Patch tuf-js to use internal agent

Author: geigerzaehler

.yarn/patches/tuf-js-npm-3.0.1-9135d15fbd.patch

@@ -1,26 +1,26 @@
 diff --git a/dist/fetcher.js b/dist/fetcher.js
-index f966ce1bb0cdc6c785ce1263f1faea15d3fe764c..3b50fa0c24fd5f6e9e29cf398a3d3bf13836fabd 100644
+index f966ce1bb0cdc6c785ce1263f1faea15d3fe764c..111588c64ba0cc049cabeb471d39f0fdc78bbb7e 100644
 --- a/dist/fetcher.js
 +++ b/dist/fetcher.js
 @@ -6,7 +6,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
  exports.DefaultFetcher = exports.BaseFetcher = void 0;
  const debug_1 = __importDefault(require("debug"));
  const fs_1 = __importDefault(require("fs"));
 -const make_fetch_happen_1 = __importDefault(require("make-fetch-happen"));
-+const stream = require("node:stream");
++const stream = require("node:stream")
  const util_1 = __importDefault(require("util"));
  const error_1 = require("./error");
  const tmpfile_1 = require("./utils/tmpfile");
-@@ -61,14 +61,13 @@ class DefaultFetcher extends BaseFetcher {
+@@ -61,14 +61,12 @@ class DefaultFetcher extends BaseFetcher {
      }
      async fetch(url) {
          log('GET %s', url);
 -        const response = await (0, make_fetch_happen_1.default)(url, {
 -            timeout: this.timeout,
 -            retry: this.retry,
-+        const response = await globalThis.fetch(url, {
-+            signal: this.timeout && AbortSignal.timeout(this.timeout)
-         });
+-        });
++        const response = await globalThis.tufJsFetch(url);
++
          if (!response.ok || !response?.body) {
              throw new error_1.DownloadHTTPError('Failed to download', response.status);
          }

sources/httpUtils.ts

@@ -92,7 +92,7 @@ export async function fetchUrlStream(input: string | URL, init?: RequestInit) {
 
 let ProxyAgent: typeof import('undici').ProxyAgent;
 
-async function getProxyAgent(input: string | URL) {
+export async function getProxyAgent(input: string | URL) {
   const {getProxyForUrl} = await import(`proxy-from-env`);
 
   // @ts-expect-error - The internal implementation is compatible with a WHATWG URL instance

sources/npmRegistryUtils.ts

@@ -48,6 +48,14 @@ async function fetchSigstoreTufKeys(): Promise<Array<KeyInfo> | null> {
   // See https://github.com/npm/cli/blob/3a80a7b7d168c23b5e297cba7b47ba5b9875934d/lib/utils/verify-signatures.js#L174
   let keysRaw: string;
   try {
+    // @ts-expect-error inject custom fetch into monkey-patched `tuf-js` module.
+    globalThis.tufJsFetch = async (input: string) => {
+      const agent = await httpUtils.getProxyAgent(input);
+      return await globalThis.fetch(input, {
+        dispatcher: agent,
+      });
+
+    }
     const sigstoreTufClient = await sigstoreTuf.initTUF({
       cachePath: path.join(folderUtils.getCorepackHomeFolder(), `_tuf`),
     });

yarn.lock

@@ -1621,6 +1621,7 @@ __metadata:
     supports-color: "npm:^10.0.0"
     tar: "npm:^7.4.0"
     tsx: "npm:^4.16.2"
+    tuf-js: "patch:tuf-js@npm%3A3.0.1#~/.yarn/patches/tuf-js-npm-3.0.1-9135d15fbd.patch"
     typescript: "npm:^5.7.3"
     undici: "npm:^6.19.2"
     v8-compile-cache: "npm:^2.3.0"
@@ -4703,12 +4704,12 @@ __metadata:
 
 "tuf-js@patch:tuf-js@npm%3A3.0.1#~/.yarn/patches/tuf-js-npm-3.0.1-9135d15fbd.patch":
   version: 3.0.1
-  resolution: "tuf-js@patch:tuf-js@npm%3A3.0.1#~/.yarn/patches/tuf-js-npm-3.0.1-9135d15fbd.patch::version=3.0.1&hash=05f694"
+  resolution: "tuf-js@patch:tuf-js@npm%3A3.0.1#~/.yarn/patches/tuf-js-npm-3.0.1-9135d15fbd.patch::version=3.0.1&hash=26fdc2"
   dependencies:
     "@tufjs/models": "npm:3.0.1"
     debug: "npm:^4.3.6"
     make-fetch-happen: "npm:^14.0.1"
-  checksum: 10c0/8f50e885865555112d5ffc5fe7803c9270a611462300b53fd0b528914eb6b9f849b7a4782c07f356f4f0aeb6b752cbb3f7e1c5f2b068bfb574fca3990d1675d5
+  checksum: 10c0/e301844e9cfaf7dff085358285ed15ea21d7bb871ea3b6a2c6647c3558069fe62473b1dec1cb30e015955647bf1f36c547fb63c827f2563bbc7be4749281e78c
   languageName: node
   linkType: hard