@npmcli/config 1.2.8 → 2.2.0

package/lib/index.js

@@ -47,7 +47,6 @@ const envReplace = require('./env-replace.js')
 const parseField = require('./parse-field.js')
 const typeDescription = require('./type-description.js')
 const setEnvs = require('./set-envs.js')
-const getUserAgent = require('./get-user-agent.js')
 
 // types that can be saved back to
 const confFileTypes = new Set([
@@ -69,6 +68,9 @@ const _get = Symbol('get')
 const _find = Symbol('find')
 const _loadObject = Symbol('loadObject')
 const _loadFile = Symbol('loadFile')
+const _checkDeprecated = Symbol('checkDeprecated')
+const _flatten = Symbol('flatten')
+const _flatOptions = Symbol('flatOptions')
 
 class Config {
   static get typeDefs () {
@@ -76,9 +78,9 @@ class Config {
   }
 
   constructor ({
-    types,
+    definitions,
     shorthands,
-    defaults,
+    flatten,
     npmPath,
 
     // options just to override in tests, mostly
@@ -89,10 +91,27 @@ class Config {
     execPath = process.execPath,
     cwd = process.cwd(),
   }) {
-    this.npmPath = npmPath
+
+    // turn the definitions into nopt's weirdo syntax
+    this.definitions = definitions
+    const types = {}
+    const defaults = {}
+    this.deprecated = {}
+    for (const [key, def] of Object.entries(definitions)) {
+      defaults[key] = def.default
+      types[key] = def.type
+      if (def.deprecated)
+        this.deprecated[key] = def.deprecated.trim().replace(/\n +/, '\n')
+    }
+
+    // populated the first time we flatten the object
+    this[_flatOptions] = null
+    this[_flatten] = flatten
     this.types = types
     this.shorthands = shorthands
     this.defaults = defaults
+
+    this.npmPath = npmPath
     this.log = log
     this.argv = argv
     this.env = env
@@ -178,15 +197,31 @@ class Config {
       throw new Error('call config.load() before setting values')
     if (!confTypes.has(where))
       throw new Error('invalid config location param: ' + where)
-    if (key === '_auth') {
-      const { email } = this.getCredentialsByURI(this.get('registry'))
-      if (!email)
-        throw new Error('Cannot set _auth without first setting email')
-    }
-    this.data.get(where).data[key] = val
+    this[_checkDeprecated](key)
+    const { data } = this.data.get(where)
+    data[key] = val
 
     // this is now dirty, the next call to this.valid will have to check it
     this.data.get(where)[_valid] = null
+
+    // the flat options are invalidated, regenerate next time they're needed
+    this[_flatOptions] = null
+  }
+
+  get flat () {
+    if (this[_flatOptions])
+      return this[_flatOptions]
+
+    // create the object for flat options passed to deps
+    process.emit('time', 'config:load:flatten')
+    this[_flatOptions] = {}
+    // walk from least priority to highest
+    for (const { data } of this.data.values()) {
+      this[_flatten](data, this[_flatOptions])
+    }
+    process.emit('timeEnd', 'config:load:flatten')
+
+    return this[_flatOptions]
   }
 
   delete (key, where = 'cli') {
@@ -233,11 +268,6 @@ class Config {
     await this.loadGlobalConfig()
     process.emit('timeEnd', 'config:load:global')
 
-    // now the extras
-    process.emit('time', 'config:load:cafile')
-    await this.loadCAFile()
-    process.emit('timeEnd', 'config:load:cafile')
-
     // warn if anything is not valid
     process.emit('time', 'config:load:validate')
     this.validate()
@@ -247,13 +277,17 @@ class Config {
     // symbols, as that module also does a bunch of get operations
     this[_loaded] = true
 
+    process.emit('time', 'config:load:credentials')
+    const reg = this.get('registry')
+    const creds = this.getCredentialsByURI(reg)
+    // ignore this error because a failed set will strip out anything that
+    // might be a security hazard, which was the intention.
+    try { this.setCredentialsByURI(reg, creds) } catch (_) {}
+    process.emit('timeEnd', 'config:load:credentials')
+
     // set proper globalPrefix now that everything is loaded
     this.globalPrefix = this.get('prefix')
 
-    process.emit('time', 'config:load:setUserAgent')
-    this.setUserAgent()
-    process.emit('timeEnd', 'config:load:setUserAgent')
-
     process.emit('time', 'config:load:setEnvs')
     this.setEnvs()
     process.emit('timeEnd', 'config:load:setEnvs')
@@ -376,13 +410,13 @@ class Config {
     this.data.get(where)[_valid] = false
 
     if (Array.isArray(type)) {
-      if (type.indexOf(typeDefs.url.type) !== -1)
+      if (type.includes(typeDefs.url.type))
         type = typeDefs.url.type
       else {
         /* istanbul ignore if - no actual configs matching this, but
          * path types SHOULD be handled this way, like URLs, for the
          * same reason */
-        if (type.indexOf(typeDefs.path.type) !== -1)
+        if (type.includes(typeDefs.path.type))
           type = typeDefs.path.type
       }
     }
@@ -428,11 +462,21 @@ class Config {
       for (const [key, value] of Object.entries(obj)) {
         const k = envReplace(key, this.env)
         const v = this.parseField(value, k)
+        if (where !== 'default')
+          this[_checkDeprecated](k, where, obj, [key, value])
         conf.data[k] = v
       }
     }
   }
 
+  [_checkDeprecated] (key, where, obj, kv) {
+    // XXX a future npm version will make this a warning.
+    // An even more future npm version will make this an error.
+    if (this.deprecated[key]) {
+      this.log.verbose('config', key, this.deprecated[key])
+    }
+  }
+
   // Parse a field, coercing it to the best type available.
   parseField (f, key, listElement = false) {
     return parseField(f, key, this, listElement)
@@ -547,14 +591,17 @@ class Config {
     const nerfed = nerfDart(uri)
     const def = nerfDart(this.get('registry'))
     if (def === nerfed) {
+      // do not delete email, that shouldn't be nerfed any more.
+      // just delete the nerfed copy, if one exists.
       this.delete(`-authtoken`, 'user')
       this.delete(`_authToken`, 'user')
+      this.delete(`_authtoken`, 'user')
       this.delete(`_auth`, 'user')
       this.delete(`_password`, 'user')
       this.delete(`username`, 'user')
-      this.delete(`email`, 'user')
     }
     this.delete(`${nerfed}:-authtoken`, 'user')
+    this.delete(`${nerfed}:_authtoken`, 'user')
     this.delete(`${nerfed}:_authToken`, 'user')
     this.delete(`${nerfed}:_auth`, 'user')
     this.delete(`${nerfed}:_password`, 'user')
@@ -562,7 +609,7 @@ class Config {
     this.delete(`${nerfed}:email`, 'user')
   }
 
-  setCredentialsByURI (uri, { token, username, password, email, alwaysAuth }) {
+  setCredentialsByURI (uri, { token, username, password, email }) {
     const nerfed = nerfDart(uri)
     const def = nerfDart(this.get('registry'))
 
@@ -570,41 +617,45 @@ class Config {
       // remove old style auth info not limited to a single registry
       this.delete('_password', 'user')
       this.delete('username', 'user')
-      this.delete('email', 'user')
       this.delete('_auth', 'user')
       this.delete('_authtoken', 'user')
+      this.delete('-authtoken', 'user')
       this.delete('_authToken', 'user')
     }
 
-    this.delete(`${nerfed}:-authtoken`)
+    // email used to be nerfed always.  if we're using the default
+    // registry, de-nerf it.
+    if (nerfed === def) {
+      email = email ||
+        this.get('email', 'user') ||
+        this.get(`${nerfed}:email`, 'user')
+      if (email)
+        this.set('email', email, 'user')
+    }
+
+    // field that hasn't been used as documented for a LONG time,
+    // and as of npm 7.10.0, isn't used at all.  We just always
+    // send auth if we have it, only to the URIs under the nerf dart.
+    this.delete(`${nerfed}:always-auth`, 'user')
+
+    this.delete(`${nerfed}:-authtoken`, 'user')
+    this.delete(`${nerfed}:_authtoken`, 'user')
+    this.delete(`${nerfed}:email`, 'user')
     if (token) {
       this.set(`${nerfed}:_authToken`, token, 'user')
       this.delete(`${nerfed}:_password`, 'user')
       this.delete(`${nerfed}:username`, 'user')
-      this.delete(`${nerfed}:email`, 'user')
-      this.delete(`${nerfed}:always-auth`, 'user')
-    } else if (username || password || email) {
-      if (username || password) {
-        if (!username)
-          throw new Error('must include username')
-        if (!password)
-          throw new Error('must include password')
-      }
-      if (!email)
-        throw new Error('must include email')
+    } else if (username || password) {
+      if (!username)
+        throw new Error('must include username')
+      if (!password)
+        throw new Error('must include password')
       this.delete(`${nerfed}:_authToken`, 'user')
-      if (username || password) {
-        this.set(`${nerfed}:username`, username, 'user')
-        // note: not encrypted, no idea why we bothered to do this, but oh well
-        // protects against shoulder-hacks if password is memorable, I guess?
-        const encoded = Buffer.from(password, 'utf8').toString('base64')
-        this.set(`${nerfed}:_password`, encoded, 'user')
-      }
-      this.set(`${nerfed}:email`, email, 'user')
-      if (alwaysAuth !== undefined)
-        this.set(`${nerfed}:always-auth`, alwaysAuth, 'user')
-      else
-        this.delete(`${nerfed}:always-auth`, 'user')
+      this.set(`${nerfed}:username`, username, 'user')
+      // note: not encrypted, no idea why we bothered to do this, but oh well
+      // protects against shoulder-hacks if password is memorable, I guess?
+      const encoded = Buffer.from(password, 'utf8').toString('base64')
+      this.set(`${nerfed}:_password`, encoded, 'user')
     } else {
       throw new Error('No credentials to set.')
     }
@@ -615,18 +666,12 @@ class Config {
     const nerfed = nerfDart(uri)
     const creds = {}
 
-    // you can set always-auth for a single registry, or as a default
-    const alwaysAuthReg = this.get(`${nerfed}:always-auth`)
-    if (alwaysAuthReg !== undefined)
-      creds.alwaysAuth = !!alwaysAuthReg
-    else
-      creds.alwaysAuth = this.get('always-auth')
-
     const email = this.get(`${nerfed}:email`) || this.get('email')
     if (email)
       creds.email = email
 
     const tokenReg = this.get(`${nerfed}:_authToken`) ||
+      this.get(`${nerfed}:_authtoken`) ||
       this.get(`${nerfed}:-authtoken`) ||
       nerfed === nerfDart(this.get('registry')) && this.get('_authToken')
 
@@ -645,6 +690,16 @@ class Config {
       return creds
     }
 
+    const authReg = this.get(`${nerfed}:_auth`)
+    if (authReg) {
+      const authDecode = Buffer.from(authReg, 'base64').toString('utf8')
+      const authSplit = authDecode.split(':')
+      creds.username = authSplit.shift()
+      creds.password = authSplit.join(':')
+      creds.auth = authReg
+      return creds
+    }
+
     // at this point, we can only use the values if the URI is the
     // default registry.
     const defaultNerf = nerfDart(this.get('registry'))
@@ -675,48 +730,6 @@ class Config {
     return creds
   }
 
-  async loadCAFile () {
-    const where = this[_find]('cafile')
-
-    /* istanbul ignore if - it'll always be set in the defaults */
-    if (!where)
-      return
-
-    const cafile = this[_get]('cafile', where)
-    const ca = this[_get]('ca', where)
-
-    // if you have a ca, or cafile is set to null, then nothing to do here.
-    if (ca || !cafile)
-      return
-
-    const raw = await readFile(cafile, 'utf8').catch(er => {
-      if (er.code !== 'ENOENT')
-        throw er
-    })
-    if (!raw)
-      return
-
-    const delim = '-----END CERTIFICATE-----'
-    const output = raw.replace(/\r\n/g, '\n').split(delim)
-      .filter(section => section.trim())
-      .map(section => section.trimLeft() + delim)
-
-    // make it non-enumerable so we don't save it back by accident
-    const { data } = this.data.get(where)
-    Object.defineProperty(data, 'ca', {
-      value: output,
-      enumerable: false,
-      configurable: true,
-      writable: true,
-    })
-  }
-
-  // the user-agent configuration is a template that gets populated
-  // with some variables, that takes place here
-  setUserAgent () {
-    this.set('user-agent', getUserAgent(this))
-  }
-
   // set up the environment object we have with npm_config_* environs
   // for all configs that are different from their default values, and
   // set EDITOR and HOME.

package/lib/set-envs.js

@@ -50,17 +50,13 @@ const setEnvs = (config) => {
     platform,
     env,
     defaults,
+    definitions,
     list: [cliConf, envConf],
   } = config
 
-  const { DESTDIR } = env
-  if (platform !== 'win32' && DESTDIR && globalPrefix.indexOf(DESTDIR) === 0)
-    env.PREFIX = globalPrefix.substr(DESTDIR.length)
-  else
-    env.PREFIX = globalPrefix
-
-  env.INIT_CWD = env.INIT_CWD || process.cwd()
+  env.INIT_CWD = process.cwd()
 
+  // if the key is deprecated, skip it always.
   // if the key is the default value,
   //   if the environ is NOT the default value,
   //     set the environ
@@ -71,6 +67,10 @@ const setEnvs = (config) => {
   const cliSet = new Set(Object.keys(cliConf))
   const envSet = new Set(Object.keys(envConf))
   for (const key in cliConf) {
+    const { deprecated, envExport = true } = definitions[key] || {}
+    if (deprecated || envExport === false)
+      continue
+
     if (sameConfigValue(defaults[key], cliConf[key])) {
       // config is the default, if the env thought different, then we
       // have to set it BACK to the default in the environment.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@npmcli/config",
-  "version": "1.2.8",
+  "version": "2.2.0",
   "files": [
     "lib"
   ],
@@ -24,7 +24,7 @@
     "coverage-map": "map.js"
   },
   "devDependencies": {
-    "tap": "^14.10.8"
+    "tap": "^15.0.4"
   },
   "dependencies": {
     "ini": "^2.0.0",

package/lib/get-user-agent.js

@@ -1,13 +0,0 @@
-// Accepts a config object, returns a user-agent string
-const getUserAgent = (config) => {
-  const ciName = config.get('ci-name')
-  return (config.get('user-agent') || '')
-    .replace(/\{node-version\}/gi, config.get('node-version'))
-    .replace(/\{npm-version\}/gi, config.get('npm-version'))
-    .replace(/\{platform\}/gi, process.platform)
-    .replace(/\{arch\}/gi, process.arch)
-    .replace(/\{ci\}/gi, ciName ? `ci/${ciName}` : '')
-    .trim()
-}
-
-module.exports = getUserAgent