Skip to content

fix: Update publish /w provenance to ignore pkg vis 404 #6437

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
May 10, 2023
Merged

fix: Update publish /w provenance to ignore pkg vis 404 #6437

merged 4 commits into from
May 10, 2023

Conversation

@feelepxyz
Copy link
Contributor

@feelepxyz feelepxyz commented May 9, 2023

Some registries (e.g. GH packages) require auth to check visibility, and always return 404 when no auth is supplied. In this case we assume the package is always private and require --access public to publish.

I've also updated this to only perform a visibility check when this is actually needed (i.e. when provenance is true and access is not public).

Fixes #6436

feelepxyz added 2 commits May 9, 2023 15:50
@feelepxyz
Update publish /w provenance to ignore pkg vis 404
42c0ed2 
Some registries (e.g. GH packages) require auth to check visibility,
and always return 404 when no auth is supplied. In this case we assume
the package is always private and require `--access public` to publish.

I've also updated this to only perform a visibility check when this is
actually needed (i.e. when `provenance` is true and `access` is not `public`).

Fixes #6436

Signed-off-by: Philip Harrison <[email protected]>
@feelepxyz
Add exception case
4c11966 
Signed-off-by: Philip Harrison <[email protected]>
@feelepxyz feelepxyz changed the title Update publish /w provenance to ignore pkg vis 404 fix: Update publish /w provenance to ignore pkg vis 404 May 9, 2023
feelepxyz added 2 commits May 9, 2023 16:05
@feelepxyz
Fix nock
266b502 
Signed-off-by: Philip Harrison <[email protected]>
@feelepxyz
Fix tests
851396d 
Signed-off-by: Philip Harrison <[email protected]>
@feelepxyz feelepxyz marked this pull request as ready for review May 10, 2023 10:45
@feelepxyz feelepxyz requested a review from a team as a code owner May 10, 2023 10:45
@wraithgar wraithgar merged commit f064696 into npm:latest May 10, 2023
@github-actions github-actions bot mentioned this pull request May 15, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@wraithgar wraithgar wraithgar approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[BUG] Package visibility fails on GH packages with provenance

2 participants

@feelepxyz @wraithgar