pacote - npm Package Compare versions

Comparing version 2.7.18 to 2.7.19

CHANGELOG.md

@@ -5,2 +5,12 @@ # Change Log
 
+<a name="2.7.19"></a>
+## [2.7.19](https://github.com/zkat/pacote/compare/v2.7.18...v2.7.19) (2017-05-25)
+
+
+### Bug Fixes
+
+* **registry:** respect alwaysAuth ([150788a](https://github.com/zkat/pacote/commit/150788a))
+
+
+
 <a name="2.7.18"></a>
@@ -7,0 +17,0 @@ ## [2.7.18](https://github.com/zkat/pacote/compare/v2.7.17...v2.7.18) (2017-05-25)

lib/fetchers/registry/fetch.js

@@ -82,10 +82,13 @@ 'use strict'
     opts.auth &&
-    // If these two are on different hosts, don't send credentials.
-    // This is mainly used by the tarball fetcher.
-    url.parse(uri).host === url.parse(registry).host &&
     opts.auth[registryKey(registry)]
   )
-  if (auth && auth.token) {
+  // If a tarball is hosted on a different place than the manifest, only send
+  // credentials on `alwaysAuth`
+  const shouldAuth = auth && (
+    auth.alwaysAuth ||
+    url.parse(uri).host === url.parse(registry).host
+  )
+  if (shouldAuth && auth.token) {
     headers.authorization = `Bearer ${auth.token}`
-  } else if (auth && opts.alwaysAuth && auth.username && auth.password) {
+  } else if (shouldAuth && auth.username && auth.password) {
     const encoded = Buffer.from(
@@ -92,0 +95,0 @@ `${auth.username}:${auth.password}`, 'utf8'

package.json

 {
   "name": "pacote",
-  "version": "2.7.18",
+  "version": "2.7.19",
   "description": "JavaScript package downloader",
@@ -5,0 +5,0 @@ "main": "index.js",

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

77703

increased by0.33%

Lines of code

1532

increased by0.2%

No dependency changes