fix(connector): force npmjs registry for login and npm CLI ops

Author: MathurAditya724

cli/src/cli.ts

@@ -6,7 +6,7 @@ import * as p from '@clack/prompts'
 import { defineCommand, runMain } from 'citty'
 import { serve } from 'srvx'
 import { createConnectorApp, generateToken, CONNECTOR_VERSION } from './server.ts'
-import { getNpmUser } from './npm-client.ts'
+import { getNpmUser, NPM_REGISTRY_URL } from './npm-client.ts'
 import { initLogger, showToken, logInfo, logWarning, logError } from './logger.ts'
 
 const DEFAULT_PORT = 31415
@@ -15,7 +15,7 @@ const DEV_FRONTEND_URL = 'http://127.0.0.1:3000/'
 
 async function runNpmLogin(): Promise<boolean> {
   return new Promise(resolve => {
-    const child = spawn('npm', ['login'], {
+    const child = spawn('npm', ['login', `--registry=${NPM_REGISTRY_URL}`], {
       stdio: 'inherit',
       shell: true,
     })

cli/src/npm-client.ts

@@ -10,6 +10,16 @@ import { PackageNameSchema, UsernameSchema, OrgNameSchema, ScopeTeamSchema } fro
 import { logCommand, logSuccess, logError, logDebug } from './logger.ts'
 
 const execFileAsync = promisify(execFile)
+export const NPM_REGISTRY_URL = 'https://registry.npmjs.org/'
+
+export function createNpmEnv(overrides: Record<string, string> = {}): Record<string, string> {
+  return {
+    ...(process.env as Record<string, string>),
+    ...overrides,
+    FORCE_COLOR: '0',
+    npm_config_registry: NPM_REGISTRY_URL,
+  }
+}
 
 /**
  * Validates an npm package name using the official npm validation package
@@ -191,10 +201,7 @@ async function execNpmInteractive(
     let authUrlTimeout: ReturnType<typeof setTimeout> | null = null
     let authUrlTimedOut = false
 
-    const env: Record<string, string> = {
-      ...(process.env as Record<string, string>),
-      FORCE_COLOR: '0',
-    }
+    const env = createNpmEnv()
 
     // When openUrls is false, tell npm not to open the browser.
     // npm still prints the auth URL and polls doneUrl
@@ -330,7 +337,7 @@ async function execNpm(args: string[], options: ExecNpmOptions = {}): Promise<Np
     // On Unix, we keep it false for better security and performance
     const { stdout, stderr } = await execFileAsync('npm', npmArgs, {
       timeout: 60000,
-      env: { ...process.env, FORCE_COLOR: '0' },
+      env: createNpmEnv(),
       shell: process.platform === 'win32',
     })
 
@@ -606,7 +613,7 @@ export async function packageInit(
       const { stdout, stderr } = await execFileAsync('npm', npmArgs, {
         timeout: 60000,
         cwd: tempDir,
-        env: { ...process.env, FORCE_COLOR: '0' },
+        env: createNpmEnv(),
         shell: process.platform === 'win32',
       })
 

test/unit/cli/npm-client.spec.ts

@@ -5,6 +5,8 @@ import {
   validateScopeTeam,
   validatePackageName,
   extractUrls,
+  createNpmEnv,
+  NPM_REGISTRY_URL,
 } from '../../../cli/src/npm-client'
 
 describe('validateUsername', () => {
@@ -184,3 +186,15 @@ describe('extractUrls', () => {
     expect(extractUrls(npmOutput)).toEqual(['https://www.npmjs.com/login?next=/login/cli/abc123'])
   })
 })
+
+describe('createNpmEnv', () => {
+  it('enforces npmjs registry for all npm commands', () => {
+    const env = createNpmEnv()
+    expect(env.npm_config_registry).toBe(NPM_REGISTRY_URL)
+  })
+
+  it('does not allow overriding enforced registry', () => {
+    const env = createNpmEnv({ npm_config_registry: 'https://registry.npmmirror.com/' })
+    expect(env.npm_config_registry).toBe(NPM_REGISTRY_URL)
+  })
+})