Skip to content

Commit 33a7ddc

Browse files
wraithgarwraithgar
committed
feat: refuse to set deprecated/invalid config
BREAKING CHANGE: `npm config set` will no longer accept deprecated or invalid config options.
1 parent 6a27a7b commit 33a7ddc

File tree

2 files changed

+85
-66
lines changed

2 files changed

+85
-66
lines changed

lib/commands/config.js

Lines changed: 14 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -10,6 +10,9 @@ const localeCompare = require('@isaacs/string-locale-compare')('en')
1010
const rpj = require('read-package-json-fast')
1111
const log = require('../utils/log-shim.js')
1212

13+
const deNerf = key => {
14+
return key.split(':').pop()
15+
}
1316
// take an array of `[key, value, k2=v2, k3, v3, ...]` and turn into
1417
// { key: value, k2: v2, k3: v3 }
1518
const keyValues = args => {
@@ -146,6 +149,16 @@ class Config extends BaseCommand {
146149
const where = this.npm.flatOptions.location
147150
for (const [key, val] of Object.entries(keyValues(args))) {
148151
log.info('config', 'set %j %j', key, val)
152+
const baseKey = deNerf(key)
153+
if (!this.npm.config.definitions[baseKey]) {
154+
throw new Error(`\`${baseKey}\` is not a valid npm option`)
155+
}
156+
const deprecated = this.npm.config.definitions[baseKey].deprecated
157+
if (deprecated) {
158+
throw new Error(
159+
`The \`${baseKey}\` option is deprecated, and can not be set in this way${deprecated}`
160+
)
161+
}
149162
this.npm.config.set(key, val || '', where)
150163
if (!this.npm.config.validate(where)) {
151164
log.warn('config', 'omitting invalid config values')
@@ -163,7 +176,7 @@ class Config extends BaseCommand {
163176
const out = []
164177
for (const key of keys) {
165178
if (!publicVar(key)) {
166-
throw new Error(`The ${key} option is protected, and cannot be retrieved in this way`)
179+
throw new Error(`The ${key} option is protected, and can not be retrieved in this way`)
167180
}
168181

169182
const pref = keys.length > 1 ? `${key}=` : ''

test/lib/commands/config.js

Lines changed: 71 additions & 65 deletions
Original file line numberDiff line numberDiff line change
@@ -1,13 +1,11 @@
11
const { join } = require('path')
2-
const { promisify } = require('util')
3-
const fs = require('fs')
2+
const fs = require('fs/promises')
3+
const ini = require('ini')
44
const tspawk = require('../../fixtures/tspawk')
55
const t = require('tap')
66

77
const spawk = tspawk(t)
88

9-
const readFile = promisify(fs.readFile)
10-
119
const Sandbox = require('../../fixtures/sandbox.js')
1210

1311
t.test('config no args', async t => {
@@ -142,60 +140,64 @@ t.test('config delete no args', async t => {
142140
t.test('config delete single key', async t => {
143141
// location defaults to user, so we work with a userconfig
144142
const home = t.testdir({
145-
'.npmrc': 'foo=bar\nbar=baz',
143+
'.npmrc': 'access=public\nall=true',
146144
})
147145

148146
const sandbox = new Sandbox(t)
149-
await sandbox.run('config', ['delete', 'foo'], { home })
147+
await sandbox.run('config', ['delete', 'access'], { home })
150148

151-
t.equal(sandbox.config.get('foo'), undefined, 'foo should no longer be set')
149+
t.equal(sandbox.config.get('access'), null, 'acces should be defaulted')
152150

153-
const contents = await readFile(join(home, '.npmrc'), { encoding: 'utf8' })
154-
t.not(contents.includes('foo='), 'foo was removed on disk')
151+
const contents = await fs.readFile(join(home, '.npmrc'), { encoding: 'utf8' })
152+
const rc = ini.parse(contents)
153+
t.not(rc.access, 'access is not set')
155154
})
156155

157156
t.test('config delete multiple keys', async t => {
158157
const home = t.testdir({
159-
'.npmrc': 'foo=bar\nbar=baz\nbaz=buz',
158+
'.npmrc': 'access=public\nall=true\naudit=false',
160159
})
161160

162161
const sandbox = new Sandbox(t)
163-
await sandbox.run('config', ['delete', 'foo', 'bar'], { home })
162+
await sandbox.run('config', ['delete', 'access', 'all'], { home })
164163

165-
t.equal(sandbox.config.get('foo'), undefined, 'foo should no longer be set')
166-
t.equal(sandbox.config.get('bar'), undefined, 'bar should no longer be set')
164+
t.equal(sandbox.config.get('access'), null, 'access should be defaulted')
165+
t.equal(sandbox.config.get('all'), false, 'all should be defaulted')
167166

168-
const contents = await readFile(join(home, '.npmrc'), { encoding: 'utf8' })
169-
t.not(contents.includes('foo='), 'foo was removed on disk')
170-
t.not(contents.includes('bar='), 'bar was removed on disk')
167+
const contents = await fs.readFile(join(home, '.npmrc'), { encoding: 'utf8' })
168+
const rc = ini.parse(contents)
169+
t.not(rc.access, 'access is not set')
170+
t.not(rc.all, 'all is not set')
171171
})
172172

173173
t.test('config delete key --location=global', async t => {
174174
const global = t.testdir({
175-
npmrc: 'foo=bar\nbar=baz',
175+
npmrc: 'access=public\nall=true',
176176
})
177177

178178
const sandbox = new Sandbox(t)
179-
await sandbox.run('config', ['delete', 'foo', '--location=global'], { global })
179+
await sandbox.run('config', ['delete', 'access', '--location=global'], { global })
180180

181-
t.equal(sandbox.config.get('foo', 'global'), undefined, 'foo should no longer be set')
181+
t.equal(sandbox.config.get('access', 'global'), undefined, 'access should be defaulted')
182182

183-
const contents = await readFile(join(global, 'npmrc'), { encoding: 'utf8' })
184-
t.not(contents.includes('foo='), 'foo was removed on disk')
183+
const contents = await fs.readFile(join(global, 'npmrc'), { encoding: 'utf8' })
184+
const rc = ini.parse(contents)
185+
t.not(rc.access, 'access is not set')
185186
})
186187

187188
t.test('config delete key --global', async t => {
188189
const global = t.testdir({
189-
npmrc: 'foo=bar\nbar=baz',
190+
npmrc: 'access=public\nall=true',
190191
})
191192

192193
const sandbox = new Sandbox(t)
193-
await sandbox.run('config', ['delete', 'foo', '--global'], { global })
194+
await sandbox.run('config', ['delete', 'access', '--global'], { global })
194195

195-
t.equal(sandbox.config.get('foo', 'global'), undefined, 'foo should no longer be set')
196+
t.equal(sandbox.config.get('access', 'global'), undefined, 'access should no longer be set')
196197

197-
const contents = await readFile(join(global, 'npmrc'), { encoding: 'utf8' })
198-
t.not(contents.includes('foo='), 'foo was removed on disk')
198+
const contents = await fs.readFile(join(global, 'npmrc'), { encoding: 'utf8' })
199+
const rc = ini.parse(contents)
200+
t.not(rc.access, 'access is not set')
199201
})
200202

201203
t.test('config set no args', async t => {
@@ -212,65 +214,67 @@ t.test('config set no args', async t => {
212214

213215
t.test('config set key', async t => {
214216
const home = t.testdir({
215-
'.npmrc': 'foo=bar',
217+
'.npmrc': 'access=public',
216218
})
217219

218220
const sandbox = new Sandbox(t, { home })
219221

220-
await sandbox.run('config', ['set', 'foo'])
222+
await sandbox.run('config', ['set', 'access'])
221223

222-
t.equal(sandbox.config.get('foo'), '', 'set the value for foo')
224+
t.equal(sandbox.config.get('access'), null, 'set the value for access')
223225

224-
const contents = await readFile(join(home, '.npmrc'), { encoding: 'utf8' })
225-
t.ok(contents.includes('foo='), 'wrote foo to disk')
226+
await t.rejects(fs.stat(join(home, '.npmrc'), { encoding: 'utf8' }), 'removed empty config')
226227
})
227228

228229
t.test('config set key value', async t => {
229230
const home = t.testdir({
230-
'.npmrc': 'foo=bar',
231+
'.npmrc': 'access=public',
231232
})
232233

233234
const sandbox = new Sandbox(t, { home })
234235

235-
await sandbox.run('config', ['set', 'foo', 'baz'])
236+
await sandbox.run('config', ['set', 'access', 'restricted'])
236237

237-
t.equal(sandbox.config.get('foo'), 'baz', 'set the value for foo')
238+
t.equal(sandbox.config.get('access'), 'restricted', 'set the value for access')
238239

239-
const contents = await readFile(join(home, '.npmrc'), { encoding: 'utf8' })
240-
t.ok(contents.includes('foo=baz'), 'wrote foo to disk')
240+
const contents = await fs.readFile(join(home, '.npmrc'), { encoding: 'utf8' })
241+
const rc = ini.parse(contents)
242+
t.equal(rc.access, 'restricted', 'access is set to restricted')
241243
})
242244

243245
t.test('config set key=value', async t => {
244246
const home = t.testdir({
245-
'.npmrc': 'foo=bar',
247+
'.npmrc': 'access=public',
246248
})
247249

248250
const sandbox = new Sandbox(t, { home })
249251

250-
await sandbox.run('config', ['set', 'foo=baz'])
252+
await sandbox.run('config', ['set', 'access=restricted'])
251253

252-
t.equal(sandbox.config.get('foo'), 'baz', 'set the value for foo')
254+
t.equal(sandbox.config.get('access'), 'restricted', 'set the value for access')
253255

254-
const contents = await readFile(join(home, '.npmrc'), { encoding: 'utf8' })
255-
t.ok(contents.includes('foo=baz'), 'wrote foo to disk')
256+
const contents = await fs.readFile(join(home, '.npmrc'), { encoding: 'utf8' })
257+
const rc = ini.parse(contents)
258+
t.equal(rc.access, 'restricted', 'access is set to restricted')
256259
})
257260

258261
t.test('config set key1 value1 key2=value2 key3', async t => {
259262
const home = t.testdir({
260-
'.npmrc': 'foo=bar\nbar=baz\nbaz=foo',
263+
'.npmrc': 'access=public\nall=true\naudit=true',
261264
})
262265

263266
const sandbox = new Sandbox(t, { home })
264-
await sandbox.run('config', ['set', 'foo', 'oof', 'bar=rab', 'baz'])
267+
await sandbox.run('config', ['set', 'access', 'restricted', 'all=false', 'audit'])
265268

266-
t.equal(sandbox.config.get('foo'), 'oof', 'foo was set')
267-
t.equal(sandbox.config.get('bar'), 'rab', 'bar was set')
268-
t.equal(sandbox.config.get('baz'), '', 'baz was set')
269+
t.equal(sandbox.config.get('access'), 'restricted', 'access was set')
270+
t.equal(sandbox.config.get('all'), false, 'all was set')
271+
t.equal(sandbox.config.get('audit'), false, 'audit was set')
269272

270-
const contents = await readFile(join(home, '.npmrc'), { encoding: 'utf8' })
271-
t.ok(contents.includes('foo=oof'), 'foo was written to disk')
272-
t.ok(contents.includes('bar=rab'), 'bar was written to disk')
273-
t.ok(contents.includes('baz='), 'baz was written to disk')
273+
const contents = await fs.readFile(join(home, '.npmrc'), { encoding: 'utf8' })
274+
const rc = ini.parse(contents)
275+
t.equal(rc.access, 'restricted', 'access is set to restricted')
276+
t.equal(rc.all, false, 'all is set to false')
277+
t.equal(rc.audit, false, 'audit is set to false')
274278
})
275279

276280
t.test('config set invalid key logs warning', async t => {
@@ -287,30 +291,32 @@ t.test('config set invalid key logs warning', async t => {
287291

288292
t.test('config set key=value --location=global', async t => {
289293
const global = t.testdir({
290-
npmrc: 'foo=bar\nbar=baz',
294+
npmrc: 'access=public\nall=true',
291295
})
292296

293297
const sandbox = new Sandbox(t, { global })
294-
await sandbox.run('config', ['set', 'foo=buzz', '--location=global'])
298+
await sandbox.run('config', ['set', 'access=restricted', '--location=global'])
295299

296-
t.equal(sandbox.config.get('foo', 'global'), 'buzz', 'foo should be set')
300+
t.equal(sandbox.config.get('access', 'global'), 'restricted', 'foo should be set')
297301

298-
const contents = await readFile(join(global, 'npmrc'), { encoding: 'utf8' })
299-
t.not(contents.includes('foo=buzz'), 'foo was saved on disk')
302+
const contents = await fs.readFile(join(global, 'npmrc'), { encoding: 'utf8' })
303+
const rc = ini.parse(contents)
304+
t.equal(rc.access, 'restricted', 'access is set to restricted')
300305
})
301306

302307
t.test('config set key=value --global', async t => {
303308
const global = t.testdir({
304-
npmrc: 'foo=bar\nbar=baz',
309+
npmrc: 'access=public\nall=true',
305310
})
306311

307312
const sandbox = new Sandbox(t, { global })
308-
await sandbox.run('config', ['set', 'foo=buzz', '--global'])
313+
await sandbox.run('config', ['set', 'access=restricted', '--global'])
309314

310-
t.equal(sandbox.config.get('foo', 'global'), 'buzz', 'foo should be set')
315+
t.equal(sandbox.config.get('access', 'global'), 'restricted', 'access should be set')
311316

312-
const contents = await readFile(join(global, 'npmrc'), { encoding: 'utf8' })
313-
t.not(contents.includes('foo=buzz'), 'foo was saved on disk')
317+
const contents = await fs.readFile(join(global, 'npmrc'), { encoding: 'utf8' })
318+
const rc = ini.parse(contents)
319+
t.equal(rc.access, 'restricted', 'access is set to restricted')
314320
})
315321

316322
t.test('config get no args', async t => {
@@ -383,7 +389,7 @@ t.test('config edit', async t => {
383389
'editor opened the user config file'
384390
)
385391

386-
const contents = await readFile(join(home, '.npmrc'), { encoding: 'utf8' })
392+
const contents = await fs.readFile(join(home, '.npmrc'), { encoding: 'utf8' })
387393
t.ok(contents.includes('foo=bar'), 'kept foo')
388394
t.ok(contents.includes('bar=baz'), 'kept bar')
389395
t.ok(contents.includes('shown below with default values'), 'appends defaults to file')
@@ -448,7 +454,7 @@ t.test('config fix', (t) => {
448454
t.not(sandbox.config.get('_authToken', 'global'), '_authToken is not set globally')
449455
t.equal(sandbox.config.get(`${registry}:_authToken`, 'global'), 'afaketoken',
450456
'global _authToken was scoped')
451-
const globalConfig = await readFile(join(root, 'global', 'npmrc'), { encoding: 'utf8' })
457+
const globalConfig = await fs.readFile(join(root, 'global', 'npmrc'), { encoding: 'utf8' })
452458
t.equal(globalConfig, `${registry}:_authToken=afaketoken\n`, 'global config was written')
453459

454460
// user config fixes
@@ -459,7 +465,7 @@ t.test('config fix', (t) => {
459465
t.not(sandbox.config.get('_authtoken', 'user'), '_authtoken is not set in user config')
460466
t.not(sandbox.config.get('_auth'), '_auth is not set in user config')
461467
t.equal(sandbox.config.get(`${registry}:_auth`, 'user'), 'beef', 'user _auth was scoped')
462-
const userConfig = await readFile(join(root, 'home', '.npmrc'), { encoding: 'utf8' })
468+
const userConfig = await fs.readFile(join(root, 'home', '.npmrc'), { encoding: 'utf8' })
463469
t.equal(userConfig, `${registry}:_auth=beef\n`, 'user config was written')
464470
})
465471

@@ -488,7 +494,7 @@ t.test('config fix', (t) => {
488494
t.equal(sandbox.config.get('_authtoken', 'global'), 'notatoken', 'global _authtoken untouched')
489495
t.equal(sandbox.config.get('_authToken', 'global'), 'afaketoken', 'global _authToken untouched')
490496
t.not(sandbox.config.get(`${registry}:_authToken`, 'global'), 'global _authToken not scoped')
491-
const globalConfig = await readFile(join(root, 'global', 'npmrc'), { encoding: 'utf8' })
497+
const globalConfig = await fs.readFile(join(root, 'global', 'npmrc'), { encoding: 'utf8' })
492498
t.equal(globalConfig, '_authtoken=notatoken\n_authToken=afaketoken',
493499
'global config was not written')
494500

@@ -500,7 +506,7 @@ t.test('config fix', (t) => {
500506
t.not(sandbox.config.get('_authtoken', 'user'), '_authtoken is not set in user config')
501507
t.not(sandbox.config.get('_auth', 'user'), '_auth is not set in user config')
502508
t.equal(sandbox.config.get(`${registry}:_auth`, 'user'), 'beef', 'user _auth was scoped')
503-
const userConfig = await readFile(join(root, 'home', '.npmrc'), { encoding: 'utf8' })
509+
const userConfig = await fs.readFile(join(root, 'home', '.npmrc'), { encoding: 'utf8' })
504510
t.equal(userConfig, `${registry}:_auth=beef\n`, 'user config was written')
505511
})
506512

0 commit comments

Comments
 (0)