From 932ea5e767fc8f21cadcc86f912d898e7c41fd2f Mon Sep 17 00:00:00 2001
From: Ryan Kennedy <ryaninvents@users.noreply.github.com>
Date: Wed, 22 May 2019 19:56:48 -0400
Subject: [PATCH] fix: Honor NPM_CONFIG_USERCONFIG setting
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This bug cost me weeks 😅

`npm` honors the `NPM_CONFIG_USERCONFIG` setting, which our CI relies on to inject shared credentials at runtime. `npm publish` succeeds if we're not using Semantic Release. However, `@semantic-release/npm` has reimplemented a credentials check in a manner not compatible with the way `npm` handles the user config environment variable. This PR checks the location specified in `NPM_CONFIG_USERCONFIG` before using `rc` to crawl up the file hierarchy.

It should be noted that `rc` does not fully implement the `.npmrc` resolution algorithm, skipping the ability to specify config files from an env var. That's why we're facing this problem.

I've tested this locally, and this small fix would allow us to use Semantic Release 🎉
---
 lib/set-npmrc-auth.js | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/lib/set-npmrc-auth.js b/lib/set-npmrc-auth.js
index da316845..40f65c92 100644
--- a/lib/set-npmrc-auth.js
+++ b/lib/set-npmrc-auth.js
@@ -6,9 +6,12 @@ const nerfDart = require('nerf-dart');
 const AggregateError = require('aggregate-error');
 const getError = require('./get-error');
 
-module.exports = async (registry, {cwd, env: {NPM_TOKEN, NPM_USERNAME, NPM_PASSWORD, NPM_EMAIL}, logger}) => {
+module.exports = async (
+  registry,
+  {cwd, env: {NPM_TOKEN, NPM_CONFIG_USERCONFIG, NPM_USERNAME, NPM_PASSWORD, NPM_EMAIL}, logger}
+) => {
   logger.log('Verify authentication for registry %s', registry);
-  const config = path.resolve(cwd, '.npmrc');
+  const config = NPM_CONFIG_USERCONFIG || path.resolve(cwd, '.npmrc');
   if (getAuthToken(registry, {npmrc: rc('npm', {registry: 'https://registry.npmjs.org/'}, {config})})) {
     return;
   }