Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

npmrc file missing for test project #1670

Closed
Tracked by #3913
mthalman opened this issue Jan 16, 2024 · 2 comments · Fixed by #1722
Closed
Tracked by #3913

npmrc file missing for test project #1670

mthalman opened this issue Jan 16, 2024 · 2 comments · Fixed by #1722
Assignees
@eerhardt @joperezr
Labels
area-meta

Comments

@mthalman
Copy link
Member

The Secure Supply Chain Analysis build step is warning of a missing npmrc file:

##[warning]tests/testproject/nodeapp/package.json - CFS0001: Missing sibling .npmrc file. (https://aka.ms/cfs/npm)

Related to #1419

Let's get these SCCA warnings cleaned up for Preview 1. These show up in VMR builds, causing warnings which makes it difficult to identify when another new warnings pop up.
@dotnet-issue-labeler dotnet-issue-labeler bot added the needs-area-label An area label is needed to ensure this gets routed to the appropriate area owners label Jan 16, 2024
This was referenced Jan 16, 2024
Closed
Merged
@DamianEdwards DamianEdwards added area-meta and removed untriaged needs-area-label An area label is needed to ensure this gets routed to the appropriate area owners labels Jan 16, 2024
@ellahathaway ellahathaway mentioned this issue Jan 18, 2024
Closed
18 tasks
@eerhardt
Copy link
Member

cc @davidfowl - who added the test.

(To anyone who knows) Is there a normal/default npmrc registry we can use? The internal documentation says to make a file that looks like:

registry=https://pkgs.dev.azure.com/[YOUR-ORGANIZATION]/[YOUR-PROJECT]/_packaging/[YOUR-PROJECT]_PublicPackages/npm/registry/

always-auth=true

But what should we put for [YOUR-ORGANIZATION]/[YOUR-PROJECT]? I don't think we need or want to make a brand new registry just for this test app.

eerhardt added a commit to eerhardt/aspire that referenced this issue Jan 19, 2024
@eerhardt
Add .npmrc file
d5fda5a 
Resolves a Security Supply Chain Violation

Fix dotnet#1670
eerhardt added a commit to eerhardt/aspire that referenced this issue Jan 19, 2024
@eerhardt
Add .npmrc file
f5d75dd 
Resolves a Security Supply Chain Violation

Fix dotnet#1670
@eerhardt eerhardt mentioned this issue Jan 19, 2024
Merged
@eerhardt
Copy link
Member

Opened #1722 to resolve this.

@eerhardt eerhardt self-assigned this Jan 19, 2024
eerhardt added a commit that referenced this issue Jan 22, 2024
@eerhardt
Add .npmrc file (#1722)
3c99c90 
Resolves a Security Supply Chain Violation

Fix #1670
@github-actions github-actions bot locked and limited conversation to collaborators Apr 25, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@eerhardt eerhardt

@joperezr joperezr

Labels
area-meta
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add .npmrc file eerhardt/aspire
4 participants
@DamianEdwards @eerhardt @joperezr @mthalman