fix: 🔒 don't write the auth token in npmrc (#31)

src/authentifier.test.ts

@@ -35,7 +35,6 @@ describe("Authentifier", () => {
         npm.authenticate(
           {
             registry: npmConfig.registry,
-            token: "token",
           },
           instance(context)
         )

src/authentifier.ts

@@ -15,10 +15,7 @@ export class Authentifier {
       throw new Error("NPM TOKEN needs to be set");
     }
 
-    await this.npm.authenticate(
-      { registry: npmConfig.registry, token: env.NPM_TOKEN },
-      context
-    );
+    await this.npm.authenticate({ registry: npmConfig.registry }, context);
 
     logger.log("npm token set");
   }

src/npm.test.ts

@@ -36,7 +36,7 @@ describe("npm", () => {
             "config",
             "set",
             "//registry.npmjs.org/:_authToken",
-            "token",
+            "${NPM_TOKEN}",
             "--json",
           ],
           {
@@ -47,7 +47,7 @@ describe("npm", () => {
       ).thenResolve(undefined as any);
 
       await npm.authenticate(
-        { registry: "https://registry.npmjs.org", token: "token" },
+        { registry: "https://registry.npmjs.org/" },
         instance(context)
       );
 

src/npm.ts

@@ -28,12 +28,12 @@ export class Npm {
   constructor(private readonly execa: Execa) {}
 
   public async authenticate(
-    { registry, token }: { registry: string; token: string },
+    { registry }: { registry: string },
     context: Context & Config
   ): Promise<void> {
-    const registryUrl = registry.replace(/^https?:/, "");
+    const registryUrl = registry.replace(/^https?:/, "").replace(/\/$/, "");
     await this.runJsonNpm(
-      ["config", "set", `${registryUrl}/:_authToken`, token],
+      ["config", "set", `${registryUrl}/:_authToken`, "${NPM_TOKEN}"],
       context
     );
   }