fix: COREPACK_NPM_REGISTRY should allow for username/password auth

[Keysox]

I noticed when using this package, if you set COREPACK_NPM_REGISTRY, authentication wasn't working as expected.

After debugging and reading through the code, it appears that when the following code was run:

if (typeof input === `string`)
    input = new URL(input);

input.username would become an empty string. This caused process.env.COREPACK_NPM_USERNAME to not be used.

By switching ?? to ||, the authorization header should now be sent to the registry as expected!

[aduh95]

Thanks for the PR, that makes sense. Do you know why the tests do not catch that? We're checking against a custom mock repository, which should validate authentication works 🤔

[aduh95]

Well I found the problem: the mock registry would skip auth validation if none was provided, Windows 95 style 🤦‍♂️ Can you apply the following diff to ensure we don't regress:

diff --git a/tests/_registryServer.mjs b/tests/_registryServer.mjs
index ff0be26..d051b0a 100644
--- a/tests/_registryServer.mjs
+++ b/tests/_registryServer.mjs
@@ -116,8 +116,10 @@ const server = createServer((req, res) => {
   const auth = req.headers.authorization;
 
   if (
-    (auth?.startsWith(`Bearer `) && auth.slice(`Bearer `.length) !== TOKEN_MOCK) ||
-    (auth?.startsWith(`Basic `) && Buffer.from(auth.slice(`Basic `.length), `base64`).toString() !== `user:pass`)
+    auth == null ||
+    (auth.startsWith(`Bearer `) && auth.slice(`Bearer `.length) !== TOKEN_MOCK) ||
+    (auth.startsWith(`Basic `) && Buffer.from(auth.slice(`Basic `.length), `base64`).toString() !== `user:pass`) ||
+    !/^(Basic|Bearer) /.test(auth)
   ) {
     res.writeHead(401).end(`Unauthorized`);
     return;