@npmcli/config - npm Package Compare versions

Comparing version 2.1.0 to 2.2.0

lib/index.js

		@@ -200,7 +200,2 @@ // TODO: set the scope config from package.json or explicit cli config
		throw new Error('invalid config location param: ' + where)
		if (key === '_auth') {
		const { email } = this.getCredentialsByURI(this.get('registry'))
		if (!email)
		throw new Error('Cannot set _auth without first setting email')
		}
		this[_checkDeprecated](key)
		@@ -286,2 +281,10 @@ const { data } = this.data.get(where)

		process.emit('time', 'config:load:credentials')
		const reg = this.get('registry')
		const creds = this.getCredentialsByURI(reg)
		// ignore this error because a failed set will strip out anything that
		// might be a security hazard, which was the intention.
		try { this.setCredentialsByURI(reg, creds) } catch (_) {}
		process.emit('timeEnd', 'config:load:credentials')

		// set proper globalPrefix now that everything is loaded
		@@ -593,10 +596,13 @@ this.globalPrefix = this.get('prefix')
		if (def === nerfed) {
		// do not delete email, that shouldn't be nerfed any more.
		// just delete the nerfed copy, if one exists.
		this.delete(`-authtoken`, 'user')
		this.delete(`_authToken`, 'user')
		this.delete(`_authtoken`, 'user')
		this.delete(`_auth`, 'user')
		this.delete(`_password`, 'user')
		this.delete(`username`, 'user')
		this.delete(`email`, 'user')
		}
		this.delete(`${nerfed}:-authtoken`, 'user')
		this.delete(`${nerfed}:_authtoken`, 'user')
		this.delete(`${nerfed}:_authToken`, 'user')
		@@ -609,3 +615,3 @@ this.delete(`${nerfed}:_auth`, 'user')

		setCredentialsByURI (uri, { token, username, password, email, alwaysAuth }) {
		setCredentialsByURI (uri, { token, username, password, email }) {
		const nerfed = nerfDart(uri)
		@@ -618,9 +624,26 @@ const def = nerfDart(this.get('registry'))
		this.delete('username', 'user')
		this.delete('email', 'user')
		this.delete('_auth', 'user')
		this.delete('_authtoken', 'user')
		this.delete('-authtoken', 'user')
		this.delete('_authToken', 'user')
		}

		this.delete(`${nerfed}:-authtoken`)
		// email used to be nerfed always. if we're using the default
		// registry, de-nerf it.
		if (nerfed === def) {
		email = email \|\|
		this.get('email', 'user') \|\|
		this.get(`${nerfed}:email`, 'user')
		if (email)
		this.set('email', email, 'user')
		}

		// field that hasn't been used as documented for a LONG time,
		// and as of npm 7.10.0, isn't used at all. We just always
		// send auth if we have it, only to the URIs under the nerf dart.
		this.delete(`${nerfed}:always-auth`, 'user')

		this.delete(`${nerfed}:-authtoken`, 'user')
		this.delete(`${nerfed}:_authtoken`, 'user')
		this.delete(`${nerfed}:email`, 'user')
		if (token) {
		@@ -630,26 +653,13 @@ this.set(`${nerfed}:_authToken`, token, 'user')
		this.delete(`${nerfed}:username`, 'user')
		this.delete(`${nerfed}:email`, 'user')
		this.delete(`${nerfed}:always-auth`, 'user')
		} else if (username \|\| password \|\| email) {
		if (username \|\| password) {
		if (!username)
		throw new Error('must include username')
		if (!password)
		throw new Error('must include password')
		}
		if (!email)
		throw new Error('must include email')
		} else if (username \|\| password) {
		if (!username)
		throw new Error('must include username')
		if (!password)
		throw new Error('must include password')
		this.delete(`${nerfed}:_authToken`, 'user')
		if (username \|\| password) {
		this.set(`${nerfed}:username`, username, 'user')
		// note: not encrypted, no idea why we bothered to do this, but oh well
		// protects against shoulder-hacks if password is memorable, I guess?
		const encoded = Buffer.from(password, 'utf8').toString('base64')
		this.set(`${nerfed}:_password`, encoded, 'user')
		}
		this.set(`${nerfed}:email`, email, 'user')
		if (alwaysAuth !== undefined)
		this.set(`${nerfed}:always-auth`, alwaysAuth, 'user')
		else
		this.delete(`${nerfed}:always-auth`, 'user')
		this.set(`${nerfed}:username`, username, 'user')
		// note: not encrypted, no idea why we bothered to do this, but oh well
		// protects against shoulder-hacks if password is memorable, I guess?
		const encoded = Buffer.from(password, 'utf8').toString('base64')
		this.set(`${nerfed}:_password`, encoded, 'user')
		} else {
		@@ -665,9 +675,2 @@ throw new Error('No credentials to set.')

		// you can set always-auth for a single registry, or as a default
		const alwaysAuthReg = this.get(`${nerfed}:always-auth`)
		if (alwaysAuthReg !== undefined)
		creds.alwaysAuth = !!alwaysAuthReg
		else
		creds.alwaysAuth = this.get('always-auth')

		const email = this.get(`${nerfed}:email`) \|\| this.get('email')
		@@ -678,2 +681,3 @@ if (email)
		const tokenReg = this.get(`${nerfed}:_authToken`) \|\|
		this.get(`${nerfed}:_authtoken`) \|\|
		this.get(`${nerfed}:-authtoken`) \|\|
		@@ -697,2 +701,12 @@ nerfed === nerfDart(this.get('registry')) && this.get('_authToken')

		const authReg = this.get(`${nerfed}:_auth`)
		if (authReg) {
		const authDecode = Buffer.from(authReg, 'base64').toString('utf8')
		const authSplit = authDecode.split(':')
		creds.username = authSplit.shift()
		creds.password = authSplit.join(':')
		creds.auth = authReg
		return creds
		}

		// at this point, we can only use the values if the URI is the
		@@ -699,0 +713,0 @@ // default registry.

package.json

		{
		"name": "@npmcli/config",
		"version": "2.1.0",
		"version": "2.2.0",
		"files": [
		@@ -27,3 +27,3 @@ "lib"
		"devDependencies": {
		"tap": "^14.10.8"
		"tap": "^15.0.4"
		},
		@@ -30,0 +30,0 @@ "dependencies": {

@npmcli/config - npm Package Compare versions

New alerts

Fixed alerts

Improved metrics