From 3c72b6b2de39d0f6f312e8db418cb0b9557cd04c Mon Sep 17 00:00:00 2001 From: Zoltan Kochan Date: Tue, 30 Dec 2025 17:04:05 +0100 Subject: [PATCH] feat: add validation to `tokenHelper` settings to disallow environment variables --- .changeset/chubby-garlics-sort.md | 6 ++++++ pnpm-lock.yaml | 26 +++++++++++++------------- pnpm-workspace.yaml | 2 +- 3 files changed, 20 insertions(+), 14 deletions(-) create mode 100644 .changeset/chubby-garlics-sort.md diff --git a/.changeset/chubby-garlics-sort.md b/.changeset/chubby-garlics-sort.md new file mode 100644 index 0000000000..4038ff168a --- /dev/null +++ b/.changeset/chubby-garlics-sort.md @@ -0,0 +1,6 @@ +--- +"@pnpm/config": patch +"pnpm": patch +--- + +Throw an error if the value of the `tokenHelper` or `:tokenHelper` setting contains an environment variable. diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 52673f2ff2..5edba4a983 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -70,8 +70,8 @@ catalogs: specifier: ^0.3.1 version: 0.3.1 '@pnpm/npm-conf': - specifier: 3.0.1 - version: 3.0.1 + specifier: 3.0.2 + version: 3.0.2 '@pnpm/npm-lifecycle': specifier: ^1001.0.0 version: 1001.0.0 @@ -1669,7 +1669,7 @@ importers: version: link:../../packages/naming-cases '@pnpm/npm-conf': specifier: 'catalog:' - version: 3.0.1 + version: 3.0.2 '@pnpm/pnpmfile': specifier: workspace:* version: link:../../hooks/pnpmfile @@ -10528,8 +10528,8 @@ packages: resolution: {integrity: sha512-LdFkv/+4ONkQ9ZyE8ihC2L2RcPjvNcOTQq6pvvvZp8KeDYATCJeJX7gpHZF3Bx1XvUSU35dyF9Q9dS+JShtOFA==} engines: {node: '>=12'} - '@pnpm/npm-conf@3.0.1': - resolution: {integrity: sha512-Y3yZmbs0OqZcb2lB6eq7mFEtwvGG0xeMnhQeI+rkAUH0RHkoS69iXAIb2Q+DgsaFEryQH6hrcc+HFPsLzS/yIg==} + '@pnpm/npm-conf@3.0.2': + resolution: {integrity: sha512-h104Kh26rR8tm+a3Qkc5S4VLYint3FE48as7+/5oCEcKR2idC/pF1G6AhIXKI+eHPJa/3J9i5z0Al47IeGHPkA==} engines: {node: '>=12'} '@pnpm/npm-lifecycle@1000.0.4': @@ -18405,7 +18405,7 @@ snapshots: '@pnpm/fs.packlist': 2.0.0 '@pnpm/logger': 1001.0.0 '@pnpm/prepare-package': 1000.0.16(@pnpm/logger@1001.0.0)(typanion@3.14.0) - '@pnpm/worker': 1000.1.7(@pnpm/logger@1001.0.0)(@types/node@22.15.30) + '@pnpm/worker': 1000.1.7(@pnpm/logger@packages+logger)(@types/node@22.15.30) '@zkochan/rimraf': 3.0.2 execa: safe-execa@0.1.2 transitivePeerDependencies: @@ -18540,7 +18540,7 @@ snapshots: '@pnpm/find-workspace-dir': 1000.1.0 '@pnpm/logger': 1001.0.0 '@pnpm/types': 1000.6.0 - '@pnpm/worker': 1000.1.7(@pnpm/logger@1001.0.0)(@types/node@22.15.30) + '@pnpm/worker': 1000.1.7(@pnpm/logger@packages+logger)(@types/node@22.15.30) '@pnpm/workspace.find-packages': 1000.0.25(@pnpm/logger@1001.0.0)(@pnpm/worker@1000.1.7(@pnpm/logger@1001.0.0)(@types/node@22.15.30))(typanion@3.14.0) '@pnpm/workspace.read-manifest': 1000.1.5 load-json-file: 7.0.1 @@ -18602,7 +18602,7 @@ snapshots: '@pnpm/network.ca-file': 1.0.2 config-chain: 1.1.13 - '@pnpm/npm-conf@3.0.1': + '@pnpm/npm-conf@3.0.2': dependencies: '@pnpm/config.env-replace': 1.1.0 '@pnpm/network.ca-file': 1.0.2 @@ -18746,7 +18746,7 @@ snapshots: '@pnpm/store-controller-types': 1003.0.2 '@pnpm/store.cafs': 1000.0.13 '@pnpm/types': 1000.6.0 - '@pnpm/worker': 1000.1.7(@pnpm/logger@1001.0.0)(@types/node@22.15.30) + '@pnpm/worker': 1000.1.7(@pnpm/logger@packages+logger)(@types/node@22.15.30) p-defer: 3.0.0 p-limit: 3.1.0 p-queue: 6.6.2 @@ -18765,7 +18765,7 @@ snapshots: '@pnpm/store-controller-types': 1003.0.2 '@pnpm/store.cafs': 1000.0.13 '@pnpm/types': 1000.6.0 - '@pnpm/worker': 1000.1.7(@pnpm/logger@1001.0.0)(@types/node@22.15.30) + '@pnpm/worker': 1000.1.7(@pnpm/logger@packages+logger)(@types/node@22.15.30) '@zkochan/rimraf': 3.0.2 load-json-file: 6.2.0 ramda: '@pnpm/ramda@0.28.1' @@ -19044,7 +19044,7 @@ snapshots: '@pnpm/graceful-fs': 1000.0.0 '@pnpm/logger': 1001.0.0 '@pnpm/prepare-package': 1000.0.16(@pnpm/logger@1001.0.0)(typanion@3.14.0) - '@pnpm/worker': 1000.1.7(@pnpm/logger@1001.0.0)(@types/node@22.15.30) + '@pnpm/worker': 1000.1.7(@pnpm/logger@packages+logger)(@types/node@22.15.30) '@zkochan/retry': 0.2.0 lodash.throttle: 4.1.1 p-map-values: 1.0.0 @@ -19083,7 +19083,7 @@ snapshots: dependencies: isexe: 2.0.0 - '@pnpm/worker@1000.1.7(@pnpm/logger@1001.0.0)(@types/node@22.15.30)': + '@pnpm/worker@1000.1.7(@pnpm/logger@packages+logger)(@types/node@22.15.30)': dependencies: '@pnpm/cafs-types': 1000.0.0 '@pnpm/create-cafs-store': 1000.0.14(@pnpm/logger@1001.0.0) @@ -19092,7 +19092,7 @@ snapshots: '@pnpm/exec.pkg-requires-build': 1000.0.8 '@pnpm/fs.hard-link-dir': 1000.0.1(@pnpm/logger@1001.0.0) '@pnpm/graceful-fs': 1000.0.0 - '@pnpm/logger': 1001.0.0 + '@pnpm/logger': link:packages/logger '@pnpm/store.cafs': 1000.0.13 '@pnpm/symlink-dependency': 1000.0.9(@pnpm/logger@1001.0.0) '@rushstack/worker-pool': 0.4.9(@types/node@22.15.30) diff --git a/pnpm-workspace.yaml b/pnpm-workspace.yaml index 777fd6090a..41d5f40312 100644 --- a/pnpm-workspace.yaml +++ b/pnpm-workspace.yaml @@ -81,7 +81,7 @@ catalog: '@pnpm/meta-updater': 2.0.6 '@pnpm/network.agent': ^2.0.3 '@pnpm/nopt': ^0.3.1 - '@pnpm/npm-conf': 3.0.1 + '@pnpm/npm-conf': 3.0.2 '@pnpm/npm-lifecycle': ^1001.0.0 '@pnpm/npm-package-arg': ^2.0.0 '@pnpm/os.env.path-extender': ^2.0.3