forked from semantic-release/npm
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
fix: check that npm token has write access on package
- Loading branch information
1 parent
ccd6f40
commit 2c69509
Showing
7 changed files
with
334 additions
and
35 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
export default { | ||
whoami: async ({ userconfig, registry }, execaOpts) => { | ||
const whoamiResult = execa( | ||
"npm", | ||
["whoami", ...(userconfig ? ["--userconfig", userconfig] : []), ...(registry ? ["--registry", registry] : [])], | ||
execaOpts | ||
); | ||
whoamiResult.stdout.pipe(stdout, { end: false }); | ||
whoamiResult.stderr.pipe(stderr, { end: false }); | ||
return (await whoamiResult).stdout.split("\n").pop(); | ||
}, | ||
accessListPackages: async ({ principal, pkg, userconfig, registry }, execaOpts) => { | ||
const accessResult = execa( | ||
"npm", | ||
[ | ||
"access", | ||
"list", | ||
"packages", | ||
principal, | ||
pkg, | ||
...(userconfig ? ["--userconfig", userconfig] : []), | ||
...(registry ? ["--registry", registry] : []), | ||
], | ||
execaOpts | ||
); | ||
accessResult.stdout.pipe(stdout, { end: false }); | ||
accessResult.stderr.pipe(stderr, { end: false }); | ||
return Object.fromEntries((await accessResult).stdout.split("\n").map((line) => line.split(/\s*:\s*/))); | ||
}, | ||
}; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,55 @@ | ||
import { execa } from "execa"; | ||
import normalizeUrl from "normalize-url"; | ||
import AggregateError from "aggregate-error"; | ||
import getError from "./get-error.js"; | ||
import getRegistry from "./get-registry.js"; | ||
import setNpmrcAuth from "./set-npmrc-auth.js"; | ||
import defaultNpm from "./npm.js"; | ||
|
||
export default async function (npmrc, pkg, context, npm = defaultNpm) { | ||
const { | ||
cwd, | ||
env: { DEFAULT_NPM_REGISTRY = "https://registry.npmjs.org/", ...env }, | ||
stdout, | ||
stderr, | ||
} = context; | ||
const registry = getRegistry(pkg, context); | ||
|
||
if (context.lastRelease?.version && normalizeUrl(registry) === normalizeUrl(DEFAULT_NPM_REGISTRY)) { | ||
let user; | ||
try { | ||
user = await npm.whoami( | ||
{ userconfig: npmrc, registry }, | ||
{ | ||
cwd, | ||
env, | ||
preferLocal: true, | ||
} | ||
); | ||
} catch { | ||
throw new AggregateError([getError("EINVALIDNPMTOKEN", { registry })]); | ||
} | ||
|
||
let packages; | ||
try { | ||
packages = await npm.accessListPackages( | ||
{ | ||
principal: user, | ||
pkg: pkg.name, | ||
userconfig: npmrc, | ||
registry, | ||
}, | ||
{ | ||
cwd, | ||
env, | ||
preferLocal: true, | ||
} | ||
); | ||
} catch { | ||
throw new AggregateError([getError("EINVALIDNPMTOKEN", { registry })]); | ||
} | ||
if (packages[pkg.name] !== "read-write") { | ||
throw new AggregateError([getError("EINVALIDNPMTOKEN", { registry })]); | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,44 @@ | ||
import path from "path"; | ||
import test from "ava"; | ||
import fs from "fs-extra"; | ||
import { temporaryDirectory, temporaryFile } from "tempy"; | ||
import { execa } from "execa"; | ||
import { stub } from "sinon"; | ||
import { WritableStreamBuffer } from "stream-buffers"; | ||
import verifyNpmAuth from "../lib/verify-auth.js"; | ||
|
||
test.beforeEach((t) => { | ||
t.context.log = stub(); | ||
t.context.logger = { log: t.context.log }; | ||
t.context.stdout = new WritableStreamBuffer(); | ||
t.context.stderr = new WritableStreamBuffer(); | ||
}); | ||
|
||
test("Verify valid token and access", async (t) => { | ||
const cwd = temporaryDirectory(); | ||
const npmrc = temporaryFile({ name: ".npmrc" }); | ||
const packagePath = path.resolve(cwd, "package.json"); | ||
const pkg = { name: "foo", version: "0.0.0-dev" }; | ||
await fs.outputJson(packagePath, pkg); | ||
|
||
const npm = { | ||
whoami: async () => "bob", | ||
accessListPackages: async () => ({}), | ||
}; | ||
|
||
await t.notThrowsAsync(() => | ||
verifyNpmAuth( | ||
npmrc, | ||
pkg, | ||
{ | ||
cwd, | ||
env: {}, | ||
stdout: t.context.stdout, | ||
stderr: t.context.stderr, | ||
nextRelease: { version: "1.0.0" }, | ||
logger: t.context.logger, | ||
}, | ||
npm | ||
) | ||
); | ||
}); |
Oops, something went wrong.