* Redact userinfo (username:password) in a URL to avoid logging credentials. * * Marketplace URLs may embed credentials (e.g. GitHub PATs in * `https://user:token@github.com/org/repo`). Debug logs and progress output * are written to disk and may be included in bug reports, so credentials must
(urlString: string)
| 1211 | * pass through unchanged. |
| 1212 | */ |
| 1213 | function redactUrlCredentials(urlString: string): string { |
| 1214 | try { |
| 1215 | const parsed = new URL(urlString) |
| 1216 | const isHttp = parsed.protocol === 'http:' || parsed.protocol === 'https:' |
| 1217 | if (isHttp && (parsed.username || parsed.password)) { |
| 1218 | if (parsed.username) parsed.username = '***' |
| 1219 | if (parsed.password) parsed.password = '***' |
| 1220 | return parsed.toString() |
| 1221 | } |
| 1222 | } catch { |
| 1223 | // Not a valid URL — safe as-is |
| 1224 | } |
| 1225 | return urlString |
| 1226 | } |
| 1227 | |
| 1228 | /** |
| 1229 | * Cache a marketplace from a URL |
no test coverage detected