npm - tar-dependency - Versions diffs - 0.2.0 → 0.3.0 - Mend

tar-dependency 0.2.0 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/.nvmrc CHANGED Viewed

	@@ -1 +1 @@
1	- 20
1	+ 24

package/README.md CHANGED Viewed

@@ -91,8 +91,37 @@ and then install them with
 `tar-dependency install`
+### Authentication / Private repositories
+URLs support `${ENV_VAR}` placeholders, which are expanded from environment variables at install time. This keeps secrets out of `package.json` and version control.
+For example, to authenticate against a private GitLab instance:
+```json
+{
+  "tarDependencies": {
+    "components/components-ext": {
+      "url": "https://gitlab.kadenpartner.ch/kp/extjs/repository/4.2.6-min/archive.tgz?private_token=${KP_GITLAB_TOKEN}",
+      "strip": 1
+    }
+  }
+}
+```
+Store the token in your shell environment (e.g. `~/.zshenv` or `~/.zshrc`):
+```bash
+export KP_GITLAB_TOKEN=glpat-xxxx
+```
+The raw URL (with the placeholder, not the expanded value) is printed to the console, so tokens are never leaked in logs.
 ## Changelog
+### 0.3.0 - Mar 2026
+* Added `${ENV_VAR}` placeholder support in URLs for authentication against private registries
 ### 0.2.0 - Feb 2025
 * [breaking] Updated to NodeJS >= 20 with ES Modules
@@ -103,4 +132,4 @@ and then install them with
 Initial release
-(c) 2017-2025 alex@alexi.ch
+(c) 2017-2026 alex@alexi.ch

package/eslint.config.js CHANGED Viewed

@@ -4,10 +4,10 @@ import json from 'eslint-plugin-json';
 // eslint.config.js
 export default [
     eslintPluginPrettierRecommended,
-	{
-		files: ["**/*.json"],
-		...json.configs["recommended"]
-	  },
+    {
+        files: ['**/*.json'],
+        ...json.configs['recommended']
+    },
     {
         // extends: ['prettier', 'plugin:json/recommended'],
         languageOptions: {

package/index.js CHANGED Viewed

@@ -31,20 +31,17 @@ function normalizePathKey(str) {
  *
  * This function returns a promise that resolves when all dependencies are installed.
  */
-async function installTarDependencies(config, destKey) {
+async function installTarDependencies(config) {
     config = config || {};
     const deps = config.tarDependencies || {};
-    destKey = normalizePathKey(destKey);
     for (const key of Object.keys(deps)) {
-        if (destKey && key !== destKey) {
-            return;
-        }
         const fullOutdir = path.join(process.cwd(), key);
-        const url = deps[key].url;
+        const rawUrl = deps[key].url;
+        const url = rawUrl.replaceAll(/\$\{(\w+)\}/g, (_, name) => encodeURIComponent(process.env[name] ?? ''));
         const strip = deps[key].strip === undefined ? 1 : Number(deps[key].strip);
-        console.log('tar package: ' + url + ' => ' + key);
+        console.log('tar package: ' + rawUrl + ' => ' + key);
         await rimraf(fullOutdir);
         await mkdirp(fullOutdir);

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "tar-dependency",
-  "version": "0.2.0",
+  "version": "0.3.0",
   "description": "Fetches .tar(.gz) archives defined in package.json and extracts them to a specific location.",
   "main": "index.js",
   "type": "module",
@@ -12,11 +12,11 @@
   "license": "MIT",
   "dependencies": {
     "commander": "^13.1.0",
-    "jsonfile": "^6.1.0",
+    "jsonfile": "^6.2.1",
     "mkdirp": "^3.0.1",
     "node-fetch": "^2.6.5",
-    "rimraf": "^6.0.1",
-    "tar": "^7.4.3"
+    "rimraf": "^6.1.3",
+    "tar": "^7.5.16"
   },
   "devDependencies": {
     "eslint": "^9.20.0",