diff --git a/lib/datasource/npm/npmrc.js b/lib/datasource/npm/npmrc.js
index 12e1d8f9818f8187785ec4f661624f6dabfef1bf..a73bf75012e986509bcda0c181c3dfe19a56c648 100644
--- a/lib/datasource/npm/npmrc.js
+++ b/lib/datasource/npm/npmrc.js
@@ -14,7 +14,7 @@ function getNpmrc() {
return npmrc;
}
-function setNpmrc(input, trustLevel = 'low') {
+function setNpmrc(input) {
if (input) {
if (input === npmrcRaw) {
return;
@@ -27,7 +27,7 @@ function setNpmrc(input, trustLevel = 'low') {
for (const [key, val] of Object.entries(npmrc)) {
// istanbul ignore if
if (
- trustLevel === 'low' &&
+ global.trustLevel !== 'high' &&
key.endsWith('registry') &&
val &&
val.includes('localhost')
@@ -46,7 +46,7 @@ function setNpmrc(input, trustLevel = 'low') {
delete npmrc[key];
}
}
- if (trustLevel !== 'high') {
+ if (global.trustLevel !== 'high') {
return;
}
for (const key in npmrc) {
diff --git a/lib/datasource/npm/releases.js b/lib/datasource/npm/releases.js
index b7e14f324eb2a1054d98b62e1dd46162d950b5c2..cb8ad80849ac0aa7f59bf498b9a2a86ef92b157c 100644
--- a/lib/datasource/npm/releases.js
+++ b/lib/datasource/npm/releases.js
@@ -6,9 +6,8 @@ module.exports = {
};
async function getPkgReleases(purl, config) {
- if (config) {
- const trustLevel = config.global ? config.global.trustLevel : 'low';
- setNpmrc(config.npmrc, trustLevel);
+ if (config && config.npmrc) {
+ setNpmrc(config.npmrc);
}
const res = await getDependency(purl.fullname, global.testNpmRetries);
if (res) {
diff --git a/lib/manager/composer/artifacts.js b/lib/manager/composer/artifacts.js
index 9426f015d798f8898bdd24b84efe443f7c1e6ef0..54d0bf88bbc801cb7468620ea846291000f7eed4 100644
--- a/lib/manager/composer/artifacts.js
+++ b/lib/manager/composer/artifacts.js
@@ -99,7 +99,7 @@ async function getArtifacts(
await fs.outputFile(localAuthFileName, JSON.stringify(authJson));
}
const env =
- config.global && config.global.trustLevel === 'high'
+ global.trustLevel === 'high'
? process.env
: {
HOME: process.env.HOME,
diff --git a/lib/manager/gomod/artifacts.js b/lib/manager/gomod/artifacts.js
index 879d5e5de25e2e326fd98f349f58d3f599cea5b1..ad1f0cc4d524f6a5a91dc6395180293d1fb9960f 100644
--- a/lib/manager/gomod/artifacts.js
+++ b/lib/manager/gomod/artifacts.js
@@ -42,7 +42,7 @@ async function getArtifacts(
await fs.outputFile(localGoSumFileName, existingGoSumContent);
}
const env =
- config.global && config.global.trustLevel === 'high'
+ global.trustLevel === 'high'
? process.env
: {
HOME: process.env.HOME,
diff --git a/lib/manager/npm/extract/index.js b/lib/manager/npm/extract/index.js
index 273729d5218e4f3b36bce9ae0b722eff29168ae8..27fc428af9c356c88bec44ecbcbf66f46a98091d 100644
--- a/lib/manager/npm/extract/index.js
+++ b/lib/manager/npm/extract/index.js
@@ -96,10 +96,7 @@ async function extractPackageFile(content, fileName, config) {
npmrc = npmrc.replace(/(^|\n)package-lock.*?(\n|$)/g, '');
}
if (npmrc) {
- if (
- npmrc.includes('=${') &&
- !(config.global && config.global.trustLevel === 'high')
- ) {
+ if (npmrc.includes('=${') && !(global.trustLevel === 'high')) {
logger.info('Discarding .npmrc file with variables');
npmrc = undefined;
}
diff --git a/lib/manager/npm/post-update/index.js b/lib/manager/npm/post-update/index.js
index 6d877f018f8c84b102b4f9ecba63d5f5013ab195..fb76bb53279ea5351ac2cbd7a6457eea42d90ee3 100644
--- a/lib/manager/npm/post-update/index.js
+++ b/lib/manager/npm/post-update/index.js
@@ -345,7 +345,7 @@ async function getAdditionalFiles(config, packageFiles) {
await fs.ensureDir(process.env.YARN_CACHE_FOLDER);
const env =
- config.global && config.global.trustLevel === 'high'
+ global.trustLevel === 'high'
? process.env
: {
HOME: process.env.HOME,
diff --git a/lib/workers/global/index.js b/lib/workers/global/index.js
index 093a89542fb74107abc2a9851cbf19e890abbde1..a20798b1d1669c06785d0085ee16a688aa68e840 100644
--- a/lib/workers/global/index.js
+++ b/lib/workers/global/index.js
@@ -39,12 +39,14 @@ async function start() {
'Available now for GitLab: [Renovate Pro](https://renovatebot.com/pro) with real-time webhook handling and priority job queue.';
}
// Move global variables that we need to use later
- const importGlobals = ['trustLevel', 'prBanner', 'prFooter'];
+ const importGlobals = ['prBanner', 'prFooter'];
config.global = {};
importGlobals.forEach(key => {
config.global[key] = config[key];
delete config[key];
});
+ global.trustLevel = config.trustLevel || 'low';
+ delete config.trustLevel;
detectRenovateVersion();
// Iterate through repositories sequentially
for (const repository of config.repositories) {
diff --git a/lib/workers/repository/init/apis.js b/lib/workers/repository/init/apis.js
index ebef7106c5b37644f434d2774a650f8e6dbb591c..2e06f5d85fd46cbe27c597a2d1327ec05b06868f 100644
--- a/lib/workers/repository/init/apis.js
+++ b/lib/workers/repository/init/apis.js
@@ -20,10 +20,7 @@ async function initApis(input) {
config = await assignPlatform(config);
config = await getPlatformConfig(config);
npmApi.resetMemCache();
- npmApi.setNpmrc(
- config.npmrc,
- config.global ? config.global.trustLevel : 'low'
- );
+ npmApi.setNpmrc(config.npmrc);
delete config.gitPrivateKey;
return config;
}
diff --git a/lib/workers/repository/init/config.js b/lib/workers/repository/init/config.js
index f9628deae92a30a90cf3360c8cfd182dfe7d1f5f..4c83bc46005f4697dd387ad7c79518ace29c0081 100644
--- a/lib/workers/repository/init/config.js
+++ b/lib/workers/repository/init/config.js
@@ -129,10 +129,7 @@ async function mergeRenovateConfig(config) {
// istanbul ignore if
if (decryptedConfig.npmrc) {
logger.debug('Found npmrc in decrypted config - setting');
- npmApi.setNpmrc(
- decryptedConfig.npmrc,
- config.global ? config.global.trustLevel : 'low'
- );
+ npmApi.setNpmrc(decryptedConfig.npmrc);
}
// Decrypt after resolving in case the preset contains npm authentication instead
const resolvedConfig = decryptConfig(
@@ -146,10 +143,7 @@ async function mergeRenovateConfig(config) {
logger.debug(
'Ignoring any .npmrc files in repository due to configured npmrc'
);
- npmApi.setNpmrc(
- resolvedConfig.npmrc,
- config.global ? config.global.trustLevel : 'low'
- );
+ npmApi.setNpmrc(resolvedConfig.npmrc);
resolvedConfig.ignoreNpmrcFile = true;
}
// istanbul ignore if
diff --git a/test/datasource/npm/index.spec.js b/test/datasource/npm/index.spec.js
index 6a510e17bab5eaecf35137dd5192d3de972b682d..aaad9c4951760e51c14833925dba92094608f9b1 100644
--- a/test/datasource/npm/index.spec.js
+++ b/test/datasource/npm/index.spec.js
@@ -18,6 +18,7 @@ describe('api/npm', () => {
jest.resetAllMocks();
global.repoCache = {};
delete global.testNpmRetries;
+ global.trustLevel = 'low';
npm.resetCache();
npmResponse = {
name: 'foobar',
@@ -354,17 +355,17 @@ describe('api/npm', () => {
nock('https://registry.npmjs.org')
.get('/foobar')
.reply(200, npmResponse);
- npm.setNpmrc('foo=bar');
- const res = await npm.getPkgReleases({ fullname: 'foobar' });
+ const npmrc = 'foo=bar';
+ const res = await npm.getPkgReleases({ fullname: 'foobar' }, { npmrc });
expect(res).toMatchSnapshot();
});
it('should cache package info from npm', async () => {
- npm.setNpmrc('//registry.npmjs.org/:_authToken=abcdefghijklmnopqrstuvwxyz');
nock('https://registry.npmjs.org')
.get('/foobar')
.reply(200, npmResponse);
- const res1 = await npm.getPkgReleases({ fullname: 'foobar' });
- const res2 = await npm.getPkgReleases({ fullname: 'foobar' });
+ const npmrc = '//registry.npmjs.org/:_authToken=abcdefghijklmnopqrstuvwxyz';
+ const res1 = await npm.getPkgReleases({ fullname: 'foobar' }, { npmrc });
+ const res2 = await npm.getPkgReleases({ fullname: 'foobar' }, { npmrc });
expect(res1).not.toBe(null);
expect(res1).toEqual(res2);
});
@@ -378,11 +379,10 @@ describe('api/npm', () => {
nock('https://npm.mycustomregistry.com')
.get('/foobar')
.reply(200, npmResponse);
- npm.setNpmrc(
+ const npmrc =
'registry=https://npm.mycustomregistry.com/\n//npm.mycustomregistry.com/:_auth = ' +
- Buffer.from('abcdef').toString('base64')
- );
- const res = await npm.getPkgReleases({ fullname: 'foobar' });
+ Buffer.from('abcdef').toString('base64');
+ const res = await npm.getPkgReleases({ fullname: 'foobar' }, { npmrc });
expect(res).toMatchSnapshot();
});
it('should replace any environment variable in npmrc', async () => {
@@ -390,16 +390,18 @@ describe('api/npm', () => {
.get('/foobar')
.reply(200, npmResponse);
process.env.REGISTRY = 'https://registry.from-env.com';
+ global.trustLevel = 'high';
// eslint-disable-next-line no-template-curly-in-string
- npm.setNpmrc('registry=${REGISTRY}', 'high');
- const res = await npm.getPkgReleases({ fullname: 'foobar' });
+ const npmrc = 'registry=${REGISTRY}';
+ const res = await npm.getPkgReleases({ fullname: 'foobar' }, { npmrc });
expect(res).toMatchSnapshot();
});
it('should throw error if necessary env var is not present', () => {
let e;
try {
+ global.trustLevel = 'high';
// eslint-disable-next-line no-template-curly-in-string
- npm.setNpmrc('registry=${REGISTRY_MISSING}', 'high');
+ npm.setNpmrc('registry=${REGISTRY_MISSING}');
} catch (err) {
e = err;
}