vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-04-03 05:12:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: validate npm dist-tag auth before publish

Browse Source
This commit is contained in:
Peter Steinberger
2026-04-01 19:38:13 +01:00
parent b24961c5d1
commit 8f617bf4d7
1 changed files with 14 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
scripts/openclaw-npm-publish.sh
View File

@@ -75,6 +75,20 @@ if [[ -n "${mirror_dist_tags_csv}" && -z "${mirror_auth_token}" ]]; then
exit 1
fi
if [[ -n "${mirror_dist_tags_csv}" ]]; then
mirror_userconfig="$(mktemp)"
trap 'rm -f "${mirror_userconfig}"' EXIT
chmod 0600 "${mirror_userconfig}"
printf '%s\n' "//registry.npmjs.org/:_authToken=${mirror_auth_token}" > "${mirror_userconfig}"
echo "Validating npm auth for dist-tag mirroring"
if ! NPM_CONFIG_USERCONFIG="${mirror_userconfig}" npm whoami >/dev/null; then
echo "npm dist-tag auth is invalid; refusing publish before latest/beta diverge." >&2
echo "Rotate or replace NODE_AUTH_TOKEN/NPM_TOKEN, then rerun the release workflow." >&2
exit 1
fi
fi
printf 'Publish command:'
printf ' %q' "${publish_cmd[@]}"
printf '\n'
@@ -82,11 +96,6 @@ printf '\n'
"${publish_cmd[@]}"
if [[ -n "${mirror_dist_tags_csv}" ]]; then
mirror_userconfig="$(mktemp)"
trap 'rm -f "${mirror_userconfig}"' EXIT
chmod 0600 "${mirror_userconfig}"
printf '%s\n' "//registry.npmjs.org/:_authToken=${mirror_auth_token}" > "${mirror_userconfig}"
IFS=',' read -r -a mirror_dist_tags <<< "${mirror_dist_tags_csv}"
for dist_tag in "${mirror_dist_tags[@]}"; do
[[ -n "${dist_tag}" ]] || continue