diff options
| -rw-r--r-- | node_modules/npm-registry-fetch/auth.js | 41 | ||||
| -rw-r--r-- | node_modules/npm-registry-fetch/package.json | 4 | ||||
| -rw-r--r-- | package-lock.json | 14 | ||||
| -rw-r--r-- | package.json | 2 |
4 files changed, 38 insertions, 23 deletions
diff --git a/node_modules/npm-registry-fetch/auth.js b/node_modules/npm-registry-fetch/auth.js index fafea54f3..80aed9cac 100644 --- a/node_modules/npm-registry-fetch/auth.js +++ b/node_modules/npm-registry-fetch/auth.js @@ -27,6 +27,21 @@ const hasAuth = (regKey, opts) => ( opts[`${regKey}:username`] && opts[`${regKey}:_password`] ) +const sameHost = (a, b) => { + const parsedA = new URL(a) + const parsedB = new URL(b) + return parsedA.host === parsedB.host +} + +const getRegistry = opts => { + const { spec } = opts + const { scope: specScope, subSpec } = spec ? npa(spec) : {} + const subSpecScope = subSpec && subSpec.scope + const scope = subSpec ? subSpecScope : specScope + const scopeReg = scope && opts[`${scope}:registry`] + return scopeReg || opts.registry +} + const getAuth = (uri, opts = {}) => { const { forceAuth } = opts if (!uri) @@ -44,19 +59,19 @@ const getAuth = (uri, opts = {}) => { }) } - // no auth for this URI - if (!regKey && opts.spec) { - // If making a tarball request to a different base URI than the - // registry where we logged in, but the same auth SHOULD be sent - // to that artifact host, then we track where it was coming in from, - // and warn the user if we get a 4xx error on it. - const { spec } = opts - const { scope: specScope, subSpec } = npa(spec) - const subSpecScope = subSpec && subSpec.scope - const scope = subSpec ? subSpecScope : specScope - const scopeReg = scope && opts[`${scope}:registry`] - const scopeAuthKey = scopeReg && regKeyFromURI(scopeReg, opts) - return new Auth({ scopeAuthKey }) + // no auth for this URI, but might have it for the registry + if (!regKey) { + const registry = getRegistry(opts) + if (registry && uri !== registry && sameHost(uri, registry)) + return getAuth(registry, opts) + else if (registry !== opts.registry) { + // If making a tarball request to a different base URI than the + // registry where we logged in, but the same auth SHOULD be sent + // to that artifact host, then we track where it was coming in from, + // and warn the user if we get a 4xx error on it. + const scopeAuthKey = regKeyFromURI(registry, opts) + return new Auth({ scopeAuthKey }) + } } const { diff --git a/node_modules/npm-registry-fetch/package.json b/node_modules/npm-registry-fetch/package.json index dab9cbb0c..8afda9259 100644 --- a/node_modules/npm-registry-fetch/package.json +++ b/node_modules/npm-registry-fetch/package.json @@ -1,6 +1,6 @@ { "name": "npm-registry-fetch", - "version": "10.1.0", + "version": "10.1.1", "description": "Fetch-based http client for use with npm registry APIs", "main": "index.js", "files": [ @@ -50,7 +50,7 @@ "require-inject": "^1.4.4", "rimraf": "^2.6.2", "ssri": "^8.0.0", - "tap": "^14.10.7" + "tap": "^15.0.4" }, "tap": { "check-coverage": true, diff --git a/package-lock.json b/package-lock.json index 3bf4c736e..9f9b6b68e 100644 --- a/package-lock.json +++ b/package-lock.json @@ -124,7 +124,7 @@ "npm-package-arg": "^8.1.2", "npm-pick-manifest": "^6.1.1", "npm-profile": "^5.0.3", - "npm-registry-fetch": "^10.1.0", + "npm-registry-fetch": "^10.1.1", "npm-user-validate": "^1.0.1", "npmlog": "~4.1.2", "opener": "^1.5.2", @@ -5466,9 +5466,9 @@ } }, "node_modules/npm-registry-fetch": { - "version": "10.1.0", - "resolved": "https://registry.npmjs.org/npm-registry-fetch/-/npm-registry-fetch-10.1.0.tgz", - "integrity": "sha512-XcKu0h6OuRTB7HO5uv8htavPQJ1dYTLAXLE5AMs4GFQ1LbY+LlHiNoqIbVshE3rk0vLk+nKxpA/4WJm1kE7eqg==", + "version": "10.1.1", + "resolved": "https://registry.npmjs.org/npm-registry-fetch/-/npm-registry-fetch-10.1.1.tgz", + "integrity": "sha512-F6a3l+ffCQ7hvvN16YG5bpm1rPZntCg66PLHDQ1apWJPOCUVHoKnL2w5fqEaTVhp42dmossTyXeR7hTGirfXrg==", "inBundle": true, "dependencies": { "lru-cache": "^6.0.0", @@ -14324,9 +14324,9 @@ } }, "npm-registry-fetch": { - "version": "10.1.0", - "resolved": "https://registry.npmjs.org/npm-registry-fetch/-/npm-registry-fetch-10.1.0.tgz", - "integrity": "sha512-XcKu0h6OuRTB7HO5uv8htavPQJ1dYTLAXLE5AMs4GFQ1LbY+LlHiNoqIbVshE3rk0vLk+nKxpA/4WJm1kE7eqg==", + "version": "10.1.1", + "resolved": "https://registry.npmjs.org/npm-registry-fetch/-/npm-registry-fetch-10.1.1.tgz", + "integrity": "sha512-F6a3l+ffCQ7hvvN16YG5bpm1rPZntCg66PLHDQ1apWJPOCUVHoKnL2w5fqEaTVhp42dmossTyXeR7hTGirfXrg==", "requires": { "lru-cache": "^6.0.0", "make-fetch-happen": "^8.0.9", diff --git a/package.json b/package.json index 7ee440d91..0a924a850 100644 --- a/package.json +++ b/package.json @@ -88,7 +88,7 @@ "npm-package-arg": "^8.1.2", "npm-pick-manifest": "^6.1.1", "npm-profile": "^5.0.3", - "npm-registry-fetch": "^10.1.0", + "npm-registry-fetch": "^10.1.1", "npm-user-validate": "^1.0.1", "npmlog": "~4.1.2", "opener": "^1.5.2", |