config: Search for authentication token defined by environment variable

As discussed on npm.community[1], the fact that npm registry authentication tokens cannot be defined using environment variables does not seem justified anymore. The restriction is caused by the config loader translating * all `_` to `-` * the whole variable name to lowercase while the credential checker expects a key ending in `:_authToken`. This change fixes the problem by having the credential checker try a key ending in `:-authtoken` after it tried `:_authToken`. Closes npm/npm#15565 [1]: https://npm.community/t/cannot-set-npm-config-keys-containing-underscores-registry-auth-tokens-for-example-via-npm-config-environment-variables/233
npm · Jul 23, 2018 · ff44be1 · ff44be1
1 parent 4c65cd9
commit ff44be1
Showing 1 changed file with 6 additions and 0 deletions.
diff --git a/lib/config/get-credentials-by-uri.js b/lib/config/get-credentials-by-uri.js
@@ -34,6 +34,12 @@ function getCredentialsByURI (uri) {
     return c
   }
 
+  if (this.get(nerfed + ':-authtoken')) {
+    c.token = this.get(nerfed + ':-authtoken')
+    // the bearer token is enough, don't confuse things
+    return c
+  }
+
   // Handle the old-style _auth=<base64> style for the default
   // registry, if set.
   var authDef = this.get('_auth')