Fix Dependabot npm registry context#96
Conversation
Signed-off-by: Bernardo Donadio <bcdonadio@bcdonadio.com>
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Organization UI Review profile: ASSERTIVE Plan: Pro Run ID: 📒 Files selected for processing (1)
📜 Recent review details⏰ Context from checks skipped due to timeout. (5)
🔇 Additional comments (1)
📝 WalkthroughSummary by CodeRabbit
WalkthroughThe PR adds an ChangesNPM registry configuration
Estimated code review effort🎯 1 (Trivial) | ⏱️ ~2 minutes Poem
🚥 Pre-merge checks | ✅ 4✅ Passed checks (4 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
There was a problem hiding this comment.
Pull request overview
This PR fixes Dependabot’s npm registry context by checking in a repo-level .npmrc that explicitly sets the default npm registry to the public npm registry, avoiding unintended routing/credential expectations for GitHub Packages.
Changes:
- Add a checked-in
.npmrcwithregistry=https://registry.npmjs.org/to provide explicit registry context for npm tooling (including Dependabot).
Codecov Report✅ All modified and coverable lines are covered by tests. 📢 Thoughts on this report? Let us know! |
Summary
Add a checked-in
.npmrcthat declares the public npm registry for this package.Root Cause
The latest Dependabot Updates run failed before it could process the open security updates. Dependabot automatically added a GitHub Packages credential for
npm.pkg.github.com, but this repository did not have package-manager registry context via.npmrcor explicit npm registry routing. The run aborted withprivate_registry_config_not_foundfornpm.pkg.github.com.The current lockfile resolves npm packages from
https://registry.npmjs.org/, so the narrow fix is to make that registry explicit for npm rather than routing all npm traffic through GitHub Packages.Validation
npm config get registry.github/dependabot.ymlwithjs-yamlnpm cinpm run buildnpm test