-
Notifications
You must be signed in to change notification settings - Fork 7.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(core): Allow overriding npm registry for community packages #10325
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do you know of an alternate registry with community packages so I can test this?
We could publish a test package to the Github NPM registry |
I thought this was tested. Or because it's a security fix we need to merge this urgently? |
I did test it with a local verdaccio. |
Sorry, I'm not familiar with either of those registries, so I'll have to come back later to see how to set them up to test this properly. Let me know if you need this merged anyway. |
To test this:
everything should work just as it did before, but you can see the proxy calls in the container logs. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Tested and working. Pending internal discussion.
Test summaryRun details
This comment has been generated by cypress-bot as a result of this project's GitHub integration settings. You can manage this integration in this project's settings in the Cypress Cloud |
✅ All Cypress E2E specs passed |
a80f96d
to
27c05b0
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
💎
✅ All Cypress E2E specs passed |
* master: (98 commits) feat(core): Allow overriding npm registry for community packages (#10325) feat(core): Upgrade DB drivers (no-changelog) (#10370) fix(editor): Fix bug causing workflow debugging to not work in new canvas (no-changelog) (#10384) fix: Fix issue with some errors not being handled correctly (no-changelog) (#10371) fix(core): Filter out prototype and constructor lookups in expressions (#10382) fix(editor): Connect up new project viewer role to the FE (#9913) refactor(core): Move queue recovery to scaling service (no-changelog) (#10368) fix(core): Account for owner when filtering by project ID in `GET /workflows` in Public API (#10379) fix(editor): Fix rendering of SVG icons in public chat on iOS (#10381) fix: Require mfa code to disable mfa (#10345) ci: Disable turbo cache when running tests for coverage collection (no-changelog) (#10380) refactor(editor): Add typed event bus (no-changelog) (#10367) refactor(core): Remove unused constants in Redis channels (no-changelog) (#10369) fix(editor): Revert change that hid swagger docs in the ui (#10350) fix(Okta Node): Add missing codex file (no-changelog) (#10372) fix(core): Fix worker shutdown errors when active executions (#10353) refactor(core): Rename ActiveWebhooks to LiveWebhooks (no-changelog) (#10355) fix(n8n Form Trigger Node): Fix issue preventing v1 node from working (#10364) feat(editor): Upgrade markdown-it to address AIKIDO-2024-10034 (no-changelog) (#10358) ci: Upgrade axios to address CVE-2024-39338 (no-changelog) (#10365) ... # Conflicts: # packages/design-system/package.json
Got released with |
Summary
This PR adds the option to override npm registry for installing community packages.
This also works as a security fix against a compromised
.npmrc
, by being explicitly using--registry
in allnpm install
commands.Docs PR
Related Linear tickets, Github issues, and Community forum posts
SEC-59
Review / Merge checklist