Redact protected config values in argv logs by AI-DEV-BOT · Pull Request #9432 · npm/cli

AI-DEV-BOT · 2026-05-29T11:30:14Z

Summary

redact protected config values such as nerfed registry auth tokens when logging cooked argv
use the same argv cleaner for command args included in error details
share the existing protected config key logic with the config command
add regression coverage for protected config values passed on the command line and in command-error args

node node_modules\tap\bin\run.js --no-coverage test\lib\cli\entry.js test\lib\commands\config.js test\lib\utils\error-message.js
node node_modules\eslint\bin\eslint.js lib\npm.js lib\commands\config.js lib\utils\protected-config.js lib\utils\clean-argv.js lib\utils\error-message.js test\lib\cli\entry.js test\lib\utils\error-message.js
git diff --check -- lib\npm.js lib\commands\config.js lib\utils\protected-config.js lib\utils\clean-argv.js lib\utils\error-message.js test\lib\cli\entry.js test\lib\utils\error-message.js tap-snapshots\test\lib\utils\error-message.js.test.cjs

AI-DEV-BOT requested review from a team as code owners May 29, 2026 11:30

AI-DEV-BOT force-pushed the security/redact-protected-argv-config branch from f1c7344 to 99068a6 Compare May 29, 2026 11:33

Redact protected config values in argv logs

099c22a

AI-DEV-BOT force-pushed the security/redact-protected-argv-config branch from 8e67656 to 099c22a Compare May 29, 2026 13:12