Skip to content
Browse files
config: Search for authentication token defined by environment variab…
…le (#8)

As discussed on[1], the fact that
npm registry authentication tokens
cannot be defined using environment variables
does not seem justified anymore.

The restriction is caused by the config loader translating
* all `_` to `-`
* the whole variable name to lowercase
while the credential checker expects a key ending in `:_authToken`.

This change fixes the problem
by having the credential checker try
a key ending in `:-authtoken` after it tried `:_authToken`.

Fixes: npm/npm#15565
PR-URL: #8
Credit: @mkhl
Reviewed-By: @zkat
  • Loading branch information
mkhl authored and zkat committed Aug 3, 2018
1 parent c3ab25f commit 6e9f04b0baed007169d4e0c341f097cf133debf7
Showing with 6 additions and 0 deletions.
  1. +6 −0 lib/config/get-credentials-by-uri.js
@@ -34,6 +34,12 @@ function getCredentialsByURI (uri) {
return c

if (this.get(nerfed + ':-authtoken')) {
c.token = this.get(nerfed + ':-authtoken')
// the bearer token is enough, don't confuse things
return c

// Handle the old-style _auth=<base64> style for the default
// registry, if set.
var authDef = this.get('_auth')

0 comments on commit 6e9f04b

Please sign in to comment.