@yarnpkg/plugin-npm
Advanced tools
@yarnpkg/plugin-npm - npm Package Compare versions
Comparing version 2.7.2 to 2.7.3
@@ -83,3 +83,3 @@ "use strict"; | ||
| } | ||
| otp = await askForOtp(); | ||
| otp = await askForOtp(error, { configuration }); | ||
| const headersWithOtp = { ...headers, ...getOtpHeaders(otp) }; | ||
@@ -115,3 +115,3 @@ // Retrying request with OTP | ||
| } | ||
| otp = await askForOtp(); | ||
| otp = await askForOtp(error, { configuration }); | ||
| const headersWithOtp = { ...headers, ...getOtpHeaders(otp) }; | ||
@@ -147,3 +147,3 @@ // Retrying request with OTP | ||
| } | ||
| otp = await askForOtp(); | ||
| otp = await askForOtp(error, { configuration }); | ||
| const headersWithOtp = { ...headers, ...getOtpHeaders(otp) }; | ||
@@ -215,5 +215,36 @@ // Retrying request with OTP | ||
| } | ||
| async function askForOtp() { | ||
| if (process.env.TEST_ENV) | ||
| return process.env.TEST_NPM_2FA_TOKEN || ``; | ||
| async function askForOtp(error, { configuration }) { | ||
| var _a; | ||
| const notice = (_a = error.originalError) === null || _a === void 0 ? void 0 : _a.response.headers[`npm-notice`]; | ||
| if (notice) { | ||
| await core_1.StreamReport.start({ | ||
| configuration, | ||
| stdout: process.stdout, | ||
| includeFooter: false, | ||
| }, async (report) => { | ||
| report.reportInfo(core_2.MessageName.UNNAMED, notice.replace(/(https?:\/\/\S+)/g, core_1.formatUtils.pretty(configuration, `$1`, core_1.formatUtils.Type.URL))); | ||
| if (!process.env.YARN_IS_TEST_ENV) { | ||
| const autoOpen = notice.match(/open (https?:\/\/\S+)/i); | ||
| if (autoOpen && core_1.nodeUtils.openUrl) { | ||
| const { openNow } = await (0, enquirer_1.prompt)({ | ||
| type: `confirm`, | ||
| name: `openNow`, | ||
| message: `Do you want to try to open this url now?`, | ||
| required: true, | ||
| initial: true, | ||
| onCancel: () => process.exit(130), | ||
| }); | ||
| if (openNow) { | ||
| if (!await core_1.nodeUtils.openUrl(autoOpen[1])) { | ||
| report.reportSeparator(); | ||
| report.reportWarning(core_2.MessageName.UNNAMED, `We failed to automatically open the url; you'll have to open it yourself in your browser of choice.`); | ||
| } | ||
| } | ||
| } | ||
| } | ||
| }); | ||
| process.stdout.write(`\n`); | ||
| } | ||
| if (process.env.YARN_IS_TEST_ENV) | ||
| return process.env.YARN_INJECT_NPM_2FA_TOKEN || ``; | ||
| const { otp } = await (0, enquirer_1.prompt)({ | ||
@@ -226,2 +257,3 @@ type: `password`, | ||
| }); | ||
| process.stdout.write(`\n`); | ||
| return otp; | ||
@@ -228,0 +260,0 @@ } |
| { | ||
| "name": "@yarnpkg/plugin-npm", | ||
| "version": "2.7.2", | ||
| "version": "2.7.3", | ||
| "license": "BSD-2-Clause", | ||
| "main": "./lib/index.js", | ||
| "dependencies": { | ||
| "@yarnpkg/fslib": "^2.8.0", | ||
| "@yarnpkg/fslib": "^2.9.0", | ||
| "enquirer": "^2.3.6", | ||
@@ -14,4 +14,4 @@ "semver": "^7.1.2", | ||
| "peerDependencies": { | ||
| "@yarnpkg/core": "^3.2.5", | ||
| "@yarnpkg/plugin-pack": "^3.1.3" | ||
| "@yarnpkg/core": "^3.3.0", | ||
| "@yarnpkg/plugin-pack": "^3.1.4" | ||
| }, | ||
@@ -21,4 +21,4 @@ "devDependencies": { | ||
| "@types/ssri": "^6.0.1", | ||
| "@yarnpkg/core": "^3.2.5", | ||
| "@yarnpkg/plugin-pack": "^3.1.3" | ||
| "@yarnpkg/core": "^3.3.0", | ||
| "@yarnpkg/plugin-pack": "^3.1.4" | ||
| }, | ||
@@ -25,0 +25,0 @@ "repository": { |
New alerts
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 2 instances in 1 package
Fixed alerts
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 2 instances in 1 package
Improved metrics
- Total package byte prevSize
- increased by3.17%
54876
- Lines of code
- increased by2.82%
1167
Worsened metrics
- Number of low supply chain risk alerts
- increased by50%
3
Dependency changes
Updated@yarnpkg/fslib@^2.9.0