-
Notifications
You must be signed in to change notification settings - Fork 864
Also override global npm config to fix persistent E401 #7375
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|
@@ -168,15 +168,20 @@ steps: | |||||||||||
| displayName: Pack docs transport package | ||||||||||||
|
|
||||||||||||
| - pwsh: | | ||||||||||||
| Write-Host "--- npm config diagnostics ---" | ||||||||||||
| npm config list | ||||||||||||
| Write-Host "--- end diagnostics ---" | ||||||||||||
| $(Build.SourcesDirectory)/src/Libraries/Microsoft.Extensions.AI.Evaluation.Reporting/TypeScript/azure-devops-report/build.ps1 -OutputPath $(Build.Arcade.VSIXOutputPath) | ||||||||||||
| displayName: Build Azure DevOps plugin | ||||||||||||
| env: | ||||||||||||
| # Some CI agents have stale npm auth tokens in the user-level .npmrc | ||||||||||||
| # (e.g. C:\Users\cloudtest\.npmrc). npm sends these stale credentials | ||||||||||||
| # to the public dotnet-public-npm feed, causing E401 errors. Override | ||||||||||||
| # the user config path to a non-existent file so npm ignores stale | ||||||||||||
| # credentials and uses anonymous access for the public feed. | ||||||||||||
| # Some CI agents have stale npm auth tokens in user or global .npmrc | ||||||||||||
| # files (e.g. C:\Users\cloudtest\.npmrc). npm sends these stale | ||||||||||||
| # credentials to the public dotnet-public-npm feed, causing E401. | ||||||||||||
| # Override both user and global config paths to non-existent files | ||||||||||||
| # so npm only reads the project-level .npmrc (which has the registry | ||||||||||||
| # URL but no auth tokens). | ||||||||||||
|
Comment on lines
+181
to
+182
|
||||||||||||
| # so npm only reads the project-level .npmrc (which has the registry | |
| # URL but no auth tokens). | |
| # so npm ignores user/global .npmrc files and instead uses any | |
| # project-level .npmrc present (with the registry URL but no auth | |
| # tokens), or npm's built-in defaults if none exist. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
npm config listcan print a large portion of npm’s effective configuration, which may include registry credentials from agent/user/global configs. Since this runs in CI logs, consider limiting diagnostics to only the specific config paths and a small set of non-sensitive keys (e.g., which config files are being used and what registry is selected), or otherwise ensuring any auth values are redacted before output.