1'use strict' 2var test = require('tap').test 3var common = require('../common-tap.js') 4var basepath = common.pkg 5var Tacks = require('tacks') 6var File = Tacks.File 7var Dir = Tacks.Dir 8 9var fixture = new Tacks( 10 Dir({ 11 README: File( 12 'just an npm test\n' 13 ), 14 'package.json': File({ 15 name: 'npm-test-no-auth-leak', 16 version: '0.0.0', 17 scripts: { 18 test: 'node test.js' 19 } 20 }), 21 '.npmrc': File( 22 'auth=abc', 23 'authCrypt=def', 24 'password=xyz', 25 '//registry.npmjs.org/:_authToken=nopenope' 26 ), 27 'test.js': File( 28 'var authTokenKeys = Object.keys(process.env)\n' + 29 ' .filter(function (key) { return /authToken/.test(key) })\n' + 30 'console.log(JSON.stringify({\n' + 31 ' password: process.env.npm_config__password || null,\n' + 32 ' auth: process.env.npm_config__auth || null,\n' + 33 ' authCrypt: process.env.npm_config__authCrypt || null ,\n' + 34 ' authToken: authTokenKeys && process.env[authTokenKeys[0]] || null\n' + 35 '}))' 36 ) 37 }) 38) 39 40test('setup', function (t) { 41 setup() 42 t.done() 43}) 44 45test('no-auth-leak', function (t) { 46 common.npm(['test'], {cwd: basepath}, function (err, code, stdout, stderr) { 47 if (err) throw err 48 t.is(code, 0, 'test ran ok') 49 if (stderr) console.log(stderr) 50 var matchResult = /^[^{]*(\{(?:.|\n)*\})[^}]*$/ 51 t.like(stdout, matchResult, 'got results with a JSON chunk in them') 52 var stripped = stdout.replace(matchResult, '$1') 53 var result = JSON.parse(stripped) 54 t.is(result.password, null, 'password') 55 t.is(result.auth, null, 'auth') 56 t.is(result.authCrypt, null, 'authCrypt') 57 t.is(result.authToken, null, 'authToken') 58 t.end() 59 }) 60}) 61 62test('cleanup', function (t) { 63 cleanup() 64 t.done() 65}) 66 67function setup () { 68 cleanup() 69 fixture.create(basepath) 70} 71 72function cleanup () { 73 fixture.remove(basepath) 74} 75