Yarn: authorisation headers added when url contains '@' (e.g, scoped package)

Created on 25 Nov 2016 · 2Comments · Source: yarnpkg/yarn

An athentication header is added to the request when there is an at-sign in the url. Scoped packages use an at-sign.

This resolves to true:

this.getScopedOption(registry.replace(/^https?:/, ''), 'always-auth') || this.getOption('always-auth')
      || removePrefix(requestUrl, registry)[0] === '@';

https://github.com/yarnpkg/yarn/blob/b4e42e3e73a3d714fd44cc0d3968cf33e43a03c7/src/registries/npm-registry.js#L56

Source

rparree

👍4

Most helpful comment

Work around for now i just removed my _auth configuration (so it adds an empty string to the authorisation header.

rparree on 25 Nov 2016

👍5

All 2 comments

Is the idea of:

removePrefix(requestUrl, registry)[0] === '@';

to check for a username[:password]@ in the url?

EDIT: It was added in 50aae7d

rparree on 25 Nov 2016

Work around for now i just removed my _auth configuration (so it adds an empty string to the authorisation header.

rparree on 25 Nov 2016

👍5

Was this page helpful?

0 / 5 - 0 ratings

Related issues

Yarn fails to install public scoped packages when _auth is defined in .npmrc

AzGoalie · 3Comments

[0.19.1] [regression] Yarn does not use registry configuration

victornoel · 3Comments

Not generating yarn.lock file as expected

torifat · 3Comments

`invalid tar file` when installing non-tar file

davidmaxwaterman · 3Comments

`yarn add` for scoped package against private registry with creds for public npm fails

seansfkelley · 3Comments