Angular-cli: "ng update" doesn't support private repos such as FontAwesome 5 Pro

Okay, so I'm not the only one with the problem #10571
It also looks like CLI 6.0.0 doesn't support authentication included in global .npmrc

This should be fixed sooner than later

There is definitely a problem when using a private npm repository. I could only run ng update correctly once I removed my .npmrc file, and removed every private package from package.json. After running ng update @angular/cli' it finally correctly generated the angular.json file and I readded all the references I removed before.

Can you provide the list of option names used within .npmrc?

I have the same problem, my .npmrc looks like this:

@myprefix:registry=https://npm.ourdomain.local

Sure, this is what my .npmrc looks like:

registry=https://npm.showpad.io:8080
save-exact=true
//npm.showpad.io:8080/:_authToken=${NPM_TOKEN}

While looking at the growing list of bugs relating .npmrc #10704 #10571 #10660 I think this should be fixed asap

Hi @bjornharvold, @DaSchTour,

Could you verify this is still an issue with 6.0.1? There were a few fixes regarding the registry flag (we have 1 fix in queue for the strict-ssl flag). Thanks!

    _                      _                 ____ _     ___
    / \   _ __   __ _ _   _| | __ _ _ __     / ___| |   |_ _|
   / △ \ | '_ \ / _` | | | | |/ _` | '__|   | |   | |    | |
  / ___ \| | | | (_| | |_| | | (_| | |      | |___| |___ | |
 /_/   \_\_| |_|\__, |\__,_|_|\__,_|_|       \____|_____|___|
                |___/


Angular CLI: 6.0.1
Node: 9.2.1
OS: win32 x64
Angular: 6.0.0
... animations, common, compiler, compiler-cli, core, forms
... http, language-service, platform-browser
... platform-browser-dynamic, router

Package                           Version
-----------------------------------------------------------
@angular-devkit/architect         0.6.1
@angular-devkit/build-angular     0.6.1
@angular-devkit/build-optimizer   0.6.1
@angular-devkit/core              0.6.1
@angular-devkit/schematics        0.6.1
@angular/cdk                      6.0.1
@angular/cli                      6.0.1
@angular/material                 6.0.1
@ngtools/webpack                  6.0.1
@schematics/angular               0.6.1
@schematics/update                0.6.1
rxjs                              6.1.0
typescript                        2.7.2
webpack                           4.6.0

Yep still happens with 6.0.1. Targeting VSTS in my .npmrc registry=https://PRIVATE.pkgs.visualstudio.com/_packaging/PRIVATE/npm/registry/

Unexpected token T in JSON at position 0
TF400813: Resource not available for anonymous access. Client authentication required.

Angular CLI: 6.0.1
Node: 8.9.0
OS: darwin x64
Angular: 6.0.1
... animations, cli, common, compiler, compiler-cli, core, forms
... http, platform-browser, platform-browser-dynamic
... platform-server, router

Package                           Version
-----------------------------------------------------------
@angular-devkit/architect         0.6.1
@angular-devkit/build-angular     0.6.1
@angular-devkit/build-optimizer   0.6.1
@angular-devkit/core              0.6.1
@angular-devkit/schematics        0.6.1
@angular/cdk                      5.2.5
@angular/material                 5.2.5
@ngtools/json-schema              1.1.0
@ngtools/webpack                  6.0.1
@schematics/angular               0.6.1
@schematics/update                0.6.1
ng-packagr                        2.4.4
rxjs                              6.1.0
typescript                        2.7.2
webpack                           4.6.0

Still valid for me too using a scoped repository.

ng update @angular/cli
ng update @angular/core

Went smoothly but
ng update @angular/material broke with a 401 error.

Experiencing this issue with @angular/[email protected] and private Nexus repository

Content of .npmrc looks something like...

registry=
email=
always-auth=true
_auth=

Having the same issue using a JFrog Artifactory (universal artifact manager) as registry in .npmrc. This may be related: https://github.com/angular/devkit/issues/917

I'm also having this same problem with @angular/[email protected] and VSTS

Same problem here behind a private Nexus repo

Same here, happens with our own private repo ng update returns Not found: @org/package although npm install @org/package works fine and the package is already installed in node_modules.

Same problem with 6.0.7 just now.

@hansl any update on this? The issue still carries the "need: more info" label.

I'm also curious, is there anything we can do or provide to speed this issue up?

I think it is fixed by https://github.com/angular/devkit/pull/982 in https://github.com/angular/devkit/releases/tag/v6.1.0-beta.1 release. Can anybody verify?

I'd be happy to test it, but I'm not quite sure how to...I'm a little confused how devkit relates to CLI. What do I install to test this, is there an NPM package? Do I clone the repo and do an NPM link? If I install that package does the CLI use it, or does it supersede the CLI. Sorry, I'm a little ignorant, I'd love a little guidance.

Or do I just wait for an updated @angular/cli v6.1.0-beta.1 to be released?

@devoto13 I can't seem to find @angular/[email protected], it is not available in the npm registry: https://www.npmjs.com/package/@angular/cli

I was able to install @angular-devkit/[email protected] individually, but that still resulted in a 401 Unauthorized, but not sure if this is related.

@abbazabacto It is @schematics/[email protected] package, which contains the fix. It is a dependency of @angular/cli and the last version of which depends on @schematics/[email protected].

@ajpierson It looks like there is no easy way to try it out at the moment and the easiest way, as you suggest, is to wait until @angular/[email protected] is released. Sorry for the confusion.

Thanks, that's how it looked to me too as free I dug in some more glad to
hear I'm not crazy.

On Fri, Jun 1, 2018 at 1:54 AM Yaroslav Admin notifications@github.com
wrote:

@abbazabacto https://github.com/abbazabacto It is
@schematics/[email protected] package, which contains the fix. It is a
dependency of @angular/cli and the last version depends on
@schematics/[email protected].

@ajpierson https://github.com/ajpierson It looks like there is no easy
way to try it out at the moment and the easiest way, as you suggest, is to
wait until @angular/[email protected] is released. Sorry for the confusion.

—
You are receiving this because you were mentioned.

Reply to this email directly, view it on GitHub
https://github.com/angular/angular-cli/issues/10624#issuecomment-393797741,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AADcRWLfQ5m6zhLFo2ATQmhNa3C9KgCmks5t4PMZgaJpZM4TyC_f
.

We're using a private repository and get "error 401 unauthorized" (see #10704 which was closed as duplicate of this issue). The problem still exists with @angular/[email protected].

    "@angular/cli@^6.1.0-rc.0":  version "6.1.0-rc.0"

    resolved "https://registry.yarnpkg.com/@angular/cli/-/cli-6.1.0-rc.0.tgz#7ffb203ab429beca19003369647015aa707921b9"
    dependencies:
      "@angular-devkit/architect" "0.7.0-rc.0"
      "@angular-devkit/core" "0.7.0-rc.0"
      "@angular-devkit/schematics" "0.7.0-rc.0"
      "@schematics/angular" "0.7.0-rc.0"
      "@schematics/update" "0.7.0-rc.0"
      opn "^5.3.0"
      rxjs "^6.0.0"
      semver "^5.1.0"
      symbol-observable "^1.2.0"
      yargs-parser "^10.0.0"

Issue still exists inside @angular/[email protected]

I have the same issue with a private git+ssh dependency and trying this against the latest version on master:

Angular CLI: local (v6.1.0-beta.0, branch: master)
Node: 9.10.0
OS: darwin x64
Angular: 5.2.11
... animations, common, compiler, compiler-cli, core, forms
... http, language-service, platform-browser
... platform-browser-dynamic, router, service-worker

Package                           Version
-----------------------------------------------------------
@angular-devkit/architect         0.7.0-rc.0
@angular-devkit/build-angular     0.7.0-rc.0
@angular-devkit/build-optimizer   0.7.0-rc.0
@angular-devkit/build-webpack     0.7.0-rc.0
@angular-devkit/core              0.7.0-rc.0
@angular-devkit/schematics        0.7.0-rc.0
@angular/cdk                      5.2.5
@angular/cli                      1.7.0
@ngtools/webpack                  1.10.0
@schematics/angular               0.7.0-rc.0
@schematics/package-update        0.7.0-rc.0
@schematics/update                0.7.0-rc.0
rxjs                              5.5.11
typescript                        2.5.3
webpack                           4.9.2

Also having the not found issue using while using a git+https dependency running @angular/cli 6.0.8

Seems like a common bug, any timeline on the resolution of this?

Any chance the cli could just log not found errors as a warning instead of exiting on them?

Hi Guys,

The issue related with npm's get config command itself.

npm get <key> returns all other configs except _auth and _authToken. Even, npm config list doesn't return them as well.

On update script, it tries to run this command, and this command fails, then actual value became null, so your private registry authentication fails.

https://github.com/angular/angular-cli/blob/6449a753641340d8fc19a752e1a1ced75f974efa/packages/schematics/update/update/npm.ts#L47

So quick and dirty solution is set your auth token manually on ./node_modules/@schematics/update/update/npmjs line number somewhere after 103.

auth = { token: "<your_auth_token", alwaysAuth: true }

FYI: My .npmrc file
```
strict-ssl=false
registry=https://
_auth=""
always_auth=true
email=
````

I'll try to create PR for this if anyone created anything similar.

Cheers

@tengis that's some great debugging friend! I just tried this out, and it works beautifully ;)

Important notice for people trying out this fix too, you need to have at least version 6.1.0-rc0 of the @angular/cli package, before editing the npm.js file as suggested.

What PR do you suggest to create, one that fixes the issue in npm itself, or one that 'patches' it in CLI by fetching it somehow from .npmrc and adding it in manually?

Thinking about it, you probably won't be able to change this in npm itself as _auth and _authToken are secrets, and it is desired behaviour to never hand them out using npm get {KEY}, judging from following terminal output:

npm get _authToken                                                                                                                                                         
npm ERR! ---sekretz---

@Timebutt Or perhaps add --auth flag on ng update command?!

I really wonder why not using plain npm and make use of the build in authentication. Adding an --auth flag so I have to add authentication again for angular. Very bad idea. Parse .npmrc or just use npm.

We have the same issue now. Does anyone have a solution for this problem?

still seeing this behavior in @angular/[email protected]

even in official 6.1 it's still an issue

Well I don't think that this will be solved any time soon, just guessing by how it is labled.

The good news: I found a bug report that precisely describes the issue we're experiencing
The bad news: It's been open since May

😭

Our workaround was to remove our private package, then run...

ng update --registry=https://registry.npmjs.org/ @angular/cli

and then re-install the private package.

The worst? Or simply the worst? The worst.

my hack/solution:

go to node_modules\@schematics\update\update\npm.js and change line 35-ish (first line of the method)

function getNpmClientSslOptions(strictSsl, cafile) {
    const sslOptions = { strict: false }; // <---- RIGHT HERE.. normally, it's "{}"
    if (strictSsl === 'false') {
        sslOptions.strict = false;
    }
    else if (strictSsl === 'true') {
        sslOptions.strict = true;
    }
    if (cafile) {
        sslOptions.ca = fs_1.readFileSync(cafile);
    }
    return sslOptions;
}

Not sure why it's not getting the setting from the .npmrc file, but this let me get past the issue

@hansl & @filipesilva This thread still has the "need more info" and "low frequency" labels. Based on the thread's activity, I assume that both are not valid anymore and possibly give a false impression of the severity of this issue.

Why is this need more info and low frequency @hansl? It affects nearly every corporate developer because we all have private npm packages. Not to mention anyone who has spent the time to decouple their application into components.

I'm also seeing this issue on various 6.0.0+ versions. Tried some of the solutions above and none of them worked for me.

Any timeline on a fix?

Update:

Got it to work by removing the private registry from the .npmrc file and following the usual migration steps. But we shouldn't have to resort to this kind of a hack. Is someone going to change the attributes for this issue? Definitely shouldn't be labeled as low frequency

still the same issue with @schematics/[email protected] and @angular/[email protected]

Angular CLI: 6.1.2
Node: 8.11.3
OS: darwin x64
Angular: 6.0.7
... common, compiler, compiler-cli, core, forms, http
... platform-browser, platform-browser-dynamic

Package                           Version
-----------------------------------------------------------
@angular-devkit/architect         0.6.8
@angular-devkit/build-angular     0.6.8
@angular-devkit/build-optimizer   0.6.8
@angular-devkit/core              0.0.29
@angular-devkit/schematics        0.0.52
@angular/animations               6.0.9
@angular/cli                      6.1.2
@angular/router                   6.0.9
@ngtools/json-schema              1.1.0
@ngtools/webpack                  6.0.8
@schematics/angular               0.7.2
@schematics/update                0.7.2
rxjs                              6.2.1
typescript                        2.7.2
webpack                           4.8.3

ng update @angular/cli
401 Unauthorized

Workaround that works for me:

• temporary removing all private dependencies from package.json (no need to uninstall / reinstall them)
• and ensure there's no private default registry in .npmrc (usually I got the private mirror with public and private packages there)

Still failing with 6.1.3:

Angular CLI: 6.1.3
Node: 10.8.0
OS: linux x64
Angular: 6.1.2
... animations, common, compiler, compiler-cli, core, forms
... http, language-service, platform-browser
... platform-browser-dynamic, router

Package                           Version
-----------------------------------------------------------
@angular-devkit/architect         0.7.3
@angular-devkit/build-angular     0.7.3
@angular-devkit/build-optimizer   0.7.3
@angular-devkit/build-webpack     0.7.3
@angular-devkit/core              0.7.3
@angular-devkit/schematics        0.7.3
@angular/cli                      6.1.3
@ngtools/webpack                  6.1.3
@schematics/angular               0.7.3
@schematics/update                0.7.3
rxjs                              6.2.2
typescript                        2.9.2
webpack                           4.9.2

$ ng update
401 Unauthorized

Already page one of the most commented open issues. Hopefully we will get some attentation when this hits the 400 comments mark and reach the top of most commented issues. So come on people, we can do this.

Facing this error too:

Angular CLI: 6.1.3
Node: 8.11.3
OS: win32 x64
Angular: 6.1.2
... animations, common, compiler, core, forms, http
... language-service, platform-browser, platform-browser-dynamic
... router

Package                      Version
------------------------------------------------------
@angular-devkit/architect    0.7.3 (cli-only)
@angular-devkit/core         0.7.3 (cli-only)
@angular-devkit/schematics   0.7.3 (cli-only)
@angular/cdk                 6.4.3
@angular/cli                 <error>
@angular/compiler-cli        <error>
@angular/flex-layout         6.0.0-beta.17
@schematics/angular          0.7.3 (cli-only)
@schematics/update           0.7.3 (cli-only)
rxjs                         6.2.2
typescript                   2.9.2 (cli-only)

delete node_modules and run ng upgrade @angular/core

rm -rf node_modules
ng update @angular/core

it works for me

@aghou That does provide a usable workaround, but the time spent removing and re-installing is not good.

Still hoping for a fix.

I have the same problem with 6.1.3 and JFrog Artifactory. A fix would be most appreciated.

.npmrc is like:
registry=
email=
always-auth=true
_auth=

It's not just an issue with private repos, I get the same error with a public repo url that uses the "git+https://URL#HASH" pattern, e.g. :

https://github.com/danhooper/ngQuickDate.git#e313316be410887d7289f355fc55ad4f4fecec15

$ ng update
Not found : ngQuickDate

Confirmation that @angular/cli 6.0.0+ has broken authentication to private npm registries:

$ ng update <package_on_private_registry>
Unable to authenticate, need: Basic realm="Artifactory Realm"

I have tested edge version @angular/[email protected], and same issue. This is a serious bug that will prevent our organisation from upgrading to angular 6.

Please fix asap!

Same here. We have a private repo in VSTS and I cannot update @angular/core because of that bug. I vote for fixing it asap

Hi,

Globally set these values so it works in any project:

npm config set "@fortawesome:registry" https://npm.fontawesome.com/ && \
npm config set "//npm.fontawesome.com/:_authToken" XXXXXXX-XXXXXXXX-XXXXX

Its worked for me "ng update".

The above works for me too.

@blueiceprj solution might work for one off private repos, but not when your corp caches/replicates npm on jFrog Artifactory.

@ankemp Right! We are also blocked to perform the update to ^6.1.0

Having same issue

+1 this really needs a resolution. Due to this issue we have missed our window to upgrade and have to wait till next release cycle in several months time 👎

Same here with @angular/cli 6.2.1

registry=https://ourNexus/repository/npm/
//ourNexus/repository/npm/:_authToken=000000_DUMMY_00000000

Really angular team...still no fix for this?! Stop developing any new stuff and fix this issue.
I have same issue, except I don't use private packages, nexus is used as a proxy for ALL npm repositories. So removing .npmrc doesn't solve anything (npm requests must go through the nexus proxy or they don't leave the network), and there is no "private dependencies" to remove, because they are all legit packages ...like angular stuff...

Looks like I found a solution, at least for Nexus repository. I already filed this as a pull request, however it would be really good to have some feedback from you guys. Especially would be cool to have some Artifactory users' feedback.

How to try it right now: replace the your_project/node_modules/@schematics/update/update/npm.js with the following content

"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
const child_process_1 = require("child_process");
const fs_1 = require("fs");
const rxjs_1 = require("rxjs");
const operators_1 = require("rxjs/operators");
const url = require("url");
const RegistryClient = require('npm-registry-client');
const npmPackageJsonCache = new Map();
const npmConfigOptionCache = new Map();
function _readNpmRc() {
    return new rxjs_1.Observable(subject => {
        // TODO: have a way to read options without using fs directly.
        const path = require('path');
        const fs = require('fs');
        const perProjectNpmrc = path.resolve('.npmrc');
        let npmrc = '';
        if (fs.existsSync(perProjectNpmrc)) {
            npmrc = fs.readFileSync(perProjectNpmrc).toString('utf-8');
        }
        else {
            if (process.platform === 'win32') {
                if (process.env.LOCALAPPDATA) {
                    npmrc = fs.readFileSync(path.join(process.env.LOCALAPPDATA, '.npmrc')).toString('utf-8');
                }
            }
            else {
                if (process.env.HOME) {
                    npmrc = fs.readFileSync(path.join(process.env.HOME, '.npmrc')).toString('utf-8');
                }
            }
        }
        const allOptionsArr = npmrc.split(/\r?\n/).map(x => x.trim());
        const allOptions = {};
        allOptionsArr.forEach(x => {
            const delimiter = '=';
            const split = x.split(delimiter);
            const key = split[0].trim();
            allOptions[key] = split.slice(1).join('=').trim();
        });
        subject.next(allOptions);
        subject.complete();
    }).pipe(operators_1.catchError(() => rxjs_1.of({})), operators_1.shareReplay());
}
function getOptionFromNpmRc(option) {
    return _readNpmRc().pipe(operators_1.map(options => options[option]));
}
function getOptionFromNpmCli(option) {
    return new rxjs_1.Observable(subject => {
        child_process_1.exec(`npm get ${option}`, (error, data) => {
            if (error) {
                throw error;
            }
            else {
                data = data.trim();
                if (!data || data === 'undefined' || data === 'null') {
                    subject.next();
                }
                else {
                    subject.next(data);
                }
            }
            subject.complete();
        });
    }).pipe(operators_1.catchError(() => rxjs_1.of(undefined)), operators_1.shareReplay());
}
function getNpmConfigOption(option, scope, tryWithoutScope) {
    if (scope && tryWithoutScope) {
        return rxjs_1.concat(getNpmConfigOption(option, scope), getNpmConfigOption(option)).pipe(operators_1.filter(result => !!result), operators_1.defaultIfEmpty(), operators_1.first());
    }
    const fullOption = `${scope ? scope + ':' : ''}${option}`;
    let value = npmConfigOptionCache.get(fullOption);
    if (value) {
        return value;
    }
    value = option.startsWith('_')
        ? getOptionFromNpmRc(fullOption)
        : getOptionFromNpmCli(fullOption);
    npmConfigOptionCache.set(fullOption, value);
    return value;
}
function getNpmClientSslOptions(strictSsl, cafile) {
    const sslOptions = {};
    if (strictSsl === 'false') {
        sslOptions.strict = false;
    }
    else if (strictSsl === 'true') {
        sslOptions.strict = true;
    }
    if (cafile) {
        sslOptions.ca = fs_1.readFileSync(cafile);
    }
    return sslOptions;
}
/**
 * Get the NPM repository's package.json for a package. This is p
 * @param {string} packageName The package name to fetch.
 * @param {string} registryUrl The NPM Registry URL to use.
 * @param {LoggerApi} logger A logger instance to log debug information.
 * @returns An observable that will put the pacakge.json content.
 * @private
 */
function getNpmPackageJson(packageName, registryUrl, logger) {
    const scope = packageName.startsWith('@') ? packageName.split('/')[0] : undefined;
    return (registryUrl ? rxjs_1.of(registryUrl) : getNpmConfigOption('registry', scope, true)).pipe(operators_1.map(partialUrl => {
        if (!partialUrl) {
            partialUrl = 'https://registry.npmjs.org/';
        }
        const partial = url.parse(partialUrl);
        let fullUrl = new url.URL(`http://${partial.host}/${packageName.replace(/\//g, '%2F')}`);
        try {
            const registry = new url.URL(partialUrl);
            registry.pathname = (registry.pathname || '')
                .replace(/\/?$/, '/' + packageName.replace(/\//g, '%2F'));
            fullUrl = new url.URL(url.format(registry));
        }
        catch (_a) { }
        logger.debug(`Getting package.json from '${packageName}' (url: ${JSON.stringify(fullUrl)})...`);
        return fullUrl;
    }), operators_1.concatMap(fullUrl => {
        let maybeRequest = npmPackageJsonCache.get(fullUrl.toString());
        if (maybeRequest) {
            return maybeRequest;
        }
        const registryKey = `//${fullUrl.host}/`;
        return rxjs_1.concat(getNpmConfigOption('proxy'), getNpmConfigOption('https-proxy'), getNpmConfigOption('strict-ssl'), getNpmConfigOption('cafile'), getNpmConfigOption('_auth'), getNpmConfigOption('_authToken', registryKey), getNpmConfigOption('username', registryKey, true), getNpmConfigOption('password', registryKey, true), getNpmConfigOption('email', registryKey, true), getNpmConfigOption('always-auth', registryKey, true)).pipe(operators_1.toArray(), operators_1.concatMap(options => {
            const [http, https, strictSsl, cafile, token, authToken, username, password, email, alwaysAuth,] = options;
            const subject = new rxjs_1.ReplaySubject(1);
            const sslOptions = getNpmClientSslOptions(strictSsl, cafile);
            const auth = {};
            if (alwaysAuth !== undefined) {
                auth.alwaysAuth = alwaysAuth === 'false' ? false : !!alwaysAuth;
            }
            if (email) {
                auth.email = email;
            }
            if (authToken) {
                auth.token = authToken;
            }
            else if (token) {
                try {
                    // attempt to parse "username:password" from base64 token
                    // to enable Artifactory / Nexus-like repositories support
                    const delimiter = ':';
                    const parsedToken = Buffer.from(token, 'base64').toString('ascii');
                    const [extractedUsername, ...passwordArr] = parsedToken.split(delimiter);
                    const extractedPassword = passwordArr.join(delimiter);
                    if (extractedUsername && extractedPassword) {
                        auth.username = extractedUsername;
                        auth.password = extractedPassword;
                    }
                    else {
                        throw new Error('Unable to extract username and password from _auth token');
                    }
                }
                catch (ex) {
                    auth.token = token;
                }
            }
            else if (username) {
                auth.username = username;
                auth.password = password;
            }
            const client = new RegistryClient({
                proxy: { http, https },
                ssl: sslOptions,
            });
            client.log.level = 'silent';
            const params = {
                timeout: 30000,
                auth,
            };
            client.get(fullUrl.toString(), params, (error, data) => {
                if (error) {
                    subject.error(error);
                }
                subject.next(data);
                subject.complete();
            });
            maybeRequest = subject.asObservable();
            npmPackageJsonCache.set(fullUrl.toString(), maybeRequest);
            return maybeRequest;
        }));
    }));
}
exports.getNpmPackageJson = getNpmPackageJson;

After that the ng update should start working.

Be careful: after you ng update @angular/cli the file will be overwritten, so don't forget to replace the content again. Otherwise you will see the lovely 401 :)

Still having issue with @angular/cli 6.2.2

@dkabul the fix is not merged yet

@smnbbrv

Tested your npm.js with Artifactory, and it gets past the initial error, which was:

> ng update <package in artifactory>
Unable to authenticate, need: Basic realm="Artifactory Realm"

But now presents a new error:

> ng update <package in artifactory>
This request requires auth credentials. Run `npm login` and repeat the request.

The contents of my .npmrc are:

registry = <url to artifactory>/api/npm/<repo>
_auth = xxxx
always-auth = true
email = xxxx

npm install resolves the same package from Artifactory without issue using the same .npmrc.

Thanks

$ ng update --registry <url-to-private-registry>

Doesn#t that work?

$ ng update --registry <url-to-private-registry>

Doesn#t that work?

Not when private registry requires credentials.

@mrmaxsteel could you please check the following:

1. where is located your npmrc? Project-level or home directory?
2. does your password contain symbol ':'? If yes, try the updated script at https://github.com/angular/angular-cli/issues/10624#issuecomment-421564909
3. could you remove the spaces around '=' (it looks like current script does not work with spaces yet)? So it should look like this:

registry=<url to artifactory>/api/npm/<repo>
_auth=xxxx
always-auth=true
email=xxxx

Thanks for collaborating! 👍

@smnbbrv yes! It works without whitespace between _auth = token as mentioned here: https://github.com/angular/angular-cli/pull/12284#issuecomment-422011350

It would be great if you could ensure support for whitespaces before your PR is merged, as officially the .npmrc should support whitespaces (https://docs.npmjs.com/files/npmrc)

done and updated the script at https://github.com/angular/angular-cli/issues/10624#issuecomment-421564909

Tested updated script from comment above, works 👍Nice one @smnbbrv!

@hansl any idea when this will be released?

I'm experiencing the same with Angular CLI 6.2.2 and private bitbucket repo like git+ssh://[email protected]:<org>/<package>.

@arm1n did you try https://github.com/angular/angular-cli/issues/10624#issuecomment-421564909 ?

@smnbbrv No I didn't - I'm expecting that it work without patching code from node_modules ;) But I will do it so that you know if it's working for that case too - is your patch supposed to land in one of the next versions?

@arm1n I am outside of Angular release cycle scope, but if it works with your case too then it is more likely to be pushed further. If it does not, could you post your npmrc (of course with masked credentials)

Wanted to upgrade from '@angular/[email protected]' with ng update @angular/cli.
Just recently added the FontAwesome PRO reference.

The .npmrc ...

@XXXXXXXX:registry=https://artifactory.XXXXXXXXX:443/artifactory/api/npm/npm-virtual/

@fortawesome:registry=https://npm.fontawesome.com/
//npm.fontawesome.com/:_authToken=XXXXXXXXXXXXXXXXXXXXXXXXXXXXX

PUPPETEER_SKIP_CHROMIUM_DOWNLOAD=true

depth=0
loglevel=warn
package-lock=false
progress=false

I cannot have ng serve running without choking on file changes.
I have to update to a specific version to get the fix. And I cannot "update" using a simple command. Because I happened to use font-awesome. So I cannot develop, I cannot upgrade. Do you guys see the problem ?

I was really hoping this was resolved before v7.0 dropped. Now I am once again butting against this issue.

The fix by @smnbbrv did not work for me, I still got 401 Unauthorized when running ng update @angular/cli @angular/core.

My .npmrc is really simple:

@fortawesome:registry=https://npm.fontawesome.com/
//npm.fontawesome.com/:_authToken=SOME_TOKEN_HERE

I had to remove the .npmrc file and all private packages in package.json to run ng update. 😦

@SV-efi You can probably just change the @angular/... packages to a newer 6.X.X version and run npm install to fix your issue.

+1, can't we just read the .npmrc on install or have an alternative flag that skips the npm check and simply updates angular?

@lonaru

Angular cli STILL does not work with Font-Awesome pro npm authentication
As for @lonaru the @smnbbrv fix does not work and error 401 Unauthorized is thrown wen updating Cli to version 7
I have no .npmrc locally, only a global one.

I spent a lot of time updating to 6.1 because of FontAwsome authentication and using Font-Awesome is again a problem. Can this be dealt with once and for all ?

Hi @Ionaru @evanjmg @PMoransais

could you try to add to your .npmrc the following line?

always-auth=true

or / and

//npm.fontawesome.com/:always-auth=true

Does this help?

Works for me ! Thanks @smnbbrv !

Super! If this works for the rest of the guys, I guess the issue is pretty much solved.

Could someone of fontawesome users post a request on their repo (or whatever contact they provide) to include this setting into documentation? This is a (very) common configuration item for the private repos and, well, then I don't understand why it's not there yet.

It might work for font-awesome (i wouldn't know i dont use it), but it still doesn't work for a npm proxy that has authentication. E.g when you have a nexus server keeping a "local" (to the office network cache) of the default npm repository - there where all the public stuff like angular gets downloaded from by default (explained in my previous https://github.com/angular/angular-cli/issues/10624#issuecomment-421544428)

Steps to reproduce:
1) Login to your private npm proxy npm login --registry=https://nexus.myorg.com/repository/npm" 2) Now try to upgrade your existing projectng upgrade 2.1) Even tryng upgrade --registry=https://nexus.myorg.com/repository/npm"

After waiting quite a while it errors with "This request requires auth credentials. Run npm login and repeat the request." Looking at my nexus logs I can see it never even attempted to download from the registry.

Because ng update doesn't have a --verbose options, I can't really tell where it is trying to download from....

@trojanc please post your .npmrc

@trojanc please post your .npmrc

//nexus.mydomain.co.za/repository/npm/:_authToken=NpmToken.xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx
registry=https://nexus.mydomain.co.za/repository/npm
always-auth=true

I think I found it...very much hidden I'd say. For me the issue was the LOCATION of the .npmrc file. Angular does not search for the file in the default location on windows.
Normally the file is in C:\Users\username\.npmrc instead Angular searches for the file in C:\Users\username\AppData\Local\.npmrc.
Copying the file to there solved my issue. Now just to remember that every change I make to the normal location of npmrc - like when using npm cli to add repos - to copy that file to where Angular is looking for it

@smnbbrv ng update still doesn't work for me. the .npmrc is in the same directory as the angular.json and contains always-auth=true and an artifactory url for registry. there is also the ~/.npmrc which contains the _authToken. i'm using yarn as packageManager but however also removed the packageManager config from angular.json to use npm.
installation and updating of dependencies via npm and yarn works fine (so auth data should be correct).
it takes some time and outputs then This request requires auth credentials. Run npm login and repeat the request.. Angular CLI version 7.0.2, yarn version v1.10.1.
any suggestions?

@mixer2 this is not yet implemented case. Try to put _authToken into the registry's .npmrc or use only global .npmrc, should work for one or another but not both

@smnbbrv thx for the quick reply. i tried to add the auth data to the .npmrc of the project and also to remove that one and add always-auth and registry to the ~/.npmrc. unfortunately, both combinations didn't work -.-
any other ideas?

pretty much same experience here while running ng update:

Your global Angular CLI version (7.0.3) is greater than your local
version (6.1.1). The local Angular CLI version is used.

To disable this warning use "ng config -g cli.warnings.versionMismatch false".
Unexpected token  in JSON at position 0
{"$id":"1","innerException":null,"message":"TF400813: Resource not available for anonymous access. Client authentication required.","typeName":"Microsoft.TeamFoundation.Framework.Server.UnauthorizedRequestException, Microsoft.TeamFoundation.Framework.Server","typeKey":"UnauthorizedRequestException","errorCode":0,"eventId":3000}

always-auth=true does not fix it
copying private .npmrc to C:\Users\username\AppData\Local\.npmrc does not work either

Please double check your .npmrc especially when you use scoped repositories with scoped authTokens.
E.g. I had the following in my .npmrc
@myscope:registry=https://private.artifactory.instance/api/npm/private-npm/ //private.artifactory.instance/api/npm/private-npm/:_authToken=myAuthToken
The problem is that https://github.com/angular/angular-cli/blob/master/packages/schematics/update/update/npm.ts#L73 is searching for the exact match of the scraped string "//private.artifactory.instance/" which doesn't match (path variables are removed).

To the Angular devs: This could be solved by adding a fuzzy matching into the getOptionFromNpmRc function but could then lead to other side effects. Nevertheless this should be covered in a better way (by adding more examples) to the documentation.

I'm having this issue with ng-uikit-pro-standard.

@ThYpHo0n thanks! that was exactly the issue i had... it's a bit unfortunate that they share the .npmrc config with npm/yarn but interpret it different in multiple ways. especially the run npm login hint in the error is misleading, because it will create the _authToken in antoher file and with another registry scope than ng update would expect.
so for now the imho most reliable way to go is to manually add the _authToken with manually modified scope to the projects .npmrc, do the updates and then remove the token again to not accidentally push it.

The team is aware of the issue and there is a pending PR (https://github.com/angular/angular-cli/pull/12526) which will vastly improve the current situation. Unfortunately, it is currently blocked on an upstream issue (https://github.com/zkat/pacote/issues/163).

I tried 7.1.0-beta.0 and don't get "unauthenticated" anymore but it still fails.

Am I too soon? :) I just saw there were changes in the latest release
If not: Go on reading

ng update @angular/core now throws a 404 with

404 Not Found - GET https://registry.npmjs.org/@myScope%2fmyPackage - Not found

The thing is, this is a package stored in our private npm registry and should not be fetched from npmjs.org

I tried to

ng update @angular/core --registry https://registry.my-private-registry.com/repository/next.npm.group

But it fails with Unable to authenticate, need: BASIC realm="Sonatype Nexus Repository Manager"

I tried to remove my scope declaration for our registry in my .npmrc

@myScope:registry=__REGISTRY_URL__

didn't work

Tried always-auth=true => Didn't work

Same here! All solutions didn't work for me

My workaround was to only migrate (which worked) and then upgrade the packages manually.

ng update @angular/cli --migrateOnly
(maybe you need to move the entries inside the home/.npmrc or .yarnrc into the project's corresponding file)

After that went ok, I i,e, used yarn update @angular/[email protected]
(working with yarn here)

Unfortunately I can't really find what else ng update does and hope that these two steps are sufficient.

I think I found it...very much hidden I'd say. For me the issue was the LOCATION of the .npmrc file. Angular does not search for the file in the default location on windows.
Normally the file is in C:\Users\username\.npmrc instead Angular searches for the file in C:\Users\username\AppData\Local\.npmrc.
Copying the file to there solved my issue. Now just to remember that every change I make to the normal location of npmrc - like when using npm cli to add repos - to copy that file to where Angular is looking for it

I tried a symlink in the AppData/Local dir pointing at the User directory, and it didn't change the error.

Is there a timeline for a fix? I'm not in a hurry to upgrade to 7 so I'd rather wait for the right fix instead of playing around with the workarounds.

In additional to the previous PR mentioned above (which is currently available in the 7.1.0.beta.1). Further improvements will be present in the next beta via https://github.com/angular/angular-cli/pull/12871. This PR provides improved discovery of .nmprc files.

fyi

Tested 7.1.0-rc.0 but still get 404 Not Found - GET https://registry.npmjs.org/@myScope%2fmyPackage - Not found where the URL should point to a private registry

Angular CLI: 7.1.0-rc.0
Node: 10.13.0
OS: win32 x64
Angular: 7.0.1
... animations, cdk, common, compiler, compiler-cli, core, forms
... http, language-service, platform-browser
... platform-browser-dynamic, router

Package                            Version
------------------------------------------------------------
@angular-devkit/architect          0.10.3
@angular-devkit/build-angular      0.10.3
@angular-devkit/build-ng-packagr   0.10.3
@angular-devkit/build-optimizer    0.10.3
@angular-devkit/build-webpack      0.10.3
@angular-devkit/core               7.0.3
@angular-devkit/schematics         7.1.0-rc.0
@angular/cli                       7.1.0-rc.0
@angular/flex-layout               7.0.0-beta.19
@ngtools/json-schema               1.1.0
@ngtools/webpack                   7.0.3
@schematics/angular                7.1.0-rc.0
@schematics/update                 0.11.0-rc.0
ng-packagr                         4.4.0
rxjs                               6.3.3
typescript                         3.1.3
webpack                            4.23.1

@kroeder Can you provide the path to the .npmrc file that contains the relevant settings?

Hey, sorry for the late response

Default directory
C:\Users\%username%\.npmrc

Contains

registry=https://%registry%/repository/%npm-group-name%.npm.group/
//%registry%/repository/%npm-group-name%.npm.group/:_authToken=%auth-token%
//%registry%/repository/%npm-group-name%.npm.releases/:_authToken=%auth-token%

%...% are not part of the content, I just replaced the actual values with %-placeholders

We use: Nexus https://blog.sonatype.com/using-nexus-3-as-your-repository-part-2-npm-packages

@kroeder if you have some time, could you put that .npmrc file in your project's directory and try running update?

@mswilson4040 are you on windows as well?

@clydin I am on a mac.

@mswilson4040 did you receive the same result when trying the 7.1 RC? Also could you provide the path to the relevant .npmrc as well?

@clydin I haven't tried 7.1 yet. I eventually just removed the npmrc and all my modules, ran ng update and then put everything back in. For the npmrc file path, I have two locations. One location in my home directory (which has my auth token) and then another one at my project directory root (registering the priate repo).

• .npmrc path in home dir: (/Users/{username})
• .npmrc in project dir: (/Users/{username}/dev/{projectname}/wwwroot/clientapp)

Still not working.
Tested with 7.0.6 and 7.1.0-rc.0

After i installed a private package from a private repository the ng update command failed always with:
404 Not Found: @myprivatescope/my-private-package

npmrc:

registry=https://stage.privateRepository/

@myprivatescope:registry=https://stage.privateRepository/
//stage.privateRepository/:_password=<MY TOKEN>
//stage.privateRepository/:username=<MY USERNAME>
//stage.privateRepository/:email=<MY EMAIL>
//stage.privateRepository/:always-auth=true

@danielleroux have you tried https://github.com/angular/angular-cli/issues/10624#issuecomment-439943098

Still had no time to test this..

@kroeder yes, but i get the same error.

OS: macOS

//EDIT:

It works with 7.1.0-rc.0 only updated the global module not the package module of the cli.

Tested with .npmrc in project root and userfolder

Cannot confirm, what exactly have you done to get it work?
I tested
Global 7.1.0-rc.0 / Local ~7.0.0 => "Unauthorized"
Global 7.1.0-rc.0 / Local ^6.0.0 => "Unauthorized"
Global 7.1.0-rc.0 / Local 7.1.0-rc.0 => "404 Not Found: https://registry.npmjs.org/@myprivatescope/my-private-package"
Global 7.1.0-rc.0 / Local 7.1.0-rc.0 / .npmrc in project-root => "404 Not Found: https://registry.npmjs.org/@myprivatescope/my-private-package"

After:
Global 7.1.0-rc.0 / Local 7.1.0-rc.0
=> 401 Unauthorized - GET https://npm.fontawesome.com/@fortawesome%2ffontawesome-svg-core
all in red

Before:
Global 7.0.6 / Local 7.0.6
=> "401 Unauthorized", also all in RED
This has been consistently with ng CLI versions < 7.1.x

My local .npmrc in the project - don't have one in the home directory!:

@XXXXXXXXXX:registry=https://artifactory.YYYYYYYYYYY:443/artifactory/api/npm/npm-virtual/

@fortawesome:registry=https://npm.fontawesome.com/
//npm.fontawesome.com/:_authToken=${NPM_TOKEN_FONTAWESOME}

PUPPETEER_SKIP_CHROMIUM_DOWNLOAD=true

depth=0
loglevel=warn
package-lock=false
progress=false

Environment variable replacement is not currently supported (i.e., ${NPM_TOKEN_FONTAWESOME} will stay as is). Support is currently in development.

@clydin You are spot-on, as usual.

If I add the token verbatim, ng upgrade actually works.

As I do depend on an internal framework to first upgrade to Angular 7 - it is based on 6.1 -, I am not in a hurry to upgrade the code base to 7 yet.

Thanks for clarifying it.

🤔 Is it windows or why doesn't it work with my project?

@kroeder

Your current C:Users%username%.npmrc is

registry=https://%registry%/repository/%npm-group-name%.npm.group/
//%registry%/repository/%npm-group-name%.npm.group/:_authToken=%auth-token%
//%registry%/repository/%npm-group-name%.npm.releases/:_authToken=%auth-token%

Have you tried

registry=https://%registry%/repository/
//%registry%/repository/:_authToken=%auth-token%

Since we do not know what %npm-group-name% actually means/looks like.

Is it comparable to:

@fortawesome:registry=https://npm.fontawesome.com/
//npm.fontawesome.com/:_authToken=XXXXXXX

?

You might want to check http://codeheaven.io/using-nexus-3-as-your-repository-part-2-npm-packages/

I have no deep knowledge, I just use it. Anyway: Using registry=https://%registry%/ and then ng update @angular/core prints an HTML-Document to the console because this is the URL to the nexus web interface and the actual repo is in a sub-directory

It works now using rc.0 and

ng update @angular/core --registry https://%registry/repository/%group-name%/

Not a solution but a workaround 😃

@kroeder does your .npmrc literally have the %'s or are those only for comment replacement purposes?

Just placeholders because I don't want to share the exact URL :) have no vars

Hmm.

I have globally and locally @angular/cli 7.1.0.
Our project uses '@angular/*' "^6.1.0".

Did a clean yarn install - there was no yarn.lock or node_modules prior to the install.

Then I wanted to perform ng update '@angular/cli'.

I got this red line as result:

401 Unauthorized - GET https://npm.fontawesome.com/@fortawesome%2fpro-regular-svg-icons

Same result with ng update '@angular/core'.

As a reminder, our local .npmrc is (we do not use .npmrc in HOME directory):

@XXXXXXXXXX:registry=https://artifactory.YYYYYYYYYY:443/artifactory/api/npm/npm-virtual/

@fortawesome:registry=https://npm.fontawesome.com/
//npm.fontawesome.com/:_authToken=${NPM_TOKEN_FONTAWESOME}

PUPPETEER_SKIP_CHROMIUM_DOWNLOAD=true

depth=0
loglevel=warn
package-lock=false
progress=false

It only works if I replace ${NPM_TOKEN_FONTAWESOME} with the real token string.

I take it @clydin's enhancement to support ENV variables in .npmrc has not landed yet.

@catull The environment variable support will be in 7.1.1.

Excellent, thanks!

+1 same issue with 7.1.0 - @microsoft fix it

The problem for angular-cli 7.1.0 is in angular-cli/packages/schematics/update/update/npm.ts

const resultPromise = pacote.packument(
    packageName,
    {
      'full-metadata': true,
      ...npmrc,
      registry: options && options.registryUrl,
    },
  );

This line contains error:
registry: options && options.registryUrl

If you pass any cli options, but don't pass registryUrl inside this options - this line will generate "registry: undefined" that always overrides ".npmrc" value.

And pacote when see this - uses default registry.npmjs.org

The fix is simple - check that options.registryUrl has some value, before passing it to pacote.
I can try to make a fix, and also some tests for it :)

@denisoby Don't bother.

@hansl committed a fix with https://github.com/angular/angular-cli/commit/6fce79355fb6305f3db2e627fdf345b9ac1f173b
@clydin enhanced it with https://github.com/angular/angular-cli/pull/13106/commits/e85da635cd70ddcf1eddee430a7d740eaa3bc53e

Just wait for version @angular/[email protected]

Edit: It has landed now. Enjoy it!

With 7.1.1 I get 404 errors again. Scoped packages seams not to be recognized correctly.

Is there an article describing what to do know?
Im using Windows and don't know how to get it working:

• Use .npmrc in local and/or HOME ?
• Do I have to use environment variables for auth-keys?

Deleted my local .nmprc to update version of @angular/cli to 7.1.1.
Restored the local .npmrc and trying to start ng update

If I then try to start ng update getting also the 404 with scoped package names:
like: /@angular-devkit%2fbuild-angular

This should have been fixed by https://github.com/angular/angular-cli/pull/13025

@alan-agius4 I am running 7.1.2 and I still have this problem with a private repo.

@Albyzai can you kindly try to use the next version? Note that you should also update @angular/devkit packages

@alan-agius4

This is my output:

``_ _ ____ _ ___ / \ _ __ __ _ _ _| | __ _ _ __ / ___| | |_ _| / △ \ | '_ \ / _ | | | | |/ _` | '__| | | | | | |
/ ___ \| | | | (_| | |_| | | (_| | | | |___| |___ | |
/_/ __| |_|__, |__,_|_|__,_|_| ____|_____|___|
|___/

Angular CLI: 7.1.2
Node: 8.12.0
OS: win32 x64
Angular: 7.1.2
... animations, cli, common, compiler, compiler-cli, core, forms
... http, platform-browser, platform-browser-dynamic, router

Package Version

@angular-devkit/architect 0.10.7
@angular-devkit/build-angular 0.10.7
@angular-devkit/build-optimizer 0.10.7
@angular-devkit/build-webpack 0.10.7
@angular-devkit/core 7.0.7
@angular-devkit/schematics 7.1.2
@angular/cdk 7.1.1
@ngtools/webpack 7.0.7
@schematics/angular 7.1.2
@schematics/update 0.11.2
rxjs 6.3.3
typescript 3.1.1
webpack 4.19.1
```

@Albyzai, can you try to use @angular/cli@next and see if the problem persists?

@alan-agius4

     _                      _                 ____ _     ___
    / \   _ __   __ _ _   _| | __ _ _ __     / ___| |   |_ _|
   / △ \ | '_ \ / _` | | | | |/ _` | '__|   | |   | |    | |
  / ___ \| | | | (_| | |_| | | (_| | |      | |___| |___ | |
 /_/   \_\_| |_|\__, |\__,_|_|\__,_|_|       \____|_____|___|
                |___/


Angular CLI: 7.2.0-beta.1
Node: 8.12.0
OS: win32 x64
Angular: 7.1.2
... animations, common, compiler, compiler-cli, core, forms
... http, platform-browser, platform-browser-dynamic, router

Package                           Version
-----------------------------------------------------------
@angular-devkit/architect         0.10.7
@angular-devkit/build-angular     0.10.7
@angular-devkit/build-optimizer   0.10.7
@angular-devkit/build-webpack     0.10.7
@angular-devkit/core              7.0.7
@angular-devkit/schematics        7.2.0-beta.1
@angular/cdk                      7.1.1
@angular/cli                      7.2.0-beta.1
@ngtools/webpack                  7.0.7
@schematics/angular               7.2.0-beta.1
@schematics/update                0.12.0-beta.1
rxjs                              6.3.3
typescript                        3.1.1
webpack                           4.19.1

Problem still persists.

btw. is this going to be released into ^6.x.x?

There are quite some repos still out there on versions before 6 and the angular-team behind https://update.angular.io doesn't recommend to move across multiple major versions.

Hence it would be great to get it into 6 as well.

It works for me, since 7.1.1.

@Albyzai Care to show us your .npmrc, mask out the spicy bits.

@catull

Will do on Monday, got it on my work PC.

This is not only a problem with private repos but in my case also a problem with dependencies from git repos (so not npm based)

Update: after upgrading to 7.2.0-beta.1 message slightly changed but issue persist:

➜  ng update @angular/core
404 Not Found - GET https://registry.npmjs.org/my-private-package-here - Not found

With @next We get the message
request to https://registry.npmjs.org/@types%2fjasmine failed, reason: connect ETIMEDOUT

It seems that ng update @angular/cli ignores the proxy since it should go to the proxy or https-proxy instead of npmjs.org.

Should the command be ng update @angular/cli@next? (Results in same error message)

@alex88 @daniel-seitz
You two are aware that we cannot help you if you do not describe your situation adequately enough.

For starters, post your .npmrc.
Mention if you have an .npmrc in your home directory and/or in your project root folder.

Mask out the portions you DO NOT want us to know, like internal host names or credentials etc.
Just give enough pieces of information.

@catull thanks for clarifying. I thought we're on the same page already.

1. we use yarn.
2. local .npmrc:
   registry=[some url, masked out] always-auth=true
3. yarn lock contains packages where I see some as resolved with [some url, masked out]
   also there are packages with https://registry.yarnpkg.com/some-package-and-so-on
4. global .yarnrc (in C:Users\MyUserName):

# THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY.
# yarn lockfile v1
lastUpdateCheck 1543945019859

1. global .npmrc (in C:Users\MyUserName):

//some_path_with_some_token
proxy= http://our_proxy_with_port/
https-proxy= http://our_proxy_with_port

1. trying to follow commands from update.angular.io
2. everything else works but not ng update @angular/cli, message comes up after a while (1 minute or so):
   request to https://registry.npmjs.org/@types%2fjasmine failed, reason: connect ETIMEDOUT
   seems to be on a random package, at another try I got:
   request to https://registry.npmjs.org/codelyzer failed, reason: connect ETIMEDOUT [some ip address and port]
3. currently still running angular 5.1.1
4. tried as described with @next option in yarn global add @angular/cli@next and yarn add @angular/cli@next
5. ng --version:

     _                      _                 ____ _     ___
    / \   _ __   __ _ _   _| | __ _ _ __     / ___| |   |_ _|
   / △ \ | '_ \ / _` | | | | |/ _` | '__|   | |   | |    | |
  / ___ \| | | | (_| | |_| | | (_| | |      | |___| |___ | |
 /_/   \_\_| |_|\__, |\__,_|_|\__,_|_|       \____|_____|___|
                |___/


Angular CLI: 7.2.0-beta.1
Node: 8.12.0
OS: win32 x64
Angular: 5.1.1
... animations, common, compiler, compiler-cli, core, forms
... http, platform-browser, platform-browser-dynamic
... platform-server, router

Package                      Version
------------------------------------------------------
@angular-devkit/architect    0.12.0-beta.1
@angular-devkit/core         7.2.0-beta.1
@angular-devkit/schematics   7.2.0-beta.1
@angular/cli                 7.2.0-beta.1
@angular/language-service    4.4.6
@schematics/angular          7.2.0-beta.1
@schematics/update           0.12.0-beta.1
rxjs                         5.5.3
typescript                   2.4.2

@catull well .npmrc isn't used when having a git dependency. it's just a line like this:

"my-package": "git+ssh://[email protected]:my-package.git#master"

in the package.json. No package repo is involved.

@alex88

I can reproduce your behaviour, I think.

I have no .npmrc in my home directory - I renamed it to .npmrc.old,

I have created a brand-new angular app "foo", there is no .npmrc in that project folder.
In that folder, I can perform ng upgrade, no error is reported.

Then I added this dependency:

    "@streamlabs/obs-studio-node": "git+ssh://[email protected]:computerquip/obs-studio-node#staging",

Now, when I perform ng update, the result is ....

➜  foo git:(master) ✗ ng update
404 Not Found - GET https://registry.npmjs.org/@streamlabs%2fobs-studio-node - Not found

This is pretty much what you experience, with a different dependency.

ng fails in calculating the dependency graph for the newly introduced "@streamlabs/obs-studio-node".

I also tried with ng update --registry=https://registry.npmjs.org or ng update --registry https://registry.npmjs.org.

The result is the same as with ng update.

It is true that you have already fetched it once via npm install / yarn install.

However, ng is detecting whether your/my extra dependency out of date.
Let's just assume you have version _x.N.y_ in your workspace.

ng sees that; but there could be version _x.(N+1).0_ or _x.N.(y+1)_ available on a remote registry.
ng must find out if this is the case.

Your statement that "No package repo is involved." does not hold.
It very much is involved, the repository. Just not the correct one ...

ng update blindly looks for the package on npmjs.org, rather than on gitlab.com.

It finds all the other packages - I proved it with a fresh app having all dependent packages on registry.npmjs.org.

@daniel-seitz

Your situation is that you do not get a proxy'd connection, it times out.
Are you certain you have the correct port configuration, that it is not blocked by a firewall ?

Perhaps that proxy may only be used for "normal" HTTP ("browser") requests ...

To address your point 7, each package is equally affected, there is no guarantee that the packages are processed top to bottom.

Imagine ng fires off 20 requests asynchronously, the first one that times out is reported and ng errors out.
Once it is the 7th, next time is is the 13th, and then it is the 4th alphabetically.
Which one of those 20 it is, is entirely "random".

My best guess is: the proxy configuration is not correct.

Are you sure you need a proxy configuration ?

Unless it is a typo, I find it suspicious that you use a "http" proxy value for "https" for starters.

Can you exclude the fact that neither HTTP_PROXY, HTTPS_PROXY, http_proxy nor https_proxy environment variables are set.
Neither http_proxy / https_proxy shell variables are set, either.

I think this ticket can be closed.

Why ?

The original issue is that ng update does not support private repositories such as FontAwesome PRO.

That issue is resolved.
Now even environment variables (say for TOKENs to be used in build servers) are supported.

Other issues reported are

• @alex88 - ng does not honour gitlab specific URI
• @daniel-seitz's timeout is a different issue. I am not sure there is a private repo involved here.

These two issues must be dealt with separately, IMHO.

@Albyzai has not stated where the private repo is at.

@catull probably it won't handle any other git repository right? Like gitlab/github/bitbucket/aws codecommit and many others...

@alex88 Your repo URL ...

"my-package": "git+ssh://[email protected]:my-package.git#master"

should it not be

"my-package": "git+ssh://[email protected]:>>>>USERNAME/<<<<<

Compare this to my example:

"@streamlabs/obs-studio-node": "git+ssh://[email protected]:>>>>>>computerquip/<<<<<

@catull yes it's actually username/repo, I just wanted to remove also that part, sorry for the confusion

No worries, just wanted to exclude another explanation ....

@alex88 Have you considered using _scoped_ package naming [1] ?

See, this is a snippet of my .npmrc:

@XXXXXXXXXX:registry=https://artifactory.YYYYYYYYYY:443/artifactory/api/npm/npm-virtual/

@fortawesome:registry=https://npm.fontawesome.com/
//npm.fontawesome.com/:_authToken=${NPM_TOKEN_FONTAWESOME}

You could have

    "my-package": "git+ssh://[email protected]:@YOUR_SCOPE/my-package.git#master"

As long as the package is published with @YOUR_SCOPE - could be @YOUR_ORGANISATION.

It works for FontAwesome.
They use the scope name @fortawesome - yeah, "FORT awesome", not "FONT awesome".

Side note: You and I both know that "forte" in colloquial Italian means "awesome" in colloquial American English; my eye reads it as "awesome awesome" -> Super-awesome!

FontAwesome's repository is not the canonical from npmjs.org
Yet npm, yarn and most importantly ng all retrieve it from the right place.

Buona fortuna!

[1] https://docs.npmjs.com/misc/scope

@daniel-seitz

Perhaps you are right.

Assuming the http proxy config works for, say, the initial npm install.
If that is the case, your issue is that ng update ignores the proxy configuration.
Then I apologise, my analysis above would be incorrect.

However, it is a different case from the original posting.

I suggest you open a new issue with exactly the the title "ng update ignores proxy config."
I do not have a setup which requires a proxy configuration, so I cannot assist you, sorry.

@catull haha for the side note 🤣
Sometimes I read it as awesome-awesome and sometimes if feels like a typo 😆

Anyway, that would involve having our own registry or paying for a private hosted on if I understand it correctly, I think that for now I'll just remove that dependency, upgrade to angular 7 and add it back 😄

Hate to do that but having our own means more maintenance/resources and the other option would be adding another cost. You probably also know how much Italian companies can be stingy 😄

Btw, thanks for the option, if it's something we need to support in long term that's definitely an option to look for!

@alex88

On the scoped naming, the cost you incur is operating an NPM registry.

See open source alternatives below, "verdaccio" [1] and "bitsrc.io" [2].
I believe there are docker images for both of them.
At one point, "sinopia" was actively developed, but it has not been updated for more than 3 years.

Imagine this.

Let's just assume for a moment I like a certain library/package.

Let's say it is called banana; the original npm package would be available at https://www.npmjs.com/package/banana.

So, one day I decide to considerably change it, but the original maintainer is
a) not around, the e-mail she is using is invalid by now
b) the maintainer is not interested in your changes
c) the package is not maintained any more, and maintainership cannot be transferred to you

Now in this case, banana was last updated 7 years ago.
But that is beside the point.

Given the fact that I like banana, I can create a fork of it.
I will NOT be able to publish it at https://www.npmjs.com/package/banana.

But I will be able to publish it say, as https://www.npmjs.com/package/@catull/banana.
Then it would be public.

But let's also assume my company operates an internal NPM repository at registry.my-company.net:8080/npm/.

Now I can publish it at https://registry.my-company.net:8080/npm/@SOME_SCOPE/banana

You have to publish it with --scope @SOME_SCOPE.
Otherwise you would publish it at https://registry.my-company.net:8080/npm/banana

But here is the beauty: the scope name can be specifically configured in .npmrc.
It is recognised by all tools equally: npm, yarn and ng.

You can see a good example with bootstrap-vue:

• the original bootstrap-vue
• a fork @aorinevo/bootstrap-vue

[1] [verdaccio](https://github.com/verdaccio/verdaccio)
[2] [bitsrc.io](https://hackernoon.com/private-npm-registry-simplified-with-bit-cc80408f1809)

@catull thanks a lot for the long explanation, I'll keep in mind, surely it's better than fetching from git directly 😄

@catull thank you, originally i had the same issue as the topic here and this is indeed now resolved. I'll open another issue as suggested, btw. yarn commands work, just the ng update doesnt. I tried migrate only - which works - and then update the packages via yarn, also works. I just think that I might miss something that ng update does as well, other than migrating to the angular.json file and lifting the packages to the recent version. ciao

I really wonder why fontawesome pro works with 7.1.0 but fails with 7.1.1 and 7.1.2
It's a bit sad to see that newer version break again. I hope this can be finally fixed soon.

I've same problem. "ng update --all" doesn't works with 7.1.2 (and 7.1.0 also) with private registry configured into local ".npmrc". @angular/cli while try to found package on registry.npmjs.org:

404 Not Found - GET https://registry.npmjs.org/mypackage - Not found

But into .npmrc i've :
registry=https://privaterepo.mycompagnie.fr/npm/

@Chklang did you try with ng update --registry https://privaterepo.mycompagnie.fr/npm/ ?

@aguacongas that works for me!
However, I shouldn't have to do that if the registry is declared in my .npmrc.

@kpaxton You're lucky, that doesn't for me. But my private repo needs authentication.
And I agree, we shouldn't have to do that.

I also not lucky. I have also authentication set for my private registry and I am getting below error

Unable to authenticate, need: Basic realm="Artifactory Realm"

@Chklang did you try with ng update --registry https://privaterepo.mycompagnie.fr/npm/ ?

Do you know what does ng update --registry https://privaterepo.mycompagnie.fr/npm/ command do? Users having auth set in their private registry can directly do what this command does?

In our npmrc we have options like strict-ssl and always-auth which are boolean values when being parsed. The update script in npm.ts tries to call 'replace' on the options and fails when the function does not exist (which it doesn't for bools):
options[key] = options[key].replace(/\$\{([^\}]+)\}/, (_, name) => process.env[name] || '');
We fixed this by checking if the function exists before trying to call it. PR is attached

Now, ng update works as expected also with our private Artifactory

Hi,

I had the same problem, because we are using Artifactory in our company. We store private repositories in it. So I had the same error when trying to use ng update.

But I can pass the parameter "-f" to force the update. I changed the names to give you an example what will happen with the force flag:

ng update @angular/cli -f
    Package not installed: "-f". Skipping.
    404 Not Found - Get https://registry.npmjs.org/@MYCORPORATE/MYREPO1 - Not Found
    404 Not Found - Get https://registry.npmjs.org/@MYCORPORATE/MYREPO2 - Not Found

After that all was installed and update. I did this with the Angular and CDK package as well. We are updated the internal packages for our own.

I hope this will help.

PS: We also use https://www.npmjs.com/package/npm-check-updates with ncu command to check updates for our packages. This works well with Artifactory. So we now using ng update for all Angular related packages and ncu for other. But be careful and check if all new packages are working with the Angular packages.

@florian-kittel
Both npm and yarn have had the outdated option, check it out, it may satisfy your requirements.
Works on public and private npm repos.

Currently with 7.3.0 for me it works correctly again.

This should now be addressed in 7.3.0+. If anyone is still encountering problems, please open a new issue detailing the issue.

This issue has been automatically locked due to inactivity.
Please file a new issue if you are encountering a similar or related problem.

Read more about our automatic conversation locking policy.

<sub>_This action has been performed automatically by a bot._</sub>