feat: add validation to tokenHelper settings to disallow environment variables

2026-04-27 10:30:58 -04:00 · 2025-12-30 17:04:05 +01:00
parent 11352aabbf
commit 3c72b6b2de
3 changed files with 20 additions and 14 deletions
--- a/.changeset/chubby-garlics-sort.md
+++ b/.changeset/chubby-garlics-sort.md
@@ -0,0 +1,6 @@
+---
+"@pnpm/config": patch
+"pnpm": patch
+---
+
+Throw an error if the value of the `tokenHelper` or `<url>:tokenHelper` setting contains an environment variable.
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -70,8 +70,8 @@ catalogs:
      specifier: ^0.3.1
      version: 0.3.1
    '@pnpm/npm-conf':
-      specifier: 3.0.1
-      version: 3.0.1
+      specifier: 3.0.2
+      version: 3.0.2
    '@pnpm/npm-lifecycle':
      specifier: ^1001.0.0
      version: 1001.0.0
@@ -1669,7 +1669,7 @@ importers:
        version: link:../../packages/naming-cases
      '@pnpm/npm-conf':
        specifier: 'catalog:'
-        version: 3.0.1
+        version: 3.0.2
      '@pnpm/pnpmfile':
        specifier: workspace:*
        version: link:../../hooks/pnpmfile
@@ -10528,8 +10528,8 @@ packages:
    resolution: {integrity: sha512-LdFkv/+4ONkQ9ZyE8ihC2L2RcPjvNcOTQq6pvvvZp8KeDYATCJeJX7gpHZF3Bx1XvUSU35dyF9Q9dS+JShtOFA==}
    engines: {node: '>=12'}

-  '@pnpm/npm-conf@3.0.1':
-    resolution: {integrity: sha512-Y3yZmbs0OqZcb2lB6eq7mFEtwvGG0xeMnhQeI+rkAUH0RHkoS69iXAIb2Q+DgsaFEryQH6hrcc+HFPsLzS/yIg==}
+  '@pnpm/npm-conf@3.0.2':
+    resolution: {integrity: sha512-h104Kh26rR8tm+a3Qkc5S4VLYint3FE48as7+/5oCEcKR2idC/pF1G6AhIXKI+eHPJa/3J9i5z0Al47IeGHPkA==}
    engines: {node: '>=12'}

  '@pnpm/npm-lifecycle@1000.0.4':
@@ -18405,7 +18405,7 @@ snapshots:
      '@pnpm/fs.packlist': 2.0.0
      '@pnpm/logger': 1001.0.0
      '@pnpm/prepare-package': 1000.0.16(@pnpm/logger@1001.0.0)(typanion@3.14.0)
-      '@pnpm/worker': 1000.1.7(@pnpm/logger@1001.0.0)(@types/node@22.15.30)
+      '@pnpm/worker': 1000.1.7(@pnpm/logger@packages+logger)(@types/node@22.15.30)
      '@zkochan/rimraf': 3.0.2
      execa: safe-execa@0.1.2
    transitivePeerDependencies:
@@ -18540,7 +18540,7 @@ snapshots:
      '@pnpm/find-workspace-dir': 1000.1.0
      '@pnpm/logger': 1001.0.0
      '@pnpm/types': 1000.6.0
-      '@pnpm/worker': 1000.1.7(@pnpm/logger@1001.0.0)(@types/node@22.15.30)
+      '@pnpm/worker': 1000.1.7(@pnpm/logger@packages+logger)(@types/node@22.15.30)
      '@pnpm/workspace.find-packages': 1000.0.25(@pnpm/logger@1001.0.0)(@pnpm/worker@1000.1.7(@pnpm/logger@1001.0.0)(@types/node@22.15.30))(typanion@3.14.0)
      '@pnpm/workspace.read-manifest': 1000.1.5
      load-json-file: 7.0.1
@@ -18602,7 +18602,7 @@ snapshots:
      '@pnpm/network.ca-file': 1.0.2
      config-chain: 1.1.13

-  '@pnpm/npm-conf@3.0.1':
+  '@pnpm/npm-conf@3.0.2':
    dependencies:
      '@pnpm/config.env-replace': 1.1.0
      '@pnpm/network.ca-file': 1.0.2
@@ -18746,7 +18746,7 @@ snapshots:
      '@pnpm/store-controller-types': 1003.0.2
      '@pnpm/store.cafs': 1000.0.13
      '@pnpm/types': 1000.6.0
-      '@pnpm/worker': 1000.1.7(@pnpm/logger@1001.0.0)(@types/node@22.15.30)
+      '@pnpm/worker': 1000.1.7(@pnpm/logger@packages+logger)(@types/node@22.15.30)
      p-defer: 3.0.0
      p-limit: 3.1.0
      p-queue: 6.6.2
@@ -18765,7 +18765,7 @@ snapshots:
      '@pnpm/store-controller-types': 1003.0.2
      '@pnpm/store.cafs': 1000.0.13
      '@pnpm/types': 1000.6.0
-      '@pnpm/worker': 1000.1.7(@pnpm/logger@1001.0.0)(@types/node@22.15.30)
+      '@pnpm/worker': 1000.1.7(@pnpm/logger@packages+logger)(@types/node@22.15.30)
      '@zkochan/rimraf': 3.0.2
      load-json-file: 6.2.0
      ramda: '@pnpm/ramda@0.28.1'
@@ -19044,7 +19044,7 @@ snapshots:
      '@pnpm/graceful-fs': 1000.0.0
      '@pnpm/logger': 1001.0.0
      '@pnpm/prepare-package': 1000.0.16(@pnpm/logger@1001.0.0)(typanion@3.14.0)
-      '@pnpm/worker': 1000.1.7(@pnpm/logger@1001.0.0)(@types/node@22.15.30)
+      '@pnpm/worker': 1000.1.7(@pnpm/logger@packages+logger)(@types/node@22.15.30)
      '@zkochan/retry': 0.2.0
      lodash.throttle: 4.1.1
      p-map-values: 1.0.0
@@ -19083,7 +19083,7 @@ snapshots:
    dependencies:
      isexe: 2.0.0

-  '@pnpm/worker@1000.1.7(@pnpm/logger@1001.0.0)(@types/node@22.15.30)':
+  '@pnpm/worker@1000.1.7(@pnpm/logger@packages+logger)(@types/node@22.15.30)':
    dependencies:
      '@pnpm/cafs-types': 1000.0.0
      '@pnpm/create-cafs-store': 1000.0.14(@pnpm/logger@1001.0.0)
@@ -19092,7 +19092,7 @@ snapshots:
      '@pnpm/exec.pkg-requires-build': 1000.0.8
      '@pnpm/fs.hard-link-dir': 1000.0.1(@pnpm/logger@1001.0.0)
      '@pnpm/graceful-fs': 1000.0.0
-      '@pnpm/logger': 1001.0.0
+      '@pnpm/logger': link:packages/logger
      '@pnpm/store.cafs': 1000.0.13
      '@pnpm/symlink-dependency': 1000.0.9(@pnpm/logger@1001.0.0)
      '@rushstack/worker-pool': 0.4.9(@types/node@22.15.30)
--- a/pnpm-workspace.yaml
+++ b/pnpm-workspace.yaml
@@ -81,7 +81,7 @@ catalog:
  '@pnpm/meta-updater': 2.0.6
  '@pnpm/network.agent': ^2.0.3
  '@pnpm/nopt': ^0.3.1
-  '@pnpm/npm-conf': 3.0.1
+  '@pnpm/npm-conf': 3.0.2
  '@pnpm/npm-lifecycle': ^1001.0.0
  '@pnpm/npm-package-arg': ^2.0.0
  '@pnpm/os.env.path-extender': ^2.0.3