cli icon indicating copy to clipboard operation
cli copied to clipboard
verified publisher icon npm

feat: add support for optional env var replacements in .npmrc

Open aczekajski opened this issue 6 months ago • 1 comments

This solves problem described in #8335 in a backwards-compatible way.

This PR adds possibility to have env var replacements in .npmrc configs written as ${VAR?} which will cause them to get replaced with an empty string if the variable is not defined. Old behavior where undefined variables are left unreplaced is not changed.

References

Fixes #8335

aczekajski avatar Jun 12 '25 13:06 aczekajski

I know linting checks for this but I also manually validated via https://devina.io/redos-checker

redos check for new regex changes showing there is no redos vulnerability

wraithgar avatar Jun 12 '25 16:06 wraithgar

@aczekajski any update on this PR? thank you for your work on it

alexsch01 avatar Sep 02 '25 16:09 alexsch01

@alexsch01 I completely forgot about the change suggestions waiting for my action, sorry. Gonna have a look at them soon! Thank you for the reminder ^^

aczekajski avatar Sep 03 '25 04:09 aczekajski

@alexsch01 @owlstronaut I commited the suggested changes so I believe the PR is ready for review.

aczekajski avatar Sep 03 '25 13:09 aczekajski