Yarn: Scoped packages 403 on yarn install with empty cache
Do you want to request a feature or report a bug?
Bug
What is the current behavior?
Having set up a private npm repo by running:
npm login --registry=https://npm.< private host >.com --scope=@scoped
Then after pulling down a repo with an existing yarn.lock file that contains a @scoped/package and running yarn you get a 403 on that scoped package even though you are logged in to that registry and the token exists in the ~/.npmrc file.
If the current behavior is a bug, please provide the steps to reproduce.
The problem seems to be warming up the cache because this issue is fixed for any package moving forward by running yarn add @scoped/package once and reintroduced after cleaning the cache.
Having a .yarnrc in the repo with "@scoped:registry" "https://npm.< private host >.com/" does not fix the issue.
What is the expected behavior?
Scoped packages that point to a seperate npm registry should work when running a fresh install (yarn) and should not require the packages to be individually added to the yarn cache.
Please mention your node.js, yarn and operating system version.
OSX 10.12.5
node.js 8.2.1
yarn 0.27.5
lukeggchapman
All 9 comments
@arcanis mentioned it here:
https://github.com/yarnpkg/yarn/issues/3765#issuecomment-312386851
Yarn 0.25.4 also has this issue.
lukeggchapman
on 26 Jul 2017
I'm leaning to closing this as a duplicate of #3765. What do you think? This should work on master if that's the case and fail otherwise.
BYK
on 26 Jul 2017
I believe #3765 was released as part of 0.27.5, which is where I was seeing this problem.
I've also just tested the latest master and it's still an issue.
lukeggchapman
on 26 Jul 2017
@lukeggchapman we have merged #3987 quite recently and it should address the issue AFAIK. Are you sure your credentials are up to date since NPM did some changes recently and some people reported their auth token not working.
If still broken, can you provide us/me a simple repro case so we can test and fix it?
BYK
on 26 Jul 2017
@BYK I pulled master down at the time I commented.
The credentials are against a privately hosted registry, and works fine with yarn add @scoped/pkg
I've tracked down the bug and should have a PR for it shortly.
lukeggchapman
on 26 Jul 2017
This piece of code only works for packageName (yarn add), not pathName (yarn install).
https://github.com/yarnpkg/yarn/blob/master/src/registries/npm-registry.js#L221-L223
I'm cleaning up the naming convention to reflect this change.
lukeggchapman
on 26 Jul 2017
@lukeggchapman well, thank you very much! Looking forward to the PR!
BYK
on 26 Jul 2017
@BYk looks like this can be closed 馃帀
olingern
on 18 Aug 2017
馃帀
BYK
on 18 Aug 2017
Related issues
bouk
路
3Comments
seansfkelley
路
3Comments
baptistelebail
路
3Comments
danez
路
3Comments
NonPolynomial
路
3Comments
Most helpful comment
@BYK I pulled master down at the time I commented.
The credentials are against a privately hosted registry, and works fine with
yarn add @scoped/pkgI've tracked down the bug and should have a PR for it shortly.