Yarn: `yarn install` reports `401 Unauthorized` for publicly available packages
Do you want to request a feature or report a bug?
Bug
What is the current behavior?
yarn install reports 401 Unauthorized error when trying to install public packages. I tried running yarn login and yarn cache clean -- to no effect. NPM is able to install without any issues.
HOWEVER Yarn doesn't always fail on the same package. It seems to get stuck periodically on one, and then complain about another package (also public) some time later.
Here's the example of yarn-error.log.
If the current behavior is a bug, please provide the steps to reproduce.
git clone https://github.com/nuxt/example-auth0.git
cd example-auth0
yarn install
Please mention your node.js, yarn and operating system version.
Node: 8.4.0 (installed using NVM)
NPM: 5.3.0 (installed using NVM)
OS: macOS 10.12.6
Yarn: 0.27.5 (installed using Homebrew)
Also tried with yarn v0.28.4, but it fails with the same response.
mmieluch
All 8 comments
Can you try one of the latest nightlies? I just landed a patch that affects git fetches.
BYK
on 5 Sep 2017
Unfortunately -- no success :( Unless I installed an outdated nightly.
$ yarn --version
1.0.0-20170905.1031
$ which yarn
/Users/michal/.yarn/bin/yarn
$ yarn install --verbose
yarn install v1.0.0-20170905.1031
verbose 0.615 Checking for configuration file "/Users/michal/tmp/example-auth0/.npmrc".
verbose 0.616 Checking for configuration file "/Users/michal/.npmrc".
verbose 0.616 Found configuration file "/Users/michal/.npmrc".
verbose 0.616 Checking for configuration file "/Users/michal/.nvm/versions/node/v8.4.0/etc/npmrc".
verbose 0.617 Checking for configuration file "/Users/michal/tmp/example-auth0/.npmrc".
verbose 0.617 Checking for configuration file "/Users/michal/tmp/.npmrc".
verbose 0.617 Checking for configuration file "/Users/michal/.npmrc".
verbose 0.617 Found configuration file "/Users/michal/.npmrc".
verbose 0.617 Checking for configuration file "/Users/.npmrc".
verbose 0.619 Checking for configuration file "/Users/michal/tmp/example-auth0/.yarnrc".
verbose 0.62 Checking for configuration file "/Users/michal/.yarnrc".
verbose 0.62 Found configuration file "/Users/michal/.yarnrc".
verbose 0.62 Checking for configuration file "/Users/michal/.nvm/versions/node/v8.4.0/etc/yarnrc".
verbose 0.626 Checking for configuration file "/Users/michal/tmp/example-auth0/.yarnrc".
verbose 0.626 Checking for configuration file "/Users/michal/tmp/.yarnrc".
verbose 0.626 Checking for configuration file "/Users/michal/.yarnrc".
verbose 0.626 Found configuration file "/Users/michal/.yarnrc".
verbose 0.626 Checking for configuration file "/Users/.yarnrc".
verbose 0.63 current time: 2017-09-05T11:38:38.323Z
[1/4] 馃攳 Resolving packages...
[2/4] 馃殮 Fetching packages...
verbose 1.335 Performing "GET" request to "https://repository.neo9.pro/content/groups/global-npm/auth0-js/-/auth0-js-8.6.0.tgz".
verbose 1.343 Performing "GET" request to "https://repository.neo9.pro/content/groups/global-npm/blueimp-md5/-/blueimp-md5-2.3.1.tgz".
verbose 1.345 Performing "GET" request to "https://repository.neo9.pro/content/groups/global-npm/immutable/-/immutable-3.8.1.tgz".
verbose 1.372 Performing "GET" request to "https://repository.neo9.pro/content/groups/global-npm/auth0-lock/-/auth0-lock-10.15.1.tgz".
verbose 1.374 Performing "GET" request to "https://repository.neo9.pro/content/groups/global-npm/fbjs/-/fbjs-0.3.2.tgz".
verbose 1.377 Performing "GET" request to "https://repository.neo9.pro/content/groups/global-npm/jsonp/-/jsonp-0.2.1.tgz".
verbose 1.7 Performing "GET" request to "https://repository.neo9.pro/content/groups/global-npm/idtoken-verifier/-/idtoken-verifier-1.0.1.tgz".
verbose 1.702 Performing "GET" request to "https://repository.neo9.pro/content/groups/global-npm/password-sheriff/-/password-sheriff-1.1.0.tgz".
verbose 1.788 Error: https://repository.neo9.pro/content/groups/global-npm/auth0-js/-/auth0-js-8.6.0.tgz: Request failed "401 Unauthorized"
at Request.<anonymous> (/Users/michal/.yarn/lib/cli.js:57615:26)
at emitOne (events.js:115:13)
at Request.emit (events.js:210:7)
at Request.module.exports.Request.onRequestResponse (/Users/michal/.yarn/lib/cli.js:118162:10)
at emitOne (events.js:115:13)
at ClientRequest.emit (events.js:210:7)
at HTTPParser.parserOnIncomingClient (_http_client.js:565:21)
at HTTPParser.parserOnHeadersComplete (_http_common.js:116:23)
at TLSSocket.socketOnData (_http_client.js:454:20)
at emitOne (events.js:115:13)
error An unexpected error occurred: "https://repository.neo9.pro/content/groups/global-npm/auth0-js/-/auth0-js-8.6.0.tgz: Request failed \"401 Unauthorized\"".
info If you think this is a bug, please open a bug report with the information provided in "/Users/michal/tmp/example-auth0/yarn-error.log".
info Visit https://yarnpkg.com/en/docs/cli/install for documentation about this command.
Here's the yarn-error.log
mmieluch
on 5 Sep 2017
@mmieluch - https://repository.neo9.pro/content/groups/global-npm/auth0-js/-/auth0-js-8.6.0.tgz is not publicly accessible. May be you need to check your proxy settings?
BYK
on 5 Sep 2017
@BYK There's something funny going on with packages in that repository. It wasn't only that package that was causing the installer command to fail. I'm gonna do a bit more digging and get back to you. Thanks for your help, I'll keep you posted.
mmieluch
on 5 Sep 2017
@BYK Something's definitely not right. Package in this version should be available publicly. NPM has no issues fetching the archive, and it resolves it to
https://registry.npmjs.org/auth0-lock/-/auth0-lock-10.15.1.tgz
whereas Yarn resolves it to the file in Neo9 you quoted.
The package in 10.15.1 version is not that old - it was published on 25 April 2017: link.
The newer version downloads correctly, but it has a dependency, that has not been updated in some time -- and that dependency is also publicly unavailable via Yarn, but is fetchable just fine by NPM.
So if the package is publicly available in NPM, shouldn't it also be in the same state in Yarn repositories? I'm not gonna lie, I know virtually nothing about mirroring mechanisms that Yarn implements, so if there's an obvious user error I'm making here - let me know.
Huge thank you for your patience.
mmieluch
on 12 Sep 2017
@mmieluch the weird part is Yarn resolving it to something with https://repository.neo9.pro. Either you have a proxy or have an interesting configuration or this is in your yarn.lock file from a previous person. I suggest checking your yarn.lock file and replacing references to this domain with either https://registry.yarnpkg.com/ or https://registry.npmjs.org/.
If that doesn't help, please share your yarn configuration (yarn config list) so we can investigate more. Be careful when you're sharing your config since it may contain sensitive information like auth codes etc. Make sure to redact them from the output before sharing.
Huge thank you for your patience.
Not at all! Thanks for sticking and helping with debugging!
BYK
on 12 Sep 2017
@BYK You're absolutely right, can't believe I missed that... Flushing the lock file and updating dependecies ran flawlessly, resolving to ()[https://registry.yarnpkg.com/). I'm not behind a proxy, but the project author probably was - and he committed the proxied lock file.
Thanks again for all the help. I'll file an issue with the original repository I mentioned in my first post. Cheers!
Closing.
mmieluch
on 12 Sep 2017
Glad it was resolved!
BYK
on 12 Sep 2017
Related issues
victornoel
路
3Comments
chiedo
路
3Comments
ocolot
路
3Comments
torifat
路
3Comments
danez
路
3Comments
Most helpful comment
@BYK You're absolutely right, can't believe I missed that... Flushing the lock file and updating dependecies ran flawlessly, resolving to ()[https://registry.yarnpkg.com/). I'm not behind a proxy, but the project author probably was - and he committed the proxied lock file.
Thanks again for all the help. I'll file an issue with the original repository I mentioned in my first post. Cheers!
Closing.