NotificationsYou must be signed in to change notification settings
Fork0
Star0

Commit8cb4c04

committed

fix: verify authentication for default npm registry only

1 parent1e612b6 commit8cb4c04Copy full SHA for 8cb4c04

File tree

3 files changed

+31

-5

lines changed

3 files changed

+31

-5

lines changed

`‎lib/verify-auth.js‎`

Lines changed: 16 additions & 5 deletions

Original file line number	Diff line number	Diff line change
`@@ -1,14 +1,25 @@`
`1`	`1`	`constexeca=require('execa');`
	`2`	`+constnormalizeUrl=require('normalize-url');`
`2`	`3`	`constSemanticReleaseError=require('@semantic-release/error');`
`3`	`4`	`constgetRegistry=require('./get-registry');`
`4`	`5`	`constsetNpmrcAuth=require('./set-npmrc-auth');`
`5`	`6`
`6`		`-module.exports=async(pluginConfig,pkg,logger)=>{`
	`7`	`+constDEFAULT_NPM_REGISTRY='https://registry.npmjs.org/';`
	`8`	`+`
	`9`	`+module.exports=async(`
	`10`	`+pluginConfig,`
	`11`	`+pkg,`
	`12`	`+logger,`
	`13`	`+defaultRegistry=process.env.DEFAULT_NPM_REGISTRY\|\|DEFAULT_NPM_REGISTRY`
	`14`	`+)=>{`
`7`	`15`	`constregistry=awaitgetRegistry(pkg.publishConfig,pkg.name);`
`8`	`16`	`awaitsetNpmrcAuth(registry,logger);`
`9`		`-try{`
`10`		`-awaitexeca('npm',['whoami','--registry',registry]);`
`11`		`-}catch(err){`
`12`		`-thrownewSemanticReleaseError('Invalid npm token.','EINVALIDNPMTOKEN');`
	`17`	`+`
	`18`	`+if(normalizeUrl(registry)===normalizeUrl(defaultRegistry)){`
	`19`	`+try{`
	`20`	`+awaitexeca('npm',['whoami','--registry',registry]);`
	`21`	`+}catch(err){`
	`22`	`+thrownewSemanticReleaseError('Invalid npm token.','EINVALIDNPMTOKEN');`
	`23`	`+}`
`13`	`24`	`}`
`14`	`25`	`};`

`‎package.json‎`

Lines changed: 1 addition & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -22,6 +22,7 @@`
`22`	`22`	`"fs-extra":"^5.0.0",`
`23`	`23`	`"lodash":"^4.17.4",`
`24`	`24`	`"nerf-dart":"^1.0.0",`
	`25`	`+"normalize-url":"^2.0.1",`
`25`	`26`	`"npm-conf":"^1.1.3",`
`26`	`27`	`"npm-registry-client":"^8.5.0",`
`27`	`28`	`"read-pkg":"^3.0.0",`

`‎test/integration.test.js‎`

Lines changed: 14 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -26,6 +26,7 @@ test.beforeEach(async t => {`
`26`	`26`	`deleteprocess.env.NPM_USERNAME;`
`27`	`27`	`deleteprocess.env.NPM_PASSWORD;`
`28`	`28`	`deleteprocess.env.NPM_EMAIL;`
	`29`	`+deleteprocess.env.DEFAULT_NPM_REGISTRY;`
`29`	`30`	`// Create a git repository, set the current working directory at the root of the repo`
`30`	`31`	`awaitgitRepo();`
`31`	`32`	`awaitgitCommit('Initial commit');`
`@@ -58,6 +59,7 @@ test.serial('Skip npm auth verification if "npmPublish" is false', async t => {`
`58`	`59`
`59`	`60`	`test.serial('Throws error if NPM token is invalid',asynct=>{`
`60`	`61`	`process.env.NPM_TOKEN='wrong_token';`
	`62`	`+process.env.DEFAULT_NPM_REGISTRY=npmRegistry.url;`
`61`	`63`	`constpkg={name:'published',version:'1.0.0',publishConfig:{registry:npmRegistry.url}};`
`62`	`64`	`awaitoutputJson('./package.json',pkg);`
`63`	`65`	`consterror=awaitt.throws(t.context.m.verifyConditions({},{options:{},logger:t.context.logger}));`
`@@ -70,10 +72,21 @@ test.serial('Throws error if NPM token is invalid', async t => {`
`70`	`72`	`t.regex(npmrc,/:_authToken/);`
`71`	`73`	`});`
`72`	`74`
	`75`	`+test.serial('Skip Token validation if the registry configured is not the default one',asynct=>{`
	`76`	`+process.env.NPM_TOKEN='wrong_token';`
	`77`	`+constpkg={name:'published',version:'1.0.0',publishConfig:{registry:'http://custom-registry.com/'}};`
	`78`	`+awaitoutputJson('./package.json',pkg);`
	`79`	`+awaitt.notThrows(t.context.m.verifyConditions({},{options:{},logger:t.context.logger}));`
	`80`	`+`
	`81`	`+constnpmrc=(awaitreadFile('.npmrc')).toString();`
	`82`	`+t.regex(npmrc,/:_authToken/);`
	`83`	`+});`
	`84`	`+`
`73`	`85`	`test.serial(`
`74`	`86`	`'Throws error if NPM token is invalid if "npmPublish" is false and npm plugin used for "getLastRelease"',`
`75`	`87`	`asynct=>{`
`76`	`88`	`process.env.NPM_TOKEN='wrong_token';`
	`89`	`+process.env.DEFAULT_NPM_REGISTRY=npmRegistry.url;`
`77`	`90`	`constpkg={name:'published',version:'1.0.0',publishConfig:{registry:npmRegistry.url}};`
`78`	`91`	`awaitoutputJson('./package.json',pkg);`
`79`	`92`	`consterror=awaitt.throws(`
`@@ -96,6 +109,7 @@ test.serial(`
`96`	`109`	`'Throws error if NPM token is invalid if "npmPublish" is false and npm plugin used for "getLastRelease" as an object',`
`97`	`110`	`asynct=>{`
`98`	`111`	`process.env.NPM_TOKEN='wrong_token';`
	`112`	`+process.env.DEFAULT_NPM_REGISTRY=npmRegistry.url;`
`99`	`113`	`constpkg={name:'published',version:'1.0.0',publishConfig:{registry:npmRegistry.url}};`
`100`	`114`	`awaitoutputJson('./package.json',pkg);`
`101`	`115`	`consterror=awaitt.throws(`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit8cb4c04

File tree

3 files changed

3 files changed

`‎lib/verify-auth.js‎`

`‎package.json‎`

`‎test/integration.test.js‎`

0 commit comments