ember-cli-update icon indicating copy to clipboard operation
ember-cli-update copied to clipboard

Published 20 hours ago verified publisher icon ember-cli

Pick up npm config for alternative npm registries, custom ca, etc.

Open jedateach opened this issue 5 months ago • 2 comments

Unfortunately embrer-cli-update won't work in environments that rely on customising the npm registry. I feel Ember is a good option for enterprises, which are often in this situation of using an internal mirror registry. It would be great to smooth the Ember upgrade experience by being able to use this tool.

Two issues here:

  • using wrong registry
  • not picking up custom CA certs
❯ ember-cli-update --to 4.12
FetchError: request to https://registry.npmjs.org/ember-cli failed, reason: self-signed certificate in certificate chain
    at ClientRequest.<anonymous> (/<redacted global path>/node_modules/ember-cli-update/node_modules/minipass-fetch/lib/index.js:130:14)
    at ClientRequest.emit (node:events:517:28)
    at TLSSocket.socketErrorListener (node:_http_client:501:9)
    at TLSSocket.emit (node:events:517:28)
    at emitErrorNT (node:internal/streams/destroy:151:8)
    at emitErrorCloseNT (node:internal/streams/destroy:116:3)
    at process.processTicksAndRejections (node:internal/process/task_queues:82:21) {
  code: 'SELF_SIGNED_CERT_IN_CHAIN',
  errno: 'SELF_SIGNED_CERT_IN_CHAIN',
  type: 'system'
}

I assume the best way for this tool to work is that it is aware of npm config, however that is passed to npm. (env, flags, npmrc)

Hacky solution

I have cobbled together a solution that uses npm-conf to grab the npm configuration and pass it into the various pacote methods' opts param.

In boilerplate-update I also modified these functions to take an opts arg to pass to pacote: downloadAndCheckForUpdates getApplicableCodemods getCodemods getVersions.

It sort of works, but doesn't feel like the most elegant design.

Considering something more ideal

It would be nice if pacote could be configured to pick up npm config out of the box.

Maybe, as an interim, pacote could be wrapped/proxied within boilerplate-update to pick up npm config when necessary. Expose that same proxy for ember-cli-update to make use of. This should require less changes to the various method signatures within ember-cli-update and boilerplate-update

Then there's npm-conf not npm official, and not well maintained, but has significant use. To me, this still feels hacky, and really there should be some module npm relies on that we can also rely on for picking up npm config.

What do you reckon @kellyselden? Is there a better approach you're aware of?

jedateach avatar Aug 29 '24 21:08 jedateach