Gathering detailed insights and metrics for google-artifactregistry-auth
Gathering detailed insights and metrics for google-artifactregistry-auth
Installations
npm install google-artifactregistry-authDeveloper
GoogleCloudPlatform
Developer Guide
BETA
Module System
CommonJS
Min. Node Version
Typescript Support
No
Node Version
14.21.3
NPM Version
6.14.18
Statistics
15 Stars
60 Commits
19 Forks
25 Watching
9 Branches
425 Contributors
Updated on 30 Oct 2024
Languages
JavaScript (100%)
Total Downloads
Cumulative downloads
Total Downloads
19,631,769
Last day
4.5%
65,173
Compared to previous day
Last week
5.3%
319,848
Compared to previous week
Last month
20.9%
1,314,010
Compared to previous month
Last year
97.9%
11,794,128
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
2
Versions
Artifact Registry tools for npm packages
This repository contains tools to simplify the process of working with npm packages using Artifact Registry.
Artifact Registry Module
The Artifact Registry google-artifactregistry-auth module is an npm package which allows you to configure npm to interact with npm private repositories in Artifact Registry.
For more details, see https://cloud.google.com/artifact-registry/docs/nodejs/authentication
The module automatically searches for credentials from the environment and authenticates to Artifact Registry. It looks for credentials in the following order:
- Google Application Default Credentials.
- The current active account logged in via
gcloud auth login. - If neither of them exist, an error occurs.
NOTE: This module would update credentials for all Artifact Registry repositories. It would not be suitable if you use multiple account credentials in npmrc file.
To use the module:
-
Log in
Option 1: log in as a service account:
(1). Using a JSON file that contains a service account key:
`$ export GOOGLE_APPLICATION_CREDENTIALS=[path/to/key.json]`(2). Or using gcloud:
`$ gcloud auth application-default login`Option 2: log in as an end user via gcloud:
$ gcloud auth login -
Add settings to connect to the repository to .npmrc. Use the output from the following command:
$ gcloud artifacts print-settings npmregistry=https://LOCATION-npm.pkg.dev/PROJECT_ID/REPOSITORY_ID/ //LOCATION-npm.pkg.dev/PROJECT_ID/REPOSITORY_ID/:always-auth=trueWhere
PROJECT_ID is the ID of the project.
REPOSITORY_ID is the ID of the repository.
LOCATION is the location of the repository.
-
Use one of these below options to run the script
-
Run the module outside of the directory containing the target npmrc file
$ npx google-artifactregistry-auth --repo-config=[./.npmrc] --credential-config=[~/.npmrc] -
Include the command in the scripts in package.json
"scripts": { "artifactregistry-login": "npx google-artifactregistry-auth --repo-config=[./.npmrc] --credential-config=[~/.npmrc]", }Where:
--repo-configis the.npmrcfile with your repository settings. If you don't specify this flag, the default location is the current directory.--credential-configis the path to the.npmrcfile where you want to write the access token. The default is your user.npmrcfile.
And then run the script
$ npm run artifactregistry-login -
npxshould come withnpm5.2+. Ifnpxis not available:Install the module from npmjs.com as a dev dependency and include the command in the script
$ npm install google-artifactregistry-auth --save-dev"scripts": { "artifactregistry-login": "./node_modules/.bin/artifactregistry-auth --repo-config=[./.npmrc] --credential-config=[~/.npmrc]", }Run the script
$ npm run artifactregistry-login
-
No vulnerabilities found.
Reason
all changesets reviewed
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Warn: project license file does not contain an FSF or OSI license.
Reason
3 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 3
Reason
8 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-93q8-gq69-wqmw
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-gxpj-cx7g-858c
- Warn: Project is vulnerable to: GHSA-2j2x-2gpw-g8fm
- Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3
- Warn: Project is vulnerable to: GHSA-xvch-5gv4-984h
- Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
- Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/publish.yaml:1
- Warn: no topLevel permission defined: .github/workflows/tests.yaml:1
- Info: no jobLevel write permissions found
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yaml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/GoogleCloudPlatform/artifact-registry-npm-tools/publish.yaml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yaml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/GoogleCloudPlatform/artifact-registry-npm-tools/publish.yaml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yaml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/GoogleCloudPlatform/artifact-registry-npm-tools/publish.yaml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yaml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/GoogleCloudPlatform/artifact-registry-npm-tools/publish.yaml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yaml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/GoogleCloudPlatform/artifact-registry-npm-tools/tests.yaml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yaml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/GoogleCloudPlatform/artifact-registry-npm-tools/tests.yaml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yaml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/GoogleCloudPlatform/artifact-registry-npm-tools/tests.yaml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yaml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/GoogleCloudPlatform/artifact-registry-npm-tools/tests.yaml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yaml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/GoogleCloudPlatform/artifact-registry-npm-tools/tests.yaml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yaml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/GoogleCloudPlatform/artifact-registry-npm-tools/tests.yaml/master?enable=pin
- Warn: npmCommand not pinned by hash: .github/workflows/tests.yaml:49
- Warn: npmCommand not pinned by hash: .github/workflows/tests.yaml:22
- Info: 0 out of 10 GitHub-owned GitHubAction dependencies pinned
- Info: 1 out of 3 npmCommand dependencies pinned
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 30 are checked with a SAST tool
Score
4.3
/10
Last Scanned on 2024-11-25
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More