1 files changed, 75 insertions, 0 deletions

diff --git a/deps/node/deps/npm/test/tap/legacy-no-auth-leak.js b/deps/node/deps/npm/test/tap/legacy-no-auth-leak.js
new file mode 100644
index 00000000..f8372392
--- /dev/null
+++ b/deps/node/deps/npm/test/tap/legacy-no-auth-leak.js
@@ -0,0 +1,75 @@
+'use strict'
+var test = require('tap').test
+var common = require('../common-tap.js')
+var path = require('path')
+var basepath = path.resolve(__dirname, path.basename(__filename, '.js'))
+var Tacks = require('tacks')
+var File = Tacks.File
+var Dir = Tacks.Dir
+
+var fixture = new Tacks(
+  Dir({
+    README: File(
+      'just an npm test\n'
+    ),
+    'package.json': File({
+      name: 'npm-test-no-auth-leak',
+      version: '0.0.0',
+      scripts: {
+        test: 'node test.js'
+      }
+    }),
+    '.npmrc': File(
+      'auth=abc',
+      'authCrypt=def',
+      'password=xyz',
+      '//registry.npmjs.org/:_authToken=nopenope'
+    ),
+    'test.js': File(
+      'var authTokenKeys = Object.keys(process.env)\n' +
+      '  .filter(function (key) { return /authToken/.test(key) })\n' +
+      'console.log(JSON.stringify({\n' +
+      '  password: process.env.npm_config__password || null,\n' +
+      '  auth: process.env.npm_config__auth || null,\n' +
+      '  authCrypt: process.env.npm_config__authCrypt || null ,\n' +
+      '  authToken: authTokenKeys && process.env[authTokenKeys[0]] || null\n' +
+      '}))'
+    )
+  })
+)
+
+test('setup', function (t) {
+  setup()
+  t.done()
+})
+
+test('no-auth-leak', function (t) {
+  common.npm(['test'], {cwd: basepath}, function (err, code, stdout, stderr) {
+    if (err) throw err
+    t.is(code, 0, 'test ran ok')
+    if (stderr) console.log(stderr)
+    var matchResult = /^[^{]*(\{(?:.|\n)*\})[^}]*$/
+    t.like(stdout, matchResult, 'got results with a JSON chunk in them')
+    var stripped = stdout.replace(matchResult, '$1')
+    var result = JSON.parse(stripped)
+    t.is(result.password, null, 'password')
+    t.is(result.auth, null, 'auth')
+    t.is(result.authCrypt, null, 'authCrypt')
+    t.is(result.authToken, null, 'authToken')
+    t.end()
+  })
+})
+
+test('cleanup', function (t) {
+  cleanup()
+  t.done()
+})
+
+function setup () {
+  cleanup()
+  fixture.create(basepath)
+}
+
+function cleanup () {
+  fixture.remove(basepath)
+}