buf icon indicating copy to clipboard operation
buf copied to clipboard
verified publisher icon bufbuild

buf registry login should update .npmrc

Open johanbrandhorst opened this issue 3 years ago • 4 comments

With the upcoming release of the BSR npm registry, we should make buf registry login automatically add/update credentials for the relevant registry in ~/.npmrc. The structure of credentials in this file are as follows:

//<REGISTRY_HOSTNAME>:_authToken=<TOKEN>

We should support both adding and updating credentials matching the provided hostname, so we may need some clever regular expression.

See https://docs.npmjs.com/using-private-packages-in-a-ci-cd-workflow#create-and-check-in-a-project-specific-npmrc-file for more information on the format (not much).

It may be possible to mutate the config file using the npm config commands.

johanbrandhorst avatar Feb 04 '22 19:02 johanbrandhorst

If we don't want this to write the token unconditionally, we could look for npm on the path to decide whether to write it.

johanbrandhorst avatar Feb 04 '22 20:02 johanbrandhorst

It's worth noting that the credentials above are not enough to install something from the BSR npm registry. NPM will also need to be told that package names starting with @buf/ should be routed to that registry hostname (second line):

//npm.buf.build:_authToken=<TOKEN>
@buf:registry=https://npm.buf.build

Yes, it's possible to set those values via npm.

Yarn is actually pretty popular, but unfortunately started using a different configuration format in v2.

timostamm avatar Feb 04 '22 21:02 timostamm 

npm login --registry=https://npm.buf.build --scope=@buf

This seems a really useful oneliner, maybe with this we can skip this issue altogether and just document this?

johanbrandhorst avatar Feb 04 '22 21:02 johanbrandhorst

False alarm, that cannot be used unless we implement an obscure login endpoint on the NPM registry side, so lets skip that for now.

johanbrandhorst avatar Feb 04 '22 22:02 johanbrandhorst

@timostamm is this still relevant / do we have any plans for this? I noticed the docs outline the steps manually (link).

amckinney avatar Aug 10 '22 23:08 amckinney

We do not have any plans for this ATM. The issue with creating/updating ~/.npmrc is that the alternative package manager Yarn (actually more popular than npm) uses a different configuration file, so we would only improve the experience for a subset of a subset of our users.

I think we are better off closing this, and perhaps revisit implementing the login endpoint (opened BSR-461 for this).

timostamm avatar Aug 11 '22 11:08 timostamm