npmconf - npm Package Compare versions

Comparing version 2.0.1 to 2.0.2

config-defs.js

@@ -161,2 +161,3 @@ // defaults, types, and shorthands.
     , "init.author.url" : ""
+    , "init.version": "0.0.0"
     , "init.license": "ISC"
@@ -262,2 +263,3 @@ , json: false
   , "init.license": String
+  , "init.version": semver
   , json: Boolean
@@ -264,0 +266,0 @@ , key: [null, String]

lib/get-credentials-by-uri.js

@@ -10,2 +10,3 @@ var assert = require("assert")
   var nerfed = toNerfDart(uri)
+  var defnerf = toNerfDart(this.get("registry"))
 
@@ -20,4 +21,20 @@ var c = {scope : nerfed}
 
+  // Handle the old-style _auth=<base64> style for the default
+  // registry, if set.
+  //
+  // XXX(isaacs): Remove when npm 1.4 is no longer relevant
+  var authDef = this.get("_auth")
+  var userDef = this.get("username")
+  var passDef = this.get("_password")
+  if (authDef && !(userDef && passDef)) {
+    authDef = new Buffer(authDef, "base64").toString()
+    authDef = authDef.split(":")
+    userDef = authDef.shift()
+    passDef = authDef.join(":")
+  }
+
   if (this.get(nerfed + ":_password")) {
     c.password = new Buffer(this.get(nerfed + ":_password"), "base64").toString("utf8")
+  } else if (nerfed === defnerf && passDef) {
+    c.password = passDef
   }
@@ -27,2 +44,4 @@
     c.username = this.get(nerfed + ":username")
+  } else if (nerfed === defnerf && userDef) {
+    c.username = userDef
   }
@@ -32,2 +51,4 @@
     c.email = this.get(nerfed + ":email")
+  } else if (this.get("email")) {
+    c.email = this.get("email")
   }
@@ -34,0 +55,0 @@

npmconf.js

@@ -341,3 +341,4 @@
       // it is a "_" - convert all other to "-"
-      var p = k.replace(/^npm_config_/, '')
+      var p = k.toLowerCase()
+               .replace(/^npm_config_/, '')
                .replace(/(?!^)_/g, '-')
@@ -344,0 +345,0 @@ conf[p] = env[k]

package.json

 {
   "name": "npmconf",
-  "version": "2.0.1",
+  "version": "2.0.2",
   "description": "The config thing npm uses",
@@ -5,0 +5,0 @@ "main": "npmconf.js",

test/00-setup.js

@@ -6,2 +6,26 @@ var path = require('path')
 exports.builtin = path.resolve(__dirname, 'fixtures', 'builtin')
+exports.ucData =
+  { globalconfig: exports.globalconfig,
+    email: 'i@izs.me',
+    'env-thing': 'asdf',
+    'init.author.name': 'Isaac Z. Schlueter',
+    'init.author.email': 'i@izs.me',
+    'init.author.url': 'http://blog.izs.me/',
+    'init.version': '1.2.3',
+    'proprietary-attribs': false,
+    'npm:publishtest': true,
+    '_npmjs.org:couch': 'https://admin:password@localhost:5984/registry',
+    'npm-www:nocache': '1',
+    nodedir: '/Users/isaacs/dev/js/node-v0.8',
+    'sign-git-tag': true,
+    message: 'v%s',
+    'strict-ssl': false,
+    'tmp': process.env.HOME + '/.tmp',
+    _auth: 'dXNlcm5hbWU6cGFzc3dvcmQ=',
+    _token:
+     { AuthSession: 'yabba-dabba-doodle',
+       version: '1',
+       expires: '1345001053415',
+       path: '/',
+       httponly: true } }
 
@@ -19,2 +43,3 @@ // set the userconfig in the env
 process.env.npm_config__underbar_env_thing = 'underful'
+process.env.NPM_CONFIG_UPPERCASE_ENV_THING = 42
 
@@ -24,2 +49,3 @@ exports.envData = {
   '_underbar-env-thing': 'underful',
+  'uppercase-env-thing': '42',
   'other-env-thing': '1000'
@@ -30,2 +56,3 @@ }
   '_underbar-env-thing': 'underful',
+  'uppercase-env-thing': 42,
   'other-env-thing': 1000,
@@ -32,0 +59,0 @@ }

test/basic.js

@@ -8,25 +8,3 @@ var test = require('tap').test
 
-var ucData =
-  { globalconfig: common.globalconfig,
-    email: 'i@izs.me',
-    'env-thing': 'asdf',
-    'init.author.name': 'Isaac Z. Schlueter',
-    'init.author.email': 'i@izs.me',
-    'init.author.url': 'http://blog.izs.me/',
-    'proprietary-attribs': false,
-    'npm:publishtest': true,
-    '_npmjs.org:couch': 'https://admin:password@localhost:5984/registry',
-    'npm-www:nocache': '1',
-    nodedir: '/Users/isaacs/dev/js/node-v0.8',
-    'sign-git-tag': true,
-    message: 'v%s',
-    'strict-ssl': false,
-    'tmp': process.env.HOME + '/.tmp',
-    _token:
-     { AuthSession: 'yabba-dabba-doodle',
-       version: '1',
-       expires: '1345001053415',
-       path: '/',
-       httponly: true } }
-
+var ucData = common.ucData
 var envData = common.envData
@@ -33,0 +11,0 @@ var envDataFix = common.envDataFix

test/builtin.js

@@ -6,24 +6,3 @@ var test = require('tap').test
 
-var ucData =
-  { globalconfig: common.globalconfig,
-    email: 'i@izs.me',
-    'env-thing': 'asdf',
-    'init.author.name': 'Isaac Z. Schlueter',
-    'init.author.email': 'i@izs.me',
-    'init.author.url': 'http://blog.izs.me/',
-    'proprietary-attribs': false,
-    'npm:publishtest': true,
-    '_npmjs.org:couch': 'https://admin:password@localhost:5984/registry',
-    'npm-www:nocache': '1',
-    nodedir: '/Users/isaacs/dev/js/node-v0.8',
-    'sign-git-tag': true,
-    message: 'v%s',
-    'strict-ssl': false,
-    'tmp': process.env.HOME + '/.tmp',
-    _token:
-     { AuthSession: 'yabba-dabba-doodle',
-       version: '1',
-       expires: '1345001053415',
-       path: '/',
-       httponly: true } }
+var ucData = common.ucData
 
@@ -30,0 +9,0 @@ var envData = common.envData

test/credentials.js

@@ -152,1 +152,16 @@ var test = require("tap").test
 })
+
+test("get old-style credentials for default registry", function (t) {
+  npmconf.load(common.builtin, function (er, conf) {
+    var actual = conf.getCredentialsByURI(conf.get("registry"))
+    var expected = {
+      scope: '//registry.npmjs.org/',
+      password: 'password',
+      username: 'username',
+      email: 'i@izs.me',
+      auth: 'dXNlcm5hbWU6cGFzc3dvcmQ='
+    }
+    t.same(actual, expected)
+    t.end()
+  })
+})

test/project.js

@@ -10,25 +10,3 @@ var test = require('tap').test
 
-var ucData =
-  { globalconfig: common.globalconfig,
-    email: 'i@izs.me',
-    'env-thing': 'asdf',
-    'init.author.name': 'Isaac Z. Schlueter',
-    'init.author.email': 'i@izs.me',
-    'init.author.url': 'http://blog.izs.me/',
-    'proprietary-attribs': false,
-    'npm:publishtest': true,
-    '_npmjs.org:couch': 'https://admin:password@localhost:5984/registry',
-    'npm-www:nocache': '1',
-    nodedir: '/Users/isaacs/dev/js/node-v0.8',
-    'sign-git-tag': true,
-    message: 'v%s',
-    'strict-ssl': false,
-    'tmp': process.env.HOME + '/.tmp',
-    _token:
-     { AuthSession: 'yabba-dabba-doodle',
-       version: '1',
-       expires: '1345001053415',
-       path: '/',
-       httponly: true } }
-
+var ucData = common.ucData
 var envData = common.envData
@@ -35,0 +13,0 @@ var envDataFix = common.envDataFix

test/save.js

@@ -13,2 +13,3 @@ var test = require('tap').test
     'init.author.url = http://blog.izs.me/',
+    'init.version = 1.2.3',
     'proprietary-attribs = false',
@@ -21,2 +22,3 @@ 'npm:publishtest = true',
     'strict-ssl = false',
+    '_auth = dXNlcm5hbWU6cGFzc3dvcmQ=',
     '',
@@ -37,2 +39,3 @@ '[_token]',
     'init.author.url = http://blog.izs.me/',
+    'init.version = 1.2.3',
     'proprietary-attribs = false',
@@ -45,2 +48,3 @@ 'npm:publishtest = true',
     'strict-ssl = false',
+    '_auth = dXNlcm5hbWU6cGFzc3dvcmQ=',
     '',
@@ -47,0 +51,0 @@ '[_token]',

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Lines of code

1357

increased by0.37%

Number of low supply chain risk alerts

40

decreased by-2.44%

Worsened metrics

Total package byte prevSize

46693

decreased by-0.33%

Number of package files

27

decreased by-6.9%

No dependency changes