search

cmanzana / node-publish

MIT License
13 stars 7 forks source link

Use `npm-registry-client` #14

Open piranna opened 8 years ago

piranna commented 8 years ago

Instead of use npm, use instead its internal dependency npm-registry-client to publish the packages. It seems it would be mostly just a call to the .publish() method, only that with all the security checks that are done by the node-publish package. Also, this would allow to use a token as credential instead of the username-password-email combo.

piranna commented 8 years ago

With latest publish I got the next error:

assert.js:89
  throw new assert.AssertionError({
  ^
AssertionError: must pass params to adduser
    at CachingRegistryClient.adduser (/home/runner/nodejs/node_modules/npm/node_modules/npm-registry-client/lib/adduser.js:8:3)
    at npmAddUser (/home/runner/nodejs/node_modules/publish/index.js:113:18)
    at /home/runner/nodejs/node_modules/publish/index.js:68:29
    at /home/runner/nodejs/node_modules/publish/index.js:40:15
    at /home/runner/nodejs/node_modules/npm/lib/view.js:144:28
    at saved (/home/runner/nodejs/node_modules/npm/lib/cache/caching-client.js:173:7)
    at /home/runner/nodejs/node_modules/npm/node_modules/graceful-fs/polyfills.js:210:7
    at FSReqWrap.oncomplete (fs.js:82:15)

Reviewing that error I've found that's being used the latest version of npm-registry-client that has some changes on the signature and that's why it's failling, so only solution is to fix node-publish to use it directly and deprecate usage of npm dependency, since it has been advised to don't depend on it since its API will not follow semantic versioning.

piranna commented 8 years ago

I have been trying to fix the current code base but seems it's more difficult what I though, I think it will need almost a complete rewrite from scratch because seems they have changed the login mechanism and variables... npm-registry-client seems easy to use, but the most challenguing problem will be to generate the pack tar.gz since npm pack has not been yet moved to an isolated module :-(

mooyoul commented 6 years ago

@piranna I've created publishable to deal with npm 5+ environment.

It based on wonderful pacote package, which is npm is using. so this package will work with not only npm but also alternative registry, and it also supports NPM_TOKEN by reading .npmrc configuration file.

anyway, you can migrate your ci workflow by changing like this: suppose you have this this npm script definition: 

{
  "script": {
    "ci:deploy": "deploy"
  }
}

install publishable-cli and simply change script like this: 

{
  "script": {
    "ci:deploy": "publishable && npm deploy"
  }
}

Hope this helps.

piranna commented 6 years ago

Thanks for the update! :-)