feat: strict validate deps

[elrrrrrrr]

During the sync process, dependency installation errors may occur due to incorrect timing or incorrect declaration.

1. ⚙️ Added strictValidatePackageDeps configuration, disabled by default.
2. 🔄 In publish process, if the dependencies for the current version do not exist, it will be interrupted.
3. 📦 In synch process, will automatically enter the queue to wait for the next synchronization attempt (up to 3 retries).
4. ♻️ Packages that have already been published or synchronized will not be affected.

---

在版本同步时，由于同步时机或自身依赖声明错误，导致依赖安装报错。

1. ⚙️ 新增 strictValidatePackageDeps 配置，默认关闭
2. 🔄 在包发布时，如果当前版本的 dependencies 不存在，则中断发布
3. 📦 在包同步时，如果校验未通过，则中断发布流程，自动进入队列等待下次同步（最多重试3次）
4. ♻️ 已发布、同步的包不受影响

Summary by CodeRabbit

Release Notes

• New Features

  • Introduced strict validation for package dependencies during publishing and synchronization.
  • Added a new configuration option for enforcing dependency validation.

• Bug Fixes

  • Enhanced error handling for dependency validation failures, allowing for task retries.

• Tests

  • Added new test cases to ensure proper validation of package dependencies under strict settings.
  • Created a new test suite for handling invalid dependencies in package synchronization.

• Chores

  • Updated logging for package synchronization processes to improve clarity and error tracking.

[coderabbitai[bot]]

Walkthrough

The changes introduce significant enhancements to the package management system, focusing on dependency validation. A new method _checkPackageDepsVersion is added to PackageManagerService to validate package dependencies. The publish method is updated to conditionally call this validation based on a new configuration property strictValidatePackageDeps. The PackageSyncerService also receives updates for error handling during dependency validation. New tests are added to ensure that the system behaves correctly when invalid dependencies are encountered, alongside the introduction of a new JSON fixture representing a package with invalid dependencies.

Changes

File	Change Summary
app/core/service/PackageManagerService.ts	- Added method _checkPackageDepsVersion for validating package dependencies.
	- Updated publish method to conditionally call _checkPackageDepsVersion.
	- Modified imports to include assert and p-map, and added BadRequestError.
app/core/service/PackageSyncerService.ts	- Updated executeTask method for enhanced error handling of BadRequestError.
	- Refined logic for syncing download data and updated syncDeletePkg method with logging.
app/port/config.ts	- Added optional property strictValidatePackageDeps to CnpmcoreConfig.
config/config.default.ts	- Introduced strictValidatePackageDeps property initialized to false in cnpmcoreConfig.
test/core/service/PackageManagerService/publish.test.ts	- Added test case for publish() to check strict validation of dependencies.
test/core/service/PackageSyncerService/executeTask.test.ts	- Introduced new test suite for validating dependencies in PackageSyncerService.
test/fixtures/registry.npmjs.org/invalid-deps.json	- Added new JSON fixture for a package with invalid dependencies.

Possibly related PRs

• #691: The changes in PackageManagerService.ts related to the addition of the acceptDependencies property are relevant as they modify the same file and involve handling package metadata, which is closely related to the dependency validation introduced in the main PR.

Poem

🐰 In the garden of code, where packages bloom,
A rabbit hops by, dispelling the gloom.
With dependencies checked, and errors in sight,
Publishing packages now feels just right!
So let’s raise a cheer, for validation's new song,
In the world of our code, where we all belong! 🌼

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

- [X](https://twitter.com/intent/tweet?text=I%20just%20used%20%40coderabbitai%20for%20my%20code%20review%2C%20and%20it%27s%20fantastic%21%20It%27s%20free%20for%20OSS%20and%20offers%20a%20free%20trial%20for%20the%20proprietary%20code.%20Check%20it%20out%3A&url=https%3A//coderabbit.ai) - [Mastodon](https://mastodon.social/share?text=I%20just%20used%20%40coderabbitai%20for%20my%20code%20review%2C%20and%20it%27s%20fantastic%21%20It%27s%20free%20for%20OSS%20and%20offers%20a%20free%20trial%20for%20the%20proprietary%20code.%20Check%20it%20out%3A%20https%3A%2F%2Fcoderabbit.ai) - [Reddit](https://www.reddit.com/submit?title=Great%20tool%20for%20code%20review%20-%20CodeRabbit&text=I%20just%20used%20CodeRabbit%20for%20my%20code%20review%2C%20and%20it%27s%20fantastic%21%20It%27s%20free%20for%20OSS%20and%20offers%20a%20free%20trial%20for%20proprietary%20code.%20Check%20it%20out%3A%20https%3A//coderabbit.ai) - [LinkedIn](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fcoderabbit.ai&mini=true&title=Great%20tool%20for%20code%20review%20-%20CodeRabbit&summary=I%20just%20used%20CodeRabbit%20for%20my%20code%20review%2C%20and%20it%27s%20fantastic%21%20It%27s%20free%20for%20OSS%20and%20offers%20a%20free%20trial%20for%20proprietary%20code)

🪧 Tips

### Chat There are 3 ways to chat with [CodeRabbit](https://coderabbit.ai): - Review comments: Directly reply to a review comment made by CodeRabbit. Example: - `I pushed a fix in commit , please review it.` - `Generate unit testing code for this file.` - `Open a follow-up GitHub issue for this discussion.` - Files and specific lines of code (under the "Files changed" tab): Tag `@coderabbitai` in a new review comment at the desired location with your query. Examples: - `@coderabbitai generate unit testing code for this file.` - `@coderabbitai modularize this function.` - PR comments: Tag `@coderabbitai` in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples: - `@coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.` - `@coderabbitai read src/utils.ts and generate unit testing code.` - `@coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.` - `@coderabbitai help me debug CodeRabbit configuration file.` Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. ### CodeRabbit Commands (Invoked using PR comments) - `@coderabbitai pause` to pause the reviews on a PR. - `@coderabbitai resume` to resume the paused reviews. - `@coderabbitai review` to trigger an incremental review. This is useful when automatic reviews are disabled for the repository. - `@coderabbitai full review` to do a full review from scratch and review all the files again. - `@coderabbitai summary` to regenerate the summary of the PR. - `@coderabbitai resolve` resolve all the CodeRabbit review comments. - `@coderabbitai configuration` to show the current CodeRabbit configuration for the repository. - `@coderabbitai help` to get help. ### Other keywords and placeholders - Add `@coderabbitai ignore` anywhere in the PR description to prevent this PR from being reviewed. - Add `@coderabbitai summary` to generate the high-level summary at a specific location in the PR description. - Add `@coderabbitai` anywhere in the PR title to generate the title automatically. ### CodeRabbit Configuration File (`.coderabbit.yaml`) - You can programmatically configure CodeRabbit by adding a `.coderabbit.yaml` file to the root of your repository. - Please see the [configuration documentation](https://docs.coderabbit.ai/guides/configure-coderabbit) for more information. - If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: `# yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json` ### Documentation and Community - Visit our [Documentation](https://coderabbit.ai/docs) for detailed information on how to use CodeRabbit. - Join our [Discord Community](http://discord.gg/coderabbit) to get help, request features, and share feedback. - Follow us on [X/Twitter](https://twitter.com/coderabbitai) for updates and announcements.

[codecov[bot]]

Codecov Report

Attention: Patch coverage is 95.23810% with 2 lines in your changes missing coverage. Please review.

Project coverage is 96.46%. Comparing base (d6f0e1d) to head (fd428b4). Report is 2 commits behind head on master.

Files with missing lines	Patch %	Lines
app/core/service/PackageManagerService.ts	92.59%	2 Missing :warning:

Additional details and impacted files

```diff @@ Coverage Diff @@ ## master #720 +/- ## ========================================== - Coverage 96.46% 96.46% -0.01% ========================================== Files 188 188 Lines 18803 18844 +41 Branches 2463 2481 +18 ========================================== + Hits 18139 18178 +39 - Misses 664 666 +2 ```

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.