adduser --always-auth not working

[jeffrson]

The adduser command has a parameter --always-auth which is supposed to

save configuration indicating that all requests to the given registry should include authorization information

"given registry" refers to the --registry parameter.

So how should this be done? IMO, it should store an additional key inside user's .npmrc, which adds "always-auth" to the registry alongside the access token.

However, it seems nothing is done at all - only the access token appears in .npmrc.

(npm 6.13.6)

[jcestibariz]

I still can reproduce it with npm 6.14.10. As a workaround I added it manually with npm config but it's annoying.

npm config set //<registry-url>:always-auth true

[ljharb]

What about with npm 7?

[jcestibariz]

@ljharb tested with 7.4.3, same problem

[darcyclarke]

npm v6 is no longer in active development; We will continue to push security releases to v6 at our team's discretion as-per our Support Policy.

If your bug is preproducible on v7, please re-file this issue using our new issue template.

If your issue was a feature request, please consider opening a new RRFC or RFC. If your issue was a question or other idea that was not CLI-specific, consider opening a discussion on our feedback repo

Closing: This is an automated message.

[ljharb]

This is still an issue with npm 7.4.3.

@jeffrson can you confirm if it's still an issue in npm 7 latest?

[wraithgar]

The --always-auth param was removed recently because of a change in how npm was approaching auth. That flag was a workaround for a bug that has since been fixed, namely that npm was incorrectly determining what auth keys went with what requests. --always-auth was a security concern because it would send whatever auth you had configured to every request you sent.

npm behavior now is to send the auth it has for a given registry on each request.