cli icon indicating copy to clipboard operation
cli copied to clipboard
verified publisher icon semantic-release

npm passwords not stored on keychain per registry

Open kbrandwijk opened this issue 8 years ago • 3 comments

Changing this will be a breaking change, as existing saved NPM password would no longer be found, if we add a prefix. Alternative would be to not use a prefix for the default registry. Although this wouldn't make it breaking, it would make it ugly.

Proposal: read with and without prefix for default registry, always store with prefix. That way, the 'read without prefix' part can be removed at a later stage, when most people have already used the CLI once, so it will affect less users.

kbrandwijk avatar Jan 07 '18 06:01 kbrandwijk

How about this: for some time we leave in the code that reats out the npm password without a prefix. If it finds it, it writes it back with the prefix and logs a deprecation warning / info.

An alternative would be to release a migration CLI tool that people can run once with npx? Not sure if that would be possible?

gr2m avatar Jan 07 '18 19:01 gr2m

@gr2m I think we are both proposing the same solution. 👍

kbrandwijk avatar Jan 07 '18 20:01 kbrandwijk

lol sorry I missed that :)

gr2m avatar Jan 07 '18 21:01 gr2m