diff options
| author | isaacs <i@izs.me> | 2021-04-24 01:23:54 +0300 |
|---|---|---|
| committer | isaacs <i@izs.me> | 2021-04-24 01:23:54 +0300 |
| commit | c74e67fc6572bb001d74c7486c05d211a0e03de8 (patch) | |
| tree | c629ae00b871882865e1f4f6269da3f235697219 /node_modules/npm-registry-fetch | |
| parent | b61eac693df82c52b955e6c18ec4dcf4cedea8a3 (diff) | |
npm-registry-fetch@10.1.1
Second piece of the fix for https://github.com/npm/cli/issues/3130
Diffstat (limited to 'node_modules/npm-registry-fetch')
| -rw-r--r-- | node_modules/npm-registry-fetch/auth.js | 41 | ||||
| -rw-r--r-- | node_modules/npm-registry-fetch/package.json | 4 |
2 files changed, 30 insertions, 15 deletions
diff --git a/node_modules/npm-registry-fetch/auth.js b/node_modules/npm-registry-fetch/auth.js index fafea54f3..80aed9cac 100644 --- a/node_modules/npm-registry-fetch/auth.js +++ b/node_modules/npm-registry-fetch/auth.js @@ -27,6 +27,21 @@ const hasAuth = (regKey, opts) => ( opts[`${regKey}:username`] && opts[`${regKey}:_password`] ) +const sameHost = (a, b) => { + const parsedA = new URL(a) + const parsedB = new URL(b) + return parsedA.host === parsedB.host +} + +const getRegistry = opts => { + const { spec } = opts + const { scope: specScope, subSpec } = spec ? npa(spec) : {} + const subSpecScope = subSpec && subSpec.scope + const scope = subSpec ? subSpecScope : specScope + const scopeReg = scope && opts[`${scope}:registry`] + return scopeReg || opts.registry +} + const getAuth = (uri, opts = {}) => { const { forceAuth } = opts if (!uri) @@ -44,19 +59,19 @@ const getAuth = (uri, opts = {}) => { }) } - // no auth for this URI - if (!regKey && opts.spec) { - // If making a tarball request to a different base URI than the - // registry where we logged in, but the same auth SHOULD be sent - // to that artifact host, then we track where it was coming in from, - // and warn the user if we get a 4xx error on it. - const { spec } = opts - const { scope: specScope, subSpec } = npa(spec) - const subSpecScope = subSpec && subSpec.scope - const scope = subSpec ? subSpecScope : specScope - const scopeReg = scope && opts[`${scope}:registry`] - const scopeAuthKey = scopeReg && regKeyFromURI(scopeReg, opts) - return new Auth({ scopeAuthKey }) + // no auth for this URI, but might have it for the registry + if (!regKey) { + const registry = getRegistry(opts) + if (registry && uri !== registry && sameHost(uri, registry)) + return getAuth(registry, opts) + else if (registry !== opts.registry) { + // If making a tarball request to a different base URI than the + // registry where we logged in, but the same auth SHOULD be sent + // to that artifact host, then we track where it was coming in from, + // and warn the user if we get a 4xx error on it. + const scopeAuthKey = regKeyFromURI(registry, opts) + return new Auth({ scopeAuthKey }) + } } const { diff --git a/node_modules/npm-registry-fetch/package.json b/node_modules/npm-registry-fetch/package.json index dab9cbb0c..8afda9259 100644 --- a/node_modules/npm-registry-fetch/package.json +++ b/node_modules/npm-registry-fetch/package.json @@ -1,6 +1,6 @@ { "name": "npm-registry-fetch", - "version": "10.1.0", + "version": "10.1.1", "description": "Fetch-based http client for use with npm registry APIs", "main": "index.js", "files": [ @@ -50,7 +50,7 @@ "require-inject": "^1.4.4", "rimraf": "^2.6.2", "ssri": "^8.0.0", - "tap": "^14.10.7" + "tap": "^15.0.4" }, "tap": { "check-coverage": true, |