Is there an existing issue for this?
Current Behavior
Whenever we set the proxy in our config through CLI command
npm config set proxy "http://username:password@servername:port/"
It is stored in plain text in our config, so whenever we fire the following command
npm get proxy
the sensitive information like password is shown on CLI, which I think is a security vulnerability.
Also, the password is also stored in your local config file as a plain text.
Expected Behavior
When npm get proxy is fired, the password should not be shown or should be encrypted. Password in your local npm config file also should be encrypted.
Steps To Reproduce
first run the command to setup your proxy for npm
npm config set proxy "http://domain\username:password@servername:port/"
then run
npm get proxy
Environment
- OS: Windows
- Node: 12.16.3
- npm: 6.14.4
Is there an existing issue for this?
Current Behavior
Whenever we set the proxy in our config through CLI command
npm config set proxy "http://username:password@servername:port/"It is stored in plain text in our config, so whenever we fire the following command
npm get proxythe sensitive information like password is shown on CLI, which I think is a security vulnerability.
Also, the password is also stored in your local config file as a plain text.
Expected Behavior
When
npm get proxyis fired, the password should not be shown or should be encrypted. Password in your local npm config file also should be encrypted.Steps To Reproduce
first run the command to setup your proxy for npm
npm config set proxy "http://domain\username:password@servername:port/"then run
npm get proxyEnvironment