From 57015047b2120c3b8e5b1e8c4d2272820c587d83 Mon Sep 17 00:00:00 2001
From: Rhys Arkins <rhys@arkins.net>
Date: Wed, 21 Apr 2021 09:04:07 +0200
Subject: [PATCH] feat: drop NPM_TOKEN support (#9391)

Removes support for NPM_TOKEN.

BREAKING CHANGE: Do not use NPM_TOKEN in env to configure npm authentication. Configure hostRules instead.
---
 docs/usage/private-modules.md                 |  2 +-
 lib/config/presets/npm/index.spec.ts          |  1 -
 .../npm/__snapshots__/index.spec.ts.snap      | 39 -------------------
 lib/datasource/npm/index.spec.ts              | 16 --------
 lib/datasource/npm/npmrc.spec.ts              |  1 -
 lib/datasource/npm/npmrc.ts                   |  5 ---
 lib/manager/npm/post-update/lerna.ts          |  1 -
 lib/manager/npm/post-update/npm.ts            |  1 -
 lib/manager/npm/post-update/pnpm.ts           |  1 -
 lib/manager/npm/post-update/yarn.ts           |  1 -
 10 files changed, 1 insertion(+), 67 deletions(-)

diff --git a/docs/usage/private-modules.md b/docs/usage/private-modules.md
index 44d95db472515c..2c8e596f774dc9 100644
--- a/docs/usage/private-modules.md
+++ b/docs/usage/private-modules.md
@@ -64,7 +64,7 @@ module.exports = {
 };
 ```
 
-**NOTE:** Do not use `NPM_TOKEN` as an environment variable, it's incompatible with `hostRules` and will be deprecated soon.
+**NOTE:** Do not use `NPM_TOKEN` as an environment variable.
 
 ### Commit .npmrc file into repository
 
diff --git a/lib/config/presets/npm/index.spec.ts b/lib/config/presets/npm/index.spec.ts
index 931ae3d39d6c60..fa5bd9afd76e95 100644
--- a/lib/config/presets/npm/index.spec.ts
+++ b/lib/config/presets/npm/index.spec.ts
@@ -7,7 +7,6 @@ jest.mock('registry-auth-token');
 jest.mock('delay');
 
 describe(getName(__filename), () => {
-  delete process.env.NPM_TOKEN;
   beforeEach(() => {
     jest.resetAllMocks();
     setAdminConfig();
diff --git a/lib/datasource/npm/__snapshots__/index.spec.ts.snap b/lib/datasource/npm/__snapshots__/index.spec.ts.snap
index 85d618101b79ab..ac9065cc23dea7 100644
--- a/lib/datasource/npm/__snapshots__/index.spec.ts.snap
+++ b/lib/datasource/npm/__snapshots__/index.spec.ts.snap
@@ -519,45 +519,6 @@ Array [
 ]
 `;
 
-exports[`datasource/npm/index should use NPM_TOKEN if provided 1`] = `
-Object {
-  "name": "@foobar/core",
-  "registryUrl": "https://registry.npmjs.org/",
-  "releases": Array [
-    Object {
-      "releaseTimestamp": "2018-05-06T05:21:53.000Z",
-      "version": "0.0.1",
-    },
-    Object {
-      "releaseTimestamp": "2018-05-07T05:21:53.000Z",
-      "version": "0.0.2",
-    },
-  ],
-  "sourceDirectory": "src/a",
-  "sourceUrl": "https://github.com/renovateapp/dummy",
-  "tags": Object {
-    "latest": "0.0.1",
-  },
-  "versions": Object {},
-}
-`;
-
-exports[`datasource/npm/index should use NPM_TOKEN if provided 2`] = `
-Array [
-  Object {
-    "headers": Object {
-      "accept": "application/json",
-      "accept-encoding": "gzip, deflate, br",
-      "authorization": "Bearer some-token",
-      "host": "registry.npmjs.org",
-      "user-agent": "https://github.com/renovatebot/renovate",
-    },
-    "method": "GET",
-    "url": "https://registry.npmjs.org/@foobar%2Fcore",
-  },
-]
-`;
-
 exports[`datasource/npm/index should use default registry if missing from npmrc 1`] = `
 Object {
   "name": "foobar",
diff --git a/lib/datasource/npm/index.spec.ts b/lib/datasource/npm/index.spec.ts
index a4979577cf60cb..1b630c14be2635 100644
--- a/lib/datasource/npm/index.spec.ts
+++ b/lib/datasource/npm/index.spec.ts
@@ -15,7 +15,6 @@ const registryAuthToken: jest.Mock<_registryAuthToken.NpmCredentials> = _registr
 let npmResponse: any;
 
 describe(getName(__filename), () => {
-  delete process.env.NPM_TOKEN;
   beforeEach(() => {
     jest.resetAllMocks();
     httpMock.setup();
@@ -269,21 +268,6 @@ describe(getName(__filename), () => {
     expect(httpMock.getTrace()).toMatchSnapshot();
   });
 
-  it('should use NPM_TOKEN if provided', async () => {
-    httpMock
-      .scope('https://registry.npmjs.org', {
-        reqheaders: { authorization: 'Bearer some-token' },
-      })
-      .get('/@foobar%2Fcore')
-      .reply(200, { ...npmResponse, name: '@foobar/core' });
-    const oldToken = process.env.NPM_TOKEN;
-    process.env.NPM_TOKEN = 'some-token';
-    const res = await getPkgReleases({ datasource, depName: '@foobar/core' });
-    process.env.NPM_TOKEN = oldToken;
-    expect(res).toMatchSnapshot();
-    expect(httpMock.getTrace()).toMatchSnapshot();
-  });
-
   it('should use host rules by hostName if provided', async () => {
     hostRules.add({
       hostType: 'npm',
diff --git a/lib/datasource/npm/npmrc.spec.ts b/lib/datasource/npm/npmrc.spec.ts
index d340093435907f..186e4969726351 100644
--- a/lib/datasource/npm/npmrc.spec.ts
+++ b/lib/datasource/npm/npmrc.spec.ts
@@ -9,7 +9,6 @@ const sanitize = mocked(_sanitize);
 
 describe(getName(__filename), () => {
   beforeEach(() => {
-    delete process.env.NPM_TOKEN;
     setNpmrc('');
     setAdminConfig();
     jest.resetAllMocks();
diff --git a/lib/datasource/npm/npmrc.ts b/lib/datasource/npm/npmrc.ts
index 7afc4c89b13e52..dae13dfca01852 100644
--- a/lib/datasource/npm/npmrc.ts
+++ b/lib/datasource/npm/npmrc.ts
@@ -129,11 +129,6 @@ export function resolvePackage(packageName: string): PackageResolution {
       { token: maskToken(authInfo.token), npmName: packageName },
       'Using auth (via npmrc) for npm lookup'
     );
-  } else if (process.env.NPM_TOKEN && process.env.NPM_TOKEN !== 'undefined') {
-    logger.warn(
-      'Support for NPM_TOKEN in env will be dropped in the next major release'
-    );
-    headers.authorization = `Bearer ${process.env.NPM_TOKEN}`;
   }
   return { headers, packageUrl, registryUrl };
 }
diff --git a/lib/manager/npm/post-update/lerna.ts b/lib/manager/npm/post-update/lerna.ts
index 08cfc8be3d4c6c..acba413c40c108 100644
--- a/lib/manager/npm/post-update/lerna.ts
+++ b/lib/manager/npm/post-update/lerna.ts
@@ -99,7 +99,6 @@ export async function generateLockFiles(
     if (getAdminConfig().trustLevel === 'high') {
       execOptions.extraEnv.NPM_AUTH = env.NPM_AUTH;
       execOptions.extraEnv.NPM_EMAIL = env.NPM_EMAIL;
-      execOptions.extraEnv.NPM_TOKEN = env.NPM_TOKEN;
     }
     if (config.dockerMapDotfiles) {
       const homeDir =
diff --git a/lib/manager/npm/post-update/npm.ts b/lib/manager/npm/post-update/npm.ts
index d3e43876605615..0025d620fe4c76 100644
--- a/lib/manager/npm/post-update/npm.ts
+++ b/lib/manager/npm/post-update/npm.ts
@@ -74,7 +74,6 @@ export async function generateLockFile(
     if (getAdminConfig().trustLevel === 'high') {
       execOptions.extraEnv.NPM_AUTH = env.NPM_AUTH;
       execOptions.extraEnv.NPM_EMAIL = env.NPM_EMAIL;
-      execOptions.extraEnv.NPM_TOKEN = env.NPM_TOKEN;
     }
     if (config.dockerMapDotfiles) {
       const homeDir =
diff --git a/lib/manager/npm/post-update/pnpm.ts b/lib/manager/npm/post-update/pnpm.ts
index 7816267e786744..6541a412870a23 100644
--- a/lib/manager/npm/post-update/pnpm.ts
+++ b/lib/manager/npm/post-update/pnpm.ts
@@ -53,7 +53,6 @@ export async function generateLockFile(
     if (getAdminConfig().trustLevel === 'high') {
       execOptions.extraEnv.NPM_AUTH = env.NPM_AUTH;
       execOptions.extraEnv.NPM_EMAIL = env.NPM_EMAIL;
-      execOptions.extraEnv.NPM_TOKEN = env.NPM_TOKEN;
     }
     if (config.dockerMapDotfiles) {
       const homeDir =
diff --git a/lib/manager/npm/post-update/yarn.ts b/lib/manager/npm/post-update/yarn.ts
index e179f717703ead..34aed8c7cdbf68 100644
--- a/lib/manager/npm/post-update/yarn.ts
+++ b/lib/manager/npm/post-update/yarn.ts
@@ -124,7 +124,6 @@ export async function generateLockFile(
     if (getAdminConfig().trustLevel === 'high') {
       execOptions.extraEnv.NPM_AUTH = env.NPM_AUTH;
       execOptions.extraEnv.NPM_EMAIL = env.NPM_EMAIL;
-      execOptions.extraEnv.NPM_TOKEN = env.NPM_TOKEN;
     }
     if (config.dockerMapDotfiles) {
       const homeDir =