From 7e8cbc2f70d98a1067787ff064f9cdca4c959deb Mon Sep 17 00:00:00 2001 From: Shasheen Bandodkar Date: Mon, 22 Sep 2025 18:17:44 -0700 Subject: [PATCH] fix: npm registry token exposure --- packages/app/src/sandbox/compile.ts | 8 ++------ packages/common/src/types/index.ts | 2 +- 2 files changed, 3 insertions(+), 7 deletions(-) diff --git a/packages/app/src/sandbox/compile.ts b/packages/app/src/sandbox/compile.ts index f2e9894921c..2f91dd59bda 100644 --- a/packages/app/src/sandbox/compile.ts +++ b/packages/app/src/sandbox/compile.ts @@ -375,7 +375,7 @@ async function initializeManager( enabled_scopes: string[]; limit_to_scopes: true; proxy_enabled: false; - registry_auth_key: string; + registry_auth_key_configured: boolean; registry_type: string; registry_url: string; }; @@ -386,7 +386,7 @@ async function initializeManager( proxyEnabled: registry.proxy_enabled, registryUrl: registry.registry_url || `${domain}/api/v1/sandpack/registry/`, - registryAuthToken: registry.registry_auth_key || sandpackToken, + registryAuthTokenConfigured: registry.registry_auth_key_configured, registryAuthType: registry.auth_type, }); } @@ -418,10 +418,6 @@ async function initializeManager( `${cleanUrl}/${name.replace('/', '%2f')}/${version}`; } - if (registry.registryAuthToken) { - options.authToken = registry.registryAuthToken; - } - const protocol = new NpmRegistryFetcher(cleanUrl, options); newManager.prependNpmProtocolDefinition({ diff --git a/packages/common/src/types/index.ts b/packages/common/src/types/index.ts index 677cb399d2e..aa82e53d14b 100644 --- a/packages/common/src/types/index.ts +++ b/packages/common/src/types/index.ts @@ -346,7 +346,7 @@ export type NpmRegistry = { limitToScopes: boolean; registryUrl: string; proxyEnabled?: boolean; - registryAuthToken?: string; + registryAuthTokenConfigured?: boolean; registryAuthType?: string; };