fix: settings related to authorization should be set by npm CLI (#6195)

close #6181
2026-04-27 10:30:58 -04:00 · 2023-03-08 03:17:15 +02:00
parent 962c2b78b9
commit 6314a47b82
7 changed files with 67 additions and 1 deletions
--- a/.changeset/nervous-dots-sleep.md
+++ b/.changeset/nervous-dots-sleep.md
@@ -0,0 +1,6 @@
+---
+"@pnpm/plugin-commands-config": patch
+"pnpm": patch
+---
+
+Settings related to authorization should be set/deleted by npm CLI [#6181](https://github.com/pnpm/pnpm/issues/6181).
--- a/config/plugin-commands-config/package.json
+++ b/config/plugin-commands-config/package.json
@@ -33,6 +33,7 @@
    "@pnpm/cli-utils": "workspace:*",
    "@pnpm/config": "workspace:*",
    "@pnpm/error": "workspace:*",
+    "@pnpm/run-npm": "workspace:*",
    "ini": "3.0.1",
    "read-ini-file": "4.0.0",
    "render-help": "^1.0.3",
--- a/config/plugin-commands-config/src/ConfigCommandOptions.ts
+++ b/config/plugin-commands-config/src/ConfigCommandOptions.ts
@@ -5,6 +5,7 @@ export type ConfigCommandOptions = Pick<Config,
 | 'cliOptions'
 | 'dir'
 | 'global'
+| 'npmPath'
 | 'rawConfig'
 > & {
  json?: boolean
--- a/config/plugin-commands-config/src/configSet.ts
+++ b/config/plugin-commands-config/src/configSet.ts
@@ -1,10 +1,20 @@
 import path from 'path'
+import { runNpm } from '@pnpm/run-npm'
 import { readIniFile } from 'read-ini-file'
 import { writeIniFile } from 'write-ini-file'
 import { ConfigCommandOptions } from './ConfigCommandOptions'

 export async function configSet (opts: ConfigCommandOptions, key: string, value: string | null) {
  const configPath = opts.global ? path.join(opts.configDir, 'rc') : path.join(opts.dir, '.npmrc')
+  if (opts.global && settingShouldFallBackToNpm(key)) {
+    const _runNpm = runNpm.bind(null, opts.npmPath)
+    if (value == null) {
+      _runNpm(['config', 'delete', key])
+    } else {
+      _runNpm(['config', 'set', `${key}=${value}`])
+    }
+    return
+  }
  const settings = await safeReadIniFile(configPath)
  if (value == null) {
    if (settings[key] == null) return
@@ -15,6 +25,14 @@ export async function configSet (opts: ConfigCommandOptions, key: string, value:
  await writeIniFile(configPath, settings)
 }

+function settingShouldFallBackToNpm (key: string): boolean {
+  return (
+    ['registry', '_auth', '_authToken', 'username', '_password'].includes(key) ||
+    key[0] === '@' ||
+    key.startsWith('//')
+  )
+}
+
 async function safeReadIniFile (configPath: string): Promise<Record<string, unknown>> {
  try {
    return await readIniFile(configPath) as Record<string, unknown>
--- a/config/plugin-commands-config/test/managingAuthSettings.test.ts
+++ b/config/plugin-commands-config/test/managingAuthSettings.test.ts
@@ -0,0 +1,33 @@
+import { config } from '@pnpm/plugin-commands-config'
+import { runNpm } from '@pnpm/run-npm'
+
+jest.mock('@pnpm/run-npm', () => ({
+  runNpm: jest.fn(),
+}))
+
+describe.each(
+  [
+    '_auth',
+    '_authToken',
+    '_password',
+    'username',
+    'registry',
+    '@foo:registry',
+    '//registry.npmjs.org/:_authToken',
+  ]
+)('settings related to auth are handled by npm CLI', (key) => {
+  const configOpts = {
+    dir: process.cwd(),
+    cliOptions: {},
+    configDir: __dirname, // this doesn't matter, it won't be used
+    rawConfig: {},
+  }
+  it(`should set ${key}`, async () => {
+    await config.handler(configOpts, ['set', `${key}=123`])
+    expect(runNpm).toHaveBeenCalledWith(undefined, ['config', 'set', `${key}=123`])
+  })
+  it(`should delete ${key}`, async () => {
+    await config.handler(configOpts, ['delete', key])
+    expect(runNpm).toHaveBeenCalledWith(undefined, ['config', 'delete', key])
+  })
+})
--- a/config/plugin-commands-config/tsconfig.json
+++ b/config/plugin-commands-config/tsconfig.json
@@ -15,6 +15,9 @@
    {
      "path": "../../cli/cli-utils"
    },
+    {
+      "path": "../../exec/run-npm"
+    },
    {
      "path": "../../packages/error"
    },
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -711,6 +711,9 @@ importers:
      '@pnpm/error':
        specifier: workspace:*
        version: link:../../packages/error
+      '@pnpm/run-npm':
+        specifier: workspace:*
+        version: link:../../exec/run-npm
      ini:
        specifier: 3.0.1
        version: 3.0.1
@@ -7997,7 +8000,7 @@ packages:
      '@pnpm/find-workspace-dir': 5.0.1
      '@pnpm/find-workspace-packages': 5.0.36(@pnpm/logger@5.0.0)(@yarnpkg/core@4.0.0-rc.14)(typanion@3.12.1)
      '@pnpm/logger': 5.0.0
-      '@pnpm/types': 8.9.0
+      '@pnpm/types': 8.10.0
      '@yarnpkg/core': 4.0.0-rc.14(typanion@3.12.1)
      load-json-file: 7.0.1
      meow: 10.1.5
@@ -8546,6 +8549,7 @@ packages:
  /@pnpm/types@8.9.0:
    resolution: {integrity: sha512-3MYHYm8epnciApn6w5Fzx6sepawmsNU7l6lvIq+ER22/DPSrr83YMhU/EQWnf4lORn2YyiXFj0FJSyJzEtIGmw==}
    engines: {node: '>=14.6'}
+    dev: false

  /@pnpm/util.lex-comparator@1.0.0:
    resolution: {integrity: sha512-3aBQPHntVgk5AweBWZn+1I/fqZ9krK/w01197aYVkAJQGftb+BVWgEepxY5GChjSW12j52XX+CmfynYZ/p0DFQ==}