fix: pass expected @scope:team format to backend#90
Merged
Conversation
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
The `/team/:scopeTeam/users` endpoint was letting validation errors from `validateScopeTeam` bubble up as an unhandled 500 response with an unhandled rejection logged to the console. Now it catches and returns a proper 400 with a helpful message, and logs the full error.
npm team/access operations require `@scope:team` format but the frontend was sending `scope:team` without the `@` prefix. This was obscured by the fact that the admin operations aren't quite functional yet for most orgs as OTP isn't supported, and by the fact that `listTeamUsers` only fails with this incorrect format when it goes through the CLI, which is only the case for the authenticated user's own orgs.
serhalp
force-pushed
the
fix/cli-scope-team-validation
branch
from
89d989b to
de872d3
Compare
serhalp
commented
Jan 26, 2026
| /** | ||
| * Log a debug message with `obug` (minimal fork of `debug`) | ||
| */ | ||
| export const logDebug = createDebug('npmx-connector') |
Member
Author
There was a problem hiding this comment.
I might be missing something, but debugging was difficult without stack traces and support for non-string objects in general. Given that clack doesn't have affordances for this, debug/obug was the least intrusive approach I could think of.
serhalp
commented
Jan 26, 2026
Comment on lines
+455
to
+460
| logError('scope:team validation failed') | ||
| logDebug(err, { scopeTeamRaw, scopeTeam }) | ||
| throw new HTTPError({ | ||
| statusCode: 400, | ||
| message: `Invalid scope:team format: ${scopeTeam}. Expected @scope:team`, | ||
| }) |
Member
Author
There was a problem hiding this comment.
This may look a little funny at a glance, but the logError is the backend-user-facing pretty clack error output, the logDebug is for a developer troubleshooting, and the throw is for the response back to the browser for this invalid request.
There was a problem hiding this comment.
Would it help putting quotes around the invalid input for clarity?
mxdvl
reviewed
Jan 26, 2026
Co-authored-by: Max Duval <hi@mxdvl.com>
vinnymac
pushed a commit
to vinnymac/npmx.dev
that referenced
this pull request
Jan 28, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bug
pnpm devpnpm npmx-connectorhttp://localhost:3001/org/<some-org>(or directly to destinationhttp://localhost:3001/@org), where<some-org>is an org your logged in user is a part ofnpmx-connectorprints an errorThis is really two separate fixes:
fix(cli): fail gracefully on invalid
scope:teamformatThe
/team/:scopeTeam/usersendpoint was letting validation errors fromvalidateScopeTeambubble up as an unhandled 500 response with an unhandled rejection logged to the console. Now it catches and returns a proper 400 with a helpful message, and logs the full error.fix(app): add
@prefix when constructingscope:teamfor npm operationsnpm team/access operations require
@scope:teamformat but the frontend was sendingscope:teamwithout the
@prefix.This was obscured by the fact that the admin operations aren't quite functional yet for most orgs as OTP isn't supported, and by the fact that
listTeamUsersonly fails with this incorrect format when it goes through the CLI, which is only the case for the authenticated user's own orgs.