cachePath;
 }
 // Initializes the remote.json file, which contains the URL of the TUF
 // repository. If the file does not exist, it will be created. If the file
 // exists, it will be parsed and returned.
-function initRemoteConfig(rootDir, mirrorURL) {
+function initRemoteConfig({ cachePath, mirrorURL, force, }) {
     let remoteConfig;
-    const remoteConfigPath = path_1.default.join(rootDir, 'remote.json');
-    if (fs_1.default.existsSync(remoteConfigPath)) {
+    const remoteConfigPath = path_1.default.join(cachePath, 'remote.json');
+    // If the remote config file exists, read it and parse it (skip if force is
+    // true)
+    if (!force && fs_1.default.existsSync(remoteConfigPath)) {
         const data = fs_1.default.readFileSync(remoteConfigPath, 'utf-8');
         remoteConfig = JSON.parse(data);
     }
-    if (!remoteConfig) {
+    // If the remote config file does not exist (or we're forcing initialization),
+    // create it
+    if (!remoteConfig || force) {
         remoteConfig = { mirror: mirrorURL };
         fs_1.default.writeFileSync(remoteConfigPath, JSON.stringify(remoteConfig));
     }

node_modules/@sigstore/tuf/dist/index.js

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.TUFError = exports.initTUF = exports.getTrustedRoot = void 0;
+exports.TUFError = exports.initTUF = exports.getTrustedRoot = exports.DEFAULT_MIRROR_URL = void 0;
 /*
 Copyright 2023 The Sigstore Authors.
 
@@ -19,8 +19,8 @@ limitations under the License.
 const protobuf_specs_1 = require("@sigstore/protobuf-specs");
 const appdata_1 = require("./appdata");
 const client_1 = require("./client");
+exports.DEFAULT_MIRROR_URL = 'https://tuf-repo-cdn.sigstore.dev';
 const DEFAULT_CACHE_DIR = 'sigstore-js';
-const DEFAULT_MIRROR_URL = 'https://tuf-repo-cdn.sigstore.dev';
 const DEFAULT_TUF_ROOT_PATH = '../store/public-good-instance-root.json';
 const DEFAULT_RETRY = { retries: 2 };
 const DEFAULT_TIMEOUT = 5000;
@@ -46,9 +46,10 @@ function createClient(options) {
     return new client_1.TUFClient({
         cachePath: options.cachePath || (0, appdata_1.appDataPath)(DEFAULT_CACHE_DIR),
         rootPath: options.rootPath || require.resolve(DEFAULT_TUF_ROOT_PATH),
-        mirrorURL: options.mirrorURL || DEFAULT_MIRROR_URL,
+        mirrorURL: options.mirrorURL || exports.DEFAULT_MIRROR_URL,
         retry: options.retry ?? DEFAULT_RETRY,
         timeout: options.timeout ?? DEFAULT_TIMEOUT,
+        force: options.force ?? false,
     });
 }
 var error_1 = require("./error");

node_modules/@sigstore/tuf/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@sigstore/tuf",
-  "version": "2.1.0",
+  "version": "2.2.0",
   "description": "Client for the Sigstore TUF repository",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",

package-lock.json

@@ -97,7 +97,7 @@
         "@npmcli/package-json": "^5.0.0",
         "@npmcli/promise-spawn": "^7.0.0",
         "@npmcli/run-script": "^7.0.2",
-        "@sigstore/tuf": "^2.1.0",
+        "@sigstore/tuf": "^2.2.0",
         "abbrev": "^2.0.0",
         "archy": "~1.0.0",
         "cacache": "^18.0.0",
@@ -3818,9 +3818,9 @@
       }
     },
     "node_modules/@sigstore/tuf": {
-      "version": "2.1.0",
-      "resolved": "https://registry.npmjs.org/@sigstore/tuf/-/tuf-2.1.0.tgz",
-      "integrity": "sha512-BUoVCx+7Wj+8moEGvUU2MyBI+f93lmg1CLmoG6KrhQMeDyAG8HAZNk+YRCNuvwvSDCfPhwsj37Bg63/Q+bnGsw==",
+      "version": "2.2.0",
+      "resolved": "https://registry.npmjs.org/@sigstore/tuf/-/tuf-2.2.0.tgz",
+      "integrity": "sha512-KKATZ5orWfqd9ZG6MN8PtCIx4eevWSuGRKQvofnWXRpyMyUEpmrzg5M5BrCpjM+NfZ0RbNGOh5tCz/P2uoRqOA==",
       "inBundle": true,
       "dependencies": {
         "@sigstore/protobuf-specs": "^0.2.1",

package.json

@@ -59,7 +59,7 @@
     "@npmcli/package-json": "^5.0.0",
     "@npmcli/promise-spawn": "^7.0.0",
     "@npmcli/run-script": "^7.0.2",
-    "@sigstore/tuf": "^2.1.0",
+    "@sigstore/tuf": "^2.2.0",
     "abbrev": "^2.0.0",
     "archy": "~1.0.0",
     "cacache": "^18.0.0",