Yarn: Yarn can not use private registries

i use artifactory and I also get 401s installing _new_ packages. if the packages already exist on the registry, however, it seems to work pretty reliably! agreed, works fine with npm. i'd love to give people a working thing™ to test against, but am new to the yarn and artifactory scene

My example is with Nexus3 by the way.

I also tried;

yarn login --registry https://OUR_REGISTRY/repository/npm/ --verbose
yarn login v0.19.1
info npm username: MY_USERNAME
info npm username: MY_EMAIL
Done in 0.04s.

It's strange that it logs out info npm username twice. Calling yarn after this also results in install not working though.

I deleted my previous comment - my setup was almost identical to OPs using fury.io. I logged out of npm (npm logout), ran yarn, and boom all my packages were found. No idea how or why though.

@bcruddy How could yarn run successfully if you weren't even logged in your repo? That can not be possible.

fury.io puts the token in the registry url so there's no need to be logged in to anything. So yeah.. pretty sure it's possible. I'm wondering if having an auth token in my $HOME/.npmrc was breaking things (yarn possibly sending fury.io the token, fury.io says no that's the wrong token even though you sent us the correct one too).

Same problem here. We are using nexus and yarn can't install private package correctly. In my case it refuse to install dependencies of the package that I want to install passing through the private registry.

I have an .npmrc in my project folder that looks like:

registry=***/repository/npmjs/

I am omitting the address for privacy reasons.

Trying to install a package published on our nexus private registry:

yarn add @mc/ng-bundle --verbose

This is the output:

yarn add v0.20.3
info No lockfile found.
verbose Performing "GET" request to "https://yarnpkg.com/latest-version".
[1/4] 🔍  Resolving packages...
verbose Performing "GET" request to "***/repository/npmjs/@mc%2fng-bundle".
verbose Request "***/repository/npmjs/@mc%2fng-bundle" finished with status code 200.
verbose Performing "GET" request to "***/repository/npmjs/angular".
verbose Performing "GET" request to "***/repository/npmjs/angular-animate".
verbose Performing "GET" request to "***/repository/npmjs/angular-aria".
verbose Performing "GET" request to "***/repository/npmjs/angular-cookies".
verbose Performing "GET" request to "***/repository/npmjs/angular-messages".
verbose Performing "GET" request to "***/repository/npmjs/angular-resource".
verbose Performing "GET" request to "***/repository/npmjs/angular-sanitize".
verbose Performing "GET" request to "***/repository/npmjs/angular-touch".
verbose Performing "GET" request to "***/repository/npmjs/angular-ui-router".
verbose Performing "GET" request to "***/repository/npmjs/angulartics".
verbose Performing "GET" request to "***/repository/npmjs/angulartics-google-analytics".
verbose Performing "GET" request to "***/repository/npmjs/dress-code".
verbose Performing "GET" request to "***/repository/npmjs/humps".
verbose Performing "GET" request to "***/repository/npmjs/lodash".
verbose Request "***/repository/npmjs/angular" finished with status code 401.
verbose Performing "GET" request to "***/repository/npmjs/oclazyload".
verbose Error: Couldn't find package "angular" on the "npm" registry.
    at MessageError (/usr/local/Cellar/yarn/0.20.3/libexec/lib/node_modules/yarn/lib/errors.js:8:5)
    at /usr/local/Cellar/yarn/0.20.3/libexec/lib/node_modules/yarn/lib/resolvers/registries/npm-resolver.js:209:15
    at next (native)
    at step (/usr/local/Cellar/yarn/0.20.3/libexec/lib/node_modules/yarn/node_modules/babel-runtime/helpers/asyncToGenerator.js:17:30)
    at /usr/local/Cellar/yarn/0.20.3/libexec/lib/node_modules/yarn/node_modules/babel-runtime/helpers/asyncToGenerator.js:28:13
    at process._tickCallback (internal/process/next_tick.js:103:7)
error Couldn't find package "angular" on the "npm" registry.

So it seems that is actually performing the first request correctly but then fails for subsequent requests.
With npm all good.

for my case, I solved it by reorder entries in npmrc. particularly

```
cafile=/path/to/my-org.pem
strict-ssl=true
@my-org:registry=URL-x
registry=URL-y
````

In the hope that this is going to help someone, here's what I did to get yarn working with our private repo (an instance of proget) and our git monorepo. This is the only way I found where you can use yarn as a "drop-in" replacement as it is intended to be used.

First of all you install yarn globally by doing:

npm install yarn -g

As of version 0.21.3, from what I could tell, Yarn doesn't support the "Encoded" version of the .npmrc file so don't even bother with it. If your .npmrc has something like this:

//your.privaterepo.net/npm/:_password="abcderfxxxxx="
//your.privaterepo.net/npm/:username=youruser
//your.privaterepo.net/npm/:[email protected]
//your.privaterepo.net/npm/:always-auth=true
registry=https://your.privaterepo.net/npm/npm
always-auth=true

it won't work. You have to simply open your .npmrc file with a text editor and replace all the text with a basic auth URL like this:

registry=https://yournugetusername:[email protected]/npm/npm

Beware of your global .npmrc vs local project .npmrc in your git repo. In the case of a monorepo, it's possible that you have a .npmrc file for each package under the packages folder. This is going to impact the ability for yarn to use your global npm settings. If you keep them, you have to make the same mods in all .npmrc through your project.

So once you make all these changes, you basically replace "npm install" by "yarn":

In a monorepo situation where you use lerna, there is an open issue related to parallel execution with yarn. You simply can't run yarn in parallel right now. Normally you would simply do:

lerna exec -- yarn
````

but that is going to fail because of this open ticket: [#Issue 683](https://github.com/yarnpkg/yarn/issues/683) At the moment, you have to disable erna parallel execution by doing this command:

lerna exec --concurrency=1 -- yarn

If you still run into some issues just type:

yarn --verbose
```

You will see the yarn log in your console and should figure out the problem easily. For example, without the settings above I was seeing error 401 (not authenticated) exceptions in the log which triggered me to refocus my research...

Just to let you know Yarn seems to work fine with Sinopia as it just proxies packages from npm registry when they are missing in Sinopia.

It should be fixed now

It seems to me that whatever is written in .npmrc or .yarnc registry key, the real http request sent is always using the default https://registry.yarnpkg.com/ prefixed url.
This work fine except when you are behind a corporate firewal, and you absolutely need to used corporate registry (I use Nexus3)...
(Another workaround is to use http-proxy options with your user/password, but this is not ok to put my password on a shared jenkins server for building)

I found that in source code : https://github.com/yarnpkg/yarn/blob/master/src/registries/npm-registry.js

request(pathname: string, opts?: RegistryRequestOptions = {}, packageName: ?string): Promise<*> { const registry = this.getRegistry(packageName || pathname); const requestUrl = url.resolve(registry, pathname); // <== does not work..
An example of values is
pathname="https://registry.yarnpkg.com/@angular/core/-/core-4.0.0.tgz"
registry="https://mynexus-npm.mycompany/nexus/repository/npm-group/"
I get requestUrl = pathname instead of
requestUrl ="https://mynexus-npm.mycompany/nexus/repository/npm-group/@angular/core/-/core-4.0.0.tgz"

The url.resolve() does not replace the url with the base registry url. Instead, I patched it like this:
request(pathname: string, opts?: RegistryRequestOptions = {}, packageName: ?string): Promise<*> { const registry = this.getRegistry(packageName || pathname); // PATCH!! const requestBaseUrl = url.resolve(registry, pathname); // does not work... const requestUrl = requestBaseUrl.replace('https://registry.yarnpkg.com/', registry);

and it works fine!

Yarn would make requests to the URLs listed in yarn.lock file.
If yarn.lock exists Yarn would skip resolution step.

This discussion is related https://github.com/yarnpkg/rfcs/pull/64
But people wanted to revamp the whole yarn.lock file while I was looking
for something simple similar to what you did.

Do you want to pick it up and lead the fix?

On 30 May 2017 at 10:22, arnaud.nauwynck notifications@github.com wrote:

It seems to me that whatever is written in .npmrc or .yarnc registry key,
the real http request sent is always using the default
https://registry.yarnpkg.com/ prefixed url.
This work fine except when you are behind a corporate firewal, and you
absolutely need to used corporate registry (I use Nexus3)...
(Another workaround is to use http-proxy options with your user/password,
but this is not ok to put my password on a shared jenkins server for
building)

I found that in source code : https://github.com/yarnpkg/
yarn/blob/master/src/registries/npm-registry.js

request(pathname: string, opts?: RegistryRequestOptions = {}, packageName:
?string): Promise<*> { const registry = this.getRegistry(packageName ||
pathname); const requestUrl = url.resolve(registry, pathname); // <== does
not work..
An example of values is
pathname="https://registry.yarnpkg.com/@angular/core/-/core-4.0.0.tgz"
registry="https://mynexus-npm.mycompany/nexus/repository/npm-group/"
I get requestUrl = pathname instead of
requestUrl ="https://mynexus-npm.mycompany/nexus/repository/
npm-group/@angular/core/-/core-4.0.0.tgz"

The url.resolve() does not replace the url with the base registry url.
Instead, I patched it like this:
request(pathname: string, opts?: RegistryRequestOptions = {}, packageName:
?string): Promise<*> { const registry = this.getRegistry(packageName ||
pathname); // PATCH!! const requestBaseUrl = url.resolve(registry,
pathname); // does not work... const requestUrl = requestBaseUrl.replace('
https://registry.yarnpkg.com/', registry);

and it works fine!

—
You are receiving this because you modified the open/close state.
Reply to this email directly, view it on GitHub
https://github.com/yarnpkg/yarn/issues/2541#issuecomment-304822480, or mute
the thread
https://github.com/notifications/unsubscribe-auth/ACBdWO6cYwnmcP9RB9QH8gUOr4NKn5g_ks5r-9_GgaJpZM4LsF3f
.

I made a pull request https://github.com/yarnpkg/yarn/pull/3528
My fix was "simple", but I don't know all the impacts in your yarn.lock file.
I just wanted to fix my corporate firewall problem!
Thank you for offering me to "lead the fix", but I am not the right person for leading it.

Thanks, I'll have a look at the PR

On 30 May 2017 at 10:33, arnaud.nauwynck notifications@github.com wrote:

I made a pull request #3528 https://github.com/yarnpkg/yarn/pull/3528
My fix was "simple", but I don't know all the impacts in your yarn.lock
file.
I just wanted to fix my corporate firewall problem!
Thank you for offering me to "lead the fix", but I am not the right person
for leading it.

—
You are receiving this because you modified the open/close state.
Reply to this email directly, view it on GitHub
https://github.com/yarnpkg/yarn/issues/2541#issuecomment-304825006, or mute
the thread
https://github.com/notifications/unsubscribe-auth/ACBdWEb3eRILxFblILyDo0EHW0ex_TPsks5r--JfgaJpZM4LsF3f
.