Latest Threat Research:SANDWORM_MODE: Shai-Hulud-Style npm Worm Hijacks CI Workflows and Poisons AI Toolchains.Details
Socket
Book a DemoInstallSign in
Socket
Book a DemoInstallSign in

@pnpm/npm-conf

Package Overview
Dependencies
Maintainers
2
Versions
21
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@pnpm/npm-conf - npm Package Compare versions

Comparing version
3.0.1
 to
3.0.2
+8
lib/util.test.js
const util = require('./util.js');
test('parseField', () => {
process.env.FOO = 'foo_value';
expect(() => util.parseField({}, '${FOO}', 'tokenHelper')).toThrow('It is not allowed to use environment variables in the value of the tokenHelper');
expect(() => util.parseField({}, '${FOO}', '//registry.npmjs.org/:tokenHelper')).toThrow('It is not allowed to use environment variables in the value of the //registry.npmjs.org/:tokenHelper');
expect(util.parseField({}, '${FOO}', 'foo')).toBe('foo_value');
});
+8
-1
lib/util.js

@@ -58,3 +58,10 @@ 'use strict';

field = envReplace(field, process.env);
const processedField = envReplace(field, process.env);
// Skip environment variable substitution for tokenHelper to prevent command injection
// via attacker-controlled environment variables
if ((key.endsWith(':tokenHelper') || key === 'tokenHelper') && processedField !== field) {
throw new Error(`It is not allowed to use environment variables in the value of the ${key} setting.`);
} else {
field = processedField;
}

@@ -61,0 +68,0 @@ if (isPath) {

+41
-41
package.json
{
"name": "@pnpm/npm-conf",
"version": "3.0.1",
"description": "Get the npm config",
"license": "MIT",
"repository": "pnpm/npm-conf",
"engines": {
"node": ">=12"
},
"files": [
"index.js",
"lib"
],
"keywords": [
"conf",
"config",
"global",
"npm",
"path",
"prefix",
"rc"
],
"dependencies": {
"@pnpm/config.env-replace": "^1.1.0",
"@pnpm/network.ca-file": "^1.0.1",
"config-chain": "^1.1.11"
},
"devDependencies": {
"@types/node": "^14.0.14",
"babel-generator": "^6.24.1",
"babel-traverse": "^6.24.1",
"babylon": "^6.17.1",
"eslint-import-resolver-node": "^0.3.2",
"jest": "^25.1.0",
"npm": "^5.0.4",
"typescript": "^3.9.6"
},
"scripts": {
"__prepublishOnly": "node lib/make.js && tsc -p lib/tsconfig.make-out.json",
"test": "jest"
}
}
"name": "@pnpm/npm-conf",
"version": "3.0.2",
"description": "Get the npm config",
"license": "MIT",
"repository": "pnpm/npm-conf",
"engines": {
"node": ">=12"
},
"scripts": {
"__prepublishOnly": "node lib/make.js && tsc -p lib/tsconfig.make-out.json",
"test": "jest"
},
"files": [
"index.js",
"lib"
],
"keywords": [
"conf",
"config",
"global",
"npm",
"path",
"prefix",
"rc"
],
"dependencies": {
"@pnpm/config.env-replace": "^1.1.0",
"@pnpm/network.ca-file": "^1.0.1",
"config-chain": "^1.1.11"
},
"devDependencies": {
"@types/node": "^14.0.14",
"babel-generator": "^6.24.1",
"babel-traverse": "^6.24.1",
"babylon": "^6.17.1",
"eslint-import-resolver-node": "^0.3.2",
"jest": "^25.1.0",
"npm": "^5.0.4",
"typescript": "^3.9.6"
}
}