-
-
Notifications
You must be signed in to change notification settings - Fork 941
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cannot authenticate to Github repo during the installation process #2933
Comments
I will triage this one. |
But this seems like the correct behavior. When you set the registry setting, it sets the registry for ALL packages. Maybe npm is falling back to the default registry if the one specified in the registry setting is failing? |
I agree with you that setting the registry for ALL the packages should lead to this behaviour (which is correct). Although, as you said, npm falls back to the default registry which is not correct IMHO because it could lead to security issue. I am happy to close the issue but I think it's worth having a small paragraph inside the documentation where this behaviour is explained. Yarn behaves in the same way. |
Maybe we could also add more information to the error message. |
Yes, that would help too I think! Maybe a suggestion to add the package scope in the |
Are the GitHub registry docs suggesting to use the registry setting? |
That is bad. An edit should be suggested |
@ematipico could you try with the |
@juanpicado I have tried with npm 6 (can't recall which version). I will try with npm 7 once I get the chance and let you know how it behaves. |
Tested this out, it looks like Notice the 200 when fetching lodash from
Resulting json when making an authenticated request to {
"_id": "lodash",
"_rev": "2544-0b122902f747bccd1e1b616357c0f55b",
"name": "lodash",
"description": "Lodash modular utilities.",
"dist-tags": {
"latest": "4.17.20"
},
"versions": {
// ... snip
"4.17.20": {
// ... snip
"dist": {
"integrity": "sha512-PlhdFcillOINfeV7Ni6oF1TAEayyZBoZ8bcshTHqOYJYlrqzRK5hagpagky5o4HfCzzd1TRkXPMFq6cKk9rGmA==",
"shasum": "b44a9b6297bcb698f1c51a3545a2b3b368d59c52",
"tarball": "https://registry.npmjs.org/lodash/-/lodash-4.17.20.tgz",
"fileCount": 1049,
"unpackedSize": 1406354,
"npm-signature": "-----BEGIN PGP SIGNATURE-----\r\nVersion: OpenPGP.js v3.0.4\r\nComment: https://openpgpjs.org\r\n\r\nwsFcBAEBCAAQBQJfNXAiCRA9TVsSAnZWagAAtmYP/2G2ijVcDDyRacsKXn8Q\niX5zNGG+Od+xSuOXrMRG32hjB1giuXR2t8mlsJLQpFyQVgAexcr22J0oq0Kb\nUouNSYrjm6qfK/u5ZUg8lR/Q3L+QiaxsfNnS7FWCO4xqUB0FlI5rKtnq4zhH\nWpPscWw1S/0vV1tz9OvibtfiMDWw5m9AYHk7ckISHmiEMBWURWyDjStxVjmn\nIupfRuCjJdNoxdFyRMaXktbFaCqdMoaT00x5ImxTbIR2ZQdTQT7fA8l3FvvZ\nX/avXT8sqsY0gMCJqZGZITWI/6jIvoMLeE8IqPvAweX+rjHpTFbj9u+SjhNI\noLRY2Ya3bCCUM/T7ZeShMDOeNCyqaU4p3s5VWBQ7PG8FRUjtRdJXpmBf44B4\n6ew+lh2qK+P7FcIcJ4NDpo0/pek4keOpKmUyOYEsrXbnFKdXyzMxAztydu2U\nYR20ePPVsAh2dxwnTVW+jxoutB09gmM3YhgtuOEf16dSEsu47Tntd039li0A\nOSwvLK2jEiyyaeGh7nZSaNPr2Sgj5uq1DrOjR/eKOhY0nFUzdcDAjm8ocVSe\nncavD4t+VFnABdnog5Ub11luRNoOTBvIX+c/9DshlfRzGKIu6pq8SirU6P2j\n3y40bR5yzjhxVM/E2RsqAsPgSPl/1BLyO4+4MKIxhVTh259tWf3YxbWbuXo8\n5EAn\r\n=w2Gq\r\n-----END PGP SIGNATURE-----\r\n"
},
// ... snip
}
}
// ... snip
} Difference seems that pnpm isn't sending auth to the registry. |
Suspected reason for not sending auth: the resulting "nerf dart" made by pnpm is different than npm's because of a trailing slash.
function toNerfDart (uri) {
var parsed = url.parse(uri)
delete parsed.protocol
delete parsed.auth
delete parsed.query
delete parsed.search
delete parsed.hash
return url.resolve(url.format(parsed), '.')
}
The passed url is Notice no trailing slash. It matters when getting passed to url.resolve('https://npm.pkg.github.com/statianzo/', '.')
// 'https://npm.pkg.github.com/statianzo/'
url.resolve('https://npm.pkg.github.com/statianzo', '.')
// 'https://npm.pkg.github.com/' The above is with this
|
@statianzo |
Any progress on this please? Haven't been able to use
Any advice would be highly appreciated. |
I have the identical issue, this does seem like a long time.
then...
|
Getting a similar issue as above, pnpm won't install private package from GitHub repo despite fiddling with configs and .npmrc files |
Any news? Edit:
and now I have
And this seems to work on my side. |
I am not sure why you all try to include the owner in the registry URL. The docs suggest to use:
Though this seems to work with npm, so I guess it should works with pnpm as well. |
@zkochan conflicting sources most likely. I can confirm your solution does not work when using pnpm on Amplify. It tries to install all packages from one repository and ignores any private ones that are in use. |
I found that duplicating I got into to the situation like this:
I was using pnpm version 7.9.3 and 7.27.1 to test this. |
Just complementing what @tlehtimaki said, on my team, we had problems with per project The solution was by also adding the |
thanks @raulfdm it fixed it |
This didn't fix for me with an artifactory registry |
@zkochan FYI I had this config in my global //registry.npmjs.org:_authToken = ${NPM_TOKEN}
//npm.pkg.github.com:_authToken = ${GITHUB_TOKEN}
@${GITHUB_USER}:registry = https://npm.pkg.github.com which works with //registry.npmjs.org:_authToken = ${NPM_TOKEN}
//npm.pkg.github.com/:_authToken = ${GITHUB_TOKEN}
@danielbayley:registry = https://npm.pkg.github.com But I think So, 2 issues it seems:
|
Thanks, I had same problem with the port. |
Good news for CodeArtifact users, from AWS' side this problem has been solved. Quoting a CodeArtifact operation notification all customers who use it got:
|
I want to add one extra scenario I encountered that does not make any sense to me - the URL is case-sensitive... Config: registry=http://xxx:8080/tfs/www_bu_mmm/_packaging/npmProductionFeed/npm/registry/
always-auth=true
shamefully-hoist=true
strict-ssl=false
; begin auth token
//xxx:8080/tfs/www_bu_mmm/_packaging/npmProductionFeed/npm/registry/:username=${WWW_NPM_USER}
//xxx:8080/tfs/www_bu_mmm/_packaging/npmProductionFeed/npm/registry/:_password=${WWW_NPM_TOKEN}
//xxx:8080/tfs/www_bu_mmm/_packaging/npmProductionFeed/npm/registry/:email=npm requires email to be set but doesn't use the value
//xxx:8080/tfs/www_bu_mmm/_packaging/npmProductionFeed/npm/:username=${WWW_NPM_USER}
//xxx:8080/tfs/www_bu_mmm/_packaging/npmProductionFeed/npm/:_password=${WWW_NPM_TOKEN}
//xxx:8080/tfs/www_bu_mmm/_packaging/npmProductionFeed/npm/:email=npm requires email to be set but doesn't use the value
; end auth token Issue: Packages: +851
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
ERR_PNPM_FETCH_401 GET http://xxx:8080/tfs/Www_BU_Mmm/_packaging/npmProductionFeed/npm/registry/@babel/core/-/core-7.20.12.tgz: Unauthorized - 401
No authorization header was set for the request.
These authorization settings were found: |
Got this error within renovate bot job.
Thanks for everyone's input. |
For everyone running into this issue in Azure Devops we solved it by including the following command in our pipeline, hopefully this is useful for someone 😊 - task: npmAuthenticate@0
inputs:
workingFile: $(WorkingDirectory)/.npmrc |
In the case Gitlab Group Registry. This work well for me: @scope:registry=https://gitlab.com/api/v4/groups/${GROUP_ID}/-/packages/npm/
//gitlab.com/api/v4/projects/${PROJECT_ID1}/:_authToken=${GROUP_TOKEN}
//gitlab.com/api/v4/projects/${PROJECT_ID2}/:_authToken=${GROUP_TOKEN} |
We got private package resolving issues too and the last valid version is Some context: we use a Gitlab instance on premise and our .npmrc look like:
We try to install a library hosted on this gitlab registry: This configuration works with
I did some tests:
Final: My understanding is to resolve the package there is a first match on Just a guess without diving too much how things are working, if someone has more context about this 🙏 |
@manawasp massive thanks for this, this has solved my issue of getting recent versions of pnpm to work with a private gitlab.com repository The main line which got it working was appending |
So, how does one install (not even trying publishing) in github actions now? I'm on pnpm@8.7.0, and trying to use https://gist.github.com/belgattitude/838b2eba30c324f1f0033a797bab2e31, with added - name: Install dependencies
shell: bash
working-directory: ${{ inputs.cwd }}
run: pnpm install --frozen-lockfile --prefer-offline
env:
NPM_TOKEN: ${{ github.token }}
NPM_AUTH_TOKEN: ${{ github.token }}
NODE_AUTH_TOKEN: ${{ github.token }}
npm_config__authtoken: ${{ github.token }}
npm_config_//npm.pkg.github.com:_authtoken: ${{ github.token }} .npmrc:
I get:
I cannot add I cannot downgrade pnpm to what do I do? |
You saved me. I spent 3 hours to find this answer and it really works. |
It sounds like this is a known issue and is described at length here: |
Try adding the one with the project id in your config, e.g.
For me adding all these urls for each package solved all these issues. Sure, I have 20+ urls in my I think i saw that my ticket at Gitlab recently got updated/resolved so might want to try in last months/this month Gitlab release or on gitlab.com. https://gitlab.com/gitlab-org/gitlab/-/issues/334897 |
Would be interesting to hear more widely if the npm related issue has helped people with this issue too. |
Have anyone had similar issues trying to access a Azure DevOps artifact feed? I am getting issues similar to this:
where my local |
thanks @danielbayley with pnpm adding a slash worked before
after
|
A PR has been submitted that should hopefully fix this: #7337 |
I just had to configure pnpm as well (with github workflow:
.npmrc:
|
Same issue. |
I was using this in a docker container, and was getting 401 errors even with the token set correctly. The package in question was hosted in a private github organization. I had to add the following to my
|
Hey guys! None of the above solutions we tried worked for us for Private GitHub Packages and GitHub Actions. - uses: pnpm/action-setup@v3
name: Install pnpm
with:
version: 8
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: "lts/*"
cache: "pnpm"
scope: "@ourscope"
registry-url: "https://npm.pkg.github.com"
- name: Configure pnpm Auth for private registry
run: pnpm config set //npm.pkg.github.com/:_authToken=${{ secrets.SOME_PAT }}
- name: Install dependencies
run: pnpm install Whereas We didn't need to add anything related to auth or registries in |
When trying to install my packages using a private registry,
pnpm
goes in error.I think I know what's going on.
Doing the same via
npm
works fine because it installs the dependencies that are not in scope from the npm registry and installs the scoped dependencies (the private ones) from the github registry. I could verifying it by checking itspackage-lock.json
On the other hand,
pnpm
tries to install ALL the dependencies from one single registry, which is github.pnpm version: 5.9.3
Code to reproduce the issue:
Code inside
.npmrc
I can't give the information of the log because it contains sensitive information.
Expected behavior:
It should install all the packages.
Actual behavior:
Additional information:
Changing
.npmrc
to the following works fineThe text was updated successfully, but these errors were encountered: