* first action! (#1)

node_modules/registry-auth-token/.npmignore

@@ -0,0 +1,6 @@
+.editorconfig
+.eslintignore
+.eslintrc
+.travis.yml
+npm-debug.log
+coverage

node_modules/registry-auth-token/CHANGELOG.md

@@ -0,0 +1,122 @@
+# Change Log
+
+All notable changes will be documented in this file.
+
+## [4.0.0] - 2019-06-17
+
+### BREAKING
+
+- Minimum node.js version requirement is now v6
+
+### Changes
+
+- Upgraded dependencies (Espen Hovlandsdal)
+
+## [3.4.0] - 2019-03-20
+
+### Changes
+
+- Enabled legacy auth token to be read from environment variable (Martin Flodin)
+
+## [3.3.2] - 2018-01-26
+
+### Changes
+
+- Support password with ENV variable tokens (Nowell Strite)
+
+## [3.3.1] - 2017-05-02
+
+### Fixes
+
+- Auth legacy token is basic auth (Hutson Betts)
+
+## [3.3.0] - 2017-04-24
+
+### Changes
+
+- Support legacy auth token config key (Zoltan Kochan)
+- Use safe-buffer module for backwards-compatible base64 encoding/decoding (Espen Hovlandsdal)
+- Change to standard.js coding style (Espen Hovlandsdal)
+
+## [3.2.0] - 2017-04-20
+
+### Changes
+
+- Allow passing parsed npmrc from outside (Zoltan Kochan)
+
+## [3.1.2] - 2017-04-07
+
+### Changes
+
+- Avoid infinite loop on invalid URL (Zoltan Kochan)
+
+## [3.1.1] - 2017-04-06
+
+### Changes
+
+- Nerf-dart URLs even if recursive is set to false (Espen Hovlandsdal)
+
+## [3.1.0] - 2016-10-19
+
+### Changes
+
+- Return the password and username for Basic authorization (Zoltan Kochan)
+
+## [3.0.1] - 2016-08-07
+
+### Changes
+
+- Fix recursion bug (Lukas Eipert)
+- Implement alternative base64 encoding/decoding implementation for Node 6 (Lukas Eipert)
+
+## [3.0.0] - 2016-08-04
+
+### Added
+
+- Support for Basic Authentication (username/password) (Lukas Eipert)
+
+### Changes
+
+- The result format of the output changed from a simple string to an object which contains the token type
+
+```js
+  // before: returns 'tokenString'
+  // after: returns {token: 'tokenString', type: 'Bearer'}
+  getAuthToken()
+```
+
+## [2.1.1] - 2016-07-10
+
+### Changes
+
+- Fix infinite loop when recursively resolving registry URLs on Windows (Espen Hovlandsdal)
+
+## [2.1.0] - 2016-07-07
+
+### Added
+
+- Add feature to find configured registry URL for a scope (Espen Hovlandsdal)
+
+## [2.0.0] - 2016-06-17
+
+### Changes
+
+- Fix tokens defined by reference to environment variables (Dan MacTough)
+
+## [1.1.1] - 2016-04-26
+
+### Changes
+
+- Fix for registries with port number in URL (Ryan Day)
+
+[1.1.1]: https://github.com/rexxars/registry-auth-token/compare/a5b4fe2f5ff982110eb8a813ba1b3b3c5d851af1...v1.1.1
+[2.0.0]: https://github.com/rexxars/registry-auth-token/compare/v1.1.1...v2.0.0
+[2.1.0]: https://github.com/rexxars/registry-auth-token/compare/v2.0.0...v2.1.0
+[2.1.1]: https://github.com/rexxars/registry-auth-token/compare/v2.1.0...v2.1.1
+[3.0.0]: https://github.com/rexxars/registry-auth-token/compare/v2.1.1...v3.0.0
+[3.0.1]: https://github.com/rexxars/registry-auth-token/compare/v3.0.0...v3.0.1
+[3.1.0]: https://github.com/rexxars/registry-auth-token/compare/v3.0.1...v3.1.0
+[3.1.1]: https://github.com/rexxars/registry-auth-token/compare/v3.1.0...v3.1.1
+[3.1.2]: https://github.com/rexxars/registry-auth-token/compare/v3.1.1...v3.1.2
+[3.2.0]: https://github.com/rexxars/registry-auth-token/compare/v3.1.2...v3.2.0
+[3.3.0]: https://github.com/rexxars/registry-auth-token/compare/v3.2.0...v3.3.0

node_modules/registry-auth-token/LICENSE

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2016 Espen Hovlandsdal
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

node_modules/registry-auth-token/README.md

@@ -0,0 +1,65 @@
+# registry-auth-token
+
+[![npm version](http://img.shields.io/npm/v/registry-auth-token.svg?style=flat-square)](http://browsenpm.org/package/registry-auth-token)[![Build Status](http://img.shields.io/travis/rexxars/registry-auth-token/master.svg?style=flat-square)](https://travis-ci.org/rexxars/registry-auth-token)
+
+Get the auth token set for an npm registry from `.npmrc`. Also allows fetching the configured registry URL for a given npm scope.
+
+## Installing
+
+```
+npm install --save registry-auth-token
+```
+
+## Usage
+
+Returns an object containing `token` and `type`, or `undefined` if no token can be found. `type` can be either `Bearer` or `Basic`.
+
+```js
+var getAuthToken = require('registry-auth-token')
+var getRegistryUrl = require('registry-auth-token/registry-url')
+
+// Get auth token and type for default `registry` set in `.npmrc`
+console.log(getAuthToken()) // {token: 'someToken', type: 'Bearer'}
+
+// Get auth token for a specific registry URL
+console.log(getAuthToken('//registry.foo.bar'))
+
+// Find the registry auth token for a given URL (with deep path):
+// If registry is at `//some.host/registry`
+// URL passed is `//some.host/registry/deep/path`
+// Will find token the closest matching path; `//some.host/registry`
+console.log(getAuthToken('//some.host/registry/deep/path', {recursive: true}))
+
+// Find the configured registry url for scope `@foobar`.
+// Falls back to the global registry if not defined.
+console.log(getRegistryUrl('@foobar'))
+
+// Use the npm config that is passed in
+console.log(getRegistryUrl('http://registry.foobar.eu/', {
+  npmrc: {
+    'registry': 'http://registry.foobar.eu/',
+    '//registry.foobar.eu/:_authToken': 'qar'
+  }
+}))
+```
+
+## Return value
+
+```js
+// If auth info can be found:
+{token: 'someToken', type: 'Bearer'}
+
+// Or:
+{token: 'someOtherToken', type: 'Basic'}
+
+// Or, if nothing is found:
+undefined
+```
+
+## Security
+
+Please be careful when using this. Leaking your auth token is dangerous.
+
+## License
+
+MIT-licensed. See LICENSE.

node_modules/registry-auth-token/base64.js

@@ -0,0 +1,14 @@
+const safeBuffer = require('safe-buffer').Buffer
+
+function decodeBase64 (base64) {
+  return safeBuffer.from(base64, 'base64').toString('utf8')
+}
+
+function encodeBase64 (string) {
+  return safeBuffer.from(string, 'utf8').toString('base64')
+}
+
+module.exports = {
+  decodeBase64: decodeBase64,
+  encodeBase64: encodeBase64
+}

node_modules/registry-auth-token/index.js

@@ -0,0 +1,123 @@
+var url = require('url')
+var base64 = require('./base64')
+
+var decodeBase64 = base64.decodeBase64
+var encodeBase64 = base64.encodeBase64
+
+var tokenKey = ':_authToken'
+var userKey = ':username'
+var passwordKey = ':_password'
+
+module.exports = function () {
+  var checkUrl
+  var options
+  if (arguments.length >= 2) {
+    checkUrl = arguments[0]
+    options = arguments[1]
+  } else if (typeof arguments[0] === 'string') {
+    checkUrl = arguments[0]
+  } else {
+    options = arguments[0]
+  }
+  options = options || {}
+  options.npmrc = options.npmrc || require('rc')('npm', { registry: 'https://registry.npmjs.org/' })
+  checkUrl = checkUrl || options.npmrc.registry
+  return getRegistryAuthInfo(checkUrl, options) || getLegacyAuthInfo(options.npmrc)
+}
+
+function getRegistryAuthInfo (checkUrl, options) {
+  var parsed = url.parse(checkUrl, false, true)
+  var pathname
+
+  while (pathname !== '/' && parsed.pathname !== pathname) {
+    pathname = parsed.pathname || '/'
+
+    var regUrl = '//' + parsed.host + pathname.replace(/\/$/, '')
+    var authInfo = getAuthInfoForUrl(regUrl, options.npmrc)
+    if (authInfo) {
+      return authInfo
+    }
+
+    // break if not recursive
+    if (!options.recursive) {
+      return /\/$/.test(checkUrl)
+        ? undefined
+        : getRegistryAuthInfo(url.resolve(checkUrl, '.'), options)
+    }
+
+    parsed.pathname = url.resolve(normalizePath(pathname), '..') || '/'
+  }
+
+  return undefined
+}
+
+function getLegacyAuthInfo (npmrc) {
+  if (!npmrc._auth) {
+    return undefined
+  }
+
+  var token = replaceEnvironmentVariable(npmrc._auth)
+
+  return { token: token, type: 'Basic' }
+}
+
+function normalizePath (path) {
+  return path[path.length - 1] === '/' ? path : path + '/'
+}
+
+function getAuthInfoForUrl (regUrl, npmrc) {
+  // try to get bearer token
+  var bearerAuth = getBearerToken(npmrc[regUrl + tokenKey] || npmrc[regUrl + '/' + tokenKey])
+  if (bearerAuth) {
+    return bearerAuth
+  }
+
+  // try to get basic token
+  var username = npmrc[regUrl + userKey] || npmrc[regUrl + '/' + userKey]
+  var password = npmrc[regUrl + passwordKey] || npmrc[regUrl + '/' + passwordKey]
+  var basicAuth = getTokenForUsernameAndPassword(username, password)
+  if (basicAuth) {
+    return basicAuth
+  }
+
+  return undefined
+}
+
+function replaceEnvironmentVariable (token) {
+  return token.replace(/^\$\{?([^}]*)\}?$/, function (fullMatch, envVar) {
+    return process.env[envVar]
+  })
+}
+
+function getBearerToken (tok) {
+  if (!tok) {
+    return undefined
+  }
+
+  // check if bearer token is set as environment variable
+  var token = replaceEnvironmentVariable(tok)
+
+  return { token: token, type: 'Bearer' }
+}
+
+function getTokenForUsernameAndPassword (username, password) {
+  if (!username || !password) {
+    return undefined
+  }
+
+  // passwords are base64 encoded, so we need to decode it
+  // See https://github.com/npm/npm/blob/v3.10.6/lib/config/set-credentials-by-uri.js#L26
+  var pass = decodeBase64(replaceEnvironmentVariable(password))
+
+  // a basic auth token is base64 encoded 'username:password'
+  // See https://github.com/npm/npm/blob/v3.10.6/lib/config/get-credentials-by-uri.js#L70
+  var token = encodeBase64(username + ':' + pass)
+
+  // we found a basicToken token so let's exit the loop
+  return {
+    token: token,
+    type: 'Basic',
+    password: pass,
+    username: username
+  }
+}

node_modules/registry-auth-token/package.json

@@ -0,0 +1,77 @@
+{
+  "_from": "registry-auth-token@^4.0.0",
+  "_id": "registry-auth-token@4.0.0",
+  "_inBundle": false,
+  "_integrity": "sha512-lpQkHxd9UL6tb3k/aHAVfnVtn+Bcs9ob5InuFLLEDqSqeq+AljB8GZW9xY0x7F+xYwEcjKe07nyoxzEYz6yvkw==",
+  "_location": "/registry-auth-token",
+  "_phantomChildren": {},
+  "_requested": {
+    "type": "range",
+    "registry": true,
+    "raw": "registry-auth-token@^4.0.0",
+    "name": "registry-auth-token",
+    "escapedName": "registry-auth-token",
+    "rawSpec": "^4.0.0",
+    "saveSpec": null,
+    "fetchSpec": "^4.0.0"
+  },
+  "_requiredBy": [
+    "/package-json"
+  ],
+  "_resolved": "https://registry.npmjs.org/registry-auth-token/-/registry-auth-token-4.0.0.tgz",
+  "_shasum": "30e55961eec77379da551ea5c4cf43cbf03522be",
+  "_spec": "registry-auth-token@^4.0.0",
+  "_where": "/home/shimataro/projects/actions/ssh-key-action/node_modules/package-json",
+  "author": {
+    "name": "Espen Hovlandsdal",
+    "email": "espen@hovlandsdal.com"
+  },
+  "bugs": {
+    "url": "https://github.com/rexxars/registry-auth-token/issues"
+  },
+  "bundleDependencies": false,
+  "dependencies": {
+    "rc": "^1.2.8",
+    "safe-buffer": "^5.0.1"
+  },
+  "deprecated": false,
+  "description": "Get the auth token set for an npm registry (if any)",
+  "devDependencies": {
+    "istanbul": "^0.4.2",
+    "mocha": "^6.1.4",
+    "require-uncached": "^1.0.2",
+    "standard": "^12.0.1"
+  },
+  "engines": {
+    "node": ">=6.0.0"
+  },
+  "homepage": "https://github.com/rexxars/registry-auth-token#readme",
+  "keywords": [
+    "npm",
+    "conf",
+    "config",
+    "npmconf",
+    "registry",
+    "auth",
+    "token",
+    "authtoken"
+  ],
+  "license": "MIT",
+  "main": "index.js",
+  "name": "registry-auth-token",
+  "repository": {
+    "type": "git",
+    "url": "git+ssh://git@github.com/rexxars/registry-auth-token.git"
+  },
+  "scripts": {
+    "coverage": "istanbul cover _mocha",
+    "posttest": "standard",
+    "test": "mocha"
+  },
+  "standard": {
+    "ignore": [
+      "coverage/**"
+    ]
+  },
+  "version": "4.0.0"
+}

node_modules/registry-auth-token/registry-url.js

@@ -0,0 +1,5 @@
+module.exports = function (scope, npmrc) {
+  var rc = npmrc || require('rc')('npm', { registry: 'https://registry.npmjs.org/' })
+  var url = rc[scope + ':registry'] || rc.registry
+  return url.slice(-1) === '/' ? url : url + '/'
+}

node_modules/registry-auth-token/test/auth-token.test.js

@@ -0,0 +1,455 @@
+var fs = require('fs')
+var path = require('path')
+var mocha = require('mocha')
+var assert = require('assert')
+var requireUncached = require('require-uncached')
+
+var npmRcPath = path.join(__dirname, '..', '.npmrc')
+var afterEach = mocha.afterEach
+var describe = mocha.describe
+var it = mocha.it
+
+var base64 = require('../base64')
+var decodeBase64 = base64.decodeBase64
+var encodeBase64 = base64.encodeBase64
+
+/* eslint max-nested-callbacks: ["error", 4] */
+
+describe('auth-token', function () {
+  afterEach(function (done) {
+    fs.unlink(npmRcPath, function () {
+      done()
+    })
+  })
+
+  it('should read global if no local is found', function () {
+    var getAuthToken = requireUncached('../index')
+    getAuthToken()
+  })
+
+  it('should return undefined if no auth token is given for registry', function (done) {
+    fs.writeFile(npmRcPath, 'registry=http://registry.npmjs.eu/', function (err) {
+      var getAuthToken = requireUncached('../index')
+      assert(!err, err)
+      assert(!getAuthToken())
+      done()
+    })
+  })
+
+  describe('legacy auth token', function () {
+    it('should return auth token if it is defined in the legacy way via the `_auth` key', function (done) {
+      var content = [
+        '_auth=foobar',
+        'registry=http://registry.foobar.eu/'
+      ].join('\n')
+
+      fs.writeFile(npmRcPath, content, function (err) {
+        var getAuthToken = requireUncached('../index')
+        assert(!err, err)
+        assert.deepStrictEqual(getAuthToken(), { token: 'foobar', type: 'Basic' })
+        done()
+      })
+    })
+
+    it('should return legacy auth token defined by reference to an environment variable (with curly braces)', function (done) {
+      var environmentVariable = '__REGISTRY_AUTH_TOKEN_NPM_TOKEN__'
+      var content = [
+        '_auth=${' + environmentVariable + '}',
+        'registry=http://registry.foobar.eu/'
+      ].join('\n')
+
+      process.env[environmentVariable] = 'foobar'
+
+      fs.writeFile(npmRcPath, content, function (err) {
+        var getAuthToken = requireUncached('../index')
+        assert(!err, err)
+        assert.deepStrictEqual(getAuthToken(), { token: 'foobar', type: 'Basic' })
+        delete process.env[environmentVariable]
+        done()
+      })
+    })
+
+    it('should return legacy auth token defined by reference to an environment variable (without curly braces)', function (done) {
+      var environmentVariable = '__REGISTRY_AUTH_TOKEN_NPM_TOKEN__'
+      var content = [
+        '_auth=$' + environmentVariable,
+        'registry=http://registry.foobar.eu/'
+      ].join('\n')
+
+      process.env[environmentVariable] = 'foobar'
+
+      fs.writeFile(npmRcPath, content, function (err) {
+        var getAuthToken = requireUncached('../index')
+        assert(!err, err)
+        assert.deepStrictEqual(getAuthToken(), { token: 'foobar', type: 'Basic' })
+        delete process.env[environmentVariable]
+        done()
+      })
+    })
+  })
+
+  describe('bearer token', function () {
+    it('should return auth token if registry is defined', function (done) {
+      var content = [
+        'registry=http://registry.foobar.eu/',
+        '//registry.foobar.eu/:_authToken=foobar', ''
+      ].join('\n')
+
+      fs.writeFile(npmRcPath, content, function (err) {
+        var getAuthToken = requireUncached('../index')
+        assert(!err, err)
+        assert.deepStrictEqual(getAuthToken(), { token: 'foobar', type: 'Bearer' })
+        done()
+      })
+    })
+
+    it('should use npmrc passed in', function (done) {
+      var content = [
+        'registry=http://registry.foobar.eu/',
+        '//registry.foobar.eu/:_authToken=foobar', ''
+      ].join('\n')
+
+      fs.writeFile(npmRcPath, content, function (err) {
+        var getAuthToken = requireUncached('../index')
+        assert(!err, err)
+        const npmrc = {
+          'registry': 'http://registry.foobar.eu/',
+          '//registry.foobar.eu/:_authToken': 'qar'
+        }
+        assert.deepStrictEqual(getAuthToken({ npmrc: npmrc }), { token: 'qar', type: 'Bearer' })
+        done()
+      })
+    })
+
+    it('should return auth token if registry url has port specified', function (done) {
+      var content = [
+        'registry=http://localhost:8770/',
+        // before the patch this token was selected.
+        '//localhost/:_authToken=ohno',
+        '//localhost:8770/:_authToken=beepboop', ''
+      ].join('\n')
+
+      fs.writeFile(npmRcPath, content, function (err) {
+        var getAuthToken = requireUncached('../index')
+        assert(!err, err)
+        assert.deepStrictEqual(getAuthToken(), { token: 'beepboop', type: 'Bearer' })
+        done()
+      })
+    })
+
+    it('should return auth token defined by reference to an environment variable (with curly braces)', function (done) {
+      var environmentVariable = '__REGISTRY_AUTH_TOKEN_NPM_TOKEN__'
+      var content = [
+        'registry=http://registry.foobar.cc/',
+        '//registry.foobar.cc/:_authToken=${' + environmentVariable + '}', ''
+      ].join('\n')
+      process.env[environmentVariable] = 'foobar'
+
+      fs.writeFile(npmRcPath, content, function (err) {
+        var getAuthToken = requireUncached('../index')
+        assert(!err, err)
+        assert.deepStrictEqual(getAuthToken(), { token: 'foobar', type: 'Bearer' })
+        delete process.env[environmentVariable]
+        done()
+      })
+    })
+
+    it('should return auth token defined by reference to an environment variable (without curly braces)', function (done) {
+      var environmentVariable = '__REGISTRY_AUTH_TOKEN_NPM_TOKEN__'
+      var content = [
+        'registry=http://registry.foobar.cc/',
+        '//registry.foobar.cc/:_authToken=$' + environmentVariable, ''
+      ].join('\n')
+      process.env[environmentVariable] = 'foobar'
+
+      fs.writeFile(npmRcPath, content, function (err) {
+        var getAuthToken = requireUncached('../index')
+        assert(!err, err)
+        assert.deepStrictEqual(getAuthToken(), { token: 'foobar', type: 'Bearer' })
+        delete process.env[environmentVariable]
+        done()
+      })
+    })
+
+    it('should try with and without a slash at the end of registry url', function (done) {
+      var content = [
+        'registry=http://registry.foobar.eu',
+        '//registry.foobar.eu:_authToken=barbaz', ''
+      ].join('\n')
+
+      fs.writeFile(npmRcPath, content, function (err) {
+        var getAuthToken = requireUncached('../index')
+        assert(!err, err)
+        assert.deepStrictEqual(getAuthToken(), { token: 'barbaz', type: 'Bearer' })
+        done()
+      })
+    })
+
+    it('should fetch for the registry given (if defined)', function (done) {
+      var content = [
+        '//registry.foobar.eu:_authToken=barbaz',
+        '//registry.blah.foo:_authToken=whatev',
+        '//registry.last.thing:_authToken=yep', ''
+      ].join('\n')
+
+      fs.writeFile(npmRcPath, content, function (err) {
+        var getAuthToken = requireUncached('../index')
+        assert(!err, err)
+        assert.deepStrictEqual(getAuthToken('//registry.blah.foo'), { token: 'whatev', type: 'Bearer' })
+        done()
+      })
+    })
+
+    it('recursively finds registries for deep url if option is set', function (done, undef) {
+      var opts = { recursive: true }
+      var content = [
+        '//registry.blah.com/foo:_authToken=whatev',
+        '//registry.blah.org/foo/bar:_authToken=recurseExactlyOneLevel',
+        '//registry.blah.edu/foo/bar/baz:_authToken=recurseNoLevel',
+        '//registry.blah.eu:_authToken=yep', ''
+      ].join('\n')
+
+      fs.writeFile(npmRcPath, content, function (err) {
+        var getAuthToken = requireUncached('../index')
+        assert(!err, err)
+        assert.deepStrictEqual(getAuthToken('https://registry.blah.edu/foo/bar/baz', opts), { token: 'recurseNoLevel', type: 'Bearer' })
+        assert.deepStrictEqual(getAuthToken('https://registry.blah.org/foo/bar/baz', opts), { token: 'recurseExactlyOneLevel', type: 'Bearer' })
+        assert.deepStrictEqual(getAuthToken('https://registry.blah.com/foo/bar/baz', opts), { token: 'whatev', type: 'Bearer' })
+        assert.deepStrictEqual(getAuthToken('http://registry.blah.eu/what/ever', opts), { token: 'yep', type: 'Bearer' })
+        assert.deepStrictEqual(getAuthToken('http://registry.blah.eu//what/ever', opts), undefined, 'does not hang')
+        assert.strictEqual(getAuthToken('//some.registry', opts), undef)
+        done()
+      })
+    })
+
+    it('should try both with and without trailing slash', function (done) {
+      fs.writeFile(npmRcPath, '//registry.blah.com:_authToken=whatev', function (err) {
+        var getAuthToken = requireUncached('../index')
+        assert(!err, err)
+        assert.deepStrictEqual(getAuthToken('https://registry.blah.com'), { token: 'whatev', type: 'Bearer' })
+        done()
+      })
+    })
+
+    it('should prefer bearer token over basic token', function (done) {
+      var content = [
+        'registry=http://registry.foobar.eu/',
+        'registry=http://registry.foobar.eu/',
+        '//registry.foobar.eu/:_authToken=bearerToken',
+        '//registry.foobar.eu/:_password=' + encodeBase64('foobar'),
+        '//registry.foobar.eu/:username=foobar', ''
+      ].join('\n')
+
+      fs.writeFile(npmRcPath, content, function (err) {
+        var getAuthToken = requireUncached('../index')
+        assert(!err, err)
+        assert.deepStrictEqual(getAuthToken('//registry.foobar.eu'), { token: 'bearerToken', type: 'Bearer' })
+        done()
+      })
+    })
+
+    it('"nerf darts" registry urls', function (done, undef) {
+      fs.writeFile(npmRcPath, '//contoso.pkgs.visualstudio.com/_packaging/MyFeed/npm/:_authToken=heider', function (err) {
+        var getAuthToken = requireUncached('../index')
+        assert(!err, err)
+        assert.deepStrictEqual(
+          getAuthToken('https://contoso.pkgs.visualstudio.com/_packaging/MyFeed/npm/registry'),
+          { token: 'heider', type: 'Bearer' }
+        )
+        done()
+      })
+    })
+  })
+
+  describe('basic token', function () {
+    it('should return undefined if password or username are missing', function (done, undef) {
+      var content = [
+        'registry=http://registry.foobar.eu/',
+        '//registry.foobar.eu/:_password=' + encodeBase64('foobar'),
+        '//registry.foobar.com/:username=foobar', ''
+      ].join('\n')
+
+      fs.writeFile(npmRcPath, content, function (err) {
+        var getAuthToken = requireUncached('../index')
+        assert(!err, err)
+        assert.strictEqual(getAuthToken('//registry.foobar.eu'), undef)
+        assert.strictEqual(getAuthToken('//registry.foobar.com'), undef)
+        done()
+      })
+    })
+
+    it('should return basic token if username and password are defined', function (done) {
+      var content = [
+        'registry=http://registry.foobar.eu/',
+        '//registry.foobar.eu/:_password=' + encodeBase64('foobar'),
+        '//registry.foobar.eu/:username=foobar', ''
+      ].join('\n')
+
+      fs.writeFile(npmRcPath, content, function (err) {
+        var getAuthToken = requireUncached('../index')
+        assert(!err, err)
+        var token = getAuthToken()
+        assert.deepStrictEqual(token, {
+          token: 'Zm9vYmFyOmZvb2Jhcg==',
+          type: 'Basic',
+          username: 'foobar',
+          password: 'foobar'
+        })
+        assert.strictEqual(decodeBase64(token.token), 'foobar:foobar')
+        done()
+      })
+    })
+
+    it('should return basic token if registry url has port specified', function (done) {
+      var content = [
+        'registry=http://localhost:8770/',
+        // before the patch this token was selected.
+        '//localhost/:_authToken=ohno',
+        '//localhost:8770/:_password=' + encodeBase64('foobar'),
+        '//localhost:8770/:username=foobar', ''
+      ].join('\n')
+
+      fs.writeFile(npmRcPath, content, function (err) {
+        var getAuthToken = requireUncached('../index')
+        assert(!err, err)
+        var token = getAuthToken()
+        assert.deepStrictEqual(token, {
+          token: 'Zm9vYmFyOmZvb2Jhcg==',
+          type: 'Basic',
+          username: 'foobar',
+          password: 'foobar'
+        })
+        assert.strictEqual(decodeBase64(token.token), 'foobar:foobar')
+        done()
+      })
+    })
+
+    it('should return password defined by reference to an environment variable (with curly braces)', function (done) {
+      var environmentVariable = '__REGISTRY_PASSWORD__'
+      var content = [
+        'registry=http://registry.foobar.cc/',
+        '//registry.foobar.cc/:username=username',
+        '//registry.foobar.cc/:_password=${' + environmentVariable + '}', ''
+      ].join('\n')
+      process.env[environmentVariable] = encodeBase64('password')
+
+      fs.writeFile(npmRcPath, content, function (err) {
+        var getAuthToken = requireUncached('../index')
+        assert(!err, err)
+        var token = getAuthToken()
+        assert.deepStrictEqual(token, {
+          type: 'Basic',
+          username: 'username',
+          password: 'password',
+          token: 'dXNlcm5hbWU6cGFzc3dvcmQ='
+        })
+        assert.strictEqual(decodeBase64(token.token), 'username:password')
+        delete process.env[environmentVariable]
+        done()
+      })
+    })
+
+    it('should return password defined by reference to an environment variable (without curly braces)', function (done) {
+      var environmentVariable = '__REGISTRY_PASSWORD__'
+      var content = [
+        'registry=http://registry.foobar.cc/',
+        '//registry.foobar.cc/:username=username',
+        '//registry.foobar.cc/:_password=$' + environmentVariable, ''
+      ].join('\n')
+      process.env[environmentVariable] = encodeBase64('password')
+
+      fs.writeFile(npmRcPath, content, function (err) {
+        var getAuthToken = requireUncached('../index')
+        assert(!err, err)
+        var token = getAuthToken()
+        assert.deepStrictEqual(token, {
+          type: 'Basic',
+          username: 'username',
+          password: 'password',
+          token: 'dXNlcm5hbWU6cGFzc3dvcmQ='
+        })
+        assert.strictEqual(decodeBase64(token.token), 'username:password')
+        delete process.env[environmentVariable]
+        done()
+      })
+    })
+
+    it('should try with and without a slash at the end of registry url', function (done) {
+      var content = [
+        'registry=http://registry.foobar.eu',
+        '//registry.foobar.eu:_password=' + encodeBase64('barbay'),
+        '//registry.foobar.eu:username=barbaz', ''
+      ].join('\n')
+
+      fs.writeFile(npmRcPath, content, function (err) {
+        var getAuthToken = requireUncached('../index')
+        assert(!err, err)
+        var token = getAuthToken()
+        assert.deepStrictEqual(token, {
+          token: 'YmFyYmF6OmJhcmJheQ==',
+          type: 'Basic',
+          password: 'barbay',
+          username: 'barbaz'
+        })
+        assert.strictEqual(decodeBase64(token.token), 'barbaz:barbay')
+        done()
+      })
+    })
+
+    it('should fetch for the registry given (if defined)', function (done) {
+      var content = [
+        '//registry.foobar.eu:_authToken=barbaz',
+        '//registry.blah.foo:_password=' + encodeBase64('barbay'),
+        '//registry.blah.foo:username=barbaz',
+        '//registry.last.thing:_authToken=yep', ''
+      ].join('\n')
+
+      fs.writeFile(npmRcPath, content, function (err) {
+        var getAuthToken = requireUncached('../index')
+        assert(!err, err)
+        var token = getAuthToken('//registry.blah.foo')
+        assert.deepStrictEqual(token, {
+          token: 'YmFyYmF6OmJhcmJheQ==',
+          type: 'Basic',
+          password: 'barbay',
+          username: 'barbaz'
+        })
+        assert.strictEqual(decodeBase64(token.token), 'barbaz:barbay')
+        done()
+      })
+    })
+
+    it('recursively finds registries for deep url if option is set', function (done, undef) {
+      var opts = { recursive: true }
+      var content = [
+        '//registry.blah.com/foo:_password=' + encodeBase64('barbay'),
+        '//registry.blah.com/foo:username=barbaz',
+        '//registry.blah.eu:username=barbaz',
+        '//registry.blah.eu:_password=' + encodeBase64('foobaz'), ''
+      ].join('\n')
+
+      fs.writeFile(npmRcPath, content, function (err) {
+        var getAuthToken = requireUncached('../index')
+        assert(!err, err)
+        var token = getAuthToken('https://registry.blah.com/foo/bar/baz', opts)
+        assert.deepStrictEqual(token, {
+          token: 'YmFyYmF6OmJhcmJheQ==',
+          type: 'Basic',
+          password: 'barbay',
+          username: 'barbaz'
+        })
+        assert.strictEqual(decodeBase64(token.token), 'barbaz:barbay')
+        token = getAuthToken('https://registry.blah.eu/foo/bar/baz', opts)
+        assert.deepStrictEqual(token, {
+          token: 'YmFyYmF6OmZvb2Jheg==',
+          type: 'Basic',
+          password: 'foobaz',
+          username: 'barbaz'
+        })
+        assert.strictEqual(decodeBase64(token.token), 'barbaz:foobaz')
+        assert.strictEqual(getAuthToken('//some.registry', opts), undef)
+        done()
+      })
+    })
+  })
+})

node_modules/registry-auth-token/test/registry-url.test.js

@@ -0,0 +1,64 @@
+var fs = require('fs')
+var path = require('path')
+var mocha = require('mocha')
+var assert = require('assert')
+var requireUncached = require('require-uncached')
+
+var npmRcPath = path.join(__dirname, '..', '.npmrc')
+var afterEach = mocha.afterEach
+var describe = mocha.describe
+var it = mocha.it
+
+describe('registry-url', function () {
+  afterEach(function (done) {
+    fs.unlink(npmRcPath, function () {
+      done()
+    })
+  })
+
+  it('should read global if no local is found', function () {
+    var getRegistryUrl = requireUncached('../registry-url')
+    getRegistryUrl()
+  })
+
+  it('should return default registry if no url is given for scope', function (done) {
+    fs.writeFile(npmRcPath, 'registry=https://registry.npmjs.org/', function (err) {
+      var getRegistryUrl = requireUncached('../registry-url')
+      assert(!err, err)
+      assert.strictEqual(getRegistryUrl('@somescope'), 'https://registry.npmjs.org/')
+      done()
+    })
+  })
+
+  it('should return registry url if url is given for scope ', function (done) {
+    fs.writeFile(npmRcPath, '@somescope:registry=https://some.registry/', function (err) {
+      var getRegistryUrl = requireUncached('../registry-url')
+      assert(!err, err)
+      assert.strictEqual(getRegistryUrl('@somescope'), 'https://some.registry/')
+      done()
+    })
+  })
+
+  it('should append trailing slash if not present', function (done) {
+    fs.writeFile(npmRcPath, '@somescope:registry=https://some.registry', function (err) {
+      var getRegistryUrl = requireUncached('../registry-url')
+      assert(!err, err)
+      assert.strictEqual(getRegistryUrl('@somescope'), 'https://some.registry/')
+      done()
+    })
+  })
+
+  it('should return configured global registry if given', function (done) {
+    var content = [
+      'registry=http://registry.foobar.eu/',
+      '@somescope:registry=https://some.url/', ''
+    ].join('\n')
+
+    fs.writeFile(npmRcPath, content, function (err) {
+      var getRegistryUrl = requireUncached('../registry-url')
+      assert(!err, err)
+      assert.strictEqual(getRegistryUrl(), 'http://registry.foobar.eu/')
+      done()
+    })
+  })
+})