Gar

Wow, thank you for taking the time to make this PR, there's quite a bit here. I don't have time this instant to review it but wanted to comment real...

Thanks for your patience, I finally have some time to outline what I think is difficult about this bug: Adding a check `onPreResponse` sort of defeats the purpose of having...

Perhaps it is time to think about separating the idea of authorized and unauthorized requests. As it stands now I don't see how I could limit a route based on...

Wow, two pull requests! Thank you for taking this time to write these. The reason IP whitelisting was not added to the path checks is because I had only been...

I agree it would be clearer if there was a distinction between IP and Authenticated user. In hindsight making the IP be the "fallback" to user was a poor choice...

No it's not currently possible. It seems like a worthwhile addition and I would be happy to discuss/design that feature but I would not have the time to implement it...

Adding a `getIPFromRequest` makes the most sense. This module doesn't really have much of my attention lately but I'd be happy to review any PR you make adding this.

No the forced color output in tests is much deeper than that. I spent a few days on it. Ended up with a failed [draft PR](https://github.com/npm/cli/pull/4689) about a month ago...

> `--no-tag` still seems like the best option; i doubt anyone's relying on that producing a `false` dist-tag (are there any packages with one in the registry?) We can't audit...

This is an important update from a previous request to run scripts in topological order https://github.com/npm/cli/issues/3034#issuecomment-885290017