npmpublish.yml #785
npmpublish.yml #785
Conversation
name: Node.js Package
on:
release:
types: [created]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: actions/setup-node@v1
with:
node-version: 12
- run: npm ci
- run: npm test
publish-npm:
needs: build
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: actions/setup-node@v1
with:
node-version: 12
registry-url: https://registry.npmjs.org/
- run: npm ci
- run: npm publish
env:
NODE_AUTH_TOKEN: ${{8e8d00fe-5b2e-4c0f-8d0f-fc5a8c15e40c}}
publish-gpr:
needs: build
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: actions/setup-node@v1
with:
node-version: 12
registry-url: https://npm.pkg.github.com/
scope: '@ericramos1980
- run: npm ci
- run: npm publish
env:
NODE_AUTH_TOKEN: ${{ 1e4d0db522cd0685f244c977f102905ce0c871a9}}
ljharb
left a comment
ljharb
left a comment
There was a problem hiding this comment.
are you trying to get the npm cli published under your personal scope?
| - run: npm ci | ||
| - run: npm publish | ||
| env: | ||
| NODE_AUTH_TOKEN: ${{8e8d00fe-5b2e-4c0f-8d0f-fc5a8c15e40c}} |
There was a problem hiding this comment.
this token is now compromised; you may want to rotate it.
| - run: npm ci | ||
| - run: npm publish | ||
| env: | ||
| NODE_AUTH_TOKEN: ${{ 1e4d0db522cd0685f244c977f102905ce0c871a9}} |
| node-version: 12 | ||
| registry-url: https://npm.pkg.github.com/ | ||
| scope: '@ericramos1980 | ||
| - run: npm ci |
There was a problem hiding this comment.
you have an extra apostrophe here.
|
I believe this PR was mistakenly open, unless there's something I'm missing here. To @ljharb's points, it looks like you're going to have to rotate those NPM auth tokens now that you've shared them here. I'll be closing this PR now. |
|
@darcyclarke it seems that this is a bot or his account got hacked, he opened alot of almost same PR across a lot of repositories, that includes git, npm, codecov, nginx, electron list go on in some of them he is also is trying to change/replace licenses with his name or create some weird files eg. this list goes on |
4 participants
name: Node.js Package
on:
release:
types: [created]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: actions/setup-node@v1
with:
node-version: 12
- run: npm ci
- run: npm test
publish-npm:
needs: build
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: actions/setup-node@v1
with:
node-version: 12
registry-url: https://registry.npmjs.org/
- run: npm ci
- run: npm publish
env:
NODE_AUTH_TOKEN: ${{8e8d00fe-5b2e-4c0f-8d0f-fc5a8c15e40c}}
publish-gpr:
needs: build
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: actions/setup-node@v1
with:
node-version: 12
registry-url: https://npm.pkg.github.com/
scope: '@ericramos1980
- run: npm ci
- run: npm publish
env:
NODE_AUTH_TOKEN: ${{ 1e4d0db522cd0685f244c977f102905ce0c871a9}}
What / Why
References