feat(npm): remove ~/.npmrc support (#9400)

Drops support for reading `.npmrc` from the bot's home directory. BREAKING CHANGE: Renovate will no longer read from ~/.npmrc. Configure `npmrc` in config instead.
renovatebot · Apr 22, 2021 · e7b5be9 · e7b5be9
1 parent 13ece70
commit e7b5be9
Show file tree

Hide file tree

Showing 6 changed files with 9 additions and 24 deletions.
diff --git a/docs/development/local-development.md b/docs/development/local-development.md
@@ -75,7 +75,6 @@ The Renovate project uses the [Yarn](https://github.com/yarnpkg/yarn) package ma
 
 To ensure everything is working properly on your end, you must:
 
-1. Make sure you don't have a local `.npmrc` file that overrides npm's default registry
 1. Install all dependencies with `yarn install`
 1. Make a build with `yarn build`, which should pass with no errors
 1. Verify all tests pass and have 100% test coverage, by running `yarn test`

diff --git a/docs/usage/private-modules.md b/docs/usage/private-modules.md
@@ -33,8 +33,6 @@ The recommended approaches in order of preference are:
 
 **Self-hosted hostRules**: Configure a hostRules entry in the bot's `config.js` with the `hostType`, `hostName` and `token` specified
 
-**Self-hosted .npmrc**: copy an `.npmrc` file to the home dir of the bot.
-
 **Renovate App with private modules from npmjs.org**: Add an encrypted `npmToken` to your Renovate config
 
 **Renovate App with a private registry**: Add an unencrypted `npmrc` plus an encrypted `npmToken` in config
@@ -66,21 +64,9 @@ module.exports = {
 
 **NOTE:** Do not use `NPM_TOKEN` as an environment variable.
 
-### Commit .npmrc file into repository
-
-One approach that many projects use for private repositories is to simply check in an authenticated `.npmrc` into the repository that is then shared between all developers.
-Therefore anyone running `npm install` or `yarn install` from the project root will be automatically authenticated with npm without having to distribute npm logins to every developer and make sure they've run `npm login` first before installing.
-
-The good news is that this works for Renovate too.
-If Renovate detects a `.npmrc` or `.yarnrc` file then it will use it for its install.
-
-Does not work if using binarySource=docker.
-_This method will be deprecated soon_
-
 ### Add npmrc string to Renovate config
 
-The above solution maybe have a downside that all users of the repository (e.g. developers) will also use any `.npmrc` that is checked into the repository, instead of their own one in `~/.npmrc`.
-To avoid this, you can instead add your `.npmrc` authentication line to your Renovate config under the field `npmrc`. e.g. a `renovate.json` might look like this:
+You can add an `.npmrc` authentication line to your Renovate config under the field `npmrc`. e.g. a `renovate.json` might look like this:
 
 ```json
 {

diff --git a/lib/datasource/npm/__snapshots__/index.spec.ts.snap b/lib/datasource/npm/__snapshots__/index.spec.ts.snap
@@ -522,7 +522,7 @@ Array [
 exports[`datasource/npm/index should use default registry if missing from npmrc 1`] = `
 Object {
   "name": "foobar",
-  "registryUrl": "https://registry.npmjs.org",
+  "registryUrl": "https://registry.npmjs.org/",
   "releases": Array [
     Object {
       "releaseTimestamp": "2018-05-06T05:21:53.000Z",

diff --git a/lib/datasource/npm/index.spec.ts b/lib/datasource/npm/index.spec.ts
@@ -314,7 +314,7 @@ describe(getName(__filename), () => {
     setNpmrc(npmrcContent);
     setNpmrc(npmrcContent);
     setNpmrc();
-    expect(getNpmrc()).toBeNull();
+    expect(getNpmrc()).toEqual({});
   });
 
   it('should use default registry if missing from npmrc', async () => {

diff --git a/lib/datasource/npm/npmrc.spec.ts b/lib/datasource/npm/npmrc.spec.ts
@@ -51,6 +51,6 @@ describe(getName(__filename), () => {
   it('ignores localhost', () => {
     setNpmrc(`registry=http://localhost`);
     expect(sanitize.add).toHaveBeenCalledTimes(0);
-    expect(getNpmrc()).toBeNull();
+    expect(getNpmrc()).toEqual({});
   });
 });
diff --git a/lib/datasource/npm/npmrc.ts b/lib/datasource/npm/npmrc.ts
@@ -9,8 +9,8 @@ import type { OutgoingHttpHeaders } from '../../util/http/types';
 import { maskToken } from '../../util/mask';
 import { add } from '../../util/sanitize';
 
-let npmrc: Record<string, any> | null = null;
-let npmrcRaw: string;
+let npmrc: Record<string, any> = {};
+let npmrcRaw = '';
 
 export type Npmrc = Record<string, any>;
 
@@ -89,8 +89,8 @@ export function setNpmrc(input?: string): void {
     }
   } else if (npmrc) {
     logger.debug('Resetting npmrc');
-    npmrc = null;
-    npmrcRaw = null;
+    npmrc = {};
+    npmrcRaw = '';
   }
 }
 
@@ -106,7 +106,7 @@ export function resolvePackage(packageName: string): PackageResolution {
   try {
     registryUrl = getRegistryUrl(scope, getNpmrc());
   } catch (err) {
-    registryUrl = 'https://registry.npmjs.org';
+    registryUrl = 'https://registry.npmjs.org/';
   }
   const packageUrl = url.resolve(
     registryUrl,