From 8a8e5c8fed56c4a2e7440b48d4b4a03d65c662bb Mon Sep 17 00:00:00 2001
From: Rhys Arkins <rhys@arkins.net>
Date: Fri, 16 Nov 2018 12:21:48 +0100
Subject: [PATCH] refactor: warn if localhost registry detected

---
 lib/datasource/npm.js | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/lib/datasource/npm.js b/lib/datasource/npm.js
index 0673fcecc0..f99bd648d3 100644
--- a/lib/datasource/npm.js
+++ b/lib/datasource/npm.js
@@ -66,6 +66,15 @@ function setNpmrc(input, trustLevel = 'low') {
     npmrc = ini.parse(input);
     // massage _auth to _authToken
     for (const [key, val] of Object.entries(npmrc)) {
+      // istanbul ignore if
+      if (
+        trustLevel === 'low' &&
+        key.endsWith('registry') &&
+        val &&
+        val.includes('localhost')
+      ) {
+        logger.warn({ key, val }, 'Detected localhost registry');
+      }
       if (key !== '_auth' && key.endsWith('_auth') && isBase64(val)) {
         logger.debug('Massaging _auth to _authToken');
         npmrc[key + 'Token'] = val;
-- 
GitLab