From c0ef01017f1863e2db0c97f77d2a656c3a94bc02 Mon Sep 17 00:00:00 2001 From: Gar Date: Mon, 18 Jul 2022 13:31:44 -0700 Subject: [PATCH 1/2] deps: @npmcli/config@4.2.0 --- node_modules/@npmcli/config/lib/index.js | 19 +++++++++++++++++-- node_modules/@npmcli/config/package.json | 6 +++--- package-lock.json | 8 ++++---- package.json | 2 +- 4 files changed, 25 insertions(+), 10 deletions(-) diff --git a/node_modules/@npmcli/config/lib/index.js b/node_modules/@npmcli/config/lib/index.js index 5b7ea68e91e36..8c2b181ca9c61 100644 --- a/node_modules/@npmcli/config/lib/index.js +++ b/node_modules/@npmcli/config/lib/index.js @@ -698,9 +698,11 @@ class Config { this.delete(`${nerfed}:_password`, 'user') this.delete(`${nerfed}:username`, 'user') this.delete(`${nerfed}:email`, 'user') + this.delete(`${nerfed}:certfile`, 'user') + this.delete(`${nerfed}:keyfile`, 'user') } - setCredentialsByURI (uri, { token, username, password, email }) { + setCredentialsByURI (uri, { token, username, password, email, certfile, keyfile }) { const nerfed = nerfDart(uri) const def = nerfDart(this.get('registry')) @@ -733,6 +735,11 @@ class Config { this.delete(`${nerfed}:-authtoken`, 'user') this.delete(`${nerfed}:_authtoken`, 'user') this.delete(`${nerfed}:email`, 'user') + if (certfile && keyfile) { + this.set(`${nerfed}:certfile`, certfile, 'user') + this.set(`${nerfed}:keyfile`, keyfile, 'user') + // cert/key may be used in conjunction with other credentials, thus no `else` + } if (token) { this.set(`${nerfed}:_authToken`, token, 'user') this.delete(`${nerfed}:_password`, 'user') @@ -750,7 +757,7 @@ class Config { // protects against shoulder-hacks if password is memorable, I guess? const encoded = Buffer.from(password, 'utf8').toString('base64') this.set(`${nerfed}:_password`, encoded, 'user') - } else { + } else if (!certfile || !keyfile) { throw new Error('No credentials to set.') } } @@ -765,6 +772,14 @@ class Config { creds.email = email } + const certfileReg = this.get(`${nerfed}:certfile`) + const keyfileReg = this.get(`${nerfed}:keyfile`) + if (certfileReg && keyfileReg) { + creds.certfile = certfileReg + creds.keyfile = keyfileReg + // cert/key may be used in conjunction with other credentials, thus no `return` + } + const tokenReg = this.get(`${nerfed}:_authToken`) || this.get(`${nerfed}:_authtoken`) || this.get(`${nerfed}:-authtoken`) || diff --git a/node_modules/@npmcli/config/package.json b/node_modules/@npmcli/config/package.json index 2cc04e05be8c9..2f561c12233dc 100644 --- a/node_modules/@npmcli/config/package.json +++ b/node_modules/@npmcli/config/package.json @@ -1,6 +1,6 @@ { "name": "@npmcli/config", - "version": "4.1.0", + "version": "4.2.0", "files": [ "bin/", "lib/" @@ -31,7 +31,7 @@ }, "devDependencies": { "@npmcli/eslint-config": "^3.0.1", - "@npmcli/template-oss": "3.3.2", + "@npmcli/template-oss": "3.5.0", "tap": "^16.0.1" }, "dependencies": { @@ -49,6 +49,6 @@ }, "templateOSS": { "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.", - "version": "3.3.2" + "version": "3.5.0" } } diff --git a/package-lock.json b/package-lock.json index 65498747bfb82..5f17c532c49bc 100644 --- a/package-lock.json +++ b/package-lock.json @@ -90,7 +90,7 @@ "@isaacs/string-locale-compare": "^1.1.0", "@npmcli/arborist": "^5.0.4", "@npmcli/ci-detect": "^2.0.0", - "@npmcli/config": "^4.1.0", + "@npmcli/config": "^4.2.0", "@npmcli/fs": "^2.1.0", "@npmcli/map-workspaces": "^2.0.3", "@npmcli/package-json": "^2.0.0", @@ -867,9 +867,9 @@ } }, "node_modules/@npmcli/config": { - "version": "4.1.0", - "resolved": "https://registry.npmjs.org/@npmcli/config/-/config-4.1.0.tgz", - "integrity": "sha512-cPQmIQ2Q0vuOfrenrA3isikdMFMAHgzlXV+EmvZ8f2JeJsU5xTU2bG7ipXECiMvPF9nM+QDnMLuIg8QLw9H4xg==", + "version": "4.2.0", + "resolved": "https://registry.npmjs.org/@npmcli/config/-/config-4.2.0.tgz", + "integrity": "sha512-imWNz5dNWb2u+y41jyxL2WB389tkhu3a01Rchn16O/ur6GrnKySgOqdNG3N/9Z+mqxdISMEGKXI/POCauzz0dA==", "inBundle": true, "dependencies": { "@npmcli/map-workspaces": "^2.0.2", diff --git a/package.json b/package.json index 80e7a4fb0f679..f762f7e0ebdc7 100644 --- a/package.json +++ b/package.json @@ -58,7 +58,7 @@ "@isaacs/string-locale-compare": "^1.1.0", "@npmcli/arborist": "^5.0.4", "@npmcli/ci-detect": "^2.0.0", - "@npmcli/config": "^4.1.0", + "@npmcli/config": "^4.2.0", "@npmcli/fs": "^2.1.0", "@npmcli/map-workspaces": "^2.0.3", "@npmcli/package-json": "^2.0.0", From a31b886bdb2f46540d53250eb335af06a42c5d8a Mon Sep 17 00:00:00 2001 From: Gar Date: Mon, 18 Jul 2022 13:32:20 -0700 Subject: [PATCH 2/2] deps: npm-registry-fetch@13.3.0 --- node_modules/npm-registry-fetch/lib/auth.js | 37 ++++++++++++++++++-- node_modules/npm-registry-fetch/lib/index.js | 4 +-- node_modules/npm-registry-fetch/package.json | 2 +- package-lock.json | 8 ++--- package.json | 2 +- 5 files changed, 42 insertions(+), 11 deletions(-) diff --git a/node_modules/npm-registry-fetch/lib/auth.js b/node_modules/npm-registry-fetch/lib/auth.js index 17da6a17d7193..870ce0d923cd0 100644 --- a/node_modules/npm-registry-fetch/lib/auth.js +++ b/node_modules/npm-registry-fetch/lib/auth.js @@ -1,4 +1,5 @@ 'use strict' +const fs = require('fs') const npa = require('npm-package-arg') const { URL } = require('url') @@ -7,7 +8,8 @@ const { URL } = require('url') const regKeyFromURI = (uri, opts) => { const parsed = new URL(uri) // try to find a config key indicating we have auth for this registry - // can be one of :_authToken, :_auth, or :_password and :username + // can be one of :_authToken, :_auth, :_password and :username, or + // :certfile and :keyfile // We walk up the "path" until we're left with just //[:], // stopping when we reach '//'. let regKey = `//${parsed.host}${parsed.pathname}` @@ -26,7 +28,8 @@ const regKeyFromURI = (uri, opts) => { const hasAuth = (regKey, opts) => ( opts[`${regKey}:_authToken`] || opts[`${regKey}:_auth`] || - opts[`${regKey}:username`] && opts[`${regKey}:_password`] + opts[`${regKey}:username`] && opts[`${regKey}:_password`] || + opts[`${regKey}:certfile`] && opts[`${regKey}:keyfile`] ) const sameHost = (a, b) => { @@ -44,6 +47,17 @@ const getRegistry = opts => { return scopeReg || opts.registry } +const maybeReadFile = file => { + try { + return fs.readFileSync(file, 'utf8') + } catch (er) { + if (er.code !== 'ENOENT') { + throw er + } + return null + } +} + const getAuth = (uri, opts = {}) => { const { forceAuth } = opts if (!uri) { @@ -59,6 +73,8 @@ const getAuth = (uri, opts = {}) => { username: forceAuth.username, password: forceAuth._password || forceAuth.password, auth: forceAuth._auth || forceAuth.auth, + certfile: forceAuth.certfile, + keyfile: forceAuth.keyfile, }) } @@ -82,6 +98,8 @@ const getAuth = (uri, opts = {}) => { [`${regKey}:username`]: username, [`${regKey}:_password`]: password, [`${regKey}:_auth`]: auth, + [`${regKey}:certfile`]: certfile, + [`${regKey}:keyfile`]: keyfile, } = opts return new Auth({ @@ -90,15 +108,19 @@ const getAuth = (uri, opts = {}) => { auth, username, password, + certfile, + keyfile, }) } class Auth { - constructor ({ token, auth, username, password, scopeAuthKey }) { + constructor ({ token, auth, username, password, scopeAuthKey, certfile, keyfile }) { this.scopeAuthKey = scopeAuthKey this.token = null this.auth = null this.isBasicAuth = false + this.cert = null + this.key = null if (token) { this.token = token } else if (auth) { @@ -108,6 +130,15 @@ class Auth { this.auth = Buffer.from(`${username}:${p}`, 'utf8').toString('base64') this.isBasicAuth = true } + // mTLS may be used in conjunction with another auth method above + if (certfile && keyfile) { + const cert = maybeReadFile(certfile, 'utf-8') + const key = maybeReadFile(keyfile, 'utf-8') + if (cert && key) { + this.cert = cert + this.key = key + } + } } } diff --git a/node_modules/npm-registry-fetch/lib/index.js b/node_modules/npm-registry-fetch/lib/index.js index c788febc33afb..cc331a50c0963 100644 --- a/node_modules/npm-registry-fetch/lib/index.js +++ b/node_modules/npm-registry-fetch/lib/index.js @@ -112,10 +112,10 @@ function regFetch (uri, /* istanbul ignore next */ opts_ = {}) { cache: getCacheMode(opts), cachePath: opts.cache, ca: opts.ca, - cert: opts.cert, + cert: auth.cert || opts.cert, headers, integrity: opts.integrity, - key: opts.key, + key: auth.key || opts.key, localAddress: opts.localAddress, maxSockets: opts.maxSockets, memoize: opts.memoize, diff --git a/node_modules/npm-registry-fetch/package.json b/node_modules/npm-registry-fetch/package.json index 5f19697c3b19d..8a0189a9ef74d 100644 --- a/node_modules/npm-registry-fetch/package.json +++ b/node_modules/npm-registry-fetch/package.json @@ -1,6 +1,6 @@ { "name": "npm-registry-fetch", - "version": "13.2.0", + "version": "13.3.0", "description": "Fetch-based http client for use with npm registry APIs", "main": "lib", "files": [ diff --git a/package-lock.json b/package-lock.json index 5f17c532c49bc..64c8c9e16c071 100644 --- a/package-lock.json +++ b/package-lock.json @@ -135,7 +135,7 @@ "npm-package-arg": "^9.1.0", "npm-pick-manifest": "^7.0.1", "npm-profile": "^6.2.0", - "npm-registry-fetch": "^13.2.0", + "npm-registry-fetch": "^13.3.0", "npm-user-validate": "^1.0.1", "npmlog": "^6.0.2", "opener": "^1.5.2", @@ -5188,9 +5188,9 @@ } }, "node_modules/npm-registry-fetch": { - "version": "13.2.0", - "resolved": "https://registry.npmjs.org/npm-registry-fetch/-/npm-registry-fetch-13.2.0.tgz", - "integrity": "sha512-NEKnK02Co31+cnDtnAvEdq9xn6E9yKPK/aOHXZieVbw/qVOcFd7su6kviZjImYoszjM2GykMfGMiyyPUQjUkag==", + "version": "13.3.0", + "resolved": "https://registry.npmjs.org/npm-registry-fetch/-/npm-registry-fetch-13.3.0.tgz", + "integrity": "sha512-10LJQ/1+VhKrZjIuY9I/+gQTvumqqlgnsCufoXETHAPFTS3+M+Z5CFhZRDHGavmJ6rOye3UvNga88vl8n1r6gg==", "inBundle": true, "dependencies": { "make-fetch-happen": "^10.0.6", diff --git a/package.json b/package.json index f762f7e0ebdc7..a88e9f74b964b 100644 --- a/package.json +++ b/package.json @@ -103,7 +103,7 @@ "npm-package-arg": "^9.1.0", "npm-pick-manifest": "^7.0.1", "npm-profile": "^6.2.0", - "npm-registry-fetch": "^13.2.0", + "npm-registry-fetch": "^13.3.0", "npm-user-validate": "^1.0.1", "npmlog": "^6.0.2", "opener": "^1.5.2",