You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi,
I'd like the ability to disallow npm login / npm adduser for certain versions of the npm client.
This information can be read from the version request header.
Use case: I only want to allow login for users who have npm >= 1.5, since npm < 1.5 stores the user's base64-encoded password in plaintext under their local ~/.npmrc file. This is particularly important if you are using the sinopia-ldap plugin, since this password is the user's LDAP password.
Would this be best implemented as a middleware?
The text was updated successfully, but these errors were encountered:
Hi,
I'd like the ability to disallow
npm login/npm adduserfor certain versions of the npm client.This information can be read from the
versionrequest header.Use case: I only want to allow login for users who have npm >= 1.5, since npm < 1.5 stores the user's base64-encoded password in plaintext under their local ~/.npmrc file. This is particularly important if you are using the sinopia-ldap plugin, since this password is the user's LDAP password.
Would this be best implemented as a middleware?
The text was updated successfully, but these errors were encountered: