Skip to content

Comments

fix: prevent path duplication in attestation URL for registries with …#452

Open
ajayk wants to merge 1 commit intonpm:mainfrom
ajayk:curtom-registry-attestaion-path
Open

fix: prevent path duplication in attestation URL for registries with …#452
ajayk wants to merge 1 commit intonpm:mainfrom
ajayk:curtom-registry-attestaion-path

Conversation

@ajayk
Copy link

@ajayk ajayk commented Feb 23, 2026

fix: prevent path duplication in attestation URL for registries with path components

When a custom registry URL includes a path (e.g. https://example.com/javascript),
the attestation URL was incorrectly constructed by concatenating the full registry
URL with the full pathname from the attestation URL, causing the path to be
duplicated (e.g. /javascript/javascript/-/npm/v1/attestations/...).

Use the URL constructor to correctly resolve the pathname against the registry
origin, matching the existing pattern in lib/remote.js.

References

Fixes #450

@ajayk
fix: prevent path duplication in attestation URL for registries with …
cac2033 
…path components

  When a custom registry URL includes a path (e.g. https://example.com/javascript),
  the attestation URL was incorrectly constructed by concatenating the full registry
  URL with the full pathname from the attestation URL, causing the path to be
  duplicated (e.g. /javascript/javascript/-/npm/v1/attestations/...).

  Use the URL constructor to correctly resolve the pathname against the registry
  origin, matching the existing pattern in lib/remote.js.
@ajayk ajayk requested a review from a team as a code owner February 23, 2026 17:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Custom registry with path component causes path duplication in attestation URL

1 participant

@ajayk