fix: log redacted auth details if npm lookup fails

a6094049 · Rhys Arkins · 8ca30e5b · a6094049 · a6094049
Commit a6094049 authored 7 years ago by Rhys Arkins
--- a/lib/datasource/npm.js
+++ b/lib/datasource/npm.js
@@ -31,6 +31,16 @@ function resetCache() {
  resetMemCache();
 }

+function maskToken(token) {
+  // istanbul ignore if
+  if (!token) {
+    return token;
+  }
+  return `${token.substring(0, 2)}${new Array(token.length - 3).join(
+    '*'
+  )}${token.slice(-2)}`;
+}
+
 function setNpmrc(input, exposeEnv = false) {
  logger.debug('setNpmrc()');
  if (input) {
@@ -39,10 +49,7 @@ function setNpmrc(input, exposeEnv = false) {
    // istanbul ignore if
    if (npmrc && npmrc[tokenKey]) {
      const token = npmrc[tokenKey];
-      const maskedToken = `${token.substring(0, 2)}${new Array(
-        token.length - 3
-      ).join('*')}${token.slice(-2)}`;
-      logger.debug(`Setting authToken to ${maskedToken}`);
+      logger.debug(`Setting authToken to ${maskToken(token)}`);
    }
    if (!exposeEnv) {
      return;
@@ -150,7 +157,14 @@ async function getDependency(name, retries = 5) {
  } catch (err) {
    if (err.statusCode === 401 || err.statusCode === 403) {
      logger.info(
-        { err, statusCode: err.statusCode, name },
+        {
+          pkgUrl,
+          authInfoType: authInfo ? authInfo.type : undefined,
+          authInfoToken: authInfo ? maskToken(authInfo.token) : undefined,
+          err,
+          statusCode: err.statusCode,
+          name,
+        },
        `Dependency lookup failure: unauthorized`
      );
      return null;

--- a/test/manager/npm/registry.spec.js
+++ b/test/manager/npm/registry.spec.js
@@ -187,6 +187,7 @@ describe('api/npm', () => {
    expect(res).toMatchSnapshot();
  });
  it('should cache package info from npm', async () => {
+    npm.setNpmrc('//registry.npmjs.org/:_authToken=abcdefghijklmnopqrstuvwxyz');
    nock('https://registry.npmjs.org')
      .get('/foobar')
      .reply(200, npmResponse);