Yarn: `yarn` install 401 error for repository

Yarn is working for me in the top level Ghost repository, but not in the Ghost-Admin git submodule.

Doing curl for the same package works:

curl -O https://registry.yarnpkg.com/@glimmer/resolver/-/resolver-0.3.0.tgz
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 19746  100 19746    0     0  19339      0  0:00:01  0:00:01 --:--:-- 19358

Even after a restart, reinstalling yarn, clearing the cache etc, I'm unable to install dependencies in the submodule, but the top level is still working.

I have no idea where to even start looking for this. I didn't have any problem before upgrading to 0.22.

We're getting 401's from Yarn for a namespaced module via .npmrc. Installs fine with npm, but yarn rejects with the 401. Tried cache clean and completely uninstalling yarn as well.

We did have this problem on 0.21.3 as well as 0.22. One dev on my team reported that it "just fixed itself" the next day.

This seemed to fix itself about an hour after I last posted.

I tried many things, and yarn in other locations was working fine. Doesn't make much sense to me.

I'm still blocked by this. Completely unable to use yarn in a repo with some packages in a namespaced repository requiring credentials.

I have the same problem (npm-cli works using ~/.npmrc):

$ yarn --verbose
yarn install v0.23.2
verbose 0.221 current time: 2017-04-19T03:55:32.916Z
info No lockfile found.
warning @SCOPE/APP@VERSION: No license field
[1/4] Resolving packages...
verbose 0.348 Performing "GET" request to "https://OUR_REPO/pure-uuid".
verbose 0.349 Performing "GET" request to "https://OUR_REPO/babel-core".
verbose 0.35 Performing "GET" request to "https://OUR_REPO/babel-loader".
verbose 0.35 Performing "GET" request to "https://OUR_REPO/babel-preset-es2015".
verbose 0.351 Performing "GET" request to "https://OUR_REPO/jest".
verbose 0.351 Performing "GET" request to "https://OUR_REPO/jshint".
verbose 0.352 Performing "GET" request to "https://OUR_REPO/jshint-stylish".
verbose 0.353 Performing "GET" request to "https://OUR_REPO/rimraf".
verbose 0.622 Request "https://OUR_REPO/jshint" finished with status code 401.
verbose 0.622 Performing "GET" request to "https://OUR_REPO/webpack".
verbose 0.625 Error: Couldn't find package "jshint" on the "npm" registry.
    at MessageError (/usr/share/yarn/lib/errors.js:8:5)
    at /usr/share/yarn/lib/resolvers/registries/npm-resolver.js:209:15
    at next (native)
    at step (/usr/share/yarn/node_modules/babel-runtime/helpers/asyncToGenerator.js:17:30)
    at /usr/share/yarn/node_modules/babel-runtime/helpers/asyncToGenerator.js:28:13
    at process._tickCallback (internal/process/next_tick.js:103:7)
error Couldn't find package "jshint" on the "npm" registry.
info Visit https://yarnpkg.com/en/docs/cli/install for documentation about this command.

I have the same issue with the same namespaced package:

  Error: https://registry.yarnpkg.com/@glimmer/runtime/-/runtime-0.22.0.tgz: Request failed "401 Unauthorized"
      at Request.handleRequestError (/Users/kluck/.yarn/lib/fetchers/tarball-fetcher.js:231:20)
      at emitOne (events.js:96:13)
      at Request.emit (events.js:188:7)
      at Request.onRequestResponse (/Users/kluck/.yarn/node_modules/request/request.js:986:10)
      at emitOne (events.js:96:13)
      at ClientRequest.emit (events.js:188:7)
      at HTTPParser.parserOnIncomingClient (_http_client.js:474:21)
      at HTTPParser.parserOnHeadersComplete (_http_common.js:99:23)
      at TLSSocket.socketOnData (_http_client.js:363:20)
      at emitOne (events.js:96:13)
      at TLSSocket.emit (events.js:188:7)

I did figure out what was causing it in my case - it may or may not be the same for others...

Most projects on my machine have a local .npmrc file which points at an internal npm registry. It looks something like:

registry = http://our-registry.internal:4873

In my global ~/.npmrc I had the following:

[email protected]
init.author.name=Kelvin Luck
[email protected]
_auth=auth-token-for-internal-registry
//registry.npmjs.org/:_authToken=my-auth-for-npm-registry
@glimmer:registry=https://registry.npmjs.org/

Note that I already had to tell npm where to look for the @glimmer namespace.

The issue happened when working on a project that didn't have a local .npmrc file pointing at our registry. I guess the _auth key tries to log into npmjs.org since that is now the default registry. Hence the error.

Changing my ~/.npmrc to this solved the problem and still let me publish to our private npm registry:

[email protected]
init.author.name=Kelvin Luck
[email protected]
//our-registry.internal:4873/:_authToken=auth-token-for-internal-registry
//registry.npmjs.org/:_authToken=my-auth-for-npm-registry
@glimmer:registry=https://registry.npmjs.org/

I am still having this problem. It randomly went away of it's own accord for a while, and randomly came back.

I'm now on yarn 24.6:

yarn install v0.24.6
[1/4] 🔍  Resolving packages...
[2/4] 🚚  Fetching packages...
warning Pattern ["glob@latest"] is trying to unpack in the same destination "/Users/hannah/Library/Caches/Yarn/v1/npm-glob-7.1.1-805211df04faaf1c63a3600306cdf5ade50b2ec8" as pattern ["[email protected]","glob@^7.0.3","glob@^7.0.5","glob@^7.1.0","glob@^7.0.4","glob@^7.0.0"]. This could result in a non deterministic behavior, skipping.
error An unexpected error occurred: "https://registry.yarnpkg.com/@glimmer/resolver/-/resolver-0.3.0.tgz: Request failed \"401 Unauthorized\"".
info If you think this is a bug, please open a bug report with the information provided in "/Users/hannah/Ghost/Ghost/core/client/yarn-error.log".
info Visit https://yarnpkg.com/en/docs/cli/install for documentation about this command.

I have also seen:

error An unexpected error occurred: "https://registry.yarnpkg.com/@glimmer/di/-/di-0.1.11.tgz: Request failed \"401 Unauthorized\"".

And

error An unexpected error occurred: "https://registry.yarnpkg.com/@glimmer/node/-/node-0.22.0.tgz: Request failed \"401 Unauthorized\"".

And

error An unexpected error occurred: "https://registry.yarnpkg.com/@glimmer/compiler/-/compiler-0.22.0.tgz: Request failed \"401 Unauthorized\"".

Here's a gist of yarn-error.log

My .npmrc file looks like:

_auth="XXX="
[email protected]
//registry.npmjs.org/:_authToken=XXX

I have tried adding @glimmer:registry=https://registry.npmjs.org/ as per the previous comment to no avail.

I have tried yarn cache clear, I've changed node versions from 4 to 6, yet this problem is consistent.

What else can I try?

Found 2 related (newer 😞 ) issues:

• https://github.com/yarnpkg/yarn/issues/3378
• https://github.com/yarnpkg/yarn/issues/3407

Commenting out the auth, registry and new @glimmer lines in my .npmrc file allowed me to get past this issue:

#_auth="XXX="
[email protected]
# //registry.npmjs.org/:_authToken=XXX
# @glimmer:registry=https://registry.npmjs.org/

There definitely appears to be a bug but it is probably best explained by #3407 if anyone is around to triage.

@ErisDS - Did updating the _auth line in your ~/.npmrc so that it was scoped to a specific registry not help (see my previous comment for details)?

My team has had to completely abandon scoped registries and use our private registry as a complete mirror of public, because of yarn's auth issues with scoped registries. We tried every configuration of .npmrc that we could think of, to no avail.

... and now we're back to it failing entirely.

Any further progress, @xdumaine? I am having the same issue and cannot find any configuration that works 😕

I had a similar problem when using scoped packages and a private registry hosted using Proget. I was able to use this fork of Yarn, and then authentication worked using the default configuration in .npmrc generated from npm login ... and npm config set @myco:registry .... You can install the fork (git clone, npm install, gulp build, and add the ./bin/ output directory to your path) and see if it works for you. In addition, you may try the pre-release v0.28.1, which includes PR3231, which addresses some other problems with private registries. That didn't help me, but it might help you.

same problem here:

yarn install v0.27.5
[1/4] Resolving packages...
[2/4] Fetching packages...
error An unexpected error occurred: "https://registry.yarnpkg.com/@angular-redux/store/-/store-6.4.1.tgz: Request failed \"401 Unauthorized\"".
info If you think this is a bug, please open a bug report with the information provided in "/home/cloud/github/group-angular/augury/yarn-error.log".
info Visit https://yarnpkg.com/en/docs/cli/install for documentation about this command.

Workaround that did the trick for me:

mv ~/.npmrc ~/.BACKUPnpmrc
yarn install
mv ~/.BACKUPnpmrc ~/.npmrc

We are using Nexus 3 with Yarn after some issues with authentication. We must be authenticated to access to our npm-group repository to access npmjs proxied repo and our internal hosted repo. So this is our setup:

> $ yarn config list
yarn config v0.27.5
warning package.json: No license field
info yarn config
{ 'version-tag-prefix': 'v',
  'version-git-tag': true,
  'version-git-sign': false,
  'version-git-message': 'v%s',
  'init-version': '1.0.0',
  'init-license': 'MIT',
  'save-prefix': '^',
  'ignore-scripts': false,
  'ignore-optional': false,
  registry: 'http://nexus.internal:8081/repository/npm-group/',
  'strict-ssl': true,
  'user-agent': 'yarn/0.27.5 npm/? node/v6.11.1 darwin x64',
  lastUpdateCheck: 1500971723720 }
info npm config
{ registry: 'http://nexus.internal:8081/repository/npm-group/',
  'always-auth': true,
  '//nexus.internal:8081/repository/npm-group/:_authToken': 'XXXXXXXXXXXXXXXXXX' }
Done in 0.03s.

# ~/.npmrc

always-auth=true
registry=http://nexus.internal:8081/repository/npm-group/
//nexus.internal:8081/repository/npm-group/:_authToken=XXXXXXXXXXXXXXXXX

Then:

> $ yarn add underscore
yarn add v0.27.5
info No lockfile found.
[1/4] Resolving packages...
[2/4] Fetching packages...
[3/4] Linking dependencies...
[4/4] Building fresh packages...
success Saved lockfile.
success Saved 1 new dependency.
└─ [email protected]
Done in 0.21s.

Some scoped package:

> $ yarn add @angular-redux/store
yarn add v0.27.5
warning package.json: No license field
warning No license field
[1/4] Resolving packages...
[2/4] Fetching packages...
[3/4] Linking dependencies...
warning "@angular-redux/[email protected]" has unmet peer dependency "@angular/core@^2.4.0 || ^4.0.0".
warning "@angular-redux/[email protected]" has unmet peer dependency "redux@^3.5.0".
[4/4] Building fresh packages...
success Saved lockfile.
success Saved 1 new dependency.
└─ @angular-redux/[email protected]
warning No license field
Done in 0.30s.

We need to be authenticated to make any request, so the trick is to add always-auth=true in the .npmrc file, after that, yarn authenticate on every request.

If we remove the 'always-auth=true' we get HTTP 401:

> $ yarn add --verbose underscore
yarn add v0.27.5
warning package.json: No license field
verbose 0.235 Checking for configuration file "/private/tmp/test-npm/.npmrc".
verbose 0.236 Checking for configuration file "/Users/username/.npmrc".
verbose 0.236 Found configuration file "/Users/username/.npmrc".
verbose 0.236 Checking for configuration file "/Users/username/.nvm/versions/node/v6.11.1/.npmrc".
verbose 0.236 Checking for configuration file "/private/tmp/test-npm/.npmrc".
verbose 0.237 Checking for configuration file "/private/tmp/.npmrc".
verbose 0.237 Checking for configuration file "/private/.npmrc".
verbose 0.238 Checking for configuration file "/private/tmp/test-npm/.yarnrc".
verbose 0.239 Checking for configuration file "/Users/username/.yarnrc".
verbose 0.239 Found configuration file "/Users/username/.yarnrc".
verbose 0.239 Checking for configuration file "/Users/username/.nvm/versions/node/v6.11.1/.yarnrc".
verbose 0.239 Checking for configuration file "/private/tmp/test-npm/.yarnrc".
verbose 0.239 Checking for configuration file "/private/tmp/.yarnrc".
verbose 0.239 Checking for configuration file "/private/.yarnrc".
verbose 0.244 current time: 2017-07-25T08:44:24.512Z
warning No license field
[1/4] Resolving packages...
verbose 0.357 Performing "GET" request to "http://nexus.internal:8081/repository/npm-group/underscore".
verbose 0.372 Request "http://nexus.internal:8081/repository/npm-group/underscore" finished with status code 401.
verbose 0.373 Error: Couldn't find package "underscore" on the "npm" registry.
    at MessageError (/usr/local/Cellar/yarn/0.27.5/libexec/lib/yarn-cli.js:138:5)
    at /usr/local/Cellar/yarn/0.27.5/libexec/lib/yarn-cli.js:47282:15
    at next (native)
    at step (/usr/local/Cellar/yarn/0.27.5/libexec/lib/yarn-cli.js:91:30)
    at /usr/local/Cellar/yarn/0.27.5/libexec/lib/yarn-cli.js:102:13
    at process._tickCallback (internal/process/next_tick.js:109:7)
error Couldn't find package "underscore" on the "npm" registry.
info Visit https://yarnpkg.com/en/docs/cli/add for documentation about this command.

Hope it helps!

I think this is resolved with #4027.

Can anyone confirm?

After spending a while trying to get this working I followed @plitex's suggestion and it worked well!

Having same issue
Trying to build with Docker Node 8.9, yarn 1.2.1

# ~/.npmrc

always-auth=true
@company:registry=companyRegistry
//npmUrl:_authToken=XXXXXXXXXXXXXXXXX

yarn install fails with 401 but npm install works

Having identical issue as kamthamc. We already had always-auth enabled as we are using bintray, which generates the .npmrc file for us (bintray docs). So plitex's trick didn't work.

We had to resort to using npm for the last months, but we would like to go back to yarn again.

@karl-run can you file a new issue with the full configuration you have locally and the version of Yarn you are using?

The most useful info would be to have all yarnrc and npmrc files in your chain. The output of the yarn config list command would also be very useful along with a package.json and yarn.lock file since sometimes there are stale URLs in the yarn.lock file.

Please make sure to remove any sensitive data from these configs. If your company registry URL needs to be kept private please replace the domain etc but keep the overall structure so we can investigate.

Closing this ticket since it is no longer useful without all this information but I'd love to fix this issue with the information you can provide.

@kamthamc same for your case. If you can provide concrete repro steps along with your specific config, it would help a lot!

Something else to try in this situation is double checking that you don't have two different config files setting the scope, as one could be setting it wrong.

In my case, I had a .npmrc in my user space setting the scope, and from other projects this worked correctly. But in the errant project itself I had a .npmrc setting that scope, but differently (with username:password in the URL). Changing this second version to the version in my userspace made this issue go away

Okay, the trick here is to make your .npmrc file (in your project's folder) look like:

always-auth=true
registry=https://your-private-nexus-url/repository/npm-group/
//your-private-nexus-url/repository/npm-group/:_authToken=XXXXXXXXXXXXXXXXX

If you don't know how to generate your _authToken have a look here: https://gist.github.com/silentHoo/8402d470ef48ef8979b8ecd3e5f206e3#file-pull_from_private_npm_from_ci-md

Was hard to believe adding a ~/.npmrc with this worked:

always-auth=true
@company:registry=companyRegistry

I don't have a private company npm, but, somehow literally just using "companyRegistry" worked. I tested removing the @company line and it still worked. (Using npm, not yarn)

Started seeing this issue after installing yarn 1.19.1 - 401s on when trying to install scoped packages from a private registry (nexus). npm install works fine.

Downgraded yarn and all working again:

curl -o- -L https://yarnpkg.com/install.sh | bash -s -- --version 1.17.3

As this comment suggests, 1.19.1 seem not to pick up the correct .npmrc settings.

Started seeing this issue after installing yarn 1.19.1 - 401s on when trying to install scoped packages from a private registry (nexus). npm install works fine.

Downgraded yarn and all working again:

curl -o- -L https://yarnpkg.com/install.sh | bash -s -- --version 1.17.3

As this comment suggests, 1.19.1 seem not to pick up the correct .npmrc settings.

I also meet the same issue, with 1.19.1 version

Started seeing this issue after installing yarn 1.19.1 - 401s on when trying to install scoped packages from a private registry (nexus). npm install works fine.

Downgraded yarn and all working again:

curl -o- -L https://yarnpkg.com/install.sh | bash -s -- --version 1.17.3

As this comment suggests, 1.19.1 seem not to pick up the correct .npmrc settings.

My error is "Error: EISDIR: illegal operation on a directory, read
at Object.readSync (fs.js:498:3)
at tryReadSync (fs.js:332:20)
at Object.readFileSync (fs.js:369:19)
"

same issue in yarn 1.22.4.
Add always-auth=true to .npmrc works for me.

Tried adding always-auth=true to my .npmrc and it did not work for me even on version 1.22.4.

.npmrc

always-auth=true
@<company_name>:registry=https://npm.pkg.github.com

In case anybody else runs into this, I found this https://github.com/yarnpkg/yarn/issues/7597#issuecomment-538362469

essentially my .npmrc now looks like

always-auth=true
registry=https://npm.pkg.github.com/<company_name>
//npm.pkg.github.com/<company_name>/:_authToken=<personal_token>