mirror/pnpm
1
0
Fork 0
mirror of https://github.com/pnpm/pnpm.git synced 2026-06-28 01:45:30 -04:00
Code Issues Packages Projects Releases Wiki Activity
Files
511e74200d00a9c4706cb22433da1cbef7d7c310
pnpm/config/reader/test/getNetworkConfigs.test.ts
Zoltan Kochan 681b593eb2 fix: support scope-specific registry auth tokens (#12392) 
pnpm can now use different auth tokens for different package scopes, even when those scopes use the same registry URL.

Previously, auth was selected only by registry URL. If `@org-a` and `@org-b` both used `https://npm.pkg.github.com/`, they had to share the same token. This caused problems for registries that issue tokens per organization or per scope.

Configure a scope-specific token by adding the package scope after the registry URL in the auth key:

```ini
@org-a:registry=https://npm.pkg.github.com/
@org-b:registry=https://npm.pkg.github.com/

//npm.pkg.github.com/:@org-a:_authToken=${ORG_A_TOKEN}
//npm.pkg.github.com/:@org-b:_authToken=${ORG_B_TOKEN}

//npm.pkg.github.com/:_authToken=${FALLBACK_TOKEN}
```

`pnpm login --registry=https://npm.pkg.github.com --scope=@org-a` writes the token to the same scope-specific auth key.

When installing or publishing `@org-a/*`, pnpm uses `ORG_A_TOKEN`. For `@org-b/*`, pnpm uses `ORG_B_TOKEN`. Packages without a matching scope continue to use the registry-wide fallback token.
2026-06-14 11:43:30 +02:00

218 lines
5.5 KiB
TypeScript
Raw Blame History

import fs from 'node:fs'
import { expect, test } from '@jest/globals'
import { prepareEmpty } from '@pnpm/prepare'
import { getNetworkConfigs, type NetworkConfigs } from '../src/getNetworkConfigs.js'
test('without files', () => {
expect(getNetworkConfigs({})).toStrictEqual({
registries: {},
} as NetworkConfigs)
expect(getNetworkConfigs({
'@foo:registry': 'https://example.com/foo',
})).toStrictEqual({
registries: {
'@foo': 'https://example.com/foo',
},
} as NetworkConfigs)
expect(getNetworkConfigs({
'//example.com/foo:ca': 'some-ca',
})).toStrictEqual({
registries: {},
configByUri: {
'//example.com/foo': {
tls: { ca: 'some-ca' },
},
},
} as NetworkConfigs)
expect(getNetworkConfigs({
'//example.com/foo:cert': 'some-cert',
})).toStrictEqual({
registries: {},
configByUri: {
'//example.com/foo': {
tls: { cert: 'some-cert' },
},
},
} as NetworkConfigs)
expect(getNetworkConfigs({
'@foo:registry': 'https://example.com/foo',
'//example.com/foo:ca': 'some-ca',
'//example.com/foo:cert': 'some-cert',
})).toStrictEqual({
registries: {
'@foo': 'https://example.com/foo',
},
configByUri: {
'//example.com/foo': {
tls: { ca: 'some-ca', cert: 'some-cert' },
},
},
} as NetworkConfigs)
})
test('with files', () => {
prepareEmpty()
fs.writeFileSync('cafile', 'some-ca')
fs.writeFileSync('certfile', 'some-cert')
expect(getNetworkConfigs({
'@foo:registry': 'https://example.com/foo',
'//example.com/foo:cafile': 'cafile',
'//example.com/foo:certfile': 'certfile',
})).toStrictEqual({
registries: {
'@foo': 'https://example.com/foo',
},
configByUri: {
'//example.com/foo': {
tls: { ca: 'some-ca', cert: 'some-cert' },
},
},
} as NetworkConfigs)
})
test('auth and tls combined', () => {
expect(getNetworkConfigs({
'@foo:registry': 'https://example.com/foo',
'//example.com/foo:_authToken': 'example auth token',
})).toStrictEqual({
registries: {
'@foo': 'https://example.com/foo',
},
configByUri: {
'//example.com/foo': {
'@': { authToken: 'example auth token' },
},
},
} as NetworkConfigs)
expect(getNetworkConfigs({
'@foo:registry': 'https://example.com/foo',
'//example.com/foo:_auth': btoa('foo:bar'),
})).toStrictEqual({
registries: {
'@foo': 'https://example.com/foo',
},
configByUri: {
'//example.com/foo': {
'@': {
basicAuth: {
username: 'foo',
password: 'bar',
},
},
},
},
} as NetworkConfigs)
expect(getNetworkConfigs({
'@foo:registry': 'https://example.com/foo',
'//example.com/foo:username': 'foo',
'//example.com/foo:_password': btoa('bar'),
})).toStrictEqual({
registries: {
'@foo': 'https://example.com/foo',
},
configByUri: {
'//example.com/foo': {
'@': {
basicAuth: {
username: 'foo',
password: 'bar',
},
},
},
},
} as NetworkConfigs)
expect(getNetworkConfigs({
'@foo:registry': 'https://example.com/foo',
'//example.com/foo:tokenHelper': 'node ./my-token-helper.cjs',
})).toStrictEqual({
registries: {
'@foo': 'https://example.com/foo',
},
configByUri: {
'//example.com/foo': {
'@': { tokenHelper: ['node', './my-token-helper.cjs'] },
},
},
} as NetworkConfigs)
expect(getNetworkConfigs({
'//example.com/foo:_authToken': 'token',
'//example.com/foo:cert': 'some-cert',
'//example.com/foo:key': 'some-key',
})).toStrictEqual({
registries: {},
configByUri: {
'//example.com/foo': {
'@': { authToken: 'token' },
tls: { cert: 'some-cert', key: 'some-key' },
},
},
} as NetworkConfigs)
})
test('package-scope auth is grouped under the registry URI', () => {
expect(getNetworkConfigs({
'//npm.pkg.github.com/:_authToken': 'registry-token',
'//npm.pkg.github.com/:@orgA:_authToken': 'org-a-token',
'//npm.pkg.github.com/:@orgB:_authToken': 'org-b-token',
'//reg.com/npm/:@orgA:_authToken': 'org-a-path-token',
'//localhost:4873/:@orgC:_authToken': 'org-c-port-token',
})).toStrictEqual({
registries: {},
configByUri: {
'//npm.pkg.github.com/': {
'@': { authToken: 'registry-token' },
'@orgA': { authToken: 'org-a-token' },
'@orgB': { authToken: 'org-b-token' },
},
'//reg.com/npm/': {
'@orgA': { authToken: 'org-a-path-token' },
},
'//localhost:4873/': {
'@orgC': { authToken: 'org-c-port-token' },
},
},
} as NetworkConfigs)
})
test('slash package-scope auth is grouped under the registry URI', () => {
expect(getNetworkConfigs({
'//npm.pkg.github.com/@orgA:_authToken': 'org-a-token',
'//npm.pkg.github.com/@orgB/:_authToken': 'org-b-token',
'//reg.com/npm/@orgA:_authToken': 'org-a-path-token',
})).toStrictEqual({
registries: {},
configByUri: {
'//npm.pkg.github.com/': {
'@orgA': { authToken: 'org-a-token' },
'@orgB': { authToken: 'org-b-token' },
},
'//reg.com/npm/': {
'@orgA': { authToken: 'org-a-path-token' },
},
},
} as NetworkConfigs)
})
test('unsupported key', () => {
expect(getNetworkConfigs({
'@foo:registry': 'https://example.com/foo',
'//example.com/foo:someUnsupportedKey': 'hello world',
})).toStrictEqual({
registries: {
'@foo': 'https://example.com/foo',
},
} as NetworkConfigs)
})
Reference in New Issue View Git Blame Copy Permalink