Skip to content

Commit 54220dd

Browse files
ryanbas21claudeAndarist
authored
Conditionally append NPM_TOKEN to .npmrc (#545)
* fix: conditionally append NPM_TOKEN to .npmrc for trusted publishing support The .npmrc generation now intelligently handles both traditional NPM token authentication and trusted publishing scenarios: - Only appends auth token to .npmrc when NPM_TOKEN is defined (not undefined) - Uses strict comparison (!== undefined) instead of truthy checks - Provides informative logging when no NPM_TOKEN is present - Maintains full backward compatibility with existing workflows This fixes issues with trusted publishing where OIDC tokens from GitHub Actions are used instead of NPM_TOKEN, preventing 'undefined' from being written to the registry auth configuration. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <[email protected]> * Update src/index.ts Co-authored-by: Mateusz Burzyński <[email protected]> * simplify * tweak changeset --------- Co-authored-by: Claude <[email protected]> Co-authored-by: Mateusz Burzyński <[email protected]>
1 parent 5e0dfa5 commit 54220dd

File tree

2 files changed

+33
-19
lines changed

2 files changed

+33
-19
lines changed
Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,5 @@
1+
---
2+
"@changesets/action": patch
3+
---
4+
5+
The `.npmrc` generation now intelligently handles both traditional NPM token authentication and trusted publishing scenarios by only appending the auth token when `NPM_TOKEN` is defined. This prevents 'undefined' from being written to the registry configuration when using OIDC tokens from GitHub Actions trusted publishing.

src/index.ts

Lines changed: 28 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -67,32 +67,41 @@ const getOptionalInput = (name: string) => core.getInput(name) || undefined;
6767
"No changesets found. Attempting to publish any unpublished packages to npm"
6868
);
6969

70-
let userNpmrcPath = `${process.env.HOME}/.npmrc`;
71-
if (await fileExists(userNpmrcPath)) {
72-
core.info("Found existing user .npmrc file");
73-
const userNpmrcContent = await fs.readFile(userNpmrcPath, "utf8");
74-
const authLine = userNpmrcContent.split("\n").find((line) => {
75-
// check based on https://github.com/npm/cli/blob/8f8f71e4dd5ee66b3b17888faad5a7bf6c657eed/test/lib/adduser.js#L103-L105
76-
return /^\s*\/\/registry\.npmjs\.org\/:[_-]authToken=/i.test(line);
77-
});
78-
if (authLine) {
79-
core.info(
80-
"Found existing auth token for the npm registry in the user .npmrc file"
81-
);
70+
if (process.env.NPM_TOKEN) {
71+
const userNpmrcPath = `${process.env.HOME}/.npmrc`;
72+
73+
if (await fileExists(userNpmrcPath)) {
74+
core.info("Found existing user .npmrc file");
75+
const userNpmrcContent = await fs.readFile(userNpmrcPath, "utf8");
76+
const authLine = userNpmrcContent.split("\n").find((line) => {
77+
// check based on https://github.com/npm/cli/blob/8f8f71e4dd5ee66b3b17888faad5a7bf6c657eed/test/lib/adduser.js#L103-L105
78+
return /^\s*\/\/registry\.npmjs\.org\/:[_-]authToken=/i.test(line);
79+
});
80+
if (authLine) {
81+
core.info(
82+
"Found existing auth token for the npm registry in the user .npmrc file"
83+
);
84+
} else {
85+
core.info(
86+
"Didn't find existing auth token for the npm registry in the user .npmrc file, creating one"
87+
);
88+
await fs.appendFile(
89+
userNpmrcPath,
90+
`\n//registry.npmjs.org/:_authToken=${process.env.NPM_TOKEN}\n`
91+
);
92+
}
8293
} else {
8394
core.info(
84-
"Didn't find existing auth token for the npm registry in the user .npmrc file, creating one"
95+
"No user .npmrc file found, creating one with NPM_TOKEN used as auth token"
8596
);
86-
await fs.appendFile(
97+
await fs.writeFile(
8798
userNpmrcPath,
88-
`\n//registry.npmjs.org/:_authToken=${process.env.NPM_TOKEN}\n`
99+
`//registry.npmjs.org/:_authToken=${process.env.NPM_TOKEN}\n`
89100
);
90101
}
91102
} else {
92-
core.info("No user .npmrc file found, creating one");
93-
await fs.writeFile(
94-
userNpmrcPath,
95-
`//registry.npmjs.org/:_authToken=${process.env.NPM_TOKEN}\n`
103+
core.info(
104+
"No NPM_TOKEN found - assuming trusted publishing or npm is already authenticated"
96105
);
97106
}
98107

0 commit comments

Comments
 (0)