From b4f3bb993e400420b9343a81706405ffdf4a6c31 Mon Sep 17 00:00:00 2001
From: Paul Soporan <paul.soporan@gmail.com>
Date: Wed, 20 Jul 2022 01:37:29 +0300
Subject: [PATCH] fix(audit)!: remove fallback to publish registries

---
 .yarn/versions/9bb15e03.yml                   | 24 +++++++++++++++++++
 CHANGELOG.md                                  |  3 +++
 .../sources/commands/npm/audit.ts             |  4 +---
 packages/plugin-npm/sources/npmConfigUtils.ts |  9 ++-----
 4 files changed, 30 insertions(+), 10 deletions(-)
 create mode 100644 .yarn/versions/9bb15e03.yml

diff --git a/.yarn/versions/9bb15e03.yml b/.yarn/versions/9bb15e03.yml
new file mode 100644
index 000000000000..210dd24e897f
--- /dev/null
+++ b/.yarn/versions/9bb15e03.yml
@@ -0,0 +1,24 @@
+releases:
+  "@yarnpkg/cli": major
+  "@yarnpkg/plugin-npm": major
+  "@yarnpkg/plugin-npm-cli": major
+
+declined:
+  - "@yarnpkg/plugin-compat"
+  - "@yarnpkg/plugin-constraints"
+  - "@yarnpkg/plugin-dlx"
+  - "@yarnpkg/plugin-essentials"
+  - "@yarnpkg/plugin-init"
+  - "@yarnpkg/plugin-interactive-tools"
+  - "@yarnpkg/plugin-nm"
+  - "@yarnpkg/plugin-pack"
+  - "@yarnpkg/plugin-patch"
+  - "@yarnpkg/plugin-pnp"
+  - "@yarnpkg/plugin-pnpm"
+  - "@yarnpkg/plugin-stage"
+  - "@yarnpkg/plugin-typescript"
+  - "@yarnpkg/plugin-version"
+  - "@yarnpkg/plugin-workspace-tools"
+  - "@yarnpkg/builder"
+  - "@yarnpkg/core"
+  - "@yarnpkg/doctor"
diff --git a/CHANGELOG.md b/CHANGELOG.md
index d66e9ae0be31..5342d15ef535 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -19,6 +19,7 @@ Yarn now accepts sponsorships! Please give a look at our [OpenCollective](https:
 - The network settings configuration option has been renamed from `caFilePath` to `httpsCaFilePath`.
 - Set `nmMode` to `hardlinks-local` by default.
 - `yarn workspaces foreach` now automatically enables the `-v,--verbose` flag in interactive terminal environments.
+- `yarn npm audit` no longer takes into account publish registries. Use [`npmAuditRegistry`](https://yarnpkg.com/configuration/yarnrc#npmAuditRegistry) instead.
 
 ### **API Changes**
 
@@ -38,6 +39,8 @@ The following changes only affect people writing Yarn plugins:
 
 - `renderForm`'s `options` argument is now required to enforce that custom streams are always specified.
 
+- `npmConfigUtils.getAuditRegistry` no longer takes a `Manifest` as its first argument.
+
 ### Installs
 
 - The `pnpm` linker avoids creating symlinks that lead to loops on the file system, by moving them higher up in the directory structure.
diff --git a/packages/plugin-npm-cli/sources/commands/npm/audit.ts b/packages/plugin-npm-cli/sources/commands/npm/audit.ts
index 0d20f0b70a00..bd8bb3990f24 100644
--- a/packages/plugin-npm-cli/sources/commands/npm/audit.ts
+++ b/packages/plugin-npm-cli/sources/commands/npm/audit.ts
@@ -142,9 +142,7 @@ export default class AuditCommand extends BaseCommand {
       dependencies,
     };
 
-    const registry = npmConfigUtils.getAuditRegistry(workspace.manifest, {
-      configuration,
-    });
+    const registry = npmConfigUtils.getAuditRegistry({configuration});
 
     let result!: npmAuditTypes.AuditResponse;
     const httpReport = await LightReport.start({
diff --git a/packages/plugin-npm/sources/npmConfigUtils.ts b/packages/plugin-npm/sources/npmConfigUtils.ts
index 5378db6fe4b0..4bef6a787684 100644
--- a/packages/plugin-npm/sources/npmConfigUtils.ts
+++ b/packages/plugin-npm/sources/npmConfigUtils.ts
@@ -15,13 +15,8 @@ export function normalizeRegistry(registry: string) {
   return registry.replace(/\/$/, ``);
 }
 
-// TODO: Remove the fallback on publishConfig
-export function getAuditRegistry(manifest: Manifest, {configuration}: {configuration: Configuration}) {
-  const defaultRegistry = configuration.get(RegistryType.AUDIT_REGISTRY);
-  if (defaultRegistry !== null)
-    return normalizeRegistry(defaultRegistry);
-
-  return getPublishRegistry(manifest, {configuration});
+export function getAuditRegistry({configuration}: {configuration: Configuration}) {
+  return getDefaultRegistry({configuration, type: RegistryType.AUDIT_REGISTRY});
 }
 
 export function getPublishRegistry(manifest: Manifest, {configuration}: {configuration: Configuration}) {