Research
Security News
Threat Actor Exposes Playbook for Exploiting npm to Build Blockchain-Powered Botnets
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
registry-auth-token
Advanced tools
The registry-auth-token npm package is designed to retrieve authentication tokens for accessing private npm registries. It parses npm configuration files to extract authentication information, which can be useful for automated scripts or tools that interact with npm registries.
Retrieve authentication token
This feature allows the retrieval of an authentication token from the user's npm configuration. The token can then be used for authenticated operations with npm registries.
const getAuthToken = require('registry-auth-token');
const token = getAuthToken();
console.log(token);
Retrieve token with options
This feature extends the basic token retrieval by allowing options such as 'recursive' to be set, which controls how the npm configuration is parsed for authentication tokens.
const getAuthToken = require('registry-auth-token');
const options = { recursive: true };
const token = getAuthToken(options);
console.log(token);
Similar to registry-auth-token, npm-registry-client interacts with npm registries but offers a broader set of functionalities including publishing packages, setting tags, and handling user authentication. It provides a more comprehensive interface for interacting with npm registries compared to the focused functionality of registry-auth-token.
While npm-profile is primarily focused on managing user profiles on the npm registry, it also deals with authentication aspects. It differs from registry-auth-token by providing functionalities to view and edit user profile details, which is not covered by registry-auth-token.
Get the auth token set for an npm registry from .npmrc
. Also allows fetching the configured registry URL for a given npm scope.
npm install --save registry-auth-token
Returns an object containing token
and type
, or undefined
if no token can be found. type
can be either Bearer
or Basic
.
var getAuthToken = require('registry-auth-token')
var getRegistryUrl = require('registry-auth-token/registry-url')
// Get auth token and type for default `registry` set in `.npmrc`
console.log(getAuthToken()) // {token: 'someToken', type: 'Bearer'}
// Get auth token for a specific registry URL
console.log(getAuthToken('//registry.foo.bar'))
// Find the registry auth token for a given URL (with deep path):
// If registry is at `//some.host/registry`
// URL passed is `//some.host/registry/deep/path`
// Will find token the closest matching path; `//some.host/registry`
console.log(getAuthToken('//some.host/registry/deep/path', {recursive: true}))
// Find the configured registry url for scope `@foobar`.
// Falls back to the global registry if not defined.
console.log(getRegistryUrl('@foobar'))
// Use the npm config that is passed in
console.log(getRegistryUrl('http://registry.foobar.eu/', {
npmrc: {
'registry': 'http://registry.foobar.eu/',
'//registry.foobar.eu/:_authToken': 'qar'
}
}))
// If auth info can be found:
{token: 'someToken', type: 'Bearer'}
// Or:
{token: 'someOtherToken', type: 'Basic'}
// Or, if nothing is found:
undefined
Please be careful when using this. Leaking your auth token is dangerous.
MIT-licensed. See LICENSE.
[4.2.2] - 2022-06-16
rc
module to 1.2.8
to avoid malware in compromised versions (Espen Hovlandsdal)FAQs
Get the auth token set for an npm registry (if any)
The npm package registry-auth-token receives a total of 10,086,834 weekly downloads. As such, registry-auth-token popularity was classified as popular.
We found that registry-auth-token demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.