publish - npm Package Compare versions

Comparing version 0.3.0 to 0.3.1

index.js

@@ -54,4 +54,22 @@ var npm = require('npm'),
             remoteVersion(pkg, function(err, remoteVersion) {
-                if (shouldPublish(options, localVersion, remoteVersion)) {
-                    npmPublish(callback);
+                if (err) {
+                    callback(err);
+                } else if (shouldPublish(options, localVersion, remoteVersion)) {
+                    if (isTravis()) {
+                        log.info('running in travis');
+                        var npmUserCredentials = npmUserCredentials();
+                        if (npmUserCredentials) {
+                            npmAddUser(npmUserCredentials, function(err) {
+                                if (err) {
+                                    callback('error while trying to add npm user in travis: ' + err);
+                                } else {
+                                    npmPublish(callback);
+                                }
+                            });
+                        } else {
+                            callback('npm user credentials not found, make sure NPM_USERNAME, NPM_PASSWORD and NPM_EMAIL environment variables are set');
+                        }
+                    } else {
+                        npmPublish(callback);
+                    }
                 }
@@ -72,5 +90,22 @@ });
     });
+}
 
+function npmUserCredentials() {
+    if (process.env.NPM_USERNAME && process.env.NPM_PASSWORD && process.env.NPM_EMAIL) {
+        return {'username':process.env.NPM_USERNAME, 'password':process.env.NPM_PASSWORD, 'email':process.env.NPM_EMAIL}
+    } else {
+        return null;
+    }
 }
 
+function isTravis() {
+    return process.env.TRAVIS;
+}
+
+function npmAddUser(username, password, email, callback) {
+    npm.registry.adduser(username, password, email, function(err) {
+        callback(err);
+    });
+}
+
 function shouldPublish(options, localVersion, remoteVersion) {
@@ -77,0 +112,0 @@ options = options || {};

package.json

 {
   "name": "publish",
-  "version": "0.3.0",
+  "version": "0.3.1",
   "description": "npm auto publishing of your modules",
@@ -5,0 +5,0 @@ "main": "index.js",

New alerts

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 4 instances in 1 package

Improved metrics

Total package byte prevSize

12935

increased by12.5%

Lines of code

228

increased by16.92%

Worsened metrics

Number of low supply chain risk alerts

8

increased by700%

No dependency changes