From 30f899abdb7a7fd7c9ec779a17fb42daf830594a Mon Sep 17 00:00:00 2001 From: Jamie Magee Date: Wed, 28 Feb 2024 13:21:05 -0800 Subject: [PATCH 1/2] Only use credentials which have `registry` configured --- .../dependabot/npm_and_yarn/update_checker/registry_finder.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/npm_and_yarn/lib/dependabot/npm_and_yarn/update_checker/registry_finder.rb b/npm_and_yarn/lib/dependabot/npm_and_yarn/update_checker/registry_finder.rb index aec49204bd..cb3ad6fa02 100644 --- a/npm_and_yarn/lib/dependabot/npm_and_yarn/update_checker/registry_finder.rb +++ b/npm_and_yarn/lib/dependabot/npm_and_yarn/update_checker/registry_finder.rb @@ -156,7 +156,7 @@ def known_registries begin registries = [] registries += credentials - .select { |cred| cred["type"] == "npm_registry" } + .select { |cred| cred["type"] == "npm_registry" && cred["registry"] } .tap { |arr| arr.each { |c| c["token"] ||= nil } } registries += npmrc_registries registries += yarnrc_registries From 4b063566dda019729a2a497900b581e3b284989b Mon Sep 17 00:00:00 2001 From: Jamie Magee Date: Wed, 28 Feb 2024 13:42:27 -0800 Subject: [PATCH 2/2] Add a unit test --- .../update_checker/registry_finder_spec.rb | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/npm_and_yarn/spec/dependabot/npm_and_yarn/update_checker/registry_finder_spec.rb b/npm_and_yarn/spec/dependabot/npm_and_yarn/update_checker/registry_finder_spec.rb index 21b17e93ff..5f98176ebc 100644 --- a/npm_and_yarn/spec/dependabot/npm_and_yarn/update_checker/registry_finder_spec.rb +++ b/npm_and_yarn/spec/dependabot/npm_and_yarn/update_checker/registry_finder_spec.rb @@ -403,6 +403,17 @@ it { is_expected.to eq("registry.npmjs.org") } end + + context "with credentials that don't have a registry" do + before do + credentials << Dependabot::Credential.new({ + "type" => "npm_registry", + "registry" => nil + }) + end + + it { is_expected.to eq("registry.npmjs.org") } + end end describe "#auth_headers" do