Skip to content

fix(publish) Support split npmrc auth for publish #26178

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
gavinhailey wants to merge 5 commits into
base: main
Choose a base branch
from
Open

fix(publish) Support split npmrc auth for publish #26178

gavinhailey wants to merge 5 commits into from
+91 −1

Conversation

@gavinhailey
Copy link

@gavinhailey gavinhailey commented Jan 17, 2026
edited
Loading

What does this PR do?

Fixes bun publish failing with "error: missing authentication" despite valid .npmrc credentials, while bun install and npm publish both work fine with the same configuration. Updates the auth check to accept the registry.auth and registry.user combination that gets set.

This specifically affects split username/password authentication like:

//registry.example.com/:username=myuser
//registry.example.com/:_password=base64encodedpass

Related Issues

How did you verify your code works?

New auth tests in test/cli/install/bun-publish.test.ts, four new tests verify different .npmrc authentication formats:

  • Split username/password with default registry (fails on current release)
  • Split username/password with scoped registry (fails on current release)
  • Split _authToken with default registry (already worked, but expanded coverage)
  • Split _authToken with scoped registry (already worked, but expanded coverage)

Manual testing with debug release:

Tested publishing to a private JFrog Artifactory registry using split username/password in .npmrc:

@scope:registry=https://registry.example.com/npm/
//registry.example.com/npm/:username=myuser
//registry.example.com/npm/:_password=YmFzZTY0ZW5jb2RlZHBhc3M=

Before fix: ❌ error: missing authentication
After fix: ✅ + @scope/abcefg@0.1.0-rc.0

@gavinhailey gavinhailey changed the title fix split auth for publish fix(publish) Support split npmrc auth for publish Jan 17, 2026
@coderabbitai
Copy link
Contributor

coderabbitai bot commented Jan 17, 2026
edited
Loading

Walkthrough

Broadened the authentication condition in PublishCommand.publish to require missing token, auth, and user (plus incomplete URL-embedded credentials). Added tests covering split npmrc authentication formats (username/password and _authToken) for scoped and unscoped registries against Verdaccio.

Changes

Cohort / File(s) Summary
Publish command logic
src/cli/publish_command.zig		 Adjusted authentication-check logic: NeedAuth now triggers only when token, auth, and user are all absent and URL-embedded credentials are incomplete (+2/-1).
Publish tests (split npmrc auth)
test/cli/install/bun-publish.test.ts		 Added test suite validating four split npmrc authentication formats (username/password and _authToken, each with scoped and unscoped registry cases) against a Verdaccio registry (+89/-0).

Possibly related PRs

Suggested reviewers

  • dylan-conway
🚥 Pre-merge checks | ✅ 2
✅ Passed checks (2 passed)
Check name Status Explanation
Title check ✅ Passed The title clearly identifies the main change: fixing bun publish to support split npmrc authentication, which directly matches the core objective of the PR.
Description check ✅ Passed The description fully covers both required template sections with clear explanations of the problem, solution, related issues, and comprehensive verification through multiple test scenarios and manual testing.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

coderabbitai[bot]
coderabbitai bot reviewed Jan 17, 2026
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

🤖 Fix all issues with AI agents 
In `@src/cli/publish_command.zig`:
- Around line 537-539: The auth gate in publish_command.zig incorrectly requires
both registry.auth and registry.user to be set, causing false NeedAuth errors
when legacy _auth populates only registry.auth; update the condition so it
accepts any of: registry.token non-empty, registry.auth non-empty OR
registry.user non-empty, or URL-embedded credentials
(registry.url.username/registry.url.password), i.e., check registry.auth.len > 0
|| registry.user.len > 0 rather than requiring both; ensure this logic aligns
with constructPublishHeaders which already uses registry.auth.

In `@test/cli/install/bun-publish.test.ts`:
- Around line 1014-1018: Reorder the assertions in the test so stdout/stderr
expectations run before checking the process exit code: move the
expect(out).toContain(`+ ${format.packageName}@1.0.0`) and
expect(err).not.toContain("missing authentication") to precede
expect(exitCode).toBe(0) in the test that calls publish(env, packageDir)
(variables: out, err, exitCode, and helper publish).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@gavinhailey