Cli: [BUG] E403 has a misleading message for most cases
What / Why
2f3b79bbad contained this bit:
+ case 'E403':
+ short.push(['403', er.message])
+ msg = [
+ 'In most cases, you or one of your dependencies are requesting',
+ 'a package version that is forbidden by your security policy.'
+ ]
+ if (er.parent) {
+ msg.push("\nIt was specified as a dependency of '" + er.parent + "'\n")
+ }
+ detail.push(['403', msg.join('\n')])
+ break
This is only correct if the error is thrown by npm-pick-manifest, though. If you are trying to publish a package you're not allowed to, or some other random thing that can cause an actual 403 response, you get this error, which is misleading.
Suggestion
Detect errors thrown by npm-pick-manifest or by attempts to fetch a tarball that result in a 403.
For other cases, provide an error message that does not mention security policies or fetching forbidden dependencies.
isaacs
>All comments
I'm leaving this as a troubleshooting tip for others that encounter this error message for reasons unrelated to security policies:
One thing that can cause this issue to appear is by attempting to publish a scoped package where the name of the scope defined in package.json is slightly different than the name of your npm organization. E.g. Org name on npm is tech.com but package.json has "name":"@techcom/mypackage" when it should be "name":"@tech.com/mypackage"
jhorbulyk
on 6 Mar 2020
Related issues
darcyclarke
路
4Comments
millerick
路
3Comments
darcyclarke
路
3Comments
jaydenseric
路
3Comments
ahuglajbclajep
路
3Comments
Most helpful comment
I'm leaving this as a troubleshooting tip for others that encounter this error message for reasons unrelated to security policies:
One thing that can cause this issue to appear is by attempting to publish a scoped package where the name of the scope defined in
package.jsonis slightly different than the name of your npm organization. E.g. Org name on npm istech.combutpackage.jsonhas"name":"@techcom/mypackage"when it should be"name":"@tech.com/mypackage"