package-json
Advanced tools
Comparing version 2.3.3 to 2.4.0
21
index.js
@@ -5,3 +5,3 @@ 'use strict'; | ||
var registryUrl = require('registry-url'); | ||
var rc = require('rc'); | ||
var registryAuthToken = require('registry-auth-token'); | ||
var semver = require('semver'); | ||
@@ -11,18 +11,9 @@ | ||
var scope = name.split('/')[0]; | ||
var pkgUrl = url.resolve(registryUrl(scope), encodeURIComponent(name).replace(/^%40/, '@')); | ||
var npmrc = rc('npm'); | ||
var token; | ||
if (!npmrc.registry || url.parse(npmrc.registry).hostname === 'registry.npmjs.org') { | ||
token = npmrc[scope + ':_authToken'] || npmrc['//registry.npmjs.org/:_authToken']; | ||
} | ||
var regUrl = registryUrl(scope); | ||
var pkgUrl = url.resolve(regUrl, encodeURIComponent(name).replace(/^%40/, '@')); | ||
var authInfo = registryAuthToken(regUrl); | ||
var headers = {}; | ||
if (token) { | ||
if (process.env.NPM_TOKEN) { | ||
token = token.replace('${NPM_TOKEN}', process.env.NPM_TOKEN); | ||
} | ||
headers.authorization = 'Bearer ' + token; | ||
if (authInfo) { | ||
headers.authorization = authInfo.type + ' ' + authInfo.token; | ||
} | ||
@@ -29,0 +20,0 @@ |
{ | ||
"name": "package-json", | ||
"version": "2.3.3", | ||
"version": "2.4.0", | ||
"description": "Get the package.json of a package from the npm registry", | ||
@@ -34,3 +34,3 @@ "license": "MIT", | ||
"got": "^5.0.0", | ||
"rc": "^1.1.2", | ||
"registry-auth-token": "^3.0.1", | ||
"registry-url": "^3.0.3", | ||
@@ -41,4 +41,5 @@ "semver": "^5.1.0" | ||
"ava": "*", | ||
"mock-private-registry": "^1.1.0", | ||
"xo": "*" | ||
} | ||
} |
@@ -45,2 +45,8 @@ # package-json [![Build Status](https://travis-ci.org/sindresorhus/package-json.svg?branch=master)](https://travis-ci.org/sindresorhus/package-json) | ||
## Authentication | ||
Both public and private registries are supported, for both scoped and unscoped packages, as long as the registry uses either bearer tokens or basic authentication. | ||
## Related | ||
@@ -47,0 +53,0 @@ |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 1 instance in 1 package
5179
64
1
3
45
+ Addedregistry-auth-token@^3.0.1
+ Addedregistry-auth-token@3.4.0(transitive)
- Removedrc@^1.1.2