@npmcli/config 4.1.0 → 4.2.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/index.js +36 -13
- package/package.json +4 -4
package/lib/index.js
CHANGED
|
@@ -296,6 +296,7 @@ class Config {
|
|
|
296
296
|
// might be a security hazard, which was the intention.
|
|
297
297
|
try {
|
|
298
298
|
this.setCredentialsByURI(reg, creds)
|
|
299
|
+
// eslint-disable-next-line no-empty
|
|
299
300
|
} catch (_) {}
|
|
300
301
|
process.emit('timeEnd', 'config:load:credentials')
|
|
301
302
|
|
|
@@ -366,9 +367,11 @@ class Config {
|
|
|
366
367
|
if (!/^npm_config_/i.test(envKey) || envVal === '') {
|
|
367
368
|
continue
|
|
368
369
|
}
|
|
369
|
-
|
|
370
|
-
|
|
371
|
-
.
|
|
370
|
+
let key = envKey.slice('npm_config_'.length)
|
|
371
|
+
if (!key.startsWith('//')) { // don't normalize nerf-darted keys
|
|
372
|
+
key = key.replace(/(?!^)_/g, '-') // don't replace _ at the start of the key
|
|
373
|
+
.toLowerCase()
|
|
374
|
+
}
|
|
372
375
|
conf[key] = envVal
|
|
373
376
|
}
|
|
374
377
|
this[_loadObject](conf, 'env', 'environment')
|
|
@@ -654,6 +657,7 @@ class Config {
|
|
|
654
657
|
// saved back to the .npmrc file, so we're good.
|
|
655
658
|
try {
|
|
656
659
|
this.setCredentialsByURI(reg, creds)
|
|
660
|
+
// eslint-disable-next-line no-empty
|
|
657
661
|
} catch (_) {}
|
|
658
662
|
}
|
|
659
663
|
|
|
@@ -691,16 +695,16 @@ class Config {
|
|
|
691
695
|
this.delete(`_password`, 'user')
|
|
692
696
|
this.delete(`username`, 'user')
|
|
693
697
|
}
|
|
694
|
-
this.delete(`${nerfed}:-authtoken`, 'user')
|
|
695
|
-
this.delete(`${nerfed}:_authtoken`, 'user')
|
|
696
698
|
this.delete(`${nerfed}:_authToken`, 'user')
|
|
697
699
|
this.delete(`${nerfed}:_auth`, 'user')
|
|
698
700
|
this.delete(`${nerfed}:_password`, 'user')
|
|
699
701
|
this.delete(`${nerfed}:username`, 'user')
|
|
700
702
|
this.delete(`${nerfed}:email`, 'user')
|
|
703
|
+
this.delete(`${nerfed}:certfile`, 'user')
|
|
704
|
+
this.delete(`${nerfed}:keyfile`, 'user')
|
|
701
705
|
}
|
|
702
706
|
|
|
703
|
-
setCredentialsByURI (uri, { token, username, password, email }) {
|
|
707
|
+
setCredentialsByURI (uri, { token, username, password, email, certfile, keyfile }) {
|
|
704
708
|
const nerfed = nerfDart(uri)
|
|
705
709
|
const def = nerfDart(this.get('registry'))
|
|
706
710
|
|
|
@@ -730,9 +734,12 @@ class Config {
|
|
|
730
734
|
// send auth if we have it, only to the URIs under the nerf dart.
|
|
731
735
|
this.delete(`${nerfed}:always-auth`, 'user')
|
|
732
736
|
|
|
733
|
-
this.delete(`${nerfed}:-authtoken`, 'user')
|
|
734
|
-
this.delete(`${nerfed}:_authtoken`, 'user')
|
|
735
737
|
this.delete(`${nerfed}:email`, 'user')
|
|
738
|
+
if (certfile && keyfile) {
|
|
739
|
+
this.set(`${nerfed}:certfile`, certfile, 'user')
|
|
740
|
+
this.set(`${nerfed}:keyfile`, keyfile, 'user')
|
|
741
|
+
// cert/key may be used in conjunction with other credentials, thus no `else`
|
|
742
|
+
}
|
|
736
743
|
if (token) {
|
|
737
744
|
this.set(`${nerfed}:_authToken`, token, 'user')
|
|
738
745
|
this.delete(`${nerfed}:_password`, 'user')
|
|
@@ -750,7 +757,7 @@ class Config {
|
|
|
750
757
|
// protects against shoulder-hacks if password is memorable, I guess?
|
|
751
758
|
const encoded = Buffer.from(password, 'utf8').toString('base64')
|
|
752
759
|
this.set(`${nerfed}:_password`, encoded, 'user')
|
|
753
|
-
} else {
|
|
760
|
+
} else if (!certfile || !keyfile) {
|
|
754
761
|
throw new Error('No credentials to set.')
|
|
755
762
|
}
|
|
756
763
|
}
|
|
@@ -760,17 +767,31 @@ class Config {
|
|
|
760
767
|
const nerfed = nerfDart(uri)
|
|
761
768
|
const creds = {}
|
|
762
769
|
|
|
770
|
+
const deprecatedAuthWarning = [
|
|
771
|
+
'`_auth`, `_authToken`, `username` and `_password` must be scoped to a registry.',
|
|
772
|
+
'see `npm help npmrc` for more information.',
|
|
773
|
+
].join(' ')
|
|
774
|
+
|
|
763
775
|
const email = this.get(`${nerfed}:email`) || this.get('email')
|
|
764
776
|
if (email) {
|
|
765
777
|
creds.email = email
|
|
766
778
|
}
|
|
767
779
|
|
|
768
|
-
const
|
|
769
|
-
|
|
770
|
-
|
|
771
|
-
|
|
780
|
+
const certfileReg = this.get(`${nerfed}:certfile`)
|
|
781
|
+
const keyfileReg = this.get(`${nerfed}:keyfile`)
|
|
782
|
+
if (certfileReg && keyfileReg) {
|
|
783
|
+
creds.certfile = certfileReg
|
|
784
|
+
creds.keyfile = keyfileReg
|
|
785
|
+
// cert/key may be used in conjunction with other credentials, thus no `return`
|
|
786
|
+
}
|
|
787
|
+
|
|
788
|
+
const defaultToken = nerfDart(this.get('registry')) && this.get('_authToken')
|
|
789
|
+
const tokenReg = this.get(`${nerfed}:_authToken`) || defaultToken
|
|
772
790
|
|
|
773
791
|
if (tokenReg) {
|
|
792
|
+
if (tokenReg === defaultToken) {
|
|
793
|
+
log.warn('config', deprecatedAuthWarning)
|
|
794
|
+
}
|
|
774
795
|
creds.token = tokenReg
|
|
775
796
|
return creds
|
|
776
797
|
}
|
|
@@ -805,6 +826,7 @@ class Config {
|
|
|
805
826
|
const userDef = this.get('username')
|
|
806
827
|
const passDef = this.get('_password')
|
|
807
828
|
if (userDef && passDef) {
|
|
829
|
+
log.warn('config', deprecatedAuthWarning)
|
|
808
830
|
creds.username = userDef
|
|
809
831
|
creds.password = Buffer.from(passDef, 'base64').toString('utf8')
|
|
810
832
|
const auth = `${creds.username}:${creds.password}`
|
|
@@ -819,6 +841,7 @@ class Config {
|
|
|
819
841
|
return creds
|
|
820
842
|
}
|
|
821
843
|
|
|
844
|
+
log.warn('config', deprecatedAuthWarning)
|
|
822
845
|
const authDecode = Buffer.from(auth, 'base64').toString('utf8')
|
|
823
846
|
const authSplit = authDecode.split(':')
|
|
824
847
|
creds.username = authSplit.shift()
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@npmcli/config",
|
|
3
|
-
"version": "4.
|
|
3
|
+
"version": "4.2.2",
|
|
4
4
|
"files": [
|
|
5
5
|
"bin/",
|
|
6
6
|
"lib/"
|
|
@@ -31,14 +31,14 @@
|
|
|
31
31
|
},
|
|
32
32
|
"devDependencies": {
|
|
33
33
|
"@npmcli/eslint-config": "^3.0.1",
|
|
34
|
-
"@npmcli/template-oss": "3.
|
|
34
|
+
"@npmcli/template-oss": "3.6.0",
|
|
35
35
|
"tap": "^16.0.1"
|
|
36
36
|
},
|
|
37
37
|
"dependencies": {
|
|
38
38
|
"@npmcli/map-workspaces": "^2.0.2",
|
|
39
39
|
"ini": "^3.0.0",
|
|
40
40
|
"mkdirp-infer-owner": "^2.0.0",
|
|
41
|
-
"nopt": "^
|
|
41
|
+
"nopt": "^6.0.0",
|
|
42
42
|
"proc-log": "^2.0.0",
|
|
43
43
|
"read-package-json-fast": "^2.0.3",
|
|
44
44
|
"semver": "^7.3.5",
|
|
@@ -49,6 +49,6 @@
|
|
|
49
49
|
},
|
|
50
50
|
"templateOSS": {
|
|
51
51
|
"//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.",
|
|
52
|
-
"version": "3.
|
|
52
|
+
"version": "3.6.0"
|
|
53
53
|
}
|
|
54
54
|
}
|