Font-awesome: 401 Unauthorized with npm.fontawesome.com causing build outage (Pro Small Business Backer)

I have the exact same problem.

From what I understood reading 15 seconds in diagonal I am supposed to renew my licence, which I did (Standard, 5 seats).

Still all my projects / websites are affected.

I also shot an email to support. My subscription email is [email protected].

Thanks.

@aocneanu yep, I thought the same but after doing the new subscription I half expected to get a new .npmrc token but it is still the same as the old. My account now shows me owning two licenses and clicking on the license links just takes me to legal disclaimers so I'm stuck.

I half expected to get a new .npmrc

That was my intuition too but I noticed the same, I have the old token.

At least my account shows me only one license.

Hi guys,

I can confirm. I'm having the same problem here with a Perpetual FA5 subscription:

error An unexpected error occurred: "https://npm.fontawesome.com/@fortawesome%2ffontawesome-pro: authentication required".

I don't know if this is related to the license of if it is a problem of the npm repo. The status monitor does not report any known incident: https://status.fortawesome.com/

I've emailed support and am awaiting a reply but we do not have a week to sit on this unfortunately.

When did you write to the support? This is the best we can do for the moment.

I can ping @robmadole and @trevorchase here too, maybe this could help, but we should wait some hours (they live in the US)

I have the same problem.
Even if you use a newly-issued _authToken, there is still an authentication error.

I'm having the same issue. Cannot build.

We're emailing you because on September 14th, 2020 we will be shutting off access to our npm private package registry for anyone who doesn't have an active subscription to our Standard Pro Plan.

If you'd like to continue using the npm private package registry you can purchase a subscription to a Font Awesome Pro Standard Plan for $99 per year.

@mitrae I checked and see that I received that email 5 days ago (did not see it until now) however I did upgrade to the Pro Standard plan today and it's still not working.

@tagliala thanks, I'm in the US as well. I was pinged on the build issue around 5pm. I worked on trying to fix it for a few hours (upgraded account, tried to regenerate token etc.) and succumbed to emailing at 8pm. It sounds fairly severe given the number of immediate +1s on this thread already.

Any communications with the team would be much appreciated as this is blocking production systems.

@cchamberlain I've contacted Rob privately, that's the the best I can do

All we looking at this now. I’ll get everyone back up and running and then report what happened.

@mitrae I checked and see that I received that email 5 days ago (did not see it until now) however I did upgrade to the Pro Standard plan today and it's still not working.

to me it helped. try to clean node_models folder.

In the documentation, packages like @fortawesome/fontawesome-svg-core would still be possible to download using the public npm registry, but isn't working here. Anyone with the same problem?

All other Font Awesome npm packages, like @fortawesome/fontawesome-svg-core, can be installed using the public npm registry

Even other packages like @fortawesome/fontawesome-free are asking for authentication.

The solution for us (that can't pay for a subscription) is download the PRO packages here. They also created a documentation on how to work around this. I think creating our own private repository under some custom namespace probably work too.

@cchamberlain @aocneanu @tagliala you should be back up and running now

Still failing unfortunately for us:

yarn
yarn install v1.16.0
[1/5] Validating package.json...
[2/5] Resolving packages...
[3/5] Fetching packages...
error An unexpected error occurred: "https://npm.fontawesome.com/@fortawesome/pro-regular-svg-icons/-/5.12.1/pro-regular-svg-icons-5.12.1.tgz: Request failed \"401 Unauthorized\"".
info If you think this is a bug, please open a bug report with the information provided in "/home/omar/work/tahoe-hawthorn/amc/frontend/yarn-error.log".
info Visit https://yarnpkg.com/en/docs/cli/install for documentation about this command.

Workaround

We self-hosted the packages:

• Moved the @fortawesome packages into vendor/fortawesome

• Modified the frontend/packages.json to install them from local file:

  -"@fortawesome/fontawesome": "^1.1.8",
  +"@fortawesome/fontawesome": "file:./vendor/fortawesome/fontawesome",
  

• Modified the fontawesome/package.json to install its dependencies from file system:

  "dependencies": {
  "@fortawesome/fontawesome-common-types": "file:../fontawesome-common-types"
  },
  

  • Did the same for other packages that needs fontawesome-common-types

Ok, I've got a few minutes to explain this.

We started running a script yesterday that began deactivating the private NPM registry for backers who haven't upgraded. That all went according to plan.

However we had a bug in the reactivation section of the new subscription that didn't properly re-activate the existing NPM token. So even after purchasing a subscription the NPM tokens continued to not function.

We have a fix for this and we'll get that deployed in the next couple hours.

If anyone else is having trouble (@nukos @bkoplin @OmarIthawi) you can send an email to [email protected] or give me the email on your account. (This is a manual fix until I can get the fix deployed)

Thanks! I'll try the workaround for now, it should be fixed in our pipeline.

@robmadole Thank for the update, yarn upgrade & build are working now, but kits are still unavailable

GET https://kit.fontawesome.com/xxxxxxxxx.js net::ERR_ABORTED 403

@aocneanu that should be fixed now as well

Yep, now's ok. Thanks!

@gsmeira your .npmrc file is probably telling NPM to install any @fortawesome scoped package from npm.fontawesome.com. You can remove this file and also your package-lock.json or yarn.lock and re-rerun NPM install. Should get you fixed up.

@robmadole My bad! I had deleted the .npmrc but forgot to remove the global configuration that I did at some point and didn't remember. I fixed now, Thanks!

@robmadole thanks for jumping on this quickly. I'm pretty deep in the route of mounting the pro packages into a build container and using yarn add ./<fortawesome-package>.tgz.

We use the .npmrc on our ci server to set the token. The docs still show this as a valid method in the "per project" settings here: https://fontawesome.com/how-to-use/on-the-web/setup/using-package-managers

Is this path no longer supported?

@cchamberlain using .npmrc is still a viable way to install Font Awesome. Nothing has changed there.

@robmadole Oh I gotcha. I misinterpreted your prior comment. IIUC the private fontawesome repo mirrors the free packages as well so if you have the .npmrc with an invalid token it will fail that auth for the free packages. For authorized users, it serves both free and pro packages.

@cchamberlain (just re-read your original issue at the top)

The license was supposed to be for life but I understand the terms have changed.

The license is for life but the services, like private NPM registry, were only for 1 year (we actually gave 2 years).

This would be ok with some sort of transitional period but it is not a good experience having a lifetime subscription break our build process overnight with no recourse to turn it back on.

We tried to be clear about the difference between a "license" and a "subscription" but these are tricky to explain. Most of our communication happened over email (I know those can be easy to miss) but we really were trying to give everyone time to transition and the tools they needed; like being able to download the NPM .tgz directly from https://fontawesome.com/download.

Otherwise I'll need to shift gears and focus on reverting all usage to the free version to remove the npm barrier - something I'd like to avoid.

No need to revert to the free version! You have a license to Pro and can either host the NPM packages yourself in your own registry or install them using the file system.

the private fontawesome repo mirrors the free packages as well so if you have the .npmrc with an invalid token it will fail that auth for the free packages. For authorized users, it serves both free and pro packages.

Exactly. The way NPM works is to segment by "scope". So everything under @fortawesome has to use one registry.

@robmadole thank you for the explanation and apologies for missing the emails. It all makes sense now. Things were frantic earlier as I sensed this was going to be a major blocker when people came online today.

I've just submitted a PR that mounts the tarballs into our build container and looks like things are going to just work. Thank you for the quick follow-ups!

Still failing unfortunately for us:

yarn
yarn install v1.16.0
[1/5] Validating package.json...
[2/5] Resolving packages...
[3/5] Fetching packages...
error An unexpected error occurred: "https://npm.fontawesome.com/@fortawesome/pro-regular-svg-icons/-/5.12.1/pro-regular-svg-icons-5.12.1.tgz: Request failed \"401 Unauthorized\"".
info If you think this is a bug, please open a bug report with the information provided in "/home/omar/work/tahoe-hawthorn/amc/frontend/yarn-error.log".
info Visit https://yarnpkg.com/en/docs/cli/install for documentation about this command.

Workaround

We self-hosted the packages:

• Moved the @fortawesome packages into vendor/fortawesome
• Modified the frontend/packages.json to install them from local file:
  diff -"@fortawesome/fontawesome": "^1.1.8", +"@fortawesome/fontawesome": "file:./vendor/fortawesome/fontawesome",
• Modified the fontawesome/package.json to install its dependencies from file system:

"dependencies": {
  "@fortawesome/fontawesome-common-types": "file:../fontawesome-common-types"
},

• Did the same for other packages that needs fontawesome-common-types

Thank you. I'm trying to implement the same solution you did.
I'm getting an error on the package.json of fontawesome-common-types, due to this line:

"_resolved": "https://npm.fontawesome.com/@fortawesome/fontawesome-common-types/-/0.1.7/fontawesome-common-types-0.1.7.tgz",

What did you do?
Thank you.

EDIT: I've deleted it and it seems to be working

@jpmermoz that looks like the package-lock.json or yarn.lock file is still trying to pull from our registry. Did you delete the file and let npm/yarn recreate it?

I'm having 401 problems as well (I'm a backer, but haven't subscribed to the service yet). These are my fontawesome-related packages in the package.json file:

    "@fortawesome/fontawesome-svg-core": "1.2.27",
    "@fortawesome/free-brands-svg-icons": "5.12.1",
    "@fortawesome/fontawesome-pro": "file:/Users/my_user/packages/pro-5.14.0.tgz",
    "@fortawesome/pro-duotone-svg-icons": "file:/Users/my_user/packages/pro-duotone-5.14.0.tgz",
    "@fortawesome/pro-light-svg-icons": "file:/Users/my_user/packages/pro-light-5.14.0.tgz",
    "@fortawesome/pro-regular-svg-icons": "file:/Users/my_user/packages/pro-regular-5.14.0.tgz",
    "@fortawesome/pro-solid-svg-icons": "file:/Users/my_user/packages/pro-solid-5.14.0.tgz",

What I'm getting is:

npm ERR! code E401
npm ERR! Unable to authenticate, need: Basic realm="https://npm.fontawesome.com/"

I've removed fontawesome-related lines from the .npmrc (local as well as the global one). Any hints 🙊 ?

@Ancinek try removing the package.lock or yarn.lock file. Those are stubborn about holding on to the registries.

@robmadole Yes, this is what I've already tried, but it only worked after I rebooted my machine. Thanks anyway!

@Ancinek, the common-types and svg-core are behind the paywall. @robmadole, you do realize we can't use the downloaded packages without these two, right? Can you offer them as downloadable packages for FA5 pro as the rest?

Hi @plamenh , those packages should be available in the public npm repo, just remove font awesome's .npmrc configuration entries

Ref:

• https://www.npmjs.com/package/@fortawesome/fontawesome-common-types
• https://www.npmjs.com/package/@fortawesome/fontawesome-svg-core

I had to remove pro from my npm config, then i could re-install svg-core from public

Hi, I have the same issue when running yarn install
error An unexpected error occurred: "https://npm.fontawesome.com/@fortawesome/react-fontawesome/-/0.1.11/react-fontawesome-0.1.11.tgz: Request failed \"401 Unauthorized\"".

I removed *.lock files without success. Any hints please ?

@MaximeRig if your .npmrc is correctly configured, it looks like a license issue. Please get in touch with [email protected]

@tagliala yes, it is. Thank you for your response.