Skip to content
This repository has been archived by the owner on Nov 3, 2022. It is now read-only.

[BUG] config will no longer save registry-specific always-auth field #17

Closed
mmarston opened this issue May 19, 2021 · 2 comments
Closed

[BUG] config will no longer save registry-specific always-auth field #17

mmarston opened this issue May 19, 2021 · 2 comments

Comments

@mmarston
Copy link

What / Why

As of #16, specifically commit 0ac3605c (remove registry-specific always-auth field) the npm config set command will no longer set a registry-specific always-auth field.

While the the npm CLI as of version 7 no longer makes use of the always-auth field then .npmrc file may be used by older versions of npm as well as other clients such as yarn. Since npm no longer uses always-auth there is no reason for the npm config set command to treat this field any different than any other field that npm does not use.

In particular this behavior breaks AWS CodeArtifact users that use yarn. The aws codeartifact login runs npm config set commands like the ones in the steps to reproduce below (plus another npm config set to set a registry-specific _authToken).

Steps to Reproduce

I've observed this behavior with npm CLI version 7.13.0 (other npm 7 versions may also be affected).

I've cleared my .npmrc.

rm ~/.npmrc

If I set the registry field:

npm config set registry https://example.com/npm/repo/

And then try to set always-auth for that registry:

npm config set //example.com/npm/repo/:always-auth true

Then npm ignores the attempt to set always-auth.

$ cat ~/.npmrc
registry=https://example.com/npm/repo/

If I set a different attribute, such as a miss-spelled always-oath it succeeds:

$ npm config set //example.com/npm/repo/:always-oath true
$ cat ~/.npmrc
registry=https://example.com/npm/repo/
//example.com/npm/repo/:always-oath=true

Also, if I set registry to a second registry then I can successfully set always-auth for the first registry:

$ npm config set registry https://example.com/npm/repo2/
$ npm config set //example.com/npm/repo/:always-auth true
$ cat ~/.npmrc
registry=https://example.com/npm/repo2/
//example.com/npm/repo/:always-oath=true
//example.com/npm/repo/:always-auth=true

Expected Behavior

I would expect npm config set //example.com/npm/repo/:always-auth true to set the field just as it would if I set an arbitrary field such as npm config set //example.com/npm/repo/:always-oath true.

I expect to use the npm config command to be able configure the .npmrc file even if I later using a different version of npm or a different client that reads my config from the .npmrc.

If the npm team agrees then I believe this can be fixed by removing lines 636 to 639 of lib/index.js

If not and there is a strong reason why this command should not succeed as I've requested then the command should fail with a non-zero exit code and should output a message informing the user why they can no longer set this field.

References
@mmarston
Copy link
Author

@isaacs since you made the code changes in #16, what do you think about this issue?

@wraithgar
Copy link
Member

this config has been removed altogether. npm requires that all auth be targeted to a specific registry

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@wraithgar @mmarston