fix: write npmrc for npm pub#17
Conversation
There was a problem hiding this comment.
Pull request overview
Updates npm publish credential handling by correcting the .npmrc auth line format when using npm-registry values with trailing slashes.
Changes:
- Strip a trailing
/fromINPUT_NPM_REGISTRYwhen deriving the registry host. - Write the auth token entry using the expected
//host/:_authToken=...format.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| local registry="${INPUT_NPM_REGISTRY:-https://registry.npmjs.org}" | ||
| local registry_host | ||
| registry_host=$(echo "$registry" | sed 's|https:||') | ||
| registry_host=$(echo "$registry" | sed 's|https:||' | sed 's|/$||') |
There was a problem hiding this comment.
registry_host normalization only strips the https: scheme. If a user supplies an http:// registry URL (or another scheme), the generated auth line in .npmrc will be malformed. Consider stripping both http: and https: (e.g., by matching ^https?://), or using a more robust URL normalization approach so npm-registry accepts any valid http(s) URL.
| registry_host=$(echo "$registry" | sed 's|https:||' | sed 's|/$||') | |
| registry_host=$(echo "$registry" | sed -E 's|^https?://|//|' | sed 's|/$||') |
| echo "${registry_host}/:_authToken=${INPUT_NPM_TOKEN}" > .npmrc | ||
| echo "registry=${registry}" >> .npmrc | ||
|
|
||
| npm publish |
There was a problem hiding this comment.
This writes the auth token to a .npmrc in the workspace. With set -e, if npm publish fails the script will exit before cleanup, potentially leaving the token on disk for later steps/artifacts. Consider writing to a temp userconfig (e.g., via NPM_CONFIG_USERCONFIG) and/or installing a trap to remove the file on EXIT/ERR so the token is always cleaned up.
No description provided.