fix(publish): check publishConfig after prepublish script

If the publishConfig changes during prepublish we want to use that info to tell the user if they need to be logged in or not
npm · Feb 4, 2021 · 5de5dc4 · 5de5dc4
1 parent 4750c3c
commit 5de5dc4
Show file tree

Hide file tree

Showing 2 changed files with 41 additions and 32 deletions.
diff --git a/lib/publish.js b/lib/publish.js
@@ -72,24 +72,12 @@ const publish_ = async (arg, opts) => {
   // you can publish name@version, ./foo.tgz, etc.
   // even though the default is the 'file:.' cwd.
   const spec = npa(arg)
-  const manifest = await getManifest(spec, opts)
+
+  let manifest = await getManifest(spec, opts)
 
   if (manifest.publishConfig)
     Object.assign(opts, publishConfigToOpts(manifest.publishConfig))
 
-  const resolved = npa.resolve(manifest.name, manifest.version)
-  const registry = npmFetch.pickRegistry(resolved, opts)
-
-  console.log(`picked registry ${registry}`)
-  if (!dryRun) {
-    const creds = npm.config.getCredentialsByURI(registry)
-    if (!creds.token && !creds.username) {
-      throw Object.assign(new Error('This command requires you to be logged in.'), {
-        code: 'ENEEDAUTH',
-      })
-    }
-  }
-
   // only run scripts for directory type publishes
   if (spec.type === 'directory') {
     await runScript({
@@ -103,18 +91,27 @@ const publish_ = async (arg, opts) => {
   const tarballData = await pack(spec, opts)
   const pkgContents = await getContents(manifest, tarballData)
 
+  // The purpose of re-reading the manifest is in case it changed,
+  // so that we send the latest and greatest thing to the registry
+  // note that publishConfig might have changed as well!
+  manifest = await getManifest(spec, opts)
+  if (manifest.publishConfig)
+    Object.assign(opts, publishConfigToOpts(manifest.publishConfig))
+
   // note that logTar calls npmlog.notice(), so if we ARE in silent mode,
   // this will do nothing, but we still want it in the debuglog if it fails.
   if (!json)
     logTar(pkgContents, { log, unicode })
 
   if (!dryRun) {
-    // The purpose of re-reading the manifest is in case it changed,
-    // so that we send the latest and greatest thing to the registry
-    // note that publishConfig might have changed as well!
-    const manifest = await getManifest(spec, opts)
-    if (manifest.publishConfig)
-      Object.assign(opts, publishConfigToOpts(manifest.publishConfig))
+    const resolved = npa.resolve(manifest.name, manifest.version)
+    const registry = npmFetch.pickRegistry(resolved, opts)
+    const creds = npm.config.getCredentialsByURI(registry)
+    if (!creds.token && !creds.username) {
+      throw Object.assign(new Error('This command requires you to be logged in.'), {
+        code: 'ENEEDAUTH',
+      })
+    }
     await otplease(opts, opts => libpub(manifest, tarballData, opts))
   }
 

diff --git a/test/lib/publish.js b/test/lib/publish.js
@@ -27,12 +27,20 @@ const config = {
   },
 }
 
+const registryCredentials = (t, registry) => {
+  return (uri) => {
+    t.same(uri, registry, 'gets credentials for expected registry')
+    return credentials[uri]
+  }
+}
+
 const fs = require('fs')
 
 t.test('should publish with libnpmpublish, respecting publishConfig', (t) => {
-  t.plan(5)
+  t.plan(6)
 
-  const publishConfig = { registry: 'https://some.registry' }
+  const registry = 'https://some.registry'
+  const publishConfig = { registry }
   const testDir = t.testdir({
     'package.json': JSON.stringify({
       name: 'my-cool-pkg',
@@ -46,9 +54,12 @@ t.test('should publish with libnpmpublish, respecting publishConfig', (t) => {
       flatOptions: {
         json: true,
         defaultTag: 'latest',
-        registry: 'https://registry.npmjs.org',
+        registry,
+      },
+      config: {
+        ...config,
+        getCredentialsByURI: registryCredentials(t, registry),
       },
-      config,
     },
     '../../lib/utils/tar.js': {
       getContents: () => ({
@@ -87,8 +98,9 @@ t.test('should publish with libnpmpublish, respecting publishConfig', (t) => {
 })
 
 t.test('re-loads publishConfig if added during script process', (t) => {
-  t.plan(5)
-  const publishConfig = { registry: 'https://some.registry' }
+  t.plan(6)
+  const registry = 'https://some.registry'
+  const publishConfig = { registry }
   const testDir = t.testdir({
     'package.json': JSON.stringify({
       name: 'my-cool-pkg',
@@ -103,7 +115,10 @@ t.test('re-loads publishConfig if added during script process', (t) => {
         defaultTag: 'latest',
         registry: 'https://registry.npmjs.org/',
       },
-      config,
+      config: {
+        ...config,
+        getCredentialsByURI: registryCredentials(t, registry),
+      },
     },
     '../../lib/utils/tar.js': {
       getContents: () => ({
@@ -128,7 +143,7 @@ t.test('re-loads publishConfig if added during script process', (t) => {
         t.match(manifest, { name: 'my-cool-pkg', version: '1.0.0' }, 'gets manifest')
         t.isa(tarData, Buffer, 'tarData is a buffer')
         t.ok(opts, 'gets opts object')
-        t.same(opts.registry, publishConfig.registry, 'publishConfig is passed through')
+        t.same(opts.registry, registry, 'publishConfig is passed through')
       },
     },
   })
@@ -417,10 +432,7 @@ t.test('should check auth for scope specific registry', t => {
       },
       config: {
         ...config,
-        getCredentialsByURI: (uri) => {
-          t.same(uri, registry, 'gets credentials for scope specific registry')
-          return credentials[uri]
-        },
+        getCredentialsByURI: registryCredentials(t, registry),
       },
     },
     '../../lib/utils/tar.js': {