Fix registry auth comparison for explicit port numbers #2598
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
I use a private NPM registry hosted via Artifactory. When using Yarn, I'm unable to install my modules when it gets to the "Fetching packages" phase, but it gets through the resolving packages phase using the private registry just fine. I traced it back to the
npm-registry.js
doing a comparison to see if the request stringrequestUrl.startsWith(registry)
this comparison fails on my server because the request url looks likehttps://my.server:443/path/to/registry/-/something/somefile.tgz
and the registry url looks like:
https://my.server/path/to/registry/
These are clearly requests to the same url repo, but a string.startsWith doesn't understand that. As a result, the requests are made without auth info and fail with a Not authorized error. Similar errors would occur with the string.startsWith on differing capitalization.
Test plan
I added tests for the function that does the registry comparisons in the
__tests__/registries
folder. The tests cover both positive and negative cases for the new comparison function.Run before change:
With
.npmrc
content in the folder:Run in the same folder with this PR: