fix: verify authentication for default npm registry only

lib/verify-auth.js

@@ -1,14 +1,25 @@
 const execa = require('execa');
+const normalizeUrl = require('normalize-url');
 const SemanticReleaseError = require('@semantic-release/error');
 const getRegistry = require('./get-registry');
 const setNpmrcAuth = require('./set-npmrc-auth');
 
-module.exports = async (pluginConfig, pkg, logger) => {
+const DEFAULT_NPM_REGISTRY = 'https://registry.npmjs.org/';
+
+module.exports = async (
+  pluginConfig,
+  pkg,
+  logger,
+  defaultRegistry = process.env.DEFAULT_NPM_REGISTRY || DEFAULT_NPM_REGISTRY
+) => {
   const registry = await getRegistry(pkg.publishConfig, pkg.name);
   await setNpmrcAuth(registry, logger);
-  try {
-    await execa('npm', ['whoami', '--registry', registry]);
-  } catch (err) {
-    throw new SemanticReleaseError('Invalid npm token.', 'EINVALIDNPMTOKEN');
+
+  if (normalizeUrl(registry) === normalizeUrl(defaultRegistry)) {
+    try {
+      await execa('npm', ['whoami', '--registry', registry]);
+    } catch (err) {
+      throw new SemanticReleaseError('Invalid npm token.', 'EINVALIDNPMTOKEN');
+    }
   }
 };

package.json

@@ -22,6 +22,7 @@
     "fs-extra": "^5.0.0",
     "lodash": "^4.17.4",
     "nerf-dart": "^1.0.0",
+    "normalize-url": "^2.0.1",
     "npm-conf": "^1.1.3",
     "npm-registry-client": "^8.5.0",
     "read-pkg": "^3.0.0",

test/integration.test.js

@@ -26,6 +26,7 @@ test.beforeEach(async t => {
   delete process.env.NPM_USERNAME;
   delete process.env.NPM_PASSWORD;
   delete process.env.NPM_EMAIL;
+  delete process.env.DEFAULT_NPM_REGISTRY;
   // Create a git repository, set the current working directory at the root of the repo
   await gitRepo();
   await gitCommit('Initial commit');
@@ -58,6 +59,7 @@ test.serial('Skip npm auth verification if "npmPublish" is false', async t => {
 
 test.serial('Throws error if NPM token is invalid', async t => {
   process.env.NPM_TOKEN = 'wrong_token';
+  process.env.DEFAULT_NPM_REGISTRY = npmRegistry.url;
   const pkg = {name: 'published', version: '1.0.0', publishConfig: {registry: npmRegistry.url}};
   await outputJson('./package.json', pkg);
   const error = await t.throws(t.context.m.verifyConditions({}, {options: {}, logger: t.context.logger}));
@@ -70,10 +72,21 @@ test.serial('Throws error if NPM token is invalid', async t => {
   t.regex(npmrc, /:_authToken/);
 });
 
+test.serial('Skip Token validation if the registry configured is not the default one', async t => {
+  process.env.NPM_TOKEN = 'wrong_token';
+  const pkg = {name: 'published', version: '1.0.0', publishConfig: {registry: 'http://custom-registry.com/'}};
+  await outputJson('./package.json', pkg);
+  await t.notThrows(t.context.m.verifyConditions({}, {options: {}, logger: t.context.logger}));
+
+  const npmrc = (await readFile('.npmrc')).toString();
+  t.regex(npmrc, /:_authToken/);
+});
+
 test.serial(
   'Throws error if NPM token is invalid if "npmPublish" is false and npm plugin used for "getLastRelease"',
   async t => {
     process.env.NPM_TOKEN = 'wrong_token';
+    process.env.DEFAULT_NPM_REGISTRY = npmRegistry.url;
     const pkg = {name: 'published', version: '1.0.0', publishConfig: {registry: npmRegistry.url}};
     await outputJson('./package.json', pkg);
     const error = await t.throws(
@@ -96,6 +109,7 @@ test.serial(
   'Throws error if NPM token is invalid if "npmPublish" is false and npm plugin used for "getLastRelease" as an object',
   async t => {
     process.env.NPM_TOKEN = 'wrong_token';
+    process.env.DEFAULT_NPM_REGISTRY = npmRegistry.url;
     const pkg = {name: 'published', version: '1.0.0', publishConfig: {registry: npmRegistry.url}};
     await outputJson('./package.json', pkg);
     const error = await t.throws(