hex_core
hex_core copied to clipboard
hexpm
Reference implementation of Hex specifications.
HTTP spec allows duplicate header names so we should allow that to.
In some cases we manually use binary keys: https://github.com/hexpm/hex_core/blob/v0.6.1/src/hex_api_key.erl#L20: > `Params = #{ => Name, => Permissions},` but in some we allow user to pass the map: https://github.com/hexpm/hex_core/blob/v0.6.1/src/hex_api_release.erl#L45 > `hex_api:post(Config,...
Currently we only check the compressed max size. See: https://github.com/hexpm/hexdocs/blob/97a7d2a8ecea503cd0e93e83e3e2417a8a6f67d3/lib/hexdocs/tar.ex#L14:L46
In #26 we made the API lower level, exposing HTTP details, and unsurprisingly we received some feedback that it's leaky: https://github.com/aseigo/hexagon/commit/5991766b0db980acf1a0da1fab95d34046b18967#commitcomment-30019283 (thanks @aseigo!) This issue is to collect more feedback...
Validations: - [x] the same size validations as [we currently do for package tarballs](https://github.com/hexpm/hex_core/blob/v0.5.0/src/hex_tarball.erl#L7:L8) - [ ] [ensure top-level file is not a valid semver](https://github.com/hexpm/hexdocs/blob/3e52a7bd94227cb7fd7adfd3d697cbd106d6b456/lib/hexdocs/tar.ex#L48:L59)
Currently the API is: ```erlang -type contents() :: #{filename() => binary()}. -type tarball() :: binary(). %% ... -spec unpack(tarball(), memory) -> {ok, #{checksum => checksum(), metadata => metadata(), contents =>...
E.g.: ``` mix hex.package fetch loki 0.1.0 --unpack ** (MatchError) no match of right hand side value: {:error, :enoent} (hex 0.20.1) src/mix_hex_tarball.erl:220: :mix_hex_tarball.copy_metadata_config/2 (hex 0.20.1) src/mix_hex_tarball.erl:209: :mix_hex_tarball.finish_unpack/1 (hex 0.20.1) lib/hex.ex:183:...
We should either document how to set up proxy (https://github.com/hexpm/hex_core/pull/36#issuecomment-415528275) or have first-class support for setting it (either there's a contract for it or adapter-specific configuration is passed down so...
hex_core ships with a built-in httpc-based adapter but it's default options are insecure (doesn't verify server certs etc). See e.g.: https://blog.voltone.net/post/23 for more info. We should port httpc configuration from...