Comments (2)
#538 (comment) captures most of the reasoning behind the decision. nexus continuing to support only legacy auth is new information and their current documentation appears to confirm, but is likely not enough to cause us to reverse our decision.
personally, using a registry that continues to require the use of a password would make me question its approach to authorization since it prevents the ability to reduce the level of access granted when leaked. i understand that recommending a registry switch is not a small task, but i would at least consider this a variable to consider when weighing continued use into the future. short of that, the best i can suggest is to continue use of the previous major version of the npm plugin, which has been stable for some time. however, we have no plans to continue maintenance of that version.
from npm.
I respect your decision but it is not always possible to switch out the registry within a company because it is used for other repositories besides npm and used by multiple departments.
I just want to simply add a workaround I implemented for our GitLab CI that doesn't require any changes in the plugin:
Based on the documentation we generate the base64 encoded string and store it in a Variable (Repository Settings > CI/CD)
In the pipeline configuration we update the npm config before executing semantic-release:
publish:
script:
- npm config set //nexus.url/repository/npm-private/:_auth=$NPM_TOKEN
# not sure if this is needed, but to be safe we remove the token so the plugin doesn't pick it up
- unset NPM_TOKEN
- npx semantic-release
The way I understand it, the plugin will pick up the existing //nexus.url/repository/npm-private/:_auth
config and skip appending the token itself.
I hope this helpful for some poor soul. :)
from npm.
Related Issues (20)
- npm whoami failing HOT 3
- `package.json` version not updated, despite correct plugin ordering HOT 1
- Set --no-workspaces with npm version HOT 2
- Command failed with exit code 1: npm version 0.22.2 --userconfig HOT 2
- error on publishing HOT 1
- Publishing failed since update from [email protected] to [email protected] with files mentioned in .gitignore HOT 6
- Update a package.json in a sub folder
- CVE-2023-42282 HOT 1
- Support for custom package.json properties to write changelist entries
- NPM Audit Signatures issue on 11.0.3 HOT 2
- Failed step "prepare" of plugin "@semantic-release/npm" due to reading malformed path HOT 13
- ERR_INVALID_AUTH triggered by semantic-release npm despite not having this field set in checkout directory HOT 11
- semantic-release seems publishing twice and causing error. HOT 1
- Security Issue with out of date [email protected] found with SNYK HOT 3
- Array format/style is being changed HOT 3
- improve auth token resolution
- align approach for concatenating `.npmrc` files to better align with default npm behavior
- account for deprecation of `_auth` in existing `.npmrc` files
- Cannot set properties of null (setting 'peer') HOT 4
- npm ERR! log.http is not a function HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from npm.