[BUG] config will no longer save registry-specific always-auth field

Question

[BUG] config will no longer save registry-specific always-auth field

mmarston opened this issue 3 years ago · 2 comments

What / Why

As of #16, specifically commit 0ac3605c (remove registry-specific always-auth field) the npm config set command will no longer set a registry-specific always-auth field.

While the the npm CLI as of version 7 no longer makes use of the always-auth field then .npmrc file may be used by older versions of npm as well as other clients such as yarn. Since npm no longer uses always-auth there is no reason for the npm config set command to treat this field any different than any other field that npm does not use.

In particular this behavior breaks AWS CodeArtifact users that use yarn. The aws codeartifact login runs npm config set commands like the ones in the steps to reproduce below (plus another npm config set to set a registry-specific _authToken).

Steps to Reproduce

I've observed this behavior with npm CLI version 7.13.0 (other npm 7 versions may also be affected).

I've cleared my .npmrc.

rm ~/.npmrc

If I set the registry field:

npm config set registry https://example.com/npm/repo/

And then try to set always-auth for that registry:

npm config set //example.com/npm/repo/:always-auth true

Then npm ignores the attempt to set always-auth.

$ cat ~/.npmrc
registry=https://example.com/npm/repo/

If I set a different attribute, such as a miss-spelled always-oath it succeeds:

$ npm config set //example.com/npm/repo/:always-oath true
$ cat ~/.npmrc
registry=https://example.com/npm/repo/
//example.com/npm/repo/:always-oath=true

Also, if I set registry to a second registry then I can successfully set always-auth for the first registry:

$ npm config set registry https://example.com/npm/repo2/
$ npm config set //example.com/npm/repo/:always-auth true
$ cat ~/.npmrc
registry=https://example.com/npm/repo2/
//example.com/npm/repo/:always-oath=true
//example.com/npm/repo/:always-auth=true

Expected Behavior

I would expect npm config set //example.com/npm/repo/:always-auth true to set the field just as it would if I set an arbitrary field such as npm config set //example.com/npm/repo/:always-oath true.

I expect to use the npm config command to be able configure the .npmrc file even if I later using a different version of npm or a different client that reads my config from the .npmrc.

If the npm team agrees then I believe this can be fixed by removing lines 636 to 639 of lib/index.js

If not and there is a strong reason why this command should not succeed as I've requested then the command should fail with a non-zero exit code and should output a message informing the user why they can no longer set this field.

References

Caused by #16
Also related to npm/cli#3139

Answer 1 · 2021-05-20T16:32:54.000Z

@isaacs since you made the code changes in #16, what do you think about this issue?

Answer 2 · 2022-11-02T18:03:50.000Z

this config has been removed altogether. npm requires that all auth be targeted to a specific registry