Expand description
Copy-on-write defense against package-manager hardlink farms.
Several package managers (pnpm, bazel mirrors, nix store overlays, npm linked workspaces) point multiple project trees at a single content-addressed inode via symlinks or hardlinks. A naive patch that opens the path in a workspace and rewrites it would mutate the shared inode — corrupting every other project that references the same package.
break_hardlink_if_needed is the pre-write hook that turns these
shared-inode references into private file copies before any patch
bytes touch disk. After the call, mutating the path is safe: only
this project’s copy changes; the store entry and every other
project’s link survive untouched.
The function is idempotent and fast on the common case (regular
file with nlink == 1): a single symlink_metadata syscall, no
I/O beyond that. CoW only runs when there is something to break.
Windows note: we always handle symlinks the same on Windows
(replace with private regular file) but skip the nlink > 1
check — std::fs::Metadata on Windows does not expose the file
information that carries it, and pnpm-on-Windows typically uses
reflinks/copies rather than hardlinks. A follow-up could call
GetFileInformationByHandle via windows-sys for full Windows
parity.
Enums§
- CowAction
- Outcome of
break_hardlink_if_needed.
Functions§
- break_
hardlink_ if_ needed - Ensure
path(if it exists) points at a private inode this project alone owns, so a subsequent in-place write only mutates our copy.