You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Accidentally providing a misformed token will print the bearer token to the log-output.
I wasn't sure if this is indeed a security risk but I figured it might not hurt to point it out in case it is. Please close the issue right away if this is not critical.
Expected Behavior
Do not print any bearer tokens to standard output.
Step #0: �[0m�[91mnpm error Bearer ghs_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Step #0: npm error is not a legal HTTP header value
Environment
npm: 10.8.2
node: 20
OS: Ubuntu
The text was updated successfully, but these errors were encountered:
introduced malformed token in npmrc config and tried it with latest node and npm version could not reproduce the issue, checked both the terminal output and details logs. Have you tried it on latest npm version, would you mind sharing the output screenshot. by masking the token.
@kchindam-infy I'm sorry, I'm currently trying to get something out and do not have the time to give this a try at the moment. I did not use the latest version of npm but v10.8.2. I noticed the output in Google Cloud Build logs.
Since echo "text" will always append a \n I figured this must have been the issue and it started to work after adding the -n flag.
That being said.. I then noticed that these token seems to be short lived anyways and that I do not have to persist them which is why I no longer do this
Is there an existing issue for this?
This issue exists in the latest npm version
Current Behavior
Accidentally providing a misformed token will print the bearer token to the log-output.
I wasn't sure if this is indeed a security risk but I figured it might not hurt to point it out in case it is. Please close the issue right away if this is not critical.
Expected Behavior
Do not print any bearer tokens to standard output.
Steps To Reproduce
Create a
.npmrc
fileAccidentally append a newline
\n
to your token e.g.instead of
and
npm i
write the following to standard output:Environment
The text was updated successfully, but these errors were encountered: