Skip to content

feat(registry): add whoami, profile, and token CRUD endpoints#12011

Merged
zkochan merged 3 commits into
mainfrom
pnpr-auth2
May 28, 2026
Merged

feat(registry): add whoami, profile, and token CRUD endpoints#12011
zkochan merged 3 commits into
mainfrom
pnpr-auth2

Conversation

@zkochan

@zkochan zkochan commented May 27, 2026

Copy link
Copy Markdown
Member

Summary

Wires the five remaining auth surfaces from the pnpr parity tracking issue — everything under Auth & user endpoints except the pluggable-auth decision.

  • GET /-/whoami{ username } for the bearer caller, 401 anonymous.
  • GET /-/npm/v1/user — profile shape (name, tfa, email, cidr_whitelist, fullname) that npm profile get's table renderer parses cleanly.
  • GET /-/npm/v1/tokens{ objects, urls } listing only the caller's tokens. key is the SHA-256 hex digest of the raw token (matches what npm token revoke sends back); token is the 6-char preview surfaced when the original value isn't recoverable, which is what verdaccio does for the same reason.
  • DELETE /-/npm/v1/tokens/token/:keynpm token revoke. Ownership-gated: 401 anonymous, 403 cross-user, 404 unknown key. Persists through the SQLite store so a restart can't resurrect a revoked token.
  • DELETE /-/user/token/:toknpm logout. Looks up by raw token, revokes by hash; same gating as the listing-side revoke.

TokenStore gains find_by_key, list_for_user, revoke_by_key, and revoke_by_raw; publish::now_iso is split so token timestamps render in the same ISO-8601 shape as time.modified.

Test plan

  • cargo test -p pnpm-registry — 140 passed (16 new acceptance tests in tests/auth_user_endpoints.rs covering success, ownership boundaries, 401/403/404, and persistence of revocation across a restart).
  • cargo clippy --all-targets --deny warnings clean.
  • cargo fmt --check clean.
  • cargo check --workspace --all-targets clean.

Closes the corresponding boxes under Auth & user endpoints in #11973 (everything except the pluggable-auth decision, which is left out per the issue's "decision required" note).


Written by an agent (Claude Code, claude-opus-4-7).

Summary by CodeRabbit

  • New Features

    • Added npm-compatible user and token endpoints: whoami, user profile, token listing, token revoke, and logout.
    • Improved token management: lookup, per-user enumeration, and revocation that operate in-memory and with optional persistent storage.
    • Unified timestamp formatting for token created/updated fields to consistent ISO-8601 millisecond precision.
    • Auth endpoints now set Cache-Control: private, no-store and Vary: Authorization.
  • Tests

    • Added acceptance tests for auth endpoints, token operations, ownership checks, caching/privacy headers, and persistence across restarts.

Review Change Stack

@coderabbitai

coderabbitai Bot commented May 27, 2026

Copy link
Copy Markdown

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro Plus

Run ID: fb600014-04bc-4f02-9c3b-83bc9abc921a

📥 Commits

Reviewing files that changed from the base of the PR and between e6b6f5f and b5dfeb4.

📒 Files selected for processing (4)
  • registry/crates/pnpm-registry/src/auth.rs
  • registry/crates/pnpm-registry/src/publish.rs
  • registry/crates/pnpm-registry/src/server.rs
  • registry/crates/pnpm-registry/tests/auth_user_endpoints.rs
🚧 Files skipped from review as they are similar to previous changes (3)
  • registry/crates/pnpm-registry/src/server.rs
  • registry/crates/pnpm-registry/src/auth.rs
  • registry/crates/pnpm-registry/tests/auth_user_endpoints.rs
📜 Recent review details
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (6)
  • GitHub Check: Lint and Test (macos-latest)
  • GitHub Check: Lint and Test (ubuntu-latest)
  • GitHub Check: Lint and Test (windows-latest)
  • GitHub Check: Analyze (javascript)
  • GitHub Check: Code Coverage
  • GitHub Check: Compile & Lint
🧰 Additional context used
📓 Path-based instructions (1)
registry/crates/**/*.rs

📄 CodeRabbit inference engine (registry/AGENTS.md)

Follow the pacquet code-style guide (../pacquet/CODE_STYLE_GUIDE.md) for Rust-level conventions including imports, naming, ownership, error handling, and test layout

Files:

  • registry/crates/pnpm-registry/src/publish.rs
🔇 Additional comments (2)
registry/crates/pnpm-registry/src/publish.rs (2)

298-302: LGTM!


304-330: LGTM!


📝 Walkthrough

Walkthrough

Adds TokenStore lookup/list/revoke APIs with optional SQLite deletion, centralizes ISO millisecond timestamp formatting, wires new npm-compatible auth/token HTTP routes and handlers with cache-control, and adds acceptance tests covering auth flows and persistence.

Changes

Token Management Endpoints

Layer / File(s) Summary
Token Store APIs and SQLite Deletion
registry/crates/pnpm-registry/src/auth.rs
TokenStore exposes find_by_key, list_for_user, revoke_by_key, and revoke_by_raw. Revocation snapshots the in-memory record, conditionally runs a blocking SQLite DELETE when persistence is enabled, removes the token from memory, and returns the deleted TokenRecord. Internal delete_token executes DELETE FROM tokens WHERE token_hash = ?1.
Shared ISO Timestamp Formatting
registry/crates/pnpm-registry/src/publish.rs
Added iso_from_unix_millis(millis: i64) to format Unix-millisecond timestamps to ISO-8601/RFC-3339 millisecond precision. now_iso() now delegates to this helper.
Server Route Wiring and Endpoint Handlers
registry/crates/pnpm-registry/src/server.rs
Adds routes and handlers for GET /-/whoami, GET /-/npm/v1/user, GET /-/npm/v1/tokens, DELETE /-/user/token/{tok}, and DELETE /-/npm/v1/tokens/token/{key}. Handlers extract caller identity from Authorization, return 401 for unauthenticated, enforce ownership for revoke/logout (403), return 404 for unknown tokens, format token listings with preview and ISO timestamps, and apply Cache-Control: private, no-store plus Vary: Authorization.
Endpoint Acceptance Tests
registry/crates/pnpm-registry/tests/auth_user_endpoints.rs
New acceptance tests boot the router, register users to obtain bearer tokens, and validate whoami/profile/token-listing success and 401 branches, token revocation and logout success and error cases (404/403/401), privacy/caching headers across branches, and persistence of revocation across restart with SQLite-backed state.

Sequence Diagram

sequenceDiagram
  participant Client
  participant Server
  participant TokenStore
  participant SQLite
  Client->>Server: GET /-/whoami (bearer token)
  Server->>TokenStore: find_by_key(token_hash)
  TokenStore-->>Server: Option<TokenRecord>
  Server->>Client: 200 {username} or 401
  Client->>Server: GET /-/npm/v1/tokens (bearer token)
  Server->>TokenStore: list_for_user(username)
  TokenStore-->>Server: Vec<(key, TokenRecord)>
  Server->>Client: 200 {objects: [token_response_object], urls: {}}
  Client->>Server: DELETE /-/npm/v1/tokens/token/{key}
  Server->>TokenStore: revoke_by_key(key)
  TokenStore->>SQLite: delete_token(token_hash) (if persistent)
  SQLite-->>TokenStore: deletion result
  TokenStore-->>Server: Option<TokenRecord>
  Server->>Client: 200 (revoked) or 404/403/401
Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Possibly related PRs

  • pnpm/pnpm#11977: Modifies TokenStore/SQLite-backed token model; closely related to these token persistence and management changes.

Poem

🐰 I hopped through hashes, keys, and time,
I listed tokens, clipped the prime,
I told the server who you are,
Rewound a token — gone so far,
A tiny thump, a joyful rhyme.

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The PR title directly and specifically summarizes the main change: adding whoami, profile, and token CRUD endpoints to the registry.
Docstring Coverage ✅ Passed Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch pnpr-auth2

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@qodo-free-for-open-source-projects

Copy link
Copy Markdown

Review Summary by Qodo

Add whoami, profile, and token CRUD endpoints with SQLite persistence

✨ Enhancement

Grey Divider

Walkthroughs

Description
• Add five npm-CLI-compatible auth endpoints: whoami, profile, token listing, and token revocation
• Implement token CRUD operations with SQLite persistence for revocation across restarts
• Add ownership-gated access control (401 anonymous, 403 cross-user, 404 unknown)
• Extract ISO-8601 timestamp formatting for consistent token and packument timestamps
• Add 16 comprehensive acceptance tests covering success paths, boundaries, and persistence
Diagram
flowchart LR
  A["HTTP Requests"] -->|GET /-/whoami| B["serve_whoami"]
  A -->|GET /-/npm/v1/user| C["serve_profile"]
  A -->|GET /-/npm/v1/tokens| D["list_tokens"]
  A -->|DELETE /-/npm/v1/tokens/token/:key| E["revoke_token_by_key"]
  A -->|DELETE /-/user/token/:tok| F["logout"]
  B --> G["TokenStore"]
  C --> G
  D --> G
  E --> G
  F --> G
  G -->|find_by_key| H["In-Memory Cache"]
  G -->|list_for_user| H
  G -->|revoke_by_key| I["SQLite DB"]
  G -->|revoke_by_raw| I
  J["iso_from_unix_millis"] -->|Format timestamps| K["Token Response Objects"]

Loading

Grey Divider

File Changes

1. registry/crates/pnpm-registry/src/auth.rs ✨ Enhancement +59/-0

Implement token lookup and revocation operations

• Add find_by_key() to retrieve token records by SHA-256 hash for ownership checks
• Add list_for_user() to enumerate all tokens owned by a specific user
• Add revoke_by_key() to delete tokens by hash with SQLite persistence
• Add revoke_by_raw() to delete tokens by raw value (hashes then delegates)
• Add delete_token() helper function to remove tokens from SQLite store

registry/crates/pnpm-registry/src/auth.rs


2. registry/crates/pnpm-registry/src/publish.rs ✨ Enhancement +9/-1

Extract shared ISO-8601 timestamp formatting

• Extract iso_from_unix_millis() helper for consistent ISO-8601 timestamp formatting
• Refactor now_iso() to use the new helper for millisecond-precision timestamps
• Enable token creation timestamps to render with identical format as packument time.modified

registry/crates/pnpm-registry/src/publish.rs


3. registry/crates/pnpm-registry/src/server.rs ✨ Enhancement +181/-12

Implement five user and token management endpoints

• Add serve_whoami() endpoint returning authenticated caller's username (401 if anonymous)
• Add serve_profile() endpoint returning user profile with npm-CLI-compatible fields
• Add list_tokens() endpoint returning caller's tokens with SHA-256 keys and 6-char previews
• Add revoke_token_by_key() endpoint for npm token revoke with ownership gating
• Add logout() endpoint for npm logout with raw token lookup and ownership validation
• Add token_response_object() helper to format token records for API responses
• Add caller_username() helper to extract authenticated user from Authorization header
• Add json_response() helper for consistent JSON response formatting
• Wire new endpoints into 2-segment, 4-segment, and 6-segment route handlers

registry/crates/pnpm-registry/src/server.rs


View more (1)
4. registry/crates/pnpm-registry/tests/auth_user_endpoints.rs 🧪 Tests +366/-0

Add comprehensive acceptance tests for auth endpoints

• Add 16 acceptance tests covering whoami, profile, token listing, revocation, and logout
• Test authentication requirements (401 for anonymous, 403 for cross-user access)
• Test token isolation (users only see their own tokens)
• Test revocation persistence across server restart via SQLite
• Test error cases (unknown tokens, invalid keys, ownership violations)
• Add helper functions for test setup, user registration, and HTTP request construction

registry/crates/pnpm-registry/tests/auth_user_endpoints.rs


Grey Divider

Qodo Logo

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)
registry/crates/pnpm-registry/src/publish.rs (1)

184-188: ⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Use div_euclid for the day component.

rem_euclid() already normalizes the time-of-day, but millis / 86_400_000 still truncates toward zero. That makes pre-epoch inputs format the wrong calendar date (iso_from_unix_millis(-1) becomes 1970-01-01T23:59:59.999Z).

Proposed fix
-    let (days, ms_in_day) = (millis / 86_400_000, millis.rem_euclid(86_400_000));
+    let (days, ms_in_day) = (millis.div_euclid(86_400_000), millis.rem_euclid(86_400_000));
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@registry/crates/pnpm-registry/src/publish.rs` around lines 184 - 188, The
calculation in iso_from_unix_millis uses normal division for the day count which
truncates toward zero for negative millis and yields wrong dates before epoch;
replace the expression computing days (currently using millis / 86_400_000) with
millis.div_euclid(86_400_000) so the day component uses Euclidean division while
keeping ms_in_day = millis.rem_euclid(86_400_000) as-is; update the tuple
binding (days, ms_in_day) accordingly in the iso_from_unix_millis function.
🧹 Nitpick comments (2)
registry/crates/pnpm-registry/tests/auth_user_endpoints.rs (1)

227-238: ⚡ Quick win

Consider removing the unused app parameter.

The app parameter is not used by this pure hash-comparison function. While the comment mentions keeping it "for symmetry with the other helpers," most helper functions in this file (such as body_bytes, body_json, and the request builders) do not take an app parameter. Removing it would simplify the signature without affecting functionality.

♻️ Proposed simplification
-async fn uses_token(app: &axum::Router, raw_token: &str, candidate_key: &str) -> bool {
+async fn uses_token(raw_token: &str, candidate_key: &str) -> bool {
     use sha2::{Digest, Sha256};
     let mut hasher = Sha256::new();
     hasher.update(raw_token.as_bytes());
     let digest = hasher.finalize();
     let mut hex = String::with_capacity(64);
     for byte in digest.iter() {
         hex.push_str(&format!("{byte:02x}"));
     }
-    let _ = app; // app is unused but kept for symmetry with the other helpers
     hex == candidate_key
 }

And update the call site at line 203:

-    let target_key = if uses_token(&app, &victim_token, alice_key).await {
+    let target_key = if uses_token(&victim_token, alice_key).await {
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@registry/crates/pnpm-registry/tests/auth_user_endpoints.rs` around lines 227
- 238, Remove the unused app parameter from the uses_token function signature
and its helper implementation (function uses_token), make it take (raw_token:
&str, candidate_key: &str) only, and update all call sites that pass an app
(e.g., the call near line ~203 referenced in the comment) to call the new
two-argument signature; keep the SHA256 hashing and comparison logic unchanged.
registry/crates/pnpm-registry/src/server.rs (1)

645-663: Redact the logout path in request/access logs.

This endpoint puts a live bearer token in the URL. Make sure any HTTP/access logging records the matched route or a redacted path, otherwise logout requests will write credentials into logs.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@registry/crates/pnpm-registry/src/server.rs` around lines 645 - 663, The
logout handler leaks the raw bearer token in the URL (raw_token) which can end
up in request/access logs; update the request logging middleware or this handler
so that any log entry for the logout route records the matched route or a
redacted path instead of the full request URI. Specifically, detect requests
handled by the logout function (or requests containing the raw_token) and
replace the path with a constant like "/-/logout/{redacted}" (or set a sanitized
route attribute on the request/context that your logger reads) before any access
logging occurs, ensuring state.inner.auth.tokens.lookup(raw_token) and
revoke_by_raw(raw_token) still receive the original raw_token while logs only
contain the redacted path.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@registry/crates/pnpm-registry/src/auth.rs`:
- Around line 339-355: The revoke_by_key implementation removes the token from
inner.tokens before doing the blocking SQLite delete, causing a divergence if
Connection::open() or delete_token() fails; change the flow to keep memory and
DB in sync by either (A) performing the persistent delete first inside the
tokio::task::spawn_blocking block (using self.persist.clone() and the key) and
only removing from inner.tokens after that succeeds, or (B) if you prefer
minimal change, keep the current removal but on any error from the
spawn_blocking call reacquire the TokenStore mutex and re-insert the removed
TokenRecord back into inner.tokens (use the previously captured record variable)
so the in-memory map is restored; reference revoke_by_key, inner.tokens,
persist, Connection::open, and delete_token when making the change.

In `@registry/crates/pnpm-registry/src/server.rs`:
- Around line 553-695: All responses from the auth endpoint group (serve_whoami,
serve_profile, list_tokens, revoke_token_by_key, logout and any branch-returning
helpers they call) must be marked non-cacheable and Vary by Authorization; add
Cache-Control: private, no-store and Vary: Authorization to every Response these
handlers emit, including 401/403/404/error branches. Implement this by adding a
small helper (e.g. add_no_cache_headers(resp: Response) -> Response) that
inserts header::CACHE_CONTROL = "private, no-store" and header::VARY =
"Authorization" and use it to wrap the Response returned from json_response(),
error_response() usages, not_found() branches and the success responses in
serve_whoami, serve_profile, list_tokens, revoke_token_by_key, and logout (or
alternatively change json_response to always set these headers for the auth
endpoints), ensuring no code path in those functions returns a Response without
those headers.

---

Outside diff comments:
In `@registry/crates/pnpm-registry/src/publish.rs`:
- Around line 184-188: The calculation in iso_from_unix_millis uses normal
division for the day count which truncates toward zero for negative millis and
yields wrong dates before epoch; replace the expression computing days
(currently using millis / 86_400_000) with millis.div_euclid(86_400_000) so the
day component uses Euclidean division while keeping ms_in_day =
millis.rem_euclid(86_400_000) as-is; update the tuple binding (days, ms_in_day)
accordingly in the iso_from_unix_millis function.

---

Nitpick comments:
In `@registry/crates/pnpm-registry/src/server.rs`:
- Around line 645-663: The logout handler leaks the raw bearer token in the URL
(raw_token) which can end up in request/access logs; update the request logging
middleware or this handler so that any log entry for the logout route records
the matched route or a redacted path instead of the full request URI.
Specifically, detect requests handled by the logout function (or requests
containing the raw_token) and replace the path with a constant like
"/-/logout/{redacted}" (or set a sanitized route attribute on the
request/context that your logger reads) before any access logging occurs,
ensuring state.inner.auth.tokens.lookup(raw_token) and revoke_by_raw(raw_token)
still receive the original raw_token while logs only contain the redacted path.

In `@registry/crates/pnpm-registry/tests/auth_user_endpoints.rs`:
- Around line 227-238: Remove the unused app parameter from the uses_token
function signature and its helper implementation (function uses_token), make it
take (raw_token: &str, candidate_key: &str) only, and update all call sites that
pass an app (e.g., the call near line ~203 referenced in the comment) to call
the new two-argument signature; keep the SHA256 hashing and comparison logic
unchanged.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro Plus

Run ID: ffcbafbf-d134-4a4c-b1e2-df1ea4e21472

📥 Commits

Reviewing files that changed from the base of the PR and between 0cefccf and c4cdc0e.

📒 Files selected for processing (4)
  • registry/crates/pnpm-registry/src/auth.rs
  • registry/crates/pnpm-registry/src/publish.rs
  • registry/crates/pnpm-registry/src/server.rs
  • registry/crates/pnpm-registry/tests/auth_user_endpoints.rs
📜 Review details
🧰 Additional context used
📓 Path-based instructions (1)
registry/crates/**/*.rs

📄 CodeRabbit inference engine (registry/AGENTS.md)

Follow the pacquet code-style guide (../pacquet/CODE_STYLE_GUIDE.md) for Rust-level conventions including imports, naming, ownership, error handling, and test layout

Files:

  • registry/crates/pnpm-registry/src/publish.rs
  • registry/crates/pnpm-registry/tests/auth_user_endpoints.rs
  • registry/crates/pnpm-registry/src/server.rs
  • registry/crates/pnpm-registry/src/auth.rs
🔇 Additional comments (10)
registry/crates/pnpm-registry/tests/auth_user_endpoints.rs (10)

1-37: LGTM!


39-77: LGTM!


79-92: LGTM!


94-123: LGTM!


125-150: LGTM!


152-185: LGTM!


187-220: LGTM!


240-282: LGTM!


284-337: LGTM!


339-366: LGTM!

Comment thread registry/crates/pnpm-registry/src/auth.rs
Comment thread registry/crates/pnpm-registry/src/server.rs
zkochan added a commit that referenced this pull request May 28, 2026
…eable

* `TokenStore::revoke_by_key` now writes the SQLite `DELETE` *before*
  mutating the in-memory map. If the disk write fails the caller sees
  a 5xx and the token stays valid in both views — the old ordering
  could revoke in memory but resurrect on restart.
* All five auth endpoints (whoami, profile, token list/revoke,
  logout) now emit `Cache-Control: private, no-store` and
  `Vary: Authorization` on every branch — success, 401, 403, 404
  alike — so a shared HTTP cache can't latch onto one caller's
  identity and replay it to another.

Both addresses CodeRabbit review findings on #12011.
zkochan added 3 commits May 28, 2026 02:30
Wires the five remaining auth surfaces from #11973 onto pnpr's
verdaccio-compatible HTTP layer:

* GET /-/whoami — `{username}` for the bearer caller, 401 anonymous.
* GET /-/npm/v1/user — profile shape that `npm profile get` parses.
* GET /-/npm/v1/tokens — `{objects, urls}` listing only the caller's
  tokens; `key` is the SHA-256 hex digest, `token` is the 6-char
  preview that surfaces when the raw value isn't recoverable.
* DELETE /-/npm/v1/tokens/token/:key — `npm token revoke`. Ownership
  -gated: 401 anonymous, 403 cross-user, 404 unknown key.
* DELETE /-/user/token/:tok — `npm logout`. Looks up by raw token,
  revokes by hash; same gating as the listing-side revoke.

TokenStore gains `find_by_key`, `list_for_user`, `revoke_by_key`, and
`revoke_by_raw`; revocations write through to the SQLite store so a
restart can't resurrect a logged-out token.
…eable

* `TokenStore::revoke_by_key` now writes the SQLite `DELETE` *before*
  mutating the in-memory map. If the disk write fails the caller sees
  a 5xx and the token stays valid in both views — the old ordering
  could revoke in memory but resurrect on restart.
* All five auth endpoints (whoami, profile, token list/revoke,
  logout) now emit `Cache-Control: private, no-store` and
  `Vary: Authorization` on every branch — success, 401, 403, 404
  alike — so a shared HTTP cache can't latch onto one caller's
  identity and replay it to another.

Both addresses CodeRabbit review findings on #12011.
Rename single-letter closure params (`|v|` → `|value|`) and add
trailing commas to the multi-line `assert_eq!` invocations so the
nightly Dylint job stops failing.
@codecov-commenter

Copy link
Copy Markdown

Codecov Report

❌ Patch coverage is 95.80838% with 7 lines in your changes missing coverage. Please review.
✅ Project coverage is 88.26%. Comparing base (2a0032e) to head (b5dfeb4).

Files with missing lines Patch % Lines
registry/crates/pnpm-registry/src/server.rs 95.08% 6 Missing ⚠️
registry/crates/pnpm-registry/src/auth.rs 97.61% 1 Missing ⚠️
Additional details and impacted files
@@            Coverage Diff             @@
##             main   #12011      +/-   ##
==========================================
+ Coverage   88.21%   88.26%   +0.05%     
==========================================
  Files         228      228              
  Lines       28777    28941     +164     
==========================================
+ Hits        25385    25545     +160     
- Misses       3392     3396       +4     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants