Skip to content
This repository has been archived by the owner on Aug 11, 2022. It is now read-only.

Commit

Permalink
lifecycle: keep private values out of child procs
Browse files Browse the repository at this point in the history 
npm@1.x didn't include configuration values prefixed with an underscore
in the environment passed to chiled processes. npm@2.x includes the
notion of scoped configuration, where a nerfed URL can be used to prefix
configuration, some of which might be underscore-prefixed without the
scope. Add that behavior to npm@2 and close this regression.

PR-URL: #9348
  • Loading branch information
@othiym23 @iarna
othiym23 authored and iarna committed Aug 21, 2015
1 parent 67c1329 commit a1d49fc
Show file tree
Hide file tree
Showing 3 changed files with 56 additions and 2 deletions.
4 changes: 3 additions & 1 deletion lib/utils/lifecycle.js
View file
Expand Up @@ -324,7 +324,9 @@ function makeEnv (data, prefix, env) {
var verPref = data.name + '@' + data.version + ':'

keys.forEach(function (i) {
if (i.charAt(0) === '_' && i.indexOf('_' + namePref) !== 0) {
// in some rare cases (e.g. working with nerf darts), there are segmented
// "private" (underscore-prefixed) config names -- don't export
if (i.charAt(0) === '_' && i.indexOf('_' + namePref) !== 0 || i.match(/:_/)) {
return
}
var value = npm.config.get(i)
Expand Down
52 changes: 52 additions & 0 deletions test/tap/run-script-filter-private.js
View file
@@ -0,0 +1,52 @@
var fs = require('graceful-fs')
var path = require('path')

var mkdirp = require('mkdirp')
var rimraf = require('rimraf')
var test = require('tap').test

var common = require('../common-tap')

var pkg = path.resolve(__dirname, 'run-script-filter-private')

var opts = { cwd: pkg }

var json = {
name: 'run-script-filter-private',
version: '1.2.3'
}

var npmrc = '//blah.com:_harsh=realms\n'

test('setup', function (t) {
cleanup()
mkdirp.sync(pkg)
fs.writeFileSync(
path.resolve(pkg, 'package.json'),
JSON.stringify(json, null, 2) + '\n'
)
fs.writeFileSync(
path.resolve(pkg, '.npmrc'),
npmrc
)
t.end()
})

test('npm run-script env', function (t) {
common.npm(['run-script', 'env'], opts, function (er, code, stdout, stderr) {
t.ifError(er, 'using default env script')
t.notOk(stderr, 'should not generate errors')
t.ok(stdout.indexOf('npm_config_init_version') > 0, 'expected values in var list')
t.notMatch(stdout, /harsh/, 'unexpected config not there')
t.end()
})
})

test('cleanup', function (t) {
cleanup()
t.end()
})

function cleanup () {
rimraf.sync(pkg)
}
2 changes: 1 addition & 1 deletion test/tap/run-script.js
View file
@@ -1,4 +1,4 @@
var fs = require('fs')
var fs = require('graceful-fs')
var path = require('path')

var mkdirp = require('mkdirp')
Expand Down

0 comments on commit a1d49fc

Please sign in to comment.