fix calling npm.org when there's no npmrc with replaces-base#5928
Merged
jakecoffman merged 2 commits intomainfrom Oct 21, 2022
Merged
fix calling npm.org when there's no npmrc with replaces-base#5928jakecoffman merged 2 commits intomainfrom
jakecoffman merged 2 commits intomainfrom
Conversation
mctofu
approved these changes
Oct 19, 2022
Contributor
mctofu
left a comment
mctofu
left a comment
There was a problem hiding this comment.
Makes sense to have another option to specify the registry if .npmrc isn't used!
| }] | ||
| end | ||
|
|
||
| it { is_expected.to eq("http://example.com") } |
Contributor
There was a problem hiding this comment.
It makes sense to preserve the protocol but it currently will have limited use. On dotcom/ghes:
- the protocol is stripped on the backend
- the proxy won't attach credentials to http requests
Member
Author
There was a problem hiding this comment.
Ah, that's too bad. It will be there if we need it.
Merged
This was referenced Feb 4, 2023
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Context
Currently, when there is no
.npmrcfile, but a registry has been specified in the credentials, Dependabot generates an.npmrcfile with a global registry, assuming all of the resolved URLs match, and the update goes well.However, once it gets to the library check it calls out to the default registry.
Replaces-base
The code for checking the lockfile seems to be npm specific, and its private in another class. So it will take a bit of a refactor to get that common code out.
I thought this was a good first step to give the user a way to set a global registry with the
replaces-baseflag.We should probably circle back and make that npmrc generator code apply to the library check as well. Also use
replaces-basein the npmrc generator when present.This PR also fixes a few places where we assume the registry doesn't have a protocol. I think it's important to honor the protocol as customers may have private internal registries serving on http since they aren't exposed to the internet.
Let me know if you disagree with introducing replaces-base like this!